FOIREQ25/00170 007
175 Pitt Street
Sydney, NSW, 2001
ABN 85 249 230 937
Date of Issue 13.10.2023
Purchase Order
Purchase Order No. 4500167798
NOUS GROUP PTY LTD
Vendor No.
850627
PO BOX 13069, MELBOURNE L
MELBOURNE VIC 8010
Contract No.
Order Enquiries
LORRAINE NURNEY
Payment Terms
20 days
Send Invoice to:
Attention:
xxxxxxxxxxx@xxx.xxx.xx
Accounts Payable
Important: Invoices must be sent as a PDF by email or as an
e-invoice using the PEPPOL online framework. Purchase Order
No.
4500167798 must be quoted on your invoice.
Line
Delivery
Unit Price
Amount
Description
Qty
GST
No
Date
(GST Inc)
(GST Inc)
10
Strategic Review Official Order 23/00014
*** Item partially delivered ***
30/06/2024
1.00
817,700.00
74,336.36
817,700.00
20
Strategic Review travel exp reimburse
*** Item completely delivered ***
1.00
670.57
60.96
670.57
Total Price (including GST if applicable)
$
74,397.32 $
818,370.57
Office of the Australian Information Commissioner (OAIC) is e-invoicing enabled and can receive invoices via this channel. Please email the
Procurement Team at xxxxxxx@xxxx.xxx.xx to make arrangements.
Special Conditions
A `correctly rendered invoice' is one that quotes the purchase order number and is sent as a PDF by email to xxxxxxxxxxx@xxx.xxx.xx, or as an
e-invoice via a certified PEPPOL Access Point. Invoices rendered incorrectly will be returned unpaid to the supplier for correction. Maximum
payment terms only apply to correctly rendered invoices where satisfactory delivery of goods or services are acknowledged.
Goods and services purchased under this Purchase order will be required to meet the WHS legislative requirements. In particular, Material Safety
Data Sheets (MSDS) must be provided for all hazardous substances being purchased, as required under the WHS legislation.
Page 1 of 1
FOIREQ25/00170 009
Cost Centre
107004 (OTH0024001).
Name: Annan Boag
Position: Director Strategic Projects
Agency contract
Email: xxxxx.xxxx@xxxx.xxx.xx
Phone: s 47E(d)
manager name
(Please copy any contract management related correspondence and all invoices to
xxxxxxxxxxx@xxxx.xxx.xx)
Agency File Reference
23/000145
Order Commencement Date and Term
Order Commencement
Friday, 13 October 2023
Date
Order Expiry Date
Friday, 19 April 2024
The Agency may extend the term of the Order for a further period (or periods) of up to
six months in total by providing written notice to the Service Provider 10 Business
Proposed options to
Days prior to the Order Expiry Date. An extension of the Order term will not entitle the
extend
Service Provider to an increase in Total Contract Fees unless such increase is
specifically agreed in writing by the parties.
Statement of Work
Corporate Management Advisory Services; and Commercial Management Advisory
Service Area
Services
x
Corporate Service Areas – Organisational Planning and Development
Service Category
x
Corporate Service Areas – Corporate Governance, and
x
Commercial Service Areas – Government Policy
Service Sub-category
Not applicable
Detailed Statement of
See
Attachment A – Statement of Requirements.
Work
Deliverables
See
Attachment A – Statement of Requirements.
The Services and Deliverables to be provided under this Contract by the Service
Providers are split into the following six (6) Milestones:
x
M1 – Acceptance of the Strategic Review methodology and plan under
Phase A;
x
M2 – Completion of Phase A;
Milestones
x
M3 – Presentation of preliminary findings and recommendations to the
Agency;
x
M4 – Acceptance of the Interim Strategic Review Report by the Agency;
x
M5 – Acceptance of the Final Strategic Review Report and Implementation
Plan by the Agency; and
FOIREQ25/00170 010
x
M6 – Completion of Phase D – Implementation Support.
The Service Provider must only use the following Key Personnel to provide the
Services:
x s 22(1)(a)(ii) – Client Director
x
Andrew Benoy – Project Director
x s 22(1)(a)(ii)– Project Manager
x s 22(1)(a)(ii) – Project Consultant
Key Personnel
x s 22(1)(a)(ii) – Project Consultant
x s 22(1)(a)(ii)
– Project Consultant
x s 22(1)(a)(ii) – Expert Advisor
x s 22(1)(a)(ii) – Expert Advisor
x s 22(1)(a)(ii) – Expert Advisor, and
x s 22(1)(a)(ii) Project Assistant
Subcontractors
Nil
Location
All Key Personnel must located be in Australia.
Fees will be paid on a Milestone basis as per the Milestone Payment details in
Fees
Table 1 – Milestone Fees in
Attachment C - Pricing.
The Total Contract Fees are
$780,000 (GST inclusive).
(a) five calendar days where the Agency and the Service Provider both have the
capability to deliver and receive e Invoices through the Pan-European Public
Payment Terms
Procurement On-Line Framework and have agreed to use this method of invoicing; or
(b) 20 calendar days for all other invoices.
Invoicing
Invoicing requirements are stated in
Attachment C – Pricing.
Any travel costs incurred by the Service Provider and invoiced to the Agency in under
Travel
this Order must not exceed
$11,000 (GST inclusive). Any travel in excess of this
amount wil be funded by the Service Provider.
All Material provided by the Agency to the Service Provider for the purposes of the
Contract, including:
Agency Material
x
any existing policies and documents relating to the Agency’s organisational
structure and functionality;
Agency Material is defined
x
data and information relating to Agency staffing, structure, resourcing,
in the clause 1.1.1 of the
capabilities, and existing processes; and
Head Agreement as any
Material provided by an
x
previous review reports, and other advisory material previously given to the
Agency to the Service
Agency.
Provider for the purposes
For the purposes of this Contract, Agency Material includes this Order and its
of a Contract, or derived at
attachments.
any time from that Material.
When handling Agency Material, the Service Provider must comply with any
reasonable directions given by the Agency relating to confidentiality, security or
privilege that apply to the Agency Material.
FOIREQ25/00170 012
Confidential Information must not be stored offshore.
The Service Provider must treat this Order as Confidential Information and also
ensure it is stored in a secure database.
The Service Provider must promptly notify the Agency of any actual or suspected
unauthorised access to or unauthorised disclosure of Confidential Information, or a
Security
loss of Confidential Information (‘possible data breach’), and take all reasonable steps
to support the Agency in any investigation of the possible data breach.
Key Personnel must be willing to obtain and maintain a BASELINE security clearance
Additional
issued by the Australian Government Security Vetting Agency, if required by the
Requirements -
Agency. Agency will sponsor Key Personnel to obtain a security clearance if
security
necessary.
The Service Provider and its Key Personnel must act in accordance with the
Privacy
Conditions/Restriction
Act 1988 (Cth), including providing a privacy statement whenever collecting personal
s for Personal
information (for example, at the start of workshops and interviews). The Service
Information
Provider must comply with any Agency requirements relating to Notifiable Data
Breaches.
Additional or alternate
In accordance with Clause 18 of the MAS Panel Head Agreement.
Requirements -
insurance
The following critical Deliverables must be met by the timeframes:
Agency Service Levels
-
B.10 – Delivery of Interim Strategic Review Report by 15 January 2024; and
-
C.3 – Delivery of Final Strategic Review Report by 5 February 2024.
Commonwealth Procurement Connected Policy Requirements
Black Economy Policy
Not applicable
Indigenous
Not applicable
Procurement Policy
Australian Industry
Not applicable
Participation Policy
Variable Clauses of the Head Agreement
Internal Working
The Default position applies
Papers
Intellectual Property
Clause 20.2 applies
Personnel performing the Services may be required to sign a Deed and
Key Personnel
acknowledgements relating to confidentiality, security, moral rights, intellectual
Requirements
property and other relevant matters as required by the Agency.
As per clause 22.6.2 and 22.6.3 of the Head Agreement, Confidential Information
Return of Confidential
must be returned to the Agency or destroyed at the Completion Date, to the
Information
satisfaction of the Agency.
FOIREQ25/00170 014
Attachment A: Statement of Requirements
1. Purpose
This Document (
Attachment A) sets out the Statement of Requirements, Services and Deliverables
for this Contract.
2. Background – the Agency and Project
The Office of the Australian Information Commissioner (OAIC) is Australia’s national privacy and
information access regulator. Established in 2010 under the
Australian Information Commissioner Act
2010, the Agency is an independent statutory agency, within the Attorney-General’s portfolio, that
regulates the Commonwealth
Privacy Act 1988 and
Freedom of Information Act 1982. The Agency
has a range of functions under other legislation, such as the
Competition and Consumer Act 2010 (in
relation to the Consumer Data Right), the
My Health Records Act 2012 and the Privacy (Credit
Reporting) Code 2014. The Agency regulates both Commonwealth government entities and officials
(in relation to both freedom of information and privacy) and the private sector (in relation to privacy).
The Government has provided funding for the Agency to undertake a Strategic Review of its structure,
functions, governance, capability and regulatory posture to ensure it is well positioned to deliver on its
functions as the national privacy and information access regulator. The outcome of the Strategic
Review will be an assessment of the current structures, functions, governance, capability and
regulatory posture and advice to the Information Commissioner and Secretary to the Attorney-
General’s Department about potential changes to strengthen Agency’s capacity, capability and
influence into the future, for the benefit of the Australian community.
The privacy landscape has changed significantly since the introduction of the Privacy Act over 30
years ago. In the intervening decades, most aspects of the daily lives of Australians have been
transformed by innovations in technology and service delivery. This has resulted in a dramatic
increase in the amount of data and personal information collected, used and shared, both in Australia
and globally. Alongside this significant shift in data handling practices has come an increase in
community expectations that their personal information will be protected.
In this context, the Agency has welcomed and made significant submissions to the Attorney-General’s
Department’s review of the Privacy Act and will engage with the Government’s response to the
Privacy Act Review.
Since its establishment in 2010, the Agency has been responsible for the oversight of the operation of
the FOI Act and the review of decisions made by Commonwealth agencies and Ministers under the
FOI Act. The number of FOI requests made to Commonwealth agencies and ministers has been
relatively stable in recent years (2022-23: 34,225 requests; 2021-22: 34,236 requests; 2020-21:
34,797 requests). However, the number of Information Commissioner (IC) review applications has
increased in recent years, except for the most recent year which saw a slight decrease (2018-19: 928
applications; 2019-20: 1,067 applications; 2020-21: 1,255 applications; 2021-22: 1,955 applications;
2022-23: 1,647 applications). The number of IC reviews on hand for more than 12 months has also
been increasing since 2015-16.
The Agency has also been through a significant period of change, both in terms of its regulatory
posture and corporate support and enabling of key regulatory functions. The Agency is currently
conducting investigations into significant recent data breaches experienced in Australia, utilising some
skills and powers for the first time. The Agency has commenced civil penalty litigation in the Federal
Court for the first time, and developed and embedded internal governance mechanisms and external
FOIREQ25/00170 015
consultation and cooperation forums to ensure that we focus on key regulatory risks, cognisant of the
work and jurisdiction of other regulators.
At the same time the office transitioned to new shared service providers for the delivery of human
resource, finance and ICT services, increasing its capability and accountability in relation to those
functions, but also necessarily bringing staff through a period of significant change.
The Agency’s legislation provides for a 3-Commissioner model comprising the Australian Information
Commissioner, as the Agency’s Accountable Authority, and a Privacy Commissioner and FOI
Commissioner. In 2023-24, the Government announced the appointment of standalone Freedom of
Information and Privacy Commissioners, increasing the permanent number of statutory information
officers from 1 to 3. Operating with one statutory officer appointed into the roles of both Australian
Information Commissioner and Privacy Commissioner and exercising the functions of the Freedom of
Information Commissioner for several years has resulted in the development of structures, processes
and governance calibrated to that model. Shifting to the 3-Commissioner model will necessitate a
review of those structures, processes and governance, to support the Agency to effectively deliver its
functions and ensure the appropriate support to, and independence of, those statutory office holders
without impacting the Agency’s ability to operate cohesively to discharge its regulatory role.
The Agency’s census results reflect its staff’s commitment to the vision and goals of the Agency. The
Agency has done considerable work in increasing its recruitment and retention outcomes through the
early transition to a permanently hybrid working model and providing other staff support, in
circumstances where the Agency competes in a highly competitive labour market.
The May 2023 Budget provided the Agency with $53.5 million funding injection over four years
including an increase of $8.4m per annum to its ongoing funding base, bringing its total funding in
2023-24 to approximately $23.5m per annum ongoing. In addition, the Agency has been provided with
non-ongoing supplementary funding in 2023-24 and 2024-25 to deliver short term functions, including
terminating measures relating to regulation of the My Health Record, Consumer Data Right and
Digital Identity and privacy, as well as funding for major investigations into significant data breaches.
In 2023-24 $1.234M additional funding has been provided from liquidity reserves to assist with the
resolution of the IC review aged caseload.
3. Terms
of
reference
The Australian Information Commissioner and the Secretary to the Attorney-General’s Department
have approved Terms of Reference (
Attachment B) for the Strategic Review, which defines the
objective and key issues that the Strategic Review must examine and report on. The Commissioner
and Secretary are supported by a Strategic Review Steering Group (
SRSG) comprising senior
officials from the Agency, the Attorney-General’s Department, and the Department of Finance.
All activities undertaken by the Service Provider must deliver a Strategic Review that complies with
the Terms of Reference at
Attachment B.
4. Requirement
The Service Provider must deliver a Strategic Review of the Agency and make recommendations
about how the Agency can ensure it is best positioned to deliver on its functions as the national
privacy and information access regulator and respond to future chal enges. The recommendations
must address:
x the extent to which the Agency’s
o organisational
capability,
FOIREQ25/00170 016
o structure,
o governance
and
o resourcing
are suitable to achieve the Agency’s purpose and future functionality, or require amendment;
x how resource allocation can be optimised to maximise efficiency and support the Agency’s
statutory functions;
x how the Agency can best respond to the likely continuing growth to the volume and complexity of
its core statutory workload;
x how to ensure the effectiveness of the Agency as a regulator in responding to changing
technology, the growth of the digital economy and increasing cybercrime; and
x the role of the Agency in providing advice and reports to government about privacy, information
access and information management.
The Service Provider must apply the highest professional and ethical standards to all their
engagements.
The Service Provider will proactively assess any actual, potential or perceived conflicts of interest,
and notify the Agency immediately if any potential or actual conflict of interest of an employee,
contractor, or subcontractor engaged in any activities in the Strategic Review is identified after
commencement and during the course of the review.
The Service Provider may showcase the work it completed on the Strategic Review on its website
following the conclusion of the Strategic Review with the Agency’s written approval. The showcase
will be in a form agreed between the Agency and the Service Provider.
The Deliverables for this Strategic Review are split into the four Phases as set out below.
The Deliverables for this Strategic Review must be prepared by the Service Provider to a standard of
quality that is:
a. of a high standard and quality commensurate with the standard and quality reasonably
expected of a professional services firm;
b. in plain English; and
c. easy to understand and interpret, and which explains all key terms used.
The Service Provider will provide regular formal and informal reporting to the Agency including, as a
minimum, fortnightly update meetings and short fortnightly written status updates. The Agency may
require the frequency of these updates to change to weekly.
The Service Provider will actively and regularly collaborate with the Agency while the Strategic
Review is underway, in a manner to be agreed between the Agency and the Service Provider during
Phase A – Planning, initiation and discovery.
The Deliverables for the Strategic Review may be modified once the review is underway, by way of
the Service Provider developing and the Agency approving a Strategic Review methodology and
plan in accordance with the procedure described in Deliverables A.6 to A.9 below. The Strategic
Review methodology and plan, once completed in accordance with that procedure, becomes
Attachment D to this contract and takes precedence to the extent the Agency agrees to any alternate
approach, timeframe or focus for any Deliverables.
FOIREQ25/00170 017
Deliverable A. Phase A – Planning, initiation, and discovery
Phase A of the Strategic Review will focus on laying the foundations for the review, understanding the
Agency’s current operating model and environment, identifying key drivers of change and considering
implications for the Agency’s regulatory posture and regulatory approach.
1. During this Phase A, the Service Provider must also develop early thinking and hypotheses about
opportunities to reform the Agency’s operating model that will be further developed in Phase B.
2. The Service Provider and the Agency will participate in a kick-off meeting no later than
5
Business Days from the Order Commencement Date.
3. Following the kick-off meeting, the Service Provider must deliver a draft Project Charter by
2
Business Days, that outlines the key measures of success, boundaries, timelines and
deliverables, and potential risks for the review.
4. Subject to Approval by the Agency, the Project Charter will apply for all activities of the Service
Provider under the Strategic Review.
5. During the meeting, the parties will agree to the parameters for a Strategic Review methodology
and plan.
6. The Service Provider must draft a Strategic Review methodology and Strategic Review plan for
the conduct of the review, for the feedback and approval of the Agency (who will consult with the
SRSG on the methodology and plan). The methodology and plan must reflect all facets of
Attachment B (terms of reference) for the Strategic Review and will consider each element of the
Agency’s regulatory remit and how regulatory outcomes and performance are best supported by a
fit-for-purpose operating model. Where the Service Provider proposes an amendment to the
agreed Deliverables in the Draft Strategic Review methodology and plan, it must explicitly draw
the Agency’s attention to those proposed amendments.
7. The Draft Strategic Review methodology and plan must be delivered for the Agency’s Approval by
5 Business Days after the kick-off meeting.
8. The Service Provider must amend and revise the Strategic Review methodology and plan based
on feedback from the Agency and SRSG (if any) and submit a Final document to the Agency for
approval by
2 Business Days after receiving feedback.
9. The Strategic Review methodology and plan once approved by the Agency will become
Attachment D to this Contract. The Service Provider must provide the remaining Deliverables
under this Phase A and Phases B to D in accordance with the approved Strategic Review
methodology and plan (Attachment D), which will take precedence to the extent that the Agency
approves an alternate approach, timeframe or focus for any Deliverables.
10. The Service Provider must prepare an Engagement, Communications and Change plan that
outlines how the Service Provider will engage with external and internal stakeholders, how the
Service Provider will communicate with Agency Personnel and manage change throughout the
review.
11. The Engagement, Communications and Change plan must:
(a) identify who the Service Provider will engage with externally and internally and how, when
and why the Service Provider will engage them. This must include:
(i)
indicative interview guides for each internal and external government and non-
government stakeholder cohort listed in paragraph 14 below;
(ii)
workshop and focus group agendas, structure and attendees; and
(iii)
any other proposed information collection activities,
that reflect the Key Lines of Enquiry (
KLEs) for the review;
(b) outline the mode of engagement to suit the hybrid working arrangements of the Agency
workforce and to ensure flexibility in scheduling with external stakeholders.
(c) outline the opportunities that Agency Personnel will have to engage with the review and
the channels that the Service Provider will use to communicate with them about the
review;
(d) outline the opportunities and channels for the Agency’s leaders and Personnel to
contribute to and be informed about progress, including structure and timing of
workshops, focus groups, formal and informal interviews;
(e) include communication and contact points for the Service Provider, including a dedicated
mailbox; and
FOIREQ25/00170 018
(f) address any change management considerations that they anticipate needing to be pro-
actively managed during and after the review.
12. The Draft Engagement, Communications and Change plan must be delivered for the Agency’s
Approval by 27 October 2023.
13. The Service Provider must amend and revise the Engagement, Communications and Change
plan based on feedback from the Agency and SRSG (if any) and submit a Final document to the
Agency for Approval by
2 Business Days after receiving feedback.
14. In accordance with the approved Engagement, Communications and Change plan, the Service
Provider must undertake the following interview and workshop activities to gather and analyse
evidence to address the Terms of Reference of the Strategic Review:
(a) Interview all members of the Agency’s executive management team, which must seek to:
(i)
identify what success for this looks like for this review;
(ii)
confirm how and when they want to be engaged through the review;
(iii)
understand critical elements of the Agency’s current operating model;
(iv)
consider key drivers of change and their potential implications for the Agency’s
regulatory posture and approach; and
(v)
develop initial hypotheses about how the Agency’s operating model that are in
scope for the Strategic Review might need to change;
(b) Interview two cohorts of key stakeholders in other government agencies, including the
Agency’s portfolio department (Attorney-General’s Department (AGD)) and one cohort of
non-government stakeholders during Phase A, as follows:
(i)
The first cohort must consist of the AGD, and if available other regulatory
agencies that that Agency collaborates with to perform its core functions,
including the Australian Competition and Consumer Commission, The Treasury
(including the Data Standards Body), Inspector-General of Intelligence and
Security, Commonwealth Ombudsman, Australian Communications and Media
Authority, Office of the eSafety Commissioner, Australian Prudential Regulation
Authority and Australian Digital Health Agency;
(ii)
Interviews with the first cohort must:
x be guided by similar questions to those in paragraph 14(a) above; and
x facilitate a detailed exploration of how the Agency’s partnership and
collaborations with its co-regulators may need to change in response to
changing operating environments;
(iii)
The second cohort of stakeholders must consist of six other government
departments and regulated entities, which may comprise of the Department of
Home Affairs, Services Australia, National Disability Insurance Agency,
Department of Veterans’ Affairs, Administrative Appeals Tribunal, Department of
Health and Aged Care, Department of Social Services, Department of Education,
the Australian Tax Office, or another government department that the Service
Provider is able to interview;
(iv)
Interviews with the second cohort must facilitate responses to the following areas
of enquiry:
x How the stakeholder sees community expectations about privacy and
information access evolving as it relates to their portfolio?
x The impacts of changing technology, the growth of the digital economy
and increasing cybercrime on how their agencies will collect, use and
manage information?
x How well the Agency is currently performing its core functions using the
three principles in Regulator Performance RMG-128 as an initial framing
(pending advice from the Agency)?
x How effectively the Agency provides advice and reports to government
about privacy, information access and information management?; and
FOIREQ25/00170 019
x The extent to which the Agency should take a stronger enforcement
posture going forwards?; and
(c) Up to ten interviews with non-government stakeholders that have been approved by the
Agency and that the Service Provider determines will add value to the Strategic Review;
and
(d) Conduct an initial round of workshops with Agency Personnel in each of the Agency’s
branches, which must:
(i)
use the indicative agenda as approved by the Agency:
x overview and intent of the review;
x opportunities to engage with and contribute to the review;
x reflections on the Agency’s current performance;
x key drivers of changes and their potential impacts on the Agency;
x reflections on current and likely future workloads;
x strengths, weaknesses and pain points across the Agency’s current
operating model (with a specific focus on the elements that in scope for
this review); and
x next
steps;
(ii)
utilise a mix of different digital platforms such as Microsoft Teams, Slido and Miro
to keep the workshops inclusive and fast moving; and
(iii)
be recorded in summary format to ensure that any findings and insights are
clearly captured.
15. In addition to direct engagement activities required in paragraph 14 above, the Service Provider
must also undertake the following research, analysis and review activities:
(a) The Service Provider must conduct a desktop review:
(i)
to consider the key organisational, political, social and technological drivers of
change that will impact the Agency going forward;
(ii)
to start its initial assessment of how the volume and complexity of the Agency’s
core statutory workload is likely to grow;
(iii)
gathers and analyses relevant data and information from the documents provided
as Agency Material and other publicly available sources of information, including
but not limited to:
x all
relevant
legislation,
x documentation from recent and in-flight reforms relevant to the Agency,
x corporate documents, including data collected by the Agency for the
Performance measurement framework (including the results from the
recent stakeholder survey),
x the advice sought by the Agency about the legal and employment
framework for appointed commissioners; and
x the Government’s Response to the Privacy Act Reform; and
(iv)
that includes analysis of the Agency’s current processes to manage and transact
cases, including by drawing data from external sources to inform understanding
of current and future demands, and stakeholder experiences and satisfaction.
This component of the desktop review must consider and analyse:
x key process steps relating to inbound channels, capture of cases,
categorisation and triage, prioritisation, and workflows in use;
x process mining to rapidly and flexibly analyse how processes are being
executed, what performance is being achieved, and identify bottlenecks
and potential conformance/compliance issues;
x demand modelling to forecast how the Agency’s workload may grow in
volume;
FOIREQ25/00170 020
x sentiment analysis on stakeholder satisfaction data to identify which
processes need improvement; and
x and determine initial approaches to streamline existing processes and
implement new ones, which will be expanded in Phase B of the Services;
(b) The Service Provider must prepare a comparative analysis of the analogous agencies
nationally and internationally by undertaking a high-level comparative analysis of the
operating models of analogous agencies to build an understanding of their functions,
governance and structures to assist in identifying potential operating model design options
that may be relevant to the Agency going forward. In conducting this comparative analysis,
the Service Provider must:
(i)
review and analyse the arrangements and capabilities of all state and territory
information and privacy regulators and other regulatory agencies across Australia
with similar diverse mandates and governance structures;
(ii)
at a minimum include comparative analysis against Office of the Privacy
Commissioner Canada, which has similarities to the Agency’s proposed three-
Commissioner model; and
(iii)
subject to approval by the Agency, also incorporate analysis of the UK Information
Commissioner’s Office, the Irish Data Protection Commissioner and the Personal
Data Protection Commission of Singapore.
16. Upon completion of the activities in paragraphs 14 and 15 above, the Service Provider must
prepare and synthesise findings from Phase A and deliver for Approval to the Agency and the
SRSG a Draft Discovery Phase Report, that must include:
(a) initial findings from the discovery phase against Attachment B and KLEs;
(b) key themes emerging across the different stakeholder groups;
(c) outline the potential changes and reforms to the Agency’s operating model that will be
explored further in Phase B.
17. The Service Provider must amend and revise the Draft Discovery Phase Report based on
feedback from the Agency and SRSG (if any) and submit a Final document to the Agency for
approval by
5 Business Days after receiving feedback.
18. The Final Discovery Phase Report, once approved will be included as the Supplementary
Discovery Phase Report.
19. All Deliverables included in the Phase A, paragraphs 1 to 18 above must be completed by
24 November 2023, or as otherwise agreed by the parties.
Deliverable B. Phase B – Assessment and reporting
In providing Services under Phase B, the Service provider must comply with the following
requirements.
1. The Service Provide must commence Phase B immediately upon completing Phase A.
2. The Service Provider must undertake a qualitative and quantitative analysis of the data and
information gathered under Phase A to draw conclusions with reference to the points outlined in
the Terms of Reference at Attachment B.
3. The Service Provider must confirm the Agency’s future regulatory posture and approach, using
the following considerations as a guide:
(a) What regulatory outcomes is the Agency seeking to achieve and do they need to
change?
(b) What are the likely implications of the Government’s response to the Privacy Act Review?
(c) What does the Agency need to do differently in response to changing technology, the
growth of the digital economy and increasing cybercrime?
(d) How are community expectations about privacy and information access evolving and
what are the implications for each of the Agency’s core responsibilities?
(e) To what extent are the Australian Government and community expecting the Agency to
take a stronger enforcement posture?
(f) What dimensions of the OAIC’s purpose, function and regulatory posture may need to shift
in response to above factors?
FOIREQ25/00170 021
(g) How should the Agency’s future regulatory posture differ across each of its core
responsibilities?; and
(h) Can these changes be made without needing to make legislative amendments?
4. The Service Provider must represent the Agency’s regulatory approach for each area of
regulation in a simple one-page visual, which at a minimum must include:
(a) Regulatory purpose that provides a clear statement of the Agency’s goals based on its
statutory obligations and the Attorney-General’s Statement of Expectations;
(b) Principles that lists the core values for the realisation of regulation based on the principles
of regulatory best practice and responding to the Agency’s current and future challenges;
(c) Outcomes that lists the specific priorities that the Agency will support through its actions
given its obligations under the Portfolio Budget Statement and internal strategic priorities;
and
(d) Mechanisms that highlights the tools that the Agency is willing and able to use to realise
these outcomes based on both its statutory powers and strategic choices.
5. The Service Provider must consider the Agency’s external partnerships with co-regulators that
central to its core functions, including the ACCC, Australian Communications and Media Authority
(ACMA), the National Data Commissioner and the Administrative Appeals Tribunal. In reviewing
and analysing these external partnerships, the Service Provider must use the following questions
as a guide:
(a) What will be the most critical external partnerships for the Agency going forward?
(b) How might the Agency’s system governance roles change going forward?
(c) To what extent are the expectations of the Agency from other actors in the regulatory
systems likely to shift and evolve?
(d) How is the Agency’s partnership with the ACCC as the co-regulator of the Consumer
Data Right (CDR) expected to evolve?; and
(e) Are there impediments to effective collaboration with the Agency’s key partners that can
be addressed through the review?
6. The Service Provider must identify and assess options for the Agency’s future structure that is fit-
for-purpose and flexible to accommodate future changes, including at a minimum presenting this
analysis to address the following questions:
(a) What structure(s) will best support a three-Commissioner model?
(b) What are the structural implications of any proposed changes to the Agency’s purpose,
functions, regulatory posture and service model?
(c) What are the longer-term implications for the Corporate Branch if they move towards the
new shared services arrangements?
(d) How can we enable delivery of stronger, client-centred services in collaboration with key
stakeholders?; and
(e) To what extent can we use structural changes to enable us to optimise resource
allocation?
7. The Service Provider must utilise the data obtained under Phase A and analysis conducted under
paragraphs 2 to 6 of Phase B to assess and refine these options with input from the Agency’s
senior leasers.
8. To facilitate the input by senior leaders required under paragraph 7 of Phase B, the Service
provider must conduct a
workshop with the Agency’s senior leaders to:
(a) refine the analysis against the tests of good organisational design;
(b) iterate these tests with the Agency and also identify the relative priority of each test; and
(c) identify a preferred future structural model that goes down to a section level.
9. Using current state insights on processes, the Service Provider must identify opportunities to
remove duplication and streamline processes, including:
(a) designing good processes,
(b) analysing what specific challenges will be resolved and how to best realise opportunities,
including those for technology;
(a) analysing what future processes must look like to effectively manage the types of demand
the Agency handles;
(b) proposing process elements relating to include inbound channels, categorisation and
prioritisation of demand and articulation of optimal pathways to transact types of demand;
(c) designing improved process flows to address complexity of demand, including identifying
what activities will be required to effectively transact types of demand (including common
activities that can be delivered through shared capabilities to remove bottlenecks or
ineffective practices), and what capability and capacity is required to do so effectively;
FOIREQ25/00170 022
(d) identifying who will undertake the activities, including accountabilities and responsibilities
(RACI) and what information and artefacts are required for effective delivery of the
Agency’s functions;
(e) how to best leverage existing technology or what changes must be made to improve the
use of technology, including opportunities for process automation such as automated
workflows and application of AI approaches to, for example, case categorisation and
prioritisation; and
(f) propose new mechanisms for establishing effective and measurable baseline for process
performance to address inbound demand to measure requirements against future
increase in function and changes to governance and structure.
10. The Service Provider must identify how resource allocation can be optimised to maximise
efficiency and support the Agency’s statutory functions, so as to enable the Agency to have the
right information to make evidence-based decisions and ensure it is and continues to be right
sized. To undertake this resource allocation analysis and design, the Service Provider must:
(a) outline how to activate continual improvement through an improvement register with
prioritised implementation tasks based on value and effort;
(b) develop and handover this improvement register to the Agency as an artefact for
continued use; and
(c) work with identified Agency Personnel to develop these artefacts and provide knowledge
transfers to ensure effective use by Agency Personnel.
11. The Service Provider must analyse how the Agency’s internal governance – including the
activities of its three main governance entities, the executive committee, operational committee
and regulatory action committee – can be improved. To undertake this analysis, the Service must
address:
(a) the extent to which the number, remit and composition of the Agency’s governance
committees need to evolve to accommodate the three-Commissioner model; and
(b) the governance implications of any changes to the Agency’s purpose, functions and
regulatory posture going forward.
12. Upon completion of the analysis in paragraph 11 of Phase B, the Service Provider must obtain the
Agency’s agreement to the potential changes to the Agency’s purpose, functions, service model
and structure, before consider the type of workforce required to successfully deliver them.
13. In considering the structure of the Agency’s workforce, the Service Provider must have regard to
the following considerations:
(a) How can resource al ocation be optimised across the Agency to maximise efficiency and
support the effective delivery of its functions?
(b) Does the Agency currently have the right mix of specialist skills required to deliver on its
proposed new purpose, functions and regulatory posture?
(c) Does the Agency currently have the right number of staff to service future demand –
considering any changes to the Agency’s service model and key processes that may yield
delivery efficiencies?
(d) What are the most critical gaps in capability that the Agency will need to address?
(e) What are some of the drivers behind the high proportion of Agency staff looking to leave
the agency (as reflected in the 2022 APS Employee Census results) and to what extent
has this improved?
(f) How effective has the transition to hybrid working been in enabling the Agency to
compete more effectively in a tight labour market?
(g) What are some of the strategies that the Agency could employ to attract staff?; and
(h) To what extent is the Agency’s current employee value proposition compelling for the
types of staff that it is seeking to recruit and retain?
14. The Service Provider define the Agency’s desired future culture and leadership through a detailed
review of the Agency’s current and desired future culture and leadership, including by identifying:
(a) shared mindsets that outline the shared beliefs, assumptions and attitudes that
employees hold about what is important and valued in the Agency; and
(b) demonstrated behaviours that codify the observable actions that are consistently
demonstrated across the Agency and which represent the manifestation of shared
mindsets.
15. The analysis required under paragraph 14 of Phase B must be conducted through:
(a) the Service Provider’s analysis of the last two years of the Agency’s APS Census results;
(b) the Service Provider’s analysis the findings from workshops and interview conducted with
Agency Personnel under Phase A;
FOIREQ25/00170 023
(c) a series of
three staff focus groups segmented along demographic dimensions (e.g.
gender, age, location, tenure at the Agency, working arrangements, etc) – rather than by
functional lines (i.e. according to structure), which must be designed with regard to the
following aspects:
(i)
Describe what the vision of the future culture at the Agency will look like and feel like.
Think about the specific behaviours that you would like the Agency Personnel to
demonstrate.
(ii)
Rate how close/far you are to realising this future culture on a scale from 1 to 5,
where 1 is ‘this is very close to the current culture’ and 5 is ‘this is very far from our
current culture’.
(iii)
Identify two barriers to achieving this future culture and think about actions needed to
overcome these.
(iv)
What does good leadership look like at the Agency?; and
(v)
What sorts of leadership behaviours do we reward and encourage?
16. Upon completion of the activities in paragraphs 1 and 15 of Phase B above, the Service Provider
must by
13 December 2023:
(a) analyse insights gathered and identify possible recommendations that are stress-tested
for suitability and comprehensiveness against Attachment B; and
(b) present preliminary findings and proposed recommendations to the Agency in terms of
feasibility, priority and impact for initial feedback.
17. Using the Agency’s feedback and its own further refinement, the Service Provider must:
(a) ensure that the final recommendations remain aligned with the Terms of Reference and
that there no untested or new inclusions in the final deliverable; and
(b) prepare and deliver for Approval to the Agency and the SRSG a Draft Interim Report and
recommendations addressing the Terms of Reference in Attachment B by
15 January
2024.
18. All Deliverables included in this Phase B, paragraphs 1 and 16 above must be completed by
15 January 2024.
Deliverable C. C: Phase C – Finalisation
In providing Services under Phase C, the Service Provider must comply with the following
requirements.
1. The Service Provider must commence Phase C immediately upon completion of Phase B,
however, this does not restrict the Service Provider from undertaking activities under Phase C
that cross-over with Phase B.
2. The Service Provider must consult with the Agency (and through the Agency the SRSG) on
the Interim Report and recommendations through regular fortnightly meetings.
3. The Service Provider must refine the Interim Report and recommendations based on
feedback from the Agency and SRSG that will become the Final Report.
4. The Service Provider must prepare a Final Report for consideration of the SRSG and delivery
to the Agency and the Secretary of the Attorney-General’s Department.
5. The Final Report must clearly identify which recommendations can be implemented within the
existing legislative framework and any which would require legislative changes.
6. The Service Provider must deliver for Approval to the Agency and the SRSG a Final Report
by
5 February 2024.
7. The Service Provider must develop an Executive Summary of the Strategic Review report.
8. The Service Provider must ensure the Final Report and the Executive Summary are
presented to a very high professional standard, including through the application of
professional and specialist graphic design expertise.
9. The Service Provider must develop an Implementation Plan for the Strategic Review and
provide this to the Agency at the Agency’s request. In preparing this Implementation Plan, the
Service Provider must be guided by the following key considerations:
(a) determine key dependencies and sequencing for implementation activities realising
recommendations;
(b) estimate value, priorities, and investments required to fully implement the plan;
(c) detail change capabilities required and how to support implementation with a
communications strategy;
FOIREQ25/00170 024
(d) detail who owns the plan, who is involved and in what capacity, and how the plan is
maintained; and
(e) summarise this detailed implementation plan with a higher-level roadmap over a three-
year horizon, which can be effectively used to communicate the implementation to
external and internal stakeholders.
Deliverable D. Phase D – Implementation Support
In providing Services under Phase D, the Service Provider must work with the Agency to identify
where efforts will add the greatest value during this Phase D and must comply with the following
requirements.
1. The Service Provider must provide an additional effort of six weeks following the acceptance
of the Final Report and its acceptance and endorsement by the Agency and AGD to support
the implementation of the review recommendations.
2. In providing this support, the Service Provider could undertake some or all of the following
activities:
(a) developing a clear governance framework for the implementation of the review;
(b) supporting the Agency to develop a Program Management Office (PMO) that will manage
the implementation of the review, including PMO functions, key processes and
recommended staffing;
(c) creating a clear program of work and developing detailed project charters and work plans
for different streams;
(d) building the capability of Agency leaders and selected staff to implement the
recommendations (where required);
(e) conducting more detailed change impact assessments and developing change
management plans;
(f) setting a method for process redesign and re-designing high priority processes with key
stakeholders that realise performance improvements and effort reduction; and
(g) supporting planning for technology improvements to underpin key processes, including
potential adaptation of intelligent automation of key process activities such as
categorisation and prioritisation of cases.
3. The Service Provider will confirm the precise scope of this implementation support at the start
of Phase D with the Agency.
FOIREQ25/00170 025
5. Deliverables
The Service Provider will provide the following deliverables during Phases A to C.
The Agency will also require the Service Provider to deliver six weeks of implementation support, as
detailed in Deliverable D – Phase D, after acceptance and endorsement of the Final Report.
FOIREQ25/00170 026
6. Program
Schedule
The Service Provider will be required to deliver the Deliverables within the review timeframes in
accordance with the program schedule. On commencement of the Contract, the Service Provider will
provide to the Agency a detailed program schedule for approval by the Agency, which must contain
clear dates for key Deliverables.
Further to the program schedule, the following Deliverables must be met by the timeframes as
stipulated below.
Ref.
Deliverable Description
Timeframe
Deliverable Delivery of Draft
The Service Provider will deliver an
Must be
B.17(b)
Interim Report and
interim report and recommendations
completed by
15
Recommendations
addressing the points in Attachment B
January 2024.
for delivery to the Agency and the
SRSG. They will present the interim
report to the OAIC and use feedback
to further refine the interim report and
recommendations.
Deliverable Delivery of Final
The Service Provider will deliver a
Must be
C.6
Report
final report for consideration of the
completed by
5
SRSG and delivery to the Agency and
February 2024.
the Secretary of the Attorney-
General’s Department (through the
OAIC). The final report will clearly
identify which recommendations can
be implemented within the existing
legislative framework and any which
would require legislative changes.
FOIREQ25/00170 027
Attachment B: OAIC Strategic Review Terms of Reference
A strategic review of the Office of the Australian Information Commissioner (OAIC) will ensure the
OAIC is well positioned to deliver on its statutory functions as the national privacy and information
access regulator into the future.
Scope
The reviewer should consider, report, and make recommendations about how the OAIC can ensure it
is best positioned to deliver on its functions as the national privacy and information access regulator
and respond to future challenges. Recommendations should cover:
x the extent to which the OAIC’s
o organisational
capability,
o structure,
o governance,
and
o resourcing
are suitable to achieve the OAIC’s purpose and future functionality, or require amendment;
x how resource allocation can be optimised to maximise efficiency and support the OAIC’s
statutory functions;
x how OAIC can best respond to the likely continuing growth to the volume and complexity of its
core statutory workload;
x how to ensure the effectiveness of the OAIC as a regulator in responding to changing
technology, the growth of the digital economy and increasing cybercrime; and
x the role of the OAIC in providing advice and reports to government about privacy, information
access and information management.
Contextual information
The reviewer must have regard to relevant contextual matters, about which the OAIC will provide the
reviewer with relevant background, including:
x potential changes to the functions of the OAIC arising from the Government’s response to the
Privacy Act Review;
x the operation of FOI laws;
x evolving community expectations about privacy and information access, and expectations that
OAIC will take a strong enforcement posture.
Recommendations
The reviewer must identify recommendations that can be implemented within the existing legislative
framework, but may make recommendations that require legislative change where the reviewer
considers necessary.
Activities
As a minimum, the reviewer should examine relevant documents and data, conduct interviews with
OAIC executives, staff, and key external stakeholders, and examine the capabilities and
arrangements of a selection of analogous agencies in Australia and elsewhere.
Timeframe
Interim report by
15 January 2024. Final report by
5 February 2024.
FOIREQ25/00170 028
Attachment C: Pricing Schedule
Fees
1. The Total Contract Fee must not exceed $780,000 (GST inclusive), which includes delivery of all
Deliverables, and travel and expenses incurred by Service Provider Personnel. As agreed by the
Parties, the Total Contract Fee is a 5% volume discount on the MAS Panel rates.
2. The Agency will not pay the Service Provider any Fees that exceeds the Total Contract Fee.
3. The Fees will be paid on a Milestone basis.
4. On successful Delivery and Acceptance of the Milestones, the Agency will pay the Service
Provider the Milestone Payments specified in the
Table 1 – Milestone Payments below.
Table 1 - Milestone Payments:
Ref. Milestone
Deliverable(s) Timeframe
Milestone
Payment
(GST inclusive)
Must be completed by
$ 78,000.00
M1 Acceptance
of A.9 Accepted by
27 October 2023, or as
the Strategic
the Agency
otherwise approved by
(Payment of 10% of
Review
the Agency
the Total Contract
methodology and
Fee)
plan
Must be completed by
24 $ 195,000.00
M2 Completion
of A.18 Accepted by
November 2023, or as
Phase A
the Agency
otherwise approved by
(Payment of 25% of
the Agency
the Total Contract
Fee)
Must be completed by
13 $ 156,000.00
M3
Presentation of
B.16 Accepted by
December 2023, or as
preliminary
the Agency
otherwise approved by
(Payment of 20% of
findings and
the Agency
the Total Contract
recommendations
Fee)
to the Agency
M4 Acceptance
of B.17 Accepted by Must be completed by
$ 195,000.00
the Interim
the Agency
15 January 2024, or as
Strategic Review
otherwise approved by
(Payment of 25% of
Report by the
the Agency
the Total Contract
Fee)
Agency
M5 Acceptance
of C.6 to C.9
Must be completed by
$ 117,000.00
the Final
Accepted by the
5 February 2024, or as
Strategic Review
Agency
otherwise approved by
(Payment of 15% of
Report and
the Agency
the Total Contract
Fee)
Implementation
Plan by the
Agency
M6 Completion
of D.1 and D.2
Must be completed by
$ 39,000.00
Phase D –
Accepted by the
19 April 2024, or as
Implementation
Agency
otherwise agreed by the
(Payment of 5% of
Support
Parties
the Total Contract
Fee)
FOIREQ25/00170 029
Invoicing
5. The Service Provider must submit a correctly rendered Tax Invoice at the completion of each
Milestone.
6. All invoices submitted by the Service Provider must meet the requirements of a correctly rendered
Tax invoice as set out in clause 14.4.2 of the Head Agreement, and must:
(a) include the Milestone description;
(b) include the Work Order number; and
(c) be correctly addressed to the Agency Representative; and
(d) contains tax invoice details as required by the
A New Tax System (Goods and Services
Tax) Act 1999 (Cth).
7. If the Service Provider has incorrectly charged the Agency, the Service Provider:
(a) in the case of overcharge, must refund any amount overcharged promptly and in any
event within seven days of becoming aware of, or being notified of, the overcharging; and
(b) in the case of undercharge, may issue a Correctly Rendered Tax Invoice for any amounts
undercharged to the Agency, but may only do so within six months from the date the
incorrect charge was made to the Agency.
8. If the Agency disputes any amounts paid or to be paid to the Service Provider:
(a) the Agency will request the Service Provider to submit an invoice for the amount that is
not in dispute;
(b) the Agency will pay the amount stated in a correctly rendered Tax Invoice that is issued in
response to a request made under clause paragraph 6 of this Attachment C;
(c) the Agency may withhold from further payments any such disputed amounts and clause
27.3 of the Head Agreement will apply; and
(d) the Service Provider must not stop or cause any delay in supplying the Services.
FOIREQ25/00170 030
Attachment D: Strategic Review methodology and plan
[To be appended once approved by the Agency in accordance with the procedure described in
Deliverables A.6 to A.9]
FOIREQ25/00170 031
Schedule 6A – Order Variation Template
Parties
A.
Commonwealth of Australia as represented by the Office of the Australian
Information Commissioner ABN 85 249 230 937 (
Agency); and
B.
Nous Group Pty Ltd ABN 66 086 210 344 (
Service Provider)
Recitals
A.
The Agency and the Service Provider are party to an Order dated 13
October 2023 for the provision of services to deliver a Strategic Review of
the Agency, including an assessment of the current structures, functions,
governance, capability and regulatory posture and advice to the Information
Commissioner and Secretary to the Attorney-General’s Department about
potential changes to strengthen Agency’s capacity, capability and influence
into the future, for the benefit of the Australian community.
B.
The parties wish to vary the Order as provided by this Deed of variation.
The parties agree as fol ows:
The Order is varied in accordance with the terms set out below. Unless specifically stated in
this Order Variation, all terms and conditions of the Order continue unaffected.
1. Order
Variation
number 1
2. Raised
by
Agency
3.
Details of change (use
Additional culture and leadership work, as described in
attachments if required)
Attachment A.
4. Implementation
date
of 15 February 2024
variation
5. Effect
on
services
Order expiry date:
30 June 2024
Milestones:
Milestone 5 amended to remove ‘and Implementation
Plan by the Agency’
New Milestone 5A – ‘Completion of culture and
leadership support and acceptance of implementation
plan by the Agency’
Subcontractors:
Editor Group
Phase D Implementation Support:
Duration amended to four weeks of additional effort
Completion date amended to 30 June 2024
Culture and leadership work:
The Service Provider will support the Agency in
addressing culture and leadership issues identified
during the strategic review. This will include:
72
FOIREQ25/00170 032
(a)
Conducting a workshop with the OAIC’s
current leadership team to explore the
culture and leadership issues identified in
the Strategic Review;
(b)
Conducting a workshop with the OAIC’s
current leadership team and its incoming
commissioners to identify agency wide
expectations and strategies connected to
culture and leadership and to support the
leadership team to develop individual and
collective plans of action to create change;
(c)
Providing to the Agency a written summary
of actions arising from these workshops;
(d)
Conducting 1:1 interviews with key OAIC
leaders before and after the workshops (up
to six in total).
6. Plan
for
implementing
the
Not applicable
change [if any]
7.
Effect on price [if any]
Total Contract Fees are $810,000 (GST inclusive) plus
(a)
disbursements up to $7,700 (GST inclusive)
for editing services; and
(b)
any additional costs required to deliver
Milestone M5A in person (rather than
virtually), which will be agreed between the
Parties and invoiced in addition to the Total
Contract Fee.
New Milestone 5A:
Milestone: Culture and leadership support and delivery
of implementation plan
Deliverable: C.8 and D.4 Accepted by the Agency
Timeframe: Must be completed by 22 March 2024, or
as otherwise agreed by the Agency.
Milestone Payment (GST inclusive): $ 30,000.00
8. Effect
on
service
levels
[if
B.10 – Delivery of Interim Strategic Review Report by
any]
15 22 January 2024
C.3 – Delivery of Final Strategic Review Report by 5 19
February 2024
9.
Other relevant matters (e.g. Not applicable
transitional impacts)
73
FOIREQ25/00170 034
175 Pitt Street
Sydney, NSW, 2001
ABN 85 249 230 937
Date of Issue 03.06.2024
Purchase Order
Purchase Order No. 4500171099
NOUS GROUP PTY LTD
Vendor No.
850627
PO BOX 13069, MELBOURNE L
MELBOURNE VIC 8010
Contract No.
Order Enquiries
LORRAINE NURNEY
Payment Terms
20 days
Deliver Goods/Services to:
Send Invoice to:
Attention:
xxxxxxxxxxx@xxx.xxx.xx
Accounts Payable
Office of the Australian Info Commission
GPO Box 5218
SYDNEY NSW 2001
Important: Invoices must be sent as a PDF by email or as an
e-invoice using the PEPPOL online framework. Purchase Order
No.
4500171099 must be quoted on your invoice.
Line
Delivery
Unit Price
Amount
Description
Qty
GST
No
Date
(GST Inc)
(GST Inc)
10
Organisational redesign/change mgt
MAS Panel order: 24/000110
1.00
350,000.00
31,818.18
350,000.00
*** Item completely delivered ***
Total Price (including GST if applicable)
$
31,818.18 $
350,000.00
Office of the Australian Information Commissioner (OAIC) is e-invoicing enabled and can receive invoices via this channel. Please email the
Procurement Team at xxxxxxx@xxxx.xxx.xx to make arrangements.
Special Conditions
A `correctly rendered invoice' is one that quotes the purchase order number and is sent as a PDF by email to xxxxxxxxxxx@xxx.xxx.xx, or as an
e-invoice via a certified PEPPOL Access Point. Invoices rendered incorrectly will be returned unpaid to the supplier for correction. Maximum
payment terms only apply to correctly rendered invoices where satisfactory delivery of goods or services are acknowledged.
Goods and services purchased under this Purchase order will be required to meet the WHS legislative requirements. In particular, Material Safety
Data Sheets (MSDS) must be provided for all hazardous substances being purchased, as required under the WHS legislation.
Page 1 of 1
TAX INVOICE
FOIREQ25/00170 036
Attorney General's Dept (Fed)
Nous Group Pty Ltd
Central Office,
P.O. Box 13069
3-5 National Circuit,
Melbourne Law Courts
Barton
VIC 8010
Australian Capital Territory 2600
Australia
Australia
Accounts Payable
Invoice Ref : INV13196
Invoice Date :
02 November 2023
Client Ref :
4500167798
Fees for professional services rendered in accordance with the Order for Services for the Strategic Review of
OAIC engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001)
Strategic Review of OAIC
Amount
M1 Acceptance of the Strategic Review methodology and plan
70,909.00
Sub-total
70,909.00
GST 10%
7,090.90
Total AUD
77,999.90
Payment Terms: Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
BSB:
Account No:
Swift Code:
Registered office: Nous Group Pty Ltd, Level 19, 567 Collins Street, Melbourne, VIC 3000 ABN: 66 086 210 344
Page 1
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
TAX INVOICE
FOIREQ25/00170 039
Accounts Payable
Nous Group Pty Ltd
Attorney General's Dept (Fed)
P.O. Box 13069
Central Office,
Melbourne Law Courts
3-5 National Circuit,
VIC 8010
Barton
Australia
Australian Capital Territory
2600
Invoice Date: 01 Dec 2023
Australia
Invoice Ref:
INV13407
Client Ref:
4500167798
Fees for professional services rendered in accordance with the Order of Services for the Strategic Review of OAIC
engagement commencing on 16/10/2023.Cost Centre: 107004 (OTH0024001)
Strategic Review of OAIC
Amount
M2 Completion of Phase A
177,273.00
Sub-total
177,273.00
GST 10%
17,727.30
Total AUD
195,000.30
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 19, 567 Collins Street, Melbourne, VIC 3000 ABN: 66 086 210 344 Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 042
Attorney General's Dept (Fed)
Nous Group Pty Ltd
Central Office,
P.O. Box 13069
3-5 National Circuit,
Melbourne Law Courts
Barton
VIC 8010
Australian Capital Territory 2600
Australia
Australia
Accounts Payable
Invoice Ref : INV13608
Invoice Date :
21 December 2023
Client Ref :
4500167798
Fees for professional services rendered in accordance with the Order of Services for the Strategic Review of OAIC
engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001)
Strategic Review of OAIC
Amount
M3 Presentation of preliminary findings and recommendations
141,818.00
Sub-total
141,818.00
GST 10%
14,181.80
Total AUD
155,999.80
Payment Terms: Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
BSB:
Account No:
Swift Code:
Registered office: Nous Group Pty Ltd, Level 19, 567 Collins Street, Melbourne, VIC 3000 ABN: 66 086 210 344
Page 1
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
TAX INVOICE
FOIREQ25/00170 043
Accounts Payable
Nous Group Pty Ltd
Attorney General's Dept (Fed)
P.O. Box 13069
Central Office,
Melbourne Law Courts
3-5 National Circuit,
VIC 8010
Barton
Australia
Australian Capital Territory
2600
Invoice Date: 05 Feb 2024
Australia
Invoice Ref:
INV13794
Client Ref:
4500167798
Fees for professional services rendered in accordance with the Order of Services for the Strategic Review of OAIC
engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001)
Strategic Review of OAIC
Amount
M4 Acceptance of the Interim Strategic Review Report
177,273.00
Sub-total
177,273.00
GST 10%
17,727.30
Total AUD
195,000.30
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 19, 567 Collins Street, Melbourne, VIC 3000 ABN: 66 086 210 344 Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 044
Accounts Payable
Nous Group Pty Ltd
Attorney General's Dept (Fed)
P.O. Box 13069
Central Office,
Melbourne Law Courts
3-5 National Circuit,
VIC 8010
Barton
Australia
Australian Capital Territory
2600
Invoice Date: 23 Feb 2024
Australia
Invoice Ref:
INV13911
Client Ref:
4500167798
Fees for professional services rendered in accordance with the Order of Services for the Strategic Review of OAIC
engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001)
Strategic Review of OAIC
Amount
M5 Acceptance of the Final Strategic Review Report
106,364.00
Sub-total
106,364.00
GST 10%
10,636.40
Total AUD
117,000.40
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 23, 697 Collins St, Docklands, VIC, 3008 ABN: 66 086 210 344
Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 045
Accounts Payable
Nous Group Pty Ltd
Attorney General's Dept (Fed)
Level 23
Central Office,
697 Collins St
3-5 National Circuit,
Docklands
Barton
VIC
Australian Capital Territory
8010
2600
Australia
Australia
Invoice Date: 13 Mar 2024
Invoice Ref:
INV14035
Client Ref:
4500167798
Fees for professional services rendered in accordance with the Order of Services and Order Variation for the
Strategic Review of OAIC engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001).
Strategic Review of OAIC
Amount
Editing services: engagement of Editor Group to review Final Report
6,940.00
Sub-total
6,940.00
GST 10%
694.00
Total AUD
7,634.00
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 23, 697 Collins St, Docklands, VIC, 3008 ABN: 66 086 210 344
Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 046
Accounts Payable
Nous Group Pty Ltd
Attorney General's Dept (Fed)
Level 23
Central Office,
697 Collins St
3-5 National Circuit,
Docklands
Barton
VIC
Australian Capital Territory
8010
2600
Australia
Australia
Invoice Date: 25 Mar 2024
Invoice Ref:
INV14116
Client Ref:
4500167798
Fees for professional services rendered in accordance with the Order of Services for the Strategic Review of OAIC
engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001)
Strategic Review of OAIC
Amount
M6 Completion of Phase D
35,453.90
Sub-total
35,453.90
GST 10%
3,545.39
Total AUD
38,999.29
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 23, 697 Collins St, Docklands, VIC, 3008 ABN: 66 086 210 344
Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 047
Accounts Payable
Nous Group Pty Ltd
Attorney General's Dept (Fed)
Level 23
Central Office,
697 Collins St
3-5 National Circuit,
Docklands
Barton
VIC
Australian Capital Territory
3008
2600
Australia
Australia
Invoice Date: 14 May 2024
Invoice Ref:
INV14503
PO Number:
4500167798
Fees for professional services rendered in accordance with the Order of Services for the Strategic Review of OAIC
engagement commencing on 16/10/2023. Cost Centre: 107004 (OTH0024001)
Culture and leadership support
Amount
M5A Culture and leadership support and delivery of implementation plan
27,272.74
Culture and leadership support - Travel Expenses
Amount
Additional costs required to deliver Milestone M5A in person
609.61
Sub-total
27,882.35
GST 10%
2,788.23
Total AUD
30,670.58
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 23, 697 Collins St, Docklands, VIC, 3008 ABN: 66 086 210 344
Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 048
Annan Boag
Nous Group Pty Ltd
Office of the Australian Information Commissioner
Level 23
Melbourne
697 Collins St
Docklands
Victoria
VIC
3000
3008
Australia
Australia
Invoice Date: 27 Jun 2024
Invoice Ref:
INV15004
Client Ref:
4500171099
PO Number:
4500171099
OAIC Structure and Change Management - Services
Amount
M1: Delivery of communications plan and organisation structure design principles
111,363.64
Sub-total
111,363.64
GST 10%
11,136.36
Total AUD
122,500.00
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 23, 697 Collins St, Docklands, VIC, 3008 ABN: 66 086 210 344
Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
TAX INVOICE
FOIREQ25/00170 049
Accounts Payable
Nous Group Pty Ltd
Office of the Australian Information Commissioner
Level 23
175 Pitt Street
697 Collins St
Sydney
Docklands
New South Wales
VIC
2000
3008
Australia
Australia
Invoice Ref:
INV15414
Invoice Date: 04 Sep 2024
Client Ref:
4500171099
PO Number:
4500171099
OAIC Structure and change management Services
Amount
M2: Delivery of new organisation structure proposal
111,363.64
M3: Delivery of change management plan
95,454.54
Sub-total
206,818.18
GST 10%
20,681.82
Total AUD
227,500.00
Payment Terms:
Within 20 days of receipt.
Please make payment to:
Account Name:
Nous Group Pty Ltd
Bank:
s 47G
Sort Code:
Account No:
Swift Code:
VAT Number
Registered office: Nous Group Pty Ltd, Level 23, 697 Collins St, Docklands, VIC, 3008 ABN: 66 086 210 344
Page
Please forward remittance advice to xxxxxxxx.xxxxxxxxxx@xxxxxxxxx.xxx.xx +61 3 8602 6200 nousgroup.com
1
