1 introduction - department of health and human services · web view1.1 what is the service...

Guidelines for the Service agreement compliance certification (SACC) formFor organisations funded by:• Department of Health and Human Services• Department of Education and Training• Adult, Community and Further Education Board

November 2017

Guidelines for the Service Agreement Compliance Certification (SACC) form 2

Guidelines for the Service agreement compliance certification (SACC) formFor organisations funded by:• Department of Health and Human Services• Department of Education and Training• Adult, Community and Further Education Board

November 2017


To receive this publication in an accessible format, email the Monitoring Framework Helpdesk <[email protected]>

Authorised and published by the Victorian Government, 1 Treasury Place, Melbourne.

© State of Victoria, Department of Health and Human Services, November 2017

Available on the Service agreements intranet page <https://intranet.dhhs.vic.gov.au/service-agreements>

Contents


https://intranet.dhhs.vic.gov.au/service-agreements

mailto:[email protected]

mailto:[email protected]

1 Introduction............................................................................................................................................................ 61.1 What is the Service agreement compliance certification ?....................................................................................61.2 Purpose of document............................................................................................................................................ 71.3 Why certification?.................................................................................................................................................. 71.4 Reducing red tape................................................................................................................................................. 71.5 SACC form and the monitoring of key risk areas..................................................................................................81.6 Where is the SACC form located?........................................................................................................................8

2 Scope...................................................................................................................................................................... 93 SACC requirements for funded organisations..................................................................................................103.1 Certification......................................................................................................................................................... 103.2 Policy implementation......................................................................................................................................... 103.3 Completion of SACC........................................................................................................................................... 113.4 SACC functions and actions for funded organisations........................................................................................133.5 Option of manually submitting the certification form............................................................................................14

SACC requirements for department and ACFE staff...........................................................................................154.1 Actions for departmental staff............................................................................................................................. 15

Appendix 1: Service agreement Certification Compliance form.........................................................................18


1 Introduction

1.1 What is the Service agreement compliance certification?Organisations with Service agreements with the Department of Health and Human Services (DHHS), the Department of Education and Training (DET) and/or Adult, Community and Further Education Board (ACFE) must complete a Service agreement compliance certification (SACC) form to certify annually that they are compliant with Service agreement requirements.

These requirements include the following:

1. Financial management: the organisation has used funding as outlined in their Service agreement the organisation is financially viable and able to continue to provide services the organisation has prepared its financial reports and any audit reports and maintains an asset

register for organisations that only receive ACFE funding, FAR analysis is not required; however organisations

who receive DHHS or DET funding are required to submit a Business and governance status (BGS) assessment.

2. Risk management risks are managed in accordance with the Australian/New Zealand Risk management standard or

similar risk treatment the risks are reviewed annually the board or other high level committee have confirmed that the organisation’s risk management

practices are satisfactory.3. Privacy

the organisation’s practices and systems are compliant with the Privacy and Data Protection Act 2014 and the Health Records Act 2001 to protect personal and health information.

4. Staff safety screening referee checks, police record checks and Working with children checks (if relevant) have been

completed. this includes the Disability Worker Exclusion List and the Disqualified Carer Check the department’s policy includes employment history checks, including disciplinary action disclosure

and checks of qualifications and training. 5. ACFE Business and Governance Status (BGS)

the organisation has submitted an up-to-date ACFE BGS, or is eligible for an exemption to the BGS requirement under current ACFE guidelines (note: reference to ACFE BGS or a VET funding contract under the Skills First Program in this document is applicable when the organisation is funded by ACFE).

The risk attestation form and the financial certification form have been consolidated into one SACC form, and privacy and staff safety screening questions have been added to mitigate risk.

Funded organisations are required to be compliant with all the terms and conditions of the Service agreement. By signing and submitting a SACC form, organisations are confirming to the department that they have appropriate systems in place to comply with the specified policies defined in the Service agreement information kit (SAIK).

The SACC form is completed and submitted on the Service agreement module (SAM) via My agency (Funded agency channel). The SACC must be submitted to the department three months after the organisation’s financial operating period, or seven days after the organisation’s Annual general meeting.


Organisations will continue to use the Compliance tab in SAM to complete the SACC form. For a step by step ‘how-to-guide’, please access the online user manual How To Complete Your Service agreement compliance certification in the Service agreement module.

The new SACC form is part of the refreshed Funded organisation performance monitoring framework (the framework). The framework is a key department policy supporting service quality and sustainability for organisations funded under Service agreements. Monitoring for organisations funded through a Service agreement is undertaken on an ongoing basis through the collection of information and regular engagement between departmental staff and organisations.

1.2 Purpose of documentThis document provides assistance to funded organisations to complete the new SACC form. It details the context for how SACC was developed and confirms what and how information should be recorded.

The document outlines the responsibilities of funded organisations and department staff involved in the management and analysis of SACC data. A copy of the SACC form is provided in Appendix 1.

1.3 Why certification?The Funded organisation monitoring performance framework describes an end-to-end process for monitoring staff to assess funded organisations compliance with the Service agreement. It confirms the key policy and operational requirements to be applied by monitoring staff for assessing a funded organisation’s compliance with the Service agreement.

The framework provides a range of monitoring tools and a system for recording and sharing monitoring activity. A new monitoring tool, SACC, commenced from July 2016 to organisations funded by DHHS and DET. On 1 January 2017, the SACC monitoring tool was applied to organisations funded by ACFE.

The development of SACC was proposed in the Funded organisation performance monitoring review report (2014).

The benefits of the SACC form include:

• improved monitoring of organisations• streamlined process of communications and reminders to organisations.

The SACC form seeks funded organisation to confirm their compliance in regard to the following:

• to certify annually that their practices are in compliance with the department’s staff safety screening policies• to certify annually their annual compliance with the Privacy and Data Protection Act and Health Records Act in

the SACC form (Clause 17 of the Service agreement)• to certify their compliance with risk management requirements (clause 20 of the Service agreement)• to certify their compliance with financial accountability reporting (Clauses 6 and 8 of the Service agreement)

ACFE funded organisations have an additional requirement to confirm their compliance regarding:

• compliance with ACFE Business Governance Status Assessment – clause 8.

1.4 Reducing red tapeThe new SACC form reduces administrative burden by enabling organisations to complete one form instead of two. The forms previously comprised separate financial certification and risk management attestation.

Other features of the monitoring framework help to reduce administrative burden by:

• driving greater consistency about what data and documents the department’s divisions and areas request of organisations

• enabling better sharing of monitoring information across the department using SAMS2 and therefore reducing duplicate requests to funded organisations for information.


1.5 SACC form and the monitoring of key risk areas The SACC form questions relate to sections of the Service agreement, as summarised below:

• compliance with risk management – clause 20 • compliance with financial accountability reporting – clause 6 and 8 • compliance with privacy – clause 17 • compliance with staff safety screening is an ‘Applicable Departmental Policy’ • compliance with ACFE Business Governance Status Assessment – clause 8.

1.6 Where is the SACC form located?The SACC form is accessed via the Service agreement module (SAM) which is available by using the Compliance Tab of the Funded agency channel(FAC).

When an organisation submits the SACC, the information is recorded in the Service agreement management system (SAMS2), which is the department’s system used to manage and monitor Service agreements.

These SACC guidelines are available from the online Service agreement information kit. The step-by-step guide is available from the Funded agency channel.


2 ScopeTable 1 confirms which organisations are required to complete the SACC and those that are exempt. For some organisations in scope of the SACC form, there are exemptions for some questions/requirements.

Table 1: SACC requirements and exemptions

SACC form required SACC form NOT required

Risk management questions do not apply to the following organisations:

Financial statements are not submitted by the following organisations – although they still respond to the four financial management SACC questions:

• Organisations that are funded by DHHS, DET and/or ACFE through a Service agreement.

• Organisations in scope of the Carer Register, the Disability Worker Exclusion Scheme and Human Services Standards and Accreditation.

• Organisations that only receive funding under a Short Form Common Funding Agreement

• Hospitals are excluded when they:- already complete

financial reports to DHHS on a monthly basis

- complete a risk management attestation / certification and are scrutinised by the Health Services Commissioner in relation to their compliance with the Health Records Act and the Privacy and Data Protection Act where there is staff file sampling as part of accreditation processes and other compliance requirements, including the Australian Health Practitioner Regulations.

• TAFEs and universities

• some statutory bodies

• other organisations that already complete a risk management attestation/certification to the Victorian Government. This could be part of their annual reporting requirements under the Financial Management Act or publishing similar certification in their annual reports as required by legislation.

• local government

• universities/TAFE

• government schools

• organisations that only receive ACFE funding but no DHHS or DET funding – these organisations are required to submit BGS unless an exemption applies.


3 SACC requirements for funded organisations

3.1 CertificationFor reporting periods after 30 June 2016, organisations funded by DHHS and/or DET are required to complete a SACC form.

For all reporting periods ending after 30 June 2017, organisations funded by ACFE are required to complete a SACC form.

Funded organisations are required to complete the SACC form for the previous reporting period to confirm the following:

• organisation is financially viable and able to continue to provide services • financial reports, asset register and if relevant, audit report have been prepared• risks have been managed in broad alignment with the Australian/New Zealand Risk Management Standard or

similar risk treatment. Small organisations need to have a risk treatment plan that covers risk descriptions, treatments, responsibilities, implementation dates, monitoring and review and implementation status.

• organisations have reviewed:– its risk management processes in the past year– that the board/high level committee is satisfactorily managing its risks

• the organisation has undertaken referee checks, police record checks and, if relevant, Working with Children Checks. If your organisation is unsure about whether you must complete Working with Children Checks, please read the Department of Justice and Regulation website

• that the organisation’s practices and systems are compliant with the Privacy and Data Protection Act 2014 and the Health Records Act 2001 to protect personal and health information

• the organisation has submitted BGS or is eligible for an exemption to the BGS requirement under current ACFE guidelines.

3.2 Policy implementationFunded organisations are required to ensure that their services and operations are addressing the requirements of policies outlined in the online Service agreement information kit (SAIK). The relevant policies linked to the SACC questions are as follows:

• 3.6.1 Financial records• 3.8.2 Financial Accountability Requirements• 3.20.2 Risk Management• 3.17 Privacy, Data Protection and Protected Disclosures • 3.6.2 Record Keeping• 4.6 Safety screening for funded organisations

The Victorian Management Insurance Authority (VMIA) provides useful tools for implementing risk management processes.


3.3 Completion of SACC The SACC form is accessed via the Funded agency channel, then Service agreement module, then Compliance Tab.

The organisation officer submitting the SACC form should be a director, chairperson, chief executive officer, president, principal, treasurer or similarly authorised roles.

Before submitting the SACC form, all questions need to be completed. The SACC form comprises the following sections:

• four finance management questions• three risk management questions• three staff safety screening questions • one privacy question• one ACFE BGS question.

An organisation that responds ‘yes’ to all questions and formally submits the SACC in SAM, confirms that the organisation has assessed that they are compliant with the relevant policies listed in the SAIK. When the organisation formally submits a SACC that demonstrates compliance to all policies, an email alert is provided to the monitoring coordinator.

The department references the SACC in relation to the completion of a Desktop review and how they will undertake ongoing monitoring throughout the year for that organisation.

Figure 1 outlines the key steps involved for organisations that confirm they are compliant with the policies referenced in SAIK.

Figure 1: Key steps for the department or ACFE organisations that provide all ‘yes’ answers to SACC questions

Funded organisations that respond ‘No’ or ‘In Part’ to any of the SACC questions are required to provide a brief comment (one or two sentences) against each of the questions. The comment should confirm the actions that the funded organisation will undertake to fully address the requirements of the policy. The actions would outline how the funded organisations are working to improve practice in relation to finance, risk, screening and/or information privacy.

Some examples of answers with explanatory comments are outlined below:

• The organisation answers ‘In Part’ to the risk management practice question, the comment provided is: ‘The organisation is reviewing its risk management strategy which is expected to be completed by 5 March 2017’.

• For the staff safety screening question, the organisation answers ‘Yes’ to the three questions, and a comment is provided: ‘The Human Services Standards accreditation process found gaps in compliance with the department’s police checks policy earlier in the year and the organisation has instigated a new procedure that ensures compliance with safety screening requirements’.


Department reviews the SACC and considers data in Desktop review and for monitoring requirements

Department is notified that SACC has been submitted

Organisations with full compliance to policies answer ‘yes’ to questions and submit SACC in FAC

Organisations complete the SACC form and attach Financial statements

Organisations access SACC form via the Funded agency channel, Service agreement module

Organisations assess if their services address policies outlined in the Service agreement information kit

• The organisation answers ‘In Part’ to the privacy question, and the comment provided is: ‘Allegations of breaches of privacy were lodged by complainants with the Health Services Commissioner during the reporting period. The organisation is applying new measures for the protection and disposal of personal information’.

Where an organisation answers ‘No’ or ‘In Part’ to a SACC question formally submitted in SAM, this will register a Live Monitoring issue in SAMS2 and trigger an alert to the Monitoring coordinator for them to assess the issue and if necessary follow up with the funded organisation to resolve.

Figure 2 outlines the steps involved for organisations that provide ‘No’ or ‘In Part’ responses to the SACC questions and the follow up actions which the department is required to undertake.

Figure 2: Key steps for the department and ACFE funded organisations that respond ‘no’ or ‘in-part’ to SACC questions


SACC form submitted with answers that include ‘yes’, ‘no’ and/or ‘in part’ to questions

For questions with ‘no’ or ‘In part’ response, a Live monitoring issue is raised in SAMS

Department must follow-up with organisation to develop actions to ensure their compliance with policies

Department reviews SACC information for Desktop review and ongoing monitoring requirements

Organisations assess compliance with policies. Records non or in part compliance

Organisations complete the SACC form and attach Financial statements

Organisations access SACC form via the Funded agency channel, Service agreement module

Organisations assess if their services address policies outlined in the Service agreement information kit

3.4 SACC functions and actions for funded organisations Table 2 confirms the key SACC functions and the corresponding actions that funded organisations need to undertake. In updating the SACC in SAM, registered users should reference the guide How to Submit Your Service agreement Certification Compliance in the Service agreement Module. This guide provides step-by-step instructions on how to operate the technical requirements in SAM to complete SACC.

Table 2: SACC functionality and funded organisations actions and responsibilities

SACC functionality Funded organisations’ actions and responsibilities

Confirmation of organisational contacts and due dates in SACC• The system confirms the default due date,

which is approximately 90 days after the end date of the annual reporting period

• Regularly update the organisation’s email address with the most relevant staff member selected as the ‘primary contact’.

Email notifications• The organisation’s primary contact and the

person submitting the SACC form will receive emails.

• The organisation will receive an email from the department reminding the organisation about the upcoming reporting period.

• The organisation will receive an email requesting that the SACC form is completed at the end of the reporting period.

• The organisation will receive a reminder email 16 days before the SACC form is due.

• The organisation will receive a reminder email about an overdue SACC form, 7 days after the due date and three months later if still ‘Open’ (if applicable).

• The organisation will receive an email notification that follow-up is required in relation to an incomplete SACC form (if applicable).

• The organisation will receive a confirmation email that an organisation user has submitted a SACC form. A copy is also sent to the organisation’s ‘Primary Contact’.

• Confirm users involved in updating SACC and regularly update the organisation’s email address, which includes confirmation of the ‘primary contact’.

• Record and update the organisation’s anticipated Annual general meeting (AGM) date in SAM. This will automatically update the SACC due date.

• Respond to email alerts regarding the requirements to update the SACC within recommended timeframe.

• Respond to email alerts regarding the requirements to follow-up and finalise incomplete SACC forms.

• Discuss overdue SACC forms with the department.

Adding attachments for SACC• Organisational user to able to submit SACC

forms that are verified or completed including attachments regarding financial data or a URL.

• When financial data or a website link is submitted in SAM, an automatic email is provided to the department to advise them to begin their financial analysis.

• Organisation can partially complete the SACC form before submitting the financial data.

• Organisations need to attach relevant financial data and/or website links in the ‘Organisation Compliance Tab’ in SAM. This includes the information of the location of the organisation’s Annual report, a Financial indicator statement or a Cash indicator statement.


SACC functionality Funded organisations’ actions and responsibilities

Completing the SACC form• Organisational user to complete and save

answers in the SACC form.• Organisational user to complete one or more

questions and allow other questions to remain blank for other organisation users to complete.

• Organisational user to complete to provide Yes/No/In Part/Not Applicable responses for each of the questions and provide comments if necessary.

• Click ‘open SACC form’ at the end of the reporting period.

• Provide Yes/No/In Part/Not Applicable responses and provide comments if necessary.

• For questions where the organisations have provided ‘No’ or ‘In Part’ answers ensure there are follow-up discussions with the department regarding follow-up actions.

Editing SACC• Organisational user requires access to save

answers while the SACC form status is ‘open’.• Organisational users to edit a saved SACC

form prior to clicking ‘submit’.

• Organisation users provide Yes/No/In Part/Not Applicable responses and provide short comments for questions where appropriate.

Submitting and viewing the SACC form• The department contact will be sent an email

when the SACC form has been submitted.• Organisation user receives a confirmation

email when the SACC form has been submitted.

• Organisation user to see the new SACC form for the next reporting period after the current SACC form is submitted and verified by the department or ACFE.

• Organisation user has capacity to ‘View submitted SACC form’ from the Organisation Compliance Tab (read only).

• After the organisation users has responded to the questions, they need to click ‘submit’ in the SACC form.

• Organisation user is able to view when the SACC form was verified/completed by the department or ACFE.

3.5 Option of manually submitting the certification formOrganisations can ask to submit their SACC form via email or manually via the post. This should only occur in exceptional circumstances as department staff will then have to complete the form online in SAM, on behalf of the organisation.

Word versions of the SACC form can be provided by your departmental or ACFE contact.


SACC requirements for department and ACFE staff

4.1 Actions for departmental staffTable 3 confirms SACC functions and the corresponding actions that department monitoring staff need to undertake to finalise the SACC. To support them in completing the actions, they should reference the guide How to Submit Your Service agreement Certification Compliance in the Service agreement Module. This guide provides step-by-step instructions on how to operate the technical requirements in SAM to complete SACC.

Table 3: SACC functionality and funded organisations actions and responsibilities

SACC functionality Department actions and responsibilities

Confirm SACC due date• The system confirms the default due date for the

SACC against an organisation, which is approximately 90 days after the end date of the annual reporting period.

• Departmental users can view and change the SACC due date and AGM date.

• Departmental users can change the organisation’s exempt status in SAMS2.

• Departmental staff access SAMS2 to assess which organisations are required to submit SACC forms and the due dates.

• Through SAMS2, departmental staff should review the Risk Attestation Exempt flag, the FAR Exempt flag, the Certification Only flag and the SACC Optional flag.

• Departmental users to modify due dates when requested by organisations.

Email notifications• Email notifications will be sent to the monitoring

coordinator and the desktop review lead division/region/group.

• The monitoring coordinator is notified when the organisation has an overdue SACC form. This occurs seven days after the SACC due date and a reminder three months later if the SACC form is still ‘Open’.

• The monitoring coordinator is notified when the SACC form is submitted and after FAR analysis is approved and completed.

• The monitoring coordinator is notified if a draft Live Monitoring issue has been automatically created by SAMS2, due to an incomplete SACC form being submitted by the organisation.

• Departmental financial staff receive a notification email when a SACC form has been submitted.

• Departmental users need to respond to email alerts when organisations attach information within the Compliance tab.

Submitting the SACC form• SAMS has a field titled ‘submitted by’ that will

contain the name of the organisation contact who submitted the SACC form.

• View when the SACC form has been submitted.

• Enter and submit SACC form on behalf of organisation (if requested by an organisation that does not have access to information technology). The access required is ‘Business System Administrator’ or ‘Manual Organisation Compliance Responsibility’.



Viewing and printing the SACC form• SACC form can be accessed via Funded agency

channel.• SACC form can be printed in structured A4

format via Funded agency channel.

• View the organisation’s AGM date.

• View data when the organisation submitted the SACC form.

• Monitor the organisation’s completion of the SACC form.

• View organisation’s latest SACC form and questions/answers in detail.

• View past SACC forms and responses.

• View information about SACC forms which have been submitted, but not fully completed.

• View when departmental staff have verified and completed the SACC form.

• Print SACC form in a structured A4 format for sending and/or filing.

• See the emails sent to the organisation which relate to the SACC form.

• By viewing the SACC form, be informed of any risks associated with the organisation and discuss ‘In Part’ answers with the funded organisation.

SAMS2 Live Monitoring• For organisation answers of ‘No’ or ‘In Part’ to a

question in the SACC form it auto-creates a SAMS2 Live Monitoring issue/s.

• System created Live Monitoring Issues will appear in My Monitoring Space Reports for ease of tracking.

• Reports that detail aggregate SACC data can be created in SAMS2 and be exported to Excel.

• Discuss an incomplete SACC form with the organisation to determine a resolution.

• The monitoring coordinator is accountable to address the issues raised in live monitoring that have originated from SACC.



FAR analysis(FAR analysis is not required for organisations that only receive ACFE funding, without DHHS or DET funding. These organisations are required to submit BGS.)• When the department has completed the

financial analysis and key risks are identified, it may lead to issues being recorded in Live monitoring.

• Question 3 requires the funded organisation to confirm that they have prepared their financial reports, including those that need to be audited.

• For organisations in scope, organisations must submit financial data before the department’s financial staff can verify the SACC form.

• Departmental staff should be aware that organisations are required to submit their financial reports in FAC. Organisations are provided email reminders to undertake this task. Reminders will be provided twice to funded organisations to complete the SACC.

• When an organisation does not record any information in the SACC, this will be identified in SAMS2.

• If the organisation has responded ‘no’ or ‘In Part’ to any questions, the SACC system will automatically raise an issue in Live monitoring for the monitoring co-ordinator to follow-up.

• When the audited financial statements are submitted, the financial analysis is undertaken within DHHS. The financial analysis for a funded organisation is assigned to a departmental financial staff member working within the divisions, regions or central office.

• When DHHS finance staff have confirmed that the required financial documents have been submitted, the finance staff are required to update the SACC record status in SAMS2 from ‘submitted’ to ‘verified’. This will confirm on the system that the organisation has correctly submitted the required financial documents to DHHS.

• DHHS financial staff are required to undertake a FAR analysis of those financial documents and prepare notes.

• These notes will confirm if the organisation is compliant or if specific risks or issues have been identified. These notes are then submitted to an approver.

• The approver reviews the FAR analysis and if satisfied, will approve the FAR statement in SAMS2. This will automatically change the status of the SACC record from ’verified to ‘completed’.

• If DHHS finance staff have confirmed risks or issues, then the submitted FAR record may include recommendations that a review is required or the outcome is unsatisfactory. If the approver confirms this analysis, their approval on the system will automatically raise Live monitoring issues for the monitoring co-


Appendix 1: Service agreement Certification Compliance form

Figure 3: Screen shot of first two questions


Figure 4: Screen shot of last three questions


1 introduction - department of health and human services · web view1.1 what is the service...

Documents