Victoria’s Quarantine Hotel Security Program Part 1

This three-part series for our procurement audience by Paul Rogers is about the award of a $30m+ contract to a non-approved supplier by a Department in the Victorian State Government. The perspective adopted is not a political one, but rather an exploration of the procurement processes that may help organisations avoid similar malpractice in the future. 

Part One will explore the sourcing and negotiation phases. Part Two will explore the contract terms and Part Three will explore the systemic issues raised for the Victorian State Government and for the status of procurement in Australia. All of the information referenced is in the public domain and my motivation is to highlight what happens when an organisation relies on external providers but lacks the capability to act as an intelligent customer. An intelligent customer is an entity that is capable of engaging with supply markets in a mature way and achieving value from the interaction.

What was the contract for?

The contract was for security services to prevent any COVID-19 infected passengers put into enforced quarantine in hotels from infecting others in the community.

Why is this particular contract significant?

Unified Security was not on the Victorian State Government’s own State Purchasing Contract for Security Services. In spite of this, the relevant State Government Department, the Department of Jobs, Precincts and Regions (DJPR) gave the firm a contract for $30m after at most 36 hours of discussions. Subsequently, Unified’s role was expanded to oversee security at 13 hotels. The company has come under scrutiny in the official inquiry into hotel quarantine because of allegations Unified sub-contracted work to guards not trained in infection control, who then contracted the virus while working at Rydges Hotel on Swanston.

Transmission between quarantined returned travellers and security staff working at Rydges on Swanston and the Stamford Plaza led to Victoria’s second wave of COVID-19, with its outbreaks causing 99 per cent of cases of coronavirus in Victoria. The second wave resulted in more than 750 deaths and nearly 20,000 infections.

What happened?

Let’s start by analysing the events, as far as we know them.

About noon on Friday 27th March 2020, Chris Eccles (then Secretary of the Premier & Cabinet Department in Victoria) steps out of a meeting of National Cabinet and briefs Simon Phemister (the Secretary of Department of Jobs, Precincts and Regions) that his Department will have to arrange hotel accommodation, transport and security to quarantine returning overseas travellers. The services had to be ready by midnight on Saturday night, about 36 hours later.

At about 12:30 pm on the same day, Phemister convenes a meeting of selected officers in DJPR to set up these arrangements. Responsibility for setting up contracts for security services was allocated to Katrina Currie, Executive Director, Employment, Inclusion at DJPR.

It appears that none of the officers involved in the procurement process had any experience of, or capability in, procurement. Katrina later admitted to the Board of Inquiry:

“Prior to my involvement in the hotel quarantine program, I did not have experience contracting for the provision of security services.”

How did DJPR select potential suppliers?

The process through which the officers in DJPR selected potential suppliers is opaque.

What appears to have happened is that a small group of well-intentioned officers used personal experience and opinions to select potential suppliers.

This was in spite of the fact that there is a State Purchasing Contract for Security Services. It took me 30 seconds to find it online.

That the officers involved didn’t even know there was a contract until later suggests that their exposure to procurement processes was minimal. The eagle-eyed amongst you might spot that the Security Services contract is mandatory:The chat messages propose to include Wilson Security (an approved contractor) and MonJon (not an approved contractor) but to exclude SECURECorp (an approved contractor) for reasons that are not stated. What is also not clear is how the name of Unified Security entered the frame.

The company is not on the State Purchasing Contract but suddenly appears as a suggested contractor during a late-night chat on Friday 27th March between some junior officers in DJPR.

Trevor Esch (procurement hero) gets involved

These officers did seek advice from their own procurement specialist, Trevor Esch, (a few days after the contract started!) This was an email from Trevor on Tuesday, 31st of March 2020.

Katrina waves away Trevor’s legitimate concerns

Katrina Currie explained the urgency, and then added an explanation sent at 4:32 pm on March 31st:

“Unified is an Aboriginal owned and controlled organisation and has worked with DJPR on related social procurement initiatives … while they are not a panel provider for security services, utilising their services is absolutely in keeping with the concept … ‘’

At 6:52 pm the same email was sent again (this time in bold type) to Trevor, noting hiring Unified: “is absolutely in keeping with the State Government’s social procurement objective of utilising Aboriginal businesses.’’

Katrina Currie said a legal exemption should be sought to use a non-approved supplier:

“Unified are delivering and have been delivering services since Sunday. A rationale for the exemption is both immediate need and their responsiveness but also their status as an Aboriginal owned and controlled business under the Government’s social procurement objectives’’…

11:33 PM email from Katrina

Back to Friday night, 27th March 2020 at 11:33 pm. Katrina Currie sends an email to the CEO of the Sydney-based security firm, Unified Security.

How did DJPR decide to engage Unified Security?

So where are we up to?

It is Saturday morning, 28th March 2020. Katrina Currie has sent a late-night email to Unified Security who are not on any panel, who are about to be pinged for poor performance but have been included on a non-existent shortlist by well-meaning staff at DJPR.

David Millward: “I can assure you that we have capability atm for any requirements”

Katrina Currie: “Good to know”

At least there was a thorough evaluation of Unified’s capacity and capability!

Services commenced in the early hours of Sunday, 29 March 2020. In a press conference on Sunday 29th March, the Minister for Jobs, Precincts and Regions Martin Pakula announced that the government had secured 5,000 hotel rooms supervised by security guards.

There was no specification for what services Unified were to provide. Here’s Paul Xerri again a full five days after the contract started giving a loose scope of work:

I guess it would be pedantic to point out that Paul has misspelt COVID? Somewhat more damning is the weakness of the specification. Is it a specification?

“Maintaining presence on-floors, lobby and front door”.

What does that even mean?

Re-read the specification and see if you can find the bit where it states “Don’t let the travellers out”. Amazingly, it does say that only authorised persons should be allowed in, but nothing about the primary purpose of hotel security being to stop the travellers communicating coronavirus to people of Melbourne.

So what happened next?

The specification drawn up by ‘the ground crew’ in the email dated 3rd April was translated into a contract between Unified and DJPR, which was eventually signed on 9th April 2020.

Or could it be that Katrina Currie simply asked: “What price shall I put in the contract, David?”

“$30m, Katrina! No wait, make it $30,200,000 so it looks like we worked it out on a calculator.”