Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Currently showing reports relevant to the Legal and Constitutional Affairs Senate estimates committee. [Remove filter]
Type: Performance statements audit
Report number: 25 of 2024-25
Portfolios: Across entities
Entities: Across entities
Date tabled:
Audit Summary : show
Executive summary
1. Performance information is important for public sector accountability and transparency as it shows how taxpayers’ money has been spent and what this spending has achieved. The development and use of performance information is integral to an entity’s strategic planning, budgeting, monitoring and evaluation processes.
2. Annual performance statements are expected to present a clear, balanced and meaningful account of how well an entity has performed against the expectations it set out in its corporate plan. They are an important way of showing the Parliament and the public how effectively Commonwealth entities have used public resources to achieve desired outcomes.
The needs of the Parliament
3. Section 5 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out the objects of the Act, which include requiring Commonwealth entities to provide meaningful performance information to the Parliament and the public. The Replacement Explanatory Memorandum to the PGPA Bill 2013 stated that ‘The Parliament needs performance information that shows it how Commonwealth entities are performing.’1 The PGPA Act and the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) outline requirements for the quality of performance information, and for performance monitoring, evaluation and reporting.
4. The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) has a particular focus on improving the reporting of performance by entities. In September 2023, the JCPAA tabled its Report 499, Inquiry into the Annual Performance Statements 2021–22, stating:
As the old saying goes, ‘what is measured matters’, and how agencies assess and report on their performance impacts quite directly on what they value and do for the public. Performance reporting is also a key requirement of government entities to provide transparency and accountability to Parliament and the public.2
5. Without effective performance reporting, there is a risk that trust and confidence in government could be lost (see paragraphs 1.3 to 1.6).
Entities need meaningful performance information
6. Having access to performance information enables entities to understand what is working and what needs improvement, to make evidence-based decisions and promote better use of public resources. Meaningful performance information and reporting is essential to good management and the effective stewardship of public resources.
7. It is in the public interest for an entity to provide appropriate and meaningful information on the actual results it achieved and the impact of the programs and services it has delivered. Ultimately, performance information helps a Commonwealth entity to demonstrate accountability and transparency for its performance and achievements against its purposes and intended results (see paragraphs 1.7 to 1.13).
The 2023–24 performance statements audit program
8. In 2023–24, the ANAO conducted audits of annual performance statements of 14 Commonwealth entities. This is an increase from 10 entities audited in 2022–23.
9. Commonwealth entities continue to improve their strategic planning and performance reporting. There was general improvement across each of the five categories the ANAO considers when assessing the performance reporting maturity of entities: leadership and culture; governance; reporting and records; data and systems; and capability.
10. The ANAO’s performance statements audit program demonstrates that mandatory annual performance statements audits encourage entities to invest in the processes, systems and capability needed to develop, monitor and report high quality performance information (see paragraphs 1.18 to 1.27).
Audit conclusions and additional matters
11. Overall, the results from the 2023–24 performance statements audits are mixed. Nine of the 14 auditees received an auditor’s report with an unmodified conclusion.3 Five received a modified audit conclusion identifying material areas where users could not rely on the performance statements, but the effect was not pervasive to the performance statements as a whole.
12. The two broad reasons behind the modified audit conclusions were:
- completeness of performance information — the performance statements were not complete and did not present a full, balanced and accurate picture of the entity’s performance as important information had been omitted; and
- insufficient evidence — the ANAO was unable to obtain enough appropriate evidence to form a reasonable basis for the audit conclusion on the entity’s performance statements.
13. Where appropriate, an auditor’s report may separately include an Emphasis of Matter paragraph. An Emphasis of Matter paragraph draws a reader’s attention to a matter in the performance statements that, in the auditor’s judgement, is important for readers to consider when interpreting the performance statements. Eight of the 14 auditees received an auditor’s report containing an Emphasis of Matter paragraph. An Emphasis of Matter paragraph does not modify the auditor’s conclusion (see Appendix 1).
Audit findings
14. A total of 66 findings were reported to entities at the end of the final phase of the 2023–24 performance statements audits. These comprised 23 significant, 23 moderate and 20 minor findings.
15. The significant and moderate findings fall under five themes:
- Accuracy and reliability — entities could not provide appropriate evidence that the reported information is reliable, accurate and free from bias.
- Usefulness — performance measures were not relevant, clear, reliable or aligned to the entity’s purposes or key activities. Consequently, they may not present meaningful insights into the entity’s performance or form a basis to support entity decision making.
- Preparation — entity preparation processes and practices for performance statements were not effective, including timeliness, record keeping and availability of supporting documentation.
- Completeness — performance statements did not present a full, balanced and accurate picture of the entity’s performance, including all relevant data and contextual information.
- Data — inadequate assurance over the completeness, integrity and accuracy of data, reflecting a lack of controls over how data is managed across the data lifecycle, from data collection through to reporting.
16. These themes are generated from the ANAO’s analysis of the 2023–24 audit findings, and no theme is necessarily more significant than another (see paragraphs 2.12 to 2.17).
Measuring and assessing performance
17. The PGPA Rule requires entities to specify targets for each performance measure where it is reasonably practicable to set a target.4 Clear, measurable targets make it easier to track progress towards expected results and provide a benchmark for measuring and assessing performance.
18. Overall, the 14 entities audited in 2023–24 reported against 385 performance targets in their annual performance statements. Entities reported that 237 targets were achieved/met5, 24 were substantially achieved/met, 24 were partially achieved/met and 82 were not achieved/met.6 Eighteen performance targets had no definitive result.7
19. Assessing entity performance involves more than simply reporting how many performance targets were achieved. An entity’s performance analysis and narrative is important to properly inform stakeholder conclusions about the entity’s performance (see paragraphs 2.37 to 2.44).
Connection to broader government policy initiatives
20. Performance statements audits touch many government policies and frameworks designed to enhance government efficiency, effectiveness and impact, and strengthen accountability and transparency. This is consistent with the drive to improve coherence across the Commonwealth Government’s legislative and policy frameworks that led to the PGPA Act being established.8 The relationship between performance statements audits and existing government policies and frameworks is illustrated in Figure S.1.
Figure S.1. Relationship of performance statements audits to government policies and frameworks
Source: ANAO analysis.
The future direction of annual performance statements audits
21. Public expectations and attitudes about public services are changing.9 Citizens not only want to be informed, but also to have a say between elections about choices affecting their community10 and be involved in the decision-making process, characterised by, among other things, citizen-centric and place-based approaches that involve citizens and communities in policy design and implementation.11 There is increasing pressure on Commonwealth entities from the Parliament and citizens demanding more responsible and accountable spending of public revenues and improved transparency in the reporting of results and outcomes.
22. A specific challenge for the ANAO is to ensure that performance statements audits influence entities to embrace performance reporting and shift away from a compliance approach with a focus on complying with minimum reporting requirements or meeting the minimum standard they think will satisfy the auditor.12 A compliance approach misses the opportunity to use performance information to learn from experience and improve the delivery of government policies, programs and services.
23. Performance statements audits reflect that for many entities there is not a clear link between internal business plans and the entity’s corporate plan. There can be a misalignment between the information used for day-to-day management and governance of an entity and performance information presented in annual performance statements. Periodic monitoring of performance measures is also not an embedded practice in all Commonwealth entities. These observations indicate that some entities are reporting measures in their performance statements that may not represent the highest value metrics for running the business or for measuring and assessing the entity’s performance (see paragraphs 4.32 to 4.35).
Developments in the ANAO’s audit approach
24. Working with audited entities, the ANAO has progressively sought to strengthen sector understanding of the Commonwealth Performance Framework. This includes a focus on helping entities to apply general principles and guidance to their own circumstances and how entities can make incremental improvements to their performance reporting over time. For example:
- in 2021–22, the ANAO gave prominence to ensuring entities understood and complied with the technical requirements of the PGPA Act and the PGPA Rule;
- in 2022–23, there was an increased focus on supporting entities to establish materiality policies that help determine which performance information is significant enough to be reported in performance statements and to develop entity-wide performance frameworks; and
- in 2023–24, there was an increased focus on assessing the completeness of entity purposes, key activities and performance measures and whether the performance statements present fairly the performance of the entity (see paragraphs 4.36 to 4.38).
Appropriate and meaningful
25. For annual performance statements to achieve the objects of the PGPA Act, they must present performance information that is appropriate (accountable, reliable and aligned with an entity’s purposes and key activities) and meaningful (providing useful insights and analysis of results). They also need to be accessible (readily available and understandable).
26. For the 2024–25 audit program and beyond, the ANAO will continue to encourage Commonwealth entities to not only focus on technical matters (like selecting measures of output, efficiency and effectiveness and presenting numbers and data), but on how to best tell their performance story. This could include analysis and narrative in annual performance statements that explains the ‘why’ and ‘how’ behind the reported results and providing future plans and initiatives aligned to meeting expectations set out in the corporate plan.13
27. It is difficult to demonstrate effective stewardship of public resources without good performance information and reporting. Appropriate and meaningful performance information can show that the entity is thinking beyond the short-term. It can show that the entity is committed to long-term responsible use and management of public resources and effectively achieving results to create long lasting impacts for citizens (see paragraphs 4.39 to 4.45).
Linking financial and performance information
28. The ‘Independent Review into the operation of the PGPA Act’14 noted that there would be merit in better linking performance and financial results, so that there is a clear line of sight between an entity’s strategies and performance and its financial results.15
29. Improving links between financial and non-financial performance information is necessary for measuring and assessing public sector productivity. As a minimum, entities need to understand both the efficiency and effectiveness of how taxpayers’ funds are used if they are to deliver sustainable, value-for-money programs and services. There is currently limited reporting by entities of efficiency (inputs over outputs) and even less reporting of both efficiency and effectiveness for individual key activities.
30. Where entities can demonstrate that more is produced to the same or better quality using fewer resources, this reflects improved productivity.
31. The ANAO will seek to work with the Department of Finance and entities to identify opportunities for annual performance statements to better link information on entity strategies and performance to their financial results (see paragraphs 4.46 to 4.51).
Cross entity measures and reporting
32. ANAO audits are yet to see the systemic development of cross-sector performance measures as indicators where it has been recognised that organisational performance is partly reliant on the actions of other agencies. Although there are some emerging better practices16, the ANAO’s findings reveal that integrated reporting on cross-cutting initiatives and linked programs could provide Parliament, government and the public with a clearer, more unified view of performance on key government priorities such as:
- Closing the Gap;
- women’s safety;
- housing;
- whole-of-government national security initiatives; and
- cybersecurity.
33. Noting the interdependence, common objectives and shared responsibility across multiple government programs, there is an opportunity for Commonwealth entities to make appropriate reference to the remit and reporting of outcomes by other entities in annual performance statements. This may enable the Parliament, the government and the public to understand how the work of the reporting entity complements the work done by other parts of government.17
34. As the performance statements audit program continues to broaden in coverage, there will be opportunities for the ANAO to consider the merit of a common approach to measuring performance across entities with broadly similar functions, such as providing policy advice, processing claims or undertaking compliance and regulatory functions. A common basis for assessing these functions may enable the Parliament, the government and the public to compare entities’ results and consider which approaches are working more effectively and why (see paragraphs 4.52 to 4.56).
Type: Performance audit
Report number: 24 of 2024-25
Portfolios: Attorney-General's
Entities: Australian Human Rights Commission
Date tabled:
Audit Summary : show
Summary and recommendations
Background
1. The Australian Human Rights Commission (AHRC or the Commission) was established in December 1986 by the Australian Human Rights Commission Act 1986 (AHRC Act). The AHRC is a corporate Commonwealth entity under the Public Governance, Performance and Accountability Act 2013.
2. The Commission’s key goal related to complaint handling set out in its Corporate Plan is ‘improving enjoyment of human rights by all, supporting access to justice and remedies for people and communities whose rights are breached.’1
3. AHRC’s Investigation and Conciliation service (ICS) is responsible for delivery of complaint investigation and conciliation. ICS also operates two information services (the National Information Service and Respect@Work National Information Service) to provide information about AHRC’s complaint handling function and respond to enquiries from the general public.
Rationale for undertaking the audit
4. AHRC is Australia’s national human rights institution. The handling of complaints is central to its purpose, which is to ensure that Australians have access to effective, independent complaints handling and public inquiry processes on human rights and discrimination matters, and benefit from human rights education, advocacy, monitoring and compliance activities. The AHRC has reported that, in 2023–24, it received 2,708 complaints. This performance audit was conducted to provide independent assurance to the Parliament that AHRC’s handling of complaints is efficient and effective.
Audit objective and criteria
5. The objective of this audit was to assess the efficiency and effectiveness of AHRC’s handling of complaints.
6. To form a conclusion against the audit objective, the following high-level criteria were adopted:
- Are AHRC’s complaint handling arrangements designed in a way to support the effective management of complaints?
- Is AHRC’s handling of complaints efficient?
- Is AHRC’s handling of complaints effective?
Conclusion
7. The AHRC’s handling of complaints is partly efficient and partly effective.
8. The AHRC has designed its complaint handling arrangements to support effective management of complaints with two exceptions. The two key shortcomings relate to it not having conducted a recent procurement for, or having a contract in place for, an information technology system to assist with the management of complaints, and not having developed a formal approach to obtaining assurance over the handling of individual complaints.
9. The timeliness of complaints handling has been declining, with the Commission not meeting its performance indicator (consistent with its enabling legislation) to finalise 85 per cent of complaints within 12 months in 2023–24. A significant backlog has developed and, although the backlog has stabilised, it remains high. Resource efficiency improved over the four years up to and including 2021–22, a trend that did not continue in 2022–23 and 2023–24.
10. A lower proportion of complaints are being conciliated by the Commission, with the Commission not meeting its related performance indicator for the last three years. A greater proportion of complaints are being terminated or discontinued. Data on complainant and respondent satisfaction with the AHRC’s complaint handling is not reliable.
Supporting findings
Complaint handling arrangements
11. Complaints mechanisms and processes are clear and accessible. (See paragraphs 2.2 to 2.13)
12. Suitable systems and processes are, in most respects, in place for complaints handling. From a random sample of 137 complaints examined by the ANAO, no systemic deviations from legislation or existing procedural guidance were identified. The main shortcomings relate to the AHRC not having appropriate contractual arrangements in place for its electronic complaints management system and the absence of a formalised quality assurance process. Since 2021, multiple reviews initiated at the request of the Australian Government to achieve savings have recommended changes to the complaints management system to improve operational efficiency. The recommended changes have not been made. (See paragraphs 2.14 to 2.52)
Complaint handling efficiency
13. AHRC has implemented systems and processes to capture input and output data which can be used to calculate basic measures of efficiency. There are issues with the reliability of complaints data that adversely affects the Commission’s management of complaints handling and its performance reporting. (See paragraphs 3.2 to 3.15)
14. Complaints handling by AHRC is not timely.
- A significant backlog in complaints developed between the first quarter of 2019–20 and quarter 3 2021–22. With fewer complaints received in 2023–24 and some additional resources, the backlog has stabilised. It remains around double what it was prior to 2019–20.
- The proportion of complaints being finalised within 12 months (one of AHRC’s performance measures, consistent with the Commission’s enabling legislation) has been declining, with AHRC not achieving its target for 2023–24. Further, this performance measure is not focused on measuring performance from the perspective of parties to the complaint.
- Complaints identified as a priority by the AHRC are typically finalised more quickly than those not prioritised. Notwithstanding this, the duration of both standard and priority complaints has increased.
- Complaint handling delays are primarily a result of delays in an accepted complaint being allocated to a case officer (rather than delays in the first stage, between complaint receipt and acceptance, or in the final stage, progressing the complaint to finalisation). The increasing time taken to allocate matters to case officers has coincided with a decrease in the number of complaints conciliated and increase in the number of discontinued complaints. (See paragraphs 3.16 to 3.41)
15. AHRC has not established a target and does not measure the resource efficiency of its Investigation and Conciliation service. The efficiency of the Investigation and Conciliation service, measured both in terms of the direct cost per finalised complaint and ratio of complaints finalised per staff member, improved over the four years up to and including 2021–22. That trend did not continue in 2022–23 and 2023–24 as a result of fewer complaints being finalised and, for 2023–24, some additional resources being provided to stabilise the backlog in complaints.
16. AHRC has not prioritised resourcing ICS in line with demand for its complaints handling services. AHRC has not developed an activity-based costing model to demonstrate the effect of the demand driven complaints workload or inform its internal allocation of resources despite an earlier recommendation from consultants in August 2021. (See paragraphs 3.42 to 3.60)
Complaint handling effectiveness
17. It has become less likely for complaints to be conciliated and more likely for complaints to be discontinued, terminated or declined by the AHRC.
- An increasing number of complaints have been assessed as suitable for conciliation and an increasing number of conciliations have been held over the last seven financial years (reflecting the higher complaint numbers overall). The proportion of complaints recorded as resolved through conciliation has decreased from 46 per cent of complaints in 2017-18 to 33 per cent in 2023-24. The Commission did not meet its target of conciliating 40 per cent of complaints in 2021-22, 2022-23 or 2023-24, notwithstanding the additional resources provided through the October 2022 Budget.
- The proportion of complaints terminated, declined or discontinued has grown, increasing from 40 per cent of complaints finalised in 2017–18 to 58 per cent of complaints finalised in 2023–24. (See paragraphs 4.4 to 4.34)
18. The AHRC is not obtaining reliable data on the extent to which complainants and respondents are satisfied with its complaint handling process.
- Parties’ measured level of satisfaction with Commission’s complaint handling processes has been decreasing over time. Overall satisfaction decreased from 91 per cent in 2017–18 to 85 per cent in 2023–24.
- Respondents and their representatives report higher levels of overall satisfaction than complainants do with AHRC complaint handling processes. Respondents also report higher levels of agreement that Commission processes are timely and fair.
- The results of the surveys reported by the Commission are not demonstrably reliable and unbiased. Of note is that 61 per cent of participants were not sent the satisfaction survey over the seven years examined. Satisfaction surveys were most often sent to participants with conciliated (53 per cent of complainants and 51 per cent of respondents) and terminated or declined outcomes (53 per cent of complainants and 52 per cent of respondents). Complainants who withdraw their complaints or complainants whose complaints are discontinued by the AHRC were less likely to be surveyed. (See paragraphs 4.35 to 4.51)
Recommendations
Recommendation no. 1
Paragraph 2.50
The Australian Human Rights Commission strengthen its handling of complaints by:
- testing the market for an electronic complaints management system;
- establishing fit-for-purpose contractual arrangements for an electronic complaints management system; and
- establishing a formal process for quality assurance over the handling of individual complaints.
Australian Human Rights Commission response: Agreed.
Recommendation no. 2
Paragraph 3.10
The Australian Human Rights Commission improve the reliability and verifiability of its reported performance information by:
- documenting its methodology and data sources it uses to produce performance information;
- updating its guidance and practices to address data integrity, with a particular focus on updating guidance on deferrals and secondary matters; and
- establish processes to ensure quality assurance on reported performance information is undertaken and documented.
Australian Human Rights Commission response: Agreed.
Recommendation no. 3
Paragraph 3.26
The Australian Human Rights Commission improve its performance measures to include an explicit focus on the time it takes from the lodgement of the complaint until its finalisation.
Australian Human Rights Commission response: Agreed.
Recommendation no. 4
Paragraph 3.59
The Australian Human Rights Commission improve its management of complaint handling efficiency by developing an internal budget strategy that supports the delivery of its targets outlined in its Portfolio Budget Statement and Corporate Plan.
Australian Human Rights Commission response: Agreed in principle.
Recommendation no. 5
Paragraph 4.41
The Australian Human Rights Commission improve its approach to measuring complainant and respondent satisfaction with its complaint handling effectiveness by developing a methodology that obtains sufficient levels of reliable, representative feedback.
Australian Human Rights Commission response: Agreed.
Summary of entity response
19. The proposed audit report was provided to AHRC. The AHRC’s summary response is reproduced below. The full response from the AHRC is at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed at Appendix 2.
Providing people and organisations across Australia with a free, accessible and effective dispute resolution process for discrimination and human rights complaints is one of the Australian Human Rights Commission’s key statutory functions. It is also a core component of the Commission’s vision of an Australian society in which people’s human rights are respected, promoted and protected.
The Commission welcomes the ANAO’s report and agrees or agrees in principle with its five recommendations to improve our complaint handling function.
The Commission acknowledges that currently our complaint handling function is not timely. The COVID-19 pandemic generated an unprecedented rise in complaints. Complaint numbers have remained around 30% higher than pre-pandemic levels. This continues to adversely impact timeframes. Reducing these timeframes by ensuring the Commission’s complaint function is appropriately resourced is a key priority.
Implementing the recommendations will also strengthen the Commission’s collection and analysis of complaint performance information and public reporting.
The Commission acknowledges the professionalism, integrity and empathy of our staff who deliver our information and complaint handling services. They have supported thousands of Australians over the 7-year audit period to access justice on discrimination and the human rights issues affecting them.
Key messages from this audit for all Australian Government entities
20. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.
Group title
Policy/program design
Key learning reference
Group title
Procurement
Key learning reference
Group title
Performance and impact measurement
Key learning reference
Type: Financial statement audit
Report number: 22 of 2024-25
Portfolios: Across Entities
Entities: Across Entities
Date tabled:
Audit Summary : show
Executive summary
The Australian National Audit Office (ANAO) publishes an annual audit work program (AAWP) which reflects the audit strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public, and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits, performance statements audits and other assurance activities. As set out in the AAWP, the ANAO prepares two reports annually that, drawing on information collected during financial statements audits, provide insights at a point in time of financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities. These reports provide Parliament with an independent examination of the financial accounting and reporting of public sector entities.
These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entity’s capacity to transparently discharge its duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during audits that pose either a significant or moderate risk to an entity’s ability to prepare financial statements free from material misstatement are reported.
This report presents the final results of the 2023–24 audits of the Australian Government’s Consolidated Financial Statements (CFS) and 245 Australian Government entities. The Auditor-General Report No. 42 2023–24 Interim Report on Key Financial Controls of Major Entities, focused on the interim results of the audits of 27 of these entities.
Consolidated financial statements
Audit results
1. The CFS presents the whole of government and the General Government Sector financial statements. The 2023–24 CFS were signed by the Minister for Finance on 28 November 2024 and an unmodified auditor’s report was issued on 2 December 2024.
2. There were no significant or moderate audit issues identified in the audit of the CFS in 2023–24 or 2022–23.
Australian Government financial position
3. The Australian Government reported a net operating balance of a surplus of $10.0 billion ($24.9 billion surplus in 2022–23). The Australian Government’s net worth deficiency decreased from $570.3 billion in 2022–23 to $567.5 billion in 2023–24 (see paragraphs 1.8 to 1.26).
Financial audit results and other matters
Quality and timeliness of financial statements preparation
4. The ANAO issued 240 unmodified auditor’s reports as at 9 December 2024. The financial statements were finalised and auditor’s reports issued for 79 per cent (2022–23: 91 per cent) of entities within three months of financial year-end. The decrease in timeliness of auditor’s reports reflects an increase in the number of audit findings and legislative breaches identified by the ANAO, as well as limitations on the available resources within the ANAO in order to undertake additional audit procedures in response to these findings
5. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-one per cent of entities delivered financial statements in line with an agreed timetable (2022–23: 72 per cent). The total number of adjusted and unadjusted audit differences decreased during 2023–24, although 38 per cent of audit differences remained unadjusted. The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance over financial statements preparation processes (see paragraphs 2.138 to 2.154).
Timeliness of financial reporting
6. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. Timeliness of tabling of entity annual reports improved. Ninety-three per cent (2022–23: 66 per cent) of entities that are required to table an annual report in Parliament tabled prior to the date that the portfolio’s supplementary budget estimates hearing commenced. Supplementary estimates hearings were held one week later in 2023–24 than in 2022–23. Fifty-seven per cent of entities tabled annual reports one week or more before the hearing (2022–23: 12 per cent). Of the entities required to table an annual report, 4 per cent (2022–23: 6 per cent) had not tabled an annual report as at 9 December 2024 (see paragraphs 2.155 to 2.166).
Official hospitality
7. Eighty-one per cent of entities permit the provision of hospitality and the majority have policies, procedures or guidance in place. Expenditure on the provision of hospitality for the period 2020–21 to 2023–24 was $70.0 million. Official hospitality involves the provision of public resources to persons other than officials of an entity to achieve the entity’s objectives. Entities that provide official hospitality should have policies, and guidance in place which clearly set expectations for officials. There are no mandatory requirements for entities in managing the provision of hospitality, however, the Department of Finance (Finance) does provide some guidance to entities in model accountable authority instructions. Of those entities that permit hospitality 83 per cent have established formal policies, guidelines or processes.
8. Entities with higher levels of exposure to the provision of official hospitality could give further consideration to implementing or enhancing compliance and reporting arrangements. Seventy-four per cent of entities included compliance requirements in their policies, procedures or guidance which support entity’s obtaining assurance over the conduct of official hospitality. Compliance processes included acquittals, formal reporting, attestations from officials and/or periodic internal audits. Thirty-one per cent of entities had established formal reporting on provision of official hospitality within their entities (see paragraphs 2.36 to 2.56).
Artificial intelligence
9. Fifty-six entities used artificial intelligence (AI) in their operations during 2023–24 (2022–23: 27 entities). Most of these entities had adopted AI for research and development activities, IT systems administration and data and reporting.
10. During 2023–24, 64 per cent of entities that used AI had also established internal policies governing the use of AI (2022–23: 44 per cent). Twenty-seven per cent of entities had established internal policies regarding assurance over AI use. An absence of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences. In September 2024, the Digital Transformation Agency (DTA) released the Policy for the responsible use of AI in government, which establishes requirements for accountability and transparency on the use of AI within entities (see paragraphs 2.67 to 2.71).
Cloud computing
11. Assurance over effectiveness of cloud computing arrangements (CCA) could be improved. During 2023–24, 89 per cent of entities used CCAs as part of the delivery model for the IT environment, primarily software-as-a-service (SaaS) arrangements. A Service Organisation Controls (SOC) certificate provides assurance over the implementation, design and operating effectiveness of controls included in contracts, including security, privacy, process integrity and availability. Eighty-two per cent of entities did not have in place a formal policy or procedure which would require the formal review and consideration of a SOC certificate.
12. In the absence of a formal process for obtaining and reviewing SOC certificates, there is a risk that deficiencies in controls at a service provider are not identified, mitigated or addressed in a timely manner (see paragraphs 2.57 to 2.66).
Audit committee member rotation
13. Audit committee member rotation considerations could be enhanced. The rotation of audit committee membership is not mandated, though guidance to the sector indicates that rotation of members allows for a flow of new skills and talent through committees, supporting objectivity. Forty-six per cent of entities did not have a policy requirement for audit committee member rotation.
14. Entities could enhance the effectiveness of their audit committees by adopting a formal process for rotation of audit committee membership, which balances the need for continuity and objectivity of membership (see paragraphs 2.16 to 2.21).
Fraud framework requirements
15. The Commonwealth Fraud Control Framework 2017 encourages entities to conduct fraud risk assessments at least every two years and entities responsible for activities with a high fraud risk may assess risk more frequently. All entities had in place a fraud control plan. Ninety-seven per cent of entities had conducted a fraud risk assessment within the last two years. Changes to the framework which occurred on 1 July 2024 requires entities to expand plans to take account of preventing, detecting and dealing with corruption, as well as periodically examining the effectiveness of internal controls (see paragraphs 2.16 to 2.21).
Summary of audit findings
16. Internal controls largely supported the preparation of financial statements free from material misstatement. However, the number of audit findings identified by the ANAO has increased from 2023–24. A total of 214 audit findings and legislative breaches were reported to entities as a result of the 2023–24 financial statements audits. These comprised six significant, 46 moderate, 147 minor audit findings and 15 legislative breaches. The highest number of findings are in the categories of:
- IT control environment, including security, change management and user access;
- compliance and quality assurance frameworks, including legal conformance; and
- accounting and control of non-financial assets.
17. IT controls remain a key issue. Forty-three per cent of all audit findings identified by the ANAO related to the IT control environment, particularly IT security. Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage. The number of IT findings identified by the ANAO indicate that there remains room for improvement across the sector to enhance governance processes supporting the design, implementation and operating effectiveness of controls.
18. These audits findings included four significant legislative breaches, one of which was first identified since 2012–13. The majority (53 per cent) of other legislative breaches relate to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal. Entities could take further steps to enhance governance supporting remuneration to prevent non-compliance or incorrect payments from occurring (see paragraphs 2.72 to 2.137).
Financial sustainability
19. An assessment of an entity’s financial sustainability can provide an indication of financial management issues or signal a risk that the entity will require additional or refocused funding. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk (see paragraphs 2.167 to 2.196).
Reporting and auditing frameworks
Changes to the Australian public sector reporting framework
20. The development of a climate-related reporting framework and assurance regime in Australia continues to progress. ANAO consultation with Finance to establish an assurance and verification regime for the Commonwealth Climate Disclosure (CCD) reform is ongoing (see paragraphs 3.20 to 3.24).
21. Emerging technologies (including AI) present opportunities for innovation and efficiency in operations by entities. However, rapid developments and associated risks highlight the need for Accountable Authorities to implement effective governance arrangements when adopting these technologies. The ANAO is incorporating consideration of risks relating to the use of emerging technologies, including AI, into audit planning processes to provide Parliament with assurance regarding the use of AI by the Australian Government (see paragraphs 3.25 to 3.33).
22. The ANAO Audit Quality Report 2023–24 was published on 1 November 2024. The report demonstrates the evaluation of the design, implementation and operating effectiveness of the ANAO’s Quality Management Framework and achievement of ANAO quality objectives (see paragraphs 3.34 to 3.39).
23. The ANAO Integrity Report 2023–24 and the ANAO Integrity Framework 2024–25 were also published on 1 November 2024 to provide transparency of the measures undertaken to maintain a high integrity culture within the ANAO (see paragraphs 3.44 to 3.46).
Cost of this report
24. The cost to the ANAO of producing this report is approximately $445,000.