This audit would review the progress of selected components of the Australian Government’s Digital Identity program including the effectiveness of the implementation, design and functionality of the Digital Identity System, roles and responsibilities of stakeholders and the allocation and expenditure of funding, including contract management.

The Digital Identity program is delivered by the Department of Finance (policy and program lead), with Services Australia and the Australian Taxation Office (ATO) delivering critical operational functions. Components of the program include the Digital ID Act 2024, the Identity Exchanges (delivered by Services Australia), myID (the Commonwealth’s Identity Provider, delivered by ATO) and connected services to the system.

The Digital ID Act 2024 and the Digital ID (Transitional and Consequential Provisions) Act 2024 commenced on 1 December 2024 and support the expansion of the Australian Government Digital ID System and introduce a voluntary accreditation scheme for digital ID services providers. The Digital ID Regulator is the Australian Competition and Consumer Commission; and the Office of the Information Commissioner as the privacy regulator and Digital ID Data Standards Chair.

This audit would assess the effectiveness of the design and implementation of the Consumer Data Right (CDR).

The CDR is a secure online system that enables consumers to get value from data that is collected about them through the provision of specific goods and services by consenting to that data being shared with trusted accredited third parties. CDR is an economy-wide reform that will be rolled out sector by sector. The CDR has already been rolled out to banking and energy, with non-bank lending to follow as the third sector. The Treasury, Australian Competition and Consumer Commission (ACCC), and Office of the Australian Information Commissioner (OAIC) are the key agencies leading the CDR initiative. The Treasury leads policy development and determines which sectors should be included in the CDR, while the ACCC focuses on accreditation and compliance of data recipients, and the OAIC handles privacy and data breach notifications. The Data Standards Body develops the technical standards for how data is shared under the CDR, working closely with the Treasury, ACCC, and OAIC.

This audit would examine the effectiveness of the Australian Taxation Office’s (ATO) regulation of Self-Managed Superannuation Funds (SMSFs), and include a follow-up audit on employer compliance with Superannuation Guarantee requirements.

Australians generally rely on superannuation as their main asset (other than the family home) to save for their retirement. The ATO’s role in the superannuation system includes regulating and supporting Self-Managed Superannuation Funds to comply with superannuation and taxation laws to safeguard retirement incomes, and to support employers to meet their superannuation obligations.

The ATO corporate plan 2024–25 identifies the maintenance of high levels of compliance across the superannuation system and avoiding any deterioration in performance as a core priority. The ANAO last examined the ATO’s approach to managing SMSFs in 2007, and addressing Superannuation Guarantee non-compliance in 2022.

This audit would examine the effectiveness of the Department of Climate Change, Energy, the Environment and Water’s (DCCEEW) administration and operation of the Recycling Modernisation Fund (RMF).

The RMF was established in 2020 to support industry to transition to the regulation of waste exports, by increasing Australia’s onshore capacity to collect, reuse, recycle ad recover waste materials. The Australian Government has committed to over $200 million towards new and upgraded recycling infrastructure through the RMF, with funding provided to states and territories via the Federation Funding Agreement–Environment and the National Partnership on Recycling Infrastructure.

This audit would assess the effectiveness of the Australian Taxation Office’s (ATO) management of confidential information.

The ATO manages commercially and legally sensitive information as part of its administration of the taxation and superannuation systems. Mobility between the public and private sector presents challenges to entities like the ATO to ensure that confidential information is not compromised. The provisions of the APS Code of Conduct, the Public Service Regulations 1999, the Privacy Act 1988, the Crimes Act 1914 and specific secrecy offences in Commonwealth laws outline the responsibilities of employees and agencies to manage confidential information.

This audit would examine the effectiveness of the Australian Taxation Office’s (ATO) governance of data and analytics.

The ATO has established a new enterprise risk relating to misuse of data and analytics: ‘There is a risk that we (or those we share our data or analysis with) do not lawfully or appropriately use our data and/or analysis, caused by a failure in our data and analytics governance, resulting in adverse impacts on individuals, loss of revenue and/or loss of public trust and confidence and reduction in willing participation.’

This audit would assess the efficiency and effectiveness of the Australian Taxation Office’s (ATO) management of taxpayers involved in the ATO’s Client Identity Support Centre (CISC).

When an individual has had their identity compromised, the ATO through the CISC supports the taxpayer to continue to participate in the taxation and superannuation system with further safeguards around their ATO account, and monitoring processes over their tax records.

This audit would examine whether the National Anti-Corruption Commission’s (NACC) procurement activities are complying with the Commonwealth Procurement Rules and demonstrating the achievement of value for money.

This audit would assess the effectiveness of the Fraud Fusion Taskforce, to determine how government agencies work together to detect, resolve and prevent fraud and serious organised crime in the National Disability Insurance Scheme (NDIS) and other government programs.

The Fraud Fusion Taskforce is a multi-agency partnership working to disrupt fraud and criminal activity, including serious and organised crime. The Fraud Fusion Taskforce commenced in November 2022, co-led by the National Disability Insurance Agency (NDIA) and Services Australia, with 21 other government agencies including the NDIS Quality and Safeguards Commission, the Australian Federal Police and the Australian Criminal Intelligence Commission. In the October 2022–23 Federal Budget $126.3 million was allocated over four years to establish the taskforce. In the 2024–25 Budget additional funding of $23.5 million over two years was provided to Services Australia.

The ANAO will conduct a program of audits of entities’ compliance with legislative and Australian Government policy requirements derived from the Public Governance, Performance and Accountability Act 2013, the Public Service Act 1999 and other legislative and policy frameworks. These audits include a focus on public sector ethics, integrity and probity.

Topics that may be considered for audit include compliance with: requirements to establish audit committees; requirements relating to recruitment and remuneration in the Australian Public Service; requirements related to privacy; and information management requirements.

ANAO audits continue to find that in routine areas of public administration (e.g. record keeping, governance, procurement and risk management), performance consistently falls short. Compliance — not just with mandatory requirements, but also their intent — is a hallmark of integrity, and essential to the craft of public administration.

The selection of entities for these audits will be based on relevance, materiality, representativeness and performance history. Audits may include any Commonwealth entities and companies. The audits would examine the effectiveness of entities’ design, implementation and governance arrangements to ensure compliance with relevant requirements.