Reports and publications

Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.

View reports and publications

Insights

The aim of audit insights is to communicate lessons from our audit work to make it easier for people working within the Australian public sector to apply those lessons.

View ANAO Insights

Work program

The ANAO work program outlines potential and in-progress work across financial statement and performance audit.

View the work program

Careers

Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.

View Careers

About us

The Australian National Audit Office (ANAO) is a specialist public sector practice providing a range of audit and assurance services to the Parliament and Commonwealth entities.

About Us

Take our Insights reader feedback survey

Help shape the future of ANAO Insights by taking our reader feedback survey.

This edition of Audit Insights considers the approaches entities are taking to implement parliamentary and ANAO recommendations to improve public administration practices and outcomes. It updates and replaces the edition published in November 2019 and draws on audit reports released since then.

Parliamentary committee inquiries and ANAO performance audits identify risks to the successful delivery of outcomes and generally provide recommendations to address them. Tabling an agreed response to a parliamentary committee recommendation formalises government or entity commitment to the Parliament to implement the agreed action. Similarly, ANAO performance audit reports are prepared for presentation to Parliament and agreement to implement a recommendation made in an ANAO report is therefore a commitment to the Parliament.

Introduction

Inquiries are used by committees of the Australian Parliament to ‘investigate specific matters of policy or government administration or performance’.

The purpose of the ANAO is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance. In 2020-21 the ANAO made 165 recommendations of which 152 (92 per cent) were agreed across 42 performance audits.

Recommendations from parliamentary committees and the ANAO’s performance audits identify risks and shortcomings to the successful delivery of outcomes. Recommendations can specify actions aimed at addressing those risks and identify opportunities for improving entity administration. Tabling an agreed response to a recommendation in the Parliament represents a formal commitment by the government or entity to Parliament to implement the agreed action. The adequate and timely implementation of agreed recommendations is an important element of realising the full benefit of those recommendations, and serves to demonstrate the entity’s commitment to improving public administration.

In recent years, the JCPAA and other parliamentary committees have expressed interest in the performance of Australian Government entities in relation to implementing audit and parliamentary recommendations.

The ANAO has, since 2019, undertaken a series of performance audits focussed on the arrangements entities have in place to support the implementation of parliamentary committee and ANAO recommendations. Completed audits in this series are:

This edition of audit insights outlines a number of key messages from this audit series, as well as other recent ANAO performance audit reports examining prior year recommendations.

Key audit observations

Key observations from ANAO audit activity include the importance of:

  • Governance arrangements to respond to, monitor and implement recommendations. These arrangements include:
    • establishing processes and responsibilities for responding to recommendations;
    • clearly assigning responsibility for the progression of individual recommendations;
    • having systems in place to monitor and track the implementation of recommendations; and
    • reporting to and review by audit committees.
  • Arrangements to support the effective implementation of recommendations. These include:
    • implementation planning;
    • establishing timelines for the implementation of recommendations;
    • providing assurance recommendations are implemented in full; and
    • effective records management.

Auditor-General reports examining the implementation of recommendations indicate mixed success in the implementation of recommendations where such arrangements are not fully established or operating as intended.

Governance

Effective implementation of recommendations is supported by governance arrangements to respond to, monitor and implement recommendations. These arrangements include:

  • establishing processes and responsibilities for responding to recommendations;
  • clearly assigning responsibility for the progression of individual recommendations;
  • having systems in place to monitor and track the implementation of recommendations; and
  • reporting to and review by audit committees.

Governance arrangements to respond to, monitor and implement recommendations

The governance arrangements in place to respond to, monitor and oversee the implementation of actions against recommendations should provide assurance that the intent of the recommendation has been met.

Successful implementation of agreed recommendations requires strong senior management oversight and monitoring. Effective governance arrangements for the implementation of parliamentary committee and ANAO performance audit recommendations involve:

  • establishing processes and responsibilities for responding to recommendations;
  • clearly assigning management responsibility for the progression of individual recommendations;
  • having a system in place to monitor and track implementation; and
  • providing the audit committee with sufficient appropriate information to enable the committee to provide the accountable authority with advice and assurance on the implementation of agreed recommendations.

The accountable authority also needs assurance that underlying risks and issues that have been identified are addressed.

The audits in this series have found that governance arrangements to respond to, monitor and implement ANAO audit recommendations were stronger than those relating to parliamentary committee recommendations. Entities typically had governance arrangements in place to respond to, monitor and implement agreed ANAO recommendations. Entities also typically had arrangements to respond to parliamentary committee recommendations but some had no or only partial governance arrangements in place to monitor and implement agreed recommendations from all parliamentary committees.

Establishing processes and responsibilities for responding to recommendations

Governance processes for managing the implementation of recommendations should begin with a clear arrangement for responding to recommendations. This ensures appropriate engagement with the recommendation, ensuring clarity of its intent, and acknowledgment of appropriate and achievable activities to address the identified risks. Recommendations included in reports from parliamentary committees and Auditor-General reports provide an opportunity for entities to improve administration in the areas examined.

  • The Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) has issued guidance for entities when responding to its recommendations, which has wider applicability. This guidance sets out that responses should:
  • address the substance and intent of each recommendation and related report content;
  • state whether the recommendation is agreed, agreed with qualification; or not agreed, and explain the rationale for this position; and
  • outline action taken or planned, and a timeframe to implement each recommendation that is agreed.

In the case of Auditor-General reports, entities are provided the proposed recommendations as audits are finalised, and have time to consider their position in response. As a consequence, disagreement is rare as entities and the ANAO work through issues before finalisation of a report.

Openness to criticism and learning plays an important role in building an effective culture, whether it be in supporting an innovative culture, a risk management culture or a compliance culture. Organisations that respond to external criticism defensively or dismissively (’we are already aware of the issue’, ‘we are already addressing the issue’, ‘the report needs to be read in context’, ‘the issues raised are not material’) put at risk their ability to build an effective governance culture and embed the characteristics of a learning organisation.

Agreeing to a recommendation acknowledges that things can be improved. The Parliament’s expectation is that the entity then makes those improvements which address the deficiency identified. Agreement should not be qualified. However, if agreeing to a recommendation ‘with qualification’ or ‘in part’ is necessary, responses should clearly set out what action(s) will be taken in response to the recommendation and what part(s) of the recommendation will not be implemented.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations — Education and Health Portfolios

Auditor-General Report No.46 of 2019–20

In responding to recommendations covered by the audit that it did not fully agree with, the Department of Education clearly stated the reasons why it did not agree in full and outlined what it intended to do in response to the recommendation. For example, Education’s response to one recommendation was ‘supported in principle’ on the basis that the recommended action was the responsibility of state and territory governments but that Education would raise the recommendation with the appropriate authorities through the appropriate forums. In response to another recommendation to which it partly agreed, Health outlined which components of the recommendation it agreed with and which it disagreed with.

In some cases, the substantive effect of qualified agreement to a recommendation is that the entity disagrees with a recommendation. For example, in the ANAO performance audit of Anzac Class Frigates – Sustainment, the Department of Defence agreed ‘with qualification’ to the report’s fourth recommendation. The effect of Defence’s comments was to disagree with the recommendation.

Audit example

ANZAC Class Frigates — Sustainment

Auditor-General Report No.30 of 2018–20

Recommendation no.4

The ANAO recommended that to align with the strategic planning approach outlined in the Defence Integrated Investment Program, Defence develop guidance in the Capability Life Cycle Manual on when a proposal to establish or amend a sustainment program should be provided to the Defence Investment Committee and the Minister for Finance for consideration.

Department of Defence’s response: Agree with qualification

The CLC [Capability Lifecycle Manual] already includes considerable guidance in the “Phase 4 – Sustainment and Disposal” chapter including Annex C on roles and responsibilities in regard to establishing or amending a sustainment program and the mechanisms through which this is done including reference to the Enterprise Business Committee, the Investment Committee, and when Ministerial or Government approvals are required.

At paragraph 14.3.5 the CLC explicitly states that where an upgrade is planned, budgeted, and approved at Gate 2, it should be able to proceed based on internal approval pathways should it remain within the broad parameters originally agreed by the Government.

The CLC is principles based and therefore Resource Management guides, Budget Process Operational Rules and Governance Arrangements are more appropriately placed to detail any changes required to business processes or thresholds/triggers.

ANAO comment in relation to the Defence response

In that audit report the ANAO observed that Resource Management Guides and the Budget Process Operational Rules are issued by the Department of Finance. The effect of Defence’s comments is to disagree with the recommendation, as Defence does not issue this guidance and its response does not recognise the gap in its own guidance. As discussed at paragraphs 4.14 – 4.19 of this audit report, there was uncertainty as to whether ANZAC sustainment funding aligned with original Government approvals. Defence did not seek advice from central agencies to clarify whether it had the necessary funding approvals and whether it should raise this matter with the Minister for Finance. Recommendation 4 is that Defence clarify its processes for seeking approvals in such circumstances.

Further, the effect of subsequent entity comments can be to disagree with a recommendation previously agreed to. For example, the effect of the Department of Defence’s response to the findings of a follow-up audit on its implementation of a recommendation first made in the performance audit of Defence’s Management of its Projects of Concern, was to disagree with the recommendation it had previously advised Parliament it had agreed to.

Audit examples

Defence’s Management of its Projects of Concern

Auditor-General Report No.31 of 2018–19

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

Recommendation no. 1

In Auditor-General Report No.31 2018–19 Defence’s Management of its Projects of Concern the ANAO recommended that Defence introduce, as part of its formal policy and procedures, a consistent approach to managing entry to, and exit from, its Projects of Interest [POI] and Projects of Concern [POC] lists. This should reflect Defence’s risk appetite and be made consistent with the new Capability Acquisition and Sustainment Group Risk Model and other, Defence-wide, frameworks for managing risk. To aid transparency, the policy and the list should be made public.

Department of Defence’s response: Agreed

Defence agrees to this recommendation noting that Defence will endeavour to provide this formal policy as the Project Management specialist risk discipline is developed as part of the new CASG Risk Model. This work will build on the current quantitative measures against scope, schedule and cost to potentially include lead indicators of project performance. The Defence Projects of Concern list will continue to be made public.

Follow-up audit

In Auditor-General Report No.34 2020–21 Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence the ANAO examined whether Defence implemented a selection of agreed parliamentary committee recommendations and ANAO performance audit recommendations. The audit assessed this recommendation as not implemented on the basis that there was no evidence that Defence established a clear basis or criteria to ensure a consistent approach to entry to and exit from the Projects of Concern or Projects of Interest lists. In the audit Defence advised the ANAO that it considered that implementation was completed in line with the intent of the recommendation and that ‘For reason of structural and technical complexity, the nature of commercial arrangements, integration and interdependencies designing hard criteria or ‘triggers’ for entry as a Project of Concern would be absurd. Accommodating such a multiplicity of factors and variables would be experimental. There would be some binominal variables (yes/no) but the categorical variables could extend into the hundreds. This would not deliver a value for money outcome for Defence projects or sustainment. Thus, the IAR process and focussing questions based on project management standards is the best practice.’

The effect of this response was to disagree with the recommendation that Defence had previously advised Parliament it had agreed to.

In response to the ANAO performance audit on the Award of a $433.3 Million Grant to the Great Barrier Reef Foundation, the Department of the Environment and Energy provided ‘noted’ responses to three of the six recommendations. ‘Noting’ recommendations is equivalent to disagreeing. That is, no commitment is made by the entity to implement any change to the area of deficiency identified through the audit process or the parliamentary inquiry.

Audit example

Award of a $443.3 Million Grant to the Great Barrier Reef Foundation 

Auditor-General Report No.22 of 2018–19

Recommendation no.2

The ANAO recommended that the Department of the Environment and Energy include performance targets in program guidelines for Reef Trust grants to assist it to decide whether funding proposals represent value for money having regard to the quantum of funding that is being sought.

Department of the Environment and Energy response: Noted

The department notes that performance measures must be tailored on a case-by-case basis. In this case, the department considers that the approach taken to setting targets for the partnership, by linking them to the outcomes of the Reef 2050 Plan, was and remains appropriate due to the nature and duration of the grant.

In this case, the commentary supporting the department’s ‘noted’ response did not indicate that the entity intended to take any action in response to the recommendations.

When responding to parliamentary committee and ANAO recommendations, entities should clearly convey their intentions with respect to whether they will implemented the recommendation in full. By clearly indicating what actions will or will not be done in response to recommendations entities minimise the risk of ambiguity.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

In this audit five parliamentary committee recommendations were assessed by the ANAO as not implemented.

For three, Defence considered the government response to have constituted implementation of the recommendation and that no further action was required. The ANAO’s assessment was that in each of the three cases the recommendation clearly called for action beyond the government response and that by agreeing or agreeing in principle to the recommendations, but not clearly stating that the action asked for in the recommendation would not be undertaken, Defence did not clearly convey its intentions to the relevant parliamentary committee.

For the remaining two recommendations, Defence decided not to implement them but the relevant parliamentary committee was not informed of this decision.

If entities initially agree to a recommendation and then subsequently do not intend to implement the recommendation as intended, entities should advise the relevant parliamentary committee or the ANAO respectively.

Clearly assigning responsibility for the progression of individual recommendations

Things get done when someone is responsible for doing them. Successful implementation of audit recommendations requires senior management oversight and implementation planning to set clear responsibilities and timeframes for delivering the agreed action.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations

Auditor-General Report No.6 of 2019–20

The Department of Agriculture had clearly assigned responsibility for progress against each of the individual ANAO recommendations to a specific senior individual, with overarching management accountability assigned to the deputy secretary responsible for the function. The senior individual was required to provide updates on the progress of implementation, with the deputy secretary providing final approval.

The Australian Pesticides and Veterinary Medicines Authority assigned overall management accountability for implementation to the Deputy CEO, but responsibility for implementation of individual ANAO recommendations was not always clearly documented. Where the responsibility for individual recommendations was more clearly assigned, those recommendations were implemented. This demonstrates the importance of assigning responsibility at the operational level to drive implementation, as well as to the management level to maintain oversight.

Having systems in place to monitor and track the implementation of recommendations

Systems should be fit for-purpose, reflecting the size of the entity, the nature of its business and its governance structure. Entities should ensure there are sufficient controls in the system to maintain complete and accurate data. Effective monitoring requires an approach that accurately tracks progress and records the actions of the business area or individual responsible for implementation. The goal is that those with entity accountability can have a clear line of sight to the implementation of agreed recommendations.

The audits in this series have found that entities have typically performed better in terms of monitoring and tracking the implementation of ANAO recommendations as compared to parliamentary committee recommendations. In some entities, following provision of the government response, entities had not tracked recommendations to ensure they are implemented.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations

Auditor-General Report No.6 of 2019–20

This audit found that, within the Australian Pesticides and Veterinary Medicines Authority (AVPMA), an officer performs the coordination role for ANAO recommendations as well as other audit committee reporting.

APVMA’s existing governance arrangements were also used to provide oversight of the implementation of recommendations by the executive leadership team. The entity had clear line of sight of the status of implementation of recommendations, the reasons for recommendations that had not been finalised, and the plans in place to finalise the two outstanding recommendations.

This report also outlined how the Department of Agriculture utilised eTrac — a specific recommendations tracking database — to track the progress of ANAO recommendations. Appropriate use of this system ensured that recommendations were monitored and implementation completed.

Entities need to ensure that when they are absorbing additional functions as a result of machinery of government changes, parliamentary committee or ANAO recommendations that were made to the former holder of those functions become the responsibility of the receiving entity.

Audit example

Management of the Australian Government’s Lobbying Code of Conduct — Follow-up Audit

Auditor-General Report No.48 of 2019–20

The ANAO examined the Attorney-General’s Department (AGD) governance arrangements for implementation of the recommendation from Auditor-General Report No.27 2017–18, Management of the Australian Government’s Register of Lobbyists.

Governance arrangements to oversee the implementation of the ANAO recommendation were limited in effectiveness. There was no implementation planning at any stage in the transition of accountability for the Lobbying Code of Conduct (Code) and the ANAO recommendation from the Department of the Prime Minister and Cabinet to AGD. Progress against the ANAO recommendation was first reported to the AGD Audit and Risk Management Committee in August 2019, 15 months after accountability for the Code was transferred to AGD.

Reporting to and review by audit committees

Audit committees provide advice and assurance to an entity’s accountable authority. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) requires that entity audit committees review the appropriateness of the accountable authority’s financial and performance reporting and systems of risk oversight and management and internal controls.

The Department of Finance model charter for audit committees suggests that accountable authorities ‘might look to their entity’s audit committee to perform tasks additional to those prescribed by the PGPA Rule. Any additional functions should be documented in the audit committee charter.’ The model charter states that accountable authorities might wish to include consideration of parliamentary committee reports, external reviews and evaluations. This would include the audit committee satisfying itself ‘that the entity has appropriate mechanisms for reviewing relevant parliamentary committee reports, external reviews and evaluations of the entity and implementing, where appropriate, any resultant recommendations’.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

This audit reported that Defence had amended its audit committee charter in August 2020 to include consideration of parliamentary committee reports, external reviews and evaluations in line with Finance’s model audit committee charter. At the time of the audit Defence had only recently introduced enterprise-level governance arrangements to provide the accountable authority with advice and assurance on the implementation of agreed parliamentary committee recommendations. The department did not yet have in place a full suite of appropriate governance arrangements.

It is important that entities provide their audit committee with sufficient appropriate information to enable it to provide informed advice to the accountable authority regarding the implementation of individual recommendations. Audit committees should also understand the systems of risk oversight and management and internal controls as they relate to the implementation of recommendations. This positions the audit committee to be able to validate actions taken to address recommendations to ensure that they achieve the intent of the recommendation.

Implementation

ANAO audit activity shows that effective implementation of recommendations is supported by:

  • implementation planning;
  • establishing timelines for the implementation of recommendations;
  • providing assurance recommendations are implemented in full; and
  • effective records management.

Effectively implementing recommendations

Implementation planning

Recommendations included in reports from parliamentary committees and Auditor-General reports focus on what needs to happen, not how to do it. That is a matter for entities to determine. Implementation of recommendations requires implementation planning to set clear responsibilities and timeframes and strong senior management oversight and monitoring to ensure delivery of the agreed action.

Successful implementation of recommendations requires fit-for-purpose implementation plans that clearly identify the intent of the recommendations and associated actions, set clear responsibilities and timeframes for addressing required actions and measures of success and/or outcomes to be realised. Implementation plans should involve key stakeholders. Where implementation plans are not prepared, evidence shows that actions are not always implemented to address the identified issue, or not implemented in a timely way, or not implemented at all.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

Defence had implementation plans for 12 of the 14 ANAO recommendations examined in this audit. Defence did not require implementation plans for parliamentary committee recommendations and consequently none of the 18 parliamentary committee recommendations examined in this audit had an implementation plan. The audit identified that 79 per cent of agreed ANAO recommendations were fully or largely implemented by Defence and 56 per cent of agreed Parliamentary committee recommendations were fully or largely implemented.

Implementation plans for ANAO recommendations were required to be endorsed by a senior officer from the business area responsible for implementation and, starting in 2018, were required to be accepted by the First Assistant Secretary of Defence’s Audit and Fraud Control Division, who is the head of the business area responsible for governance relating to the implementation of ANAO recommendations.

Establishing timelines for the implementation of recommendations

Establishing timeframes for implementing recommendations, and meeting them, is an important way entities can ensure recommendations are ultimately implemented and that any risks or issues which led to the recommendations being made are addressed in a timely fashion.

In August 2019, following the tabling of the first report in this series of ANAO audits, the Secretary of the Department of the Prime Minister and Cabinet wrote to all departmental secretaries reminding them of their obligations to respond to parliamentary committee reports in a timely manner, as well as ensuring that agreed parliamentary recommendations are implemented.

Establishing processes for the provision of extensions to implementation plans is appropriate. However, care should be taken to ensure extensions are only granted in exceptional circumstances and approved by senior management. This audit series has found that in some entities many extensions were obtained and implementation was still not completed within the revised timeframe.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

For the 13 ANAO recommendations that had recorded target implementation dates, only three were closed: before the implementation date established in the implementation plan; or the revised implementation date established after an extension had been granted. The recommendations closed after the implementation plan date or revised date were closed an average of 61 days after the implementation date. In seven instances where extensions were sought for the implementation of ANAO recommendations, only one of the extension requests was made in accordance with Defence requirements. For the eight parliamentary committee recommendations where the relevant committee had set an implementation timeframe, three were implemented within that timeframe.

Providing assurance recommendations are implemented in full

Entities that are effective at implementing recommendations in full have processes to provide assurance that this has occurred. Entities will often undertake a quality assurance process before determining that a recommendation has been implemented and can be considered closed.

In some instances this process is not sufficiently robust and recommendations are closed when they have not been fully implemented, or are closed without adequate evidence of implementation being provided.

Audit examples

Northern Australia Quarantine Strategy – Follow-on Audit

Auditor-General Report No. 23 of 2018–19

This audit assessed the Department of Agriculture’s implementation of recommendations from: Auditor-General Report No.46 2011-12; and Joint Committee of Public Accounts and Audit, Report 435: Review of Auditor-General’s Reports Nos. 33 (2011–12) to 1 (2012–13). The report found that while the department had taken some steps towards implementing recommendations, they had not been fully implemented.

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

For eight of the 12 ANAO recommendations that were subject to closure process, the evidence relied on by Defence to close the recommendation was insufficient and the ANAO required more detailed information from business areas to determine whether a recommendation had been implemented.

In some cases the ANAO has identified that previous recommendations have been fully implemented.

Audit example

Procurement of Garrison Support and Welfare Services

Auditor-General Report No.37 of 2019–20

This audit included an examination of whether two recommendations from a previous ANAO audit and one recommendation from a Joint Committee of Public Accounts and Audit report (JCPAA) had been implemented.

The report identified that the department had undertaken a body of work aimed at addressing the previous ANAO recommendations and that the department had complied with the recommendation of the JCPAA.

Some parliamentary committee recommendations include a statement to the effect that an entity should provide something to the committee or report back to the relevant committee. In some cases the recommendation will specify a timeframe to complete this activity. It is important that entities meet any such commitments provided to the Parliament.

Audit example

Implementation of ANAO and Parliamentary Committee Recommendations — Department of Defence

Auditor-General Report No.34 of 2020–21

This audit reported that for the ten parliamentary committee recommendations that included a requirement to report back to the relevant committee, Defence fully met the report back requirement in three instances, partially met the requirement in four instances and did not meet the requirement in three instances. For the eight recommendations that set timeframes for reporting back to the relevant committee, Defence met these timeframes in three cases.

Effective records management

Records are a critical part of robust knowledge management practices. They support transparency and accountability for past decisions and help inform future decision-making. Entities should ensure sufficient appropriate records are maintained to support all aspects of their responses to, and monitoring and implementation of, parliamentary committee and ANAO audit recommendations.