Reports and publications

Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.

View reports and publications

Insights

The aim of audit insights is to communicate lessons from our audit work to make it easier for people working within the Australian public sector to apply those lessons.

View ANAO Insights

Work program

The ANAO work program outlines potential and in-progress work across financial statement and performance audit.

View the work program

Careers

Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.

View Careers

About us

The Australian National Audit Office (ANAO) is a specialist public sector practice providing a range of audit and assurance services to the Parliament and Commonwealth entities.

About Us

An Audit Committee Chairs Forum was held virtually on Friday, 15 July 2022. The text on this page is the communique from the forum.

ANAO updates

Auditor-General’s update

  • The ANAO’s work continues regardless of the change in Government. Our primary relationship with the Parliament is through the JCPAA and our engagement with this committee will be an area of focus once the new committee has formed.
  • The ANAO is working through the impact of Machinery of Government changes on its financial and performance statements audit work program.
  • The ANAO is continuing to roll out auditing
  • of entity annual performance statements. This is an important process in providing Parliament with assurance on non-financial performance information and to see the improvements in accountability and transparency envisaged by the PGPA achieved.
  • Procurement remains a focus for the ANAO. Several performance audits over recent years have indicated approaches which, while technically compliant with the rules, seem to be more focussed on the convenience of the entity rather than complying with the intent of the rule. Of particular concern is the use of exemptions and panels in reducing competition.
  • A number of audits have revealed poor practices in the use of probity advisors, suggesting a focus on compliance rather than impact.
  • Cyber security continues to be a significant issue the ANAO observes across audits — this is an area of risk for audit committees to consider. Audits indicate optimism-bias in reporting on cyber security compliance by accountable authorities in their annual assurance reports provided to the Attorney-General’s Department.
  • Some audit of grants processes have identified Ministerial briefing and record keeping practices which are inconsistent with the intent of the rules.
  • To help address resourcing challenges, the ANAO published the ANAO Workforce Plan 2022–25 on 14 July 2022, with a comprehensive implementation plan to attract, develop and retain a high-performing audit and public service professional workforce.
  • The ANAO published the ANAO Corporate Plan 2022–23 and 2022–23 Annual Audit Work Plan (AAWP) on 6 July 2022.
  • Sustainability reporting is increasingly becoming a priority topic amongst public sector audit communities. The ANAO expects sustainability report assurance will be on its agenda in the near future.
  • The ANAO has been considering how to appropriately incorporate ‘the fourth E’ (ethics) across all its products and is in the process of finalising an audit methodology in this area.

Financial audit reporting

Interim Report on Key Financial Controls of Major Entities (2021–22)

  • The ANAO published The Interim Report on Key Financial Controls of Major Entities on 9 June 2022
  • A total of 62 findings were reported to the entities included in this report as a result of interim audits, comprising of one significant, 16 moderate and 45 minor findings. This is a slight increase in the number of findings compared to the 2020–21 interim audit results.
  • Analysis of the last five financial years has revealed a positive downward trend in aggregate interim audit findings.

The ANAO found that 58 per cent of findings related to the IT control environment. 10 per cent related to purchases and payables management, consistent with our performance audit findings, procurement remain a focus area. Other significant categories of findings relate to accounting and control of non-financial assets — valuation and impairment (8 per cent) and compliance and quality assurance frameworks.

As part of the 2021–22 Interim Report on Key Financial Controls of Major Entities, the ANAO a undertook a follow up review of the 2020–2021 annual reports, following the review of the 2019–20 annual report in the previous report. We noted improved compliance with the PGPA rule. ANAO also analysed the audit committee composition as required by the PGPA rule for the period 1 July 2021 to March 2022. The requirement for the audit committee composition started from 1 July 2021. ANAO noted three entities were not compliant for a period of time and two of these entities held audit committees during the year whilst non-compliant. Also, seven entities for a period of time under the review did not have the required number of members. Two of these entities held audit committees during these periods.

End of year report and key learnings

  • Information to be collected for the 2021–22 End of Year Report will include for the first time how entities are managing their intangible assets focusing on ICT project costs, timeliness and impairment. This will be in addition to other information we collect as part of the End of Year Report such as the number and value of audit adjustments and adherence to financial reporting timetable (revisions to annual report tabling deadlines).
  • Key focus areas for the year ended 30 June 2022 financial audits include related party disclosures and entities’ processes for identifying related party transactions, entities’ update to policies and processes to comply with the new APSC guidance on bonus arrangements, governance processes to mitigate the risks of fraud and the robustness of entities’ key judgement in fair value assessment and impairment processes.
  • Better governance outcomes are achieved when there is appropriate two-way communication between the ANAO and audit committees where governance issues and emerging risks are promptly dealt with.
  • Audit processes are effective and efficient when audit committees provide adequate oversight and review of entities’ management assumptions and accounting policies underpinning financial statements preparation have been agreed at the audit committee. meeting level.
  • While the PGPA rule the functions of the audit committee is determined by the accountable authorities, audit committee should also consider their roles under the auditing standards as one of ‘Those Charged with Governance’ of the entity where relevant.

IT general controls/cyber security update

IT general controls

  • Staff onboarding/offboarding.
    • Offboarding, in particular, has resulted in issues where user access is not removed when staff or contractors cease employment with an entity.
    • The issues are often caused by a breakdown in manual processes, including late notification to HR and/or IT on staff and contractor departure.
    • Addressing these issues usually requires multiple areas of an entity working together, including Business areas, HR and IT.
    • Entities should have processes in place to identify and remediate these issues.
  • Management of privileged users.
    • Issues with the management and monitoring of privileged users continue to be identified.
  • Password management.
    • There has been an increase in the number of entities that are not maintaining passwords settings as recommended in the Australian Cyber Security Centre’s Information Systems Manual.

Cyber security

  • Maintaining a good cyber security posture is critical to the operations of entities.
  • Most entities are not achieving the minimum cyber security requirements.
  • The Attorney-General’s Department have updated the Protective Security Policy Framework (PSPF) to mandate the Essential Eight requirements.
  • Business areas should work with IT to understand the impacts, risks and threats.
  • A common explanation provided as to why entities have not achieved the required maturity for cyber security is that the updates etc can impact on business. A data breach or unplanned system outage can have a greater impact to the business and operations of an entity.
  • The Australia Cyber Security Centre publish guidance to assist in implementing the changes in requirements.
  • Consider the following questions:
    1. How does management gain assurance that only authorised users have access to systems?
    2. How does management gain assurance that privileged users are only undertaking activities they are supposed to?
    3. What does management do when something goes wrong?
    4. What evidence does management have to support the Protective Security Policy Framework self-assessment process, including for the implementation of cyber security requirements?

Performance Audit Update

  • 40 performance audits were tabled in the 12 months to 30 June 2022.
  • There have been recent instances of entities seeking legal advice on ANAO’s access to information powers under the Auditor-General Act 1997 without engaging the ANAO or Prime Minister and Cabinet (PM&C). The ANAO requests audit committees encourage its entities to engage with the ANAO and PM&C if there are concerns. Audit committee chairs are encouraged to examine the Joint Committee of Public Accounts and Audit’s (JCPAA’s) Report 491 Review of the Auditor-General Act 1997 tabled in March 2022.

Key Learnings — Procurement

  • The Commonwealth Procurement Rules (CPRs) contain the rules entities must comply with when purchasing goods and/or services. The core principle of the CPR is value for money.
    • The CPRs identify competition as the key to effective procurement, however acknowledges (through Division Two) that in certain circumstances, a competitive tender process may not be the most appropriate approach to a procurement and permits an entity to conduct a procurement through a limited tender in certain circumstances..
    • Division Two does not identify ‘pressure of time’ as a reason to approach limited tenders, therefore planning is a key step of the procurement process.
    • The ANAO considers unnecessary and/or inappropriate use of the exemptions in the CPRs may signal to the market that the Commonwealth does not want to engage in competitive commercial processes and may result in an outcome that does not achieve value for money.
    • Entities need to consider how they will assess value for money in limited tender approaches, providing transparency and accountability.
    • Entities should also consider how they use panel arrangements. A standing offer arrangement, such as a panel arrangement, can be established through limited tender or open tender.
    • As of 1 July 2022, the CPRs states that entities should, where possible, approach multiple potential suppliers on a standing offer. The ANAO found entities are also approaching single suppliers through panel arrangements or standing offers. This makes it more difficult to evidence of value for money.
  • ANAO performance audits of procurement examine elements of ethics including probity, equitable treatment of tenderers and managing conflicts of interest.
  • Recent audit findings have revealed issues with the engagement and use of probity advisors including:
    • Repeated engagement with the same probity advisor resulting in an increased self-interest and familiarity risks, threatening the entity’s perceived or actual independence.
    • The involvement of probity advisors in actual procurement work including drafting of planning and tender documents, contracts and evaluation templates.
    • Probity advisors attending meetings with tenderer/s as an evaluation team member, thus eliminating the probity advisor’s independence.
    • A case where an entity did not implement their probity advisor’s recommendations or document the reason for this.
    • Entities failing to document whether probity managers delivered contracted deliverables.
    • A lack of ‘conflict of interest’ declarations by probity advisors.
  • Consider the following questions:
    1. In my organisation, what proportion of procurements are done through limited tender or by obtaining a single quote from a panel?
    2. How are probity advisers engaged and used in my organisation? Is the organisation truly getting independent advice and then acting on it? And do we have documentation to support that they provided the services we engaged them to provide?
    3. How good is my organisation’s documentation of procurement processes, including on how potential conflicts of interests are managed and how value for money has been assessed?
    4. Are we effectively covering off procurement through our internal audit program?

Performance statements audit

  • The ANAO (Jane Meade GED PSRG) facilitated a panel discussion on Performance Statements auditing. Panellists included George Sotiropoulos (GED, ANAO), Scott Dilley (FAS, Department of Finance), and Elizabeth Montano (ACC and former CEO AUSTRAC).
  • Key messages for Audit Committees to consider included:
    • Continuing to improve processes and operations to provide the same level of assurance as financial statement audits and to allow the accountable authority to sign off both statements at the same time where possible.
    • The ANAO and entities have worked well together to develop an audit plan. During the audits themselves however, the ANAO have experienced delays in the receipt of information from entities.
    • Significant amount of performance information is dependent on information provided by third parties. Audit Committees should be mindful of the nature of assurance entities have received from third parties to ensure risks are managed appropriately. Audit findings have revealed several areas with no assurance at all.
    • The ANAO is aware audits can lead to perverse incentives or outcomes.
      • Findings indicate some entities opt to remove performance indicators as opposed to continuing to work on high-quality measures that can provide valuable information to the Parliament. This can be managed through high-quality disclosures.
      • Conversely, several entities are leaving indicators in, allowing the ANAO to work with these entities to improve performance.

The Annual Audit Work Program

  • The ANAO published the 2022–23 Annual Audit Work Plan (AAWP) on 6 July 2022.
  • The AAWP sets out the ANAO’s mandated series of financial statements audits and discusses the ANAO’s planned performance statements audits and other assurance work.
  • The AAWP identifies 85 potential performance audit and assurance review topics.
  • The ANAO aims to table 42 audits by 30 June 2023 with key areas of focus including:
    • key accountabilities as outlined in the Public Governance, Performance and Accountability Act 2013 (the PGPA Act), including the proper use and management of public resources (efficiency, effectiveness, economy and ethics);
    • planning and delivery in major areas of public investment, such as in Defence capability, large-scale infrastructure, National Disability Insurance Scheme (NDIS) and programs targeting Indigenous Australians;
    • the measurement of performance and impact against program objectives;
    • procurement and contract management;
    • grants assessment, decision making and management;
    • public sector’s performance in meeting security requirements;
    • entity governance and the management of program and entity risks (including in relation to probity, integrity and fraud); and
    • the continuation of the ANAO’s COVID-19 multi-year audit strategy.
  • The ANAO will provide the AAWP to all Parliamentarians elected for the 47th Government, sharing the risks specific to each portfolio as set out in the AAWP with all Ministers and Shadow Ministers (Sent to Parliamentarians following the forum on 18 July 2022)
  • The AAWP is designed to reflect the ANAO’s audit strategy and planned audit coverage. The AAWP is designed to anticipate and respond to current and emerging risks and challenges, and complement the ANAO’s 2022–23 Corporate Plan which was also published on 6 July 2022.
  • The Auditor-General is an independent officer of the Parliament and can decide to commence on audits outside of the proposed topics published in the AAWP.
  • The AAWP outlines the overall focus of the ANAO, as well as risks and audit focus specific to each portfolio. The ANAO encourages audit committee chairs to examine the identified risks of the portfolios with which they are engaged.
  • The AAWP has been updated to reflect the Administrative Arrangement Order effective 1 July 2022. The AAWP will be revisited after the October 2022 Budget.

Finance updates

2021–22 financial reporting

  • Audit cleared accounts are due to be submitted to the Department of Finance by
  • 15 August 2022 for material entities and 31 August 2022 for small entities. These submissions support the preparation of the Australian Government’s Final Budget Outcome and Consolidated Financial Statements (CFS).
  • The supplementary reporting pack (SRP) is due to the Department of Finance (Finance) by 17 August 2022 for material entities and 31 August 2022 for small entities.
  • For the 2022–23 financial year, Finance will work with entities affected by the 1 July 2022 Machinery of Government (MoG). Guidance to assist entities with the implementation of MoG changes is also available on the Finance website.