• Dr Caralee McLiesh PSM, Auditor-General for Australia addressed the Audit Committee Chairs Forum. A summary of the key points from her presentation is below.
• Audit committees play a critical role in supporting better performance of agencies. The ANAO and audit committees often have complementary functions in providing oversight and accountability of government activities.
  • Audit committees can have a direct impact on improving performance at individual agency level by providing advice to senior management and also improve government services across the breadth of public sector activities.
• Dr McLiesh spoke about four key strategic areas of interest guiding her perspective as she commences her term as the Auditor-General.

1. Lifting government performance. This relates to the ANAO’s core purpose – supporting accountability and transparency through independent reporting to the parliament and therefore contributing to improved public sector performance. What can we do to best achieve this? How can we support the Parliament to drive transparency and accountability? How do we work best with audit entities? The ANAO has a unique sector-wide perspective and we can look across portfolios, look over time, and identify themes and the areas where we can target and work with the sector to drive improved performance.
2. Transparency. Transparency is a foundation of accountability. It is at a risk of eroding and the role of the Auditor-General and the Audit Office is to improve transparency and act a safeguard against a lack of transparency.
3. Innovation. The public sector environment is rapidly changing with new technologies, more complex services, rising community expectations, and changing geopolitics. How does the sector adapt? What is the role of artificial intelligence and the automation of government services? What does this mean for the future of the audit function?
4. Institutional settings. Institutional checks and balances in government are as important as they have ever been. The role of Auditor-General is as a steward of the institution and of the office of the ANAO. The ANAO’s function relies on its independence and its powers and these need to be protected and enhanced where appropriate, but operating independently does not mean operating in isolation.

• Carla Jago, Acting Deputy-Auditor General, delivered a presentation on emerging lessons from the ANAO’s Audit Program. A summary of the presentation is below and a copy of the speech is available from the related documents section of the website. 

Performance audit

• The 2024-25 Annual Audit Work Program (AAWP) is underway—13 performance audits have been tabled since the start of the 2024-25 financial year. This financial year, the ANAO is expected to table a total of 48 performance audits.
• Planning for the 2025-26 AAWP has commenced and consultation with entities and the Joint Committee of Public Account and Audit is expected to occur in March 2025.
• In 2024, the ANAO published two information reports—the Performance Audit Outcomes Information Report, and the COVID-19 – ANAO Audit Activity Information Report.
• The Performance Audit Outcomes Information Report is the first tabled report on this topic and follows a similar approach to a mid-term report that was produced by Grant Hehir, former Auditor-General for Australia, in 2020. The Performance Audit Outcomes Information Report analyses performance audit outcomes from 2019–20 to 2023–24 with a particular focus on 2023-24.
  • The key themes and issues emerged from the performance audits that were conducted into planning and implementation, evaluation, procurement and contract management, and cyber security activities. Findings from these performance audits can provide indicators of areas of risk to integrity, probity and ethics, including where action may be necessary to avert systemic issues.
    • Six performance audits were tabled focusing on compliance with selected public service legislative and policy requirements for credit cards and gifts, benefits and hospitality.
    • From 2019-20 to 2023-24, 36 performance audits of procurement and contract management were conducted. 53 per cent were found ‘not effective’ or ‘partly effective’. The key lessons emerged from the audits includes using appropriate expertise during processes; being transparent in decision making; demonstrating value for money; acting ethically; and maintaining good records.
• The ANAO observed that all 45 performance audits tabled in 2023-24 had record keeping issues on how decisions are made.
• The COVID-19 – ANAO Audit Activity Information Report focused on the lessons from the 13 performance audits and reviews undertaken by the ANAO under our COVID-19 multi-year audit strategy. It includes a span of 12 entities across 10 portfolios with 41 recommendations made.
• The key themes that emerged from the audits were the importance of establishing appropriate governance arrangements and proactively managing risks; systems and controls often were not adequate to deals with demands of rapid implementation; the need for comprehensive and up-to-date crisis management frameworks; and the importance to incorporating and actioning lessons learned from the experience.
• The report also mentions the limited assurance reviews conducted by the ANAO over the Advances to the Finance Minister from April 2020 to October 2020. The ANAO examined a total advance of $1.974 billion issued in 2019–20 and $1.673 billion issued in 2020–21 to 30 October 2020. The Auditor-General issued unmodified conclusions for all seven assurance reviews.
• Another performance audit of interest for audit committee chairs is the audit of the Implementation of Parliamentary Committee and Auditor-General Recommendations which was tabled on 20 November 2024.
  • Parliamentary committee and Auditor-General recommendations seek to address risks identified through inquiries and audits. Audit committees are required to provide independent advice on entities’ systems of risk oversight and management of internal controls. Complete and regular reporting to audit and risk committees on the implementation of recommendations, including evidence-based closure packs for completed parliamentary committee and Auditor-General recommendations, gives audit and risk committees visibility over how risks are being managed. This assists audit and risk committees to perform their functions.
• Some aspects audit committees may wish to consider in relation to recommendations addressed to your entity include: 
  • For parliamentary committee recommendations, Australian Government entities can support government by: advising ministers on requirements and better practice for the form and timing of responses to parliamentary committee reports; and monitoring compliance with required timeframes; and
  • For parliamentary committee and Auditor-General recommendations, Australian Government entities can support accountability and integrity by: establishing fit-for-purpose and proportionate implementation planning for agreed recommendations; monitoring implementation; and closing recommendations on the basis of robust evidence that the intent of the recommendation has been met.

Financial statements – end of year report

• The Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2024 is expected to be released soon.
• The report highlighted that there is room for improvement in relation to the robustness of IT controls, assurance over cloud computing arrangements, policies and reporting of official hospitality and also artificial intelligence.
• For cyber security and IT controls, the ANAO’s reporting continues to draw attention to low levels of maturity in relation to IT controls, particularly in relation to IT security and the Protective Security Policy Framework (PSPF).
• The report also has a focus on official hospitality. The ANAO found that some entities did not have policies or procedures. Entities with higher level of exposure to provision of official hospitality need to consider implementing or enhancing compliance reporting arrangements.
• The ANAO looked at the adoption of artificial intelligence (AI) and found an increase in the adoption of AI across entities. There are now 62 agencies employing this technology. Around half of the entities have established AI policies and procedures, with around 20 per cent specifying whether any additional assurance mechanisms were needed.
  • The Digital Transformation Agency has recently released a policy around the responsible use of AI in government and that establishes some requirements for accountability and transparency, mainly for non-corporate entities.
• In relation to audit committees, we observed that audit committee member rotation could be more closely considered – most entities rotated members, but this was not formalised in policy or the audit committee charter. A policy should balance the need for continuity and experience against the need for objectivity of membership.
• In the report, the ANAO also identified that 53 per cent of legislative breaches identified in the 2023-24 Financial statement audits were related to incorrect payment of remuneration to key management personnel (KMP) or non-compliance with determinations made by the Remuneration Tribunal.
  • It is really important that entities have a robust framework in place to govern payments made to KMP to ensure that the payments are consistent with both policy and legislative requirements. The ANAO insights product on Executive Remuneration can assist entities with this issue.
• The ANAO have identified that most entities have adopted cloud computing arrangements in their IT environment. While the services might be outsourced, both the Information Security Manual (ISM)and the PSPF indicate that mitigating risks and oversight of the effectiveness of controls remains the responsibility of the entity which can’t be outsourced. 

Performance statements audit

• The 2024-25 reporting period marks the tenth year of the requirement for an accountable authority of a Commonwealth entity to prepare annual performance statements.
• In 2024, the ANAO completed the audits of 14 entities’ performance statements. As in previous years, these audits further tested the ANAO’s performance statements audit methodology. Entities have generally engaged well with the audit process with first year auditees better prepared for the audit than in previous years.
• The ANAO’s audit of performance statements has seen improvement in the quality of entities’ performance statements. Entities that have been in the program in prior years are most mature in their performance planning and reporting processes.
• An area of ongoing challenge for entities is to devise and to implement an entity-wide performance framework. This framework will assist entities to structure their performance information—purposes, key activities and performance measures—and determine how this structure should change over time.
• The ANAO continues to build its program of work in auditing performance statements with 21 entities audited in 2024–25 and we will continue to refine our performance statements methodology. 

Public sector engagement

• The ANAO has sought to improve the way it communicates with public sector entities and provide greater insights into our work.
• The ANAO has developed a new quarterly newsletter called Audit Matters (subscribe here). The newsletter is to provide update and insights on what we're seeing across the sector.
  • The first edition was published and distributed on 2 September 2024. it provides a summary of our recent work, including the work around integrity, probity and ethics, grants administration and performance measurement and reporting.
• The ANAO also regularly publishes its ‘Insights’ products (Audit Lessons, Audit Opinion, and Audit Practice) which aim to communicate key lessons to the public sector from our audit work and to support entities to better understand our audit work.
• Recent Insights publications include:
  • Audit Lessons – Gifts, Benefits and Hospitality, published on 29 October 2024 provides an overview of key issues found in gifts, benefits, and hospitality in entities and provides seven lessons aimed at improving compliance in this space. Audit Practice – Performance Audit Process, published on 6 November 2024, aims to help entities better understand the processes involved with a performance audit. 

Parliamentary engagement

• The Joint Committee on Public Accounts and Audits (JCPAA) has commenced an inquiry into the use and governance of artificial intelligence (AI) systems by public sector entities. The ANAO has made a submission to this inquiry which can be found on the committee’s website.
• There are several other JCPAA inquiries underway, including into contract management frameworks operated by Commonwealth entities and into the administration of Commonwealth regulations.

• Jane Meade, Group Executive Director, Professional Services Group, ANAO delivered a presentation on financial areas for audit committee considerations. The two areas which were discussed included issues related to contingent liabilities and prior period reporting errors.
• Contingent liabilities – recognising provisions versus disclosing contingent liabilities
  • A provision is a type of liability where there is some uncertainty as to the timing or amount of payment that’s going to be made in the future. To recognise any sort of liability you need to have a present obligation that has come from a past event and it must be probable that there will be a payment in the future.
  • The issue we saw this year was with a number of entities asserting that they couldn't make a reliable estimate of the obligation and therefore they didn't recognise a liability in their financial statements. Instead, the entities disclosed that they had a contingent liability. Under accounting standards, it is expected that there will only be extremely rare cases where a reliable estimate cannot be made.
  • It is important to remember that a provision is an estimate by nature. Estimates are an essential part of the preparation of financial statements and the uncertainty that is inherent in an estimate doesn’t undermine the reliability of those financial statements. Disclosure requirements allow the entity to be transparent about the uncertainties and the assumptions used in calculating the estimate.
  • Where an entity discloses a contingent liability because they believe a reliable estimate cannot be made, audit Committees should consider asking why that is the case and whether the uncertainty can be dealt with in the estimation process.
• Prior period errors
  • A prior period is when either the entity or the auditor identify that there was a material error in the prior year financial statements. When this occurs, the entity is required to make a restatement in the financial statements. This results in the prior year numbers being restated to reflect the amount that it should have been.
  • In some cases, auditors may determine that it's appropriate to use an emphasis of matter paragraph to highlight the disclosure. This is not a qualification.
  • This year, to increase internal transparency around this area the ANAO revised its consultation policy.
  • Prior period errors and restatements are a potential indicator of quality issues in both preparation and audit processes. There were around 40 prior errors identified across the range of financial statements audits.
  • The ANAO is undertaking a root cause analysis to determine if there is a risk to audit quality from these errors.

2023-24 Financial Reporting

• The Final Budget Outcome was tabled in Parliament on 30 September 2024. The 2023-24 Consolidated Financial Statements were signed by the Finance Minister on 28 November 2024 and are expected to be tabled in mid-December 2024.

Conflict of Interest & Confidentiality Review

• An update was provided on the management of conflicts of interest and confidentiality. Members discussed opportunities, challenges and enhancements in managing conflicts of interest and confidentiality with the non-government sector.

• Joanna Virtue, Assistant Secretary, Fraud Prevention and Anti-Corruption Branch, Attorney-General’s Department delivered the keynote address on the new Commonwealth Fraud and Corruption Control Framework. The following section is a summary of the speech. A copy of the presentation is available on the related documents section of this webpage.
• The Commonwealth Fraud and Corruption Control Framework was implemented on 1 July 2024 and is designed to support all Commonwealth entities to effectively manage fraud and corruption risk. It is part of the package of reforms by the Australian Government which aims to strengthen integrity in the Australian public service.
• Audit Committee Chairs will play a role in supporting the accountable authority to implement the framework within Commonwealth entities.
• The Commonwealth Fraud and Corruption Control Framework is an element of the Commonwealth’s finance law under the Public Governance Performance and Accountability (PGPA) Act 2013 which establishes a coherent system of governance and accountability for public resources, including protecting those resources from risk.
• There are three key parts of the Commonwealth Fraud and Corruption Control Framework:
  • Fraud and Corruption Rule - Section 10 of the Public Governance, Performance and Accountability Rule 2014;
  • Fraud and Corruption Policy - Sets out the requirements for specific areas of fraud and corruption control; and
  • Fraud and Corruption Guidance - Resource Management Guide No. 201: Preventing, detecting and dealing with fraud and corruption
• The significant change in the Fraud and Corruption Rule is the inclusion of corruption. Accountable authorities of Commonwealth entities must now take steps to prevent, detect, and deal with corrupt conduct. This complements the prevention and investigation function of the National Anti-Corruption Commission.
• There are also new clauses which require entities to periodically review the effectiveness of fraud and corruption controls, have governance structures and processes to effectively oversee and manage the risk of fraud and corruption, and have officials to manage fraud and corruption.
• The Fraud and Corruption Rule sets the minimum standards for managing the risks and incidents of fraud and corruption within an entity. All Commonwealth entities must comply with these requirements in the rule.
• Non corporate Commonwealth entities must also implement the policy, and corporate and Commonwealth companies are strongly encouraged to implement the policy
• The core procedural requirements in the rule and policy can be implemented in a way that takes account of each entity’s unique operating context. The accountable authority must establish a system of internal controls which is fit for purpose. 
• The Commonwealth Fraud and Corruption Control Framework has a shift towards prevention which is achieved through the expanded and more prescriptive elements under the new Fraud and Corruption Policy, including:
  • targeted and rigorous fraud and corruption risk assessments;
  • control effectiveness reviews; and
  • governance arrangements.
• For audit committees, you will need to consider if the entity has appropriate arrangements in place to support the effective oversight and management of the entity’s fraud and corruption risks? You may wish to ask:
  • Has the entity documented:
    • the roles and responsibilities of officials, positions and internal governance bodies?
    • its approach to managing fraud and corruption – how did officials determine what are reasonable measures and appropriate mechanisms for the entity?
    • key decisions such as actions to take following on from an investigation?
  • Has the entity refreshed its enterprise risk assessment and considered targeted fraud and corruption risk assessments for higher risk activities?
  • Have the Accountable Authority Instructions been updated to ensure fraud and corruption risks are considered when developing new initiatives?
  • Has the entity implemented a program to review the effectiveness of fraud and corruption controls?
• The hidden nature of fraud and corruption makes it difficult to quantity the true cost. International comparatives suggest that 3% to 5.95% of government expenditure is lost to fraud or error.
• These international measurement exercises also suggest that we can expect to find fraud and corruption in all government entities and programs. However, the majority of Australian Government entities are not detecting any fraud or corruption each year.
• This leads to two misconceptions:

1. The first is that fraud is not a widescale problem for most government entities.
2. The second is that fraud is an outlier event and that when we find it, there has been a failure. This disincentivises entities to proactively look for fraud.

• The natural result of these misconceptions is that entities will not prioritise investment in preventing fraud and corruption until there is evidence that they are occurring
• If we are to build a stronger APS that embodies integrity in everything it does, we need to actively confront these misconceptions by:
  • improving reporting and increasing transparency around the levels of fraud and corruption we experience; and
  • celebrating efforts to find fraud and corrupt conduct.
• There are often ‘overlooked’ impacts of fraud and corruption:
  • Impacts the lives of vulnerable Australians.
  • Creates incentives for other crimes such as identify theft.
  • Hinders policy outcomes and reduces the quality of essential services.
  • Increases costs in delivering public services.
  • Erodes public trust in government and public services. 
  • Undermines the role of government and the integrity of public institutions.
• The Commonwealth Fraud Prevention Centre has a range of guides, toolkits and training available to support entities. Please visit the following website for more information: https://www.counterfraud.gov.au/.

• The Audit Committee Chairs Forum featured a panel discussion on fraud and corruption in the Commonwealth public sector. This followed the key note address and covered themes from the ANAO’s audits on fraud control arrangements, and related audits on topics such as conflicts of interest.
• The panellist included:
  • Joanna Virtue, Assistant Secretary, Fraud Prevention and Anti-Corruption Branch, Attorney-General’s Department;  Dr Ben Gauntlett, Deputy Commissioner, National Anti-Corruption Commission;
  • Tracey Carroll, First Assistant Secretary, Governance and Grants Division, Department of Finance; and
  • Michelle Page, A/g Group Executive Director, Australian National Audit Office (moderator).
• The panellists discussed a broad range of themes and issues related to fraud and corruption in the Commonwealth public service. Highlights from the panel discussion included:
  • Audit committees play a critical role in providing oversight of the approach towards and implementation of the new Commonwealth Fraud and Corruption Control Framework.
  • Audit committees should develop an understanding of the new Commonwealth Fraud and Corruption Control Framework and other new obligations, such as those under the National Anti-Corruption Commission Act 2022.
    • For example, the definition of corrupt conduct in the National Anti-Corruption Commission Act 2022 is broad and there are different referral pathways (mandatory and voluntary) which have its own obligations.
    • Audit committees should be aware of the conduct of non-public officials seeking to influence public officials.
  • Developing a positive culture within an entity is essential to appropriately manage fraud and corruption risks:
    • It is important to implement appropriate frameworks and policies within an entity and to ensure there is a culture that encourages engagement with these frameworks beyond a compliance-centric approach.
    • The results of the APS census can provide an insight into the values and behaviours of staff within an entity and can provide an indication of where staff values do not align to organisational values.
    • Finding fraud and corruption is a ‘good’. When instances of fraud and corruption are detected an entity can measure its impacts, implement better preventative controls, and manage the incident appropriately.
  • Measuring the impacts of fraud losses:
    • Quantifying the impact of losses to fraud and corruption can be difficult. Losses incurred due to fraud and corrupt activity go beyond the direct financial loss.
    • Fraud and corruption can lead to the erosion of public trust, exploitation of public programs and services, environmental damage, delay in the delivery of services, turn over of staff, reputational damage, and direct impact on individuals, particularly from vulnerable cohorts (for example instances of misuse of information in cases of domestic violence and identity theft).
    • Understanding the non-financial elements of fraud and corruption can lead to a better risk assessment and internal control measures.

Subscribe to this event to receive updates.