Reports and publications

Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.

View reports and publications

Insights

The aim of audit insights is to communicate lessons from our audit work to make it easier for people working within the Australian public sector to apply those lessons.

View ANAO Insights

Work program

The ANAO work program outlines potential and in-progress work across financial statement and performance audit.

View the work program

Careers

Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.

View Careers

About us

The Australian National Audit Office (ANAO) is a specialist public sector practice providing a range of audit and assurance services to the Parliament and Commonwealth entities.

About Us

An Audit Committee Chairs Forum was held at the Hotel Realm on Friday, 9 December 2022. The communique from the forum is now available here.

ANAO updates

Auditor-General Insights

Integrity and ethics

  • In an environment of principles-based, self-regulated frameworks, the presumption is that people will act in accordance with the principles the framework is trying to achieve. The ANAO often sees narrow compliance with the rules rather than considering the principles of frameworks. This can be seen as a lack of integrity in the entity.
  • Compliance is a necessary but not sufficient condition to meet the principles of the frameworks. Audit committees have an important role in ensuring entities act with integrity in all of its functions by complying with the principles of frameworks as well as rules.
  • The Australian Public Service Commission (APSC) is developing integrity frameworks and guidance for entities. The NACC will start to influence integrity frameworks.

JCPAA

  • The ANAO continues to establish and maintain its relationship with the JCPAA as the committee establishes its priorities and agenda.
  • The JCPAA has commenced inquiries in relation to grants administration and procurement. The ANAO has briefed the committee in these inquiries.
  • The ANAO has provided several submissions to the Committee over recent years outlining a need for changes to the Commonwealth Grants Rules and Guidelines (CGRGs). Several audits over recent years have indicated entities are focused on compliance with the rules, rather than achieving the principles underpinning the framework. Examples of bad practice include:
    • Not making clear recommendations to Ministers
    • Not supporting Minister’s document their decision-making process
    • Not assessing against the criteria appropriately.
  • The ANAO has provided a submission and private briefing to the JCPAA on its inquiry into procurement. Similarly, several performance audits over recent years have indicated approaches which, while technically compliant with the rules, seem to be more focussed on the convenience of the entity rather than complying with the intent of the rules. The underlying issue evidenced in recent audits is capability, with procurements being undertaken by staff who have not been provided with sufficient guidance and training. Audit committees play an important role in considering the capability of the procurement function.

Performance statements auditing

  • The ANAO continues to focus on its performance statements audits program. Efforts in preparing performance statements’ reporting compared to financial statements’ reporting remains inconsistent without adequate quality control and management of the process. This is despite messaging from the sector that non-financial performance information is more important than financial performance information.
  • Our methodology for auditing continues to evolve. The intention is to audit against a principles-based framework where the underlying principle is that performance statements and performance information should allow stakeholders, including the Parliament, to make an overall assessment of how an entity’s activities support the achievement of its purpose.

End of Year Financial Statements Reporting

  • 237 of 248 auditor’s reports issued to date. 86% of auditor’s reports issued within three months of year-end. Total audit findings across all categories for the 2021–22 audit cycle was 175, an increase from last year. There was one significant (Category A) finding and 15 instances of significant legislative breaches.
  • The ANAO noted an increase in findings relating to:
    • processes supporting financial statements’ preparation;
    • decline in the delivery of draft financial statements in line with entity financial statements’ project plans;
    • an increase in the number of unadjusted audit differences; and
    • an increase in overall total value of unadjusted audit differences reported to entities in 2021–22 compared to 2020–21.
  • Increase in findings for IT predominately relate to IT security (user controls, such as privileged user login and monitoring and termination of user access). Several of these findings, related to areas in the ISM and PSPF, have remained open for a number of periods despite their relative importance to close off in a timely manner.
  • The ANAO notes an instance of financial statements being altered after the audit opinion was issued. In the event financial statements do require revision, audit teams need to be engaged prior to any alternations being made.
  • Financial Statements observations in 2021–22 include:
    • Executive Remuneration. The ANAO continues to identify findings related to legislative breaches of remuneration tribunal conditions for associated officers (overpayments). Entities should consider the effectiveness of their controls supporting the payroll function for these officers, the processes adopted for compliance and whether process and record keeping improvements are required.
    • Bonuses. The APSC released its Performance Bonus Guidance (the Guidance) which established revised principles governing the application and payment of performance bonuses for commonwealth entities and companies. The Guidance included the expectation that entities should implement the principles as ‘soon as practicable’.
    • Related Parties. The purpose of related party disclosures is to ensure entities draw attention to the possibility that their financial statements may have been affected by the existence of related parties and by transactions with such parties. When preparing financial statements entities must consider whether any transactions have arisen with Ministers or members of the Cabinet.
    • Shared Services. The Department of Finance has led the initiative to broaden shared services uptake and is setting expectations for entities to progress to shared services. The Shared Services Program is a Whole-of-Government initiative and a long-term priority for the Australian Government. This has resulted in an increase in shared services arrangements across government entities.

Performance Audit Update

  • Since the last forum in July, the ANAO has tabled an additional audit on procurement, Digital Transformation Agency’s Procurement of ICT-Related Services. The report includes a number of case studies with lessons learned that are useful to the sector.
  • When considering an organisation’s procurement activity, audit committee chairs are encouraged to consider the following questions:
    • What level are delegations set for deciding not to go to open tender?
    • When panels are being used in procuring services, how many suppliers have been approached?
    • What processes are in place to ensure staff undertaking procurements know what they are doing?
    • How do you know if advice from central procurement teams is being followed?

Performance Statements Audit update

  • The ANAO conducted performance statements audits in 2021–22 of the following six entities:
    • Attorney-General’s Department
    • Department of Social Services
    • Department of Veterans Affairs
    • Department of Agriculture, Water, and the Environment
    • Department of Education, Skills and Employment
    • Department of the Treasury
  • The six independent auditor’s reports were provided to the Minister for Finance on 25 October 2022. This is earlier than the 2020–21 timeframe where the reports were provided to the Minister on 9 December 2021 (tabled 4 April 2022).
  • Of the six audits completed, three auditor’s reports had conclusions that were qualified. This is an improvement from last year where all audits were qualified.
  • Improved timeliness of the audits was primarily due to more mature planning and preparation processes by both the entities and the ANAO.
  • Application of the concept of materiality was clarified during the financial year. All measures in an entity’s corporate plan are considered material by nature. The ANAO does not determine what the measures should be but audits the entity’s reporting of performance against the measures set by the entity itself. While every measure is considered material by nature, application of materiality to reported results is at the whole of statement level, including consideration of the impact on the user of the statements. This is an evolution from last year where materiality was applied quite narrowly to each measure.
  • The ANAO recognises the challenges of reporting against outcome and impact measures. The ANAO will continue to evolve its methodology to ensure entities are incentivised to not remove such measures but to continue to develop these measures and accurately report any caveats or limitations as supporting systems and methodologies are matured. Such measures could also be complemented by input and output measures for context.
  • The ANAO is conducting ten audits in 2022–23 (list of audits still to be finalised). This increase will provide more data points on which to build our evidence base and our precedents.
  • To assist in refining audit methodology, the ANAO will establish a Performance Statements Expert Advisory Panel (the Panel) in early 2023. The Panel will have membership from the ANAO, the Department of Finance, the Treasury, the Parliamentary Budget Office, a state or territory Auditor-General and several Chairs of entity audit committees.
  • Increased discussions in the sector indicate performance statements auditing is having an impact. Performance reporting is also an increasing focus for senior leadership and audit committees.
    • An absence of periodic monitoring and reporting by entities could indicate that the performance measures in annual performance statements may need refining. It is unclear why an entity would not want to monitor progress towards achieving its purposes during the year, noting it is the accepted practice for entities to regularly monitor financial budgets during the year.
    • Periodic monitoring and reporting may not be possible for some measures, including where data is only obtained annually through surveys.

Cyber Security

  • Lessons learned from recent performance audits include:
    • Assurance processes can assist an entity to understand whether the controls implemented are effective. If those processes are not in place, entity risks are not mitigated, evidenced by recent financial statements’ audit findings.
    • Providing appropriate guidance, including by documenting procedures, can assist to operationalise requirements. This assists with filling the capability gap, particularly in the current environment of high staff attrition across the sector.
    • Security responsibilities cannot be outsourced. Several entities are looking at outsourcing shared and contracted services, however, the risk remains with the entity.

Finance updates

Governance update

  • It is one year since the Commonwealth Evaluation Policy and associated Resource Management Guide (RMG 130) came into effect. The Policy applies to all entities and companies subject to the PGPA Act.
  • The key objectives of the policy are to
    • Help embed an evaluative culture across the APS
    • Improve the way entities measure and assess performance
    • Use evaluation to improve the impact of government programs and
    • improve the quality of performance information available to the government, the Parliament and the public.
  • The Policy is principles-based and encourages managers to determine the best way to evaluate their programs in order to deliver the most appropriate, effective and efficient outcomes. Both the Policy and the RMG were developed after extensive collaboration across the Commonwealth and aim to rebuild evaluation capability across the APS.
  • A Commonwealth Evaluation Community of Practice (CoP) was launched in September 2022. The initial uptake has been very encouraging, with over 300 members from 56 Commonwealth entities, including 16 portfolio departments. The CoP is open to all Commonwealth officials with a role, or interest in, evaluation. If you are interested in joining the CoP, you can register here.

2021-22 Financial Reporting

  • The Consolidated Financial statements were signed by the Finance Minister on 16 November 2022, and were tabled on 9 December 2022.
  • Chief Financial Officers have provided feedback on the 2021-22 financial reporting process through Finance’s annual Financial Reporting Rule survey.
  • COVID-19 and staffing shortages remain an ongoing pressure for the accounting and finance profession in the Australian Public Service.

Sustainability reporting

  • No International Accounting Standards or Australian Accounting Standards on sustainability reporting have been issued.
  • The Department of Climate Change, Energy, the Environment and Water is leading the Australian Government’s work on sustainability reporting with Finance and the Department of the Treasury.

Other updates

Spotting ethical red flags in procurement - Panel discussion and Q&A

  • The ANAO (Jane Meade, Group Executive Director) facilitated a panel discussion on spotting ethical red flags in procurement. Panellists included Kylie Bryant (Head of AusIndustry), Gareth Sebar (AS, Department of Finance) and Peter Achterstraat (Audit Committee Chair).
  • Kylie spoke of the lessons learned following the ANAO’s Procurement of Delivery Partners for the Entrepreneurs’ Programme audit, stating it was poor governance that led to poor outcomes (i.e. working around the Commonwealth Procurement Rules (CPRs) rather than with them). Procurement red flags for Audit Committees to consider include:
    • Absence of a tiering system clearly outlining low, medium, and high priorities.
    • Absence of a program governance system that oversees that tiering system.
    • Absence of traffic light reporting of contracts in flight.
    • Absence of reporting of upcoming procurement. The main reasons procurements are ineffective is due to lack of planning and resources.
    • Lack of clarity around delegations and where key decisions are being made.
    • Inadequate record keeping, particularly around contract variations and extensions.
    • Staff trained in procurement but not involved in procurement activity to ensure skills are maintained.
  • Gareth outlined what the Department of Finance looks out for when reviewing entity procurement practices and encouraged audit committee chairs to consider the following questions:
    • What are the skills and knowledge available in the organisation to undertake procurement effectively?
    • Is there a centralised procurement team? If so, do they have a strong presence in the organisation?
    • What processes are in place to identify the need for the procurement team’s support, particularly for areas that are undertaking procurement for the first time?
    • What governance processes are in place to ensure sufficient senior management oversight and accountability?
    • Is sufficient and clear procurement guidance provided to staff?
    • Is there a conflict-of-interest register?
    • Is there a complaint register and how are complaints managed appropriately?
    • Is there a clear policy to manage the receipt of gifts?
    • Does the entity have a pathway to improve its procurement activities?
  • Peter detailed the role audit committees play in ensuring ethical behaviour in procurement and highlighted the “Searchlight 7” when examining procurement activity.
    1. Tone at the top (behaviours/approach of senior management)
    2. Staff engagement and morale
    3. Low numbers of mandatory training in all areas
    4. Mentions of “pedestals suppliers” and perceived credibility
    5. Accessibility to procurement experts (e.g. central procurements team)
    6. Lack of documentation
    7. Own guidance that differs from the CPRs

External Cyber threats – Australian Signals Directorate

  • Stephanie Crowe (FAS, Australian Signals Directorate) provided an overview of the lessons learned following recent data breaches affecting Australia.
  • The Australian Cyber Security Centre (ACSC) does not have a role in audit. Its role is to understand cyber threats and to provide technical advice and assistance to entities on how to best manage threats and secure its systems.
  • ACSC released its Annual Cyber Threat Report outlining key issues seen in the current cyber environment.
    • Ransomware remains a significant threat. This involves cyber criminals encrypting networks and asking network owners to pay a ransom to restore data systems and network operations. As evidenced by recent attacks on Optus and Medibank, the cybercrime model has advanced to not only encrypting data to cause disruption but threats to release data publicly if ransoms are not paid.
    • The ACSC have seen an increase in reports of data breaches following these attacks which is seen to be reflective of:
      1. The threat environment and rapid evolution of cybercrime models
      2. An increased awareness from the community on the importance of reporting incidences, not only for ACSC to be able to provide assistance, but to uphold organisational reputation and public narratives on how incidences are being handled.
  • The ACSC continues to focus on ensuring organisations across Australia, particularly government entities, are in the best position to evaluate their ability to meet the Essential Eight mitigations. An Essential Eight Assessment Process Guide has been released to assist entities to ask the right questions on the implementation of its cyber security controls.
  • Moving into 2023, increased policy and operational discussions around data breaches are likely to occur, including what advice can be provided to the Australian community on effective data protection and management to maintain appropriate security postures.
Related documents
ACC Forum 9 December 2022 presentation slides (PDF)