I would like to begin by acknowledging the Traditional Custodians of the lands on which we meet today, both here in Canberra where we are joining you from and wherever you may be joining us from. I pay my respects to their Elders past, present and emerging and I extend that respect to any Aboriginal and Torres Strait Islander people attending this forum today.

• Good morning and thank you for attending online today. My name is Carla Jago and I am the Acting Deputy Auditor-General for Australia.
• A few housekeeping matters before we commence with our presentations:
  • Please mute your microphone when you are not speaking. If you have a question, please wait until the end of the speaker’s presentation. You can use the raise hand feature or type your question in the chat.
  • This forum is being recorded. As we advised at the last forum, we won’t publish a recording online. If any of your colleagues missed the session and would like to watch the recording, please just get in touch with us and this can be arranged. We will publish the presentations from the forum today and will circulate the link when that happens.

Organisational change

• We welcomed Dr Caralee McLiesh PSM to the ANAO as the Auditor General for Australia. Dr McLiesh commenced her term on 4 November
• Dr McLiesh will be engaging with heads of entities over the coming months as part of the normal audit processes.
• I would also like to take the opportunity to thank Rona Mellor, for her leadership as the Acting Auditor-General over the past nine months.

Overview of forum topics

• Now to today’s forum. Today I will speak to some key areas of the ANAO’s work, including two new information reports, key themes from our financial statements audit work and performance statements audit, and recent initiatives with our public sector engagement. This will be followed by presentations on:
  • Developments in sustainability reporting (Jane Meade)
  • Performance Statements Audit – Key focus areas for the 2024-25 audit program (George Sotiropoulos)
  • ANAO insights on IT controls and data assurance (Xiaoyan Lu)
  • Key themes emerging from Performance Audits (Michelle Page)
  • Key themes from Financial Statements Audits (Lesa Craswell)

Performance audit

• We are well underway on the 2024-25 Annual Audit Work Program – we have tabled 12 performance audits since the beginning of the financial year, and we are expecting to table a total of 48 performance audits this financial year.
• We have commenced the planning for next year’s AAWP and we expect to commence our broader consultation with entities and the Joint Committee of Public Accounts and Audit (JCPAA) in approximately March 2025. 
• This year, we have also published two new information reports.

Performance Audit Outcomes Information Report

• First, in October 2024, we published the 2023-24 Performance Audit Outcomes Information Report. This is the first tabled report on this topic and follows a similar approach to a mid-term report that was produced by Grant Hehir in 2020 and published on our website. This most recent report analyses performance audit outcomes from 2019–20 to 2023–24 with a particular focus on 2023-24. The areas analysed in the report include: audit activity, audit objectives, and stage of delivery against portfolios and audit conclusions; entity responses to recommendations, including their implementation; and improvements made by entities during audits.
• Key themes and issues emerging from the performance audits we undertook in this period included planning and implementation, evaluation, procurement and contract management, and cyber security. Findings from these performance audits can provide indicators of areas of risk to integrity, probity and ethics, including where action may be necessary to avert systemic issues. I’m sure Michelle will touch on some of these areas in her presentation later this morning.

COVID-19 – ANAO Audit Activity Information Report

• Second, we tabled an information report which consolidates the lessons from the 13 performance audits and reviews undertaken by the ANAO from our COVID-19 multi-year audit strategy. It includes a span of 12 entities across 10 portfolios where 41 recommendations were made.
• The COVID-19 pandemic resulted in significant disruptions to people’s lives. As of 31 May 2024, Australia recorded 17,920 COVID-19 related deaths nationally. Worldwide, 7.05 million COVID-19 deaths were reported to the World Health Organization from 227 countries as of 30 June 2024.
• The COVID-19 pandemic led to an increase in government spending, as the Australian Government introduced measures to safeguard public health, protect critical infrastructure and support the economy through the global health crisis.
• According to the Australian Institute of Health and Welfare (AIHW), over the period 2019–20 to 2021–22, an estimated $47 billion was expended by the Australian Government in health-related COVID-19 activities.
• The key themes and lessons that emerged from the audits:
  • emphasised the importance of everyday fundamentals such as establishing appropriate governance arrangements and proactively managing risks;
  • highlighted that systems and controls that were considered sufficient for business-as-usual were not adequate to deal with the demands of rapid implementation during the COVID-19 pandemic, and necessitated a more disciplined approach to adapt to and manage changes to ensure effective program delivery;
  • emphasised the need for comprehensive and up-to-date crisis management frameworks; and
  • the importance of incorporating and actioning lessons learned from the experience.
• The report also mentions the limited assurance reviews conducted by the ANAO over the Advances to the Finance Minister from April 2020 to October 2020. We examined a total advance of $1.974 billion issued in 2019–20 and $1.673 billion issued in 2020–21 to 30 October 2020. The Auditor-General issued unmodified conclusions for all seven assurance reviews.

Financial statements – end of year report

• Our end of year report for financial statements audits highlighted that while controls supporting financial reporting were generally sound there was room for improvement in relation to the robustness of IT controls, assurance over cloud computing arrangements, policies and reporting of official hospitality and artificial intelligence.
• For cyber security and IT controls, our reporting continues to draw attention to low levels of maturity in relation to IT controls, particularly related to IT security and the Protective Security Policy Framework. Entities and audit committees could consider what additional action is required to monitor and improve an entity’s control environment, particularly given the cyber threat environment.
• Our financial statements audits focussed on official hospitality. We found that some entities did not have policies or procedures, most entities do not report to senior management on hospitality or have specific compliance measures in place. Entities with higher levels of exposure to the provision of official hospitality could consider implementing or enhancing compliance and reporting arrangements
• We noted that the adoption of artificial intelligence (AI) by entities has increased – there are now 62 agencies deploying this emerging technology. Around half of these entities had established AI policies and procedures, with around 20 per cent specifying whether any additional assurance mechanisms were required. The Digital Transformation Agency has recently released the policy for the responsible use of AI in government, which establishes requirements for accountability and transparency on the use of AI within non-corporate entities.
• We observed that audit committee rotation could be more closely considered – most entities rotated members, but this was not formalised in policy or the audit committee charter. A policy should balance the need for continuity and experience against the need for objectivity of membership.
• Fifty-three per cent of legislative breaches identified by the ANAO in 2023–24 relate to incorrect payments of remuneration to key management personnel (KMP) and/or non-compliance with determinations made by the Remuneration Tribunal. It is important that entities have a robust framework in place to govern payments made to KMP to ensure that payments are consistent with policy or legal requirements. There is an ANAO Insights product on Executive Remuneration that has further information that may assist.
• Most have now adopted cloud computing arrangements in their IT environment. While services may be outsourced, the ISM and PSPF indicate that mitigating risks and oversight of effectiveness of controls remain in the purview of the entity. We found that about a quarter of entities were in the practice of receiving Service Organisation Control certificates for all cloud services, and most entities did not have a policy to review or obtain these certificates. SOC certificates can provide assurance over the operating effectiveness of IT controls at a cloud provider and there are opportunities for entities to further consider their use in managing cloud providers. 

Performance statements audit work

• The 2024–25 reporting period marks the tenth year of the requirement for the Accountable Authority of a Commonwealth entity to prepare annual performance statements. The ANAO has audited the implementation of this requirement initially through a series of performance audits (2016–2018), then a pilot program of three entities (2020–2021) and now the performance statements audit program.
• In 2024, the ANAO completed the audits of 14 entities’ performance statements. As in previous years, these audits further tested the ANAO’s performance statements audit methodology. Entities have generally engaged well with the audit process with first year auditees better prepared for the audit than in previous years.
• The ANAO’s audit of performance statements has seen improvement in the quality of entities’ performance statements. Entities that have been in the program in prior years are most mature in their performance planning and reporting processes.
• An area of ongoing challenge for entities is to devise and to implement an entity-wide performance framework. This framework will assist entities to structure their performance information—purposes, key activities and performance measures—and determine how this structure should change over time.
• The ANAO continues to build its program of work in auditing performance statements with 21 entities audited in 2024–25.
• The ANAO is still finding the ‘right touch’ in its approach to auditing performance statements. We will continue to refine our approach and relationship with audited entities.

• As we have previously mentioned, the ANAO has sought to improve the way it communicates with public sector entities and provide greater insights into our work.
• We have developed a new quarterly ANAO newsletter - Audit Matters. The purpose of Audit Matters is to inform those like yourselves of updates on the ANAO’s work and provide insights on what we are seeing in the Australian Government sector.
• The inaugural edition of Audit Matters was published on the ANAO website and distributed on 2 September 2024. This edition provided a summary of recent ANAO audit work, including on integrity, probity and ethics; grants administration; and performance measurement and reporting.
• Audit Matters also contains useful information for your entities about audit readiness and what you can expect from an audit.
• One thing worth considering when you read audit topics in the AAWP is how you would prepare for an audit in that topic area. A good ‘readiness’ exercise might be to ask yourself whether your records are up to date, your governance documentation and practice is current, and any data you manage is complete and secure. You might also want to look at the sorts of criteria we use in audits to help you think about how your program or activity would stack up.
• Reading a recent audit report on a topic relevant to your area of public administration might be a good idea, along with asking your people: ‘could that happen here?’ and ‘how do we know how we are going?’.
• The next edition is scheduled for December 2024. If would like to subscribe please visit the ANAO website or get in touch with us after today’s forum.
• You can also find our other ‘Insights’ (including audit lessons, audit opinion, and audit practice) publications on the ANAO website.
• On 29 October, we published a new Audit Lessons on ‘Gifts, Benefits and Hospitality’. As you may be aware, the ANAO has recently conducted some audits of compliance with gifts, benefits and hospitality requirements within selected Commonwealth entities.
• The ANAO found that 95% entities had gifts and benefits registers on their websites, 64% of entities were up to date with quarterly reporting requirements, and that 3% of entities required all gifts to be declared. Other entities had various thresholds before gifts were required to be declared (10% of entities did not define a threshold 86% stipulated a threshold of $100 and 1% of entities had a $50 threshold).
• This Audit Lessons publication also provides seven lessons aimed at improving Australian Government entities’ compliance with gifts, benefits and hospitality requirements, including establishing guiding principles and preventative and detective controls, developing clear internal policies, reporting all gifts and benefits, and the accurate valuation of gifts to increase transparency. You can read about these lessons in more detail on the ANAO’s website.
• On 6 November 2024, we released an Insights Practice product called ‘Performance Audit Process’. This edition of Practice aims to provide entities with information about how the ANAO plans for and conducts its performance audit activities.
• It describes the planning processes as part of developing the AAWP, and the stages of an audit an entity can expect to occur during an audit. I encourage you all to read this piece to help build you understanding of our audit activity.

• That is everything I wanted to cover off on this morning.
• As always, if you have any feedback on this forum, please contact the External Relations team. These forums are for you, and we want to provide information that we will be the most useful to you and the work you do every day.
• Thank you again for your attendance. We hope you find it to be a productive and robust program and I encourage you to engage and ask any questions you may have throughout the forum.

The slides from the forum are available at Related documents on this page.

Subscribe to this event to receive updates.