I would like to begin by acknowledging the Traditional Custodians of the lands on which we meet today, and pay my respects to their Elders past, present and emerging. I extend that respect to any Aboriginal and Torres Strait Islander people attending this forum today.

• Good morning and thank you for attending online today. My name is Carla Jago and I am the Acting Deputy Auditor-General for Australia.
• A few housekeeping matters before we commence with our presentations:
  • Please mute your microphone when you are not speaking. If you have a question, please wait until the end of the speaker’s presentation
  • This forum is being recorded. Unlike previous years we will not publish a copy of the recording online but we will publish the presentations from today on our website. A link will be circulated to you when this occurs. If any of your colleagues missed the session and would like to watch the recording please just get in touch with us and this can be arranged.

Organisational change

• I would like to begin by addressing the retirement in February of the former Auditor General for Australia, Mr Grant Hehir and thank him for his service and leadership of the ANAO throughout his tenure.
• As I’m sure you are all aware, Ms Rona Mellor PSM is currently the Acting Auditor-General for Australia until a permanent appointment is made. 

Overview of forum topics

• Now to today’s forum. The ANAO continues to look for ways to improve and expand the communication of audit findings, conclusions and recommendations, to support ongoing improvement in entity governance and public administration. 
• Today I will speak to some key developments in the ANAO, including the development of the 2024-25 Annual Audit Work Program (AAWP) and general lessons from recent audit work, the interim report on key financial controls of major entities, the progress of our performance statements audit work, the ANAO’s relationship with the JCPAA, and the development of sustainability reporting. This will be followed by presentations on:
  • Developments in sustainability reporting (Jane Meade)
  • Performance Statements Audit update (George Sotiropoulos)
  • ANAO insights on cyber security and data governance (Xiaoyan Lu)
  • Key themes emerging from Performance Audits (Corinne Horton)
  • Key themes from Financial Statements Audits (Lesa Craswell)

AAWP

• The 2024–25 AAWP is expected to be published early next week and at that time it will be available on the ANAO’s website. The AAWP continues to focus on core public sector activities. The program includes a continuation of audits of entities' compliance with essential frameworks, integrity and ethics, and audits of programs focused on climate change and the environment.
• Under the Public Governance, Performance and Accountability Act 2013 (PGPA Act), an accountable authority of an Australian Government entity has a duty to establish and maintain appropriate systems of risk oversight and management and internal control, including measures to ensure that officials comply with the Finance Law. Non-compliance with Finance Law, including for basic governance processes, has the potential for substantial financial losses or reputational damage to entities and can be indicative of an entity’s culture and integrity
• The ANAO has commenced a rolling program of compliance with legislative and policy requirements audits. Topics that we may cover through these audits include compliance with credit cards; gifts, benefits and hospitality; Protective Security Policy Framework; Commonwealth Risk Management Framework; requirements of the Commonwealth Fraud and Corruption Control Framework; information management requirements; and management of conflicts of interest.
• The ANAO’s focus on compliance audits is in direct response to the issues identified in recent audit reports, the Royal Commission into Robodebt, and the concerns of the Parliament. Compliance with these essential frameworks has been lacking for some time. The ANAO’s recent work in this space is of interest to the Parliament and the Joint Committee of Public Accounts and Audit view this as an important element of our work.
• Compliance audits are generally also shorter, sharper audits which provide for greater audit coverage of the sector by providing a mix of audits in size and scale and across a wider variety of entities.
• Recently the ANAO tabled an audit of the APSC’s Administration of Integrity Functions using the new ethics methodology. This was a platform audit looking at the system level and we will continue our program of audits into the implementation of ethical frameworks by entities in the 2024-25 audit cycle.
• The other significant newer element of the AAWP relates to climate change disclosures and sustainability reporting. Sustainability reporting has developed globally, primarily in the private sector, on the basis that sustainability factors are becoming a mainstream part of investment decision-making.
• The Australian Government has determined that the first stage of sustainability reporting in Australia is climate-related reporting.
• As the financial auditor of Australian government entities, the ANAO is considering its readiness to implement a sustainability assurance regime and how this will impact our performance audit program.

Financial statements – interim report

• Moving to our work in financial statements. The Interim Report on Key Financial Controls of Major Entities was tabled on 20 June and is available on our website.
• The results of the ANAO’s financial statements audits over the recent few years indicate that financial reporting is a mature and embedded function in entities, supported by largely appropriate processes and financial frameworks. Our latest interim report identifies that IT controls remain an area of concern. I would encourage entity governance bodies to look at this closely, asking for plain language reporting on IT controls to enable you to gain assurance on your entity’s situation. Key areas where there is room for improvement in internal controls, guidance or capability include:
  • entity safeguards for preventing cyber security risks;
  • robustness of IT controls and change management policies;
  • assurance over software projects; and
  • closing out internal audit recommendations.
• I’d also like to remind everyone about a matter we touched on in the end of year report we tabled in December 2023. I thought it would be timely to mention this now, given you are all entering into reporting season. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. Finance's RMGs require that annual reports are tabled before estimates hearings.
• In our 2022–23 end of year report on financial statements we identified that thirty-four per cent of annual reports were tabled on or after the date of the entity's supplementary budget estimates hearings. This represents an eight per cent decrease in timeliness of annual reports being tabled in the Parliament compared with 2021-22. This is an area where we should also seek to improve for this year.
• My colleague Lesa Craswell will speak to these points in more detail later in today’s program.

Performance statements audit work

• The ANAO continues to build its program of work in auditing performance statements with 14 entities audited in 2023–24. In the 2024-25 financial year, we will increase the number of entities in our performance statement audit work to 21. 
• While the ANAO’s audit of performance statements is still reasonably new, the requirements for performance statements and meaningful reporting on performance information in the PGPA Act have been in place for over 10 years. Embedding a focus on performance information and reporting as a basic tenant of public administration and not a new activity should lead to better outcomes.
• Through our program of performance statements audits we have seen some unintended consequences from entities in the preparation of performance statements. For example, performance statements frequently have a large number of caveats which can detract from providing a meaningful picture of the entities performance. It is worth stepping back and considering your overall set of performance statements to consider whether they are actually telling a clear picture of how your entity has performed in the last year.
• Unlike our financial statements audits which we have conducted for over 120 years, and which have a standardised approach and level of comfort and familiarity for entities, the ANAO is still finding the ‘right touch’ in its approach to auditing performance statements and will continue to refine our approach and relationship with audited entities.
• The Parliament also has a strong interest in entity performance information. Many of the questions asked to the ANAO and entities in recent JCPAA hearings go directly to ‘what does good like look’ and how entities can have well designed performance statements and evaluation systems.

• Moving now to recent work of the Parliament, and in particular the JCPAA.
• The JCPAA’s inquiries are an important element of the accountability framework within the public sector. It complements and also scrutinises the work of the ANAO. The ANAO will continue to support the work of the JCPAA and provide advice about the findings of our audit activities.
• The JCPAA has recently tabled a report from its inquiry into probity and ethics, titled ‘The never-ending quest for the golden thread’. In this report, the committee noted that there is a lack of accountability within and across the system in relation to culture. The committee found that ‘What stands between the law and the achievement of outcomes in a manner that demonstrates probity and ethical behaviour, the Committee concluded, is culture. Agencies have much work to do to develop metrics by which organisational culture can be more accurately measured and assessed’.
• The committee made several recommendations across the public sector to improve current definitions of culture and measurements of culture; implement frameworks of integrity; and to have stronger guidance on the nature of breaches of key public sector frameworks.
• If you haven’t yet had the chance to read the JCPAA report, I would strongly encourage you to do so.
• I also thought I would note that the JCPAA has just commenced two new inquiries – one into contract management frameworks operated by Commonwealth entities and one on the administration of Commonwealth regulations. Details on these inquiries can be found on the JCPAA website.

• That is everything I wanted to cover off on this morning.
• Thank you again for your attendance. We hope you find it to be a productive and robust program and I encourage you to engage and ask any questions you may have throughout the forum.

The slides from the forum are available at Related documents on this page.