Consolidated financial statements

Audit results

1. The CFS presents the whole of government and the General Government Sector financial statements. The 2022–23 CFS were signed by the Minister for Finance on 15 November 2023 and an unmodified auditor’s report was issued by the Auditor-General on 17 November 2023.

2. There were no significant or moderate audit issues identified in the audit of the CFS in 2022–23 or 2021–22.

Australian Government financial position

3. The Australian Government reported a net operating balance of a surplus of $24.9 billion ($20.6 billion deficit in 2021–22). The Australian Government’s net worth deficiency decreased from $607.2 billion in 2021–22 to $570.2 billion in 2022–23 (see paragraphs 1.7 to 1.27).

Financial audit results and other matters

Quality and timeliness of financial statements preparation

4. The ANAO issued 241 unmodified auditor’s reports as at 30 November 2023, including the CFS. The financial statements were finalised and auditor’s reports issued for 91 per cent (2021–22: 86 per cent) of entities within three months of financial year-end.

5. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-two per cent of entities delivered financial statements in line with an agreed timetable, an increase compared with 2021–22 (65 per cent). The total number of adjusted and unadjusted audit differences decreased during 2022–23, although 50 per cent of audit differences remained unadjusted. The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance frameworks over financial statements preparation processes (see paragraphs 2.146 to 2.163).

Timeliness of financial reporting

6. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. There has been a decline in the number of entities that tabled an annual report prior to the portfolio’s Senate estimates hearing. Sixty-six per cent of entities that are required to table an annual report in Parliament tabled prior to the date that the portfolio’s Senate estimates hearing commenced (2021–22: 74 per cent). Of the entities required to table an annual report, 13 per cent (2021–22: 8 per cent) had not tabled an annual report as at 30 November 2023 (see paragraphs 2.164 to 2.174).

Internal audit

7. Internal audit plays an important role in providing assurance over an entity’s system of risk management and internal control. Although not mandated, the majority of entities had established an internal audit function. The ANAO reviewed the structure of and coverage provided by internal audit. Identified areas for improvement include: adopting formal audit committee charters; developing and monitoring internal audit budgets to determine they are fit for purpose and considering appropriate organisational structure for the officer overseeing the internal audit function (see paragraphs 2.35 to 2.58).

8. Twenty-one per cent of entities decreased their internal audit budget in the period 2020–21 to 2022–23. There were 2,687 internal audits undertaken by Commonwealth entities between 2020–21 and 2022–23. Most internal audits completed focused: systems of risk management and governance; information, communications and technology, project and program management; and financial controls. Over this period there was a decrease in internal audits completed on procurement and information, communications and technology, but an increase in internal audits completed on cyber security and performance reporting (see paragraphs 2.59 to 2.76).

9. There is an opportunity for the Australian Government to consider whether guidance relating to the implementation and delivery of internal audit would be beneficial to enhance the Australian Government’s system of internal control.

Emerging technology

10. Use of emerging technologies in the sector requires governance thinking. Emerging technologies, such as Artificial Intelligence, Machine Learning and Robotic Process Automation present opportunities for improvement and innovation, and risks. Thirty-six entities advised the ANAO that they had adopted some form of emerging technology. The majority of entities adopting these technologies did not create policies or a governance framework to support their use of these technologies, or have regard to external policies guidance such as Australia’s eight Artificial Intelligence Ethics Principles. The lack of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences (see paragraphs 2.27 to 2.31).

Summary of audit findings

11. Total number of findings identified by the ANAO has decreased. A total of 196 findings were reported to entities as a result of the 2022–23 financial statements audits (a decrease from 2021–22). These comprised nine significant, 36 moderate, 137 minor findings and 14 legislative breaches. The highest number of findings are in the categories of:

• governance of legal and other matters impacting entity financial statements;
• IT governance including security, change management and user access; and
• accounting and control of non-financial assets.

12. These audits findings included three significant legislative breaches, one of which was first identified since 2012–13. The majority of legislative breaches relate to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal. It is important that entities have a robust framework in place to govern payments made to executives to ensure that they are consistent with policy or legal requirements (see paragraphs 2.77 to 2.145).

Governance of legal and other matters impacting financial statements

13. During 2022–23 the ANAO identified four significant audit findings across four entities in relation to weaknesses in financial statement preparation processes with respect to consideration of legal matters. These audit findings indicate a failure in governance supporting the preparation of the financial statements. These weaknesses included the assessment of the impact of the receipt of legal advice or recently determined legal matters which has the potential to affect an entity’s administration, financial management and financial reporting obligations. These findings highlighted instances where information on legal matters was not referred to entity Chief Financial Officers, or was not otherwise assessed for impact on the financial statements. In other instances evidence identified by the ANAO during the course of the audits did not accord with management representations and additional audit work was required to be undertaken by the ANAO. The ANAO recommended that the entities design, document and implement processes to ensure legal and other matters are considered when preparing financial statements and that all matters identified for consideration are communicated to the ANAO (see paragraphs 2.110 to 2.111).

Information Technology governance

14. In 2022–23 there was an increase in the number of audit findings relating to weaknesses in change management policies and controls for IT systems. The ANAO found that 78 per cent of entities assessed do not have an effective control to monitor access or activity in entities’ systems after user cessation (see paragraphs 2.89 to 2.101).

Accounting for computer software

15. Accounting for computer software requires improvement. The value of computer software recognised by entities totalled $22.1 billion at 30 June 2023. Entities have recorded a cumulative write-downs and impairment of $789.1 million in the period 2019–20 to 2022–23. During 2022–23 the ANAO identified an increase in weaknesses in entity processes for accounting for computer software, particularly with respect to Software as Service, impairment and software under construction. The significance of the investment in computer software and the nature of the findings identified indicate that there are opportunities for entities to improve quality assurance frameworks supporting accounting for computer software (see paragraphs 2.118 to 2.125).

Financial sustainability

16. An assessment of an entity’s financial sustainability can provide an indication of financial management issues or signal a risk that the entity will require additional or refocused funding. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk. There would be benefit in the Australian Government developing financial sustainability performance targets or benchmarks. This would enable an entity to assess its own financial sustainability against agreed parameters over time, and against like entities (see paragraphs 2.175 to 2.205).

Reporting and auditing frameworks

Changes to the Australian public sector reporting framework

17. There are no significant changes to accounting standards affecting the Commonwealth for 2022–23. The revised requirements for Australian Auditing Standard ASA 315 Identifying and Assessing the Risks of Material Misstatement effective for financial years commencing 2022–23 have been incorporated into the ANAO’s audit methodology. The application of ASA 315 by the ANAO has resulted in the identification of an increased number of areas of weakness in entities’ use of and reliance on IT (see paragraphs 3.6 to 3.8).

18. Sustainability reporting is also a rapidly emerging area of interest, and the ANAO is contributing to discussions as reporting and assurance standards. Key developments in sustainability reporting and assurance included the issuance of international sustainability reporting and assurance standards and release of exposure drafts of Australian sustainability reporting and assurance standards. The Department of the Treasury commenced development of a broad sustainable finance reporting framework for Australia which includes climate-related financial disclosures, and the Department of Finance commenced related work to implement appropriate arrangements for Commonwealth public sector entities and companies to disclose exposure to climate-related risks develop (see paragraphs 3.12 to 3.18).

19. The ANAO quality assurance framework has been updated to ensure compliance with the new and revised Australian Quality Management Standards effective 15 December 2022. The revised standards introduce a framework for quality management that is focused on proactively identifying and responding to quality risks (see paragraphs 3.25 to 3.31).

20. Data analytics continues to be a focus for the ANAO, and audits undertaken in 2022–23 have continued to build on previous initiatives to enhance audit quality and efficiency (see paragraphs 3.32 to 3.39).

Cost of this report

21. The cost to the ANAO of producing this report is approximately $430,000.

Background

1.1 Government accountability and transparency is supported by the preparation and audit of the Australian Government’s CFS. The CFS and the associated financial analysis provide information to assist users in assessing the financial performance and position of the Australian Government. The CFS is prepared by the Department of Finance (Finance) and issued by the Minister for Finance.

1.2 The CFS presents the consolidated whole of government financial results which includes the results of all Australian Government controlled entities, as well as the GGS financial statements. The 2022–23 CFS is prepared in accordance with section 48 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the requirements of the Australian Accounting Standards, particularly AASB 1049 Whole of Government and General Government Sector Financial Reporting (AASB 1049).

1.3 AASB 1049 requires, with limited exceptions, the principles and rules in the Australian Bureau of Statistics’ Government Finance Statistics (GFS) Manual to be applied in the preparation of the CFS where compliance with the GFS Manual would not conflict with Australian Accounting Standards.

Key areas of financial statements risk

1.4 The ANAO’s 2022–23 audit approach identified six key areas of financial statements risk that had the potential to impact the Australian Government and which were considered Key Audit Matters (KAM).

Table 1.1: Key areas of financial statements risk

Note a: Figures presented in Table 1.1 may differ from the financial statements of individual entities because of eliminations and adjustments at the CFS level or where the entities identified contribute a majority to the balance of the financial statement line item.

Note b: These are the main government entities responsible for administration and reporting of Australian Government superannuation liabilities. Liabilities also include schemes managed by other entities, such as the Australian Postal Corporation.

Source: ANAO 2022–23 audit results, and the CFS for the year ended 30 June 2023.

Audit results

1.5 The 2022–23 CFS was signed by the Minister for Finance on 15 November 2023 and the Auditor-General’s unmodified auditor’s report was issued on 17 November 2023.

1.6 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits of the CFS.

Australian Government’s financial outcome

1.7 The following provides analysis of key financial balances for the Australian Government.

Operating result

1.8 The following key financial measures were reported for 2022–23:

• net operating balance was a surplus of $24.9 billion (compared to a deficit of $20.6 billion in 2021–22);
• operating result was a surplus of $13.7 billion (compared to a surplus of $28.3 billion in 2021–22); and
• comprehensive result (change in net worth) was an increase in net worth of $38.4 billion (compared to an increase of $135.8 billion in 2021–22).

1.9 Figure 1.1 presents the changes in the Australian Government’s net operating balance from 1 July 2022 to 30 June 2023.

Figure 1.1: Changes in the Australian Government’s net operating balance from 1 July 2022 to 30 June 2023

Source: ANAO analysis of the 2022–23 CFS.

1.10 Table 1.2 provides commentary on the main contributors to the change in net operating balance of the Australian Government identified in Figure 1.1.

Table 1.2: Explanation of key movements in net operating balance

Source: ANAO analysis of 2022–23 CFS.

1.11 There were instances of expenditure brought forward into 2022–23 that impacted on the underlying cash balance. The cash payments in 2022–23 were as a result of decisions by the Australian Government to make payments before 30 June 2023. The impact of these payments was to reduce the underlying cash balance (surplus) at 30 June 2023, however, except for the last item, they have not impacted the net operating balance, as disclosed in the CFS as discussed below:

• $2.3 billion in prepayments under the Disaster Recovery Funding Arrangement made by the Department of Treasury. This decreased the provision for disaster recovery payments but resulted in a decrease in the underlying cash balance;
• $0.5 billion in prepayments relating to foreign military sales, the procurement of ICT hardware and the purchase of additional marine diesel fuel by the Department of Defence. These payments reduced the underlying cash balance; and
• $0.4 billion increase in Financial Assistance Grants under national recovery payments, as a result of a bring-forward amount from 75 per cent in 2021–22 to 100 per cent in 2022–23 to assist with the national recovery from COVID-19 and natural disasters. These payments reduced the operating result and underlying cash balance.

Classification of expenses by the functions of Government

1.12 Figure 1.2 provides an analysis of the Australian Government’s expenses by function from 1 July 2018 to 30 June 2023. As a percentage of total expenses, each function has remained stable during this period, except for:

• ‘Other purposes’: Payments to States – Increased due to additional General Revenue Assistance from Treasury for increased payments under national partnership agreements and for GST distribution;
• ‘Other economic affairs’: During 2019–20 and 2020–21 the ‘Other economic affairs’ function included higher expenses due to the JobKeeper and cashflow boost payments which supported businesses and individuals impacted by the effects of the COVID-19 pandemic. The percentage of expenditure has returned to pre-pandemic levels by 2022–23; and
• ‘General public services’: The movement is the result of a $12.3 billion increase in interest paid by RBA for the exchange settlement accounts as discussed in Table 1.2.

Figure 1.2: Proportion of expenses of Government by function from 2018–19 to 2022–23

Note a: The ‘Other purposes’ function includes interest on Australian Government debt.

Note b: The ‘Other economic affairs’ function represents non-standard payments including storage, tourism promotion, labour market assistance to industry and industrial relations.

Note c: ‘Other expenses’ includes payments to: agriculture, forestry and fishing; fuel and energy; housing and community amenities; mining, manufacturing and construction; public order and safety; recreation and culture; transport and communications.

Source: ANAO analysis of the CFS from 2018–19 to 2022–23.

Australian Government’s financial position

Net worth

Changes in the Australian Government’s net worth from 1 July 2022 to 30 June 2023

1.13 The Australian Government’s net worth deficiency reduced from $608.7 billion in 2021–22 to $570.2 billion in 2022–23. Figure 1.3 provides an analysis of the movement in net worth from 1 July 2022 to 30 June 2023.

Figure 1.3: Changes in the Australian Government’s net worth from 1 July 2022 to 30 June 2023

Source: ANAO analysis of the 2022–23 CFS.

1.14 Table 1.3 provides commentary on the main contributors to the change in net worth of the Australian Government identified in Figure 1.3.

Table 1.3: Explanation of key movements in net worth

Source: ANAO analysis of 2022–23 CFS.

Changes in the Australian Government’s net worth from 2013–14 to 2022–23

1.15 Figure 1.4 illustrates the total assets, total liabilities and net worth of the Australian Government since 2013–14. During the period:

• Total assets: increased from $489.8 billion to $1,090.3 billion;
• Total liabilities: increased from $754.1 billion to $1,660.6 billion; and
• Net worth: net worth position decreased, from a deficit of $264.3 billion to a deficit of $570.2 billion.

Figure 1.4: Australian Government’s total assets, total liabilities and net worth, from 2013–14 to 2022–23

Source: ANAO analysis of the 2013–14 to 2022–23 CFS.

Government securities

1.16 Government securities are primarily issued to meet the financing needs to the Australian Government and are issued to fund the operations of the Australian Government because over the period from 2013–14 to 2021–22, the Australian Government’s expenses have been greater than revenue it received. During 2022–23, this trend has been reversed with revenue exceeding expenses for the first time in 15 years. Figure 1.5 below illustrates the trend of Australian Government revenue and expenses over the period 2013–14 to 2022–23.

Figure 1.5: Australian Government revenue and expense for the period 2013–14 to 2022–23

Source: ANAO analysis of the 2013–14 to 2022–23 CFS.

1.17 AOFM is responsible for managing the Australian Government Securities which totalled $825.5 billion in Government Securities for the GGS, comprised of Treasury Bonds, Treasury Indexed Bonds and Treasury Notes, at 30 June 2023. The value of the Australian Government’s Debt is $574.7 billion due largely to the RBA holding a portion of Government Securities on issue. Figure 1.6 shows that the interest paid by AOFM for Australian Government securities on issue, with an increasing interest expenses and an expectation that it will continue to increase in the short term.

1.18 Yields have increased which has had an impact on the interest cost on AOFM issued debt. Figure 1.6 demonstrates the interest paid by AOFM on Government Securities over the period five year period from 2018–19 to 2022–23. Interest repayments are forecast to grow over time as new bonds are issued at higher interest rates.

Figure 1.6: AOFM Government Securities Interest Paid from 2018–19 to 2022–23

Source: ANAO analysis of AOFM from 2018–19 to 2022–23.

Net debt

1.19 There was a steady growth in net debt as a percentage of Gross Domestic Product (GDP) since 2013–14, growing from 7.3 per cent and peaking in 2020–21 at 23.9 per cent due to the COVID-19 pandemic. Since this time there has been a decrease in the net debt position to 16.3 per cent of GDP in 2022–23. This improvement was the result of:

• the decrease of $13.4 billion in the fair value of Australian Government debt on issue due to rising interest rates;
• the decrease of $13.5 billion at the RBA primarily due to scheduled maturity of the Term Funding Facility following the COVID-19 pandemic; and
• the Australian Government’s surplus in 2022–23, for which the Government Securities on issue from the AOFM decreased by $1.6 billion.

1.20 Net interest payments were $14.9 billion in 2022–23 compared to $9.5 billion in 2021–22.² Due to the size of the Australian Government’s debt portfolio and an environment of rising interest rate it is expected that there will be an increase in interest payments in the future.

1.21 Figure 1.7 illustrates the change in the indicators of the net financial position and net interest payments of the Australian Government from 2013–14 to 2022–23 as a percentage of GDP.

Figure 1.7: Australian Government net debt position as per cent of GDP, from 2013–14 to 2022–23

Source: ANAO analysis of 2022–23 commentary on the CFS.

Superannuation liabilities and the Future Fund

1.22 The Australian Government has superannuation liabilities arising from obligations to employees for defined benefit superannuation schemes. Note 9C of the CFS provides information on the nature of these schemes. The total superannuation net liability for these schemes was $313.1 billion as at 30 June 2023 ($322.0 billion as at 30 June 2022). The significant balances of the reported net liability relate to the following schemes that are closed to new members:

• Commonwealth Superannuation Scheme ($69.5 billion);
• Public Sector Superannuation Scheme ($103.2 billion);
• Military Superannuation Benefits Scheme ($100.1 billion); and
• Defence Force Retirement and Death Benefits Scheme ($33.8 billion).

1.23 The primary reason for the decrease in the liability is the increase in the discount rate used in valuing the superannuation liability between 30 June 2022 and 30 June 2023³. The long term nature of the superannuation liability means that small changes to the discount rate can have a large impact on the estimation of the value of the liability.

1.24 The Future Fund was established by the Future Fund Act 2006 to strengthen the Australian Government’s long-term financial position through the acquisition of financial assets and investments to assist in the discharge of the Australian Government’s superannuation liabilities. The Future Fund Board of Guardians is responsible for deciding how to invest the assets of the Future Fund through balancing the risk aspects of each investment mandate to maximise returns.

1.25 Figure 1.8 provides an overview of the balances of the Australian Government superannuation liabilities, the net investment balance of the Future Fund and the target asset level (TAL) from 2013–14 to 2022–23.

Figure 1.8: Total value of Australian Government superannuation liabilities and Future Fund investments, and the target asset level, from 2013–14 to 2022–23

Source: ANAO analysis of 2022–23 CFS and the Target Asset Level Declaration issued by the designated actuary of the Future Fund on 25 June 2021.

1.26 The TAL represents the best estimate of the assets required, together with investment earnings on those assets, which would be sufficient to meet unfunded superannuation benefit payments accrued up to the start of the financial year. The discount rate used to calculate the present value of future payments for TAL purposes represents the expected investment return on Future Fund assets. The Australian Government’s superannuation liability included in Figure 1.8 reflects the present value of future unfunded superannuation benefits payments discounted using the Commonwealth bond rate, in accordance with Australian Accounting Standards.

1.27 Figure 1.8 shows that the 2022–23 estimate of the TAL is $222.7 billion⁴, which is above the current Future Fund investment asset balance of $202.9 billion (2022: $195.1 billion). The Future Fund Act 2006 permits drawdowns when the balance of the Future Fund equals or exceeds the TAL. The Australian Government has previously announced it would delay drawdowns from the Future Fund until at least 2026–27.

Investments for policy purposes

1.28 The Australian Government reports fiscal aggregates including net operating balance and underlying cash. These aggregates exclude cash or accounting movements that are of an investment or financing nature, such as investments made for policy purposes and the fair value losses on these investments.

1.29 Investments made for policy purposes have elements of economic and social benefits in addition to providing commercial returns to the Australian Government. These investments are also referred to as alternative financing arrangements.

1.30 The Parliamentary Budget Office (PBO) has noted that — ‘under successive governments there has been a shift toward delivering more government policies using alternative financing arrangements rather than direct payments’.⁵ The Joint Committee of Public Accounts and Audit (JCPAA) conducted an inquiry into Alternative Financing Mechanisms and released its report in March 2022.⁶

1.31 The JCPAA recommended that the Minister for Finance ‘consider changes to improve transparency for equity investments’ consistent with proposed improvements identified by the PBO to budget documents to assist Parliament in scrutinising investments for policy purposes.

1.32 Segregating the commercial and non-commercial portions (economic and social benefits) of the investments to better reflect the implications on key fiscal aggregates in the financial statements would also be beneficial. This would better reflect the initial cost and/or losses expected on investments made for policy purposes where a sufficient rate of return is not expected, as losses in subsequent years would not be reflected in underlying cash balances.

1.33 This would improve transparency on where the Government for policy purposes, is investing and seeking a sufficient rate of return on equity compared with those circumstances where the Government is not investing to make a sufficient rate of return.

1.34 In response to the JCPAA’s recommendations, the Department of Finance introduced improvements to the transparency and disclosure in budget reporting of balance sheet items as part of the 2023–24 Budget. These improvements were made to enhance the understanding of the Australian Government’s financial position by parliamentarians and the public. These included:

• the disclosures of investments, loans and placements have been disaggregated in the 2023–24 budget papers to provide estimates for collective investment vehicles, residential mortgage-backed securities, and other interest-bearing securities. These disclosures correspond with the Consolidated Financial Statements;
• enhanced disclosure and analysis to show composition of balance sheet assets and liabilities and movements over time. The additional disclosures provide detail on the estimated balances of the Australian Government’s investment funds and superannuation schemes and the asset allocation of the Future Fund; and
• narrative disclosures on the definitions of equity investments have also been included in the budget papers and more guidance and resources have been published on the Department of Finance website⁷.

1.35 The Department of Finance has advised the JCPAA that it will continue to look for opportunities to improve the level of transparency and disclosure contained in the Budget Papers.⁸

1.36 The ANAO has reviewed the recommendation regarding better segregation of the commercial and non-commercial portions (economic and social benefits) of the investments to better reflect the implications on key fiscal aggregates (of underlying cash and net operating balance) in the financial statements. The impact of the equity injections on operations of these entities is not reflected in the net operating balance unless dividends are received from the entities. The ongoing valuations of these entities are reflected in net worth. If the valuation of these entities deteriorates (for example as a result of accumulating losses or the valuation of future cash flows associated with assets procured through equity injections being less than their purchase costs), the deterioration in the position will be reflected in the GGS’ net worth but not impact on the net operating balance even if the deterioration was a predictable result of a non-commercial policy decision. The Department of Finance should review the appropriateness of its return-on-investment forecast model to improve guidance on the accounting treatment of equity injections when the investment has elements of economic and social benefits.

Definitions used in this chapter

1.37 Table 1.4 below provides a glossary of the key fiscal aggregates and other terminology used in this chapter to explain the Australian Government’s net worth and financial performance.

Table 1.4: Definitions of terms used

Source: Australian Bureau of Statistics (2015). Australian System of Government Finance Statistics: Concepts, Sources and Methods; AASB 101 Preparation of Financial Statements, paragraph 5 and 7; AASB 1049 Whole of Government and General Government Sector Financial Reporting, Appendix A; and Reserve Bank of Australia (2017). Glossary RBA. [Internet], available from https://www.rba.gov.au/glossary/ [accessed 9 November 2023].

Introduction

2.1 The Auditor-General is mandated by the Public Governance, Performance and Accountability Act 2013 (PGPA Act) to audit and form an opinion on the financial statements of all Commonwealth entities and companies (and their controlled subsidiaries).⁹ This chapter summarises the results of the 2022–23 financial statements audits and provides commentary on specific topics which relate to the governance and administration of entities.

Summary of 2022–23 auditor’s reports

Auditor’s reports issued

2.2 A comparison of the number and type of auditor’s reports issued by the Auditor–General and his delegates in 2021–22 and 2022–23 (as at 30 November 2023), including the CFS is summarised at Table 2.1.

Table 2.1: Summary of auditor’s reports issued and outstanding as at 30 November 2023

Note a: Fifteen of the unmodified auditor’s reports included an emphasis of matter.

The auditor’s report for eight entities included an emphasis of matter to draw users’ attention to the basis of preparation of the financial statements or restrictions on the distribution or use of the auditor’s report. These entities are: Australia Post Licensee Advisory Council Ltd, Australian Sports Foundation Charitable Trust, Darwin Hotel Partnership, Gagudju Lodge Cooinda Trust, IBA Retail Property Trust, Ikara Wilpena Holdings Trust, Performance Bond Fund Trust and Tennant Creek Land Holding Trust.

An emphasis of matter was included in the auditor’s report for two entities to draw user’s attention to a material uncertainty associated with the operations of the entity. These entities are: Gagudju Lodge Cooinda Trust and Kakadu Tourism (GLC) Pty Ltd.

The auditor’s report for seven entities included an emphasis of matter to draw to users’ attention a particular matter in the financial statements. These entities are: ANSTO Nuclear Medicine Pty Ltd, Australian Scientific Instruments Pty Ltd, Australian Securities and Investments Commission, Bureau of Meteorology, Creative Partnerships Australia Ltd, Department of Veterans’ Affairs and Seafarer’s Safety, Rehabilitation and Compensation Authority. For details of each of matters included in the auditor’s report refer to Chapter 4.

Note b: As at 30 November 2023, the 2022–23 financial statements audits had not been finalised for the following entities: Bundanon Trust, Royal Australian Navy Central Canteens Board and Wreck Bay Aboriginal Community Council.

Note c: As at 2 December 2022, the 2021–22 financial statements audits had not been finalised for 10 entities. The results of these audits are included at Appendix 5.

Note d: The Consolidated Financial Statements is included in the total number of financial statements audits.

Source: 2021–22 and 2022–23 ANAO auditor’s reports.

2.3 The finalisation of a financial statements audit is marked by the signing of the auditor’s report. Figure 2.1 shows that the percentage of entities with financial statements and the associated auditor’s report signed within three months of the reporting year-end has increased from 2021–22. Ninety-one per cent of auditor’s reports were signed within three months of year-end compared to 86 per cent in 2021–22.

Figure 2.1: Timeframes for auditor’s report signing from the end of financial year

Source: ANAO analysis.

2.4 The ANAO issued 99 per cent of auditor’s reports within two business days of the signing of the financial statements by the accountable authority (2021–22: 98 per cent).

Key audit matters

2.5 While ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report (ASA 701) only requires Key Audit Matters (KAM) reporting for listed entities, the Auditor-General considers including KAM to be good practice for financial statements auditing in the public sector and includes KAM in certain audit reports. Communicating KAM helps users of financial statements better understand those matters that, in the auditor’s professional judgement, were of the most significance in the audit of the financial statements.

2.6 The ANAO has reported KAM in 2022–23 for the entities included in Auditor-General Report No. 26 of 2022–23 Interim Report on Key Financial Controls of Major Entities (ANAO Report No. 26) and the Consolidated Financial Statements (CFS). In 2022–23, a total of 58 KAM were reported across 27 entities (compared with 57 KAM reported across 25 entities in 2021–22). The majority of KAM related to the valuation, allocation and accuracy of assets and liabilities, including:

• advances, loans and other receivables, including accounting for concessional loans;
• non-financial assets including property, plant and equipment and specialist military equipment;
• investments in listed or unlisted entities or other financial products;
• intangibles, including computer software;
• leases; and
• provisions, including defined benefit superannuation funds and personal benefits.

2.7 Other KAM included: completeness and accuracy of expenses relating to personal benefits and other payments; and completeness and accuracy of revenue relating to taxation, royalty and other revenue arising from fees and charges. Further details of the KAM reported are included in the discussion of results of financial statements audits in Chapter 4 of this report.

Assessment of entities’ internal control environment supporting the preparation of financial statements

2.8 The ANAO applies the framework in ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment to consider the impact of elements of an entity’s internal controls supporting the preparation of financial statements. This approach provides a basis for designing and implementing responses to the assessed risk of material misstatement. Figure 2.2 below outlines these elements.

Figure 2.2: Elements of entity internal controls

Source: ASA 315 Identifying and assessing the risk of material misstatement through understanding the entity and its environment, paragraphs 4 to 21.

2.9 An effective internal control framework provides a level of assurance that entities are able to prepare financial statements that are free from material misstatement. For the majority of entities in 2022–23, key elements of internal control were operating effectively, providing the ANAO with reasonable assurance that the prepared financial statements were free from material misstatement.

2.10 Except for particular finding/s outlined in Chapter 4¹⁰, key elements of internal control were operating effectively to provide reasonable assurance that entities are able to prepare financial statements that are free from material misstatement. These particular findings reported to entities’ represented moderate business or financial management risk to the entity.

2.11 For entities where audit findings were reported, the ANAO was required to undertake additional audit procedures to obtain sufficient and appropriate audit evidence that provided reasonable assurance the entity’s financial statements were not materially misstated.

2.12 Table 2.2 details the assessment of the effectiveness of the elements of internal control at the conclusion of the final audit for the entities included in this report.

Table 2.2: Assessment of the effectiveness of the elements of internal control

Source: ANAO analysis of 2022–23 audit results.

2.13 There were 12 significant audit findings reported for 10 entities during 2022–23 which reduced the level of reliance which could be placed on the effective operation of internal control supporting the preparation of the financial statements. The audit findings reported to these entities presented a significant business or financial management risk to each entity. These included issues that could result in a material misstatement of the entity’s financial statements.

2.14 The ten entities are: Army and Air Force Canteen Service; the Australian Taxation Office; Bundanon Trust, the Departments of: Defence; Education; Health and Aged Care; and Social Services, the National Archives of Australia; Royal Australian Navy Central Canteens Board and Services Australia.

Control environment

2.15 The PGPA Act sets out the requirements to establish and maintain systems relating to risk and control. Section 16 of the PGPA Act states that:

The accountable authority of a Commonwealth entity must establish and maintain:

(a) an appropriate system of risk oversight and management for the entity; and

(b) an appropriate system of internal control for the entity;

including by implementing measures directed at ensuring officials of the entity comply with finance law.^{11, 12}

2.16 An effective control environment is underpinned by a fit-for-purpose governance structure. Indicators of an effective governance structure include whether management has established frameworks and processes that promote positive attitudes, awareness and actions concerning the entity’s internal controls and their importance in the entity. The main elements reviewed included: governance structures relevant to the preparation of the financial statements; audit committee and assurance arrangements; systems of authorisation; and processes for recording financial transactions.

2.17 Clear lines of accountability and reporting are important in establishing a strong internal control environment for the purposes of preparing the financial statements. The involvement of those charged with governance is an important element of these structures. Just as important is ensuring that staff at all levels in an entity understand their own role in the control framework. This can be achieved through the issuance of accountable authority instructions and delegation instruments.

Audit committees

2.18 Except for the seven entities below, entities had established audit committees that met the membership requirements outlined in section 17¹³ or section 28¹⁴ of the PGPA Rule. The PGPA Rule requires that the Accountable Authority (or head of the Accountable Authority in the case of a board), Chief Executive and Chief Financial Officer must not be members of the Audit Committee. The PGPA Rule also requires that:

• for non-corporate Commonwealth entities there is at least three members who are independent of the entity and a majority of the members must not be officials of any Commonwealth entity; and
• for corporate Commonwealth entities all members must not be employees of the entity.

2.19 These entities were: AAF Company; Australian Broadcasting Corporation; Australian Institute of Health and Welfare; Australian Strategic Policy Institute Ltd; Bundanon Trust and Royal Australian Air Force Veterans’ Residences Trust Fund.¹⁵

Risk assessment processes

2.20 Section 16 of the PGPA Act sets out an accountable authority’s responsibilities regarding the establishment of appropriate risk oversight and management in an entity. An understanding of an entity’s process to identify and manage risk is essential to an effective and efficient financial statements audit. A review of this process is completed to assist the ANAO to understand how entities identify and manage risks relating to financial statements and assess the risk of material misstatement to an entity’s financial statements.

2.21 One significant legislative breach has been reported by the ANAO in relation to non-compliance with section 16 of the PGPA Act relating to the Tiwi Land Council, which has not established a formal risk management policy.

Fraud control

2.22 Section 10 of the PGPA Rule details the minimum standards for accountable authorities of Commonwealth entities for managing the risk and incidence of fraud. The accountable authority of an entity must take all reasonable measures to prevent, detect and deal with fraud relating to the entity. This includes conducting fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity.¹⁶ The ANAO’s assessment of entities’ fraud risk assessment procedures identified that 13 entities had not conducted a fraud risk assessment within the past two years.

Information systems and communication

2.23 The information system relevant to the preparation of the financial statements consists of activities and policies, and accounting and supporting records, designed and established to initiate, record and process entity transactions (as well as to capture, process and disclose information about events and conditions other than transactions).

2.24 An entity’s business processes include activities that are designed to record information, including accounting and financial reporting information and to ensure compliance with laws and regulations.

2.25 Ninety-five audit findings have been reported to entities in 2022–23 relating to the IT control environment, accounting for 48 per cent of all audit findings identified by the ANAO. The most common findings identified related to weaknesses in: privileged and other user access and change management. Further information relating to these findings is available in paragraphs 2.84 to 2.108.

2.26 Two moderate audit findings have also been reported relevant to the activities designed to record financial information:

• National Blood Authority – weaknesses identified in relation to the classification and allocation of funding expenditure between departmental and administered funds; and
• Bureau of Meteorology – weaknesses in the management of records supporting the recognition and measurement of property, plant, equipment and intangibles; leases; and revenue.

Emerging technologies

2.27 Emerging technologies¹⁷ are new technologies or the further development of existing technologies. Key emerging technologies include robotic process automation¹⁸ (RPA) and artificial intelligence¹⁹ (AI), including generative AI and machine learning (ML).

2.28 Government organisations around the world are adopting emerging technologies to help them achieve their public purpose or mission.²⁰

2.29 Emerging technologies present opportunities for improvement and innovation, and risks. Some of the risks include a lack of transparency, bias and discrimination, security and privacy concerns, legal and regulatory challenges, misinformation, manipulation and unintended consequences.

2.30 Appropriate governance structures are critical to achieving the ethical and responsible use of emerging technologies. Entities governance structures should consider usage of the technologies, an understanding of the operation of the technologies and consider both business and technology perspectives.²¹

2.31 The Digital Transformation Agency (DTA) has released an initial Data and Digital Government Strategy outlining its vision to deliver simple, secure, and connected public services for all people and business through world class data and digital capabilities.²² In addition, the Department of Industry, Science and Resources (DISR) has designed Australia’s eight Artificial Intelligence Ethics Principles to ensure AI²³ is safe, secure and reliable.

Control activities

2.32 The control activities component of an entities’ system of internal control are primarily direct controls which are designed to prevent, detect or correct misstatements.²⁴ Auditors are required to evaluate the design of the controls and determine whether the controls have been implemented. Controls include authorisations and approvals, reconciliations, verifications (such as edit and validation checks or automated calculations), segregation of duties, and physical or logical controls, including those addressing safeguarding of assets.

2.33 Where the ANAO identifies one or more control deficiencies, the ANAO assesses whether, individually or in combination, the deficiencies constitute a significant deficiency and reports these to accountable authorities as audit findings. The ANAO applies professional judgement in determining whether a deficiency represents a significant control deficiency. Information relating to the audit findings identified by the ANAO during 2022–23 is available at paragraphs 2.77 to 2.145.

Monitoring of controls

2.34 Entities undertake many types of activities as part of their monitoring of control processes, including external reviews, self-assessment processes, post-implementation reviews and internal audit. The level of review of these activities by the ANAO is determined through a risk assessment approach that takes into consideration the nature, extent and timing of each activity and the activities’ application to the preparation of the financial statements.

2.35 Internal audit can provide accountable authorities with independent and objective assurance, particularly in relation to the design and operating effectiveness of an entity’s system or risk management and internal control. The ANAO has reviewed the structure of and coverage provided by entity internal audit functions in 2022–23 (see paragraphs 2.36 to 2.76).

Internal audit

2.36 The Institute of Internal Auditors (IIA) defines an internal audit function as being:

A department, division, team of consultants, or other practitioner(s) that provides independent, objective assurance and consulting services designed to add value and improve an organization’s operations. The internal audit activity helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.²⁵

2.37 There is no mandated requirement for Commonwealth entities or companies to establish an internal audit function. However, Section 16 of the PGPA Act requires the accountable authority to establish and maintain an appropriate system of risk oversight and management; and appropriate system of internal control.

2.38 An appropriately designed and resourced internal audit can assist the accountable authority of an entity to obtain assurance over the design, implementation and operating effectiveness of the system of risk management and internal control within an entity. The Australian Securities and Investments Commission notes that:

An internal audit function can contribute to corporate governance by providing an organisation’s directors and audit committee with independent reviews of, and suggestions for, improving the design and operation of the organisation’s financial and non-financial control environment…

Internal audit can be an important element in the control environment of organisations and can contribute to more effective risk management.²⁶

2.39 The Department of Finance’s (Finance) Resource Management Guides (RMG) relating to audit committees describe the importance of internal audit, particularly: ‘the relationship between the audit committee and the managers of the internal audit function is central to enabling the audit committee to meet its responsibilities’.²⁷ Finance outlines that an audit committee should:

• have input into the internal audit work plan; and
• have access to internal audit reports in order to inform its advice to the accountable authority.²⁸

2.40 The ANAO has analysed the design, independence and internal audits completed provided during the period 2020–22 to 2022–23.²⁹ The ANAO’s analysis has been undertaken with reference to the standards issued by the IIA³⁰, best practice and guidance issued by other regulators and bodies within Australia.

2.41 The standards issued by the IIA are not mandated for application by entities. The purpose of the IIA standards is to establish principles and practices for internal audit, and a framework within which it can be performed. The IIA standards also provide a basis for the evaluation of the performance of internal audit, and promotion of a culture focussed on improving organisational processes and operations.

2.42 The ANAO’s analysis indicates that there is an opportunity for the Australian Government to consider whether policies or guidance relating to implementation and delivery of internal audit would enhance the Australian Government’s system of internal control.

Establishment of the internal audit function

2.43 The majority of entities had an internal audit function during 2022–23. The ANAO’s analysis indicated that 16 per cent of entities did not have an internal audit function.³¹ These entities advised the ANAO that they did not have internal audit due to the entity’s view on the:

• level of complexity or scale of their entity’s operations;
• system of risk management and internal control operated effectively.

2.44 The Australian Securities Exchange (ASX) Corporate Governance Principles and Recommendations recommend that where a listed entity does not have internal audit those charged with governance should formally and periodically review the need for such a function.³² The ASX also recommends that where an entity does not have an internal audit function it should document and disclose the process employed for evaluating and continually improving the effectiveness of its governance, risk management and internal control processes in its annual report.³³

2.45 There is merit for Accountable Authorities, with advice from audit committees, in entities without internal audit regularly reassessing this posture. This assessment should consider and document the sources of assurance available in forming a view on the effectiveness of governance and internal controls in the absence of internal audit.

Design of entity internal audit functions

2.46 Internal audit can be delivered through a different of models, including outsourced to external service providers or insourced partially or fully with an entity’s own internal auditors. As demonstrated in Figure 2.3, the ANAO’s analysis indicates that the delivery of the internal audit function within an entity is most likely to be delivered through outsourced arrangements.

Figure 2.3: Sourcing of the internal audit function

Source: ANAO analysis.

2.47 The ANAO’s analysis also indicated that material entities (33 per cent) were more likely than non-material entities (four per cent) to insource or co-source the delivery of their internal audit function.

2.48 The IIA standards have requirements which underline the principles for robust delivery of internal audit activities, particularly: requirements for continuous professional development for internal auditors; position descriptions which outline the responsibilities of internal auditors; embedded audit policies; and procedures governing the conduct of internal audit activities, including relating to quality assurance and improvement.³⁴ The ANAO has analysed the conformance of entities with insourced or co-sourced internal audit functions with these standards. Table 2.3 details the conformance of entities with outsourced internal audit with the IIA standards.

Table 2.3: Conformance with IIA standards relating to the conduct of internal audit functions by entities with insourced or co-sourced internal audit functions

Source: ANAO analysis.

2.49 The IIA standards state that an entity should review the effectiveness and performance of internal audit at least once every five years.³⁵ The ANAO’s analysis indicates that 36 per cent of entities’ internal audit functions had been subject to review within the period 2018–19 to 2022–23.

2.50 The ANAO’s analysis demonstrates that:

• improvements could be made by entities which insource their internal audit function, relating to the governance framework supporting conduct and quality assurance of internal audit activity; and
• accountable authorities, supported by advice from audit committees, could consider performing more regular reviews of the effectiveness of the function to confirm it remains fit-for-purpose.

Independence of the internal audit function

2.51 The independence of the internal audit function can be supported by:

• structure, including the appointment of a Chief Audit Executive (CAE);
• an internal audit charter;
• documented processes for review and approval of the internal audit plan; and
• documented processes for determining the budget of the internal audit function.

Structure of the internal audit function

2.52 The CAE is a role articulated in the IIA standards as the officer with responsibility for the internal audit function. The appointment of a CAE is not mandated for Commonwealth entities. The requirements of the standards in relation to this role have been adopted by the ANAO as a framework to benchmark the independence of the officer within an entity responsible for the internal audit. The IIA standards state that:

• the internal audit function must be independent, with auditors being objective in their work³⁶;
• the CAE should regularly communicate directly with the board of an entity;
• the CAE must report to a level within the organisation that allows it to fulfil its responsibilities³⁷;
• safeguards should be in place to limit impairments to independence or objectivity of the CAE where they also perform other management activities.³⁸

2.53 The ANAO’s analysis indicates that entities had largely structured their organisations to support direct access for the officer responsible for internal audit to communicate directly to the accountable authority or the audit committee.

• Ninety-four per cent of entities had a formal policy which provided the officer responsible for internal audit direct access to report to the audit committee.
• Eighty-seven per cent of entities had a formal policy or organisational structure which provided the officer responsible for the internal audit with direct access to report to the accountable authority.

2.54 Twenty-three per cent of entities with an internal audit function had appointed a CAE as a distinct role within the entity’s organisational structure. In the remaining 77 per cent of entities the officer responsible for internal audit had shared responsibilities and also performed other functions including: Chief Financial Officer, Chief Operating Officer, General Counsel and other officers working across governance, risk management, legal and fraud control. In these entities, these officers may have responsibility for the design, implementation and operating effectiveness of the entity’s system of risk management and internal control.³⁹ The ANAO’s analysis demonstrates that accountable authorities, with advice from audit committees, should actively consider the independence and objectivity of the officer responsible for the internal audit function given the majority of these officers have shared responsibilities. In considering organisational structure, accountable authorities should be mindful of the potential for impairments to objectivity and implement appropriate safeguards in undertaking internal audit activity.

Internal audit charters

2.55 The IIA standards require that the ‘purpose of, authority and responsibility of the internal audit activity must be formally defined in an internal audit charter’.⁴⁰ The IIA standards also require that the CAE should at regular intervals review the charter and present it to management, the board or audit committee for approval.⁴¹

2.56 The IIA considers that internal audit charters are important because they provide an entity ‘a blueprint for how internal audit will operate and helps the governing body to clearly signal the value it places on internal audit’s independence’.⁴² The IIA considers that the following attributes should be covered in an internal audit charter:

• mission and purpose;
• authority;
• applicability of the International standards for Professional Practice of Internal Auditing;
• independence and objectivity (including unfettered access to records);
• responsibility;
• scope of internal audit activities; and
• quality assurance and improvement program.^{43, 44}

2.57 The ANAO analysis indicates that 55 per cent of the entities had an internal audit charter in place in 2022–23. For these entities the ANAO identified that:

• the majority of entities had included in the charter the core attributes identified by the IIA;
• eighty-six per cent of entities had reviewed and approved the charter within the last two years;
• sixteen per cent of charters had not been reviewed by the audit committee; and
• thirty per cent of charters had not been reviewed or approved by the accountable authority.

2.58 Internal audit charters provide an opportunity for the accountable authority, and audit committee, to signal the importance of internal audit to an entity’s performance and governance framework. Charters provide a mechanism to clearly communicate an accountable authority’s expectations around internal audit mandate, authority and scope. In the absence of a charter, there is a risk that the internal audit function’s mandate, authority and independence are not well understood with an entity, potentially limiting the effectiveness of the function. Accountable authorities could enhance the effectiveness of their internal audit function by implementing, and regularly reviewing, a charter that clearly establishes the mandate, authority and scope of the function.

Internal audit work plan

2.59 The internal audit work plan describes the activities that will be undertaken by internal audit across a set period. The IIA standards describe that internal audit will be effectively managed when it considers trends and emerging issues that could impact the entity. Particularly, ‘internal audit activity adds value to the organization and its stakeholders when it considers strategies, objectives, and risks; strives to offer ways to enhance governance, risk management, and control processes; and objectively provides relevant assurance’.⁴⁵

2.60 Ninety-eight per cent of entities with an internal audit function had an internal audit plan during 2022–23.⁴⁶ Figure 2.4 provides a summary of the period covered by these plans.

Figure 2.4: Periods of time covered by 2022–23 internal audit plans of entities

Source: ANAO analysis.

2.61 Involving the audit committee in the development of the internal audit work plan is a key responsibility outlined in the RMGs relating to audit committees. The involvement of the audit committee in providing advice on the internal audit work plan supports the independence of the internal audit function. During 2022–23 90 per cent of internal audit plans were reviewed by audit committees.

Internal audit budgets

2.62 The ability of the internal audit function to fulfil its responsibilities is partly dependent on the availability of resources. Seventy-nine per cent of entities had a distinct budget for internal audit.

2.63 A safeguard to the independence and objectivity of the internal audit function is regular consideration of the appropriateness of the internal audit function’s budget by an entity’s audit committee (in providing advice on the function). Of the entities with a distinct budget, 73 per cent shared the budget with the audit committee.

2.64 The total budget for internal audit activities increased on average by $47,325 from 2020–21 to 2022–23. Table 2.4 demonstrates the average budget for internal audit functions for 2020–21 to 2022–23.

Table 2.4: Average internal audit budget from 2020–21 to 2022–23

Source: ANAO analysis.

2.65 Figure 2.5 provides an overview of the average internal audit function budget for the period 2020–21 to 2022–23 by classification of entity.

Figure 2.5: Average internal budgets by type of entity during the period 2020–21 to 2022–23

Source: ANAO analysis.

2.66 Twenty-one per cent of entities reduced their internal audit budget during the period 2020–21 to 2022–23. Table 2.5 provides an overview of the entities which have reduced their internal audit budget in the period 2020–21 to 2022–23 by more than 20 per cent and the amount of the reduction expressed as a percentage of the 2020–21 budget.

Table 2.5: Entities with a 20 per cent or greater reduction in internal audit budget over the period 2020–21 to 2022–23

Source: ANAO analysis.

Note a: The departments of: Agriculture, Fisheries and Forestry; Education; and Prime Minister and Cabinet internal audit budgets decreased partly due to the impact of MoG changes, where functions previously administered by each entity were transferred to other entities during this period.

2.67 The ANAO’s analysis identified that the majority of entities had distinct budgets for the internal audit function which were also subject to oversight by the audit committee. The ANAO’s analysis indicates that there is scope for this practice to become further embedded across the sector. Accountable authorities, and audit committees, should regularly consider the sufficiency of internal audit budgets, and whether the level of internal audit activity remains fit for purpose.

Internal audits completed

2.68 There were 2,687 internal audits completed by entities during the period 2020–21 to 2022–23. Table 2.6 provides analysis on the number of audits conducted in each year of this period.

Table 2.6: Number of internal audits completed by entities from 2020–21 to 2022–23

Source: ANAO analysis.

2.69 Figure 2.6 provides an overview of the average number of internal audits for the period 2020–21 to 2022–23 by type of entity. The ANAO’s analysis indicates that, on average, entities have retained a consistent level of internal audits completed during the period.

Figure 2.6: Average number of internal audits completed per entity during the period 2020–21 to 2022–23 by type of entity

Source: ANAO analysis.

2.70 Figure 2.7 provides an overview of the total internal audits completed during the period 2020–21 to 2022–23 by portfolio.

Figure 2.7: Internal audits completed during the period 2020–21 to 2022–23 by portfolio

Source: ANAO analysis.

Note a: To enable comparison across the period this figure reflects the portfolios identified in the Administrative Arrangements Orders which were in force during 2022–23. As a result, the ANAO has allocated internal audits completed by entities to reflect new or amended portfolios arising due to MoG changes during the period.

2.71 Of the 159 entities with an internal audit function, 20 of these entities account for 40 per cent of the total internal audits completed by entities for the period 2020–21 to 2022–23. The remaining 60 per cent of internal audits were completed by 141 entities. Table 2.7 demonstrates the number of internal audits completed by these entities.

Table 2.7: Entities comprising a total of 40% of total internal audits completed from 2020–21 to 2022–23

Source: ANAO analysis.

2.72 The majority of planned internal audits have been finalised by entities. Table 2.8 provides an overview of the completion of internal audits listed on an entities internal audit work plan.

Table 2.8: Completion rate for internal audits planned by entities during the period 2020–21 to 2022–23

Source: ANAO analysis.

2.73 Table 2.9 provides an overview of the entities which have reduced the number of internal audits completed in the period 2020–21 to 2022–23 by more than 20 per cent and the amount of the reduction expressed as a percentage of the internal audits that were completed in 2020–21.

Table 2.9: Entities with a 20 per cent or greater reduction in internal audits completed during the period 2020–21 to 2022–23

Source: ANAO analysis.

Note a: The departments of: Agriculture, Fisheries and Forestry; Education; and Prime Minister and Cabinet internal audits completed decreased partly due to the impact of MoG changes, where functions previously administered by each entity were transferred to other entities during the period.

2.74 The ANAO has assessed the purpose of each internal audit completed in order to categorise them into key themes to analyse the coverage of the audits completed over key areas of entity systems of risk management and internal control. Figure 2.8 shows the categorisation of internal audits into significant areas of an entity’s system of risk management and internal control.

Figure 2.8: Internal audits completed during the period 2020–21 to 2022–23 by category

Source: ANAO analysis.

Note a: Social security and welfare includes personal benefits payments and debt management activities.

Note b: Revenue collection and taxation includes the administration of taxation, collection of levies and other funding.

Note c: COVID-19 includes all program administration relating to the Australian Government’s response to COVID-19.

Note d: Stakeholder engagement includes all audits primarily undertaken on relationship management, consultation, communication and complaints management.

Note e: Human resources includes all audits related to talent management, learning ad development, recruitment, employee engagement and workplace health and safety.

Note f: Procurement includes all aspects of the procurement cycle.

Note g: Financial includes financial processing activities, including accounts payable, receivable, payroll processing and like financial processes.

Note h: Project and program management relates to project or program delivery, except to the extent otherwise separately classified as revenue collection and taxation, social welfare and grant.

Note i: Information Technology includes data analytics, business continuity and disaster recovery except where the audit was related to cyber security.

Note j: Risk and governance includes all other aspects of entity corporate governance, including: conflicts of interest, fraud or quality assurance activities.

2.75 Figure 2.8 indicates that the majority of internal audits completed over the period 2020–21 to 2022–23 were mainly in relation to: risk and governance; information, communications and technology, project and program management; financial controls. During this period there has been rebalancing of internal audit work plans. Over the period 2020–21 to 2022–23 there has been a reduction in internal audit activity associated with:

• programs associated with COVID-19;
• systems of risk management and enterprise level internal controls;
• information, communications and technology; and
• procurement.

2.76 The ANAO’s analysis indicated that over the period 2020–21 to 2022–23 there has been an increase in internal audit activity in the following areas:

• performance reporting; and
• cyber and information security.

Audit findings

2.77 Audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Often these risks arise from deficiencies within an entity’s internal control processes or frameworks. Weaknesses in internal controls increase the possibility that an entity will not prevent or detect a material misstatement in its financial statements in a timely manner. The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The ANAO’s rating scale is presented in Table 2.10.

Table 2.10: Audit findings rating scale

Source: ANAO reporting policy.

2.78 A summary of findings identified for the period ended 30 June 2023 by category is presented in Table 2.11.

Table 2.11: Audit findings by category for the period ended 30 June 2023

2.79 Information relating to significant and moderate findings and significant legislative breaches are summarised in this chapter. Further information on each of these findings can be found in Chapter 4 of this report broken down by entity.

Financial statements preparation

2.80 Financial statements are an important means of demonstrating how Commonwealth entities, both at an individual and whole-of-government level, meet their financial management responsibilities. In order to provide relevant and reliable financial information to the users, entities should prepare quality financial statements in a timely manner to support entities in meeting legislative reporting obligations including tabling of annual reports. Effective project management underpins successful financial statements preparation processes. Figure 2.9 below shows the total number of audit findings identified by the ANAO from 2019–20 to 2022–23 related to financial statement preparation processes.

Figure 2.9: Financial statements preparation audit findings 2019–20 to 2022–23

Source: ANAO data.

2.81 One significant audit finding was reported in 2021–22 in relation to the disclosure of key management personnel remuneration by the Army and Air Force Canteen Service. This audit finding was resolved during 2022–23.

2.82 Two new moderate findings were reported in 2022–23 relation to the preparation of the annual financial statements for the National Archives of Australia and the Royal Australian Mint.

2.83 There were nine minor audit findings reported in 2022–23. One minor audit finding reported was a result of remediation work completed by the Anindilyakwa Land Council to address a previously reported moderate audit finding. The remaining eight audit findings were first reported during 2022–23. These findings relate to quality review processes and preparation of position papers to support accounting positions, judgements and estimates in the financial statements.

Information Technology control environment

2.84 The information technology (IT) control environment refers to the policies, procedures and controls that maintain the integrity of information and security of data in an entity. This includes:

• IT security management, which incorporates user access management, privileged user activity logging and monitoring as well as security configuration settings such as password controls; and
• IT change management and data centre and network operations, including management of backup and recovery processes.

2.85 The IT control environment is the environment in which applications run, and so it also supports the effective functioning of the application controls that may be relied on in the audit. Figure 2.10 below shows the total number of audit findings identified by the ANAO from 2019–20 to 2022–23 related to the IT control environment.

Figure 2.10: IT control environment audit findings 2019–20 to 2022–23

Source: ANAO data.

2.86 There are four new significant findings across four entities including:

• Australian Taxation Office (ATO) – Weaknesses were identified associated with the ATO’s enterprise change management for key information technology systems supporting the preparation of the financial statements. These weaknesses included a disconnect between change management policy and procedural documentation in relation to segregation of duties particularly in relation to developers and migrators. The ATO was also unable to provide the ANAO with a complete and accurate list of changes made to financial systems assessed as in scope for the financial statements audit.
• Department of Defence – Weaknesses were identified in relation to the removal of users’ access. The ANAO identified 1,451 users whose access was not removed in accordance with the Information Security Manual (ISM) requirements. Testing also identified almost 2,000 instances where former employees and/or contractors had logged into and accessed data from the Department of Defence’s systems.⁴⁷
• National Archives of Australia – Weaknesses were identified regarding the design and implementation of IT general controls. The weaknesses included: insufficient oversight and documentation of review of privilege user access and activity logs; no formalised or documented periodic review of user access; and inconsistent mapping of roles and responsibility configurations, including workflow approvers and inconsistent chart of accounts mapping configurations.
• Services Australia – Weaknesses were identified related to Service’s Australia’s IT governance. The weaknesses identified were in relation to IT controls in the implementation of a large-scale IT roll-out for residential aged care and the re-emergence of a large number of individual control issues affecting change and access management and business operations.

2.87 Twenty-two new moderate findings were reported during 2022–23.⁴⁸ Three of the moderate audit findings identified in 2022–23 were resolved as part of the 2022–23 final audit and one moderate audit finding was upgraded to a significant audit finding in relation to the Department of Defence.⁴⁹

2.88 Of the 20 unresolved audit findings reported at the conclusion of 2022–23, six moderate findings remain unresolved from prior years, three of these related to 2020–21.⁵⁰

2.89 User access management includes the processes and procedures to ensure that only authorised users are granted access to systems and data, and that access is removed when it is no longer required. Two of the significant audit findings relate to user access. Twenty of the moderate findings relate to weaknesses in user access management with nine pertaining to management of terminated user access.⁵¹ Refer to paragraphs 2.214 to 2.101 for further analysis related to weaknesses relating to user access removal.

2.90 Users with administrative privileges, commonly referred to as privileged users, are able to make significant changes to IT systems’ configuration and operation, bypass critical security settings and access sensitive information. To reduce the risks associated with this access, the Information Security Manual⁵² requires that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored. There was one significant audit finding reported to the National Archives of Australia, nine moderate findings and 13 minor findings reported relating to privileged user access. Thirty-two of the fifty-one findings were raised in 2022–23 and 19 were raised in prior years.

2.91 IT security management continues to remain the most common area of weakness in the IT control environment, with over 77 per cent of findings, and 82 per cent of the significant and moderate findings, relating to this area. Focus is required by entities to ensure that the risks of unauthorised changes to systems and data and unauthorised data leakage are being appropriately managed.

Removal of user access

2.92 The Australian Cyber Security Centre has reported that malicious cyber activity continues to pose a threat to Australian Government entities.⁵³ Threats to the confidentiality and integrity of data held by entities means that entities need to enforce effective access controls to systems and networks and ensure the timely removal of systems access following a user’s cessation with the entity.

2.93 The Protective Security Policy Framework (PSPF) and Australian Government Information Security Manual (ISM) assist entities to use their risk management framework to protect information and systems from both internal and external threats. The PSPF governs the security of government Information Communications Technology (ICT) systems across non-corporate Commonwealth entities and the ISM provides the guidance to implementing appropriate security controls across all entities.

2.94 The ANAO has identified and reported previously⁵⁴ that several government entities have not implemented effective controls relating to the timely removal of user access. As stated in the PSPF: ‘Effectively managing personnel security includes ensuring departing personnel fulfil their obligations to safeguard Australian Government resources; this limits the potential for the integrity, availability, and confidentiality of those resource to be compromised’. This highlights a potential security threat to systems and information across all government entities.

2.95 The ANAO assessed termination controls in place at 140 relevant⁵⁵ government entities and found that 29 entities (2021–22: 53 entities) do not have a policy that defines the timeframe access should be removed from systems following a user’s departure from the entity. A lack of policies related to user access removal increases the risk that access will not be removed in a timely manner which may result in users’ inappropriately accessing information.

2.96 The ISM states that ‘Removing or suspending access to systems, applications and data repositories can prevent them from being accessed when there is no longer a legitimate business requirement for their user, such as when personnel change duties, leave an organisation or are detected undertaking malicious activities’⁵⁶. Timely removal of access is an important control to prevent unauthorised access to government systems and data. Six entities have a timeframe of greater than thirty days to remove user access to government systems.

2.97 Of the entities reviewed, 24 entities (2021–22: 35 entities) do not allow for the HR systems to enter terminations after cessation. This was either due to an assessment by the entity that it does not require backdated cessations as all users are identified and actioned on their last working day, or to system restrictions. However, should a user separation certificate not be completed prior to cessation, the system would reflect an incorrect date. Not allowing backdated terminations prevents an entity from monitoring these cases, can result in incorrect records and removes an entity’s ability to monitor inappropriate access.

2.98 The majority of entities assessed, 108 entities of 140 relevant entities (2021–22 119 entities), do not have an effective control to monitor access or activity in entities systems after user cessation. Of these 140 entities, 17 entities currently have an open finding relating to terminations including one⁵⁷ which has been assessed as a significant risk (2021–22: none) and nine⁵⁸ which have been assessed as a moderate risk (2021–22: seven). During 2022–23, three entities resolved moderate audit findings previously reported by implementing updated control processes relating to user access removal. These entities are: the Attorney-General’s Department (see paragraphs 4.2.21 to 4.2.23); the Australian Nuclear Science and Technology Organisation (see paragraphs 4.11.32 to 4.11.35) and Department of Home Affairs (see paragraphs 4.10.19 to 4.10.21). Not reviewing the access of individuals means entities are unable to assess and remediate any impact from unauthorised access to systems. This increases the risk that access to systems post termination is not detected and inappropriate activities undertaken are not mitigated.

2.99 Timely removal of access from terminated staff continues to be an issue across entities in 2022–23. There has been an improvement in the development of security policies relating to timely removal of access⁵⁹ and a small improvement in the implementation of monitoring controls⁶⁰, however the total number of findings in removal of access processes has increased.⁶¹

2.100 The Attorney-Generals’ Department collected⁶² information on entities self-assessed level of maturity for the of PSPF. As at 30 June 2022, 83 per cent of the 97 non-corporate entities assessed themselves as being fully effective or higher at removing access ‘On separation or transfer, the entity removed personnel’s access to Australian Government resources, including physical facilities and ICT systems.⁶³ The ANAO’s observations around termination controls indicate entities may be overestimating the effectiveness of the control environment, which is consistent with findings in previous ANAO performance audits undertaken on entities’ cyber security.⁶⁴

2.101 The weaknesses identified by the ANAO pose an increased risk of unauthorised access to systems and data. Entities should review the management of these areas, and implement the appropriate controls included in the PSPF and ISM to mitigate the risks.

IT change management

2.102 Change management policies and controls are designed to manage the risk of disruption to services, and to protect information and IT systems.

2.103 During 2022–23 the ANAO reported an increase the number of audit findings relating to weaknesses in change management policies and controls for IT systems. Weaknesses in change management controls can increase the risk of:

• unauthorised or erroneous changes being made;
• failure to make necessary changes when required;
• systems incompletely or inaccurately processing data; and
• reduced integrity of system records and information.

2.104 The findings identified by the ANAO have highlighted two important considerations for entities in designing and implementing change management controls:

• appropriately segregating conflicting duties; and
• following a structured change management framework.

Appropriately segregating conflicting duties

2.105 Effective internal control in the change management process requires adequate segregation of duties between those who perform procedures or controls and those who review or approve those activities. The work of one individual is either independent of, or serves as a check on, the work of another.

2.106 Inadequate segregation of duties increases the risks of unauthorised changes or undetected errors being implemented into the production IT environment, which can increase the risk of system failures or security breaches. There is a risk that developers with the ability to develop and implement changes in a production environment may circumvent controls or directly manipulate system data.

2.107 Where segregation of duties is not possible, entities should monitor the activities performed by users or perform a ‘look-back’ of changes to ensure changes are authorised and appropriate.

Note a: Further details regarding these findings can be found in the entity results section in Chapter 4 for the Australian Taxation Office, National Disability Insurance Agency and Services Australia.

Following a structured change management process

2.108 IT systems and technologies should be regularly maintained and updated to ensure continued operation and protection of information. IT changes resulting from maintenance and development activities should be managed appropriately to reduce the risk of service disruptions, unauthorised changes, and errors. Following a formal process for identifying and requesting changes can help ensure that all changes are properly authorised and documented and increases the reliability and integrity of IT systems

Note a: Further details regarding this finding can be found in the entity results section in Chapter 4 for the Australian Taxation Office.

Compliance and quality assurance frameworks

2.109 Entities rely on internal and external systems, parties and information in decision-making processes. The implementation of effective compliance and quality frameworks and processes provides assurance over the completeness and accuracy of the information and is integral to the preparation of financial statements free from material misstatement. Figure 2.11. below shows the total number of audit findings identified by the ANAO from 2019–20 to 2022–23 related to compliance and quality assurance frameworks.

Figure 2.11: Compliance and quality assurance framework audit findings 2019–20 to 2022–23

Source: ANAO data.

2.110 Four new significant findings were reported during 2022–23. The significant audit findings have been reported in relation to the processes designed and established in relation the governance of legal and other matters impacting the financial statements in the following entities: Departments of: Health and Aged Care; Education; and Social Services and Services Australia.

2.111 These audit findings indicate a failure in governance supporting the preparation of the financial statements with respect of legal matters at these entities. This includes the assessment of the impact of the receipt of legal advice or recently determined matters which has the potential to affect an entity’s administration, financial management and financial reporting obligations. These findings highlighted instances where information on legal matters was not referred to entity Chief Financial Officers, or was not otherwise assessed for impact on the financial statements. In other instances evidence identified by the ANAO during the course of the audits did not accord with management representations and additional audit work was required to be undertaken by the ANAO. The ANAO recommended that these entities design, document and implement processes to ensure legal and other matters are considered when preparing financial statements and that all matters identified for consideration are communicated to the ANAO.

2.112 There were two new moderate findings reported to the Departments of: Foreign Affairs and Trade; and Health and Aged Care during 2022–23 related to assurance over administered programs.⁶⁵ Six of the eight minor findings were raised in 2022–23 and two were raised in 2021–22.

Note a: Further information regarding these significant audit findings can be found in the entity contributions for the Department of: Education; Health and Aged Care; Social Services and Services Australia in Chapter 4.

Accounting and control of non-financial assets

2.113 Entities control a diverse range of non-financial assets on behalf of the Australian Government, including land and buildings, specialist military equipment, leasehold improvements, infrastructure, plant and equipment, inventories and computer software. Figure 2.12 Figure 2.12 below shows the total number of non-financial asset audit findings identified by the ANAO from 2019–20 to 2022–23.

Figure 2.12: Accounting and control of non-financial assets audit findings 2019–20 to 2022–23

Source: ANAO data.

2.114 The significant audit finding relating to weaknesses in asset management processes at the Royal Australian Navy Central Canteen Board reported in 2021–22 was downgraded to a minor audit finding as part of the 2022–23 interim audit.

2.115 Six of the previously reported moderate findings were resolved as part of the 2022–23 audit. Five of the six resolved moderate findings were raised in 2021–22 and one was raised in 2020–21.⁶⁶

2.116 Three of the new moderate findings related to development on intangible assets and capitalisation management. The remaining audit finding related to weaknesses around the disposal of assets and inventory.⁶⁷

2.117 The minor findings relate to:

• fair valuation adjustments;
• assessments for impairment of assets;
• data management and integrity;
• inventory management;
• stocktake procedures; and
• capitalisation.

Intangible assets

2.118 The Australian Government’s intangible assets comprise mainly internally developed or purchased computer software. Three of the four moderate and one of the 12 minor audit findings reported in 2022–23 relate to weaknesses in entity’s accounting process for computer software. As reported in the CFS at 30 June 2023, the gross book value of computer software recognised by entities totalled $22.1 billion. Figure 2.13 demonstrates that during the period 2019–20 to 2022–23 there has a $5.4 billion increase in capitalised computer software reported by entities. The total amount of computer software in progress at 30 June 2023 was $2.83 billion.

Figure 2.13: Balance of Australian Government computer software 2018–19 to 2022–23

Source: ANAO analysis of the 2018–19 to 2022–23 CFS.

2.119 Computer software developed by Commonwealth entities and Commonwealth companies is often unique to the Australian Government and related to the regulatory or service delivery function conducted by those entities, for example, social security benefits, health benefits, trade facilitation and taxation administration. The development of this software is evolving with broader market trends and there is increasing use of ‘Software as a Service (SaaS)’ arrangements. SaaS arrangements, also referred to as cloud computing arrangements, allow entities to access software from a managed service provider over the internet, which contracts to the practice of internally developing and managing the software within an entity.

2.120 In Auditor-General Report No. 8 of 2022–23 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2022 the ANAO identified that it is important for entities to establish accounting policies, processes for capturing capital costs and quality assurance processes which regularly review intangible asset balances for impairment.

2.121 ASB 138 Intangible Assets (AASB 138) provides the criteria for the identification, recognition, and measurement of intangible assets including computer software. AASB 138 contains detailed guidance on the type and nature of costs incurred in development or purchase of computer software that can be capitalised as intangible assets by entities.

2.122 The International Financial Reporting Standards (IFRS) Interpretations Committee recently issued two agenda decisions that provided interpretations on accounting for software as a service (SaaS) contracts (cloud computing).⁶⁸ The Committee identified that in respect of SaaS contracts these arrangements are not considered to be intangible assets where the customer does not control the software application and are often only service contracts that should be expensed.

2.123 Given the history of rapid changes in technology, intangible assets are susceptible to technological obsolescence.⁶⁹ AASB 136 Impairment of Assets (AASB 136) requires entities to assess whether there is any indication that non-financial assets may be impaired at end of each reporting period. Specific requirements apply for impairment testing of intangible assets. ⁷⁰

2.124 Australian Government entities recorded $352.0 million in write-downs and impairment of computer software in 2022–23, and have recorded a cumulative write-downs and impairment of $789.1 million in the period 2019–20 to 2022–23. Figure 2.14 shows Australian Government recoverable amount write-downs and impairment for computer software over the past five years have ranged between $53.7 million and $352.0 million per year.

Figure 2.14: Balance of the Australian Government’s expenses for write downs of computer software 2018–19 to 2022–23

Source: ANAO analysis of the 2018–19 to 2022–23 CFS.

2.125 As demonstrated in Figure 2.14 the write-downs and impairment for computer software increased during 2022–23. This increase was mainly related to the write-down by Services Australia of $232.6 million of computer software associated with the Welfare Payment Infrastructure Transformation Program - Entitlement Calculation Engine, due to a decision to discontinue the project.

Note a: Further information regarding these moderate audit findings can be found in the entity contributions for the Australian Securities and Investments Commission and Departments of: Education; Infrastructure, Transport, Regional Development, Communications and the Arts in Chapter 4.

Revenue, receivables and cash management

2.126 Revenue and receivables include Parliamentary appropriations, taxation revenue, customs and excise duties and administered levies. Commonwealth entities also generate revenue from the sale of goods and services and a range of other sources. Cash management involves the collection and receipt of public monies and the management of official bank accounts. Figure 2.15 shows the total number of revenue, receivable and cash management audit findings identified by the ANAO from 2019–20 to 2022–23.

Figure 2.15: Revenue, receivables and cash management audit findings 2019–20 to 2022–23

Source: ANAO data.

2.127 One moderate finding reported to the Australian Taxation Office during 2021–22 remains unresolved in 2022–23.

2.128 There were 10 new minor findings reported during 2022–23 and one unresolved finding first raised in 2020–21. Three of the 11 minor findings relate to revenue and receivables management. Weaknesses in this category include:

• ageing debt collection; and
• processes underpinning the estimation of receivable balances within the financial statements including the accuracy and completeness of the data supporting these estimates.

2.129 The eight remaining minor findings relate to cash management controls. Cash controls are core processes expected to be in a mature state at every entity. The weaknesses in this category were primarily a result of weaknesses in the timeliness and completeness of reconciliations of bank accounts.

Human resource financial processes

2.130 Human resources encompass the management and administration of employee entitlements and payroll functions. Employee benefits represent the most significant departmental expenditure for most entities, and the associated leave and superannuation liabilities are subject to estimates and judgements in inputs.

2.131 Human resource transactions are high volume with both automated and manual processing. As a result, any control weaknesses can result in systematic errors increasing the risk of material misstatement. Figure 2.16 below shows the total number of human resources financial processes audit findings identified by the ANAO from 2019–20 to 2022–23.

Figure 2.16: Human resources financial processes audit findings 2019–20 to 2022–23

Source: ANAO data.

2.132 The moderate audit finding reported in 2021–22 in relation to the Northern Land Council was resolved in 2022–23. No significant or moderate findings were reported during 2022–23.

2.133 Of the seven audit findings reported, three were raised in 2022–23. Four minor findings remain unresolved from prior years and one of these findings has been unresolved since 2015–16. The findings in this category relate to weaknesses in:

• management of employee leave entitlements;
• maintenance of payroll records and controls; and
• management on key management personnel remuneration and related parties disclosures (further information is available at paragraph 2.145).

Purchases and payables management

2.134 Purchases and payables are payments to, or due to suppliers, including contractor and consultancy expenses, lease payments and general administrative payments. These expenses typically comprise the second most significant departmental expenditure item of entities after employee benefits. Figure 2.17 below shows the total number of purchases and payables audit findings identified by the ANAO from 2019–20 to 2022–23.

Figure 2.17: Purchases and payables management audit findings 2019–20 to 2022–23

Source: ANAO data.

2.135 One significant finding was reported in 2021–22 to the Department of Veterans’ Affairs in relation to the methodology supporting the valuation of the military compensation provision reported in the financial statements. This was downgraded to a moderate audit finding as part of the 2022–23 interim audit and was resolved as part of the final audit.

2.136 There was one unresolved moderate finding first reported in 2020–21 relating to weaknesses in the governance of Australian Defence Force health services at the Department of Defence. This was resolved as part of the 2022–23 audit.

2.137 Five new minor audit findings were reported in 2022–23 and five unresolved findings were first raised in 2021–22. Common weaknesses in this category over the period from 2019–20 to 2021–2023 relate to:

• processes supporting the authorisation of expenditure, including maintaining proper segregation of duties; and
• timeliness of credit card acquittals.

Other audit findings

2.138 Other audit findings typically include items relating to the: management and implementation of service level agreements or memoranda of understanding; updating or maintaining of key governance documentation. Figure 2.18 below shows the total number of other audit findings identified by the ANAO from 2019–20 to 2022–23.

Figure 2.18: Other audit findings 2019–20 to 2022–23

Source: ANAO data.

2.139 One significant audit finding was resolved as part of the 2022–23 audit relating to the Royal Australian Navy Central Canteens Board. One significant audit finding from 2021–22 remains unresolved relating to Bundanon Trust⁷¹ relating to going concern.

2.140 One moderate audit find remains unresolved which was first reported to the Royal Australian Air Force Veterans’ Residences Trust as part of the 2021–22 financial statements audit. The remaining two moderate audit findings were identified in 2022–23 and were reported to the Bureau of Meteorology and National Blood Authority.

2.141 Seven of the 12 minor audit findings were raised in 2022–23. The findings in this category relate to weaknesses in: segregation of duties between processing and approving of manual journals; and the formalisation of corporate documents and internal policies.

Legislative compliance

2.142 In accordance with ANAO policy, significant legislative breaches are reported to Parliament consistent with the reporting of significant and moderate audit findings. Significant legislative breaches include: instances of significant potential or actual breaches of the Constitution; and instances of significant non-compliance with the entity’s enabling legislation, legislation that the entity is responsible for administering, and the PGPA Act. Figure 2.19 below illustrates legislative breaches identified by the ANAO between 2019–20 to 2022–23.

Figure 2.19: Significant legislative breaches 2019–20 to 2022–23a

Note a: For the purpose of this analysis L2 and L3 categories have been combined non-significant breaches.

Source: ANAO data.

2.143 There were three significant legislative breaches reported during 2022–23. One of the breaches was identified during the 2022–23 and two remain unresolved from prior years. The significant legislative breaches relate to the following entities:

• Department of Health and Aged Care. The breach relates to potential breaches of section 83 of the Constitution regarding payments made in under the Aged Care Act 1997 and the Health Insurance Act 1973.
• Northern Land Council (NLC). This breach relates to the requirement for funds in the NLC’s its royalty trust account to be distributed to traditional owners within agreed timeframes (in accordance with the requirements of the Aboriginal Land Rights (Northern Territory) Act 1976. This breach was first identified in 2012–13.
• Tiwi Land Council. The breach relates to the Tiwi Land Council to have in place a formal risk management policy nor a formal risk management framework as required by the section 16 of the Public Governance, Performance and Accountability Act 2013.

2.144 The 11 non-significant breaches primarily related to:

• non-compliance with determinations made by the Remuneration Tribunal for remuneration of key management personnel (incorrect payments); and
• non-compliance with requirements for Commonwealth Procurement Rules.

2.145 The appropriateness of governance of key management personnel remuneration (KMP) has been a continued focus for the ANAO in 2022–23. Over the period 2019–20 to 2022–23 the ANAO has continued to identify legislative breaches relating to KMP remuneration.

Quality and timeliness of financial statements preparation

2.146 The primary purpose of financial statements is to provide relevant and reliable information to users about a reporting entity’s financial position. Financial statements preparation is often a complex task, involving compliance with a number of requirements established by Australian Accounting Standards and the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015.

2.147 In order to provide relevant and reliable financial information to the users, entities should prepare quality financial statements in a timely manner to support entities to meet legislative reporting obligations including the tabling of annual reports. The preparation of quality financial statements will be demonstrated by adherence to a well-defined financial statements preparation timetable with minimal adjustments required to financial statements throughout the audit process.

2.148 In concluding an audit the ANAO reports on the quality of financial statements preparation to entities. The following measures are considered by the ANAO when assessing the quality of the financial statements preparation process:

• number and quantum of adjusted and unadjusted audit differences; and
• timeliness of financial statements preparation.

2.149 At the completion of the 2022–23 financial statements audits, the ANAO reported two moderate audit findings and nine minor audit findings relating to processes supporting financial statements preparation (2021–22: one significant; one moderate and eleven minor findings). Further analysis of the financial statements preparation process findings identified is available at paragraphs 2.80 to 2.83.

Financial statements preparation

2.150 The ANAO assessed the timeliness of financial statements preparation. Timeliness in preparation was assessed by comparing the date of delivery of the financial statements to previously agreed timeframes. The timeframe was established by entities and agreed with audit teams for the delivery of financial statements.

2.151 Timeliness in financial statements preparation in 2022–23 improved compared to 2021–22, with delivery of financial statements:

• in line with the agreed timeframes achieved by 72 per cent of entities (2021–22: 65 per cent);
• a further seven per cent of entities delivered financial statements within two working days of the agreed timeframe (2021–22 two per cent); and
• twenty one per cent of entities delivered financial statements after two working days of the agreed timeframe (2021–22: 29 per cent).

Audit differences

2.152 The quality of financial statements preparation is also assessed by considering the number and value of audit differences identified. Throughout the financial statements audit process, audit differences other than those considered trivial are communicated to entities. Entities are encouraged to adjust all audit differences.⁷² The total number of individual audit differences identified in 2022–23 decreased compared with 2021–22. A total of 232 individual audit differences were identified in 2022–23 (2021–22: 250) which impacted the revenue, expenses, assets and equity balances reported. The ANAO also identified 191 audit adjustments associated with presentation and disclosure of transactions and balances in the financial statements.

2.153 A key indicator of the quality of entity financial statements is whether audit differences identified are adjusted by entities. Of the 232 audit differences identified by the ANAO during 2022–23, 116 or 50 per cent remained unadjusted by entities (2021–22: 107 or 43 per cent). Of these unadjusted differences, 73 related to material entities (2021–22: 55).⁷³ The unadjusted differences, both in aggregate and individually, did not result in a material misstatement to the financial statements.

2.154 The Department of Finance’s (Finance) Financial Statements Better Practice Guide indicates that ‘better practice entities will promote an environment in which the correction of errors or misstatements is seen as an appropriate course of action, regardless of whether or not they are considered to be material’.⁷⁴

2.155 Table 2.12 shows that the net value impact of unadjusted audit differences compared to prior year has decreased for revenue, expenses, assets and equity. There has been an increase net value impact compared to 2021–22 for liabilities.

Table 2.12: Total value of unadjusted audit differences ($ million)

Source: ANAO analysis of entity 2022–23 and 2021–22 closing reports.

2.156 The ANAO also considers the impact of the unadjusted audit differences on the CFS. Of the unadjusted differences identified in the 2022–23 financial statements audits, a total of four adjustments relating to three entities were reported to Finance who prepare the CFS and were subsequently adjusted. These entities were the Departments of: Defence; Education; and the Treasury.

2.157 The total value of adjusted audit differences has increased compared to 2021–22 for expenses, liabilities and equity. There a decrease in adjusted audit differences elating to revenue and assets. Table 2.13 shows the net value impact of adjusted audit differences compared to 2021–22.

Table 2.13: Total value of adjusted audit differences ($ million)

Source: ANAO analysis of entity 2022–23 and 2021–22 closing reports.

2.158 The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance frameworks over financial statements processes.

2.159 The ANAO’s findings indicate that there are opportunities for entities to improve quality assurance frameworks, to ensure that significant accounting policies, estimates and adjustments underpinning financial statements are reviewed as early as possible in the preparation process. In their assurance role, audit committees are encouraged to actively support management through the critical evaluation of accounting papers and holding entities to account for delivering on agreed timetables and taking up all identified audit adjustments.

Powers of the Auditor-General to obtain information

2.160 The Auditor-General Act 1997 (AG Act) provides the Auditor-General, and delegated officials, with wide ranging information gathering powers. In practice, information is gathered through cooperation with audited entities. Section 32 of the A-G Act provides the Auditor-General with the ability to direct a person to provide information or documents that the Auditor-General requires, as well as the ability to direct that a person attend a judicial proceeding to give evidence before the Auditor-General, or an authorised official.

2.161 There were six notices issued by the Auditor-General under Section 32 of the A-G Act in the audit of 2022–23 financial statements (2021–22: nil). Table 2.14 identifies the Section 32 notices issued by the Auditor-General during financial statements audits in 2022–23.

Table 2.14: Section 32 notices to produce documentation and information issued during the ANAO’s 2022–23 financial statements

Source: ANAO analysis.

Timeliness of entity’s preparation of annual reports

2.162 Annual reports inform the Parliament, the community and other stakeholders about the performance of entities. The publication of the annual report containing the audited financial statements is a key means to meet accountability and legislative obligations. For 2022–23 there were 187 entities required to present annual reports to the responsible minister under the Public Governance, Performance and Accountability Act 2013.

2.163 Annual reports are approved by the entity’s accountable authority before being provided to the minister and tabled in Parliament. RMG 135 Annual report for non-corporate Commonwealth entities, and 136 Annual report for corporate Commonwealth entities state that annual reports are to be provided to the relevant minister by the 15th day of the fourth month after the end of the reporting period. RMG 137 Annual report for Commonwealth companies states that Commonwealth company directors must give the annual report to the responsible minister the earlier of 21 days before the next annual general meeting after the end of the reporting period for the company or four months after the end of the reporting period for the company.

2.164 Figure 2.20 shows the time in days between the issue of the auditor’s report to the:

• approval of the annual report by the accountable authority; and
• tabling of the annual report in Parliament.

Figure 2.20: Timeframe for tabling 2022–23 annual reports from issuance of auditor’s report

Source: ANAO analysis of entity annual reports.

2.165 The analysis above shows that accountable authorities approved 57 per cent of annual reports within 10 days of the issue of the auditor’s report (2021–22: 48 per cent), with an overall average of 10 days (2021–22: 12 days). The average days between the accountable authority’s approval of the annual report and tabling in Parliament was 31 days (2021–22: 30 days).

2.166 Thirty-one per cent of annual reports were tabled within 30 calendar days from the issue of the auditor’s report (2021–22: 22 per cent). The tabling of annual reports in Parliament occurred on average 42 days after the auditor’s report was issued (2021–22: 44 days). There are 12 entities (six per cent) that are required to table an annual report for 2022–23 which have not done so as at 30 November 2023 (2021–22: 8 per cent at 2 December 2022).

2.167 Annual reports should be tabled in Parliament to allow sufficient time for review before Senate estimates hearings. The RMGs on annual reports indicate that normally annual reports are tabled on or before 31 October and it is expected annual reports are tabled prior to the October estimates hearings.⁷⁵

2.168 For the private sector, the Governance Institute of Australia has identified timeliness of board papers as a key contributor for directors to prepare for and be effective at board meetings. Particularly:

An important aspect of any board paper policy is to set out the timing of board paper distribution. Board papers should be distributed sufficiently in advance of a meeting to ensure that there is time for the directors to digest the contents of the papers and prepare for the meeting. It is common practice to distribute board papers approximately one week before a meeting.⁷⁶

2.169 The Institute also identified that ‘the provision of late papers should be discouraged as directors need sufficient time to read and digest board papers in order to be effective in their role and to meet their obligations’.⁷⁷ Figure 2.21 below shows that twelve per cent of entities tabled an annual report with greater than one week before the 2022–23 budget supplementary estimates hearing dates for their portfolio, a decrease of 40 per cent compared with 2021–22 (2021–22: 52 per cent).

Figure 2.21: Figure 2.21 2022–23 annual report tabling date in relation to Budget supplementary estimates hearing as at 30 November 2023

Note a: This graph does not add to 100 per cent as a result of entities that had not tabled an annual report as at 30 November 2023.

Source: ANAO analysis of entity tabled annual reports.

2.170 There has been a decrease in timeliness of annual reports being tabled in the Parliament compared with the 2021–22 supplementary budget estimates. Figure 2.21 above shows that:

• sixty-six per cent of annual reports were tabled before entity’s portfolio hearing date, a decrease of 10 per cent compared with 74 per cent in 2021–22;
• ten per cent of entities annual reports were tabled on the date of the entity’s portfolio hearing consistent with 10 per cent in 2021–22; and
• twenty-four per cent of entities annual reports were or will be tabled after the date of the entity’s portfolio hearing, an increase from 16 per cent in 2021–22.

2.171 There were 23 entities across 7 portfolios that tabled annual reports after the portfolio’s 2023–24 Budget supplementary estimates hearing or had not tabled as at 30 November 2023. Table 2.15 includes further details about those entities that did not provide 2022–23 annual reports prior to Budget supplementary estimate hearings.

Table 2.15: Annual reports tabled after the portfolio’s Budget supplementary estimates hearings as at 30 November 2023

Note a: This date is the first appearance for the portfolio at the 2023–24 Budget supplementary estimates hearing.

Note b: The requirements for the tabling of the annual report for the High Court of Australia are outlined in subsection 47(1) of the High Court of Australia Act 1979. The High Court of Australia must, as soon as practicable after 30 June, prepare and submit to the Minister a report relating to the administration of the affairs of the High Court under section 17 during the year that ended on that 30 June, together with financial statements in respect of that year in such form as the Minister for Finance approves.

Source: ANAO analysis of tabled 2022–23 annual reports.

2.172 Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance.

Financial sustainability and management

2.173 Section 15 of the PGPA Act requires that the accountable authority of an entity must govern the entity in a way that promotes: the proper use and management of public resources; the achievement of the purposes of the entity; and the financial sustainability of an entity.

2.174 Financial sustainability measures the ability of an entity to manage its financial resources so it can meet present and future spending commitments. This can provide an indication of financial management issues or point to an increased risk that an entity’s resourcing or functions are not sustainable.

2.175 The Department of Finance has established a portal for centrally capturing publicly available corporate information for all Commonwealth entities (transparency.gov.au). The portal includes tools that enable users to obtain and compare financial results across all entities through the application of the following financial ratios:

• total liabilities to total assets ratio, which indicates the level of ownership of the entity’s assets but can also be used to gain an understanding of the net equity of the entity;
• financial assets to total liabilities ratio, which indicates the extent to which an entity’s liabilities can be covered by its financial assets;
• current ratio, which indicates whether an entity’s current assets are greater than its current liabilities and whether the entity is likely to be able to pay its short-term liabilities as they fall due; and
• capital turnover ratio, which indicates whether an entity is replacing its assets at a sustainable rate.

2.176 The portal also provides general information about what each of these ratios measures and improvements or deterioration in the ratios indicate.⁷⁸ However, guidance to assist users’ of financial statements in assessing whether the ratios indicate strong or weak financial performance in the context of the government sector has not been developed. There would be benefit in the Australian Government developing performance targets or benchmarks. This would enable an entity to assess its own financial sustainability against agreed parameters over time, and against like entities.

2.177 The analysis is in this report is based on reported operating results (surpluses or deficits) of entities after adjusting for unfunded expenses, where relevant, highlighting the full cost of operations.⁷⁹ The ANAO’s analysis of the operating results of all entities identified that:

• fifty per cent of not-for-profit entities reported a deficit in 2022–23; and
• fifty per cent of for-profit entities reported a deficit in 2022–23.

2.178 The Budget Process Operational Rules Rule 10 describes the process under which entities are required to follow to budget for any operating loss.⁸⁰ Entities are not able to budget for an operating loss without approval from the Minister for Finance, except for the following circumstances:

• a technical loss (accounting or timing issues);
• a charging entity with a loss less than $10.0 million;
• entities within the Agriculture, Fisheries and Forestry portfolio which are under by levy revenue.

2.179 Seventy-three entities for which Rule 10 applies incurred operating losses in 2022–23. Of these entities, the ANAO was advised that 17 had received approval for their operating loss from the Minister for Finance.

Financial sustainability of material entities

2.180 Information on the financial performance of each material entity has been included in Chapter 4 of this report. In the absence of guidance specific to the government sector, the ANAO has developed parameters based on generally accepted concepts of financial sustainability and applied these to the operating results and balance sheets of material entities. These parameters are described in Table 2.16 and Table 2.17 below.

Operating results analysis

2.181 A key measure of an entity’s financial management is its operating result for the year. Although the operating result is not the sole measure of performance of a public sector entity, a history of large deficits or surpluses in a not-for-profit Commonwealth entity could suggest the need for additional or refocused funding, elimination of non-value adding costs, and/or improved financial management.

2.182 Similarly in the case of for-profit entities and those with quasi-commercial operations, there is an expectation that financial management focuses on meeting expected returns.⁸¹ As a result, any entity in this category averaging a large deficit should be considered more closely.

2.183 The ANAO analysed the operating results of all material entities over a five-year period from 2018–19 to 2022–23. Of the 65 material entities, 41 were not-for-profit and 24 were corporate or commonwealth companies or not-for-profit entities which have quasi-commercial operations or departmental functions operating on a for-profit basis.

2.184 For the purposes of this analysis, material entities are grouped into three operating result categories as part of this analysis, outlined in Table 2.16 below.

Table 2.16: ANAO parameters for operating result category

Source: ANAO analysis.

2.185 Figure 2.22 illustrates the summary of average operating results for not-for-profit and for profit/quasi-commercial entities and whether they had large or small average deficits or surpluses over the five-year period from 2018–19 to 2022–23.

Figure 2.22: Average operating results analysis

Source: ANAO analysis of material entities’ average operating results.

2.186 The level of large deficits and large surpluses for not-for-profit material entities over a five year period has remained relatively stable from 2019–20 to 2022–23. Figure 2.23 illustrates the percentage of not-for-profit material entities with a large average deficit or small average surplus over a five-year period for the period 2019–20 to 2022–23.

Figure 2.23: Average operating results for not-for-profit entities for the period 2019–20 to 2022–23

Source: ANAO analysis of material not-for-profit entities’ average operating result for the period 2019–20 to 2022–23.

2.187 The level of large deficits for for-profit and quasi commercial material entities over a five year period has remained stable from 2019–20 to 2022–23, however, there has been a decrease in large surpluses. Figure 2.24 illustrates the percentage of for-profit and quasi commercial material entities with a large average deficit or small average surplus over a five-year period for the period 2019–20 to 2022–23.

Figure 2.24: Average operating results for for-profit and quasi commercial entities for the period 2019–20 to 2022–23

Source: ANAO analysis of material for-profit and quasi commercial entities’ average operating result for the period 2019–20 to 2022–23.

2.188 The ANAO has analysed the primary drivers of large average deficits and large average surpluses for material entities.

Large average deficits for for-profit/quasi commercial entities

2.189 As illustrated in Figure 2.22, 35 per cent of material for-profit and quasi commercial entities reported average surpluses of more than one per cent of total expenses over the five-year period (2021–22: 29 per cent). Nine (2021–22: seven) for-profit/quasi-commercial entities recorded a large average deficit during this five year period. These large average deficits are attributable to the following factors:

• three entities recorded large average deficits, consistent with the previous financial years due to being in, or having been in, the build phase of large infrastructure projects and/or still in the process of increasing revenue. They were: Australian Naval Infrastructure Pty Ltd; National Intermodal Corporation Limited; and WSA Co Limited;
• two entities recorded large average deficits due mainly to reduced income arising from the impacts of the COVID-19 pandemic. These entities were: Airservices Australia and Voyages Indigenous Tourism Australia Pty Ltd;
• the Australian Rail Track Corporation Ltd large average deficit is related to impairment expenses recognised for property, plant and equipment (including rail infrastructure) assets. These expenses are as a result of impairments recognised on the assets being constructed for the Inland Rail network and on rail infrastructure assets in the Interstate and Hunter Valley rail networks. The impairment in the Interstate and Hunter Valley network is a result of decreases in the expected net income on which the fair value is calculated. Impairment for the Inland Rail network reflects that ARTC will only recover a part of the economic benefits which are anticipated to arise from the full cost of construction of Inland Rail;
• the Coal Mining Industry (Long Service Leave Funding) Corporation due to losses on investments during 2019–20 and 2021–22. The losses were primarily driven weaker performance of investments in unlisted until trusts;
• the Department of Finance, primarily due to the impact of impairments on investment properties due to weaker valuations arising from changes in market interest rates; and
• the Reserve Bank of Australia, primarily due to net valuation losses incurred on the fair value measurement of domestic securities acquired as part of the bond purchase program (BPP) in response to the COVID-19 pandemic during and higher interest costs on exchange settlement liabilities in 2021–22 and 2022–23.

2.190 One entity moved from the large average deficit category during 2022–23. The National Housing Finance and Investment Corporation⁸² moved categories due to the surplus reported in 2021–22 and 2022–23 arising from returns on entity’s loan portfolio. The previously reported large average deficit was due to the recognition of concessional loan discount expense on loans advanced by the Corporation.

Large average deficits in not-for-profit entities

2.191 Ten (2021–22: nine) material not-for-profit entities recorded a large average deficit during the five year period. Six not-for-profit entities recorded a large average deficit during the period due to factors occurring in current and prior years.

• The Australian Bureau of Statistics has incurred operating losses in 2018–19, 2019–20, 2020–21 and 2022–23 due to the increased workload from survey development and roll-out, costs for SaaS development as well as costs incurred in analysing and reporting the information gathered during the national census conducted in 2021.
• The Australian Federal Police recorded deficits from 2018–19 to 2020–21 and 2022–23 predominantly as a result of: increased operating costs including additional protective equipment and cleaning of facilities in response to the COVID-19 pandemic; operational activity; and increased employee entitlements expenses including additional provisions made for unpaid superannuation entitlements.
• The Australian Signals Directorate’s expenditure has increased since 2019–20 as part of the continued expansion of its operations and programs. The entity’s deficits are attributable to additional expenditure from prior period appropriations for delayed projects.
• The Australian Prudential Regulatory Authority, which recorded deficits from 2018–19 to 2020–21 and 2022–23 due mainly to less revenue arising from industry levies and charges than projected.
• The Department of Climate Change, Energy, the Environment and Water was established in 2022–23. It recorded an operating deficit related to higher than anticipated employee costs and shared services costs and delivery of programs funded by prior period appropriations.
• The National Blood Authority’s large average deficit is due to increased information, communications and technology expenses and contractor costs impacting the 2022–23 operating result.

2.192 Four not-for-profit entities recorded a large average deficit during the period primarily due to factors that occurred in prior years that impact the five year average to 2022–23.

• The Australian Research Council’s large average deficit due was mainly due to the deficit incurred in 2021–22. The deficit in 2021–22 was due to increased supplier expenses to undertake a review and consultation on the National Competitive Grants Program.
• The Department of Parliamentary Services’ large average deficit is due mainly to the operating deficit recorded in 2019–20 due mainly to the impact of the COVID-19 pandemic which impacted: increased cleaning costs, increased information, communications and technology costs and a reduction in revenue due to rental relief for tenants and a reduction in event hire.
• The Department of the Prime Minister and Cabinet’s large average deficit is due to the impact of grant funding arrangements on the 2021–22 operating result.
• The National Library of Australia’s large average deficit is due to a deficit in 2020–21 relating to the impairment of heritage and cultural assets due to revised assumptions applied in the valuation process and impact of COVID-19 on asset values.

Large average surpluses in not-for-profit entities

2.193 As illustrated in Figure 2.22, 51 per cent of material not-for-profit entities reported average surpluses of more than one per cent of total expenses over the five-year period (2021–22: 46 per cent). The following discussion focuses on the common drivers for these entities’ large average surpluses.

2.194 Eleven (2021–22: 13) material not-for-profit entities have remained in the large average surplus category for 2022–23.

• The Australian Communications and Media Authority, which recorded large operating surpluses in 2021–22 and 2022–23 due mainly to the delays in the expenditure on new programs.
• The National Gallery of Australia recorded a large average surplus due mainly to receipt of goods or donations for no or nominal consideration, and bequests of cash, which are treated as income in the year received.
• The Australian Nuclear Science and Technology Organisation (ANSTO) recorded gains during the period attributable to the remeasurement of the nuclear waste management and decommissioning provisions. These gains were as a result of changes in the underlying discount rate applied in calculating the provisions. As discount rates increase, there is a reduction in the value of the provision which is recorded as a gain.
• The Australian Office of Financial Management (AOFM) received additional funding for the implementation and management of the Australian Business Securitisation Fund and the Structured Finance Support Fund. The associated expenditure has been less than budgeted due to lower investment activity in these funds.
• The Australian Securities and Investments Commission due to additional revenue recorded in 2021–22, including additional own source revenue received to deliver capital projects on behalf of other Australian Government entities and increased court cost recoveries.
• The Bureau of Meteorology recorded an average large operating surplus due to the impact of the Bureau’s contracts with customers which include the development of non-financial assets and insurance settlements for natural disasters. Expenses for these assets are capitalised and not recorded in the operating result until they are depreciated over their useful lives.
• The Department of Agriculture, Fisheries and Forestry recorded gains during 2020–21 and 2021–22 for the remeasurement of the Antarctic Restoration provision. This was due to changes in the underlying discount rate applied in calculating the provisions. As discount rates increase, there is a reduction in the calculation of the provision. DAFF transferred responsibility for the Australian Antarctic Division to the Department Change, Energy, Water and the Environment as a result of MoG changes during 2022–23.
• The Department of Education received funding during the period as part of COVID-19 pandemic stimulus packages. These funds were not fully expended in 2020–21. In addition, during 2020–21 the department received supplementation funding for amounts paid in earlier periods. Both of these items contributed to the surplus in that year.
• Geoscience Australia recorded an average large operating surplus due to the timing of the receipt of revenue and associated expenses for the Satellite-Based Augmentation System. The project is being delivered over time and involves construction of non-financial assets. Expenses for these assets are capitalised and not recorded in the operating result until they are depreciated over their useful lives.
• The National Health and Medical Research Council recorded an average large operating surplus due to the impact of decreases in expenditure on project-related activities resulting from the COVID-19 pandemic and the reversal of previously recognised impairment losses in 2020–21.
• Services Australia recorded operating surpluses in 2019–20, 2020–21 and 2021–22 due to additional funding received from the Australian Government to respond to the impacts of the COVID-19 pandemic. In 2022–23 Services Australia reported an operating loss arising mainly from the write down of intangible assets.

2.195 The National Capital Authority moved to the large average surplus category in 2022–23 due to large average surpluses recorded in 2021–22 and 2022–23. These surpluses were due to lower than expected employee expenses and higher income from fees for works approvals.

Balance sheet analysis

2.196 Consistent with the duties established in the PGPA Act entities are expected to actively manage their underlying financial position, maintaining asset levels to support their operations and ensuring that sufficient funds will be available to meet liabilities as they fall due.

2.197 The ANAO analysed the balance sheet positions of material Australian Government entities as at 30 June 2023. While it is necessary to have regard to the public sector context, the following two measures are generally accepted indicators of the soundness of entities’ balance sheets and are consistent with the ratios published by Finance:

• Liquidity: the extent to which an entity’s liabilities are covered by cash or other financial assets. Where liabilities significantly exceed its financial assets, an entity may need a future injection of cash from government to meet those liabilities; and
• Gearing: the extent to which an entity’s total assets are funded by debt rather than equity. An entity with high gearing may be running down its asset base that could indicate the need for a future capital injection from government.

2.198 Based on the measures developed by Finance, the ANAO has reviewed an entity’s ability to manage its underlying financial position. As no guidance to assist users in assessing whether the ratios indicate strong or weak financial performance in the context of the government sector has been issued, the ANAO has determined these parameters, outlined in Table 2.17 below.

Table 2.17: ANAO parameters for balance sheet categories

Source: ANAO analysis.

2.199 Figure 2.25 illustrates the strength of material entity balance sheets over the period 2019–20 to 2022–23.

Figure 2.25: Balance sheet analysis

Source: ANAO analysis of material entities’ balance sheets.

2.200 Sixty-three per cent of material entities had strong balance sheets in 2022–23 (compared to 60 per cent in 2021–22), while 29 per cent had less strong balance sheets (compared to 35 per cent in 2021–22). The main driver for the improvement in balance sheet strength is due mainly to improved liquidity ratios stemming from increased financial asset values against decreasing liabilities balances.

2.201 Eight per cent of material entities had weak balance sheets in 2022–23 (compared to 5 per cent in 2021–22). The entities with weak balance sheets are predominantly those whose operations are dependent on government policy and continued funding by the Parliament. On this basis, and provided that appropriate attention is given to liquidity issues in the future, these entities are not at high risk of experiencing liquidity problems.

2.202 During 2022–23 the Australian Bureau of Statistics moved to the weak balance sheet category, due to reduced financial assets at 30 June 2023 which contributed to a lower liquidity ratio.

2.203 Entities which remained in the weak balance sheet category in 2022–23 are detailed below:

• the Australian Taxation Office (ATO) consistent with prior years, the ATO’s weak balance sheet is attributable to the significance the entity’s liabilities, particularly lease liabilities, which impact the ATO’s liquidity ratio. Lease liabilities, representing the obligation for lease payments, are recognised at the commencement of a lease term. The ATO subsequently meet these payments through annual appropriations passed by the Parliament;
• the Department of Social Services (DSS) – consistent with prior years, DSS’s weak balance sheet is attributable to the significance of lease liabilities recorded which impacted DSS’s liquidity ratio. DSS subsequently meet these payments through annual appropriations passed by the Parliament. DSS’s gearing ratio also been impacted by the transfer of DSS’s IT function to Services Australia under previous MoG changes which reduced the total value of DSS’s non-financial assets. These services are now delivered under a shared service agreement;
• NBN Co Limited’s balance sheet continues to be impacted by debt facilities, including loans and bonds, incurred during the construction and operation of the national broadband network; and
• Voyages Indigenous Tourism Australia Pty Ltd’s balance sheet continues to be impacted by debt facilities. The entity holds borrowings to finance operations and construction and development of new assets.

Cost recovery

2.204 Cost recovery is one element of the Australian Government’s ‘Charging Framework’. The Charging Framework applies to entities in the General Government Sector that provide goods and services, or regulatory activities, to non-government customers. The focus of the Framework is to ensure consistency of charging activities and assist entities in determining when it is appropriate to charge for a government activity. The Framework comprises:

• the Australian Government Charging Policy; and
• the Cost Recovery Policy (CRP).

2.205 Cost recovery involves the Australian Government charging the non-government sector some or all of the efficient costs of a specific government activity.⁸³ The Australian Government may determine it is appropriate to charge non-government customers in the following circumstances:

Where specific demand for a government activity is created by identifiable individuals or groups they should be charged for it unless the Government has decided to fund that activity. Where it is appropriate for the Australian Government to participate in an activity, it should fully utilise and maintain public resources, through appropriate charging. The application of charging should not, however, adversely impact disadvantaged Australians.⁸⁴

2.206 Entities are required to ‘aim to minimise cost recovery charges through the efficient implementation of cost recovered activities’.⁸⁵

2.207 The Australian Government may determine that some activities should only be partially cost recovered. The CRP indicates that partial recovery may be appropriate in circumstances where:

• charges are being phased in;
• full cost recovery would be inconsistent with community service obligations endorsed by the Australian Government; and
• the Australian Government has made an explicit policy decision to charge for part of the costs of an activity.⁸⁶

2.208 The Department of Finance is responsible for advising entities on the application of the cost recovery policies and assisting entities to develop, implement and review cost recovered activities.

2.209 The CRP is required to be applied by all non-corporate Commonwealth entities and by selected corporate Commonwealth entities for which a Government Policy Order applies.⁸⁷ Entities are required to comply with the following key requirements of the CRP:

• entities and responsible ministers must have obtained policy approval from the Australian Government to recover costs (paragraph 33);
• there must be a statutory authority to charge (paragraph 34);
• the costs of administering cost recovery should be proportional to the charges for and potential revenue from the activity (paragraph 25);
• entities must document each cost recovered regulatory activity in a Cost Recovery Implementation Statement (CRIS) before charging begins (paragraph 39); and
• entities report on costs recovery for regulatory charging activities at an aggregate level in the entity’s annual financial statements in accordance with the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (paragraph 123).

2.210 Entities should closely monitor cost recovery performance in order to support their financial sustainability.

2.211 The ANAO performed an assessment of entities’ compliance with the requirements of the cost recovery framework and the cost recovery guidelines. The ANAO’s analysis indicates that there are 31 entities which undertook cost recovered activities during 2022–23.

2.212 The ANAO has analysed the extent to which entities have complied with the requirements of the key financial reporting requirements of the CRP.

Cost Recovery Implementation Statements

2.213 For cost recovery, transparency means documenting key information about the activity, such as the policy approval, statutory authority to charge and cost recovery model, in an accessible way for those who pay charges and for other stakeholders.⁸⁸ A Cost Recovery Implementation Statement (CRIS) is an explanatory document that provides key information on how cost recovery for a specific government activity is implemented.⁸⁹

2.214 A CRIS must be⁹⁰:

• certified by the accountable authority of the Commonwealth entity;
• approved by the responsible Minister⁹¹; and
• published on the responsible entity’s website before charging begins.

2.215 The ANAO’s analysis indicates that all entities required to have a CRIS in place for a cost recovered activity had these in place during 2022–23.

Cost recovery performance and reporting

2.216 A CRIS should be detailed enough to allow the Parliament, those who pay cost recovery charges, and other stakeholders to analyse the activity.⁹² Entities are required to report at an activity level in a CRIS. Entities are required to prepare estimates of expenses and revenue each activity at the commencement of every financial year for that year and forward estimates period. As financial estimates are progressively updated throughout the year (e.g., at Additional Estimates or Supplementary Budget Estimates), entities should update relevant information in the CRIS.⁹³

2.217 Entities must also include financial outcomes for the cost recovered activity in the CRIS on an annual basis. The outcomes include expenses and revenue for the activity and an explanation of any material difference between them.

2.218 Of the 31 entities that prepared CRIS’:

• fourteen entities had not updated a CRIS to include estimates for 2022–23 to include estimates of revenue and expenses and performance, at the activity level, for the previous period⁹⁴; and
• two entities had not updated a CRIS for the 2022–23 to include performance, at the activity level, of the previous period.⁹⁵

2.219 Section 34A of the FRR requires entities undertaking regulatory charging activities to include a note in their financial statements which provides information on the financial performance of these activities at an aggregate level (this note is referred to as the ‘Regulatory Charging Summary’). These financial statement disclosures must include:

• a list of the regulatory charging activities;
• appropriations drawn down and applied to the regulatory activities;
• external revenue raised for the regulatory activities; and
• expenses related to the regulatory activities.

2.220 The information included in the note provides industry, the Parliament and the public with assurance that these activities are being managed in a way that aligns expenses and revenues over time.⁹⁶ RMG 125 also includes additional information to assist entities in preparing these disclosures.

2.221 Figure 2.26 provides an overview the external revenue generated from cost regulatory charging activities compared with the total expenses incurred in delivering the activity for the period 2020–21 to 2022–23 as reported in entity financial statements.

Figure 2.26: External revenue and expenses incurred in delivery of regulatory charging activities for the period 2020–21 to 2022–23

Source: ANAO analysis of entity financial statements for the periods: 2020–21, 2021–22 and 2022–23.

2.222 Figure 2.26 demonstrates that over the period 2020–21 to 2022–23 expenses incurred in delivering cost recovered activities exceeded external revenue received. During this period, total external revenue increased by nine per cent, compared to expenses incurred which increased by 13 per cent. As noted in paragraph 2.207 the Australian Government may determine that it is appropriate to only partially recover costs.

2.223 The ANAO’s analysis indicates that 50 per cent of entities were reliant on appropriation funding to meet the expenses incurred in cost recovered activities in the period 2020–21 to 2022–23. The following entities are reliant on appropriation funding to meet 20 per cent or more of the expenses of their cost recovered activities: Aged Care Quality and Safety Commission, Australian Skills Quality Authority (National Vocational Education and Training Regulator), Australian Taxation Office, Department of Agriculture, Fisheries and Forestry, Department of Climate Change, Energy, the Environment and Water, Department of Education, Great Barrier Reef Marine Park Authority, Tertiary Education Quality and Standards Agency.

2.224 The ANAO’s analysis indicates that 50 per cent of entities received more external revenue than expenses during the period 2020–21 to 2022–23. The Australian Media and Communications Authority entities received 20 per cent or more external revenue than costs incurred. Entities must ensure alignment between revenue and expenses balance out over a reasonable period, for which the guidance suggests is the business cycle of the relevant activity.⁹⁷

2.225 The ANAO’s analysis of entity financial statements also identified instances of non-compliance with requirements of Section 34 A of the FRR.

• Two entities had not included a note in the financial statements for the regulatory activities undertaken.⁹⁸
• Inconsistencies in the presentation of information in relation in the financial statements which limited the ability of users of the financial statements to determine cost recovery financial performance relating to:
  • some entities included only appropriation that represented the Australian Government’s appropriation to support partial cost recovery, whereas some entities included all appropriations drawn down in respect of an activity limiting the ability to determine performance at the activity level.
  • inclusion of disclosures where cost recovered activities are undertaken by entities, but cash received is credited to a special or other appropriation. In some cases entities did not include disclosures, in some cases portfolio agencies responsible for the special appropriation included disclosures and in some cases these were duplicated; and
  • presentation of departmental and administered financial items in separate disclosures, limiting the ability of users to easily determine the financial performance of cost recovered activities at the entity level.

2.226 Given the scale of cost recovered activities there is an opportunity to for the Department of Finance to review entity disclosure practices and provide additional guidance to Commonwealth entities to enhance relevant disclosures. Such enhancements should provide users with information that allows them to develop an understanding of whether cost recovered activities are being implemented effectively.

Introduction

3.1 The Australian Government’s financial reporting framework is primarily based on standards made independently by the Australian Accounting Standards Board (AASB).

3.2 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board. As IFRS are designed primarily for use by private sector and for-profit organisations, the AASB amends the IFRS to reflect significant transactions and events unique to the public and not-for-profit private sectors. In doing so, the AASB considers standards issued by the International Public Sector Accounting Standards Board (IPSASB).

3.3 The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires Commonwealth entities to apply Australian accounting standards when preparing financial statements. In addition to Australian accounting standards, the Minister for Finance prescribes additional financial reporting requirements for Commonwealth entities via the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (FRR).

3.4 The audits of the financial statements of Australian Government entities are conducted in accordance with the ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997 (Auditor-General Act). The ANAO Auditing Standards incorporate, by reference, the auditing standards made by the Australian Auditing and Assurance Standards Board (AUASB). The AUASB bases its standards on those made by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting board of the International Federation of Accountants.⁹⁹

3.5 On 21 November 2023, the Treasurer announced a restructure under which the AASB, the AUASB and the Financial Reporting Council (FRC) will be combined into a single entity. The Treasurer also noted that the Australian Government will finalise the details of the governance arrangements for the new entity and will release draft legislation for public consultation, including appropriate transitional arrangements. The Auditor-General Act requires the Auditor-General to set the auditing standards to be complied with in performing relevant audits and reviews. The Auditor- General will consider any potential impacts on the independence of the Auditor-General that may arise from the restructure and, if there are risks to independence, consider how to mitigate those risks in the Auditor-General’s standard-setting function. This could involve the broader adoption of adopting other available standards may be more appropriate.

3.6 The financial reporting and auditing frameworks that applied in 2022–23 are discussed further in Appendix 3 and Appendix 4 of this report.

Changes in the environment

Implementation of revised auditing standard ASA 315

3.7 The implementation of revised auditing standard ASA 315 has resulted in audits placing greater focus on entities’ processes and controls around governance, as well as IT risk and control environments. This increased focus has resulted in the identification of an increased number of insights, as well as areas of weakness in these areas.

3.8 The strengthened focus of the ANAO’s audits on entities’ processes and controls around governance included the examination and evaluation of: whether management, with oversight of those charged with governance, has created and maintained a culture of ethical behaviour; whether the entity’s risk assessment process is appropriate to the entity’s circumstances; and whether the entity’s process for monitoring the system of internal control is appropriate. The ANAO raised a number of findings relating to governance matters, including in relation to a few entities failing to appropriately assess and report the impact of relevant legal matters in their financial statements. This internal control weakness increases the risk that not all matters that affect the financial statements are captured and reported appropriately. These findings are detailed in Chapters 2 and 4 of this report.

3.9 There has been an increase in the number of audit findings identified relating to the IT control environment following the ANAO’s implementation of the revised ASA 315. This is partly due to some systems becoming in-scope as a result of the revisions in the standard. The findings identified included deficiencies in privileged user access processes and user termination controls. These findings are also detailed in Chapter 2 and 4 of this report.

National Anti-Corruption Commission

3.10 The NACC commenced operations on 1 July 2023. The NACC Act establishes the NACC as an independent Commonwealth agency to detect, investigate and report on serious or systemic corruption in the Commonwealth public sector.¹⁰⁰

3.11 The NACC Act and the Auditor-General Act both aim to enhance integrity and accountability in the public sector but have different focuses and functions. The NACC Act focuses on investigating and reporting on corruption issues in the public sector and the Auditor-General Act focuses on the proper use of public resources in the Commonwealth government sector.

3.12 The ANAO and the NACC will work to establish a relationship as integrity bodies operating under our respective legislative frameworks. The ANAO, in the course of performing ANAO audits, may refer evidence of serious or systemic corruption issues to the NACC Commissioner for investigation.

Emerging areas

Sustainability reporting update

3.13 On 26 June 2023, the International Sustainability Standards Board (ISSB) issued IFRS S1 General Requirements for Disclosure of Sustainability-related Financial Information (IFRS S1) and IFRS S2 Climate-related Disclosures (IFRS S2).¹⁰¹ On 23 October 2023, the AASB issued Exposure Draft ED SR1 Australian Sustainability Reporting Standards – Disclosure of Climate-related Financial Information (ED SR1).¹⁰² ED SR1 is based on the ISSB standard and includes three draft Australian Sustainability Reporting Standards (ASRS):

• ASRS 1 General Requirements for Disclosure of Climate-related Financial Information (ASRS 1) – based on IFRS S1, but with scope limitation to climate-related financial disclosure
• ASRS 2 Climate-related Financial Disclosures (ASRS 2) – developed using IFRS S2 as the baseline
• ASRS 101 References in Australian Sustainability Reporting Standards (ASRS 101) – a service standard to be updated periodically to list the relevant versions of any non-legislative documents published in Australia and foreign documents referenced in ASRS standards.¹⁰³

3.14 It is noted that although ED SR1 has been issued, the Australian Securities and Investment Commission Act 2001 (ASIC Act) currently does not explicitly grant the AASB and the AUASB the function to develop and formulate sustainability standards and associated auditing and assurance standards.¹⁰⁴ The Treasury Laws Amendment (2023 Measures No. 1) Bill 2023, currently before the Senate¹⁰⁵, provides the AASB and the AUASB with these functions and also empowers the Financial Reporting Council to provide strategic oversight and governance functions in relation to the AASB’s and AUASB’s sustainability standards functions.

3.15 ED SR1 is also based on consideration of the Treasury’s second consultation paper Climate-related financial disclosure (the second Treasury paper) issued on 27 June 2023.¹⁰⁶ The second Treasury paper proposes a three-phased approach to the application of mandatory disclosure requirements commencing with a limited group of very large entities expanding over two years to apply progressively to smaller entities.¹⁰⁷ It also proposes phasing and scaling of assurance requirements to allow for skills, capacity and processes to be developed in the market at a workable pace, and that financial auditors lead sustainability assurance engagements supported by technical climate and sustainability experts when required.

3.16 Finance is responsible for the implementation of Commonwealth Climate Disclosure (CCD) requirements for Commonwealth entities. To maximise comparability of disclosures across the public and private sector, it is proposed that the requirements for the Commonwealth public sector align with the private sector (refer Treasury consultation papers) except where there are reasons to differ.¹⁰⁸

3.17 Finance is also responsible for the design and development of a CCD assurance and verification regime, which will be developed in consultation with the ANAO. It is expected that ANAO financial statement auditors will deliver the audit process.

Sustainability assurance

3.18 On 2 August 2023, the International Auditing and Assurance Standards Board (IAASB) released an exposure draft of proposed International Standard on Sustainability Assurance 5000 General Requirements for Sustainability Assurance Engagements (ISSA 5000).^{109 110}

3.19 On 17 August 2023, the AUASB released a consultation paper on Exposure of the IAASB’s Proposed ISSA 5000 General Requirements for Sustainability Assurance Engagements; and Proposed Conforming and Consequential Amendments to Other IAASB Standards to obtain feedback from stakeholders to inform the AUASB’s response to the IAASB exposure draft on ISSA 5000 and to identify potential areas for modification for application in Australia.^111,112

Auditing Ethics

3.20 The ANAO audits activities against framework requirements to provide independent assurance to the Parliament and assist it to hold the executive government to account. In recent years, the ANAO has increasingly brought into scope issues of ethics (as defined in the PGPA Act and Public Service Act 1999) particularly where meeting mandatory requirements is not sufficient to ensure compliance with the high expectations set out in principles-based legislation and frameworks. This enhanced focus led to the development of ANAO methodology guidance for audits of ethics, finalised in 2022.

3.21 The first audit in which the methodology is being formally used, Effectiveness of the Australian Public Service Commission’s administration of statutory functions relating to upholding high standards of integrity and ethical conduct in the Australian Public Service, is currently underway and is due to be tabled in the Parliament in April 2024. A further two effectiveness audits of selected entities’ implementation of the APS ethical framework are listed as potential audits in the 2023-24 Annual Audit Work Program.¹¹³

Integrity

3.22 Ethics and integrity are a strong focus area for the public sector, notably with the release of the report of the Royal Commission into the Robodebt Scheme and the establishment of the NACC. As noted above, ethics, integrity and probity will continue to be a focus of our audit work. The ANAO will also continue to build a working relationship with the NACC, both in sharing key sectoral insights and, as necessary, in considering matters which may be referred to the NACC as a result of our audit work.

3.23 As an integrity agency, the ANAO regards integrity as a core value of the organisation — critical in sustaining the confidence of Parliament, strengthening public trust in government and delivering quality audit products. Maintaining strong institutional integrity is essential to the operations and reputation of the ANAO. The ANAO has published its Integrity Framework and Report for 2022–23 to provide increased transparency of the measures we undertake to maintain a high integrity culture within the ANAO.

3.24 The ANAO Integrity Framework provides an overarching structure to the ANAO integrity control system that promotes proactive integrity management. The framework serves to assist in ethical decision making and risk, fraud and misconduct management. The ANAO’s framework is shaped by the legislation, frameworks, policies, assurance and governance mechanisms, as well as the actions taken by our people to embed a pro-integrity culture, consistent with the integrity guidance issued by the Australian Public Service Commission.

3.25 The ANAO recognises that integrity demands not only quality in our products but also in the behaviours of our people. We expect our people to demonstrate integrity through their actions and behaviours in accordance with the ANAO’s five key principles of integrity – independence, honesty, openness, accountability and courage. In the ANAO, integrity means more than simply complying with requirements, it means acting to achieve the intent and spirit of the requirements.

Quality Assurance Framework and Reporting

ANAO Quality Management Framework

3.26 The quality of ANAO audit work is reliant on the strength of its independence and quality control processes. The ANAO defines audit quality as the provision of timely, accurate and relevant audits, performed independently in accordance with the requirements of the Auditor-General Act, ANAO auditing standards and methodologies, which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

3.27 The ANAO Quality Management Framework and Plan 2023–24 articulates the system of quality control that the ANAO has established to support the delivery of high-quality audit work and enables the Auditor-General to have confidence in the opinions and conclusions in the reports prepared for the Parliament.

3.28 The ANAO quality management framework complies with the requirements of new and revised the Auditing Standards that came into effect on 15 December 2022:

• ASQM 1 – Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements
• ASQM 2 – Engagement Quality Reviews; and
• ASA 220 – Quality Management for an Audit of a Financial Report and Other Historical Information.

3.29 The revised standards introduced a quality management approach that is focused on proactively identifying and responding to risks relating to quality. The standards include enhanced requirements and focus on governance and leadership, monitoring and remediation. The ANAO made changes in the ANAO Audit Manual in response to the changes in the standards including further embedding the ANAO’s commitment to audit quality and capturing initiatives that the ANAO was already undertaking in support of quality management including: root cause analysis; and the publication of the framework and Audit Quality Report. A new requirement of the standards and a key deliverable set out in the ANAO Quality Management Framework and Plan 2023–24, is the ANAO evaluation of the Quality Management Framework on whether the framework provides the Auditor-General with reasonable assurance that the ANAO quality objectives are being achieved. The Auditor-General’s conclusion of the evaluation is set out in the ANAO Audit Quality Report 2022–23.

Ethical requirements and independence

3.30 Ethical requirements, with a focus on independence, are core to the ANAO Quality Management Framework. The fundamental principles of professional ethics, as set out in APES 110 Code of Ethics for Professional Accountants (including independence standards), are integrity; objectivity; professional competence and due care; confidentiality; and professional behaviour. The ANAO maintains a continued focus on independence through the application of ANAO independence policies that manage threats to independence in the conduct of the ANAO’s work.

Quality control and consultation processes

3.31 In the conduct of their work ANAO auditors apply a robust methodology to drive consistent quality and compliance with the ANAO Auditing Standards. The ANAO audit methodology incorporates policies regarding direction, supervision and review, consultation on significant technical and ethical issues, engagement quality review of high-risk audits and documentation of audit evidence and work performed.

ANAO Quality Reporting

3.32 The Audit Quality Report 2022–23 demonstrates the ANAO evaluation of the design, implementation and operating effectiveness of the ANAO Quality Management Framework and the achievement of ANAO quality objectives. The report provides transparency in respect of the processes, policies, and procedures that support each element of the ANAO Quality Management Framework, and reports audit quality indicators measuring ANAO performance against benchmarks. The report also includes the achievement of the quality assurance strategy and deliverables set out in the Quality Management Framework and Plan, including the results of internal and external quality assurance reviews.

Data analytics

Digital audit strategy

3.33 The ANAO is actively shifting towards an increased use of digitalisation within audit processes in line with ongoing technological developments. Digital audit solutions include standardised data analytics processes, automated audit workflows and streamlined data acquisition processes.

3.34 During 2023, the ANAO launched a digital audit strategy and established a centre of excellence for digital auditing. The digital audit centre of excellence focuses on identifying and utilising technology and data analytics products that can be consistently applied across various audits to:

• drive audit efficiency and innovation;
• enhance audit quality by adopting consistent audit approaches;
• ensure consistency in use of data and technology;
• develop digital auditing capabilities; and
• improve staff job satisfaction and retention through modern audit practices.

Acquiring data from audited entities

3.35 Acquiring consistent data from audited entities is a key challenge to achieving the ANAO’s digital audit goals. Audit processes cannot be made more efficient or effective based on unreliable or inconsistent data sources.

3.36 The ANAO’s experience is that most audited entities do not have a consistent process for extracting data in supporting audits. This results in additional effort for both entities and the ANAO to validate and transform the data to ensure accurate and reliable analytical outcomes.

3.37 The ANAO will be working with audited entities to pursue consistent data extraction processes. Consistent data extraction processes benefit the ANAO and entities by reducing repeat data extraction, streamlining data ingestion, and improving data integration. This not only saves time and resources for the ANAO and the audited entity but also allows timely and accurate audits.

Standardised data analytics solutions

3.38 Standardised solutions are data analytics products that are applied to all relevant financial statements audits to increase quality and effectiveness of audit testing. The ANAO’s standardised data analytics solutions are a collaborative effort that uses the unique expertise and insights from both the data analytics and audit groups. Standardised solutions integrate into the auditing workflow by generating work papers that support the ANAO’s quality requirements.

3.39 During 2022–23 the ANAO managed standardised analytics solutions for audit procedures conducted on journals, employee expenses and appropriations. The ANAO is also assessing further areas for developing standardised solutions.

3.40 The ANAO’s systems assurance and data analytics and audit teams co-develop the standardised solutions. This collaborative approach delivers solutions that meet the needs of the auditing function. The teams perform quality assurance checks throughout development across the technical approach and compliance with auditing standards and methodologies. The ANAO’s audit technical area reviews and approves standardised solutions before they are deployed to audit teams.

Note a: Two subsidiary entities classified by the Department of Finance as material are consolidated into parent entities. These entities are: ANSTO Nuclear Medicine Pty Ltd (consolidated into Australian Nuclear Science and Technology Organisation) and CSIRO General Partner Pty Ltd (consolidated into Commonwealth Scientific and Industrial Research Organisation). The results relating to these entities are included in the section of this chapter relating to the parent entity.

Entities included within this chapter

4.0.1 This chapter reflects portfolio arrangements as at 30 June 2023. The following information for each portfolio is included in this chapter:

• an overview including:
  • an analysis of income, expenses, assets and liabilities that contributed to the 2022–23 CFS; and
  • a table of the number of audit differences reported to entities in the portfolio;
• for each material entity within the portfolio ^{115, 116}:
  • the primary role of the entity;
  • a summary of financial performance that provides a comparison of the 2021–22 and 2022–23 key financial statements items and commentary regarding significant movements; and
  • key areas of financial statements risk including those areas identified as key audit matters (KAM);
  • the status of significant and moderate audit findings reported in 2022–23 and previous years for all entities; and
  • a summary of the ANAO’s auditor’s report.

4.0.2 Information is also included for each non-material entity within a portfolio where there has been a significant or moderate audit finding; significant legislative breach identified or emphasis of matter included in the auditor’s report.

4.0.3 Figure 4.0.1 below provides each portfolio’s contribution, as a percentage of the Australian Government’s 2022–23 Consolidated Financial Statements (CFS).

Figure 4.0.1: Portfolio’s contribution as a percentage of the Australian Government’s 2022–23 Consolidated Financial Statements

Source: ANAO analysis of 2022–23 CFS.

Financial statements audit approach

4.0.4 The primary purpose of audits of financial statements is to provide relevant and reliable information to users about an entity’s financial performance and position. The ANAO’s financial statements audits provide an independent examination of the financial accounting and reporting of public sector entities. The ANAO’s objective in completing a financial statements audit is to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the ANAO to express an opinion on whether they are in accordance with relevant legislation.

4.0.5 A central element of the ANAO’s financial statements audit methodology, and the focus of the planning phase of the ANAO audits, is the development of a sound understanding of an entity’s environment and internal controls relevant to assessing the risk of material misstatement in the financial statements. This understanding informs the ANAO’s audit approach, including the reliance that may be placed on entity systems to produce financial statements that are free from material misstatement.

4.0.6 During the planning phase the ANAO undertakes a risk assessment of the overall risk of misstatement in the financial statements which includes consideration of the: operating environment, adoption and use of technology, changes in and complexity of the financial reporting framework and results of previous audits. Whilst this risk assessment may cause the ANAO to focus on certain aspects of the financial statements the ANAO considers at greater risk of misstatement the ANAO performs audit procedures on all material financial statements line items and disclosures.

4.0.7 In planning an audit, the ANAO also considers internal controls relevant to the preparation and fair presentation of the financial statements in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the entity’s internal controls.

4.0.8 The interim phase of the audit assesses the design and operating effectiveness of selected controls.

4.0.9 In the final audit phase, the ANAO:

• audits the of the design and operating effectiveness of selected controls for the full year;
• substantively tests material balances and disclosures in the financial statements; and
• finalises its audit opinion on the entity’s financial statements.

4.0.10 In accordance with the Australian Auditing Standards (and generally accepted auditing practice), the ANAO accepts a low level of risk that the audit procedures will fail to detect that the financial statements are materially misstated. This low level of risk is accepted because it is too costly to perform an audit that is predicated on no level of risk. Specific audit procedures are performed to ensure that the risk accepted is low. These procedures include:

• obtaining knowledge of the entity and its environment;
• reviewing the operation of internal controls;
• undertaking analytical reviews;
• testing a sample of transactions and account balances and conducting data analytics over entire populations; and
• confirming significant year end balances with third parties.

4.0.11 Where a performance audit was tabled during 2022–23 that was relevant to the financial management or administration of an entity, the impact of those observations on the audit approach will be discussed within the relevant portfolio section. For audits tabled from 1 July 2023 onwards, relevant observations will inform the ANAO’s 2023–24 financial statements audit risk identification process.

Engagement risk

4.0.12 An audit engagement is assessed as being a high, moderate or low risk engagement based upon the overall risk of the engagement to the Auditor-General and the ANAO in accordance with the requirements of the ANAO Audit Manual.¹¹⁷ This risk assessment includes consideration of:

• the inherent risk of material misstatement arising from the engagement (that is, the risk that there is a material misstatement in the subject matter before the conduct of the engagement); and
• other professional risks, being any other source of risk to the Auditor-General and the ANAO arising from the conduct of the engagement including, but not limited to, litigious and reputational risks.

4.0.13 Engagement risks are communicated to entities during the planning phase of the audit. Engagement risk is also monitored during the course of the audit. Risk ratings may be subject to change where new developments emerge. Where information-gathering processes reveal evidence of misrepresentation or inadequacies, the risk of an engagement would be rated higher to reflect the risk of expressing an inappropriate conclusion based on a lack of sufficient appropriate audit evidence.

4.0.14 The level of engagement risk identified is a factor in determining the nature, timing and extent of audit procedures to be performed during the audit. In addition, for high risk audits, the ANAO considers the level of resources, including the skills and experience of the engagement team, needed to address the identified risks.

4.0.15 Table 4.0.1 includes a summary of the entities for which the ANAO assessed as having a high engagement risk for 2022–23.

Table 4.0.1: Entities with a high engagement risk rating for 2022–23

Note a: Engagement risk rating for 2021–22 relates to the former Department of Agriculture, Water and the Environment. On 1 July 2022 the entity was renamed the Department of Agriculture, Fisheries and Forestry.

Note b: The entity was established 1 July 2022 therefore there was no engagement risk rating for 2021–22.

Note c: Engagement risk rating for 2021–22 relates to the former Department of Education, Skills and Employment. On 1 July 2022 the entity was renamed the Department of Education.

Note d: Engagement risk rating for 2021–22 relates to the former Department of Health. On 1 July 2022 the entity was renamed the Department of Health and Aged Care.

Source: 2021–22 and 2022–23 ANAO results.

Audit findings

4.0.16 As explained in Chapter 2 (see paragraphs 2.77 to 2.145) audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Often these risks arise from deficiencies within an entity’s internal control processes or frameworks. Weaknesses in internal controls increase the possibility that an entity will not prevent or detect a material misstatement in its financial statements in a timely manner. The ANAO rates audit findings according to the potential business or financial management risk posed to the entity.

4.0.17 Table 4.0.2 below presents a summary of significant or moderate findings and significant legislative breaches reported as at 30 June 2023 and 30 June 2022 by portfolio and entity, including the number of findings carried forward as unresolved from the previous year.

4.0.18 For new audit findings first identified during the ANAO’s 2022–23 financial statements audits, the findings and associated recommendations were agreed by all entities. For repeat and unresolved audit findings, the findings and recommendations were agreed by all entities except for the:

• Department of Social Services – Removal of user access (refer to paragraph 4.15.22 to 4.15.25); and
• Tiwi Land Council – Risk management activities (refer to paragraph 4.14.63 to 4.14.67).

Table 4.0.2: Significant and moderate audit findings by portfolio and entity

Note a: Significant and moderate audit findings by portfolio and entity

Note b: Repeat/unresolved findings are categorised as such if unresolved from a prior financial year. Findings transferred to another entity as a result of machinery of government changes which remain unresolved are treated as repeat findings for the purposes of this table.

Note c: As identified in Chapter 2, there were 10 outstanding audits of 2021–22 financial statements not yet finalised by the ANAO at the time of the publication of Auditor-General Report No. 8 2022–23 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2022. These audits were finalised during 2022–23. Table 4.0.2 includes the results of these audits.

Note d: Legislative breaches are not included in the table above. Three significant legislative breaches were reported in 2022–23. For further details refer to individual entity contributions in this chapter for: Department of Health and Aged Care, Northern Land Council and Tiwi Land Council.

Note e: The moderate audit finding relating to FMIS Privileged user access management was first reported to the former Department of Agriculture, Water and the Environment (DAWE) as part of the 2021–22 financial statements audit. DAFF transferred the administrative responsibility for the SAP Financial Management Information System (FMIS) to DCCEEW in February 2023. Refer to paragraph 4.3.21 to 4.3.24.

Note f: The moderate audit finding related to Removal of user access was first reported to the Department of Education, Skills and Employment (DESE). On 1 July 2022, the Department of Employment and Workplace Relations (DEWR) was created, and some functions transferred from DESE. As a result, this finding was also relevant to DEWR.

Note g: The Royal Australian Navy Central Canteens Board’s (RANCCB) 2022–23 financial statements were not signed (and the audit was not complete) at 30 November 2023. Results of the ANAO’s 2022–23 interim audit of RANCCB are included in this report.

Note h: Bundanon Trusts’ 2022–23 financial statements were not signed (and the audit was not complete) at 30 November 2023.

Source: ANAO correspondence 2021–22 and 2022–23.

4.1 Agriculture, Fisheries and Forestry portfolio

Portfolio overview

4.1.1 The Agriculture, Fisheries and Forestry portfolio is responsible for advising the government and implementing programs on rural adjustment and drought issues, plant and animal biosecurity and Australia’s agricultural, fisheries, food and forestry industries. Table 4.1.1 identifies material entities specifically mentioned in this section.

Table 4.1.1: Agriculture, Fisheries and Forestry portfolio material entities discussed in this section

4.1.2 Figure 4.1.1 shows the Agriculture, Fisheries and Forestry portfolio’s income, expenses, assets and liabilities contribution to the Australian Government’s Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹¹⁸

Figure 4.1.1:  Agriculture, Fisheries and Forestry portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.1.3 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.1.2 provides a summary of those audit differences that relate to entities within the Agriculture, Fisheries and Forestry portfolio.

Table 4.1.2: The number of audit differences for entities in the Agriculture, Fisheries and Forestry portfolio

Note a: On 1 July 2022 the Department of Agriculture, Water and the Environment was renamed to the Department of Agriculture, Fisheries and Forestry.

Source: ANAO analysis of audit differences reported to entities in the Agriculture, Fisheries and Forestry portfolio.

4.1.4 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Agriculture, Fisheries and Forestry.

Department of Agriculture, Fisheries and Forestry

4.1.5 The Department of Agriculture, Fisheries and Forestry (DAFF) is responsible for developing and implementing policies and initiatives to promote more sustainable, productive, internationally competitive and profitable Australian agricultural, food and fibre industries; safeguarding Australia’s animal and plant health status to maintain overseas markets and protect the economy and environment from exotic pests and diseases.

4.1.6 On 1 June and 23 June 2022, revised Administrative Arrangements Orders were issued by the Australian Government. As a result, on 1 July 2022, a Machinery of Government (MoG) change occurred with the following impacts for DAFF:

• the Department of Agriculture, Water and the Environment (DAWE) was renamed to DAFF; and
• functions related to water and the environment were transferred to the newly created Department of Climate Change, Energy, the Environment and Water (DCCEEW). Administered functions transferred to DCCEEW on 1 July 2022, with departmental functions transferring on 1 September 2022.

Summary of financial performance

4.1.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by DAFF (as outlined in Table 4.1.3 and Table 4.1.4 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.1.3: Key departmental financial statements items

Source: DAFF’s audited financial statements for the year ended 30 June 2023.

4.1.8 The decrease in the net cost of services, total deficit attributable to the Australian Government and revenue from government relates to the transfer of the water and environment functions to DCCEEW through the departmental MoG changes on 1 September 2023.

4.1.9 The decrease in total assets of $1.1 billion mainly relate to assets of the water and environment functions transferred to DCCEEW through MoG changes. The assets transferred relate to the research vessel RSV Nuyina and other buildings, plant and equipment relating of the Australian Antarctic Division.

4.1.10 The decrease in total liabilities of $476.3 million mainly relates to:

• liabilities for the water and environment functions transferred to DCCEEW through MoG changes, primarily the provision for Antarctic solid waste disposal sites and Antarctic regions; and
• offset by an increase in lease liabilities primarily related to a new lease entered into by DAFF for corporate offices.

Financial sustainability

4.1.11 In February 2023 DAFF advised the ANAO that it was reassessing its financial performance and sustainability due to a forecast loss position at 30 June 2023. As a result, the ANAO identified an additional area of financial risk relating to financial sustainability for which specific audit procedures were performed during the course of the audit (refer to Table 4.1.5).

4.1.12 For the year ended 30 June 2023 DAFF reported an actual total deficit of $51.6 million. After adjustment for non-cash expenses for depreciation and amortisation, which are funded through departmental capital budget appropriations, DAFF reported a net cash surplus of $2.5 million. The surplus result was mainly due to:

• the receipt of $127.0 million of additional appropriations through Appropriation Act No. 3 2022–23 under the measure ‘funding supplementation’ in June 2023; and
• cost control measures implemented by DAFF’s executive board in early 2023.

4.1.13 Underlying this result is the financial performance of cost recovered services. DAFF provides a range of cost recovered services for export, import and biosecurity services. DAFF incurred a deficit $40.9 million for these services in 2022–23. As a result, during 2022–23 DAFF drew on annual appropriations to fund all expenses given the deficit in revenue received for these services.

4.1.14 At 30 June 2023 DAFF reported a net current asset position of $83.2 million, primarily attributable to the receipt of $127.0 million of additional funding from the Australian Government in June 2023 (refer to paragraph 4.1.12).

4.1.15 DAFF’s action in response to the risks that were identified in relation to financial performance and sustainability include:

• the establishment of a financial improvement taskforce with focus on delivering improvements in the entity’s financial acumen and financial sustainability;
• the Minister for Agriculture, Fisheries and Forestry agreeing to changes to regulatory fees and charges for biosecurity functions. The average fee increase was 28 per cent. The new fees and charges commenced on 1 July 2023;
• the Australian Government approving the introduction of a ‘Biosecurity Sustainable Funding Model’ which provides additional appropriations for DAFF to undertake biosecurity activities. This measure is intended to be funded by a ‘Biosecurity Protection Levy’, applicable from 1 July 2024, charged on all domestic agricultural fisheries and forestry producers.

4.1.16 DAFF’s financial position improved following the actions taken in response to the forecast loss for 2022–23 described in paragraphs 4.1.12 to 4.1.15. The ANAO’s analysis indicates that there are continued risks to DAFF’s financial sustainability that will require close attention from DAFF’s accountable authority.

• Performance of cost recovered services. The Australian Government Cost Recovery Policy119 requires that ‘Australian Commonwealth entities should generally set charges to recover the full cost of providing specific activities, except where partial recovery is determined to be appropriate. Consistent with the requirements of the policy DAFF should regularly review its cost recovery performance and ensure that revenue from cost recovered activities aligns with the cost of providing the services over a reasonable period (the business cycle of the activity).
• The level of financial acumen and financial management expertise in DAFF. This area has also been identified out in the Capability Review undertaken by the Australian Public Service Commission (APSC) into DAFF released in September 2023.¹²⁰ The APSC identified as a priority area for capability improvement that DAFF:
• …strengthen reporting and forecasting, as this is essential to DAFF managing its financial risk into the future. The department needs to prioritise developing program-level performance and financial reporting, consolidated at an enterprise level and used by the senior leadership team to inform resource allocation decisions, including how best to resource future priorities.

4.1.17 As part of the 2022–23 financial statements audit the ANAO recommended that DAFF review existing procurement processes to ensure that key decision makers for procurements have sufficient information regarding future financial performance and position to commit to a procurement at the time a contract is entered into.

Table 4.1.4: Key administered financial statements items

Source: DAFF’s audited financial statements for the year ended 30 June 2023.

4.1.18 The decrease in total expenses, total deficit and total comprehensive loss relate mainly to the transfer of the water and environment functions to DCCEEW through MoG changes on 1 July 2022.

4.1.19 The increase in total income of $67.3 million was due mainly to additional interest recorded on concessional loans reflecting the conclusion of the interest free period on some loans offered by the Regional Investment Corporation on behalf of DAFF.

4.1.20 The $7.5 billion decrease in total assets was mainly due to assets relating to the water and environment functions being transferred to DCCEEW through MoG changes, these assets were:

• water entitlements and the Commonwealth’s share in joint ventures associated with the Murray Darling Basin of $4.6 billion;
• administered investments in portfolio entities of $1.1 billion; and
• cash held in special accounts of $2.1 billion.

Key areas of financial risk

4.1.21 In light of the key areas of risk and the ANAO’s understanding of the operations of DAFF, during the interim phase of the 2022–23 audit the ANAO increased the overall risk of material misstatement in the financial statements audit from moderate to high in 2022–23. This increase was a result of DAFF’s forecast financial position for 2022–23, which increased the risk that entity level and transactional internal controls important to financial management, preparation of the financial statements and the supporting information technology (IT) environment may not operate effectively.

4.1.22 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DAFF’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.1.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.1.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DAFF’s audited financial statements for the year ended 30 June 2023.

4.1.23 The following performance audit reports were tabled during 2022–23 relevant to the financial management or administration of DAFF:

• Auditor-General Report No. 6 2022–23 Implementation of the Export Control Legislative Framework; and
• Auditor-General Report No. 17 2022–23 Department of Agriculture, Fisheries and Forestry’s Cultural Reform.

4.1.24 The observations of these reports were considered in designing audit procedures in relation to departmental revenue from contracts with customers, particularly in relation to export fees and charges, and in the understanding and evaluation of the design and operating effectiveness of entity-level internal controls

Audit results

4.1.25 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.1.6: Status of audit findings

Note a: The moderate audit finding relating to FMIS Privileged user access management was first reported to the DAWE as part of the 2021–22 financial statements audit. DAFF transferred the administrative responsibility for the SAP Financial Management Information System (FMIS) to DCCEEW in February 2023. Prior to February 2023 DAFF was responsible for the FMIS. The finding was not resolved by DAFF and the audit finding was transferred to DCCEEW. Refer to paragraph 4.3.21 to 4.3.24.

Source: ANAO 2022–23 audit results.

4.1.26 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that DAFF’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Removal of user access

4.1.27 The Protective Security Policy Framework (PSPF) helps Australian Government entities to protect their people, information and assets. The PSPF sets out government protective security policy in terms of: security governance; information security; personnel security; and physical security.¹²¹ PSPF Policy 9 Access to information and PSPF Policy 14 Separating personnel outline security measures to control access to Australian Government information and mitigate risks associated with departing personnel. PSPF Policy 9 requires entities to control access to supporting Information, Communication and Technology (ICT) systems and applications and ensure access to sensitive information is only provided to people on a need-to-know basis.¹²² PSPF Policy 14 requires personnel’s access to be removed upon separation or transfer from the entity. ¹²³ Inadequate security measures for timely removal of access from former personnel increase the risk of unauthorised access to sensitive information.

4.1.28 DAFF’s ‘System Access Management Policy’ is consistent with the Protective Security Policy Framework (PSPF), requiring controlled access to systems, networks and applications. This includes removing access from people who no longer have an operational requirement to access systems, networks and applications. However, DAFF does not have a process in place to identify users who had access to systems, applications and data repositories after termination from the entity.

4.1.29 During the 2022–23 audit the ANAO identified users who had accessed the DAFF network and systems supporting the preparation of the financial statements post termination. Unauthorised user access post termination poses a business risk and could potentially impact the integrity of the entity’s financial or other data.

4.1.30 The ANAO recommend that DAFF:

• review the process for user access termination to ensure that terminations are processed in a more timely manner; and
• to design a process that would allow DAFF to ‘look back’ on user activity which occurred post termination to confirm appropriateness.

4.1.31 DAFF agreed with this finding and has commenced addressing the recommendations made by the ANAO. The ANAO will focus on the action taken by DAFF in response to this finding in the 2023–24 audit.

4.2 Attorney-General’s portfolio

Portfolio overview

4.2.1 The Attorney-General’s portfolio is responsible for: legal services; national security and criminal law; integrity and anti-corruption matters; the Commonwealth justice system including courts, tribunals, justice policy and legal assistance; regulation and reform; protecting and promoting human rights; and support for Commonwealth royal commissions.

4.2.2 Table 4.2.1 identifies material and other entities specifically mentioned in this section.

Table 4.2.1: Attorney-General’s portfolio material and other entities discussed in this section

4.2.3 Figure 4.2.1 shows the Attorney-General’s portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹²⁴

Figure 4.2.1:  Attorney-General’s portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.2.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.2.2 provides a summary of those audit differences that relate to entities within the Attorney-General’s portfolio.

Table 4.2.2: The number of audit differences for entities in the Attorney-General’s portfolio

Note a: The adjustments include adjustments identified in the period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Attorney-General’s portfolio.

4.2.5 The following section provides a summary of the 2022–23 financial statements audit results for the Attorney-General’s Department, and findings for other material entities in the portfolio.

Attorney-General’s Department

4.2.6 The Attorney-General’s Department (AGD) supports the Attorney-General through the provision of expert advice and services on a range of law, justice, integrity and national security issues.

4.2.7 On 1 July 2022, Administrative Arrangements Orders took effect which included changes to the responsibilities of AGD. Industrial relations transferred from AGD to the Department of Employment and Workplace Relations (DEWR). In addition, the following functions were transferred to AGD:

• national security and cybercrime from the Department of Home Affairs;
• national child sexual abuse policy and strategy from the Department of the Prime Minister and Cabinet; and
• copyright from the Department of Infrastructure, Transport, Regional Development, Communications and the Arts.

Summary of financial performance

4.2.8 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by AGD (as outlined in Table 4.2.3 and Table 4.2.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.2.3: Key departmental financial statements items

Source: AGD’s audited financial statements for the year ended 30 June 2023.

4.2.9 The increase in net cost of services was partly due to higher employee benefit expenses because of increased staffing levels, staff movements between salary increments, and related superannuation expenses.

4.2.10 Revenue from government increased in 2022–23 due to additional funding received in June 2023 for new measures, including Institutional Reform to Australia’s System of Federal Administrative Review.

4.2.11 The decrease in total assets is predominantly from depreciation expenses on right-of-use assets and machinery of government transfers to DEWR.

Table 4.2.4: Key administered financial statements items

Source: AGD’s audited financial statements for the year ended 30 June 2023.

4.2.12 The decrease in total expenses, total income, total assets and total liabilities is a result of MoG transfers as described in paragraph 4.2.7.

Key areas of financial risk

4.2.13 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of AGD’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.2.5.

Table 4.2.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and AGD’s audited financial statements for the year ended 30 June 2023.

4.2.14 Auditor-General Report No. 22 2022–23 Implementation of Parliamentary Committee and Auditor-General Recommendations — Attorney-General’s Portfolio was tabled during 2022–23 and is relevant to the administration of AGD.

4.2.15 While the report did not include recommendations regarding risks to AGD’s financial administration as it relates to the financial statements, the observations were considered in designing audit procedures for the financial statements audit.

Audit results

4.2.16 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.2.6: Status of audit findings

Source: ANAO 2022–23 audit results.

4.2.17 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that AGD’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Monitoring of privileged FMIS access

4.2.18 The ANAO identified weaknesses with the monitoring of authorised privileged user access within AGD’s Financial Management Information System (FMIS). Inadequate monitoring of privileged user access increases the likelihood that inappropriate activity will not be detected.

4.2.19 Consistent with the ANAO’s recommendation, AGD has advised that the monitoring of privileged user access will be reviewed and strengthened, evidence of monitoring will be retained, and policies, plans and procedures specifying the requirements for the access reviews will be developed. The ANAO will review the updated processes implemented by AGD during the 2023–24 audit.

Resolved moderate audit finding

User access removal

4.2.20 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.2.21 During the 2021–22 audit the ANAO identified weaknesses in the process for the removal of user access when employees or contractors separated from AGD. In some instances, access was retained for up to 13 days. User accounts should be removed on the date of separation as there is no longer a business requirement for access after this date.

4.2.22 AGD has reviewed the adequacy of the current processes for removal of user access and controls have been strengthened to ensure that the access is removed in a timely manner. AGD has also implemented a weekly detective control to identify any instances of users who have accessed systems after their cessation date.

4.2.23 The ANAO has reviewed and tested the design and operating effectiveness of the processes AGD has implemented. As a result, this finding has been resolved.

Australian Federal Police

4.2.24 The Australian Federal Police (AFP) is responsible for the provision of police services in relation to laws of the Commonwealth, the provision of policing services to the Australian Capital Territory and external territories, combatting transnational serious organised crime and terrorism, disrupting crime offshore, supporting regional security, and protecting Australian interests and assets.

Summary of financial performance

4.2.25 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by the AFP (as outlined in Table 4.2.7 and Table 4.2.8) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.2.7: Key departmental financial statements items

Source: AFP’s audited financial statements for the year ended 30 June 2023.

4.2.26 The net cost of services increased by $124.8 million mainly attributable to:

• increased employee due to a planned increase of over 200 employees during 2022–23;
• additional travel costs due to the resumption of additional travel following the COVID-19 pandemic; and
• higher depreciation and amortisation expenses due to the increase in total non-financial assets (refer to paragraph 4.2.28).

4.2.27 Total comprehensive income increased by $62.5 million due to a revaluation of land and buildings and property, plant and equipment which resulted in an increment of $60.5 million being recognised in comprehensive income.

4.2.28 Total assets increased by $315.9 million due to entering into a new lease for property in Melbourne for the Southern Command Headquarters.

4.2.29 Total liabilities increased by $315.4 million primarily due to the right-of-use asset created in the lease created for the Southern Command Headquarters.

Table 4.2.8: Key administered financial statements items

Source: AFP’s audited financial statements for the year ended 30 June 2023.

4.2.30 Movements in the AFP’s administered balances reflect normal business activities.

Key areas of financial risk

4.2.31 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of AFP’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.2.9.

Table 4.2.9: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and AFP’s audited financial statements for the year ended 30 June 2023.

4.2.32 Auditor-General Report No. 9 2022–23 Management of Cyber Security Supply Chain Risks was tabled during 2022–23 and is relevant to the financial management or administration of the AFP.

4.2.33 The observations of this report were considered in designing audit procedures to address areas considered to pose a lower of material misstatement. No significant changes were made to the designed audit procedures for the financial statements audit.

Audit results

4.2.34 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

High Court of Australia

4.2.35 The High Court of Australia (the Court) is responsible for interpreting and applying the law of Australia; and deciding on cases of special federal significance, including challenges to the constitutional validity of laws and hearing appeals, by special leave, from federal, state and territory courts.

Summary of financial performance

4.2.36 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by the Court (as outlined in Table 4.2.10 and Table 4.2.11) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.2.10: Key departmental financial statements items

Source: The Court’s audited financial statements for the year ended 30 June 2023.

4.2.37 The increase in other comprehensive income and total assets was the result of the annual valuation of the Court’s building, to reflect increased construction costs.

Table 4.2.11: Key administered financial statements items

Source: The Court’s audited financial statements for the year ended 30 June 2023.

4.2.38 The Court’s administered income relates to its filing and hearing fees. The decrease in administered income is due to lower volumes of filings and hearings in 2022–23.

Key areas of financial risk

4.2.39 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the Court’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.2.12.

Table 4.2.12: Key area of financial statements risk

Source: ANAO 2022–23 audit results, and the Court’s audited financial statements for the year ended 30 June 2023.

Audit results

4.2.40 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Administrative Appeals Tribunal

4.2.41 The Administrative Appeals Tribunal (AAT) conducts independent merits review of administrative decisions made by Australian Government ministers, departments and agencies and, in limited circumstances, state and territory government and non-government bodies.

Audit results

4.2.42 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.2.13: Status of audit findings

Source: ANAO 2022–23 audit results.

4.2.43 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that AAT’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Lease management

4.2.44 During the 2021–22 financial statements audit, the ANAO identified weaknesses in the review and quality assurance processes in place over lease calculations provided to the AAT by a third-party provider. An error in calculations relating to a lease modification resulted in an understatement of lease related balances.

4.2.45 In line with ANAO’s recommendation, the AAT implemented processes to ensure information used for reporting purposes is complete and accurate. The ANAO has reviewed the quality assurance processes put in place by AAT during the 2022–23 financial year and is satisfied that the weaknesses identified in the prior year have been addressed.

4.3 Climate Change, Energy, the Environment and Water portfolio

Portfolio overview

4.3.1 The Climate Change, Energy, the Environment and Water portfolio is responsible for advising the government and implementing programs on: climate change; energy supply efficiency, quality, performance and productivity; the environment, biodiversity; parks and heritage; meteorological services; water resources; and Australia’s interests in the Antarctic and Southern Ocean. Table 4.3.1 identifies material and other entities specifically mentioned in this section.

4.3.2 Figure 4.3.1 shows the Climate Change, Energy, the Environment and Water portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹²⁵

Figure 4.3.1:  Climate Change, Energy, the Environment and Water portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.3.3 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.3.2 provides a summary of those audit differences that relate to entities within the Climate Change, Energy, the Environment and Water portfolio.

Table 4.3.2: The number of audit differences for entities in the Climate Change, Energy, the Environment and Water portfolio

Note a: The adjustments include adjustments identified in period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Climate Change, Energy, the Environment and Water portfolio.

4.3.4 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Climate Change, Energy, the Environment and Water, and findings for other material entities and non-material entities in the portfolio.

Department of Climate Change, Energy, the Environment and Water

4.3.5 The Department of Climate Change, Energy, the Environment and Water (DCCEEW) is responsible for developing and implementing policies and initiatives across climate change, energy the environment, heritage and water.

4.3.6 On 1 July 2022, an Administrative Arrangements Order took effect which created DCCEEW. DCCEEW received the following functions:

• the water and environment functions from the former Department of Agriculture, Water and the Environment (DAWE);
• the energy and climate change functions from the former Department of Industry, Science, Energy and Resources and the Department of Foreign Affairs and Trade; and
• water infrastructure function from the former Department of Infrastructure, Transport, Regional Development and Communications.

4.3.7 The Administrative Arrangements Order which took effect on 14 October 2022 added Carbon capture utilisation and storage policies and programs to the matters dealt with by DCCEEW.

Summary of financial performance

4.3.8 DCCEEW was established on 1 July 2022 and therefore no comparative financial information is available. The following section provides an overview of the 2022–23 departmental and administered key financial statements items reported by DCCEEW (as outlined in Table 4.3.3 and Table 4.3.4) and includes commentary on significant items which comprise the balances.

Table 4.3.3: Key departmental financial statements items

Source: DCCEEW’s audited financial statements for the year ended 30 June 2023.

4.3.9 The deficit attributable to the Australian Government of $131.4 million was mainly due to additional employee costs for further staff recruitment and additional supplier costs relating to hydrogen funding agreements and contributions to international organisations.

4.3.10 Total comprehensive income relates mainly to the revaluation of the research vessel RSV Nuyina and changes in the value of the Antarctic restoration provisions (refer to paragraph 1414.3.12).

4.3.11 Total assets comprised mainly of:

• non-financial assets (including intangibles, buildings, heritage and cultural, vessels and plant and equipment) of $1.3 billion. The balance of non-financial assets transferred to DCCEEW following machinery of government (MoG) changes was $1.3 billion. These assets mainly comprise the infrastructure and equipment which supports the Australia Antarctic Division; and
• trade and other receivables of $239.7 million.

4.3.12 Total liabilities comprised mainly of:

• provisions, particularly for Antarctic solid waste disposal sites and Antarctic regions restoration, of $463.9 million. The balance of provisions following MoG changes was $462.3 million; and
• lease liabilities for corporate premises and plant and equipment of $204.3 million.

Table 4.3.4: Key administered financial statements items

Source: DCCEEW’s audited financial statements for the year ended 30 June 2023.

4.3.13 Total expenses comprised mainly of:

• grants expenses of $538.3 million; and
• payments to corporate Commonwealth entities of $544.5 million; and
• supplier expenses of $265.5 million.¹²⁶

4.3.14 The total other comprehensive loss of $769.8 million is mainly due to the revaluation of administered investments (particularly Snowy Hydro Limited).

4.3.15 Total income comprised mainly of:

• water entitlements received free of charge by DCCEEW of $64.0 million, to which DCCEEW became entitled to as part of the Water Efficiency program;
• dividends from Snowy Hydro Limited of $84.3 million; and
• fees from regulatory services of $22.0 million.

4.3.16 Total assets comprised mainly of:

• administered investments of $16.9 billion. The balance of investments transferred to DCCEEW following MoG changes was $16.5 billion.
• water entitlement assets, held by DCCEEW or arising from joint ventures in the Murray Darling Basin of $4.1 billion; and
• cash held in special accounts of $18.6 billion. The balance of cash transferred for these accounts to DCCEEW following MoG changes was $6.7 billion. The increase is due to the injection of $11.5 billion into the Clean Energy Finance Corporation Special Account to fund the ‘Rewiring the Nation’ program planned investments.

Key areas of financial risk

4.3.17 In light of the key areas of risk and the ANAO’s understanding of the operations of DCCEEW, the ANAO has assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high. This risk rating reflects the nature of the maturing system of internal control supporting financial management and the complexity of the preparation of the financial statements following the establishment of DCCEEW on 1 July 2022.

4.3.18 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DCCEEW’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.3.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.3.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DCCEEW’s audited financial statements for the year ended 30 June 2023.

Audit results

4.3.19 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.3.6: Status of audit findings

Note a: The moderate audit finding relating to FMIS Privileged user access management was first reported to the former Department of Agriculture, Water and the Environment as part of the 2021–22 financial statements audit. DAFF transferred the administrative responsibility for the SAP Financial Management Information System (FMIS) to DCCEEW in February 2023. Prior to February 2023 DAFF was responsible for the FMIS. The finding was not resolved by DAFF and the audit finding was transferred to DCCEEW.

Source: ANAO 2022–23 audit results.

4.3.20 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that DCCEEW’s 2022–23 financial statements were not materially misstated.

Unresolved moderate audit findings

SAP FMIS privileged user management

4.3.21 This finding was first reported to the former DAWE as part of the ANAO’s audit of the DAWE’s 2021–22 financial statements. During the 2021–22 audit of DAWE’s financial statements, the ANAO identified weaknesses in the effectiveness of monitoring of privileged user activities within the FMIS.

4.3.22 The ANAO identified that audit logs of privileged user activities were not regularly reviewed and that reviews confirming the currency of user access had not been regularly completed. Failure to undertake these reviews increases the risk of erroneous or unauthorised changes to IT systems will not be identified and addressed. The ANAO recommended that DAWE recommence these reviews.

4.3.23 During the 2022–23 interim audit the ANAO identified that reviews of privileged user activities had not been undertaken by DAFF for the period October 2022 to January 2023, or by DCCEEW after February 2023. During this period, reviews confirming the currency of user access were also not fully completed. The ANAO recommended that DCCEEW finalise the outstanding reviews of privileged user activities and embed a formal process that supports the review being performed in a timely manner.

4.3.24 In July 2023 DCCEEW finalised the outstanding reviews of privileged user activities, however, the reviews were not timely. As a result, this finding remains unresolved. The ANAO will focus on DCCEEW’s action taken to resolve this finding as part of the 2023–24 audit.

SAP FMIS user access provisioning and removal of user access

4.3.25 The provisioning and removal of access to the FMIS relies on a mix of automated and manual controls that are supported by information provided by DCCEEW’s IT shared service provider DAFF. Prior to February 2023 the SAP FMIS was administered by DAFF. The effective operation of these controls would ensure that users only have access to functions and transactions within the FMIS that are appropriate to their role. User accounts should be removed or updated when there is no longer a business requirement for access after this date.

4.3.26 During the 2022–23 interim audit the ANAO identified instances where user access was not removed in a timely manner following a user’s termination and where users had access to functions and roles within the SAP FMIS that were not relevant to their position. The ANAO recommended that DCCEEW develop risk-based monitoring controls to confirm user access and role assignments are appropriate and that user access is removed in a timely manner.

4.3.27 During the 2022–23 final audit, the ANAO identified further instances where users’ access was not removed from the FMIS in a timely manner. As a result, this finding remains unresolved. The ANAO will focus on DCCEEW’s action taken to resolve this finding as part of the 2023–24 audit.

Bureau of Meteorology

4.3.28 The Bureau of Meteorology (the Bureau) is responsible for gathering weather, water and atmospheric observations to provide forecasts, warnings and long-term weather and climatic outlooks.

4.3.29 In light of the key areas of financial statements risk and the identification of material prior period errors impacting the 2021–22 financial statements (refer to paragraph 4.3.42) the ANAO increased the overall risk of material misstatement in the financial statements audit from low to moderate in 2022–23.

Summary of financial performance

4.3.30 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by the Bureau (as outlined in Table 4.3.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.3.7: Key financial statements items

Note a: The prior period financial statements were restated with respect to: non-financial assets, contract liabilities, accrued revenue and lease liabilities due to the identification of prior period errors (refer to paragraph 4.3.42).

Source: The Bureau’s audited financial statements for the year ended 30 June 2023.

4.3.31 Revenue from Government increased due to additional funding from the Australian Government for programs, including further support for meteorological services for aviation.

4.3.32 The increase in the net cost of services of $81.1 million is due mainly to:

• an increase in write down and impairment of assets expenses of $30.0 million following the Bureau’s stocktake process and a review of the Bureau’s assets under construction; and
• an increase in supplier expenses of $51.3 million were predominantly due to an increase in external service provider costs for the delivery of certain projects and programs managed by the Bureau.

4.3.33 The increase in total assets of $137.7 million is predominantly attributable to increases in:

• plant and equipment and buildings of $53.0 million mainly reflecting the purchase of plant and equipment, the recognition of right-of-use assets and the impact of a comprehensive asset revaluation undertaken during 2022–23. The valuation increment was due to increases in estimated costs of construction, development and replacement technology; and
• computer software of $76.6 million mainly reflecting the purchase and development of software to support the Bureau’s operations.

4.3.34 The change in total other comprehensive income is due to the impact of a comprehensive revaluation of non-financial assets undertaken in 2022–23 (refer to paragraph 4.3.33).

Key areas of financial risk

4.3.35 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the IT general and application controls for key systems that support the preparation of the Bureau’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.3.8.

Table 4.3.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and the Bureau’s audited financial statements for the year ended 30 June 2023.

Audit results

4.3.36 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.3.9: Status of audit findings

Source: ANAO 2022–23 audit results.

4.3.37 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Bureau’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Record keeping

4.3.38 Section 41 of the Public Governance Performance and Accountability Act 2013 (PGPA Act) requires that ‘the accountable authority of a Commonwealth entity must cause accounts and records to be kept that properly record and explain the entity’s transactions and financial position’.

4.3.39 During 2022–23 a number of prior period errors were identified in relation to the measurement of property, plant, equipment and intangibles; leases; and revenue. One of the contributing causes for these errors was gaps in records supporting the recognition and measurement of these balances in prior periods. Additionally, the ANAO identified:

• that the Bureau does not have a policy on the retention of records supporting the financial statement; and
• inconsistent record management practices.

4.3.40 The ANAO recommended that the Bureau conduct a stocktake and assessment of the requirements for records supporting the financial statements, establish a policy on retention of these records and provide instructions and support to officials to meet these requirements. The Bureau agreed with these recommendations.

4.3.41 The ANAO will consider the implementation of the record keeping policy and revised controls by the Bureau as part of the 2023–24 financial statements audit.

Emphasis of matter

4.3.42 The auditor’s report for the Bureau’s 2022–23 financial statements included an emphasis of matter paragraph to draw the attention of users to the Overview note of the financial statements which describes the Bureau’s correction of prior period errors. These errors related to the incorrect recognition and measurement of property, plant, equipment and intangibles; leases; and revenue in the prior year. The auditor’s report was not modified in respect of this matter.

4.3.43 The net impact of the errors to each financial statement line item was to reduce the total equity for the period ending 30 June 2022 by $46.1 million. Further information on the nature of the errors identified is available in Overview note to the Bureau’s 2022–23 financial statements.

Clean Energy Finance Corporation

4.3.44 The Clean Energy Finance Corporation (CEFC) is responsible for facilitating increased flows of finance into the clean energy sector and facilitating the achievement of Australia’s greenhouse gas emissions reduction targets.

Summary of financial performance

4.3.45 The following section provides a comparison of the 2021–22 and 2022–23 key departmental financial statements items reported by CEFC (as outlined in Table 4.3.10) and includes commentary regarding significant movements between years.

Table 4.3.10: Key financial statements items

Source: CEFC’s audited financial statements for the year ended 30 June 2023.

4.3.46 The decrease in the net contribution by services and surplus is mainly as result of offsetting factors.

• A decrease of $36.6 million in net gains on the fair value of financial instruments (compared with performance in 2021–22) due to changes in industry specific economic factors and investment performance. Fair value gains recognised related mainly to investments in the agriculture and investment sectors, with fair value losses mainly arising for investments in the property sector and for CEFC’s early stage investments.
• An increase of $31.3 million in interest and loan fee revenue, mainly reflecting increases in prevailing market interest rates.
• A decrease of $10.8 million in distributions from trusts and equity investments, mainly reflecting a lower level of gains being realised due to changes in industry specific economic factors and investment performance.
• An increase in supplier and employee expenses of $8.5 million reflecting additional resourcing required by CEFC to establish the ‘Rewiring the Nation’ fund (refer to paragraph 4.3.47).

4.3.47 Revenue from government increased due to funding received by CEFC for the establishment of the ‘Powering Australia Technology Fund’ and ‘Rewiring the Nation’ initiatives.

4.3.48 The decrease in total assets of $317.8 million is primarily due to the following:

• a decrease in the balance of loans and advances by $606.3 million, reflecting earlier than expected repayment by borrowers who were able to refinance their loan facilities with other lenders;
• an increase of $194.9 million in the value of investments in equities and unit trusts of, due to additional investments made during the period and the cumulative impact of fair value increases of existing investments (refer to paragraph 4.3.46); and
• an increase of $67.1 million in other debt securities primarily related to deployment into new bonds to support small to medium enterprise loan aggregation programs.

4.3.49 The decrease in total equity of $318.5 million is due mainly to a $500.0 million return of equity made by the CEFC to the CEFC Special Account.

4.3.50 All other movements were as a result of normal fluctuations in operating conditions.

Key areas of financial risk

4.3.51 The ANAO completed appropriate audit procedures on all material items. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.3.11.

Table 4.3.11: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and CEFC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.3.52 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Clean Energy Regulator

4.3.53 The Clean Energy Regulator (CER) is established by the Clean Energy Regulator Act 2011. The CER is responsible for the administration of market based mechanisms that incentivise reduction in greenhouse gas emissions and the promotion of additional renewable electricity generation. In achieving these objectives the CER is responsible for the administration of the Emissions Reduction Fund and the programs and regulation supporting the Renewable Energy Target.

Summary of financial performance

4.3.54 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by CER (as outlined in Table 4.3.12 and Table 4.3.13) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.3.12: Key departmental financial statements items

Source: CER’s audited financial statements for the year ended 30 June 2023.

4.3.55 The increase in the net cost of services and revenue from government related to additional expenditure on supplier and employee expenses to deliver CER’s streamlining initiatives, including investment in additional IT platforms.

Table 4.3.13: Key administered financial statements items

Source: CER’s audited financial statements for the year ended 30 June 2023.

4.3.56 The $59.6 million decrease in expenses largely related to a reduction in the purchase of Australian Carbon Credit Units (ACCUs) in the ACCU scheme in 2022–23, due to:

• the fixed delivery contract exit program. From March 2022 contracted parties, with the consent of CER, can buy out their obligation to render ACCUs for purchase by the CER under fixed delivery contracts for a fee (fee is equivalent to the value of the milestone in the contract); and
• a continued transition towards optional delivery contracts in the ACCU scheme. Optional delivery contracts provide the contract holder a right but not an obligation to sell ACCUs to CER. Earlier ACCU scheme contracts mainly comprised fixed delivery contracts obligating the sale of ACCUs to CER.

4.3.57 The increase in total revenue of $50.5 million relates mainly to the increased collection of ACCU scheme exit fees (refer to paragraph 4.3.56).

4.3.58 The increase in total assets of $105.0 million relates mainly to the balance of cash and cash equivalents held in Small Scale Technology Certificate Clearing House Special Account administered by CER. During the period there was an increase in small scale technology certificate¹²⁷ purchases by market participants to meet their legislative requirements (deposits in the special account) which were not fully met through sales of certificates from the market.¹²⁸

4.3.59 The increase in liabilities of $78.4 million is due mainly to the increase in the liability for the funds held on behalf of market participants in the Small Scale Technology Certificate Clearing House Special Account (refer to paragraph 4.3.57).

Key areas of financial risk

4.3.60 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of CER’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.3.14.

Table 4.3.14: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and CER’s audited financial statements for the year ended 30 June 2023.

Audit results

4.3.61 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.3.15: Status of audit findings

Source: ANAO 2022–23 audit results.

4.3.62 For the audit finding listed below, the ANAO undertook additional audit procedures to gain assurance that CER’s 2022–23 financial statements were not materially misstated.

Unresolved moderate audit finding

Privileged and other user access

4.3.63 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.3.64 During the 2021–22 audit the ANAO identified that there were limited policies, procedures or risk assessments that specified the extent to which activities of privileged users should be monitored across the impacted systems. Further, where CER had a specific policy to undertake monitoring of privileged user and other user access that these had not been performed. The ANAO recommended that CER undertake a review of all privileged user access logs and undertake a risk assessment informing policies and procedures which would regularise these reviews.

4.3.65 During 2022–23 CER commenced the implementation of revised controls to address the weaknesses identified by the ANAO. However, the ANAO’s review of these controls indicated that they were not yet fully mature or operating effectively. The ANAO will review CER’s progress in addressing this finding as part of the 2023–24 financial statements audit.

Snowy Hydro Limited

4.3.66 Snowy Hydro Limited (Snowy Hydro) is a government business enterprise responsible for energy generation activities to supply the National Electricity Market as well as operating as a retail energy provider.

Summary of financial performance

4.3.67 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Snowy Hydro (as outlined in Table 4.3.16) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.3.16:  Key financial statements items

Source: Snowy Hydro’s audited financial statements for the year ended 30 June 2023.

4.3.68 Total revenue increased by $581.6 million, mainly due to growth in customer numbers, an increase in electricity and gas prices during the year and favourable energy price fluctuations on derivative instruments.

4.3.69 The increase in total expenses is largely due to the higher direct costs of supply of electricity to the National Electricity Market and sales to retail customers.

4.3.70 Total comprehensive income decreased due to the impact of fluctuating market changes on foreign currency exchange and interest rate hedges recorded through other comprehensive income. There was increased volatility in the prior year, which led to a higher other comprehensive income result compared to 2022–23.

4.3.71 The increase in total assets is primarily due to $2.1 billion of assets under construction costs capitalised during the year. These costs predominantly relate to the Snowy 2.0 and Hunter Power projects. This increase was partially offset by a $843.2 million reduction in other financial assets as a result of the revaluation of financial assets and a $149.9 million reduction in trade and other receivables. The reduction was a result of the market returning to electricity generation activity consistent with historical conditions for June 2023 following a large increase in electricity generation and associated receivables in June 2022.

4.3.72 Total liabilities have decreased mainly due to market movements on derivative instruments held and the repayment of some interest bearing liabilities during the year.

Key areas of financial risk

4.3.73 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Snowy Hydro’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.3.17 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.3.17: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Snowy Hydro’s audited financial statements for the year ended 30 June 2023.

Audit results

4.3.74 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Great Barrier Reef Marine Park Authority

4.3.75 The Great Barrier Reef Marine Park Authority (the Authority) provides world-leading marine park management to protect reef habitats, strengthen reef resilience, and reduce cumulative impacts in a changing climate. The Authority is structed to meet the following outcome: The long-term protection, ecologically sustainable use, understanding and enjoyment of the Great Barrier Reef for all Australians and the international community, through the care and development of the Marine Park.

Audit results

4.3.76 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.3.18: Status of audit findings

Source: ANAO 2022–23 audit results.

4.3.77 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Authority’s financial statements were not materially misstated.

New moderate audit finding

Privileged access to the FMIS

4.3.78 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others. During the 2022–23 audit of IT controls supporting the in the Financial Management Information System (FMIS) the ANAO identified:

• privileged user access was provided to some employees in excess of the required business requirements; and
• there were weaknesses in the design and operating effectiveness of controls supporting privileged access. There were limited policies, procedures or risk assessments that specified the extent to which activities of privileged users should be monitored in the FMIS.

4.3.79 The ANAO recommended that the Authority: review privileged access to the FMIS and remove access no longer required; and review of all privileged user access logs and develop a policy and procedure which would regularise these reviews.

4.3.80 The ANAO will confirm the implementation and effective operation of the and regularised process for monitoring privileged user access as part of the 2023–24 financial statements audit.

4.4 Defence portfolio

Portfolio overview

4.4.1 The Defence portfolio includes a number of entities that together are responsible for the defence of Australia and its national interests. The principal entities within the portfolio are the Department of Defence (Defence), the Department of Veterans’ Affairs (DVA), the Australian Signals Directorate, and Defence Housing Australia. DVA and its associated bodies, including the Australian War Memorial (AWM), are administered separately to Defence. DVA is the primary service delivery entity with the responsibility for implementing programs to assist the veteran and ex-service communities, including repatriation, rehabilitation and compensation, and war graves.

4.4.2 Table 4.4.1 identifies material and other entities specifically mentioned in this section.

4.4.3 Figure 4.4.1 shows the Defence portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹²⁹

Figure 4.4.1:  Defence portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.4.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.4.2 provides a summary of those audit differences that relate to entities within the Defence portfolio.

Table 4.4.2: The number of audit differences for entities in the Defence portfolio

Note a: The adjustments include adjustments identified in period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Defence portfolio.

4.4.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Defence, and findings for other material entities and non-material entities in the portfolio.

Department of Defence

4.4.6 The Department of Defence (Defence) is responsible for protecting and advancing Australia’s strategic interests through the promotion of security and stability, the provision of military capabilities to defend Australia and its national interests, and the provision of support for the Australian community and civilian authorities as directed by the Australian Government.

Summary of financial performance

4.4.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Defence (as outlined in Table 4.4.3 and Table 4.4.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.4.3: Key departmental financial statements items

Source: Defence’s audited financial statements for the year ended 30 June 2023.

4.4.8 Net cost of services has increased primarily due to increases in supplier expenses and depreciation expenses. Supplier expenses are higher due to greater inventory consumption, higher contractor and project management costs, and higher sustainment costs associated with Defence’s specialist military equipment. Depreciation expenses have increased in line with the growth in Defence’s asset base. This has been partially offset by a reduction in the write-down and impairment of assets.

4.4.9 The net cost of services has also been offset by an increase in departmental revenue associated with the reclassification of Defence’s special account balance from administered to departmental as at 1 July 2022.

4.4.10 Total other comprehensive income reflects the movement in the asset revaluation reserve as a result of asset valuations. The movement in the valuation during the financial year was lower than the previous year.

4.4.11 Total assets have increased primarily due to purchases of specialist military equipment, investment in Defence’s on-base infrastructure, an increase in inventory holdings, and advance payments made in relation to assets purchased from foreign governments.

4.4.12 Total liabilities have increased primarily due to higher supplier payables. This increase is consistent with the increase observed in supplier expenses discussed above.

Table 4.4.4: Key administered financial statements items

Source: Defence’s audited financial statements for the year ended 30 June 2023.

4.4.13 Total expenses relate to employee contributions into Defence’s defined benefit schemes. The decrease primarily relates to a reduction in the net service cost related to administering the defined benefit schemes.

4.4.14 Total income has reduced as a result of the reclassification of Defence’s special account balance from administered to departmental as at 1 July 2022.

4.4.15 Total other comprehensive income reflects the movement in the actuarial valuation of the employee provision related to Defence’s defined benefit schemes. The prior year decrease was significant due to the increase in the long-term government bond rate. The increase in the long-term government bond rate was smaller in 2022–23 when compared with the prior year and has resulted in a smaller overall movement.

4.4.16 Total liabilities have decreased as a result of the increase in the government bond rate which is used to value the administered employee provision. The employee provision reflects the fair value of future payments expected to be made to current and former Defence personnel in relation to Defence’s defined benefit schemes.

Key areas of financial risk

4.4.17 In light of the key areas of risk and the ANAO’s understanding of the operations of Defence, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.4.18 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Defence’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.4.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.4.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Defence’s audited financial statements for the year ended 30 June 2023.

4.4.19 The following performance audit reports were tabled during 2022–23 relevant to the financial management or administration of Defence:

• Auditor-General Report No. 7 2022–23 Defence’s Administration of the Integrated Investment Program
• Auditor-General Report No. 21 2022–23 Department of Defence’s Procurement of Hunter Class Frigates
• Auditor-General Report No. 24 2022–23 Defence’s Management of the Delivery of Health Services to the Australian Defence Force
• Auditor-General Report No. 33 2022–23 Department of Defence’s Management of General Stores Inventory
• Auditor-General Report No. 45 2022–23 Australia’s Provision of Military Assistance to the Ukraine

4.4.20 While the reports did not include recommendations regarding risks to Defence’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures to address areas considered to pose a higher risk of material misstatement. No significant changes were made to the designed audit procedures for the financial statements audit.

Audit results

4.4.21 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.4.6: Status of audit findings

Note a: this finding was reported as a moderate audit finding at the conclusion of the 2022–23 interim audit phase (and as reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities). During the final phase of the 2022–23 audit this finding has been upgraded to a significant audit finding.

Source: ANAO 2022–23 audit results.

4.4.22 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Defence’s 2022–23 financial statements were not materially misstated.

New significant audit finding

Removal of user access - Defence personnel and contractors

4.4.23 The Protective Security Policy Framework (PSPF) helps Australian Government entities to protect their people, information and assets. The PSPF sets out government protective security policy in terms of: security governance; information security; personnel security; and physical security. PSPF Policy 9 Access to information and PSPF Policy 14 Separating personnel outline security measures to control access to Australian Government information and mitigate risks associated with departing personnel. PSPF Policy 9 requires entities to control access to supporting ICT systems and applications and ensure access to sensitive information is only provided to people on a need-to-know basis. PSPF Policy 14 requires personnel’s access to be removed upon separation or transfer from the entity. Inadequate security measures for timely removal of access from former personnel increase the risk of unauthorised access to sensitive information.

4.4.24 Removing or suspending access to Information and Communication Technology (ICT) systems, applications and data repositories prevents access when there is no longer a legitimate business requirement for their use. System access is removed when personnel change duties or leave an organisation, or on termination of a contractor arrangement. The Australian Government’s Information Security Manual (ISM) requires entities to remove or suspend access on the same day personnel (including contractors) no longer have a legitimate business requirement for the access.

4.4.25 The ANAO performed an analysis of users’ access to financial significant ICT systems, as well as the broader Defence Network to confirm whether user accounts remained active subsequent to the employee or contractor departing from Defence.

4.4.26 The ANAO identified 1,451 users whose access to the Defence Network was not removed in accordance with Information Security Manual (ISM) requirements. Testing also identified almost 2,000 instances where former employees and/or contractors had logged into and accessed data from Defence systems¹³⁰.

4.4.27 The ANAO also identified that a number of terminated employees continued to receive salary payments, in one case, for more than two months after termination.

4.4.28 In relation to the financial management information system, ROMAN, 215 users retained system access post termination. Defence has confirmed that personnel and contractors who did access the system post termination did not undertake any high-risk transactions that would impact the financial statements.

4.4.29 A number of Defence’s inventory management systems did not retain data logs for the full financial period and the ANAO was unable to assess whether employees and/or contractors retained access post termination, or whether data was accessed post termination.

4.4.30 The ANAO also identified that Defence does not have effective controls in place for removing access to the financial management information system when personnel or contractors remain within the department, but their duties change.

4.4.31 Issues concerning user access have previously been reported by Defence’s Internal Audit Branch. The internal audit concluded that “Defence does not have sufficient controls in place to prevent, detect and mitigate the risk that staff and/or contractors leaving Defence inappropriately use Defence systems. There are different processes in place across Defence for ADF, APS and contractors, with the audit finding that the processes for the removal of systems access are ineffective, increasing the opportunity for theft of information.”

4.4.32 Auditor-General Report No. 43 2021–22 Effectiveness of the Management of Contractors concluded that Defence’s arrangements for the management of contractors was partially fit-for-purpose. The report recommended that Defence establish arrangements to better support compliance with PSPF Policy 14: Separating personnel, as well as monitor the effectiveness of arrangements to obtain assurance that PSPF Policy 14 is being met.

4.4.33 The absence of effective of controls over the removal or monitoring of user access post termination increases the risk of inappropriate activity occurring in systems that have significant and sensitive data holdings. Inappropriate access can result in data integrity issues, as well as access to sensitive information.

4.4.34 There is a significant fraud and reputational risk exposure to Defence as a result of the above system access weaknesses. These risks relate to terminated employees as well as contractors.

4.4.35 The ANAO recommended that:

• implement processes to ensure the timely removal of employee and contractor system access;
• implement system changes to capture and record system access and activities completed by users for an appropriate period of time; and
• implement detective controls to identify instances where user access is not removed in a timely manner and monitoring controls to assess activities performed by those users after termination.

4.4.36 Defence has agreed with the recommendations made by the ANAO and has presented a remediation plan to address the issues as a matter of priority.

Unresolved moderate audit finding

Weaknesses around the disposal of assets and inventory

4.4.37 During 2018–19, Defence was unable to provide appropriate documentation in a timely manner in relation to the disposal of buildings. Between 2019–20 and 2022–23, the ANAO continued to identify asset disposals occurring in the IT system significantly after the physical disposal of the asset. Instances were also identified where there was a planned disposal, but the disposal directive was not signed until after the physical disposal had occurred.

4.4.38 Defence has advised that work has been undertaken to address this audit finding, and a range of new controls have been implemented to improve the timeliness of asset disposals.

4.4.39 In addition, an assurance activity was undertaken during 2022–23 which reviewed 12,000 assets and identified 58 assets, totalling $17.5 million, that have subsequently been removed from the asset register. Defence has advised that final remediation activities are expected to be completed during the 2023–24 financial year.

4.4.40 The ANAO will assess Defence’s progress in addressing the weaknesses as part of the 2023–24 audit.

Resolved moderate audit findings

Valuation of SME using the cost attribution model

4.4.41 In 2020–21, the ANAO reported a significant audit finding in relation to weaknesses around the cost attribution model used to capture and allocate costs to components of asset under construction projects. The weaknesses included:

• limited policies and procedures outlining the approach to developing, maintaining, and recording transactions against the cost attribution model;
• the use of excel spreadsheets to record the cost attribution model transactions, which have no evidenced controls or protection to prevent the accidental editing or deletion of data; and
• limited quality assurance mechanisms that could be relied upon to provide assurance over the asset allocations derived from the cost attribution models.

4.4.42 In 2021–22, this finding was downgraded to a moderate audit finding in recognition of the progress made by Defence in remediating weaknesses in the process. Defence has updated its internal policies to include a requirement for compliance activities to be performed annually over asset under construction projects.

4.4.43 During the 2022–23 audit, the ANAO:

• reviewed the compliance activities performed by Defence over a targeted selection of asset under construction projects;
• tested controls in a random selection of asset under construction projects;¹³¹
• tested a sample of transactions relating to projects to confirm the amount had been appropriately capitalised, or expensed; and
• tested the roll-out processes when finalised assets have been rolled out to the fixed asset register.

4.4.44 As a result of the action taken by Defence the ANAO considers this finding to be resolved.

Weaknesses around the governance of Australian Defence Force health services

4.4.45 The provision of health services to Australian Defence Force (ADF) members is managed under a contract with a service provider and includes two broad categories of charges covering off-base and on-base services. As part of the 2020–21 audit, the ANAO identified weaknesses associated with the processes implemented by Defence to confirm the accuracy and validity of the service provider’s monthly invoices.

4.4.46 The ANAO recommended Defence:

• examine and strengthen the design of processes to provide assurance over the accuracy and validity of the health service payments;
• extend assurance activities to include on-base services; and
• complete assurance activities in a timely manner and escalate issues to an appropriate level of management to ensure that issues can be dealt with promptly and recoveries initiated where required.

4.4.47 The management of the ADF health services contract was the subject of a performance audit, which was tabled during the 2022–23 financial year¹³². The performance audit highlighted similar issues to those raised in the financial statements audit.

4.4.48 The ANAO reviewed Defence’s progress in addressing the recommendations and observed that assurance activities have been extended to cover both on-base and off-base services. In addition, system fixes to improve the quality of invoicing were being implemented by the external service provider. The ANAO observed that Defence processes to review periodic invoicing were becoming more timely.

4.4.49 As a result of the action taken by Defence the ANAO considers this finding to be resolved.

Management of privacy data

4.4.50 Management of personally identifiable data is a responsibility of all Australian Government entities subject to the Privacy Act 1988. As part of the 2020–21 audit, in reviewing the privacy framework at Defence, the ANAO observed that Defence was unable to provide evidence and assurance that personally identifiable information was being managed appropriately. The ANAO also identified that Defence has limited ability to discover systems that contain information that would be classified as personally identifiable information, as well as no systematic method for tracking changes, access or distribution of personally identifiable information.

4.4.51 The most significant components of the finding which included the need to maintain a register of personally identifiable data, and to have systems and processes for tracking changes, access and distribution of the data have been substantially completed by Defence.

4.4.52 As a result of actions taken by Defence the ANAO considers this finding to be resolved.

Australian Signals Directorate

4.4.53 The purpose of the Australian Signals Directorate (ASD) is to defend Australia from global threats and advance Australia’s national interest through the provision of foreign signals intelligence, cybersecurity, and offensive cyber operations, as directed by government. The Australian Cyber Security Centre, which is a part of ASD, provides support to government and the Australian community to improve Australia’s cyber resilience.

Summary of financial performance

4.4.54 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by ASD (as outlined in Table 4.4.7 and Table 4.4.8) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.4.7: Key departmental financial statements items

Source: ASD’s audited financial statements for the year ended 30 June 2023.

4.4.55 The increase in revenue from Government is mainly due to the additional funding from the Australian Government for the implementation of various programs and projects, with the most significant being REDSPICE (Resilience, Effects, Defence, Space, Intelligence, Cyber and Enablers). REDSPICE is the largest investment in ASD’s history and aims to ensure that Australia is well-prepared to adapt to the evolving strategic and technology landscape.

4.4.56 The increase in the net cost of services was primarily due to the following factors:

• higher operating expenses due to REDSPICE initiatives including growth in employee benefits expenses from increased employee numbers, additional supplier expenses incurred related to the REDSPICE programs; and
• higher depreciation and amortisation expenses reflecting the capitalisation of assets under construction and the recognition of newly acquired lease right-of-use assets during the period.

4.4.57 Total assets increased due to higher non-financial assets driven by the purchase and construction of additional plant, equipment, buildings, and infrastructure.

4.4.58 Total liabilities increased due to supplier payables and employee provisions. These increases were a result of higher supplier and employee benefit expenses (refer to paragraph 4.4.55).

Table 4.4.8: Key administered financial statements items

Source: ASD’s audited financial statements for the year ended 30 June 2023.

4.4.59 Movements in the balance of ASD’s administered assets and liabilities reflect normal business activities.

Key areas of financial risk

4.4.60 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ASD’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.4.9.

Table 4.4.9: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ASD’s audited financial statements for the year ended 30 June 2023.

Audit results

4.4.61 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian War Memorial

4.4.62 The Australian War Memorial (AWM) has responsibility for commemorating, interpreting and understanding the Australian experience of war and its enduring impact through maintaining and developing the national memorial and its collection, and exhibiting historical material, and undertaking commemorative ceremonies and research.

Summary of financial performance

4.4.63 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by AWM (as outlined in Table 4.4.10) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.4.10: Key financial statements items

Source: AWM’s audited financial statements for the year ended 30 June 2023.

4.4.64 The total loss attributable to the Australian Government is a result of a decrease in the value of heritage and cultural assets following the AWM undertaking a comprehensive independent revaluation in 2022–23.

4.4.65 Total assets increased following the receipt and investment of redevelopment program funding and the capitalisation of redevelopment related work-in-progress offset by the decrease in the value of heritage and cultural assets.

Key areas of financial risk

4.4.66 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of AWM’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.4.11.

Table 4.4.11: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and AWM’s audited financial statements for the year ended 30 June 2023.

Audit results

4.4.67 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Defence Housing Australia

4.4.68 The Defence Housing Australia (DHA) is responsible for providing housing and related services to members of the Australian Defence Force and their families, consistent with Defence’s operational requirements. To meet these requirements, DHA is responsible for constructing, purchasing and leasing houses for Australian Defence Force personnel.

Summary of financial performance

4.4.69 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by DHA (as outlined in Table 4.4.12) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.4.12: Key financial statements items

Source: DHA’s audited financial statements for the year ended 30 June 2023.

4.4.70 Total expenses decreased by $20.9 million mainly due to a decrease in the cost of inventories sold (due to lower sales). This decrease was offset by an increase in depreciation and amortisation, as a result of a changes in useful lives for investment properties and acquisitions of investment properties.

4.4.71 Total income decreased by $62.1 million primarily due to lower sales of inventories. The lower sale of inventories is in line with DHA’s business strategy to reduce direct leasing from the market and ongoing acquisition of investment properties.

4.4.72 The increase in total assets of $124.7 million is due mainly to:

• acquisitions of investment properties throughout the year; and
• changes to the terms of lease right-of-use assets for investment properties due to the economic environment and increased rental charges.

4.4.73 Total liabilities increased by $24.5 million. The changes in the balance of lease right-of-use assets for investment properties also impacted the lease liabilities balance. These increases were offset by no dividend being declared.

Key areas of financial risk

4.4.74 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DHA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.4.13.

Table 4.4.13: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DHA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.4.75 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Department of Veterans’ Affairs

4.4.76 The Department of Veterans’ Affairs (DVA) is responsible for developing and implementing programs to assist the veteran and ex-service communities. This includes granting pensions, allowances and other benefits, and providing treatment under the Veterans’ Entitlements Act 1986; the administration of benefits and arrangements under the Military Rehabilitation and Compensation Act 2004; determining and managing claims relating to defence service under the Safety, Rehabilitation and Compensation (Defence-related Claims) Act 1988; administering the Defence Service Homes Act 1918, the War Graves Act 1980; and conducting commemorative programs to acknowledge the service and sacrifice of Australian servicemen and women.

Summary of financial performance

4.4.77 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by DVA (as outlined Table 4.4.14 and Table 4.4.15) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.4.14: Key departmental financial statements items

Source: DVA’s audited financial statements for the year ended 30 June 2023.

4.4.78 The net cost of services increased by $42.4 million mainly due to a $67.4 million increase in employee benefits as a result of increased staffing to support claims processing. The increase in employee expenses was partially offset by a decrease of contractor costs, shared service expenses and increase in net insurance premium revenue for Defence Services Homes Insurance.

4.4.79 Revenue from government increased by $114.6 million mainly to fund DVA’s increased activity in relation to processing the backlog of claims.

4.4.80 Total assets increased by $44.0 million mainly due to an increase appropriation receivable.

Table 4.4.15: Key administered financial statements items

Source: DVA’s audited financial statements for the year ended 30 June 2023.

4.4.81 Total expenses increased by $14.0 billion mainly due to a $13.5 billion increase in the actuarial assessment of the DVA’s future obligations in respect of the Military Compensation Provision (personal benefits and health care) at 30 June 2023. This was mainly due to the changes to the key assumptions and the actuarial modelling to reflect the recent claim experience.

4.4.82 Total liabilities increased mainly due to the actuarial assessment undertaken on the Military Compensation Provision (refer to paragraph 4.4.81).

Key areas of financial risk

4.4.83 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DVA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.4.16 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.4.16: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DVA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.4.84 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.4.17: Status of audit findings

Source: ANAO 2022–23 audit results.

Note a: The significant audit finding relating to Military Compensation Scheme Provision Methodology was identified during the 2021–22 audit. This audit finding was downgraded to a moderate audit finding during the 2022–23 interim audit as reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Note b: The moderate audit finding relating to User Revalidations was identified during the 2020–21 audit. This audit finding was downgraded to a minor audit finding during the 2022–23 interim audit as reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Note c: The moderate audit findings relating to Monitoring of high risk activity in IT systems; and QUASARS Claim File Population Reports were resolved during the 2022–23 interim audit as reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

4.4.85 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that DVA’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit findings

Military Compensation Scheme provision

4.4.86 The Military Compensation Scheme (MCS) provision is assessed at the end of each financial year and recognises DVA’s liability in relation to the Military Rehabilitation and Compensation Act 2004 (MRCA) and the Safety, Rehabilitation and Compensation (Defence-related Claims) Act 1988 (SRCA). The calculation of the provision is complex and involves a number of key assumptions and judgements, including assumptions relating to future trends in medical costs, permanent incapacity and inflation rates.

4.4.87 During the 2021–22 audit, the ANAO noted the adjustments made each year to the provision over the previous six years and formed a view that there was a significant risk that DVA’s initial valuation of the provision for 2021–22 may again be understated. The ANAO recommended that DVA develop a comprehensive oversight policy and procedures covering risk assessment, data, assumptions, scenario analysis and involvement of key staff who understand the underlining policy and operational matters related to the provision. The ANAO also recommended that DVA undertake further work in relation to the risk adjustment to ensure it maximises DVA’s management of the level of uncertainty in the provision

4.4.88 This finding was downgraded to a moderate finding during the 2022–23 interim audit due to the implementation of revised guidelines by DVA outlining the key components of the valuation process. The ANAO undertook further testing of the of the actuarial valuation of the MCS provision as at 30 June 2023 which indicated that DVA management has implemented additional documentation, guidelines and an enhanced project management process to deliver outcomes within the financial statements’ project plan.

4.4.89 There were number of key modelling changes embedded into the 2022–23 assessment that facilitated a more accurate projection of future claims based on the present obligations. DVA’s actuary used a conservative approach for determining the key assumptions in the provision calculation based on most recent claim experience in addressing the uncertainty of the unprocessed backlog of claims.

4.4.90 DVA included a risk adjustment in the calculation of the provision. This resulted in an increase of the provision of $6.3 billion in 2022–23. The ANAO concluded that DVA’s calculation is in line with the industry risk margins set out for workers compensation and employees’ liability classes.

4.4.91 Overall, the 2022–23 MCS provision assessment was conducted considering the key recommendations made by the ANAO during the 2021–22 audit. As a result, the finding is now considered resolved.

User access removal

4.4.92 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.4.93 During the 2020–21 audit, the ANAO identified weaknesses in DVA’s controls relating to user access removal.

4.4.94 DVA has provided evidence to the ANAO on how capability to monitor user’s access on termination and to ensure the quality of the processes implemented have been enhanced. The ANAO identified that DVA’s monitoring process covering all late user terminations identified by Services Australia over the full financial period is effective. On the basis of the evidence provided, the finding is considered resolved.

Personal benefits – incompatible access monitoring

4.4.95 DVA identified a business risk associated with IT users with access (for business reasons) that would allow them to bypass segregation of duties controls. These users are identified via reports generated by DVA to monitor this access. There is a monthly user access revalidation performed by directors and a quarterly user access revalidation that is endorsed by the branch heads. ANAO tested both the monthly and the quarterly revalidations of users with potentially incompatible access in 2021–22. The controls were assessed as unreliable due to the number of errors identified through the ANAO’s testing.

4.4.96 Audit procedures performed during the 2022–23 audit identified that DVA’s revalidation process has improved. However, further remediation work is required in order for the revalidation process to operate effectively and address all aspects of the identified risks. The finding was downgraded to a minor finding.

Unresolved moderate audit findings

Security governance – monitoring implementation of controls

4.4.97 In the 2021–22 audit, the ANAO noted instances that indicated DVA’s governance and monitoring processes were not fully effective to address identified business risks. The ANAO recommended an effective governance and assurance framework be developed over security governance to ensure controls were implemented and operating effectively.

4.4.98 DVA has developed an Agency Security Plan and the Agency Security Risk Assessment, which has been provided to the ANAO (including evidence of remediation activities undertaken to address open audit findings). Audit procedures undertaken by the ANAO identified gaps in certain areas where the underlying supporting evidence or process was not operating as outlined by DVA including documentation having incomplete information, procedures not being followed, and mitigations not implemented at the time of the assessment.

4.4.99 The ANAO will review the assess the status of this finding as part of the 2023–24 audit.

Process Direct security risk management

4.4.100 In the 2020–21 audit, the ANAO identified weaknesses relating to the management of security risks as part of an upgrade to Process Direct implemented in November 2020. The ANAO recommended that DVA address the self-identified security risks when implementing the system.

4.4.101 DVA affirmed that accreditation of Process Direct was finalised in August 2021 and all required security documentation developed. The ANAO’s inspection of the accreditation documents, including the Process Direct System Security Plan, identified that two of the three self-identified risks remained untreated. DVA acknowledged that the untreated risks were accepted when the interim approval to operate was issued.

4.4.102 DVA subsequently provided an updated Interim Authority to Operate for Process Direct which included a risk assessment and a targeted risk remediation plan. DVA is also planning to commission an independent review of Process Direct to help formulate a longer-term remediation pathway and action plan for addressing risks.

4.4.103 The ANAO will review the status of this finding as part of the 2023–24 audit.

Emphasis of matter

4.4.104 An emphasis of matter paragraph has been included in the 2022–23 auditor’s report to draw users’ attention to the accounting policies disclosed in the financial statements that describe the inherent uncertainty associated with a number of the assumptions used in the calculation of the MCS provision and to the sensitivity of the valuation of the provision to changes in these assumptions. This is considered to be a key audit matter (refer to Table 4.4.16) due to the complexity and use of judgement associated with the unique compensation arrangements arising under legislation.

Comments on unsigned non-material entities

Royal Australian Navy Central Canteens Board

4.4.105 The Royal Australian Navy Central Canteens Board (RANCCB) is established as a corporate Commonwealth entity to support Navy members by providing a range of low-cost healthy food and beverage options, where profits are returned through social enterprise programs.

4.4.106 The 2022–23 financial statements were not signed at 30 November 2023. As a result, the ANAO’s audit remained in progress and was not complete. This report provides audit results as reported at the interim phase of the 2022–23 audit.

Audit results

4.4.107 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and at the conclusion of the interim phase of the 2022–23 audit.

Table 4.4.18: Status of audit findings

Source: ANAO 2022–23 interim audit results.

Resolved significant audit findings

Process for considering CEO’s remuneration

4.4.108 In 2021–22, the ANAO identified weaknesses in the process for considering the CEOs remuneration. Weaknesses included no evidence that the CEO had developed Key Performance Indicators (KPIs) in accordance with their employment contract on which to base the assessment of pay increments and performance bonuses. During the period assessed, the CEO received approved pay increments and was awarded a performance bonus. Further, management was unable to provide evidence of Board approval for the total CEO remuneration for the assessed period. Evidence was obtained that captured a number of the discussions but did not capture the approval for the total payment.

4.4.109 In 2022–23, RANCCB implemented formal policies for considering the CEO’s remuneration, including the development of KPIs to be used in assessing the performance of the CEO. The ANAO has reviewed the formal policies and confirmed that discussions and decisions of the Remuneration Committee and Executive Board were appropriately recorded in the minutes of meetings and records maintained in line with records management requirements. As a result, this finding is considered to have been addressed.

Weaknesses in asset management

4.4.110 In 2021–22, the ANAO identified weaknesses in RANCCB’s asset management process, including the absence of a formalised annual asset stocktaking process. Further, the ANAO identified that incorrect and incomplete data was provided to the independent valuer for the purposes of asset valuation.

4.4.111 In 2022–23, RANCCB implemented formal procedures in relation to the asset stocktaking process. The stocktake included a process to improve the level of detail of the asset description and location of assets documented in the fixed assets register, in conjunction with adding stickers and engraving on assets to evidence ownership. RANCCB also undertook a detailed asset valuation process at 30 June 2023, using complete and accurate data to determine the fair value of plant and equipment. The ANAO reviewed asset stocktake procedures and the outcome of the asset stocktake and asset valuation at 30 June 2023 and is satisfied that these matters have been addressed.

4.4.112 One recommendation made by the ANAO remains outstanding relating to confirming ownership of a group of assets with Department of Defence. As a result of the remediation undertaken by RANCCB this finding has been downgraded to a minor audit finding at the interim phase of the audit.

Resolved moderate audit findings

Weaknesses in inventory management

4.4.113 In 2021–22, the ANAO identified weaknesses in RANCCB’s inventory management process. These weaknesses included an out of date inventory policy, no physical count was performed for the Navy merchandise held by a third-party provider and no periodic merchandise inventory reconciliations were prepared. The ANAO also identified that there was no independent process or review to confirm whether the physical count performed by each canteen manager was complete and accurate.

4.4.114 In 2022–23, RANCCB updated their inventory policy and inventory stocktake procedures and performed a physical count of inventory held by third parties at 30 June 2023. RANCCB also implemented periodic inventory reconciliations that were evidenced as prepared and reviewed by independent staff members. As a result, this finding is considered to have been addressed.

Deficiencies in recording and monitoring cost of goods sold

4.4.115 In 2021–22, the ANAO identified weaknesses in RANCCB’s recording and monitoring cost of goods sold. Weaknesses included no formal documented process to ensure that cost of goods sold expenses were being recorded, monitored, and rectified accurately and in a timely manner by key personnel and no formal independent review or approval prior to cost of goods sold adjustments being processed in the financial management information system. The ANAO also identified there was no independent check to confirm purchased inventory was appropriately recorded in the system and no evidence of processes to monitor and remediate the accuracy of canteen stock recorded by canteen managers.

4.4.116 In 2022–23, RANCCB implemented detective controls to support the accurate processing of inventory purchases in the system, including strengthening the investigations performed by the Inventory Analyst to investigate discrepancies identified during the month end stocktake. The implementation of recommendations to address the weaknesses in the inventory management audit finding also addressed weakness identified in this audit finding. As a result, this finding is considered to have been addressed.

Weaknesses in revenue and receivables

4.4.117 In 2021–22, the ANAO identified weaknesses in RANCCB’s revenue and receivables process. These weaknesses included no formal controls in place for revenue received from canteens and no formal controls to confirm completeness of revenue received from other sources. Further, there were no formal monitoring controls over debtor management.

4.4.118 In 2022–23, RANCCB implemented a formalised reconciliation of canteen revenue and revenue received from external sources. RANCCB has also performed a periodic reconciliation of aged debtors and implemented a process to follow-up overdue debt on a timely basis. As a result, this finding is considered to have been addressed.

Records management

4.4.119 In 2021–22, the ANAO observed weaknesses in RANCCB’s records management practices. These observations related to appropriate accounts and records to support 2021–22 transactions and balances, along with prior year balances that were carried forward to 2021–22.

4.4.120 In 2022–23, RANCCB has implemented an appropriate records management framework and controls designed to ensure the creation and subsequent capture of accounts and records to support the preparation of the financial statements. The ANAO has not identified records management issues during the 2022–23 interim audit. As a result, this finding is considered to have been addressed.

Weaknesses around manual journal processes

4.4.121 In 2021–22, the ANAO identified weaknesses in the manual journals process. The ANAO identified a number of manual journals processed with no evidence of segregation of duties and a system configuration that allowed specific employees access to edit manual journals which had previously been approved and posted to the general ledger, with no audit trail to identify where this had occurred. There were also unexplained gaps in the sequential numbering of manual journals, indicating a risk that journals had been deleted or voided with no supporting evidence.

4.4.122 In 2022–23, RANCCB implemented processes to ensure appropriate segregation of duties between the preparer and reviewer for manual journals. The ANAO reviewed the revised process and undertook sample testing of manual journals to confirm the revised process was operating effectively. As a result, this finding is considered to have been addressed.

Comments on non-material entities

Army and Air Force Canteen Service

4.4.123 The Army and Air Force Canteen Service (AAFCANS) was established to provide goods, facilities and services to members of the Defence community. AAFCANS operates food services and facilities on 27 Army and Air Force bases and joint ADF facilities throughout Australia.

Audit results

4.4.124 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.4.19: Status of audit findings

Source: ANAO 2022–23 audit results.

Resolved significant audit finding

Key management personnel disclosures

4.4.125 During the 2021–22 audit, the ANAO identified a number of issues with the reporting of the prior year’s Key Management Personnel (KMP) note disclosure in accordance with AASB 124 Related Party Disclosures and the Financial Reporting Rule (FRR). The errors were considered material to the financial statements and resulted in the inclusion of an emphasis of matter paragraph in the 2021–22 auditor’s report.

4.4.126 To address this finding, AAFCANS:

• restated the prior year’s KMP note in its 2021–22 financial statements;
• prepared a position paper to outline its consideration of personnel to be included in the KMP note;
• updated its remuneration policies to ensure payments are consistent with guidance issued by the Australian Public Service Commission;
• updated the AAFCANS Board’s charter to ensure processes are in place to support compliance with legislative requirements;
• sought formal appointment for the invalid Board appointments from the Chief of the Defence Force; and
• published the executive remuneration tables which had not been included in the Annual Report on the AAFCANS’ website.

4.4.127 In restating the KMP note, it was identified that an overpayment had been made to the former Managing Director under the Remuneration Tribunal Determination. The AAFCANS’ Board advised that it would not pursue recovery of the overpayment as legal fees were determined to be higher than the amount to be recovered.

4.4.128 The ANAO acknowledged the significant work undertaken by management to address the finding and is satisfied that this issue has been resolved.

Resolved moderate audit finding

Control weaknesses around the asset revaluation reserve

4.4.129 The ANAO identified that AAFCANS did not have a process to reconcile its asset revaluation reserve and was unable to provide a breakdown of the balance by asset class. As a result, AAFCANS did not record its asset valuation adjustments in its general ledger as it was unable to determine whether there was a revaluation reserve against which to offset the revaluation decrement.

4.4.130 During the 2022–23 financial year, AAFCANS transferred the majority of its asset revaluation reserve to retained earnings as there were insufficient records to support the breakdown of the balance by asset class. AAFCANS has also implemented processes to ensure asset revaluation adjustments can be accurately linked to each asset class.

4.4.131 The ANAO accepted the transfer of the balance to retained earnings was the most appropriate course of action, and is satisfied that processes have been established to prevent this issue from re-occurring. As a result, this finding has been closed.

Resolved significant legislative breach

Breach of section 41 of the Public Governance, Performance and Accountability Act 2013

4.4.132 The Public Governance, Performance and Accountability Act 2013 (PGPA Act) confers on accountable authorities various responsibilities and powers to promote high standards of accountability and performance. They are also responsible for the financial management of the entity and compliance with reporting requirements. Section 41 of the PGPA Act requires entities to maintain accounts and records that properly explain the entity’s transactions and financial position.

4.4.133 The ANAO identified that AAFCANS was unable to produce accounts and records in relation to its asset revaluation reserve. The ANAO recommended AAFCANS implement appropriate controls designed to ensure compliance with the PGPA Act, the FRR and to enable the preparation of the financial statements using information that can be properly supported with accounts and records.

4.4.134 The ANAO is satisfied that AAFCANS has implemented processes over its asset revaluation reserve to ensure accounts and records are maintained in accordance with section 41 of the PGPA Act. This matter is considered resolved.

Royal Australian Air Force Veterans’ Residences Trust

4.4.135 The Royal Australian Air Force Veterans’ Residences Trust (the Trust) was established to provide residences to former members of the Air Force and their families who are in need. The Trust has acquired 75 residences throughout Australia and is self-funded.

Audit results

4.4.136 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.4.20: Status of audit findings

Source: ANAO 2022–23 audit results.

4.4.137 For the finding outlined below, the ANAO undertook additional audit procedures to gain reasonable assurance that the Trust’s 2022–23 financial statements were not materially misstated.

Unresolved moderate audit finding

Governance risk

4.4.138 During the 2021–22 audit, the ANAO identified that the Trust had one Audit Committee member who was a Trustee. Under law, Trustees are responsible for managing the affairs of a Trust. In addition, the Trust does not have employees who are undertaking managerial functions. Instead, the Trust employs staff who perform duties that would be described as clerical or administrative in nature. The staff of the Trust have not been included in the Key Management Personnel note disclosure.

4.4.139 The Trust does not have any independent oversight as it has not established an internal audit function.

4.4.140 The Trust has acknowledged the finding and has included governance risk in its enterprise risk register which is subject to ongoing review by the Trustees. During 2022–23, the Trust commenced processes to replace the Trustee with an independent member. This process has been put on hold pending the outcome of an independent review by the Department of Defence into the Defence portfolio entities (which includes the Trust).

Royal Australian Air Force Welfare Recreational Company

4.4.141 The Royal Australian Air Force (RAAF) Welfare Recreational Company (the Company) was established in 1972 to manage and promote recreational facilities for RAAF members, their families and other eligible persons and to provide financial support to and assist in the provision of recreational amenities and services to RAAF members. As Trustee, the Company achieves its purpose through management of the RAAF Central Welfare Trust Fund. The Company is subject to the Corporations Act 2001.

Audit results

4.4.142 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.4.21: Status of audit findings

Source: ANAO 2022–23 audit results.

4.4.143 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that the Company’s 2022–23 financial statements were not materially misstated.

Resolved significant legislative breach

Alterations made to the signed financial statements after the auditor’s report was issued

4.4.144 During the 2021–22 audit, the ANAO identified that the Company had made changes to its audited 2020–21 financial statements, and had published an altered version of the financial statements, which were re-signed on the 6 October 2021, with the auditor’s report that was issued on the 29 September 2021.

4.4.145 The changes made to the financial statements resulted in a breach of section 97 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and section 301 of the Corporations Act 2001.

4.4.146 In addition, the directors did not pass a valid resolution to issue the financial statements, and did not lodge its annual report with the Australian Securities and Investments Commission also resulting in breaches of the Corporations Act 2001.

4.4.147 The Company has removed the altered version of the 2020–21 financial statements from public access, and has advised the Australian Charities and Not-for-profits Commission and the Australian Securities and Investments Commission (ASIC) of the error.

4.4.148 The Company re-submitted its 2020–21 financial statements for audit and a new audit opinion was issued on 30 November 2022. This matter is considered resolved.

Royal Australian Air Force Welfare Trust Fund

4.4.149 The Royal Australian Air Force Welfare Trust Fund (the Fund) was established to provide financial assistance to Defence service personnel including concessional loans and grants, and a Group Life Insurance Scheme.

Audit results

4.4.150 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.4.22: Status of audit findings

Source: ANAO 2022–23 audit results.

Resolved significant legislative breach

Breaches of the Services Trust Funds Act – loan made to dependent of trustee

4.4.151 During the 2021–22 audit, the ANAO identified that a loan had been made to a dependent of a Trustee. The Trustee’s dependent also financially contributed to the Fund’s ‘Group Life Scheme’ which provides a payout for untimely death. The Trustee (and their dependent) were beneficiaries of any payout. Both transactions were in contravention of paragraph 14 of the Services Trust Funds Act 1947, which prohibits a person who is a Trustee or a dependant from receiving benefits from the Fund.

4.4.152 During the 2022–23 financial year, the Fund revoked the loan made to the dependent of the Trustee and recovered the outstanding loan amount. The dependent of the Trustee is no longer a financial contributor to the Fund’s Group Life Scheme. The ANAO considers this issue to be resolved.

Resolved moderate audit finding

Governance risk

4.4.153 During the 2021–22 audit, the ANAO identified that the Fund had one Audit Committee member who was a Trustee. Under law, Trustees are responsible for managing the affairs of a Trust. In addition, the Fund does not have employees who are undertaking managerial functions. Instead, the Fund employs staff who perform duties that would be described as clerical or administrative in nature. The staff of the Fund have not been included in the Key Management Personnel note disclosure.

4.4.154 The Fund does not have any independent oversight as it has not established an internal audit function.

4.4.155 The Fund has replaced the Trustee on the Audit Committee with an independent member. The Fund has updated the Audit Committee charter to reflect that Trustees cannot be appointed as members of the Audit Committee. The Fund has accepted the risks relating to independent oversight, and has strengthened processes performed by the Board of Trustees to manage this risk. The ANAO considers this matter to be closed.

4.5 Education portfolio

Portfolio overview

4.5.1 The Education portfolio’s purpose is to contribute to Australia’s economic prosperity and social wellbeing by creating opportunities and driving better outcomes through access to quality education. The portfolio is comprised of six entities, including the Department of Education. The entities within the portfolio are responsible for policy, program and regulation responsibilities and delivering better outcomes for students, educators and teachers in early learning and care centres, schools and higher education providers.

4.5.2 Table 4.5.1 identifies material entities specifically mentioned in this section.

4.5.3 Figure 4.5.1 shows the Education portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³³

Figure 4.5.1:  Education portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.5.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.158, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.5.2 provides a summary of those audit differences that relate to entities within the Education portfolio.

Table 4.5.2: The number of audit differences for entities in the Education portfolio

Note a: On 1 July 2022 the Department of Education, Skills and Employment was renamed to the Department of Education.

Note b: The adjustments include adjustments identified in the period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Education portfolio.

4.5.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Education and findings for other material and non-material entities in the portfolio.

Department of Education

4.5.6 The Department of Education (Education) is responsible for contributing to Australia’s economic prosperity and social wellbeing by creating opportunities and driving better outcomes through access to quality education.

4.5.7 Following the Administrative Arrangement Orders of 2 June 2022, which came into effect on 1 July 2022, the Department of Education, Skills and Employment was renamed to the Department of Education, with employment and skills functions transferred to the Department of Employment and Workplace Relations (DEWR).

Summary of financial performance

4.5.8 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Education (as outlined in Table 4.5.3 and Table 4.5.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.5.3: Key departmental financial statements items

Note a: The prior period financial statements were restated with respect to: revenue from government, trade and other receivables and equity returns.

Source: Education’s audited financial statements for the year ended 30 June 2023.

4.5.9 The decrease in the net cost of services, surplus and total comprehensive loss is largely a result of the Machinery of Government (MoG) changes which saw the employment and workplace relations function transferred to DEWR on 1 July 2022.

4.5.10 The decrease in total assets and liabilities is also mainly due to the impact of these MoG changes. A total of $954.6 million in assets and $452.6 million in liabilities were transferred to DEWR on 1 July 2022.

Table 4.5.4: Key administered financial statements items

Source: Education’s audited financial statements for the year ended 30 June 2023.

4.5.11 The decrease in administered expenses is due to mainly to:

• the impact of MoG changes, particularly a reduction in subsidies expenses of $4.0 billion due to the transfer of employment programs to DEWR on 1 July 2022; and
• a decrease in fair value losses on Higher Education Loan Program loans due to movements in the discount rate yield curve applied in the actuarial valuation of outstanding loans, movements in repayments and new loans made and the unwinding of concessional loan discounts.

4.5.12 The balance of administered assets ($47.4 billion) mainly comprises the trade and other receivables for HELP loans ($46.8 billion). The decrease in administered assets is largely related to impact of MoG Changes particularly the transfer of $3.65 billion of Vocational Education and Training (VET) student loan program and Trade Support Loans to DEWR on 1 July 2022.

Key areas of financial risk

4.5.13 In light of the key areas of risk and the ANAO’s understanding of the operations of Education, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high. The engagement risk was increased from moderate to high for 2022–23 as a result of the machinery of government changes and the ongoing arrangements that Education has in place with DEWR.

4.5.14 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Education’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.4.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.5.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Education’s audited financial statements for the year ended 30 June 2023.

Audit results

4.5.15 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.5.6: Status of audit findings

Note a: The moderate audit finding, relating to Management of Machinery of Government changes, was identified as part of the 2022–23 interim audit. This finding was previously reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.5.16 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Education’s 2022–23 financial statements were not materially misstated.

New significant audit finding

Governance – legal and other matters

4.5.17 As part of the financial statements audit process, the ANAO requests that Education provides access to all information, such as records and documentation and other matters, of which Education is aware of and that is relevant to the financial statements preparation process.

4.5.18 During the audit, the ANAO became aware of legal matters from a source other than the Department that had not been considered in the preparation of the financial statements, nor advised to the ANAO by Education. One of these matters resulted in a late adjustment to the financial statements.

New moderate audit finding

Management of Intangible Assets

4.5.19 Education has implemented a number of intangible assets that support its administered programs, with these systems undergoing continuous enhancements and upgrades to support changes in programs.

4.5.20 As part of the final audit processes, the ANAO noted a number of assets under construction which had not been appropriately assessed for impairment or recognising the assets in use as at 30 June 2023 in accordance with Australian Accounting Standards. As a result, the Education subsequently reviewed these assets and made material adjustments to the financial statements.

Resolved moderate audit finding

Management of Machinery of Government (MoG) changes

4.5.21 During the 2022–23 interim audit, the ANAO noted a number of areas where timeliness and the configuration of the FMIS and HRMIS (in implementing the MoG changes) has impacted on the financial reporting and audit of Education.

4.5.22 Education has undertaken processes to rectify the above audit finding. This included more timely balance sheet reconciliations and a process whereby transactions recorded in the FMIS were assessed to determine whether they related to Education or DEWR.

Unresolved moderate audit finding

Removal of user access

4.5.23 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.5.24 The ANAO identified instances where users had accessed the former Department of Education, Skills and Employment’s systems after completion of their employment or contract. The ANAO noted that there were delays in completion of Exit Advice Notification which triggers a number of actions, including the termination access to ICT networks and systems.

4.5.25 During 2022–23 standard operating procedures to review the separation process were implemented. The ANAO identified that these procedures did not fully address the identified risk. These procedures will be reviewed to address identified gaps. The ANAO consider the design and implementation of the revised control during the 2023–24 financial statements audit.

Australian Research Council

4.5.26 The Australian Research Council (ARC) is responsible for administering the National Competitive Grants Program (NCGP), assessing the quality, engagement and impact of research, and providing advice and support on research matters.

Summary of financial performance

4.5.27 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by the ARC (as outlined in Table 4.5.7 and Table 4.5.8) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.5.7: Key departmental financial statements items

Source: ARC’s audited financial statements for the year ended 30 June 2023.

4.5.28 The deficit decreased by $4.4 million mainly due to the increase in revenue from government of $3.2 million and revenue from contracts with customers for grant administration services of $1.4 million.

Table 4.5.8: Key administered financial statements items

Source: ARC’s audited financial statements for the year ended 30 June 2023.

4.5.29 The increase in total expenses of $51.4 million was largely due to the $45.0 million increase in grant funding during 2022–23 and $5.9 million increase in supplier expenses. Supplier expenses were in connection to consultation and support services for the grant programs.

4.5.30 The increase in total liabilities of $13.5 million was due to increase in grants payable which is in line with the increase in grant expenses.

Key areas of financial risk

4.5.31 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ARC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.5.9.

Table 4.5.9: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ARC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.5.32 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Australian Scientific Instruments Pty Limited

4.5.33 Australian Scientific Instruments Pty Limited (ASI) was established for the development, manufacture and sale of scientific instruments. ASI is a subsidiary of the Australian National University.

Audit results

4.5.34 There were no significant or moderate audit findings arising from the 2021 or 2022 financial statements audits.

Emphasis of matter

4.5.35 The auditor’s report for ASI’s financial statements for the year ended 31 December 2022 included an emphasis of matter paragraph to draw the attention of users to the notes of the financial statements which indicate that the financial statements were prepared on a non-going concern basis. The non-going concern basis of preparation is due to the decision of the directors to cease trading by 30 June 2023 and commence winding up the entity by 31 December 2023.

4.6 Employment and Workplace Relations portfolio

Portfolio overview

4.6.1 The Employment and Workplace Relations portfolio and Department of Employment and Workplace Relations were established on 1 July 2022 under the Administrative Arrangements Order issued by the Australian Government on 1 June and 23 June 2022.

4.6.2 The Employment and Workplace Relations portfolio is responsible for: skills, vocational and employment pathways; workplace relations; work health and safety; and rehabilitation and compensation.

4.6.3 Table 4.6.1 identifies material and other entities specifically mentioned in this section.

4.6.4 Figure 4.6.1 shows the Employment and Workplace Relations portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³⁴

Figure 4.6.1:  Employment and Workplace Relations portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.6.5 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.6.2 provides a summary of those audit differences that relate to entities within the Employment and Workplace Relations portfolio.

Table 4.6.2: The number of audit differences for entities in the Employment and Workplace Relations portfolio

Note a: The Fair Work Ombudsman and Registered Organisations Commission was abolished with all functions transferred to the Office of the Fair Work Commission.

Source: ANAO analysis of audit differences reported to entities in the Employment and Workplace Relations portfolio.

4.6.6 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Employment and Workplace Relations, and findings for other material entities and non-material entities in the portfolio.

Department of Employment and Workplace Relations

4.6.7 The Department of Employment and Workplace Relations (DEWR) is responsible for ensuring Australians can experience the social well-being and economic benefits that training, and employment provide. The department is also responsible for workplace relations and work health and safety, rehabilitation, and compensation.

4.6.8 As a result, on 1 July 2022, a Machinery of Government (MoG) change took effect with the following functions transferred to DEWR:

• employment, skills and vocational education from the former Department of Education, Skills;
• workplace relations from the Attorney-General’s Department (AGD);
• Automatic Mutual Recognition (AMR) from the Department of the Prime Minister and Cabinet; and
• Pacific Australia Labour Mobility scheme domestic operations and policy from the Foreign Affairs and Trade (which was agreed in September 2023.

Summary of financial performance

4.6.9 DEWR was established on 1 July 2022 and therefore no comparative financial information is available. The following section provides an overview of the 2022–23 departmental and administered financial statements items reported by DEWR (as outlined in Table 4.6.3 and Table 4.6.4) and includes commentary on significant items which comprise the balances.

Table 4.6.3: Key departmental financial statements items

Source: DEWR’s audited financial statements for the year ended 30 June 2023.

4.6.10 The deficit attributable to the Australian Government of $84.4 million was primarily due to unfunded depreciation of $87.9 million.

4.6.11 Total assets comprised mainly:

• non-financial assets (buildings, leasehold improvement, infrastructure, plant and equipment and computer software) of $655.9 million; and
• trade and other receivables of $300.4 million (predominantly appropriation receivables).

4.6.12 Total liabilities comprised mainly employee provisions ($127.1 million) and lease liabilities ($258.9 million) mainly related to office premises. DEWR has a large and geographically diverse lease portfolio.

Table 4.6.4: Key administered financial statements items

Source: DEWR’s audited financial statements for the year ended 30 June 2023.

4.6.13 Total expenses comprised mainly of subsidies of $3.9 billion and supplier expenses of $1.9 billion which primarily related to apprentice program and Workforce Australia program.

4.6.14 Total income primarily comprised:

• interest revenue on Vocational Education Training (VET) loans ($169.0 million);
• fair value gains on VET and Trade Support loans of $546.0 million reflecting the impact of an actuarial assessment on the balance of outstanding loans.

4.6.15 Total assets are mainly related to VET and Trade Support loans ($4.58 billion).

4.6.16 Total liabilities primarily related to the recognition of a payable to Comcare for the administration of Commonwealth workers compensation and other claim liabilities ($2.0 billion).

Key areas of financial risk

4.6.17 In light of the key areas of risk and the ANAO’s understanding of the operations of DEWR, the ANAO has assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.6.18 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DEWR’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.6.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.6.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DEWR’s audited financial statements for the year ended 30 June 2023.

Audit results

4.6.19 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.6.6: Status of audit findings

Note a: The moderate audit finding related to Removal of user access was first reported to the Department of Education, Skills and Employment (DESE). On 1 July 2022, the Department of Employment and Workplace Relations (DEWR) was created and some functions transferred from DESE. As a result, this finding was also relevant to DEWR.

Note b: The moderate audit finding, relating to Management of Machinery of Government changes, was identified as part of the 2022–23 interim audit. This finding was previously reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.6.20 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that DEWR’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Management of Machinery of Government changes

4.6.21 During the 2022–23 interim audit, the ANAO noted a number of areas where timeliness and the configuration of the FMIS and HRMIS (in implementing the MoG changes) impacted on the financial reporting and audit of DEWR.

4.6.22 DEWR has undertaken processes to rectify the above audit finding. This included more timely balance sheet reconciliations and a process whereby transactions recorded in the FMIS were assessed to determine whether they related to DEWR or Department of Education (Education).

Unresolved moderate audit finding

Removal of user access

4.6.23 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.6.24 The ANAO identified instances where users had accessed the former Department of Education, Skills and Employment’s systems after completion of their employment or contract. The ANAO noted that there were delays in completion of Exit Advice Notification which triggers a number of actions across the department, including the termination access to ICT networks and systems.

4.6.25 During 2022–23 standard operating procedures to review the separation process were implemented. The ANAO identified that these procedures did not fully address the identified risk. These procedures will be reviewed to address identified gaps. The ANAO will consider the design and implementation of the revised control during the 2023–24 financial statements audit.

Coal Mining Industry (Long Service Leave Funding) Corporation

4.6.26 The Coal Mining Industry (Long Service Leave Funding) Corporation (Coal LSL) collects levies from employers to fund long service leave payments made to employees in the Australian black coal mining industry. The levies collected are invested until the employee takes long service leave, at which point the employer makes a payment to the employee and seeks reimbursement from Coal LSL in accordance with legislative arrangements.

Summary of financial performance

4.6.27 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Coal LSL (as outlined in Table 4.6.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.6.7: Key financial statements items

Source: Coal LSL’s audited financial statements for the year ended 30 June 2023.

4.6.28 The net cost of services decreased by $111.2 million as a result of favourable movements in the fair value of investments held at 30 June 2023, in conjunction with an increase in net realised gains on sale of investments.

4.6.29 The increase in total assets is attributable to the increase in fair value of investments in unit trusts totalling $133.9 million at 30 June 2023. The movement in fair value is the result of realised and unrealised gains.

4.6.30 Total liabilities were higher in 2022–23 due to the increase in the provision for reimbursements of $97.5 million. The increase was largely attributable to a additional provisions recognised during 2022–23 during the period offset by changes in the discount rate and salary growth rates applied in the estimation process.

Key areas of financial risk

4.6.31 The ANAO completed appropriate audit procedures on all material items. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.6.8.

Table 4.6.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Coal LSL’s audited financial statements for the year ended 30 June 2023.

Audit results

4.6.32 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comcare

4.6.33 Comcare is the Commonwealth’s work health and safety regulator, whose stated purpose is to ‘promote and enable safe and healthy work’. It also administers the Commonwealth’s workers compensation scheme and acts as an insurer and claims manager. Comcare’s enabling role is focused on supporting engagement and better practice approaches to health and safety across its scheme.

Summary of financial performance

4.6.34 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Comcare (as outlined in Table 4.6.9) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.6.9: Key financial statements items

Source: Comcare’s audited financial statements for the year ended 30 June 2023.

4.6.35 The change in net (cost of)/contribution by services was due to changes in actuarial and economic assumptions impacting the valuation of workers’ compensation claims provision and common law asbestos-related disease claims provision (refer to paragraph 4.6.38). There was a loss resulting from the movement in workers’ compensation claims provision of $31.0 million in 2022–23 compared to a gain of $10.3 million in 2021–22. There was a gain from the movement in common law asbestos-related disease claims provision of $52.0 million in 2022–23 compared to a gain of $140.0 in 2021–22.

4.6.36 Comcare has arrangements for special appropriations funding for claims to be returned to the Commonwealth when it is surplus to Comcare’s requirements, after third-party recoveries. This is reflected in the movement in the available funding from movement in claims provision.

4.6.37 Total assets decreased by $80.4 million due to:

• a reduction in Comcare’s cash position of $62.0 million;
• a reduction in third-party claims recoveries receivable of $51.1 million, in line with movements in the provisions (refer to paragraph 4.6.38); and
• partly offset by an increase in appropriations receivable of $36.4 million.

4.6.38 The $82.2 million reduction in total liabilities:

• reflects a decrease in common law asbestos-related disease claims provision of $100.6 million due to updated claims experience and risk margins; and
• is partly offset by an increase in the workers’ compensation claims provision of $28.6 million due to increased claims administration expenses, higher claim duration for psychological disease claims and higher inflation expectations, offset by higher investment return expectations and lower claim frequency.

Key areas of financial risk

4.6.39 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Comcare’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.6.10.

Table 4.6.10:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Comcare’s audited financial statements for the year ended 30 June 2023.

4.6.40 The following performance audit report was tabled during 2022–23 relevant to the financial management or administration of Comcare: Auditor-General Report No. 40 2022–23 Comcare’s Administration of its Workers’ Compensation Scheme Claims.

4.6.41 While this report did not include recommendations regarding risks to Comcare’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures. No significant changes were made to the designed audit procedures for the financial statements audit.

Audit results

4.6.42 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Seafarers Safety, Rehabilitation and Compensation Authority

4.6.43 Seafarers Safety, Rehabilitation and Compensation Authority (Seacare Authority) oversees a national scheme of occupational health and safety and worker’s’ compensation arrangements for defined seafarers. Seacare Authority administers the Seafarers Safety Net Fund that acts in the place of an employer if a default event occurs, enabling employees to lodge a claim event when there is no employer to lodge against.

Audit results

4.6.44 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Emphasis of matter

4.6.45 The auditor’s report for Seacare Authority’s 2022–23 financial statements included an emphasis of matter paragraph to draw the attention of users to the notes to the financial statements. The Overview – Insurance coverage and review of the Seacare Scheme note states that Seacare Authority has not been able to negotiate insurance for the Seafarers Safety Net Fund (the Fund) from an authorised insurer beyond 31 March 2022 in accordance with the requirements of section 102(1) of the Seafarers Act 1992 (Seafarers Act).

4.6.46 As stated in the Overview note, along with other matters set forth in the note, if Seacare Authority does not hold insurance for the Fund but the Fund becomes liable to pay compensation under the Seafarers Act, of any quantum:

• Seacare Authority will be required to pay the compensation from the available assets of the Fund; and
• any liability that cannot be met from the available assets of the Fund, Seacare Authority will be responsible for coordinating the settlement of the remaining liability.

4.6.47 The note also states that because Seacare Authority does not have a legal personality separate to the Commonwealth, any liability to pay compensation will ultimately be the Commonwealth’s liability.

4.7 Finance portfolio

Portfolio overview

4.7.1 The Finance portfolio is responsible for a range of finance-related functions, including providing the Australian Government with budget policy advice, superannuation arrangements for government employees, deregulation policy, data and digital policy and services and asset sales.

4.7.2 Table 4.7.1 identifies material and other entities specifically mentioned in this section.

4.7.3 Figure 4.7.1 shows the Finance portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³⁵

Figure 4.7.1:  Finance portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.7.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.7.2 provides a summary of those audit differences that relate to entities within the Finance portfolio.

Table 4.7.2: The number of audit differences for entities in the Finance portfolio

Note a: The current year adjustments include adjustments identified in 2022–23 that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Finance portfolio.

4.7.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Finance, and findings for other material entities and non-material entities in the portfolio.

Department of Finance

4.7.6 The Department of Finance (Finance) is responsible for supporting the government’s budget process and the development and implementation of the government’s regulatory frameworks for public sector resource management, governance and accountability. Finance is also responsible for the preparation of the consolidated financial statements of the Australian Government, which includes the whole-of-government and the general government sector financial statements and the Australian Government’s financial outcome. Finance provides shared services through the Service Delivery Office.

Summary of financial performance

4.7.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Finance (as outlined in Table 4.7.3 and Table 4.7.4 ) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.7.3: Key departmental financial statements items

Source: Finance’s audited financial statements for the year ended 30 June 2023.

4.7.8 The $259.5 million increase in Finance’s net cost of services is partly due to the write down of non-financial assets of $106.1 million due to the downward revaluation of investment properties during 2022–23. In addition, there were increases in the following items in 2022–23 compared to 2021–22.

• Employee benefits expenses increased by $29.4 million, primarily due to the machinery of government changes (MoG) from 1 July 2022 with Deregulation, the Office of the National Data Commissioner and Data and Digital policy functions transferred to Finance from the Department of the Prime Minister and Cabinet (PM&C).
• Supplier expenses increased by $47.4 million, primarily due to the recognition of the Perth Centre of National Resilience potable water pipeline project and other costs incurred, such as preliminary work for the National Security Office Precinct (NSOP).
• Insurance claims expenses increased by $24.3 million. Comcover is the Australian Government’s self-managed general insurance fund and is reported by Finance. The increase is attributable to changes in claims experience and increases in key economic assumptions such as higher inflation forecasts and delays in the settlement of some claims.
• Depreciation and amortisation expenses increased by $20.6 million, attributable to the commencement of depreciation on the three Centres of National Resilience.

4.7.9 The increase in revenue from government of $60.9 million is primarily due to additional funding related to the MoG transfer of functions from PM&C ($39.1 million), Comcover interest equivalency indexation ($20.1 million) and various budget measures, including for the NSOP project.

4.7.10 Total other comprehensive income primarily relates to land and buildings valuation increases of $62.7 million, attributable to increased costs of specialised assets such as the Centres of National Resilience and the Post-Entry Quarantine Facility, due to increases in estimated construction costs.

4.7.11 The decrease in total assets of $142.9 million reflects the impact of the following significant movements:

• decrease of $272.6 million relating to special account cash held within the official public account (OPA), primarily due to the completion of property projects, including the Centres of National Resilience;
• increase of $215.3 million in land and buildings, reflecting the completion of the Centres of National Resilience and valuation increases; and
• decrease of $95.1 million in investment property, reflecting the valuation decreases.

4.7.12 Total liabilities increased by $50.4 million as a result of the following significant movements:

• decrease of $70.5 million in trade creditors and accruals, which were higher in 2021–22 due to the stage of construction of the Centres of National Resilience; and
• increase of $124.7 million due to a higher Comcover insurance claims provision, reflecting the factors described in paragraph 4.7.8.

Table 4.7.4: Key administered financial statements items

Source: Finance’s audited financial statements for the year ended 30 June 2023.

4.7.13 Total expenses were $158.9 million higher mainly due an increase in the superannuation expense of $819.7 million, due to a higher interest expenses for 2022–23 compared to 2021–22. This increase was offset by:

• no losses on financial investments compared to $610.0 million of losses expensed in 2021–22, reflecting market returns; and
• lower investment fund distributions incurred by Finance of $113.6 million, reflecting market returns.

4.7.14 Total income increased by $1.4 billion mainly due to gains on investment funds compared to no gains in 2021–22, reflecting improved market returns.

4.7.15 The increase in total assets of $1.9 billion mainly relates to an increase in investment funds arising from increased valuations which reflect market returns.

4.7.16 Total liabilities decreased by $6.7 billion primarily due to a reduction in the superannuation provision of $6.0 billion driven by an increase in the discount rates applied to the valuation of the provision.

Key areas of financial risk

4.7.17 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Finance’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.7.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.7.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Finance’s audited financial statements for the year ended 30 June 2023.

Audit results

4.7.18 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.7.6: Status of audit findings

Note a: The moderate audit finding relating to User terminations was identified as part of the 2022–23 interim audit. This finding was previously reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.7.19 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Finance’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Removal of user access

4.7.20 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.7.21 During the 2022–23 interim audit, the ANAO identified a number of user accounts that retained access after the user’s termination date, including users that are Members of Parliament (Staff) Act 1984 (MoP(S) Act) employees and contractors. Finance advised this was due to late notification from business areas. The ANAO found instances where users accessed the system after the termination date that were undetected by Finance. Finance performs monthly checks to detect, and investigate, if users have accessed the system after their employment cessation. However, this procedure did not include all user groups.

4.7.22 The ANAO recommended that Finance implement controls to improve the timeliness of the notification from business areas and extend existing controls to detect and investigate any post termination access for all user groups.

4.7.23 In June 2023, Finance leveraged the existing internal control framework, which was designed to detect and correct post-termination logons, to target the two user groups involved in the ANAO’s audit finding: MoP(S) Act staff and contractors. The ANAO tested the design and implementation of the revised controls. As a result of the action taken by Finance this finding has been downgraded to a minor audit finding at the conclusion of the 2022–23 final audit.

Other matters

Costs of the legal dispute concerning the Commonwealth and Dr Monique Ryan MP

4.7.24 The Auditor-General responded on 6 April 2023 to correspondence from Senator Andrew Bragg dated 8 March 2023, requesting that the Auditor-General conduct an investigation into the costs of the legal dispute concerning the Commonwealth and Dr Monique Ryan MP, relating to an employment matter under the MoP(S) Act.

4.7.25 The Auditor-General advised that “payments made by the Commonwealth, including in relation to legal matters, are subject to financial audit by the ANAO. In the course of our 2022–23 financial statements audit of the Department of Finance, we will make enquiries regarding the matters identified in your letter. The Department of Finance’s responses will inform my consideration of whether to conduct further audit or assurance activity.”

4.7.26 Further correspondence was received from Senator Bragg dated 18 April 2023, requesting a timeline for finalisation of the 2022–23 financial statements audit of the Department of Finance. The Auditor-General responded on 11 May 2023 to advise that the results of the financial statements audits of all Australian Government Entities, including the Department of Finance, will be in this report to the Parliament.

4.7.27 The ANAO undertook enquiries and performed testing over selected transactions relating to this matter. The ANAO confirmed the relevant requirements and processes that apply to these types of matters include.

• Finance manages Comcover, a self-managed scheme, that provides insurance cover to General Government Sector Commonwealth entities, for all normally insurable risks (excluding Comcare worker’s compensation) and other specific risks.
• Comcover covers workplace claims brought against the Commonwealth by Commonwealth staff, including staff employed under the Members of Parliament (Staff) Act 1984 (MoP(S) Act).
• Finance’s Comcover claims management processes are governed by the Legal Services Directions 2017, Public Governance, Performance and Accountability Act 2013 (PGPA Act) and other relevant laws. As part of the management of claims, external legal advice and representation is sought from legal service providers procured from the Whole of Government Legal Services Panel.
• If required, members’ representation is managed and funded separately via insurance cover provided under the Parliamentary Business Resources (PBR) framework including the Parliamentary Business Resources Act 2017. The Ministerial & Parliamentary Services branch within Finance arrange that separate parliamentarian insurance cover using the approved, whole of government insurance broker.

4.7.28 Based on the testing performed by the ANAO, the payments made by the Commonwealth were in accordance with the relevant legislative frameworks and no control deficiencies or instances of non-compliance were identified.

Waiver of debts owed to the Commonwealth by certain current and former members of the Parliamentary Standing Committee on Petitions

4.7.29 During 2021–22 Finance was informed by the Department of the House of Representatives of non-compliance with statutory conditions on the payment of allowances to certain members of the Parliamentary Standing Committee on Petitions (the Committee).

4.7.30 The non-compliance arose due to the Committee members being incorrectly paid allowances as position holders under the Remuneration Tribunal (Members of Parliament) Determination 2022 (the Determination), and previous Remuneration Tribunal Determinations. Legal advice obtained by Finance found that the Committee does not fall under Schedule A of the Determination and as such, payment of allowances to the Chairs and Deputy Chairs was not authorised. The advice also provided that all such payments since the commencement of the Committee, made under previous determinations, are similarly affected. The non-compliance related to four current and five former members of the Committee, over a period commencing in 2008. As a result, a debt of $432,295.97 to the Commonwealth was calculated and recognised in Finance’s administered financial statements at 30 June 2022.

4.7.31 During 2022–23, the Department of the House of Representatives advised that it was not economical to pursue the debts and instead wrote the Department of Finance seeking a waiver under section 63 of the Public, Governance Performance and Accountability Act 2013. Finance supported this request in the recommendation made to the Special Minister of State. The recommendation to authorise the waiver was based on the following considerations:

(a) The amounts paid to members were based on the Department of the House of Representatives’ incorrect understanding that the Petitions Committee came within the Determination. Advice from the Remuneration Tribunal was that the Department administering the payments would be best placed to assess whether the Committee fell within the Determination.

i. Given the above advice, it is not obvious the MPs [members of Parliament] should have known that they were not entitled to the allowances they have been paid.

ii. As it was the responsibility of the Department of the House of Representatives to determine whether the Committee fell within the Determination, it is not apparent that the MPs should have taken action to clarify their entitlement to the allowance.

iii. Payment of allowances was ceased following the receipt of the legal advice.

(b) There is no dispute that the MPs engaged with the work of the Committee, and that they did so in good faith on the understanding such work attracted the allowance.

(c) Pursuit of the debts is likely to have an inequitable impact on individual MPs as:

i. Debts go back to the commencement of the Petitions Committee in 2008, which is beyond most state and territory statutory limitation periods meaning only some of the debts are likely to be legally recoverable.

ii. The legal advice notes that superannuation funds strongly resist action to recover overpaid contributions.

4.7.32 In June 2023, the Special Minister of State agreed to the waiver of the debt under section 63(1) of the PGPA Act.

4.7.33 The nine individuals were advised of the decision in writing in August 2023. The Department of the House of Representatives and Finance advised the ANAO that only two individuals were advised verbally of the debts and their subsequent waiver prior to the written correspondence.

ASC Pty Ltd

4.7.34 ASC Pty Ltd (ASC) supports Australia’s naval capabilities. ASC was the builder of Australia’s fleet of Collins class submarines for the Royal Australian Navy and is responsible for the ongoing design enhancements, maintenance and support of the submarines through the In Service Support Contract (ISSC).

4.7.35 ASC is part of the Alliance Based Target Incentive Agreement (ABTIA) that delivered three Air Warfare Destroyers for the Royal Australian Navy. The other members of ABTIA include the Commonwealth of Australia represented by the Department of Defence and Raytheon Australia as the mission systems integrator

4.7.36 ASC is contracted to the Australian Government to deliver the Sovereign Shipbuilding Talent Pool to retain, grow and develop the shipbuilding workforce impacted by the Attack Class submarine decision.

Summary of financial performance

4.7.37 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ASC (as outlined in Table 4.7.7 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.7.7: Key financial statements items

Source: ASC’s audited financial statements for the year ended 30 June 2023.

4.7.38 The $192.1 million increase in revenue is primarily due to changes in the scope of some of the contracts ASC has in relation to the Collins Class Submarine and related activities.

4.7.39 The $194.4 million increase in expenses relates to a combination of increase in the employees, material and sub-contractor expenditure due to the changes in scope of contracts held by ASC (refer to paragraph 4.7.38).

4.7.40 The increase in total assets attributable to the:

• increased level of operations of ASC in undertaking its contract works for the Collins Class Submarines during 2022–23; and
• an increase capitalisation of intangible costs due to ASC’s digital transformation project.

4.7.41 The increase in total liabilities is commensurate with the increase in operations during 2022–23 (refer to paragraph 4.7.40).

Key areas of financial risk

4.7.42 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ASC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.7.8.

Table 4.7.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ASC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.7.43 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Naval Infrastructure Pty Ltd

4.7.44 Australian Naval Infrastructure Pty Ltd (ANI) was established to acquire, hold, manage and develop the infrastructure and related facilities used for the Commonwealth’s ongoing Naval Shipbuilding Plan. The infrastructure held by ANI at Osborne in South Australia is used by Luerssen Australia Pty Ltd for the construction of two offshore patrol vessels, BAE Systems Maritime Australia for the Hunter Class Frigate program, and ASC Pty Ltd for maintenance of the Collins class submarines under contract arrangements with the Commonwealth, represented by the Department of Defence.

4.7.45 ANI is a proprietary company limited by shares registered under the Corporations Act 2001. The Commonwealth represented by the Minister for Finance and Minister for Defence as Shareholder Ministers, wholly own all of ANI’s share capital.

Summary of financial performance

4.7.46 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ANI (as outlined in Table 4.7.9 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.7.9: Key financial statements items

Source: ANI’s audited financial statements for the year ended 30 June 2023.

4.7.47 Total expenses decreased by $320.0 million primarily due to the inclusion of impairment loss of $307.0 million in 2021–22. The impairment related to ANI’s Osborne North Development Project following the Australian Government’s decision not to proceed with the Attack Class Submarine Program. During 2022–23, ANI realised cash flows of $1.3 million relating to assets that were previously impaired during 2021–22. This reversal of impairment is reflected in ANI’s Profit or Loss for 2022–23.

4.7.48 The $103.7 million increase in total assets was primarily due to the assessments undertaken by the independent valuer in the change in the useful lives of the assets and increased costs of construction.

Key areas of financial risk

4.7.49 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ANI’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.7.10.

Table 4.7.10: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ANI’s audited financial statements for the year ended 30 June 2023.

Audit results

4.7.50 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Future Fund Management Agency

4.7.51 The Future Fund Board of Guardians, supported by the Future Fund Management Agency (together the Future Fund), is responsible for investing the assets of the Future Fund under the Future Fund Act 2006, and other investment funds, managed on behalf of the Department of Finance. The investment of the funds is managed under the Disability Care Australia Fund Act 2013; the Medical Research Future Fund Act 2015; the Aboriginal and Torres Strait Islander Land and Sea Future Fund Act 2018; the Future Drought Fund Act 2019; and the Emergency Response Fund Amendment (Disaster Ready Fund) Act 2022 as a means to provide financing sources for substantial future investments in the Australian economy.

Summary of financial performance

4.7.52 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by the Future Fund (as outlined in Table 4.7.11 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.7.11: Key financial statements items

Source: Future Fund’s audited financial statements for the year ended 30 June 2023.

4.7.53 The surplus for 2022–23 was primarily due to fair value gains on financial instruments totalling $6.3 billion, compared to fair value losses of $10.3 billion on financial instruments in the previous year.

4.7.54 The fair value gain was driven by increased earnings on interest-bearing securities as a result of higher interest rates. Public and private market investments also improved due to improved investment performance which also contributed to the fair value gain.

4.7.55 The improved investment performance is also the primary driver of the $9.8 billion increase in total assets.

4.7.56 The $1.9 billion decrease in total liabilities was due to a reduction in value of currency contracts held by the Future Fund for hedging movements in foreign exchange rates.

Key areas of financial risk

4.7.57 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the Future Fund’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.7.12 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.7.12: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Future Fund’s audited financial statements for the year ended 30 June 2023.

Audit results

4.7.58 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Commonwealth Superannuation Corporation

4.7.59 The objective of Commonwealth Superannuation Corporation (CSC) is to provide retirement and insurance benefits for scheme members and beneficiaries, including past, present and future employees of the Australian Government and other eligible employers and members of the Australian Defence Force, through investment and administration of their superannuation funds and schemes.

New moderate audit finding

User access review

4.7.60 During our testing of user access the ANAO noted the user listings being reviewed were not complete; instances where responses regarding access were not received from business areas, instances of where individuals reviewed their own access; and instances of corrective amendments not being performed. The failure to effectively perform periodic comprehensive reviews of user access increases the risk of users retaining inappropriate access to systems and potentially performing unauthorised transactions.

4.7.61 The ANAO has recommended implementing a control where listings used in the review are checked, enhancing existing controls for management to verify that reviews are performed and signed-off for all users included in the review, ensuring the review is performed with proper segregation of duties and implementing a control for management to assess the exposure risk for accounts identified for revocation or amendments in addition to attending to the access amendments. CSC has agreed with the finding and proposed a set of actions to strengthen their internal controls.

4.8 Foreign Affairs and Trade portfolio

Portfolio overview

4.8.1 The Foreign Affairs and Trade portfolio is responsible for delivering a global network of embassies and missions and international affairs policy capability to support Australia’s interests and influence abroad. The portfolio is comprised of five entities in addition to the Department of Foreign Affairs and Trade and works in partnership across government to promote a stable and prosperous regional and global environment.

4.8.2 Table 4.8.1 identifies material entities specifically mentioned in this chapter.

Table 4.8.1: Foreign Affairs and Trade portfolio material entities discussed in this section

4.8.3 Figure 4.8.1 shows the Foreign Affairs and Trade portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³⁶

Figure 4.8.1:  Foreign Affairs and Trade portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.8.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.8.2 provides a summary of those audit differences that relate to entities within the Foreign Affairs and Trade portfolio.

Table 4.8.2: The number of audit differences for entities in the Foreign Affairs and Trade portfolio

Note a: The adjustments include adjustments identified in period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Foreign Affairs and Trade portfolio.

4.8.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Foreign Affairs and Trade, and findings for other material entities in the portfolio.

Department of Foreign Affairs and Trade

4.8.6 The Department of Foreign Affairs and Trade (DFAT) is responsible for the administration of Australia’s foreign, trade, international development and international security policies.

Summary of financial performance

4.8.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by DFAT (as outlined in Table 4.8.3 and Table 4.8.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.8.3: Key departmental financial statements items

Source: DFAT’s audited financial statements for the year ended 30 June 2023.

4.8.8 Total expenses have increased due to:

• an increase in staffing levels at DFAT’s overseas posts and employee-related expenses as international staff postings returned to pre-COVID levels; and
• increased passport expenses as the volume of passports processed increased during the year.

4.8.9 Total revenue has increased due to additional appropriation funding received to fund the increase in the volume of passport applications.

Table 4.8.4: Key administered financial statements items

Source: DFAT’s audited financial statements for the year ended 30 June 2023.

4.8.10 The increase in expenses is primarily attributed to $218.6 million of additional funding received to administer new and existing international development assistance payments and multilateral grant replenishments.

4.8.11 Total income has increased due to an increase in the volume of passports processed during the year.

4.8.12 Assets decreased largely due to a downwards revaluation of $330.0 on multilateral investments due to substantial increases in the discount rate and foreign exchange rates applied in deriving the fair value of investments at reporting date.

4.8.13 Liabilities have increased primarily due to the revaluation of multilateral payables, largely due to new commitments to the International Development Assistance and Asian Development Fund multilateral contributions.

Key areas of financial risk

4.8.14 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DFAT’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.8.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.8.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DFAT’s audited financial statements for the year ended 30 June 2023.

4.8.15 Auditor-General Report No. 9 2022–23 Management of Cyber Security Supply Chain Risks was tabled during 2022–23 relevant to the administration of DFAT.

4.8.16 While this report did not include recommendations regarding risks to DFAT’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures.

Audit results

4.8.17 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.8.6: Status of audit findings

Source: ANAO 2022–23 audit results.

4.8.18 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that DFAT’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Administration of international development assistance payments

4.8.19 The international development assistance funding is highly decentralised across numerous geographies, covering various industry sectors. Operating across different geographic and legal jurisdictions increases the complexity of the program governance, as different programs and regions present unique challenges and risks, including potentially increased risks of fraud, bribery and corruption.

4.8.20 DFAT has a centralised framework in place that underpins the Official Development Assistance (ODA) program, which includes the international development assistance programs. This is supplemented by additional processes and controls that are implemented at a post or program level that are designed to specifically respond to the risks and circumstances affecting that particular region, industry sector or program.

4.8.21 During the audit, it was identified that there is an inconsistent application of DFAT’s centralised framework for administrating international development assistance payments across individual programs. Specifically, there are varying degrees of validation conducted by DFAT staff with respect to payments for cost reimbursements. This increased the risk that payments may be made for goods or services not received.

4.8.22 ANAO recommended that DFAT revise its guidelines and implement additional controls to mitigate the identified risks to an acceptable level. Management has agreed with ANAO’s recommendations.

Export Finance Australia

4.8.23 Export Finance Australia (EFA) provides financing solutions for Australian exporters and interests, including overseas infrastructure development that delivers benefits to Australia.

Summary of financial performance

4.8.24 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by EFA. These have been split to provide detail on the commercial account (see Table 4.8.7) and the National Interest Account (NIA, as outlined in Table 4.8.8) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.8.7: Key financial statements items (Commercial account)

Source: EFA’s audited financial statements for the year ended 30 June 2023.

4.8.25 The increase in net interest income of $5.7 million is largely due higher interest rates on the investment of EFA’s capital reserves.

4.8.26 The $11.9 million increase in other income is largely due to increased activity in loans and guarantees provided by EFA.

4.8.27 The increase in other expenses relates primarily to additional operating costs such as salaries and leave of $6.7 million and professional fees of $3.0 million.

4.8.28 The other comprehensive income in the prior year relates to the revaluation of property plant and equipment which is undertaken every three years.

Table 4.8.8: Key financial statements items (National Interest Account)

Source: EFA’s audited financial statements for the year ended 30 June 2023.

4.8.29 The movement from a surplus to a deficit is due to net interest income losses increasing by $58.0 million. The Australian Government provided a financing package to support Telstra’s acquisition of Digicel Pacific in July 2022. The financing package provided to Telstra by the NIA is fully funded by debt held by the NIA for which the interest expenses are recorded. NIA holds a portion of the financing package as convertible notes from Digicel Pacific which does not attract interest income

Key areas of financial risk

4.8.30 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the EFA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.8.9.

Table 4.8.9: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and EFA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.8.31 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

4.9 Health and Aged Care portfolio

Portfolio overview

4.9.1 The Health and Aged Care portfolio works towards achieving better health and wellbeing for all Australians, now and for future generations.

4.9.2 Table 4.9.1 identifies material entities specifically mentioned in this section.

4.9.3 Figure 4.9.1 shows the Health and Aged Care portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³⁷

Figure 4.9.1:  Health and Aged Care portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.9.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.158, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.9.2 provides a summary of those audit differences that relate to entities within the Health and Aged Care portfolio.

Table 4.9.2: The number of audit differences for entities in the Health and Aged Care portfolio

Note a: The adjustments include adjustments identified in period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Health and Aged Care portfolio.

4.9.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Health and Aged Care, and findings for other material entities in the portfolio.

Department of Health and Aged Care

4.9.6 The Department of Health and Aged Care (DoHAC) is responsible for achieving the Australian Government’s health outcomes in the areas of health system policy, design and innovation; health access and support services; sport and recreation; individual health benefits; regulation, safety and protection; and ageing and aged care. This includes administering programs and services, such as Medicare and the Pharmaceutical Benefits Scheme, and forming partnerships with the states and territories, as well as other stakeholders.

Summary of financial performance

4.9.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by the DoHAC (as outlined in Table 4.9.3 and Table 4.9.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.9.3: Key departmental financial statements items

Source: DoHAC’s audited financial statements for the year ended 30 June 2023.

4.9.8 The increase in total assets was primarily due to additions of $179.4 million to internally generated computer software in 2022–23. The additions included software supporting aged care programs including the star rating for residential aged care, risk based targeting and information sharing system and the government provider management system.

Table 4.9.4: Key administered financial statements items

Source: DoHAC’s audited financial statements for the year ended 30 June 2023.

4.9.9 Total expenses increased by $1.5 billion largely due to the increase in aged care subsidies. The increase in subsidies is a result of the implementation of recommendations from the Royal Commission into Aged Care Quality and Safety and the indexation of subsidies and supplements.

4.9.10 Total income increased by $2.8 billion largely due to higher revenue appropriated via the Medicare Guarantee Fund (Health) Special Account to facilitate payments for medical and pharmaceutical benefits.

4.9.11 The increase in total assets of $3.3 billion is primarily due to a $2.4 billion increase in cash and cash equivalents due to a difference in the timing between the availability of funds and the payment of claims from the Medicare Guarantee Fund (Health) Special Account.

Key areas of financial risk

4.9.12 In light of the key areas of risk and the ANAO’s understanding of the operations of DoHAC, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.9.13 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the DoHAC’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.9.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.9.5: Key areas of financial statements risk

Note a: Further information regarding these weaknesses can be found in Paragraph 4.15.70 to 4.15.75 relation to Services Australia.

Source: ANAO 2022–23 audit results, and DoHAC’s audited financial statements for the year ended 30 June 2023.

4.9.14 The following performance audit reports were tabled during 2022–23 relevant to the financial management and administration of DoHAC:

• Auditor-General Report No. 3 2022–23 Australia’s COVID-19 Vaccine Rollout
• Auditor-General Report No. 10 2022–23 Expansion of Telehealth Services
• Auditor-General Report No. 31 2022–23 Administration of the Community Health and Hospitals Program

4.9.15 Auditor-General Report No. 10 2022–23 Expansion of Telehealth Services reported the failure of DoHAC to identify and manage the legal risks associated with the temporary policy measure. The ANAO recommended DoHAC develop procedures that ensure proposed material changes to the Medicare Benefits Schedule are subject to a structured and documented risk assessment that covers implementation, integrity and other risks.

4.9.16 The observations in this report were considered in designing audit procedures to address the risk associated with the accuracy of personal benefits. A significant legislative breach has been reported by the ANAO in relation to DoHAC’s compliance with Section 83 of the Constitution. Further information regarding this finding is detailed at paragraph 4.9.21 below.

4.9.17 Auditor-General Report No. 31 2022–23 Administration of the Community Health and Hospitals Program found that DoHAC’s administration of the Community Health and Hospitals Program (CHHP) was ineffective and fell short of ethical requirements. The report also found DoHAC did not develop grant opportunity guidelines for seven of 108 CHHP grants, and in at least three instances this represented a deliberate decision by senior management to not comply with finance law. DoHAC have disclosed the significant non-compliance with finance law in the Annual Report for 2022–23.

4.9.18 The observations in this report were considered in designing audit procedures to address the risk associated with the occurrence and accuracy of grants expenses.

Audit results

4.9.19 The following table summarises the status of audit findings reported by the ANAO in 202122 and 2022–23.

Table 4.9.6: Status of audit findings

Note a The moderate audit finding, relating to Impairment of administered inventory, was identified as part of the 2021–22 final audit. This finding was previously reported in Auditor-General Report No. 8 2022–23 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2022.

Source: ANAO 2022–23 audit results.

4.9.20 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that the DoHAC’s 2022–23 financial statements were not materially misstated.

New significant legislative breach

Legislative compliance – potential breaches of section 83 of the Constitution

4.9.21 Section 83 of the Constitution provides that no money shall be drawn from the Treasury of the Commonwealth except under an appropriation made by the law.

4.9.22 DoHAC has primary responsibility for administering legislation related to health care. In 2022–23 payments totalling approximately $76.2 billion were authorised against special appropriations, including special accounts, by DoHAC in accordance with a range of complex legislation.

4.9.23 The financial statements for DoHAC for the year ended 30 June 2023 make reference in the Overview section to potential breaches of section 83 of the Constitution in relation to:

• payments of the residential aged care subsidies in accordance with the Aged Care Act 1997;
• Medicare Easyclaims processed in accordance with the Health Insurance Act 1973;
• the assignment of Medicare benefit process, including verbal assignment of Medicare benefits, for payment of benefits in accordance with the Health Insurance Act 1973; and
• services rendered by midwives that did meet statutory requirements to provide, or make referrals for, services eligible for Medicare benefit in accordance with Health Insurance Act 1973.

4.9.24 DoHAC has included in its Annual Report a statement of the significant issues reported to the Minister for Health and Aged Care during the reporting period that relate to the significant non-compliance with the finance law.

New significant audit finding

Governance – legislative compliance, legal matters and legal advice

4.9.25 As part of the financial statements audit process, the ANAO requests that DoHAC provides access to all information, such as records and documentation and other matters, of which DoHAC is aware that is relevant to the preparation of the financial statements and additional information that the ANAO requests from DoHAC for the purpose of the audit.

4.9.26 The request includes that DoHAC has disclosed to the ANAO all known instances of non-compliance or suspected non-compliance with laws and regulations, whose effects should be considered in the preparation of DoHAC’s financial statements. This includes all known potential and actual breaches of section 83 of the Constitution.

4.9.27 The ANAO was provided with evidence that legal advice was sought by Services Australia and DoHAC regarding the payment of residential aged care subsidies in August 2022. This advice was not considered by DoHAC in the preparation of the 2021–22 financial statements. The ANAO was not advised that this advice had been sought by Services Australia on behalf of DoHAC.

4.9.28 Potential breaches of the Constitution have been reported in the 2022–23 financial statements in relation to this program.

4.9.29 This weakness in internal control increases the risk that matters that may affect the financial statements are not appropriately considered in the preparation of the financial statements.

4.9.30 In relation to legislative requirements, DoHAC should:

• conduct a risk assessment of programs in relation to compliance with legislative requirements, including section 83 breaches;
• for those programs identified at higher risk of non-compliance with legislative requirements, conduct further work to ensure payments to recipients are compliant;
• improve the system of control to identify, assess and report on non-compliance with legislative requirements including reporting of significant breaches to the Minister in accordance with Resource Management Guide 214 Notification of significant non-compliance with the finance law; and
• identify and develop further legislative changes to address situations where amendment to relevant legislation is the most appropriate response to a particular circumstance.

4.9.31 In relation to broader legal matters and legal advice, DoHAC should:

• implement a requirement on departmental officers to advise DoHAC’s Legal and Assurance Division when advice is received about Health and Aged Care’s portfolio legislation from another Commonwealth entity;
• formalise regular meetings between DoHAC and Service Australia to ensure DoHAC is made aware of all legal matters and advice received relating to areas of portfolio responsibility;
• improve systems of control to ensure legal matters and legal advice received is communicated to the Chief Financial Officer and is assessed for impact on the financial statements; and
• communicate legal matters and legal advice received to the ANAO on a regular basis.

New moderate audit finding

Commonwealth Home Support Programme – Compliance Program

4.9.32 The Commonwealth Home Support Programme (CHSP) supports older Australians with complex needs to stay at home and access affordable and coordinated care services such as light gardening, bathing, nursing, health therapies and meal preparation. At 30 June 2023, the subsidies reported in connection with home care packages totalled $5.2 billion.

4.9.33 There are three parties involved in the delivery of the CHSP:

• DoHAC reviews the program to ensure that it continues to meet the changing needs of Australia;
• Services Australia administers payments to providers, adjusting fee, subsidy and supplement rates and provides online claiming services for providers; and
• the Aged Care Quality and Safety Commission assesses and monitors home care services to makes sure they meet quality standards and resolves complaints concerning these services.

4.9.34 In 2021–22, the ANAO reported a minor audit finding in relation to the CHSP compliance program. The ANAO recommended that DoHAC, in conjunction with the other entities involved in the delivery of the CHSP, agree and document the roles and responsibilities of each entity in relation to the CHSP.

4.9.35 As part of the 2022–23 audit the ANAO continued to assess the processes implemented by management in response to the minor audit finding raised. Sufficient progress had not been made by DoHAC to address the weaknesses identified. As a result, the ANAO upgraded this finding.

4.9.36 In the absence of effective monitoring controls, there is an increased risk that payments made are not appropriate and are not in accordance with the Aged Care Act 1997.

4.9.37 DoHAC has advised that the roles and responsibilities are expected to be baselined by 31 December 2023. The ANAO will assess the progress made as part of the 2023–24 financial statements audit.

Resolved moderate audit finding

Impairment of administered inventory

4.9.38 During the stocktaking conducted for the National Medical Stockpile (NMS) during 2021–22, DoHAC identified errors associated with the expiry date of NMS items. Due to the errors identified, management completed additional assurance activities to confirm the appropriateness of the carrying value of inventory as at 30 June 2022.

4.9.39 The ANAO recommended that DoHAC implement an activity to provide assurance that the impairment status of inventory is accurate and to incorporate expiry date adjustments as part of the cycle count process. The ANAO also recommended that DoHAC consider developing an allowance for impairment based on a consumption forecast model, focusing on inventory categories that are likely to expire before they are consumed.

4.9.40 During 2022–23 DoHAC completed a remediation program to verify the accuracy of expiry date data across the NMS. The activity included the inspection of the physical expiry dates on national medical stockpile packaging to comparing this against the data recorded for each item, to either verify the accuracy of existing data.

4.9.41 DoHAC also considered the development of an allowance for impairment based on a consumption forecast model, focusing on inventory categories that are likely to expire before they are consumed. DoHAC also investigated the feasibility of developing an impairment model but concluded that there is insufficient detail to create a model based on a consumption forecast approach.

4.9.42 As a result of the actions taken by DoHAC during 2022–23 this finding is now considered to be resolved.

National Blood Authority

4.9.43 The National Blood Authority (NBA) is responsible for securing the supply of safe and affordable blood products, including through national supply arrangements and coordination of best practice standards within agreed funding policies under the national blood arrangements.

Summary of financial performance

4.9.44 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by the NBA (as outlined in Table 4.9.7 and Table 4.9.8 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.9.7: Key departmental financial statements items

Source: NBA’s audited financial statements for the year ended 30 June 2023.

4.9.45 The increase of $2.0 million in the net cost of services and deficit primarily relates to:

• higher employee expenses of $1.3 million due to the recruitment of additional employees; and
• an increase of $0.7 million in supplier expenses due to increasing IT and contract costs.

Table 4.9.8: Key administered financial statements items

Source: NBA’s audited financial statements for the year ended 30 June 2023.

4.9.46 The increase of $150.2 million in total expenses and of $88.1 million in total income is due to a rise in demand for blood products.

4.9.47 The increase in total assets of $48.9 million and liabilities of $39.8 million reflects higher cash reserves and supplier payables at year end due to a change in the timing of payments made at the end of the financial year.

Key areas of financial risk

4.9.48 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the NBA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.9.9.

Table 4.9.9: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and the NBA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.9.49 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.9.10: Status of audit findings

Source: ANAO 2022–23 audit results.

4.9.50 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that the NBA’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Departmental and administered – classification and reporting

4.9.51 Since 2019–20, the NBA has been transferring monies from administered to departmental funds. The NBA advised the ANAO that the funds are transferred to recover costs for administered programs in relation to the delivery of the National Supply Plan that were borne by departmental funds. The incorrect classification or allocation of funding and expenditure between administered and departmental poses a risk to the integrity of the NBA’s financial statements

4.9.52 The ANAO has recommended that the NBA should prepare an accounting paper outlining its position for the transfer of funds, including seeking formal approval as required.

National Health and Medical Research Council

4.9.53 The National Health and Medical Research Council (NHMRC) is the Australian Government’s key entity for managing investment in, and integrity of, health and medical research. NHMRC is also responsible for developing health advice for the Australian community, health professionals and governments, and for providing advice on ethical practice in health care and in the conduct of health and medical research.

Summary of financial performance

4.9.54 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by the NHMRC (as outlined in Table 4.9.11 and Table 4.9.12 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.9.11: Key departmental financial statements items

Source: NHMRC’s audited financial statements for the year ended 30 June 2023.

4.9.55 The $3.6 million increase in the net cost of services is mainly due to:

• an increase in employee expenses of $2.5 million due to the conversion of labour hire contractors to internal staff; and
• a decrease in revenue from contracts with customers of $1.6 million due to fewer health programs operating.

4.9.56 Total assets decreased by $7.1 million due to a:

• reduction in in trade and other receivables of $3.2 million; and
• decrease in property, plant and equipment and intangibles balance of $3.6 million due to depreciation and amortisation exceeding new additions.

Table 4.9.12: Key administered financial statements items

Source: NHMRC’s audited financial statements for the year ended 30 June 2023.

4.9.57 Total assets increased by $56.1 million mainly to due to additional cash and cash equivalents of $55.5 million attributable to delays in grant rounds.

Key areas of financial risk

4.9.58 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the NHMRC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.9.13.

Table 4.9.13: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and the NHMRC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.9.59 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

4.10 Home Affairs portfolio

Portfolio overview

4.10.1 The Home Affairs portfolio brings together the functions of: counter-terrorism; cyber security policy and coordination; countering foreign interference; transport security; emergency management and critical infrastructure protection; border protection and the facilitation of legitimate trade and travel; immigration, citizenship and multicultural affairs; and natural disaster response and mitigation.

4.10.2 Table 4.10.1 identifies material entities specifically mentioned in this section.

Table 4.10.1: Home Affairs portfolio material and other entities discussed in this section

4.10.3 Figure 4.10.1 shows the Home Affairs portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³⁸

Figure 4.10.1:  Home Affairs portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.10.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.10.2 provides a summary of those audit differences that relate to entities within the Home Affairs portfolio.

Table 4.10.2: The number of audit differences for entities in the Home Affairs portfolio

Note a: The current year adjustments include adjustments identified in 2022–23 that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Home Affairs portfolio.

4.10.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Home Affairs and for other material entities in the portfolio.

Department of Home Affairs

4.10.6 The Department of Home Affairs is the lead entity in the portfolio and is responsible for central coordination, strategy and policy in relation to: cyber and critical infrastructure resilience and security; immigration, border security and management; and counter-terrorism. It also deals with the management and delivery of the migration, humanitarian and refugee programs, along with multicultural programs, citizenship and settlement services. The department includes the Australian Border Force, which is responsible for border, investigatory, compliance, detention (facilities and centres) and enforcement functions, as well as Australia’s customs functions. Considering the portfolio’s focus on national security, maintaining a high-integrity culture, including compliance, is critical.

4.10.7 On 1 June 2022, an Administrative Arrangements Order was issued by the Australian Government. As a result, a Machinery of Government (MoG) change occurred for Home Affairs, resulting in responsibility for law enforcement policy and cybercrime functions being transferred to the Attorney-General’s Department effective from 1 July 2022.

4.10.8 Following a letter from the Prime Minister on 30 June 2022, emergency management functions were transferred to the National Emergency Management Agency (NEMA). This was completed on 1 September 2022 following the order by the Governor-General to establish NEMA on 18 August 2022.

Summary of financial performance

4.10.9 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Home Affairs (as outlined in Table 4.10.3 and Table 4.10.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.10.3: Key departmental financial statements items

Source: Home Affairs’ audited financial statements for the year ended 30 June 2023.

4.10.10 The increase in the net cost of services is primarily the result:

• higher employee expenses due to the increases the staffing levels to increase visa processing capacity and salary increases in accordance with Home Affairs’ enterprise agreement; and
• increased supplier expenses largely due to higher costs of fuel and maintenance costs for vessels and the costs of offshore surveillance.

4.10.11 The increase was partially offset by an increase in revenue from contracts with customers including the recovery of costs for provision of corporate and IT services to other entities ($19.3 million), electronic travel approvals ($15.7 million), recovery of credit card merchant fees ($8.6 million) and document verification services ($8.6 million).

4.10.12 The decrease in total assets is primarily due to:

• a reduction in appropriation receivable of $245.7 million, which is consistent with Home Affairs’ increase in expenditure, transfer of prior year funding through Machinery of Government changes and use of prior year appropriations for capital expenditure; and
• a decrease in non-financial assets of $208.2 million. This decrease in non-financial assets is a result of depreciation expense of $578.6 million partly offset by computer software additions of $109.3 million, plant and equipment additions of $94.6 million and capitalisation of fit-out costs of $62.6 million associated with new leases, including a significant new office lease in Melbourne.

Table 4.10.4: Key administered financial statements items

Source: Home Affairs’ audited financial statements for the year ended 30 June 2023.

4.10.13 Total income has increased due to Australia’s borders being open to international visitors for the full 2022–23 financial year and the increased processing of the visa backlog. As a result, passenger movement charge revenue has increased by $648.5 million and visa application charge revenue has increased by $1.2 billion.

4.10.14 The decrease in administered expenses was largely driven by reductions in contract costs associated with offshore regional processing. During 2022–23, Home Affairs entered into a new service provider arrangement on Nauru whereby charges are determined based on activity levels.

Key areas of financial risk

4.10.15 In light of the key areas of risk and the ANAO’s understanding of the operations of Home Affairs, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.10.16 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Home Affairs’ financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.10.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.10.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Home Affairs’ audited financial statements for the year ended 30 June 2023.

Audit results

4.10.17 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.10.6:  Status of audit findings

Note a: The moderate audit finding, relating to User access removal, was identified as part of the 2022–23 interim audit. This finding was previously reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.10.18 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Home Affairs’ 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

User Access Removal

4.10.19 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.10.20 During the 2022–23 interim audit, the ANAO identified weaknesses in Home Affairs’ processes for reviewing and monitoring staff access and user activities performed by staff after they had ceased employment with Home Affairs. The weaknesses resulted in some contractors having access to Home Affairs’ systems, networks, and applications after ceasing employment with Home Affairs.

4.10.21 Home Affairs implemented controls in June 2023 to identify and investigate instances of unauthorised access where users have accessed the department’s networks after their exit date. As a result of the actions taken by Home Affairs the finding has been downgraded to a minor finding at the conclusion of the 2022–23 audit.

Australian Security Intelligence Organisation

4.10.22 The Australian Security Intelligence Organisation (ASIO) is responsible for protecting Australia, its people and its interest from threats to security through intelligence collection, assessment and advice to the government.

Summary of financial performance

4.10.23 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ASIO (as outlined in Table 4.10.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.10.7: Key financial statements items

Source: ASIO’s audited financial statements for the year ended 30 June 2023.

4.10.24 Revenue from government and net cost of services have both increased due to the impacts of additional funding for delivery of programs and projects.

4.10.25 Other comprehensive income and the total assets increased due to the revaluation of non-financial assets that occurred during the year.

Key areas of financial risk

4.10.26 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ASIO’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.10.8.

Table 4.10.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ASIO’s audited financial statements for the year ended 30 June 2023.

Audit results

4.10.27 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

4.11 Industry, Science and Resources portfolio

Portfolio overview

4.11.1 The Industry, Science and Resources portfolio is responsible for supporting a productive, resilient, and sustainable economy that is enriched by science and technology. It does this by growing innovative and competitive businesses, industries and regions, investing in science and technology and supporting a strong resources sector.

4.11.2 Table 4.11.1 identifies material entities specifically mentioned in this section.

4.11.3 Figure 4.11.1 shows the Industry, Science and Resources portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹³⁹

Figure 4.11.1:  Industry, Science and Resources portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.11.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.11.2 provides a summary of those audit differences that relate to entities within the Industry, Science and Resources portfolio.

Table 4.11.2: The number of audit differences for entities in the Industry, Science and Resources portfolio

Note a: The adjustments include adjustments identified in the period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Industry, Science and Resources portfolio.

4.11.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Industry, Science and Resources and for other material entities in the portfolio.

Department of Industry, Science and Resources

4.11.6 The Department of Industry, Science and Resources (Industry) is responsible for supporting a productive, resilient, and sustainable economy that is enriched by science and technology. It does this by growing innovative and competitive businesses, industries and regions, investing in science and technology and supporting a strong resources sector.

4.11.7 Industry offers a grants hub and shared services centre which provides other Commonwealth entities with administrative support including grants administration and payments processing; human resources and financial transactions processing and the provision of management information systems supporting these processes.

4.11.8 The Administered Arrangements Order (AAO) of 1 June 2022, transferred responsibility for climate change and energy from the Department of Industry, Science, Energy and Resources to the newly formed Department of Climate Change, Energy, the Environment and Water (DCCEEW). A subsequent AAO of 13 October 2022, transferred responsibilities for the Office of Supply Chain Resilience, the Critical Technologies Hub and the Digital Technology Taskforce from the Department of the Prime Minister and Cabinet to Industry.

Summary of financial performance

4.11.9 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Industry (as outlined in Table 4.11.3 and Table 4.11.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.11.3: Key departmental financial statements items

Source: Industry’s audited financial statements for the year ended 30 June 2023.

4.11.10 The reduction in net cost of services is primarily due to:

• decreases in employee benefit and supplier expenses relating to the transfer of employees, the associated expenses for contractors and consultants, and services and maintenance activities relating to functions that were transferred to DCCEEW;
• increase in revenue from contracts with customers related to Industry’s provision of shared services to other Australian Government entities;
• increases in revenue arising from the National Measurement Institute’s measurement services; and
• increases in Questacon membership and subscription fees due to the easing of restrictions associated with the COVID-19 pandemic.

4.11.11 Revenue from government decreased largely due to the transfer of funding to DCCEEW as a result of the machinery of government changes.

Table 4.11.4: Key administered financial statements items

Source: Industry’s audited financial statements for the year ended 30 June 2023.

4.11.12 The reduction in administered expenses of $1.7 billion was primarily due to decreases in:

• payments to three corporate Commonwealth entities that had been transferred to DCCEEW; and
• rehabilitation activity expenses that largely related to the remeasurement of the Northern Endeavour and Ranger uranium mine rehabilitation provisions which included reductions for payments made during the year. The prior year provision included the Northern Endeavour provision which was recognised for the first time in 2021–22.

4.11.13 The increase in other comprehensive income is driven by movements in the fair value of administered investments. The other comprehensive loss reported in 2021–22 related to the revaluation of the investment in Snowy Hydro Limited, which was transferred to DCCEEW in 2022–23 as part of the machinery of government changes and so did not occur this year.

4.11.14 The reduction of total assets was primarily due to administered investments relating to the transfer of portfolio entities and cash held in special accounts to DCCEEW due to MoG changes.

Key areas of financial risk

4.11.15 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Industry’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.11.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.11.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Industry’s audited financial statements for the year ended 30 June 2023.

4.11.16 The following performance audit reports were tabled during 2022–23 relevant to the financial management or administration of Industry:

• Auditor-General Report No. 1 2022–23 Award of Funding under the Building Better Regions Fund
• Auditor-General Report No. 19 2022–23 Procurement Complaints Handling

4.11.17 While the reports did not include recommendations regarding risks to Industry’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures. No significant changes were made to the designed audit procedures for the financial statements audit.

Audit results

4.11.18 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Nuclear Science and Technology Organisation

4.11.19 The Australian Nuclear Science and Technology Organisation (ANSTO) is Australia’s national nuclear research and development organisation. ANSTO operates Australia’s only multi-purpose nuclear reactor and the Australian Synchrotron, contributes to radiopharmaceutical production and supply, and conducts research into related areas of national priority, including human health, the environment and the nuclear fuel cycle. ANSTO also provide advice to government and other stakeholders on matters relating to nuclear science, technology and engineering.

Summary of financial performance

4.11.20 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ANSTO (as outlined in Table 4.11.6) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.11.6:  Key financial statements items

Source: ANSTO’s audited financial statements for the year ended 30 June 2023.

4.11.21 The net cost of services increased by $139.9 million mainly attributable to the valuation of the nuclear waste management and decommissioning provisions. In 2021–22 there were gains of approximately $212.3 million attributable to the remeasurement of these provisions due to changes in discount rates applied in the valuation (decrease in provisions), compared to gains of approximately $83.1 million in 2022–23. The valuation of these provisions are particularly sensitive to changes in underlying discount rates (refer to paragraph 4.11.23).

4.11.22 The change in total other comprehensive income and in total assets is due to the impact of a revaluation of non-financial assets undertaken in 2022–23. The result was to record a fair valuation increment in buildings and plant and equipment of $169.0 million. The fair valuation is undertaken periodically in accordance with ANSTO’s valuation policy and the relevant accounting standards. Given the specialist nature of ANSTO’s non-financial assets (nuclear medicine production and research facilities; and equipment) the valuation is undertaken on a depreciated replacement cost basis. The valuation increment was due to increases in estimated costs of construction, technological equipment and raw materials.

4.11.23 The decrease in total liabilities of $51.1 million mainly represented the changes in the value of nuclear waste management and decommissioning provisions which were remeasured at 30 June 2023:

• decommissioning costs of $502.9 million, representing the discounted present value of the expected costs to decommission ANSTO’s plant and equipment involved in nuclear processes. ANSTO estimate that the provision will be settled over the next 55 years.
• processing and storage of nuclear waste costs of $130.2 million related to the discounted present costs to handle the waste generated by ANSTO. ANSTO estimate that the provision will be settled over the next 16 years.

4.11.24 The decrease in the balance of these provisions reflects the impact of economic assumptions applied in the calculation, particularly the changes in the value of the discount rate applied in the calculation, which increased in line with Australian Government bond rates. An increase in the discount rate applied has the impact of decreasing the present value of liabilities. These provisions are assessed annually for financial reporting purposes, including a revision to nominal costs and other financing factors. Whilst the present value of the provision has decreased during the period due to the discount rate, the nominal cost of the activities was estimated to have increased by $7.2 million due to updated price and volume assumptions.

Key areas of financial risk

4.11.25 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ANSTO’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.11.7.

Table 4.11.7: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ANSTO’s audited financial statements for the year ended 30 June 2023.

Audit results

4.11.26 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.11.8: Status of audit findings

Note a: The moderate audit finding, relating to Removal of user access was first reported in Auditor-General Report No. 14 2020–21 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2021.

Source: ANAO 2022–23 audit results.

4.11.27 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that ANSTO’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

FMIS DEBUG privileged user access and monitoring of audit logs

4.11.28 Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others during the 2022–23 interim audit the ANAO identified weaknesses in ANSTO’s controls relating to the granting and monitoring of privileged user access to the Financial Management Information System (FMIS) in respect of DEBUG roles.

4.11.29 The ANAO identified that there were users with permanent access to the DEBUG role and there was no regular monitoring of logs of activities of these privileged users. The ANAO recommended that ANSTO remove permanent access to the DEBUG role, develop a policy to provide formalised temporary access to the role as a need arises and develop a monitoring and logging process.

4.11.30 ANSTO advised the ANAO that all permanent access to the debug role was removed for users in July 2023 and that existing policies and procedures for logging and monitoring of privileged users would be updated to include the DEBUG role.

4.11.31 The ANAO will confirm the implementation and effective operation of the monitoring of privileged user with access to the DEBUG role as part of the 2023–24 financial statements audit.

Resolved moderate audit finding

Removal of user access

4.11.32 During the 2020–21 audit the ANAO identified weaknesses in ANSTO’s controls relating to terminated users being removed. One employee’s user account was accessed after the termination date.

4.11.33 The ANAO identified a further instance of a user logging on post termination date during the 2021–22 audit. In response to this finding, ANSTO implemented a cessation process to track deactivation cases, particularly around year-end shut down or other periods of extended leave.

4.11.34 During 2022–23 ANSTO implemented further controls to identify terminated users and where retrospective user terminations may have been processed to confirm no systems were accessed during the intervening period before system access was ceased. The ANAO tested the design and operating effectiveness of these controls and identified no recurrence of users logging on post termination date.

4.11.35 Based on the implementation of the additional controls, this finding was considered resolved and closed during the 2022–23 interim audit phase.

ANSTO Nuclear Medicine Pty Ltd

4.11.36 ANSTO Nuclear Medicine Pty Ltd (ANM) is a subsidiary of ANSTO. ANM was established to own and operate two facilities at ANSTO’s Lucas Heights campus: the Molybdenum 99 (Mo-99) production facility and the Synroc waste management facility, which is under construction.

Audit results

4.11.37 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Emphasis of matter

4.11.38 The auditor’s report for ANM’s 2022–23 financial statements included an emphasis of matter paragraph to draw the attention of users to the notes of the financial statements which indicate that the financial statements were prepared on a non-going concern basis. The non-going concern basis of preparation is due to a decision of the Australian Government to transfer all operations, assets and liabilities of ANM to ANSTO and wind up ANM by 1 July 2024.

Commonwealth Scientific and Industrial Research Organisation

4.11.39 The primary functions of the Commonwealth Scientific and Industrial Research Organisation (CSIRO), as set out in the Science and Industry Research Act 1949, are to carry out scientific research and facilitate the application or utilisation of the results of such research. CSIRO is responsible for delivering innovative scientific and technology solutions to benefit industry, the environment and the community through scientific research and capability development, services and advice.

4.11.40 CSIRO has established an Innovation Fund, which consists of 28 subsidiaries, to invest in the development of early stage technology opportunities. CSIRO reports $771.1 million of investments from the twenty-eight entities that comprise the Innovation Fund. These entities include discretionary and unit trusts established to distribute returns, entities established as trustees or general partners of the trusts and entities that provide fund management and other services.

4.11.41 In addition to the Innovation Fund, the CSIRO also includes:

• the Science and Industry Endowment Fund (SIEF), which is a fund established under the Science and Industry Endowment Act 1926 for the purposes of providing assistance to students and persons engaged in scientific research, international subsidiaries in Chile and the United States of America; and
• the National ICT Australia Group, which includes a number of companies established to hold intellectual property and commercialise research.

Summary of financial performance

4.11.42 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by CSIRO (as outlined in Table 4.11.9) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.11.9: Key financial statements items

Source: CSIRO’s audited financial statements for the year ended 30 June 2023.

4.11.43 The increase of $229.4 million in net cost of services is primarily due to:

• an increase in wages and salaries of $58.0 million and an increase in leave expense of $59.9 million. The increase in wages and salaries were driven by increased recruitment. In 2022–23 CSIRO recruited an additional 647 full time equivalent staff. Increases in leave expense are driven by the increase in employees and actuarial adjustments resulting from changes in bond rates and salary growth expectations; and
• an increase in supplier expenditure of $89.0 million, mainly due to an increase of $26.6 million in research and development performed under contract and an increase of $16.5 million in domestic travel.

4.11.44 The increase in total assets of $467.0 million is primarily attributable to increases in:

• cash and cash equivalents of $119.7 million, due the increase in CSIRO’s surplus and an underspend on capital projects;
• other investments of $214.7 million, due to movements in fair value of investments; and
• land and buildings of $93.9 million, mainly as a result of a revaluation which resulted in a valuation increment of $107.0 million due to increase in replacement costs.

Key areas of financial risk

4.11.45 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation CSIRO’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.11.10.

Table 4.11.10:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and CSIRO’s audited financial statements for the year ended 30 June 2023.

Audit results

4.11.46 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.11.11:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.11.47 For each the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that CSIRO’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Privileged user access management

4.11.48 Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.11.49 During the 2022–23 interim audit the ANAO identified weaknesses in CSIRO’s controls relating to the granting and monitoring of privileged user access to the Financial Management Information System (FMIS) in respect of DEBUG roles. Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others

4.11.50 The ANAO identified that there were users with permanent access to the DEBUG role and there was no regular monitoring of logs of activities of these privileged users. The ANAO recommended that CSIRO remove permanent access to the DEBUG role.

4.11.51 CSIRO reviewed and made immediate changes to the DEBUG access and deleted permanent access for any user prior to 30 June 2023. CSIRO has also reviewed it’s policy and controls over DEBUG access requests and management. The ANAO will confirm implementation of monitoring controls in 2023–24.The ANAO will confirm the implementation as part of the 2022–23 financial statements audit.

4.11.52 The ANAO will confirm the implementation and effective operation of the monitoring of privileged users with access to the DEBUG role as part of the 2023–24 financial statements audit.

Geoscience Australia

4.11.53 Geoscience Australia delivers information and advice on Australia’s geology and geography to support faster and smarter decision-making. Geoscience Australia develops applications and solutions in response to Australia’s challenges by bringing together observations, data and knowledge from across geoscience disciplines.

Summary of financial performance

4.11.54 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Geoscience Australia (as outlined in Table 4.11.12) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.11.12:  Key financial statements items

Source: Geoscience Australia’s audited financial statements for the year ended 30 June 2023.

4.11.55 The increase in the net cost of services is mainly due to:

• an increase of $15.2 million in contractor expenses and foreign exchange losses as activity on the Satellite-Based Augmentation System, the Southern Positioning Augmentation Network (SouthPAN project) which commenced in 2022–23;
• an increase of $4.1 million in employee benefits due to a 3 per cent increase in salaries and uplift in provisions associated with higher salaries;
• a decrease of $3.7 million in revenue from contracts due to a focus on SouthPAN and the deferral on revenue recognition for other projects; and
• a decrease of $2.1 million in other revenue due to reduction in the provision of IT service resources.

4.11.56 Revenue from government increased as a result of the additional funding for the SouthPAN project and a funding supplementation of $12.7 million for foreign exchange losses relating to the SouthPAN project.

4.11.57 The increase in total assets is mainly due to:

• additions for the purchase or internally developed assets amounting of $165.3 million (of which $148.7 million represented the carrying value of the service concession assets relating to SouthPAN); and
• offset by the depreciation on all categories of non-financial assets of $38.9 million.

Key areas of financial risk

4.11.58 The ANAO completed appropriate audit procedures on all material items. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.11.13.

Table 4.11.13:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Geoscience Australia’s audited financial statements for the year ended 30 June 2023.

Audit results

4.11.59 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

4.12 Infrastructure, Transport, Regional Development, Communications and the Arts portfolio

Portfolio overview

4.12.1 The Infrastructure, Transport, Regional Development, Communications and the Arts portfolio covers a number of policy areas, including safety across the civil aviation, maritime and transport sectors; air navigation services; developing and administering the national capital; road, rail and freight transport systems; communication services; digital technologies; and public access to the arts and culture.

4.12.2 Table 4.12.1 identifies material and other entities specifically mentioned in this section.

4.12.3 Figure 4.12.1 shows the Infrastructure, Transport, Regional Development, Communications and the Arts portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹⁴⁰

Figure 4.12.1:  Infrastructure, Transport, Regional Development, Communications and the Arts portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.12.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.12.2 provides a summary of those audit differences that relate to entities within the Infrastructure, Transport, Regional Development, Communications and the Arts portfolio.

Table 4.12.2: The number of audit differences for entities in the Infrastructure, Transport, Regional Development, Communications and the Arts portfolio

Note a: The current year adjustments include adjustments identified in 2022–23 that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Infrastructure, Transport, Regional Development, Communications and the Arts portfolio.

4.12.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Infrastructure, Transport, Regional Development, Communications and the Arts and other material entities and non-material entities in the portfolio.

Department of Infrastructure, Transport, Regional Development, Communications and the Arts

4.12.6 The Department of Infrastructure, Transport, Regional Development, Communications and the Arts (Infrastructure) is responsible for improving infrastructure across Australia through funding coordination of transport and other infrastructure; providing an efficient, sustainable, competitive and safe transport system for all transport users; strengthening the sustainability, capacity and diversity of regional economies; providing advice on population policy; implementing the national policy on cities; and promoting an innovative and competitive communications sector. Infrastructure also promotes participation in and access to Australia’s arts and culture through developing and supporting cultural expression and supports governance arrangements in the Australian territories.

Summary of financial performance

4.12.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Infrastructure (as outlined in Table 4.12.3 and Table 4.12.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.3: Key departmental financial statements items

Source: Infrastructure’s audited financial statements for the year ended 30 June 2023.

4.12.8 The $45.2 million increase in net cost of service is mainly due to an increase in salaries and wages expenses as a result of increases in staffing levels and pay rises in accordance with a new enterprise agreement.

Table 4.12.4: Key administered financial statements items

Source: Infrastructure’s audited financial statements for the year ended 30 June 2023.

4.12.9 The decrease in total expenses is attributed to:

• the ceasing of COVID-19 subsidy payments related to the aviation sector during 2022–23; and
• a reduction in grants expenses of $461.7 million mainly as a result of the completion of the NBN Fixed Wireless and Satellite upgrade program in 2021–22.

4.12.10 Total income decreased by $193.5 million as a result of:

• no dividend being paid from the Australian Rail Track Corporation Ltd during 2022–23; and
• lower interest income due to the reduction of the balance of the loan to NBN Co Limited.

4.12.11 The increase in the total comprehensive loss is due to losses on the valuation of administered investments, including:

• the Australian Rail Track Corporation Ltd has declined in value by $862.9 million due to continued challenges to the long-term cash flows of the Hunter Valley Coal Network as key consumer countries move to reduce their reliance on coal powered energy. The impact of significant weather events on the Hunter Valley and Interstate networks, in addition to changes in discount rates, have also contributed to the decline in value; and
• Australian Postal Corporation has declined in value by $332.8 million due to forecast financial losses driven by the expected decline in letters volumes due to customer migration away from letters products and over–the–counter service offerings.

Key areas of financial risk

4.12.12 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Infrastructure’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.12.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Infrastructure’s audited financial statements for the year ended 30 June 2023.

4.12.13 The following performance audit reports were tabled during 2022–23 relevant to the financial management or administration of Infrastructure:

• Auditor-General Report No. 1 2022–23 Award of Funding under the Building Better Regions Fund; and
• Auditor-General Report No. 18 2022–23 Acquisition, Management and Leasing of Artworks by Artbank.

4.12.14 The observations of these reports were considered in designing audit procedures to address areas considered to pose a higher risk of material misstatement. No significant changes were made to the designed audit procedures for the financial statements audit.

Audit results

4.12.15 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.12.6: Status of audit findings

Source: ANAO 2022–23 audit results.

4.12.16 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Infrastructure’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Departmental internally developed software

4.12.17 Infrastructure’s balance of internally developed software was $58.8 million as at 30 June 2023. The capitalisation of costs attributed to internally developed software requires management to exercise judgement in determining whether the costs are expense or capital in nature (in accordance with the requirements of the relevant accounting standards).

4.12.18 During the 2022–23 final audit the ANAO identified that Infrastructure had recognised internally developed software that did not meet the criteria for recognition as an intangible asset which resulted in adjustments to the financial statements.

4.12.19 The ANAO recommended that Infrastructure undertake a review of all intangible asset balances to confirm they meet the definition of intangible assets.

4.12.20 Infrastructure agreed to the recommendation made by the ANAO and is in the process of undertaking a review of all intangible assets and remediation on those balances where necessary.

Unresolved moderate audit finding

Removal of user access

4.12.21 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.12.22 During the 2021–22 audit, the ANAO identified that Infrastructure did not have sufficient controls in place to identify and investigate in a timely manner access by users post cessation of their employment or contract.

4.12.23 During the 2022–23 interim audit Infrastructure advised the ANAO that weaknesses in the processes have been addressed and all access post cessation are now properly identified and investigated.

4.12.24 During the final audit the ANAO identified an instance of users accessing Infrastructure’s systems post cessation. The ANAO will review the remediation action taken by Infrastructure during the 2023–24 audit.

Airservices Australia

4.12.25 Airservices Australia (Airservices) is responsible for the provision of air navigation services across Australian and oceanic airspace, and the provision of aviation rescue firefighting services at major Australian airports. Supported by a national network of communications, surveillance and navigation facilities and infrastructure, Airservices is funded through domestic charges levied on its customers and borrowings from debt markets. Airservices also received funding from government through:

• a financial assistance grant in 2021–22 and 2020–21; and
• an equity injection in 2022–23.

4.12.26 This funding was in lieu of charges from external customers to cover the reduction in revenues due to the COVID-19 related downturn in aviation traffic and to fund future operating expenses in 2021–22 and 2022–23.

Summary of financial performance

4.12.27 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Airservices (as outlined in Table 4.12.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.7: Key financial statements items

Source: Airservices’ audited financial statements for the year ended 30 June 2023.

4.12.28 Total expenses increased by $122.4 million mainly due to:

• an increase in supplier infrastructure costs for modernisation projects as a result of the relaxation of border restrictions from December 2021; and
• higher compliance costs for Aviation Rescue Fire Fighting Services provision, reflecting increased site inspection and land remediation costs.

4.12.29 Airways revenue increased by $311.8 million due to the increases in both domestic and international air travel post the impacts of the COVID-19 pandemic. Airway revenue contributes to 93.9 per cent of Airservices’ total income in 2022–23.

4.12.30 The increase in total assets is attributed to the following offsetting movements:

• a $258.8 million increase in cash and cash equivalents as a result of increased borrowings and the receipt of $495.0 million equity funding from the Australian Government to cover the reduction in revenues due to the COVID-19 related downturn in aviation traffic and to fund future operating expenses;
• a $128.9 million increase in infrastructure, plant and equipment for capitalised costs primarily associated with the OneSky project;
• a $100.7 million increase in deferred tax assets, reflecting the operating loss for 2022–23; and
• a $148.1 million decrease in defined benefit fund assets, attributed to a greater than expected number of superannuation exits during the year, the repatriation of surplus fund assets paid to Airservices of $77.5 million and the impact the fund valuation due to an increase in the discount rate.

4.12.31 Total liabilities have increased mainly due to:

• an increase in borrowings of $248.8 million; and
• an increase in compliance costs for Aviation Rescue Fire Fighting Services provision, reflecting increased site inspection and land remediation costs of $51.2 million.

Key areas of financial risk

4.12.32 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Airservices’ financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.8.

Table 4.12.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Airservices’ audited financial statements for the year ended 30 June 2023.

Audit results

4.12.33 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Broadcasting Corporation

4.12.34 The Australian Broadcasting Corporation (ABC) is primarily responsible for providing innovative and comprehensive broadcasting and digital media services of a high standard that contribute to a sense of national identity, inform and entertain audiences, and foster the performing arts. 

Summary of financial performance

4.12.35 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ABC (as outlined in Table 4.12.9 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.9: Key financial statements items

Source: ABC’s audited financial statements for the year ended 30 June 2023.

4.12.36 The increase in net cost of services is primarily due to increased employee costs from wage increases in line with the enterprise agreement and restructuring expenses which were recognised as a provision as at 30 June 2023.

Key areas of financial risk

4.12.37 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ABC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. The area highlighted for specific audit coverage in 2022–23 is provided below in Table 4.12.10.

Table 4.12.10:  Key area of financial statements risk

Source: ANAO 2022–23 audit results, and ABC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.38 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Communications and Media Authority

4.12.39 The Australian Communications and Media Authority (ACMA) is responsible for the regulation communications infrastructure, content and services for Australia including broadcasting, radio communications (spectrum management), telecommunications and online content.

Summary of financial performance

4.12.40 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by ACMA (as outlined in Table 4.12.11 and Table 4.12.12 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.11:  Key departmental financial statements items

Source: ACMA’s audited financial statements for the year ended 30 June 2023.

4.12.41 The $11.9 million increase in net cost of services primarily relates to additional supplier expenses of $8.5 million and additional employee benefits expenses of $7.8 million, reflecting new budget measures to address online violence against women and children, spectrum management enhancement and terrestrial television transmission.

4.12.42 The increase in revenue from government of $9.4 million reflects funding provided for the new measures described in paragraph 4.12.41.

4.12.43 Total assets decreased by $29.2 million and total liabilities decreased by $37.1 million, primarily due to the derecognition of the extension option on ACMA’s Canberra office lease, which was accounted for as a reduction of the right-of-use asset and associated lease liability. During 2022–23, ACMA made the decision to not exercise the lease option.

Table 4.12.12:  Key administered financial statements items

Source: ACMA’s audited financial statements for the year ended 30 June 2023.

4.12.44 The decrease in total income of $624.0 million is primarily due to the sale of 26 GHz spectrum licenses, that were recognised as resource received free of charge of $652.5 million in 2021–22, compared to no sale activity in 2022–23. Taxation revenue was consistent between years and includes the Regional Broadband Scheme (RBS) charge, broadcasting licence charges, radio communications taxes, telecommunication numbering charges and industry contributions.

Key areas of financial risk

4.12.45 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ACMA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.13.

Table 4.12.13:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ACMA’s audited financial statements for the year ended 30 June 2023.

4.12.46 The following performance audit report was tabled during 2022–23 relevant to the financial management or administration of ACMA: Auditor-General Report No. 19 2022–23 Procurement Complaints Handling.

4.12.47 While this report did not include recommendations regarding risks to ACMA’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures. No significant changes were made to the designed audit procedures for the financial statements audit.

Audit results

4.12.48 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.12.14:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.12.49 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that ACMA’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Removal of user access

4.12.50 The PSPF helps Australian Government entities to protect their people, information and assets. The PSPF sets out government protective security policy in terms of: security governance; information security; personnel security; and physical security. PSPF Policy 9 Access to information and PSPF Policy 14 Separating personnel outline security measures to control access to Australian Government information and mitigate risks associated with departing personnel. PSPF Policy 9 requires entities to control access to supporting ICT systems and applications and ensure access to sensitive information is only provided to people on a need-to-know basis. PSPF Policy 14 requires personnel’s access to be removed upon separation or transfer from the entity. Inadequate security measures for timely removal of access from former personnel increase the risk of unauthorised access to sensitive information

4.12.51 During 2022–23 the ANAO assessed the design and implementation of ACMA’s termination controls. The ANAO found control weaknesses at the network and application levels, including users that had access to and had accessed their network accounts following their departure date. In addition, ACMA does not have monitoring controls to detect and investigate post termination access to the network and applications.

4.12.52 User accounts should be removed upon termination date as they no longer have a legitimate requirement to access ACMA’s network or applications. The ANAO recommended that ACMA implement controls to improve the timeliness of the initiation of the termination process, at both the network and application levels and establish monitoring controls.

Australian Postal Corporation

4.12.53 The Australian Postal Corporation (Australia Post) is a government business enterprise responsible for supplying postal services to Australia, including the distribution of letters and parcels in Australia and internationally.

Summary of financial performance

4.12.54 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Australia Post (as outlined in Table 4.12.15 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.15:  Key financial statements items

Source: Australia Post’s audited financial statements for the year ended 30 June 2023.

4.12.55 Australia Post reported a total comprehensive loss of $215.7 million. This was largely attributable to an increase in employee expenses due to redundancy payments.

4.12.56 The movement in other comprehensive income is the result of remeasurements of the defined benefit plans relating to Australia Post’s net superannuation assets and liabilities.

4.12.57 The increase in total liabilities of $297.6 million is largely attributable to Australia Post issuing two $100.0 million loans during 2022–23.

Key areas of financial risk

4.12.58 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Australia Post’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.16 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.12.16:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Australia Post’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.59 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Rail Track Corporation Ltd

4.12.60 The Australian Rail Track Corporation Ltd (ARTC) is responsible for the development, maintenance, management and delivery of some of Australia’s major rail networks, including the national interstate rail network, the Hunter Valley coal rail network, and the construction of the Inland Rail network. In May 2017, the Australian Government announced it would invest substantial equity funding into ARTC for the company to deliver the Inland Rail network. A commitment of further equity funding to deliver the project was announced by the Australian Government in October 2020. Inland Rail is a 1,700-kilometre rail line that will link Brisbane and Melbourne through regional Australia.

4.12.61 Following a Senate Inquiry into the management of the Inland Rail project by ARTC the Australian Government announced an independent review to assess governance and program delivery approaches of the project.¹⁴¹ The outcome of this review was published in April 2023. One of the review recommendations to improve the delivery of Inland Rail was to create a subsidiary entity to deliver the project. Inland Rail Pty Ltd (IRPL) was established on 10 July 2023 and is a 100% owned subsidiary of ARTC

Summary of financial performance

4.12.62 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ARTC and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.17:  Key financial statements items

Source: ARTC’s audited financial statements for the year ended 30 June 2023.

4.12.63 The increase in the total comprehensive loss of $1,144.8 million in 2022–23 is primarily attributable to the impairment expenses incurred during the period of $1,795.4 million. Impairment expenses are largely attributable to:

• the impairment of the Inland Rail assets. The construction of these assets are funded by the Australian Government through equity contributions. ARTC has made a judgement that the income likely to be generated from the Inland Rail line on commencement of operations will not offset the significant cost of development of the line and as a result records impairment on the costs of assets constructed under the project each year. Impairment expenses amount to $866.5 million in 2022–23; and
• impairment of Interstate and Hunter Valley rail networks amounting to $748.2 million and $179.6 million respectively due to changes in the risk free interest rate and cash flow forecasts.

4.12.64 Total assets decreased by $417.8 million mainly due to the impact of the impairment expenses recorded in the Interstate and Hunter Valley rail networks (refer to paragraph 4.12.62).

4.12.65 Total liabilities increased by $444.9 million due mainly to:

• a $274.0 million increase is the draw down of the syndicated loan debt facility to supplement the funding of development of inland rail; and
• an increase in deferred government grants of $161.9 million. $114.8 million of these grants related to the Infrastructure Investment Program to improve the efficiency and safety of the National Land Transport Network. The grants have been treated as deferred income as the assets they create are capital in nature and grant income is only recognised when depreciation is charged to the income statement over the useful life of the constructed assets.

Key areas of financial risk

4.12.66 In light of the key areas of risk and the ANAO’s understanding of the operations of ARTC, the ANAO has assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.12.67 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ARTC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.18.

Table 4.12.18:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ARTC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.68 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

National Archives of Australia

4.12.69 The National Archives of Australia (National Archives) is an Australian Government entity established under the Archives Act 1983. It sets information and data management policy and standards for Australian Government entities to meet in creating, retaining, maintaining, securing, preserving, appropriately disposing of, and providing appropriate access to trusted government information and data. The National Archives collects records of government decisions and actions.

Summary of financial performance

4.12.70 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by National Archives (as outlined in Table 4.12.19) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.19:  Key financial statements items

Source: National Archive’s audited financial statements for the year ended 30 June 2023.

4.12.71 Net cost of services decreased mainly due to an increase in own-source revenue of $8.2 million. The increase relates to National Archive’s recognition of new archive records and the associated gain. The increase in total assets of $31.0 million reflects the fair value of the intake of records collected during 2022–23, recognised as heritage and cultural assets.

Key areas of financial risk

4.12.72 In light of the key areas of risk and the ANAO’s understanding of the operations of the National Archives, the ANAO reassessed the overall risk rating of material misstatement in the 2022–23 financial statements to moderate. This increase in the risk rating was a result of the identification of the deficiencies in internal control identified.

4.12.73 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of National Archive’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.20.

Table 4.12.20:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and National Archive’s audited financial statements for the year ended 30 June 2023.

4.12.74 Auditor-General Report No. 44 2022–23 Management of Information Assets was tabled during 2022–23 relevant to the financial management or administration of National Archives.

4.12.75 While this report did not include recommendations regarding risks to National Archive’s financial administration as it relates to the financial statements, the observations were considered in designing the audit.

Audit results

4.12.76 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.12.21:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.12.77 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that National Archive’s 2022–23 financial statements were not materially misstated.

New significant audit finding

Ineffective IT general controls

4.12.78 IT general controls are essential to support effective processes, policies and procedures for managing information systems, securing sensitive information, and ensuring the integrity and availability of data to support the preparation of financial statements. Ineffective IT general controls, in particular monitoring and reviewing privilege user activity, increases the risk of erroneous or unauthorised transactions or changes to IT systems not being identified and addressed.

4.12.79 In 2022–23 the ANAO assessed the IT general controls that support the preparation of National Archives financial statements. The ANAO assessed that the design and implementation of IT general controls was ineffective. Weaknesses were noted in relation to:

• insufficient oversight and documentation of review of privilege user access and activity logs.
• no formalised or documented periodic review of user access.
• inconsistent mapping of roles and responsibility configurations, including workflow approvers and inconsistent chart of accounts mapping configurations.

4.12.80 The ANAO recommended National Archives undertake a detailed review of IT general controls to confirm controls are designed, implemented and operating effectively to support the preparation of National Archive’s financial statements. This should include:

• developing and implementing a process to monitor and review privilege user activity.
• formalising a documented periodic user access review.
• undertaking a review of the mapping of roles and responsibility configuration, including workflow approvers and chart of accounts mapping to confirm it is appropriate.

4.12.81 National Archives agreed with the recommendations made by the ANAO.

New moderate audit finding

Financial statements preparation process

4.12.82 In 2022–23 the ANAO identified weaknesses in National Archive’s financial statements preparation process. The weaknesses included:

• a deficiency in the timely preparation of workpapers to support the financial statements and associated notes, including the timely preparation and review of key reconciliations during the year.
• a lack of review and approval of year-end adjusting journals by an independent reviewer who had an appropriate understanding of the financial implications of the journal.
• an inability to provide sufficient supporting documentation to validate certain year-end transactions.
• the identification of a number of adjusted and unadjusted audit differences.

4.12.83 The ANAO recommended National Archive’s develop a robust financial statements close process. This should include:

• detailed timelines for the completion of key tasks and the responsible officer.
• identification of risks associated with the financial statements close process and controls management requires to mitigate and manage the risk.
• a level of management oversight and review to support the preparation of timely and quality financial statements.

4.12.84 National Archives agreed with the recommendations made by the ANAO.

National Capital Authority

4.12.85 The National Capital Authority (NCA) performs the role of trustee and manager of areas in Canberra and the Australian Capital Territory that are designated as National Land for the special purpose of Canberra as Australia’s National Capital. The NCA shapes the future of Canberra for all Australians through the National Capital Plan and related planning and development work. The NCA also manages much of the National Estate such as Lake Burley Griffin, the National Triangle and Anzac Parade and encourages citizens and visitors to explore Canberra’s unique characteristics and special roles as the National Capital.

Summary of financial performance

4.12.86 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by NCA (as outlined Table 4.12.22 and Table 4.12.23) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.22:  Key departmental financial statements items

Source: NCA’s audited financial statements for the year ended 30 June 2023.

4.12.87 Total comprehensive income and total assets increased due to the revaluation of non-financial assets which resulted in a revaluation gain of $1.9 million.

Table 4.12.23:  Key administered financial statements items

Source: NCA’s audited financial statements for the year ended 30 June 2023.

4.12.88 Total expenses have increased due to:

• an additional $8.3 million of depreciation expenses due to a higher non-financial asset base as a result of asset additions in the current and prior year; and
• the recognition of an impairment expense of $5.2 million for non-financial assets as a result of asset deterioration along with asset decommissioning to enable construction works on national land.

4.12.89 The increase in total income is attributed to an increase in parking revenue, with activity returning to business-as-usual levels following a temporary decline in the prior year due to the impacts of COVID-19 pandemic.

4.12.90 Total assets have increased due mainly to the $194.6 million revaluation of non-financial assets.

Key areas of financial risk

4.12.91 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of NCA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.24.

Table 4.12.24:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and NCA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.92 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

National Gallery of Australia

4.12.93 The National Gallery of Australia (the Gallery) is responsible for developing and maintaining a national collection of works of art to exhibit or to make available for others to exhibit and making the most advantageous use of the national collection in the national interest.

Summary of financial performance

4.12.94 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by the Gallery (as outlined in Table 4.12.25) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.25:  Key financial statements items

Source: The Gallery’s audited financial statements for the year ended 30 June 2023.

4.12.95 The decrease in total other comprehensive income is due predominantly to a revaluation of the heritage and cultural collection in the prior year resulting in a revaluation increment of $772.7 million. In accordance with the Gallery’s policy no revaluation was required in 2022–23.

Key areas of financial risk

4.12.96 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the Gallery’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.26.

Table 4.12.26:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and the Gallery’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.97 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

National Intermodal Corporation Limited

4.12.98 National Intermodal Corporation Limited (National Intermodal) was originally established to oversee the development and future operation of the Moorebank Intermodal Precinct in Sydney’s south-west. Once completed, the Moorebank Intermodal Precinct will have an import and export rail terminal with a direct link to Port Botany, and also an interstate and regional facility to connect to the national rail freight network. The warehousing at the precinct is being developed and operated by the LOGOS Consortium (comprised of Australian Super, NSW TCorp, LOGOS, AXA and Ivanhoe Cambridge). The rail terminals are being developed by Qube Holdings Limited with Qube operating the completed import and export rail terminal. The interstate terminal will be operated by a joint venture of Qube, LOGOS and National Intermodal when it is completed in 2024.

4.12.99 In February 2022, National Intermodal’s mandate was expanded to include the planning, delivery and operation of open access intermodal freight precincts in Melbourne and Brisbane in support of the Australian Government’s Inland Rail project with the objective of facilitating the development and operation of a modern and efficient freight network that improves productivity.

Summary of financial performance

4.12.100 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by National Intermodal (as outlined in Table 4.12.27) and includes commentary regarding significant movements between years.

Table 4.12.27:  Key financial statements items

Source: National Intermodal’s audited financial statements for the year ended 30 June 2023.

4.12.101 Total expenses have decreased by $17.5 million. This is mainly due to the impact of accounting for the changes in the provision for land and site costs relating to the Moorebank Intermodal Precinct. National Intermodal recognise a provision in advance of construction being undertaken to reflect the contractual commitments held by National Intermodal to deliver of the associated land preparation works, upgrades to Moorebank Avenue to support the precinct and voluntary planning contributions. National Intermodal conducted a comprehensive review of the provision in 2021–22. Assumptions related to cost increases were less significant than 2021–22 resulting in a decrease in expenses charged to the provision of $20.4 million.

4.12.102 Total revenue increased mainly as a result of:

• a remeasurement of the receivable for rail access rights of $9.3 million to take account of changes in the consumer price index which form a component of the rail access charges.
• a $10.0 million contribution received by National Intermodal from the LOGOS Consortium and Qube Holdings in respect of the Moorebank Intermodal Precinct.

4.12.103 Total assets have increased by $360.0 million mainly due to:

• an increase in the balance of property, plant and equipment of $319.2 million, reflecting the purchase of 1,100 hectares of land at Beveridge in Victoria in support of the planned Beveridge Interstate Freight Terminal which will be developed by National Intermodal;
• the increase in the fair value of National Intermodal’s equity accounted investment in the Moorebank Precinct Land Trust (The Trust) of $29.2 million. National Intermodal holds a 65.63 per cent unitholding in the Trust which holds the land at the Moorebank Intermodal Precinct owned by the Commonwealth and the LOGOS Consortium via 99-year leases. The fair value of the Trust’s assets have been determined by applying a discounted cash flow valuation methodology undertaken by the Trust which increased due to changes in estimated cash flows and economic assumptions applied in the valuation; and
• an increase in the balance of assets under construction of $15.0 million related to the construction of rail lines undertaken as part of ‘Rail Access Works Stage 2’ at the Moorebank interstate rail terminal. This rail line will connect the Moorebank Intermodal Precinct to the Southern Sydney Freight Line.

4.12.104 Total liabilities have decreased by $59.5 million due mainly to a reduction in the provision for land and site costs (refer to paragraph 4.12.100) reflecting the delivery of preparation works during 2022–23 ($51.1 million).

Key areas of financial risk

4.12.105 In light of the key areas of risk and the ANAO’s understanding of the operations of National Intermodal, the ANAO has assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.12.106 The ANAO completed appropriate audit procedures on all material items. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.28.

Table 4.12.28:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and National Intermodal’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.107 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

National Library of Australia

4.12.108 The National Library of Australia (NLA) is responsible for developing and maintaining a national collection of library material, including a comprehensive collection of material relating to Australia and the Australian people, and for making this material available to the public.

Summary of financial performance

4.12.109 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by NLA (as outlined in Table 4.12.29 and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.29:  Key financial statements items

Source: NLA’s audited financial statements for the year ended 30 June 2023.

4.12.110 The increase in net cost of services is primarily as a result of an increase in supplier expenses due to:

• completion of projects which had been paused due to COVID-19 pandemic; and
• increase in repairs and maintenance expenses to address asbestos matters.

4.12.111 The increase in net cost of services was offset by an increase in other revenue primarily due to monies received from insurance claims due to hail damage to the Library’s main library building that occurred in 2021.

Key areas of financial risk

4.12.112 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of NLA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.30.

Table 4.12.30:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and NLA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.113 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

NBN Co Limited

4.12.114 The primary objective of NBN Co Limited (NBN Co) is to provide wholesale services to internet service providers. NBN Co is a government business enterprise incorporated under the Corporations Act 2001.

Summary of financial performance

4.12.115 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by NBN Co (as outlined in Table 4.12.31) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.31:  Key financial statements items

Source: NBN’s audited financial statements for the year ended 30 June 2023.

4.12.116 Total income increased by $232.0 million, mainly driven by a combination of higher activations of internet connections and a steady improvement in residential average revenue per user.

4.12.117 Total expenses decreased mainly due to lower depreciation and amortisation costs as a result of changes in useful lives associated with NBN Co’s assets, offset by an increase in net finance costs as a result of higher average debt levels and rising market interest rates.

4.12.118 The change from the previous year’s total other comprehensive income position (which arose from a significant increase in foreign exchange rates and interest) to a smaller loss in 2022–23 reflective of a more stable market environment.

4.12.119 NBN Co reported total assets of $37.9 billion, an increase of $1.2 billion, primarily due to following offsetting factors:

• an increase in property plant and equipment of $3.0 billion as a result of investment in the nbn network;
• a further $0.7 billion increase in property, plant and equipment due to an increase in right-of-use assets (with a corresponding increase in lease liabilities) due to the remeasurement of right-of-use licenses associated with access to Telstra’s network infrastructure;
• offset by depreciation of existing assets of $2.6 billion.

4.12.120 Total liabilities increased by $2.0 billion due to increased borrowings and an increase in lease liabilities arising from the remeasurement of Telstra right-of-use licenses (refer to paragraph 4.12.119).

Key areas of financial risk

4.12.121 In light of the key areas of risk and the ANAO’s understanding of the operations of NBN Co, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.12.122 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of NBN Co’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.32 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.12.32:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and NBN’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.123 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23.

WSA Co Limited

4.12.124 WSA Co Limited (WSA) was established to construct and operate Western Sydney International (Nancy-Bird Walton) Airport in Badgerys Creek, in south-western Sydney, to the functional specifications by the Australian Government. WSA is a government business enterprise wholly owned by the Australian Government, represented by the Minister for Finance and the Minister for Infrastructure, Transport, Regional Development and Local Government as shareholder ministers.

4.12.125 The Australian Government’s original plan was to invest up to $5.3 billion of equity funding into WSA to build the Western Sydney International Airport. This investment covered WSA’s work on the earthworks and construction of the airport (runway and terminal infrastructure) in accordance with the conditions of the project deed agreed by the Australian Government and WSA. During 2021–22 the Australian Government decided to also fund WSA’s development of the aviation fuel farm infrastructure assets, and to support the NSW Government delivery of Sydney Metro – Western Sydney Airport integration. During 2022–23, the Australian Government committed additional funding to support the delivery of Commonwealth border agency facilities necessary for airport operations.

4.12.126 At the conclusion of the 2022–23 financial year, the project reached 50 per cent completion, including:

• completion of bulk earthworks;
• substantial completion of the design works for the terminal, airside civil and pavements (airside) and landside civil and buildings (landside) packages;
• advancement of terminal works, airside works and landside works; and
• commencement of the design and implementation of the technology delivery program.

Summary of financial performance

4.12.127 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by WSA (as outlined in Table 4.12.33) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.12.33:  Key financial statements items

Source: WSA’s audited financial statements for the year ended 30 June 2023.

4.12.128 Total expenses decreased mainly due to the stage of construction of the airport. During 2022–23, WSA recognised $37.0 million less in site preparation expenses, consistent with the completion of these works during the year and transition to peak construction activity. Expenditure on construction of the airport terminal, airside and landside works is capitalised in accordance with WSA’s capitalisation policy.

4.12.129 The total comprehensive loss reflects the nature of funding available to WSA. WSA has entered into an equity subscription agreement with the Commonwealth to fund the development and construction of the airport to meet the Commonwealth’s functional specifications. During 2022–23 WSA received $1.2 billion of this funding from the Commonwealth. These funds are recorded as share capital and were not recognised in the statement of comprehensive income.

4.12.130 The increase of $1,042.8 million in total assets mainly relates to:

• the capitalisation of assets under construction in accordance with WSA’s capitalisation policy. During 2022–23 construction continued at the airport site, particularly relating to the airport terminal and runway, resulting in $861.3 million capitalised as airport construction in progress; and
• an increase in cash and cash equivalents of $166.6 million, in line with drawdown against the equity subscription agreement and increase in trade and other payables (refer paragraph 4.12.130).

4.12.131 The increase of $36.2 million in total liabilities mainly relates to trade and other payables, reflecting the timing of contract payments and the stage of project works particularly in relation to Sydney Metro rail integration works, terminal works and pavement works.

Key areas of financial risk

4.12.132 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of WSA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.12.34.

Table 4.12.34:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and WSA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.12.133 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Bundanon Trust

4.12.134 Bundanon Trust Limited supports arts practice and engagements with the arts through its residency, education, exhibition, and performance programs. The Trust was incorporated on 22 March 1993 as a public company limited by guarantee to manage artworks, landscape and heritage infrastructure gifted by Arthur and Yvonne Boyd to the Australian Government. The Trust’s mission is to operate the Bundanon properties as a centre for creative arts and education, to support the development of arts practice across all disciplines and to enable public access to the arts and to the landscape.

Audit results

4.12.135 The 2022–23 financial statements audit was still in progress as at 30 November 2023. The Auditor-General’s 2023–24 Interim Report on Key Financial Controls of Major Entities is expected to be tabled in June 2024 and will include a summary of the results for this audit, including the status of audit findings identified during the 2021–22 audit.

Creative Partnerships Australia

4.12.136 Creative Partnerships Australia (Creative Partnerships) was a Commonwealth company limited by guarantee. The role of Creative Partnerships was to create a culture of private sector support for the arts. It aimed to grow the culture of giving, investment, partnership, and volunteering, bringing donors, businesses, artists and arts organisations together to foster a more sustainable and vibrant arts sector for the benefit of all Australians.

4.12.137 Key provisions of the Australia Council Amendment (Creative Australia) Act 2023 have effect from 1 July 2023. Pursuant to the legislation, at this date, Creative Partnerships ceased to exist and for the purposes of the Corporations Act 2001, the entity was taken to be deregistered. Schedule 2 of this Act outlined that Creative Partnership’s operations, asset and liabilities would transfer to the Australia Council.

Audit results

4.12.138 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Emphasis of matter

4.12.139 The auditor’s report for Creative Partnership’s 2022–23 financial statements included an emphasis of matter paragraph to draw the attention of users to the notes of the financial statements which indicate that the financial statements were prepared on a non-going concern basis. The financial statements have been prepared on a non-going concern basis due to a decision of the Australian Government to transfer all operations, assets and liabilities of Creative Partnerships to the Australia Council.

4.13 Parliamentary Departments

Overview

4.13.1 The Parliamentary Departments support the operation of the Parliament of Australia, its committees and members. There are four parliamentary entities: the Department of Parliamentary Services; the Department of the Senate; the Department of the House of Representatives; and the Parliamentary Budget Office. Table 4.13.1 identifies material entities specifically mentioned in this section.

4.13.2 Figure 4.13.1 shows the Parliamentary Departments’ income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹⁴²

Figure 4.13.1:  Parliamentary Departments’ income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.13.3 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.13.2 provides a summary of those audit differences that relate to entities within the Parliamentary Departments.

Table 4.13.2: The number of audit differences for entities in the Parliamentary Departments

Note a: The adjustments include adjustments identified in the period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Parliamentary Departments.

4.13.4 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Parliamentary Services.

Department of Parliamentary Services

4.13.5 The Department of Parliamentary Services (DPS) is responsible for supporting the Parliament through the provision of a range of services, including library, research, Hansard, broadcasting, telecommunications, central computing, food and beverages, and building security and maintenance.

Summary of financial performance

4.13.6 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by DPS (as outlined in Table 4.13.3 and Table 4.13.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.13.3: Key departmental financial statements items

Source: DPS’ audited financial statements for the year ended 30 June 2023.

4.13.7 All movements in balances are as the result of fluctuations in the normal operating cycle.

Table 4.13.4: Key administered financial statements items

Source: DPS’ audited financial statements for the year ended 30 June 2023.

4.13.8 The increase in total assets of $136.0 million is primarily due to the revaluation adjustment for Parliament House. DPS undertook a desktop asset valuation for land and buildings during 2022–23 that resulted in no valuation change for land ($26.6 million in 2021–22) and an increment for buildings of $128.9 million ($159.8 million in 2021–22).

Key areas of financial risk

4.13.9 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DPS’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.13.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.13.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DPS’ audited financial statements for the year ended 30 June 2023.

Audit results

4.13.10 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

4.14 Prime Minister and Cabinet portfolio

Portfolio overview

4.14.1 The Prime Minister and Cabinet portfolio is responsible for providing advice and support to the Prime Minister, the Cabinet, portfolio ministers and assistant ministers on matters that are at the forefront of public policy and government administration, and providing stewardship of the Australian Public Service (APS).

4.14.2 The Department of the Prime Minister and Cabinet (PM&C) is responsible for supporting the Prime Minister as the head of the Australian Government and the Cabinet, and providing advice on major domestic policy and international and national security matters.

4.14.3 Table 4.14.1 identifies material and other entities specifically mentioned in this section.

4.14.4 Figure 4.14.1 shows the Prime Minister and Cabinet portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹⁴³

Figure 4.14.1:  Prime Minister and Cabinet portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.14.5 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.14.2 provides a summary of those audit differences that relate to entities within the Prime Minister and Cabinet portfolio.

Table 4.14.2: The number of audit differences for entities in the Prime Minister and Cabinet portfolio

Note a: The current year adjustments include adjustments identified in 2022–23 that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Prime Minister and Cabinet portfolio.

4.14.6 The following section provides a summary of the 2022–23 financial statements audit results for the Department of the Prime Minister and Cabinet, and findings for other material entities and non-material entities in the portfolio.

Department of the Prime Minister and Cabinet

4.14.7 The Department of the Prime Minister and Cabinet (PM&C) is responsible for providing advice to the Prime Minister, the Cabinet, portfolio ministers, and assistant ministers to improve the lives of all Australians, including through coordination of government activities, effective policy advice and development, and program delivery.

Summary of financial performance

4.14.8 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by PM&C (as outlined in Table 4.14.3 and Table 4.14.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.14.3: Key departmental financial statements items

Source: PM&C’s audited financial statements for the year ended 30 June 2023.

4.14.9 The decrease in net cost of services is largely due to a $26.2 million decrease in grant expenses as a result of changes in National Australia Day Council (NADC) funding arrangements. In 2021–22, these were partly funded by prior year departmental appropriations that became available to the NADC.

4.14.10 Revenue from Government increased by $9.6 million to fund new measures including $18.4 million for the Quad Leaders’ Summit, $11.1 million for the Plan for National Disability Insurance Scheme, $6.9 million for the Net Zero Economy Taskforce and $6.6 million for APS Reform activities offset by appropriations transferred to other agencies as a result of MoG changes.

4.14.11 Total liabilities decreased by $8.7 million primarily due to a reduction in lease liabilities associated with PMC’s corporate premises.

Table 4.14.4: Key administered financial statements items

Source: PM&C’s audited financial statements for the year ended 30 June 2023.

4.14.12 Total other comprehensive income and total administered assets increased primarily due to the establishment of the Northern Territory Aboriginal Investment Corporation.

Key areas of financial risk

4.14.13 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of PM&C’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.14.5.

Table 4.14.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and PM&C’s audited financial statements for the year ended 30 June 2023.

Audit results

4.14.14 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.14.6:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.14.15 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that PM&C’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Removal of user access

4.14.16 The PSPF helps Australian Government entities to protect their people, information and assets. The PSPF sets out government protective security policy in terms of: security governance; information security; personnel security; and physical security. PSPF Policy 9 Access to information and PSPF Policy 14 Separating personnel outline security measures to control access to Australian Government information and mitigate risks associated with departing personnel. PSPF Policy 9 requires entities to control access to supporting ICT systems and applications and ensure access to sensitive information is only provided to people on a need-to-know basis. PSPF Policy 14 requires personnel’s access to be removed upon separation or transfer from the entity. Inadequate security measures for timely removal of access from former personnel increase the risk of unauthorised access to sensitive information.

4.14.17 The ANAO identified instances where users had accessed the PM&C’s systems after completion of their employment or contract. The ANAO noted that investigation of post termination access was not always timely.

4.14.18 PM&C is developing a standard operating procedure (SOP) to support more timely investigation of user access post termination. PM&C will update its risk assessment and policy once the SOP is finalised. The effectiveness of these processes will be assessed by the ANAO as part of 2023–24 financial statements audit.

Indigenous Business Australia

4.14.19 Under its enabling legislation, the Aboriginal and Torres Strait Islander Act 2005, Indigenous Business Australia’s (IBA’s) purposes are to assist and enhance Aboriginal and Torres Strait Islander self-management and economic self-sufficiency, and to advance the commercial and economic interests of Aboriginal and Torres Strait Islander peoples by accumulating and using a substantial capital base for their benefit. IBA has 14 actively trading subsidiaries which are audited by the ANAO.

Summary of financial performance

4.14.20 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by IBA (as outlined in Table 4.14.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.14.7: Key financial statements items

Source: IBA’s audited financial statements for the year ended 30 June 2023.

4.14.21 Total assets increased by $123.0 million mainly due to:

• an increase in other investments of $82.7 million relating to enhanced returns from longer term investments, investment of cash reserves, and mark to market valuation increases to Indigenous Prosperity Funds; and
• an increase in loan receivables of $63.2 million due to a significant decline in IBA customers switching to commercial lenders in comparison to last year resulting in a rebuild of the loan portfolio.

4.14.22 These increases were partially offset by a $36.0 million decrease in cash and cash equivalents relating to cash management initiatives to invest available cash into longer term investments generating better returns.

Key areas of financial risk

4.14.23 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of IBA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.14.8.

Table 4.14.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and IBA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.14.24 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

National Indigenous Australians Agency

4.14.25 The National Indigenous Australians Agency (NIAA) is responsible for leading and coordinating Commonwealth policy development, program design and implementation and service delivery for Aboriginal and Torres Strait Islander peoples. The primary functions of the NIAA are:

• providing advice on whole-of-government priorities for Aboriginal and Torres Strait Islander people to the Minister for Indigenous Australians, the Assistant Minister for Indigenous Australians, and the Special Envoy for the Reconciliation and the implementation of the Uluru Statement from the Heart;
• leading and coordinating the implementation of Australia’s Closing the Gap targets in partnership with First Nations peoples and communities; and
• building and maintaining effective partnerships with Aboriginal and Torres Strait Islander people, state and territory governments and other stakeholders.

Summary of financial performance

4.14.26 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by NIAA (as outlined in Table 4.14.9 and Table 4.14.10) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.14.9:  Key departmental financial statements items

Source: NIAA’s audited financial statements for the year ended 30 June 2023.

4.14.27 The net cost of services increased by $89.9 million was mainly attributable to:

• a $53.2 million litigation settlement for Stolen Generations class actions;
• a $25.0 million increase in employee expenses due to an increase in staffing levels arising from the transition of some shared services functions from the Department of the Prime Minister and Cabinet into the NIAA, and the conversion of contractors to APS officials in line with the Australian Government direction; and
• a $13.2 million increase in supplier expenses for consultants, contractors and secondees, and for travel.

4.14.28 Revenue from Government increased by $71.1 million largely due to additional funding received for anticipated legal settlement expenditure.

4.14.29 Total assets decreased by $9.7 million mainly due to a reduction in the value of property, plant and equipment, and lower appropriations receivable at year end. This was partially offset by an increase in intangibles following the capitalisation of internally developed software.

Table 4.14.10:  Key administered financial statements items

Source: NIAA’s audited financial statements for the year ended 30 June 2023.

4.14.30 Total administered expenses increased by $785.5 million mainly due to:

• an increase of $687.5 distribution from the Aboriginals Benefit Account to the newly established Northern Territory Aboriginal Investment Corporation.
• a $72.1 million increase in grants expense due to an increase in the demand-driven Community Development Program; and
• a $29.2 million increase in expenses associated with the Territories Stolen Generations Redress Scheme which operated for the full 12 months during financial year ended 30 June 2023.

4.14.31 Total administered assets increased by $111.1 million mainly due to:

• an increase of $46.5 million in cash due to additional appropriation contributions made to the Indigenous Remote Service Delivery special account for projects in remote communities; and
• an increase of $41.0 million in term deposit investments and an associated $18.6 million increase in interest receivable at year-end.

4.14.32 Total administered liabilities increased by $634.1 million mainly due to the recognition of a $500.0 million provision and $117.6 million payable for statutory payments to be made to the Northern Territory Aboriginal Investment Corporation under The Aboriginal Land Rights Act 1976.

Key areas of financial risk

4.14.33 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the IT general and application controls for key systems that support the preparation of NIAA’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.14.11, including the areas which were considered a key audit matter (KAM) by the ANAO.

Table 4.14.11:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and NIAA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.14.34 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Voyages Indigenous Tourism Australia Pty Ltd

4.14.35 Voyages Indigenous Tourism Australia Pty Ltd (Voyages) is a wholly owned subsidiary of the Indigenous Land and Sea Corporation (ILSC). Voyages owns and operates Ayres Rock Resort (ARR) in the Northern Territory. It also operates Mossman Gorge Centre located in North Queensland. These businesses operate tourism and hospitality training and employment initiatives to benefit indigenous people.

Summary of financial performance

4.14.36 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Voyages (as outlined in Table 4.14.12) includes commentary regarding significant movements between years contributing to overall performance.

Table 4.14.12:  Key financial statements items

Source: Voyages audited financial statements for the year ended 30 June 2023.

4.14.37 The $54.1 million increase in total income was mainly as a result of lifting of travel restrictions associated with the COVID-19 pandemic. This resulted in an increased number of tourists visiting Ayers Rock Resort and Mossman Gorge Cultural Centre which contributed to higher sales for tours, accommodation, food and beverage and retail operations.

4.14.38 The $79.0 million increase in total expenses was mainly due to the increased number of tourists identified at paragraph 4.14.37. This contributed to higher expenditure, including on additional staff and expenditure on utilities, repairs and maintenance and the cost of sales.

4.14.39 Total liabilities increased mainly due to a new loan facility for the purpose of funding the Wintjiri Wiru project, a modern indigenous cultural experience at Ayers Rock Resort developed by Voyages alongside the Anangu community.

Key areas of financial risk

4.14.40 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Voyages’ financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.14.13.

Table 4.14.13:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Voyages’ audited financial statements for the year ended 30 June 2023.

Audit results

4.14.41 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Anindilyakwa Land Council

4.14.42 The Anindilyakwa Land Council (ALC) was formed by the Aboriginal Land Rights (Northern Territory) Act 1976 (ALRA). Under subsection 23(1) of the ALRA, ALC undertakes the following activities:

• management of the land to protect traditional owners’ interests;
• protection of sacred sites;
• consultation regarding proposals relating to lands and seas in the Groote Archipelago;
• provision of assistance to traditional owners to engage in commercial activities and economic development;
• supervision and administration of land trusts;
• control of visits by all non-indigenous people through monitoring and permits; and
• protection and preservation of culture, including intellectual property, copyright and reproduction of cultural products to safeguard against illegal or improper use of research, digital images, designs, stories, bio-cultural information, artefacts and art.

Audit results

4.14.43 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.14.14:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.14.44 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that ALC’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Financial statements preparation

4.14.45 Subsection 41 (2) of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires the accountable authority of a Commonwealth entity to ensure that the accounts and records are kept in a way that allows those financial statements to be conveniently and properly audited.

4.14.46 In 2019–20, the ANAO identified areas where ALC had limited quality assurance checks performed by management to ensure that the draft versions of the financial statements were of an appropriate standard. The ANAO recommended ALC develop a detailed financial statements preparation process that included preparation of appropriate working papers, position papers and quality assurance processes.

4.14.47 In the 2020–21 audit, the ANAO performed a follow-up on the recommendations made in 2019–20 and noted that there had been no significant improvement to ALC’s financial statements preparation process. During the 2021–22 audit, the ANAO continued to identify issues in ALC’s financial statements preparation process. The minor audit finding originally raised in 2019–20 was reclassified to a moderate risk finding.

4.14.48 As part of the 2022–23 final audit, the ANAO noted improvements in ALC’s financial statements preparation process, including the provision of the majority of information required for the audit within a reasonable timeframe, resulting in an improvement in overall timing and completion of the audit.

4.14.49 As a result of the actions taken by ALC, the ANAO has downgraded this to a minor finding.

Northern Land Council

4.14.50 The Northern Land Council (NLC) is a corporate Commonwealth entity formed under section 21 of the Aboriginal Land Rights (Northern Territory) Act 1976 (ALRA Act). The NLC is responsible for assisting Aboriginal peoples in the top end of the Northern Territory to acquire and manage their traditional lands and seas.

Audit results

4.14.51 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.14.15:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.14.52 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that NLC’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Payroll exceptions

4.14.53 Since 2014–15, the ANAO has identified and reported to the NLC management a number of minor findings and weaknesses in relation to the internal controls and processes within the NLC for payroll. In 2018–19, the ANAO continued to identify a number of internal control weaknesses and identified a number of non-material errors in payments to staff and upgraded the existing minor finding to a moderate finding. The identified control weakness, together with a lack of implementation of recommendations from prior years to improve the internal control processes for payroll, increased the likelihood that inaccurate or inappropriate payments are made and not detected.

4.14.54 In 2021–22, the ANAO noted some improvement during the final audit where the number of exceptions decreased.

4.14.55 During 2022–23 NLC implemented new and amended casual employee recruitment guidance to clarify processes. The updated processes were tested by the ANAO and no further exceptions were identified. As a result of the actions taken by NLC the ANAO considers this finding to be resolved.

Unresolved significant legislative breach

Management of Royalty Trust Account

4.14.56 The ALRA Act establishes the Council’s responsibilities for payments in respect of Aboriginal land, requiring payment of an amount equal to amounts received to, or for the benefit of, the traditional owners of the land, within six months after that amount is received through the Royalty Trust Account. Previous audits have identified non-compliance with this requirement of the ALRA Act.

4.14.57 NLC commenced a royalty reform project in 2016–17 to address the legislative requirements. The project was aimed at reducing incidents of non-compliance with the ALRA and reconciling outstanding balances in the royalty trust account to identify the appropriate owners for distribution. The NLC also established a Benefits Distribution Unit and strategies have been undertaken to expedite the distribution of payments to traditional owners. The NLC has sought to vary the terms with beneficiaries to allow for payments to be accelerated.

4.14.58 During the 2022–23 audit, the ANAO found additional contracts where the distribution of royalty monies to traditional owners during the period were not made within six months as specified in subsection 35 (3) and subsection 35 (4) of the Act. The ANAO recommended NLC management continue tracking the timing of monies receipted and ensure procedures are in place to support distributions being made within six months in accordance with the Act.

4.14.59 NLC has advised the ANAO that it had filed an application for directions and orders concerning the unallocated monies by way of an Originating Motion with the Supreme Court of the Northern Territory on 26 July 2022. The matter had its first hearing on 7 September 2022. The Court has reserved its judgment and at 30 June 2023 the NLC is unable to take any further steps until a judgement is made by the Court.

Tiwi Land Council

4.14.60 The Tiwi Land Council (TLC) was established on 18 August 1978, following representation by the Tiwi people to the Australian Government for recognition of their distinct geographic and cultural identity. TLC was instituted by the Minister for Aboriginal Affairs at a special gathering on Bathurst Island on 7 September 1978. TLC is the only body with authority and capacity to direct and administer the Tiwi Aboriginal Land Trust established under the Aboriginal Land Rights (Northern Territory) Act 1976.

Audit results

4.14.61 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.14.16: Status of audit findings

Source: ANAO 2022–23 audit results.

4.14.62 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that TLC’s 2022–23 financial statements were not materially misstated.

Unresolved significant legislative breach

Risk management activities

4.14.63 Section 16 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires the accountable authority of a Commonwealth entity to establish and maintain an appropriate system of risk oversight and management. This would normally include the development of a risk management policy and framework, including a risk plan and a risk register and monitoring activities over the implementation of the control activities identified in the risk register.

4.14.64 During the 2021–22 final audit, the ANAO noted that TLC did not have in place a formal risk management policy nor a formal risk management framework. It was also noted that TLC updated the design of its risk register in 2021–22 but not the substantive contents which were last updated in 2020. There was no evidence of monitoring activities over the implementation of the control activities identified in the risk register. There was also no documented evidence to support that an appropriate system of risk oversight and management is in place for TLC.

4.14.65 The ANAO recommended that TLC develop a formal risk management policy and framework to ensure compliance with the PGPA Act, implement a process whereby the risk register is updated regularly to ensure that identified risks are appropriately managed and develop reporting tools to evidence ongoing monitoring activities over the implementation of the control activities identified in the risk register.

4.14.66 During 2022–23 TLC commenced reviewing findings raised in a review of TLC’s governance initiated by the NIAA and as well as previous ANAO performance and financial statement audits in order to facilitate enhancement of risk and governance processes.

4.14.67 The finding remains unresolved at the conclusion of the 2022–23 audit as there is no formal system of risk oversight and management in place. TLC has advised the ANAO it expects to have implemented a risk management framework and related policies and procedures before the commencement of the ANAO’s 2023–24 interim audit.

4.15 Social Services portfolio

Portfolio overview

4.15.1 The Social Services portfolio is responsible for achieving the Australian Government’s social policy outcomes and delivering social security priorities through policy advice, program administration and research.

4.15.2 Table 4.15.1 identifies material and other entities specifically mentioned in this section.

4.15.3 Figure 4.15.1 shows the Social Services portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹⁴⁴

Figure 4.15.1:  Social Services portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.15.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.15.2 provides a summary of those audit differences that relate to entities within the Social Services portfolio.

Table 4.15.2: The number of audit differences for entities in the Social Services portfolio

Note a: The adjustments include adjustments identified in the period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Social Services portfolio.

4.15.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of Social Services and other material entities and findings for non-material entities in the portfolio.

Department of Social Services

4.15.6 The Department of Social Services (DSS) is responsible for social security, families and communities, disability and carers, and housing. DSS works in partnership with other government and non-government organisations on a range of policies, programs and services focused on improving the wellbeing of people and families in Australia.

Summary of financial performance

4.15.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by DSS (as outlined in Table 4.15.3 and Table 4.15.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.15.3: Key departmental financial statements items

Source: DSS’ audited financial statements for the year ended 30 June 2023.

4.15.8 The net cost of services increased by $27.9 million mainly due to the increase in average staffing levels from 2 356 in 2022 to 2 624 in 2023.

4.15.9 Total assets decreased by $37.7 million due mainly to amortisation of right-of-use of assets.

Table 4.15.4: Key administered financial statements items

Source: DSS’ audited financial statements for the year ended 30 June 2023.

4.15.10 Administered expenses increased by $8.3 billion as a result of:

• higher payments to the National Disability Insurance Agency (NDIA) due to an increase in participation plan payments; and
• higher personal benefits Income Support payments of $5.0 billion due to indexation, partly offset by a reduction of $2.0 billion for Working Age payments due to a stronger labour market in Australia.

4.15.11 Administered liabilities increased by $279.0 million mainly due to a $218.0 million increase in claims and an increase in backlog for claims to be processed.

4.15.12 The increase of $119.6 million for administered income is due to:

• a $52.2 million movement in fair value gains related to the valuation of receivables for the Student Financial Supplement Scheme and the Home Equity Access Scheme; and
• an increase in recoveries receivable of $52.7 million due to a higher number of applications being processed for the National Redress Scheme.

4.15.13 Administered assets increased by $283.8 million mainly due to:

• an increase in Family Tax Benefit receivable, due to reduced entitlements and families transitioning off Family Tax Benefits as a result of the stronger labour market; and
• new loans issued for Home Equity Access Scheme and Student Start-Up Loans.

Key areas of financial risk

4.15.14 In light of the key areas of risk and the ANAO’s understanding of the operations of DSS, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high. This assessment was a result of heightened public scrutiny and interest that both Services Australia and the Department of Social Services are under as a result of the Robo-Debt Royal Commission, particularly concerns around governance and oversight within the portfolio.

4.15.15 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of DSS’ financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.15.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.15.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and DSS’ audited financial statements for the year ended 30 June 2023.

Audit results

4.15.16 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.15.6: Status of audit findings

Source: ANAO 2022–23 audit results.

4.15.17 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that DSS’ 2022–23 financial statements were not materially misstated.

New significant audit finding

Governance of legal and other matters

4.15.18 In the course of the financial statements audit, the ANAO made requests for information relating to known or suspected instances of non-compliance with laws and regulations including legal matters, whose effects should be considered in the preparation of DSS’ financial statements. In July 2023, the ANAO became aware of a legal matter being managed by DSS that was the subject of an own-motion investigation by the Commonwealth Ombudsman into the practice of income apportionment for personal benefit payments. DSS had been aware of this legal matter for at least two years prior.

4.15.19 This increased the risk that matters that may affect the financial statements are not appropriately considered in the preparation of the financial statements.

4.15.20 This matter is considered to pose a significant financial, business and reputational risk to DSS. The ANAO recommended:

• that DSS design, implement and document a process to ensure legal or other matters are identified for consideration for their impact on the financial statements, and that all matters identified for consideration are communicated to the ANAO. DSS agreed to the recommendation; and
• provide regular updates, in a suitable reporting format, to keep the DSS Audit and Risk Committee informed of continuing and emerging legal matters.

4.15.21 DSS agreed with the ANAO’s recommendations.

Unresolved moderate audit finding

Removal of user access

4.15.22 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to control access to systems, networks, and applications. The requirement includes removing system access from employees and contractors without an operational need for access to IT resources.

4.15.23 During the 2020–21 interim audit the ANAO identified weaknesses in user access termination processes in relation to the Human Resources Management Information System. The ANAO identified a number of instances where users continued to access systems for up to five days following separation from DSS.

4.15.24 During the 2022–23 audit, the ANAO identified eight instances where users had a last logon date after their termination date, with no evidence of the actions taken by DSS.

4.15.25 DSS’ detective control processes did identify these terminations as having potentially accessed the DSS ICT environment post-termination, however there was no clear documentation that investigation had occurred at the time of the access.

Australian Hearing Services

4.15.26 Australian Hearing Services (Hearing Australia) is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991. Hearing Australia is responsible for the provision of research and hearing services through a network of 185 hearing centres and 330 visiting sites. Services provided include subsidised hearing services to eligible clients under the Australian Government’s Hearing Services Program.

Summary of financial performance

4.15.27 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by Hearing Australia (as outlined in Table 4.15.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.15.7: Key financial statements items

Source: Hearing Australia’s audited financial statements for the year ended 30 June 2023.

4.15.28 The increase in total revenue of $16.1 million in 2022–23 is due mainly to increases in sales in both the voucher and non-voucher market due to an extended advertising campaign in a post COVID-19 environment.

4.15.29 Expenses increased by $21.4 million mainly due to the higher cost of goods sold ($10.8 million) associated with increased hearing aid device sales as well as higher employee expenses as a result of an increased number of employees and salary advancements.

Key areas of financial risk

4.15.30 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Hearing Australia’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.15.8.

Table 4.15.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Hearing Australia’s audited financial statements for the year ended 30 June 2023.

Audit results

4.15.31 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

National Disability Insurance Agency

4.15.32 The National Disability Insurance Agency (NDIA) was established under the National Disability Insurance Scheme Act 2013. The NDIA is responsible for delivering the National Disability Insurance Scheme (the Scheme). The Scheme is designed to provide individual control and choice in the delivery of reasonable and necessary supports; to improve the independence, and social and economic participation, of eligible people with disability, their families and carers; and to provide associated referral services and activities.

4.15.33 The NDIA has established arrangements with Services Australia for facilitating the information technology platforms for provider and participant payments, supplier payments and payroll processing under a service agreement.

Summary of financial performance

4.15.34 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by the NDIA (as outlined in Table 4.15.9) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.15.9: Key financial statements items

Source: NDIA’s audited financial statements for the year ended 30 June 2023.

4.15.35 Net cost of services increased by $440.2 million due to an increase in participant plan expenses. This reflects the ongoing expansion of the Scheme and increasing number of participants. The funding of participant plan expenses is provided by the Commonwealth and the States and Territories. As at 30 June 2023, the Scheme had 610 502 active participants with approved plans compared to 534 655 at 30 June 2022.

Key areas of financial risk

4.15.36 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of the NDIA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.15.10 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.15.10:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and the NDIA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.15.37 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.15.11:  Status of audit findings

Note a: The two new moderate audit findings, relating to change management – PACE and privileged user monitoring – PACE, were identified as part of the 2022–23 interim audit. These findings were previously reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.15.38 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that the NDIA’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Change management – PACE

4.15.39 The NDIA rolled out a pilot of their new Customer Relationship Management (CRM) system during 2022–23. The CRM system, known as PACE, will replace the existing CRM system.

4.15.40 As part of the interim phase of the 2022–23 audit, the ANAO recommended that the NDIA should introduce controls in the PACE system to either remove the ability for staff to both create code changes and implement these into the production environment, or monitor the activity performed by these users to ensure that code deployments are authorised and appropriate. The ANAO also recommended that the NDIA perform a ‘look-back’ of code changes made to ensure previously implemented code changes were authorised and approved.

4.15.41 In June 2023 the NDIA introduced a system-based control that prevents a single employee from developing and deploying their own code and completed a retrospective review of changes made. As a result, this finding was closed during the final phase of the 2022–23 audit.

Unresolved moderate audit findings

Removal of user access

4.15.42 As part of the interim phase of the 2020–21 audit, the ANAO’s testing of user access found weaknesses in user access terminations processes. User accounts should be removed upon termination date as they no longer have a legitimate requirement to access the NDIA’s network.

4.15.43 The NDIA moved to a new ICT operating environment and created a new process to address this finding during the 2022–23 audit, however there were weaknesses with the reporting used to detect potentially inappropriate activity. The ANAO will review the status of this audit finding as part of the 2023–24 audit.

Privileged User Activity Monitoring - PACE

4.15.44 As part of the interim phase of the 2022–23 audit, the ANAO found that the NDIA did not have a formal process to review privileged user activity in the PACE system. The ANAO recommended that the NDIA should assess whether the current real-time alert system meets the underlying business risks relating to privileged user access and implement a formal process to document the outcomes of alerts raised.

4.15.45 NDIA has commenced remediation of the finding. The ANAO will review the status of the audit finding as part of the 2023–24 audit.

Services Australia

4.15.46 Services Australia is the Australian Government’s primary payment and service delivery provider. Services Australia delivers a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include income support payments and services, aged care payments, Medicare payments and services, child support services and a range of ICT functionalities for Australian Government departments and agencies.

4.15.47 Social and health-related payments and services delivered by Services Australia on behalf of other entities in 2022–23 was $217.7 billion. These expenses are recognised within each of the individual policy agencies’ financial statements.

Summary of financial performance

4.15.48 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Services Australia (as outlined in Table 4.15.12 and Table 4.15.13) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.15.12:  Key departmental financial statements items

Source: Services Australia’s audited financial statements for the year ended 30 June 2023.

4.15.49 The decrease in net cost of services of $327.1 million is due mainly to the following offsetting factors:

• a reduction in expenses incurred in relation to the administration of emergency response activities associated with extreme weather events and the COVID-19 pandemic compared with the prior period; and
• an increase of $216.9 million in expenses for write down and impairment assets, primarily associated with software assets for the Welfare Payment Infrastructure Entitlement Transformation Programme Calculation Engine Programme, due to decisions by Services Australia to discontinue the project.

4.15.50 Revenue from government decreased due to less funding provided for the emergency response activities (refer to paragraph 4.15.49).

4.15.51 The decrease in total assets of $252.0 million is attributable to:

• the write-down and impairment of software assets (refer to paragraph 4.15.49); and
• the reduction in appropriation receivable, largely reflecting income compliance settlement payments and capital acquisitions funded from prior year appropriations.

Table 4.15.13:  Key administered financial statements items

Source: Services Australia’s audited financial statements for the year ended 30 June 2023.

4.15.52 The key activity within Services Australia’s administered functions relates to the child support program. Child support maintenance receivables and provisions have decreased by $36.8 million. These decreases were primarily due to an impairment rate increase in 2022–23 reflecting the interest rate impacts on the debt repayments as part of the current year valuation. The resulting decrease in child support receivables and liabilities has increased associated child support expenses and revenue for 2022–23.

Key areas of financial risk

4.15.53 In light of the key areas of risk and the ANAO’s understanding of the operations of Services Australia, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high. This assessment was a result of heightened public scrutiny and interest that both Services Australia and the Department of Social Services are currently under as a result of the Robo-Debt Royal Commission, particularly concerns around governance and oversight within the portfolio.

4.15.54 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Services Australia’s financial statements. Services Australia has a highly complex IT environment made up of numerous systems hosted across different IT platforms. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.15.14 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.15.14:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Services Australia’s audited financial statements for the year ended 30 June 2023.

4.15.55 The following performance audit reports were tabled during 2022–23 relevant to the financial management or administration of Services Australia:

• Auditor-General Report No. 28 2022–23 Debt Management and Recovery in Services Australia; and
• Auditor-General Report No. 37 2022–23 Procurement of Office Furniture.

4.15.56 While the reports did not include recommendations regarding risks to Services Australia’s financial administration as it relates to the financial statements, the observations of these reports were considered in designing the audit procedures.

Audit results

4.15.57 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.15.15:  Status of audit findings

Note a: Two new moderate audit findings, relating to New Residential Aged Care System Access Management and New Residential Aged Care System Change Management were identified as part of the 2022–23 interim audit. These findings were previously reported in Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.15.58 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Services Australia’s 2022–23 financial statements were not materially misstated.

New significant audit findings

Governance of legal and other matters

4.15.59 In the course of the financial statements audit, the ANAO made requests for information relating to known or suspected instances of non-compliance with laws and regulations including legal matters, Commonwealth Ombudsman or other Commonwealth reviews and Administrative Appeals Tribunals rulings. Evidence identified by the ANAO did not accord with management representations and additional audit work was required to be undertaken by the ANAO. A number of the matters identified impacted either Services Australia’s (child support) or other agencies’ financial statements including income apportionment (Department of Social Services), child care subsidy (Department of Education), aged care and Medicare issues (Department of Health and Aged Care).

4.15.60 Both the number of matters identified and the number of adjustments made to Services Australia’s and other agencies’ financial statements highlight a significant governance failure in the assessment and reporting of these matters by Services Australia.

4.15.61 This matter is considered to pose a significant financial, business and reputational risk to Services Australia. The ANAO recommended that Services Australia design, implement and document a process to ensure legal or other matters are identified for consideration for their impact on the financial statements, and that all matters identified for consideration are communicated to the ANAO. Services Australia has agreed to the recommendation.

IT Governance

4.15.62 As part of the financial statements audit the ANAO examined controls around significant information technology (IT) systems used to support the preparation of the financial statements. This examination identified a significant audit risk in relation to the increasing number of issues in IT governance within Services Australia. In particular, the ANAO identified weaknesses in IT controls in the implementation of a large-scale IT roll-out for residential aged care and the re-emergence of a large number of individual control issues affecting change and access management and business operations. The volume of these issues indicates that Services Australia’s IT governance and monitoring processes are not providing appropriate assurance to management that policy requirements have been implemented and are operating effectively.

4.15.63 This matter is considered to pose a significant financial, business and reputational risk to Services Australia. The ANAO recommended that Services Australia’s IT governance and monitoring processes be reviewed to ensure they are fit for purpose and that identified deficiencies are appropriately reported and responded to. Services Australia has agreed to the recommendation.

New moderate audit findings

FMIS and HRMIS Privileged User Management

4.15.64 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others. During 2022–23 the ANAO identified weaknesses in the effectiveness of Services Australia’s monitoring of privileged user activities within the Financial Management Information System (FMIS) and Human Resource Management Information System (HRMIS).

4.15.65 At the conclusion of the 2022–23 audit, an effective logging and monitoring process that reviews and assesses risk at the activity level had not been implemented by Services Australia. Services Australia has agreed to the recommendation.

Medicare, Child Support and Health IT Mainframe Privileged User Management

4.15.66 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others. During 2022–23 the ANAO identified weaknesses in the effectiveness of Services Australia’s monitoring of privileged user activities within the Medicare, Child Support and Health IT mainframes.

4.15.67 At the conclusion of the 2022–23 audit, an effective logging and monitoring process that reviews and assesses risk at the activity level had not been implemented by Services Australia. Services Australia has agreed to the recommendation.

Centrelink IT Mainframe Privileged User Management

4.15.68 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others. During 2022–23 the ANAO identified weaknesses in the effectiveness of Services Australia’s monitoring of privileged user activities within the Centrelink IT mainframes.

4.15.69 At the conclusion of the 2022–23 audit, an effective logging and monitoring process that reviews and assesses risk at the activity level had not been implemented by Services Australia. Services Australia has agreed to the recommendation.

Unresolved moderate audit findings

New Residential Aged Care System Access Management

4.15.70 In August 2022, Services Australia implemented a new residential aged care system, which replaced the previous payments system, in advance of transitioning into the new Aged Care funding reform from 1 October 2022. Maintaining and supporting IT systems requires some user accounts to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.15.71 During the 2022–23 interim audit, the ANAO identified that there were weaknesses in the design and operating effectiveness of controls supporting privileged and other user access. More broadly, the ANAO has observed a break-down in Services Australia’s re-established security governance control framework, particularly the lack of formal system accreditation or other supporting system security risk assessments that would identify and allow system and project owners to formally analyse, understand and mitigate and/or accept key security governance risks prior to the implementation of the new system.

4.15.72 The ANAO recommended that Services Australia strengthen privileged user access and logging and monitoring processes. Services Australia’s look-back remediation procedures did not adequately address the risk associated with these control weaknesses, requiring additional alternate procedures to be performed by the audit team for the 2022–23 financial year.

New Residential Aged Care System Change Management

4.15.73 In August 2022, Services Australia implemented a new residential aged care system. IT change management provides a disciplined approach to making changes to the IT environment. It includes controls to prevent unauthorised changes being made and reduce the likelihood that normal business operations are interrupted with the implementation of authorised changes.

4.15.74 During the 2022–23 interim audit, the ANAO identified that there were weaknesses in segregation of duties controls associated with key change management processes, with Services Australia developers having access to release and deploy changes directly into the system.

4.15.75 The ANAO recommended that Services Australia strengthen change management processes to address the identified control weakness. Services Australia retrospective remediation procedures did not adequately address the risk associated with the control issues, requiring additional alternate procedures to be performed by the audit team for the 2022–23 financial year.

Comments on non-material entities

NDIS Quality and Safeguards Commission

4.15.76 The NDIS Quality and Safeguards Commission (NDIS Commission) is an independent agency established to improve the quality and safety of NDIS supports and services nationally. It is a statutory body established under the National Disability Insurance Scheme Amendment (Quality and Safeguards and Other Measures) Act 2017.

4.15.77 The NDIS Commission activities are defined under the NDIS Act and guided by the NDIS Quality and Safeguarding Framework, which establishes the work with people with disability, workers and providers in terms of three types of responsibility:

• Development – building capability and support systems.
• Preventative – preventing harm and promoting quality.
• Corrective – responding if things go wrong.

4.15.78 The NDIS Commission works with NDIS participants, service providers, workers and the community through a nationally consistent approach to quality and safeguarding so participants can access services and supports that promote choice, control and dignity.

Audit results

4.15.79 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.15.16:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.15.80 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that NDIS QSC’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

IT Shared Services Governance

4.15.81 In February 2020 the NDIS Commission’s IT services transferred to Services Australia through a Machinery of Government change. There was no signed memorandum of understanding (MoU) in place providing a framework for NDIS Commission to prioritise deliverables with Services Australia and to clarify the tolerances for ICT related risk.

4.15.82 The NDIS Commission signed a Statement of Intent with Services Australia on 14 May 2021 that outlined the service to be delivered and established an interim governance structure (ICT Joint Services Management Committee) that would allow monitoring of services delivered while negotiations were underway for the finalised MoU in 2021–22. The NDIS Commission finalised an ICT Shared Services Schedule (MoU) with Services Australia on 29 September 2022.

4.15.83 The ICT Shared Services Schedule sets out the requirements for the provision of services, provides a governance framework for those arrangements and outlines principles for ICT risk management between the agencies. It also includes a reporting and performance measures schedule to ensure performance against the Schedule can be monitored. Based on the assessment performed by the ANAO, this finding was resolved at the conclusion of the final audit.

4.16 Treasury portfolio

Portfolio overview

4.16.1 The Treasury Portfolio is responsible for a range of activities aimed at achieving strong sustainable economic growth for the good of Australians.

4.16.2 Table 4.16.1 identifies material and other entities specifically mentioned in this section.

4.16.3 Figure 4.16.1 shows the Treasury portfolio’s income, expenses, assets and liabilities contribution to the Australian Government Consolidated Financial Statements (CFS) for the year ended 30 June 2023.¹⁴⁵

Figure 4.16.1:  Treasury portfolio’s income, expenses, assets and liabilities

Source: ANAO analysis of 2022–23 CFS.

4.16.4 As previously outlined in Chapter 2, paragraphs 2.153 to 2.160, analysis of the quality and timeliness of financial statements preparation included a summary of the total number of audit differences reported to entities during the 2022–23 financial statements audits. Table 4.16.2 provides a summary of those audit differences that relate to entities within the Treasury portfolio.

Table 4.16.2:  The number of audit differences for entities in the Treasury portfolio

Note a: The adjustments include adjustments identified in the period that relate to the prior year.

Source: ANAO analysis of audit differences reported to entities in the Treasury portfolio.

4.16.5 The following section provides a summary of the 2022–23 financial statements audit results for the Department of the Treasury and other material entities and findings for non-material entities in the portfolio.

Department of the Treasury

4.16.6 The Department of the Treasury (the Treasury) provides policy advice, analysis and the delivery of economic policies and programs, including legislation, administrative payments and regulatory functions, which support the effective management of the Australian economy.

Summary of financial performance

4.16.7 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by Treasury (as outlined in Table 4.16.3 and Table 4.16.4) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.3: Key departmental financial statements items

Source: Treasury’s audited financial statements for the year ended 30 June 2023.

4.16.8 All movements in balances between periods are as the result of the normal fluctuations in the Treasury’s operations.

Table 4.16.4: Key administered financial statements items

Source: Treasury’s audited financial statements for the year ended 30 June 2023.

4.16.9 Total expenses have increased by $6.9 billion due to increases in:

• Medicare Guarantee Fund of $1.6 billion; and
• payments to the State and Territories of $4.5 billion. This includes Goods and Services Tax (GST), Payments to the States and Territories consistent with GST collected.

4.16.10 The change in the other comprehensive loss to a small surplus in 2022–23 is due to the impact of a $22.5 billion revaluation decrement incurred on the valuation the of administered investment in the Reserve Bank of Australia during 2021–22.

4.16.11 Total liabilities have increased by $1.6 billion due to :

• an increase in International Monetary Fund and other payables largely due to exchange rate movements; and
• an increase in the Disaster Recovery Funding Arrangements provision as a result of natural disasters which occurred from September 2022 to June 2023.

Key areas of financial risk

4.16.12 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of Treasury’s financial statements. The ANAO focused audit effort on those specific areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.5 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.16.5: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and Treasury’s audited financial statements for the year ended 30 June 2023.

4.16.13 Auditor-General Report No. 29 2022–23 Implementation of the Government response to the Black Economy Taskforce Report was tabled during 2022–23 and was relevant to the financial management and administration of Treasury.

4.16.14 While the report did not include recommendations regarding risks to Treasury’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures

Audit results

4.16.15 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.16.6: Status of audit findings

Source: ANAO 2022–23 audit results.

4.16.16 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that Treasury’s 2022–23 financial statements were not materially misstated.

Resolved moderate audit finding

Governance over the Federal Payments Management System

4.16.17 The Federal Payments Management System (FPMS) is a key system that streamlines the certification and collation of information for payments to states and territories. During the 2021–22 audit, the ANAO identified deficiencies in the FPMS IT general control environment. These included issues with Treasury’s user access management policies and procedures, management of privileged user access and monitoring processes and controls. The ANAO recommended that Treasury revise its risk assessment of the FPMS system and ensure appropriate processes are in place to mitigate the identified risks.

4.16.18 During the 2022–23, Treasury undertook and endorsed a FPMS risk assessment. In addition, Treasury provided a standard operating procedure for FPMS data base administrator activity logging and monitoring which addressed key risks including accurate and complete logs, risk rated alerts, monitoring, escalation and exceptions handling.

Australian Bureau of Statistics

4.16.19 The Australian Bureau of Statistics (ABS) provides independent and trusted official statistics on a range of economic, social, population and environmental matters of importance to governments, industry, and the wider Australian community. The ABS plays a central role in developing statistical standards, including through liaison with international organisations.

Summary of financial performance

4.16.20 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ABS (as outlined in Table 4.16.7) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.7: Key financial statements items

Source: ABS’ audited financial statements for the year ended 30 June 2023.

4.16.21 The decrease in net cost of services is mainly due the Census being delivered during 2021–22. The ABS’ costs increase significantly when conducting a Census.

4.16.22 The decrease in total equity is related to the deficit.

4.16.23 The decrease in total assets reflects the:

• reduction in surplus cash and appropriations receivable to fund the deficit incurred during 2022–23; and
• lower unearned income in the current year with completion of many of the performance obligations for larger programs.

Key areas of financial risk

4.16.24 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ABS’ financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.8.

Table 4.16.8: Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ABS’ audited financial statements for the year ended 30 June 2023.

Audit results

4.16.25 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Office of Financial Management

4.16.26 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets. AOFM issues Treasury Bonds, Treasury Indexed Bonds and Treasury Notes, manages the government’s cash balances and invests in high quality financial assets under the Australian Business Securitisation Fund and the Structured Finance Support Fund.

Summary of financial performance

4.16.27 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by AOFM (as outlined in Table 4.16.9 and Table 4.16.10) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.9: Key departmental financial statements items

Source: AOFM’s audited financial statements for the year ended 30 June 2023.

4.16.28 The increase in other comprehensive income and assets is attributed to the revaluation of non-financial assets that occurred during the year.

Table 4.16.10:  Key administered financial statements items

Source: AOFM’s audited financial statements for the year ended 30 June 2023.

4.16.29 The deficit is primarily a result of:

• significantly lower re-measurement gains on Australian Government Securities when compared with the re-measurements in 2021–22. The lower re-measurement gain was a result of a smaller increase in interest rates compared with 2021–22. The higher interest rates in this period have reduced the value of the securities held; and
• an increase of $3.7 billion in interest expenses due to interest rate rises (and thus the effective interest paid) on securities issued as well as the impact of inflation which contributed to higher accretion costs on treasury bonds.

4.16.30 Total liabilities decreased due to a $26.1 billion decrease in the fair value of bonds due mainly to increasing interest rates.

Key areas of financial risk

4.16.31 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of AOFM’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.11 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.16.11:  Key area of financial statements risk

Source: ANAO 2022–23 audit results, and AOFM’s audited financial statements for the year ended 30 June 2023.

Audit results

4.16.32 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Prudential Regulation Authority

4.16.33 The Australian Prudential Regulation Authority (APRA) is responsible for the prudential regulation of the Australian financial services industry through the oversight of authorised deposit-taking institutions (such as banks, building societies and credit unions), general insurers, life insurers, friendly societies, private health insurers, reinsurance companies, and superannuation funds (other than self-managed funds). APRA is funded largely by the industries that it regulates.

Summary of financial performance

4.16.34 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by APRA (as outlined in Table 4.16.12 and Table 4.16.13) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.12:  Key departmental financial statements items

Source: APRA’s audited financial statements for the year ended 30 June 2023.

4.16.35 The $14.7 million increase in the net cost of services was primarily driven by increased employee costs (indexation and headcount) and supplier expenses such as consulting, contractor and other expenditure.

4.16.36 The $12.8 million decrease in revenue from government was the result of entity mergers, licence revocations and below-projection growth in superannuation industry assets. The 2021–22 over-collection was returned in the 2022–23 year. These factors contributed to a reduction in supervisory levies by APRA (refer to paragraph 4.16.39) and a corresponding reduction in APRA’s departmental appropriations.

4.16.37 Total assets decreased by $24.5 million due to:

• reduced levies collected, which resulted in reduced cash balances; and
• the continued depreciation of existing non-financial assets.

4.16.38 The reduction in total liabilities of $14.4 million was mainly due to APRA’s cessation of performance bonuses following Australian Government policy guidance (the last bonus was accrued at 30 June 2022).

Table 4.16.13:  Key administered financial statements items

Source: APRA’s audited financial statements for the year ended 30 June 2023.

4.16.39 The $8.9 million decrease in the surplus mainly due to a decrease in supervisory levies by APRA relating to entity mergers, licence revocations and below-projection growth in superannuation industry assets.

Key areas of financial risk

4.16.40 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of APRA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.14.

Table 4.16.14:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and APRA’s audited financial statements for the year ended 30 June 2023.

4.16.41 Auditor-General Report No. 30 2022–23 Probity Management in Financial Regulators – Australian Prudential Regulation Authority was tabled during 2022–23. The observations and recommendations of this report were considered during the audit to determine whether audit procedures planned to address areas considered to pose a lower risk of material misstatement remained appropriate, including key management personnel remuneration. No significant changes were made to the designed audit procedures conducted during the audit.

Audit results

4.16.42 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Reinsurance Pool Corporation

4.16.43 The Australian Reinsurance Pool Corporation (ARPC), established by the Terrorism and Cyclone Insurance Act 2003, is responsible for administering:

• the Terrorism Reinsurance Pool, providing primary insurers with reinsurance for commercial property and associated business interruption losses arising from a declared terrorist incident; and
• the Cyclone Reinsurance Pool, providing insurers with reinsurance for household, strata and small business property insurance for losses arising from cyclone and cyclone related flooding for declared cyclone events. This pool commenced operations on 1 July 2022 and is backed by a Commonwealth guarantee.

Summary of financial performance

4.16.44 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by ARPC (as outlined in Table 4.16.15) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.15:  Key financial statements items

Source: ARPC’s audited financial statements for the year ended 30 June 2023.

4.16.45 Own-source income increased as a result of the increase in Terrorism premiums of $50.0 million and $63.0 million in new premiums for the Cyclone Reinsurance Pool following establishment on 1 July 2022. The additional income has led to an increase in the surplus and an increase in assets held. Retaining surpluses in ARPC reduces the likelihood of calling on a Commonwealth guarantee in the event of a Terrorism Incident or Cyclone Event.

4.16.46 The increase in liabilities is largely due to the growth in unearned premiums ($130.0 million).

Key areas of financial risk

4.16.47 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ARPC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.16.

Table 4.16.16:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ARPC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.16.48 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Australian Securities and Investments Commission

4.16.49 The Australian Securities and Investments Commission (ASIC) is Australia’s integrated corporate, financial services, markets and consumer credit regulator, supporting a fair, strong and efficient financial system for all Australians. ASIC’s core responsibility is to maintain and facilitate the performance of Australia’s financial system and promote confident and informed participation by investors and consumers.

Summary of financial performance

4.16.50 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by ASIC (as outlined in Table 4.16.17 and Table 4.16.18) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.17:  Key departmental financial statements items

Source: ASIC’s audited financial statements for the year ended 30 June 2023.

4.16.51 The increase in net cost of services is due to:

• an increase in employee costs of $31.0 million. Employee costs have risen mainly due to a 3 per cent salary increase and redundancy costs;
• an increase in depreciation and amortisation of $12.6 million mainly due to ASIC’s review of software useful lives leading to a reduction in useful lives and larger amortisation expense; and
• a decrease in own-source revenue of $35.5 million related to a $22.3 million reduction in funding from other Australian Government entities, as a result of projects ending and $16.6 million in lower cost recoveries on investigation and litigation matters.

4.16.52 Total assets decreased by $70.0 million mainly due to the recognition of prior period and current year expenses previously classified as computer software assets, as well as a review of useful lives on software. Building assets have also decreased with ongoing depreciation of lease of use assets.

Table 4.16.18:  Key administered financial statements items

Source: ASIC’s audited financial statements for the year ended 30 June 2023.

4.16.53 The increase in expenses of $136.7 million is mainly due to increasing claims on unclaimed monies and an increase in the liability due to monies received.

4.16.54 The increase in income of $211.6 million is due to:

• larger unclaimed monies lodgements;
• indexation of fees and fines;
• the removal of fee relief for financial advisors; and
• an increase in court awarded fines.

4.16.55 The increase in total assets of $133.7 million is due mainly to increases in fees recoverable and court awarded costs not yet recovered.

Key areas of financial risk

4.16.56 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ASIC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.19.

Table 4.16.19:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ASIC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.16.57 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.16.20:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.16.58 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that ASIC’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Work in progress capitalisation and asset management framework

4.16.59 As identified in paragraph 4.16.52, ASIC undertook a review of computer software and ASIC’s asset management framework.

4.16.60 The review identified a number of control weaknesses and improvements required to the asset management framework, including limited consideration of the required accounting treatment during the planning and build phases of projects, resulting in the incorrect accounting treatment often being applied. These items have largely been adjusted as prior period errors.

4.16.61 ASIC has commenced rectifying these weaknesses and completed a number of the higher priority items. The ANAO will review ASIC’s progress against addressing this finding during the 2023–24 audit.

Emphasis of matter

4.16.62 An emphasis of matter paragraph has been included in the 2022–23 auditor’s report to draw users’ attention to the prior period error in relation to the capitalisation of software assets given its impact on the prior year operating result.

4.16.63 During 2022–23 ASIC undertook reviews of work in progress for software and plant and equipment assets and ASIC’s asset management framework.

4.16.64 The review identified that ASIC had incorrectly capitalised software development expenses. This constituted a material financial misstatement in the prior period and potential misstatement in the 2022–23 financial statements which was rectified by management through adjustments to the work in progress balances.

4.16.65 The ANAO risk assessment for computer software was increased to higher as a result of the prior period error.

Australian Taxation Office

4.16.66 The Australian Taxation Office (ATO) is Australia’s principal revenue collection entity and is part of the Treasury portfolio. The ATO’s role is to administer Australia’s tax system, significant aspects of Australia’s superannuation system and business registry services, together with the provision of support to the Tax Practitioners Board and the Australian Charities and Not-for-profits Commission.

Summary of financial performance

4.16.67 The following section provides a comparison of the 2021–22 and 2022–23 key departmental and administered financial statements items reported by ATO (as outlined in Table 4.16.21 and Table 4.16.22) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.21:  Key departmental financial statements items

Source: ATO’s audited financial statements for the year ended 30 June 2023.

4.16.68 The increase in net cost of services was mainly due to the following offsetting factors:

• an increase in employee benefits expenses of $153.4 million due to a 2 per cent salary increase in accordance with the ATO Determination 2019 and an increase in the long service leave expense resulting from an increase in the discount rate compared to 2021–22; and
• an increase in own-source revenue from rendering of services and other revenue and gains. The increase in own-source revenue is due to increased merchant fees of $27.1 million, attributable to changes in taxpayer behaviour and payment arrangements. The increase in other revenue and gains is due to the recognition of services received free of charge from the Department of Home Affairs of $9.7 million relating to documentation verification and face matching services.

4.16.69 Revenue from government increased by $199.9 million mainly due to funding received in 2022–23 for the Tax Avoidance Taskforce.

4.16.70 The increase in total assets of $146.4 million was largely driven by an increase in appropriation receivable of $103.2 million reflecting the additional funding in 2022–23 and an increase in prepayments of $52.2 million reflecting normal business activities.

4.16.71 The movement in total liabilities was mainly due to an increase in lease liabilities of $66.3 million as a result of new leases for office premises in Brisbane and Sydney and an increase in employee provisions of $33.7 million reflecting the movement in the discount rate.

Table 4.16.22:  Key administered financial statements items

Source: ATO’s audited financial statements for the year ended 30 June 2023.

4.16.72 The increase in total expenses of $9.1 billion was largely attributable to:

• an increase in impairment of receivables of $6.6 billion. This is largely driven by an increase in gross receivables in 2022–23 and an additional provision of $1.3 billion for compliance related debts. Other movements included higher impairment ratios and an increase in actual write-offs; and
• an increase in subsides of $2.2 billion. This largely reflects an increase in research and development tax incentive claims and an increase in fuel tax credits compared to 2021–22 due to the cessation of the temporary fuel tax credit rate reduction in September 2022.

4.16.73 The increase in total revenue of $63.5 billion was mainly due to:

• a $39.2 billion increase in individuals and other withholding tax resulting from stronger labour market conditions, capital gains, and lower rental deductions claimed in prior year tax returns due to historically low interest rates; and
• a $25.2 billion increase in companies income tax representing stronger collections across various industries.

4.16.74 Total assets increased by $2.6 billion mainly due to:

• an increase in net receivables of $0.7 billion. This was due to the net impact of an increase in gross receivables of $9.2 billion due to an increase in income tax and goods and services (GST) revenue and a $1.1 billion decrease in the allowance for credit amendments for disputed cases, offset by a $9.7 billion increase in impairment allowance, due to the ageing of the debt book and increase in gross receivables; and
• an increase in accrued revenue of $2.0 billion due mainly to an increase in accrued GST revenue due to recovery in economic conditions and an increase in compliance activities.

4.16.75 The increase in total liabilities of $1.0 billion is largely driven by an increase in provisions. Subsidies provisions increased by $1.4 billion, reflecting the increase in research and development and fuel tax credit expenses, partially offset by a decrease in superannuation guarantee payments provisions of $0.3 billion and a decrease in unclaimed superannuation payments provisions of $0.2 billion.

Key areas of financial risk

4.16.76 In light of the key areas of risk and the ANAO’s understanding of the operations of the ATO, the ANAO assessed the overall risk of material misstatement in the 2022–23 financial statements audit as high.

4.16.77 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of ATO’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.23 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.16.23:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and ATO’s audited financial statements for the year ended 30 June 2023.

4.16.78 The following performance audit reports were tabled during 2022–23 relevant to the financial management or administration of the ATO:

• Auditor-General Report No. 2 2022–23 Australian Taxation Office’s Engagement with Tax Practitioners
• Auditor-General Report No. 9 2022–23 Management of Cyber Security Supply Chain Risks
• Auditor-General Report No. 20 2022–23 Identifying and Reducing the Tax Gap for Individuals not in Business
• Auditor-General Report No. 39 2022–23 Implementation of the Government Response to the Black Economy Taskforce Report

4.16.79 While the reports did not include recommendations regarding risks to the ATO’s financial administration as it relates to the financial statements, the observations were considered in designing the audit procedures.

Audit results

4.16.80 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.16.24:  Status of audit findings

Note a: The moderate audit finding relating to ATO assurance over extracts of data was downgraded to a minor audit finding. A discussion of this finding can be found in the Auditor-General Report No. 26 2022–23 Interim Report on Key Financial Controls of Major Entities.

Source: ANAO 2022–23 audit results.

4.16.81 For each of the findings listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that ATO’s 2022–23 financial statements were not materially misstated.

New significant audit finding

Enterprise change management

4.16.82 The ANAO identified the following weaknesses associated with the ATO’s enterprise change management for key information technology systems supporting the preparation of ATO’s financial statements.

• A disconnect between change management policy and procedural documentation in relation to segregation of duties particularly in relation to developers and migrators. The ATO policy highlights a paragraph relating to segregation of duties requirements however the underlying procedural documentation across ATO’s business groups varied in its application of this requirement and in some instances removed the requirement under certain development methodologies.
• The ATO was unable to provide the ANAO with a complete and accurate list of changes made to financial systems assessed as in scope for the financial statements audit. The ANAO identified instances where:
  • use of free text fields without strong naming conventions or mandatory fields led to inaccurate and incomplete records;
  • records contained fields that were incorrect; and
  • sample testing identified changes that did not meet ATO policy requirements, including a lack of appropriate evidence of segregation of duties and testing of changes prior to implementation. The ANAO confirmed that no changes subject to sample testing adversely impacted the financial statements.

4.16.83 As a result of identified deficiencies the ANAO was required to undertake significant additional testing to obtain assurance over the reliability of reports generated to support financial statements balances.

4.16.84 The ANAO recommended that the ATO improve the change management framework to ensure policy alignment throughout ATO’s business operations, all changes are recorded in the approved system in line with ATO policy and changes have effective system enforced segregation of duties. The ATO has agreed with the recommendations. The ANAO will review the status of the ATO’s remediation of these weaknesses as part of the 2023–24 audit.

Unresolved moderate audit finding

Uneconomic to pursue debt and re-raises

4.16.85 In 2021–22, the ANAO identified issues in the ATO’s treatment of debts considered to be uneconomical to pursue (‘non-pursued debt’). These included:

• the timeframe where the automatic re-raise functionality was switched off that resulted in the ATO not re-raising debts that had previously been identified as uneconomical to pursue where the taxpayer became entitled to a credit.
• the use of exclusionary criteria that had the effect of preventing a re-raise on a taxpayer’s account for non-pursued debt that met certain criteria.

4.16.86 In both cases there was a potential effect of a taxpayer being able to receive a full credit despite having a debt owed to the Commonwealth.

4.16.87 At the completion of the final audit, the ANAO identified that selected exclusionary criteria relating to non-pursued debts had been removed, with a timeframe established for implementation of the remaining recommendations by 30 June 2024. The ANAO will review the status of the ATO’s remediation of these issues as part of the 2023–24 audit.

National Housing Finance and Investment Corporation

4.16.88 The National Housing Finance and Investment Corporation (NHFIC)¹⁴⁶ is responsible for:

• the establishment and operation of an Affordable Housing Bond Aggregator (AHBA), which provides finance to registered community housing providers by aggregating their lending requirements and issuing bonds to institutional investors;
• the establishment and operation of the National Housing Infrastructure Facility (NHIF) to provide loans, grants and investments for social and affordable housing as well as to overcome impediments to the provision of housing that is due to the lack of necessary infrastructure; and
• the administration of the Home Guarantee Scheme (HGS) to support first home buyers and single parents to access the housing market sooner and undertakes research into housing supply, demand and affordability in Australia.

Summary of financial performance

4.16.89 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by NHFIC (as outlined in Table 4.16.25) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.25:  Key financial statements items

Source: NHFIC’s audited financial statements for the year ended 30 June 2023.

4.16.90 Total assets and equity increased primarily due to additional cash holdings and investments due to additional amounts provided by Government as an equity injection for $165.0 million for the NHIF.

Key areas of financial risk

4.16.91 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of NHFIC’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.26.

Table 4.16.26:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and NHFIC’s audited financial statements for the year ended 30 June 2023.

Audit results

4.16.92 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Reserve Bank of Australia

4.16.93 The Reserve Bank of Australia (RBA) is responsible for determining and implementing monetary policy that seeks to contribute to the stability of the currency and maintains full employment; works to maintain a strong financial system and efficient payments system; and issues Australia’s banknotes. As well as being a policymaking body, the RBA provides selected banking services to a range of Australian Government entities and to a number of overseas central banks and official institutions. The RBA is also responsible for the management of Australia’s gold and foreign exchange reserves.

Summary of financial performance

4.16.94 The following section provides a comparison of the 2021–22 and 2022–23 key financial statements items reported by RBA (as outlined in Table 4.16.27) and includes commentary regarding significant movements between years contributing to overall performance.

Table 4.16.27:  Key financial statements items

Source: RBA’s audited financial statements for the year ended 30 June 2023.

4.16.95 The RBA’s net loss of $6.0 billion was primarily as a result of:

• net valuation losses incurred on the fair value measurement of domestic securities of $4.4 billion that were acquired as part of the RBA’s bond purchase program in response to the COVID-19 pandemic. These valuation losses were mainly driven by higher bond yields over the year; and
• foreign exchange losses due to changes in exchange rates.

4.16.96 The decrease in total assets was mainly due to the following offsetting movements:

• a decrease of $34.0 billion of Australian dollar investments, largely as a result of the maturity of bonds acquired as part of the RBA’s policy responses to the COVID-19 pandemic and the scheduled maturities of the Term Funding Facility, which commenced in April 2023; and
• an increase in the value of foreign currency investments of $18.0 billion.

Key areas of financial risk

4.16.97 The ANAO completed appropriate audit procedures on all material items. The ANAO also assessed the information technology (IT) general and application controls for key systems that support the preparation of RBA’s financial statements. The ANAO focused audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2022–23 are provided below in Table 4.16.28 including areas which were considered key audit matters (KAM) by the ANAO.

Table 4.16.28:  Key areas of financial statements risk

Source: ANAO 2022–23 audit results, and RBA’s audited financial statements for the year ended 30 June 2023.

Audit results

4.16.98 There were no significant or moderate audit findings arising from the 2021–22 or 2022–23 financial statements audits.

Comments on non-material entities

Royal Australian Mint

4.16.99 The objective of the Royal Australian Mint (the Mint) is to create public value through meeting the circulating coin and collector coin needs of Australia and selected international markets, maintaining Australia’s National Coin Collection, and providing educational and cultural experiences to local and overseas visitors.

Audit results

4.16.100 The following table summarises the status of audit findings reported by the ANAO in 2021–22 and 2022–23.

Table 4.16.29:  Status of audit findings

Source: ANAO 2022–23 audit results.

4.16.101 For the finding listed below, the ANAO undertook additional audit procedures to gain reasonable assurance that the Mint’s 2022–23 financial statements were not materially misstated.

New moderate audit finding

Reconciliation variances

4.16.102 During the 2022–23 financial statements audit the ANAO identified a number of material unexplained and unreconciled differences in the reconciliations performed by management in preparing the Mint’s financial statements. Reconciliations should be supported by appropriate information and differences should be explained, followed up and adjusted. Once the variances were investigated material adjustments were required to the financial statements. All variances were subsequently corrected by the Mint and reflected in the financial statements.

4.16.103 The ANAO recommended that the Mint strengthen its reconciliation processes, specifically the review of reconciliations by management and reporting of variances. The Mint agreed with this recommendation.