The Auditor-General Act 1997 (the Auditor-General Act) sets out the functions, mandate and powers of the Auditor-General for Australia and establishes the statutory office of the Auditor-General and the Australian National Audit Office (ANAO).

The Auditor-General is an independent officer of the Australian Parliament and has discretion in the performance or exercise of their functions or powers. In particular, the Auditor-General is not subject to direction in relation to: whether or not a particular audit is to be conducted; the way in which a particular audit is to be conducted; or the priority to be given to any particular matter. The Auditor-General must, however, have regard to the audit priorities of the Parliament, as determined by the Joint Committee of Public Accounts and Audit (JCPAA).

In delivering against this mandate, the Auditor-General is assisted by the ANAO. Audits undertaken by the ANAO are designed to provide a reasonable level of assurance; the ANAO’s work is governed by auditing standards established by the Auditor-General, which incorporate the standards made by the Auditing and Assurance Standards Board applied by the auditing profession in Australia. The ANAO Auditing Standards adopt the Australian Standard on Assurance Engagements (ASAE) 3500 Performance Engagements (the relevant Auditing and Assurance Standards Board standard for performance audits in Australia), except in relation to reporting requirements, internal controls and non-compliance with laws and regulations. The reporting requirements of ASAE 3500 are replaced with those contained in the International Organization of Supreme Audit Institutions (INTOSAI) Standard International Standards of Supreme Audit Institutions 3000 Performance Audit Standard (ISSAI 3000). This is consistent with the ANAO’s approach in reporting to the Parliament and with the ANAO’s purpose.

The ANAO’s audit reports are presented for tabling in the Australian Parliament and assist the Parliament in fulfilling its accountability role. Following tabling of an audit report, the ANAO may be requested to brief parliamentary committees, ministers and individual parliamentarians on the findings of the audit.

The JCPAA examines all performance audit reports and conducts inquiries on selected reports. Other committees of the Parliament may also choose to conduct inquiries using ANAO reports as key information sources.

The ANAO’s performance audit activities involve the independent and objective assessment of all or part of an entity’s operations and administrative support systems. Performance audits may involve multiple entities and examine common aspects of administration or the joint administration of a program.

Through this activity, the ANAO reports to the Parliament on areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities to improve performance.

The Public Governance, Performance and Accountability Act 2013 (PGPA Act) defines the proper use of public resources as ‘efficient, effective, economical and ethical’. The ANAO assesses all aspects of the proper use of resources:

• effective (the extent to which intended outcomes are achieved);
• economical (minimising cost);
• efficient (maximising the ratio of outputs to inputs);
• ethical ; and/or
• legislative and policy compliance.

The Auditor-General Act authorises the Auditor-General to conduct performance audits of Commonwealth entities, Commonwealth companies and their subsidiaries. The Auditor-General Act also authorises the Auditor-General to conduct a performance audit of a Commonwealth partner. Audits of Commonwealth partners that are part of, or controlled by, state or territory governments must be requested by the responsible minister or the JCPAA. Similarly, performance audits of government business enterprises can be conducted only if requested by the JCPAA.

The ANAO identifies subjects for audits through its planning processes and as part of developing the ANAO annual audit work program (AAWP). The AAWP aims to provide broad coverage of areas of public administration while balancing identified priorities with the ANAO’s capacity. When developing and selecting performance audit topics, the Auditor-General is guided by six key considerations, which includes the importance of the topic to the Parliament.

Key considerations in audit topic development

Source: Annual Audit Work Program 2024–25: Overview, available from https://www.anao.gov.au/work-program/overview.

Topics are identified based on consideration of: potential benefits; the level of parliamentary and public interest in a topic; and risks to reputation and service delivery. The Auditor-General must have regard to the audit priorities of the Parliament, as determined through the JCPAA, in the topic selection process. Australian Government entities are consulted on the identification of potential audit topics and the potential topics are published on the ANAO’s website for public consultation.

Once potential topics have been approved by the Auditor-General, the AAWP is published on the ANAO website. The number of potential topics varies from year to year, but there are always more potential topics than the ANAO will complete within one financial year. For example, the 2024–25 AAWP includes 102 potential topics, and the ANAO target for performance audit reports for 2024–25 is 48 reports. The Auditor-General may also decide, throughout the year, to conduct an audit that is not on the published AAWP.

Performance audits by their nature involve engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited.

The expectation that audited entities cooperate with the ANAO is supported by legislation. Sections 30 to 35 of the Auditor-General Act 1997 outline the Auditor-General’s information-gathering powers. Section 33, for example, provides that the Auditor-General, or an authorised official, may at all reasonable times have access to Commonwealth premises and to any documents or other material in connection with an Auditor-General function. Such material can include Cabinet papers, ministerial decisions, commercially sensitive and classified documents or data, and emails.

What the ANAO requires from audited entities

The conduct of an audit is facilitated when the entity or body provide all reasonable facilities and assistance to aid the conduct of an audit.

What entities can expect from the ANAO

The Auditor-General’s information-gathering powers are balanced by confidentiality provisions in the Auditor-General Act and the exemption of the Auditor-General from the Freedom of Information Act 1982. ANAO officials must not disclose any information except in the course of undertaking an Auditor-General’s function, and ANAO staff and contractors maintain security clearances which are appropriate for the audit work they perform. Information obtained during an audit or review is stored securely at all times and used only for audit purposes.

To facilitate the audit process and ensure that reports are accurate, balanced and fair, the audit team will conduct the audit in accordance with the following expectations.

The main phases of a performance audit involve audit planning, audit fieldwork, and reporting. Within these phases are a number of key steps and milestones. An ANAO performance audit report takes an average of about 10 months from planning to tabling, but the ANAO conducts a mix of shorter and longer audits as part of its annual audit work program. 

Planning phase

Audit work plan

The first phase of the audit process involves planning the audit, including defining the audit objective, scope and audit criteria. This phase generally involves a review of information relating to the program or activity to be audited, and consultation with the relevant entities and stakeholders. The audit objective and criteria are approved by the Auditor-General.

Audit approval and designation

Once the Auditor-General has decided to undertake the performance audit, the ANAO sends a ‘designation letter’ to the accountable authority of the entity whose operations or activities are the subject of the audit, communicating the Auditor-General’s decision to begin the audit. The letter also outlines the objective, criteria and terms of the audit. Relevant entity officials may be copied in, such as a leader in the entity’s audit or governance area. The ANAO may also engage with other entities or stakeholders that are not ‘designated’ during the course of the audit. In addition to the ‘designated’ entities, Australian Government entities that are not ‘designated’ may be required to provide information and documents for the purpose of the audit. The Auditor-General may choose to include another entity at any stage in an audit.

Fieldwork phase

Entry meeting

An entry meeting will be arranged with key personnel involved in the audit. It is used to introduce the audit team; receive any initial representations from the entity; discuss the objectives, criteria and scope of the audit; advise of the ANAO’s initial information requirements; and answer any questions the entity may have about the audit criteria or process. The meeting is an opportunity to discuss and resolve any issues relating to the conduct of the audit, particularly site and system access and data requests.

The entry meeting is also an opportunity for the audited entity to provide introductory briefing and key material relevant to the audit in order to streamline the process.

Evidence gathering and analysis

The ANAO will require building access and unfettered access to IT systems and records. This will require entities to promptly ‘on board’ ANAO officials to entity systems, with auditor access. ANAO officials are not required to undergo additional security checks; nor are they required to sign agreements, memoranda of understanding or undertakings with respect to their access and use of information. In addition to their responsibilities under the Auditor-General Act with regard to confidentiality, they will respect the information handling environment in which they are auditing.

The ANAO gathers and analyses evidence and discusses emerging issues with the entity. During evidence gathering, the audit team may conduct meetings with managers, staff and other stakeholders; obtain relevant documentation, data and email accounts for review; inspect physical assets; and observe officials in their roles. The number and frequency of document requests may vary, and timely provision of requested information is expected (generally five working days). Document requests may include classified documents, cabinet documents and email accounts deemed by the ANAO as necessary for the purposes of conducting the audit. Documents should not be redacted nor altered for provision to the ANAO.

The ANAO audit team will keep the entity informed in a timely manner of the conduct of, and significant issues arising from, the audit.

During the fieldwork phase, the ANAO welcomes input from anyone, including members of the public, on the audit topic. The webpage for each audit on the ANAO website will note whether or not the audit is currently ‘open for contribution’. The website includes a facility to send information and upload documents.

Report preparation papers

Report preparation papers (RPPs) are prepared once the majority of the evidence has been collected. RPPs outline the evidence base relied upon, preliminary audit findings and potential audit recommendations. Additional information from entities may also be sought, such as requests for clarification or the provision of further evidence.

RPPs are not a draft report. They are papers which demonstrate the audit evidence against the criteria of the audit and the emerging positions resulting from that evidence.

The ANAO audit manager may invite the entity to participate in an information briefing prior to receiving the RPPs.

The RPPs are not required to be issued under legislation, and are shared with entities to provide an opportunity for the entity to consider the audit findings and provide feedback to the audit team, including additional context, further documentary evidence, correction of errors of fact, issues relating to sensitive information and to provide any other information if required.

The recipient of RPPs must not disclose any of the information in the RPPs (including to external legal advisers, contractors, consultants and ministers) except with the written consent of the Auditor-General. It is rare for consent to be given for disclosure of RPPs.

Any written response to the RPPs is expected to be received by the ANAO within 10 working days. The RPP response period can require a significant amount of resourcing from the audited entity. It is recommended that this period is well planned for.

Exit meeting

An exit meeting is held with senior entity staff following the ANAO’s receipt of the entity’s response to RPPs. This meeting signifies the conclusion of the fieldwork phase. During the exit meeting, the preliminary audit findings and potential recommendations are discussed. The entity also has the opportunity to provide further documentation and information relevant to the audit findings.

Reporting phase

Section 19 proposed report

After considering the response to the RPPs and any further information or evidence, the proposed report is drafted. The proposed report is sent from the Auditor-General to the accountable authority of the audited entity, as required by section 19 of the Auditor-General Act.

The accountable authority may share the proposed report with any officials in the entity. However, the accountable authority and any official who receives the proposed report must not disclose any of the information in the report (including to external legal advisers, contractors, consultants and ministers) except with the written consent of the Auditor-General. The accountable authority can provide the draft report to their audit committee.

Response to proposed report

If the recipient of the proposed report, or an extract of the report, gives written comments to the Auditor-General within 28 days of receiving the report, the Auditor-General must consider those comments before preparing a final report. The entity may provide the following types of responses:

• Formal letter of reply — A letter that will constitute the entity’s formal response to the proposed audit report. The letter of reply will be reproduced as an appendix to the final audit report.
• Summary response — A short summary of the entity’s letter of reply (maximum 200 words). The summary response will be published in full at the conclusion of the report summary in the front-end of the report.
• Responses to recommendations — A response to each of the report’s recommendations, indicating whether the entity agrees or disagrees. This will be reproduced under the recommendation in the body of the report.
• Editorial matters — In preparing a response the entity may identify comments or matters of an editorial nature that they wish the ANAO to consider incorporating in the text of the final report. This material will not be published as part of the formal response to the audit report.

Final approval by Auditor-General and presentation of the report for tabling in the Parliament

The Auditor-General Act requires performance audit reports to be presented for tabling in the Parliament as soon as practicable after approval of the final report by the Auditor-General and a copy of the report to be given to the responsible minister, the Finance Minister (for cross-entity audits conducted under section 18 of the Auditor-General Act) and the accountable authority of each entity subject to audit.

The long-standing practice of the ANAO is that two days prior to the report being presented for tabling in the Parliament, an embargoed copy of the report is provided to: the relevant minister; the accountable authority of the entity subject to audit; the Prime Minister; the Finance Minister (for cross-entity audits conducted under section 18 of the Auditor-General Act); the Secretary of the Department of the Prime Minister and Cabinet; and others whom the Auditor-General considers have a special interest in the report. 

Once tabled, audit reports attract parliamentary privilege. Draft reports and working papers prepared by the ANAO as part of the conduct of a performance audit also attract parliamentary privilege.

The ANAO website provides information on the ANAO annual audit work program. The website shows the status of all audits included in the work program and invites members of the public to contribute during the evidence gathering phase of each audit. Once the report of an audit is tabled, it is publicly available and can be accessed from the ANAO’s website.