The audit reviewed the implementation of the Whole-of-Government Information Technology Infrastructure Consolidation and Outsourcing Initiative (IT Initiative). The objectives of the audit were to examine the administrative and financial effectiveness of the implementation of the IT Initiative, with the focus being on the first four tenders conducted. Accordingly, the audit assessed:

• the effectiveness of the overall planning and implementation of the IT Initiative, taking into account the tendering, contracting and monitoring processes undertaken in respect of Cluster 3, DEETYA/EN, ATO and Group 5;
• the extent to which those latter processes have contributed to the achievement of the objectives of the IT Initiative; and
• the extent to which the Commonwealth's interests have been adequately protected within this context.

The audit objective was to assess the effectiveness of DEEWR‘s administration of the initial phases of the NP ECE. The high-level criteria used to make this assessment were the appropriateness of DEEWR‘s:

• establishment of a sound foundation for implementation, including implementation plans, monitoring arrangements and an Indigenous strategy for universal access; and
• ongoing monitoring and support activities, including assessing progress reports, making payments, maintaining relationships, improving data quality and public reporting.

The audit examined whether the Department of Health and Ageing had the performance information necessary to administer the Australian Health Care Agreements. A strong focus of the audit was accountability for performance given the significant size of Commonwealth financial assistance, more than $29.6 billion over 5 years, provided to the States and Territories for the provision of health care services.

The main objectives of the audit were to assess the management and administration of protective security across Commonwealth agencies and to identify, recommend and report better practice in security management. Particular attention was paid to:

• compliance with Government policy, standards and guidelines;
• the role of management in protective security; and
• the operation of security systems and practices.

The audit criteria and procedures to assess the management and administration of the individual organisations examined were largely based on the overall control framework of an organisation and the guidance provided in the current Commonwealth Protective Security Manual.

Given the importance of customer feedback to Centrelink's business, the ANAO considered it timely to conduct a series of performance audits relating to Centrelink's customer feedback systems, particularly in relation to its delivery of the services then provided on behalf of FaCS. The overarching objective of this series of ANAO performance audits of Centrelink's customer feedback systems was to assess whether Centrelink has effective processes and systems for gathering, measuring, reporting and responding effectively to customer feedback, including in relation to customer satisfaction with Centrelink services and processes.

The audit objective was to assess the effectiveness of the National Health and Medical Research Council's governance and administrative systems. In order to achieve this objective, the audit addressed three criteria to determine whether the Council had: identified its legislated responsibilities and monitored its legislative compliance; a sound corporate governance framework to support the performance of its legislated functions; and established robust administrative systems to support the performance of its legislated functions.

The audit's main objectives were to:

• examine the guidance on the use of confidentiality clauses in contracts and agencies' use of such clauses;
• develop criteria to assist agencies in determining what information in a contract is confidential; and
• assess the effectiveness of the existing accountability and disclosure arrangements for Commonwealth contracts.

This cross-portfolio audit reviewed the management of Internet security across ten Commonwealth agencies, with the objective of forming an opinion on the adequacy of Internet security management within the selected agencies. The audit pursued two strands - a review of the management systems employed within agencies including the adequacy of risk assessments, security policies and plans, day to day management and business continuity planning in connection with the agencies' Internet presence, and physical testing of the security arrangements of selected Internet sites. Staff from the Defence Signals Directorate were appointed under the Auditor-General Act 1997 to perform the site testing.

The audit reviewed the processes involved in the sale of one-third of Telstra. The objectives in auditing the sale were to assess the extent to which the Government's sale objectives were achieved; assess the effectiveness of the management of the share offer; assess whether the sale arrangements adequately protected the Commonwealth's interests; and facilitate improved administrative arrangements for future share offers.

The main objectives of the audit were to examine DOTARS' response to the heightened threat environment following the events of 11 September 2001, and to determine the extent to which DOTARS' monitoring and compliance regime ensures that the aviation industry complies with its security obligations. The scope of the audit included:

• the respective roles and responsibilities of the organisations involved in aviation security;
• the setting of security settings; DOTARS' monitoring of airport, airline and cargo security;
• the action DOTARS takes in response to security breaches; and
• evaluation of aviation security.