Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.
The audit objective was to form an opinion on the adequacy of a select group of Australian Government agencies' management of Internet security, including following-up on agencies' implementation of recommendations from the ANAO's 2001 audit. The agencies audited were Australian Customs Service (ACS), Australian Federal Police (AFP), Australian Radiation Protection and Nuclear Safety Agency (ARPANSA), Department of Employment and Workplace Relations (DEWR), Department of Industry, Tourism and Resources (DITR) and Medicare Australia. Factors considered in selecting agencies were agency size based on funding levels, whether the agency was included in ANAO's 2001 audit (ACS, ARPANSA, and DEWR), whether the agency's ICT was managed in-house or outsourced, and the nature of the agency's website (that is, general or restricted access).
Parliamentary Committees, particularly Senate Estimates Committees, have for many years taken an interest in the use of consultants by Australian government agencies. In this context, and having regard to the extent of expenditure by FMA Act agencies on consultants, the objective of this audit was to assess the accuracy and completeness of Australian government agencies' reporting of expenditure on consultants.
This audit is a part of the ANAO's protective security audit coverage. The objective of this audit was to determine whether agencies audited had developed and implemented sound IT security management principles and practices supported by an IT security control framework, in accordance with Australian Government policies and guidelines. The audit at each agency examined the framework for the effective management and control of IT security, including the management of IT operational security controls and, where applicable, was based on the Australian Government protective security and information and communications technology (ICT) security guidelines that were current at that time.
The objective of the audit was to assess and report on the progress being made by agencies subject to the Financial Management & Accountability Act 1997 and entities subject to the Commonwealth Authorities & Companies Act 1997: in realising value for money from the procurement process, with a specific focus on buildings, services and products using whole of life cycle assessments; and in the consideration and management of environmental impacts in specifications and contracts. The emphasis of the audit was on green office procurement and sustainable business practices and the value for money within this context. As such, the audit report provides a status report on the implementation of ESD within the office environment of the Australian Government. The audit used a survey approach in conjunction with selected audit investigations to obtain information across 71 agencies and entities selected on the basis of materiality in procurement and coverage across large, medium and small organisations. The agencies selected represented approximately 35 per cent of all government bodies and over 95 per cent of all procurement spending noted on the Department of Finance and Administration (Finance) database on contracts.