Background

1. The Freedom of Information Act 1982 (FOI Act) is the legislative basis for open government in Australia at the Commonwealth level. Each person has legally enforceable rights under and subject to the FOI Act to obtain access to government documents and to apply for the amendment or annotation of records of personal information held by government.

2. In 2024–25, 43,456 Freedom of Information (FOI) requests were received by agencies and ministers, a 25 per cent increase on 2023–24. FOI complaints and applications for review in 2024–25 also increased significantly (by 26 per cent and 21 per cent respectively). The Office of the Australian Information Commissioner (OAIC) stated in its 2024–25 Annual Report that:

• the percentage of FOI requests decided outside the applicable statutory timeframe in 2024–25 remained unchanged from the previous year at 27 per cent;
• of the 25,211 decisions made on FOI requests, 25 per cent were to refuse access in full, 54 per cent granted access in part and 21 per cent granted full access; and
• 62 per cent of Information Commissioner decisions ‘set aside’¹ the decisions under review. The OAIC stated that this ‘high set-aside rate indicates there is more work to do to embed a pro-disclosure approach. This work is important to ensure proper alignment with the objects of the FOI Act, to increase public participation in Government processes and to increase scrutiny, discussion, comment and review of the Government’s activities’.

Rationale for undertaking the audit

3. The purpose of the FOI Act is to give the Australian community access to Australian Government information. Parliament intended that the functions and powers under the FOI Act ‘are to be performed and exercised, as far as possible, to facilitate and promote public access to information, promptly and at lowest reasonable cost’. A December 2023 Senate inquiry report concluded that the ‘system is not working effectively and for some time has not functioned as it was intended.’²

4. The audit provides assurance to Parliament over the effectiveness of entity administration of FOI Act requests in achieving the objects of the FOI Act.³

Audit objective and criteria

5. The objective of this audit was to assess whether the selected entities’ administration of FOI Act requests is effective in giving the community access to Australian Government information.

6. To form a conclusion against the objective, the following high-level criteria were adopted:

• Did entities facilitate access to requested documents, promptly and at the lowest reasonable cost?
• Was decision-making transparent, accountable and pro-disclosure?

7. The ANAO audited three entities: the Department of the Prime Minister and Cabinet (PM&C); the Department of the Treasury (Treasury); and the Department of Infrastructure, Transport, Regional Development, Communications, Sports and the Arts (Infrastructure). The audit also engaged with the Office of the Australian Information Commissioner in light of the preliminary audit findings and potential recommendations.

8. The scope of the FOI requests examined was those seeking access to documents other than those containing the applicants own personal information, that were active at any time during 2024. ANAO identified 1,111 FOI requests within scope of the audit, across the three entities. When undertaking testing and analysis, ANAO applied a representative sampling methodology, in line with ANAO auditing standards.

Conclusion

9. The FOI system is recognised as a critical pillar of open government and robust democracy in Australia. Australian Government information is a national resource that should be available for community access and use. Administration of Freedom of Information Act (FOI Act) requests by the audited entities has been partly effective in giving the community access to information.

10. The administration of FOI Act applications by the audited entities resulted in a decision to provide some documents to the applicant for under half (43 per cent) of the requests examined by the ANAO. The audit identified a range of shortcomings with entity administration of FOI Act requests that are inconsistent with the pro-disclosure objects of the FOI Act, including:

• entities are not demonstrably meeting their obligations to take reasonable steps to assist applicants make FOI requests and to then find the requested documents. For 79 per cent of requests examined as part of the audit, the three entities had not met their own requirements to evidence the reasonableness of the searches they had undertaken to locate the requested documents;
• in addition to 57 per cent of requests not leading to the release of any documents to the applicant, public disclosure of released documents, via each entity’s disclosure log, has been incomplete. This has been the case notwithstanding that the FOI Commissioner has identified disclosure log reporting as a way that agencies to reduce the impact of FOI Act administration on their activities; and
• statutory timeframes for decision-making and disclosure are not consistently being met. For 63 per cent of the FOI requests examined departments decided to make use of one or more provisions in the Act allowing for a longer response period than 30 days. Even then, for 29 per cent of requests examined, the decision was taken outside the statutory timeframe (after allowing for any extensions and excluding those with insufficient records). Entity disclosure logs were also not being updated in accordance with statutory timeframes (23 per cent of disclosures were late).

11. Decision-making in the three audited entities was not consistently transparent, accountable and pro-disclosure. A key factor was the lack of records around decision-making with no record maintained of the advice to the decision-maker for 30 per cent of FOI requests examined by the ANAO. Records were also lacking in terms of the impact that consultation with minister’s offices was having on decision-making, including when they shouldn’t be.

12. Reviews of agency decision-making demonstrated do not evidence a pro-disclosure approach. Of the internal reviews within the three audited entities, 24 per cent resulted in a decision to provide more information to the applicant. For 54 per cent of reviews undertaken by the Information Commissioner, the result involved further information being provided to the applicant.

13. Requested documents were exempted, and/or information redacted, in 53 per cent of the FOI requests examined by the ANAO. There are inaccuracies in reporting by entities to the Office of the Australian Information Commissioner reflecting, among other things, inaccurate data held in entity case management systems. This included the outcome of the request advised to the OAIC (based on what was recorded in the case management system) being different to the outcome notified to the applicant in 19 per cent of requests examined.

Supporting findings

Administration of the Freedom of Information Act

14. The three audited entities do not have appropriate policies and procedures in place to meet their responsibilities under the Freedom of Information Act. Of the three audited entities, Treasury had no finalised policy or procedures in place, while Infrastructure and PM&C did. A number of shortcomings were evident in the documented policies and procedures in PM&C. (See paragraphs 2.3 to 2.31)

15. It is not evident that entities are meeting their obligation to take reasonable steps to assist applicants make FOI requests. None of the internal guidance of the entities outlined what the entities considered to be reasonable steps to assist applicants. This approach is not pro-disclosure. (See paragraphs 2.32 to 2.49)

16. The three audited entities are unable to demonstrate that they have met the obligation to take all reasonable steps to find requested documents. Entities are not maintaining adequate records of the searches they undertake in response to FOI applications to assure completeness. Entity records also do not consistently support decisions to refuse access because records could not be located or do not exist. (See paragraphs 2.50 to 2.65)

17. Charges were not often notified by the three audited entities. In 2024: PM&C did not notify any applicant of any charges; Infrastructure notified one applicant of two charges; and Treasury notified 26 applicants of 30 charges (10 per cent of requests received). In the case management systems of each of the audited entities, costs are not calculated for each application, nor are there time or effort records for each application. (See paragraphs 2.66 to 2.72)

18. A decision to provide some documents to the applicant was made for 43 per cent of the requests examined by the ANAO across the three audited entities. Documents are predominantly provided to the applicant by email (95 per cent of requests where the audited entity retained a record of release). (See paragraphs 2.73 to 2.77)

19. Public disclosure of released documents, via the disclosure log required under the FOI Act, was incomplete and not in accordance with the law. The websites used by each audited entity are variable in terms of the information provided and their useability. In addition, each entity’s disclosure log was incomplete (8 per cent of expected disclosures had not been made) and the logs were not being updated in accordance with statutory timeframes (26 per cent of disclosures were late). (See paragraphs 2.78 to 2.94)

20. The three audited entities are not maintaining adequate records to demonstrate compliance with statutory timeframes for processing FOI applications. Where records were available, statutory timeframes were not consistently met, particularly in relation to decision-making on requests.

• Notification to applicants that their request had been received: seven per cent of requests examined by the ANAO (where records were available) were outside the statutory timeframe.
• Decision-making notification to applicants: for 63 per cent of the FOI requests examined, the statutory response timeframe was greater than 30 days due to departments deciding to make use of one or more provisions in the Act allowing for a longer response period. After allowing for extensions, there were 28 per cent of requests examined by the ANAO (where records were available) that were outside the statutory timeframe. (See paragraphs 2.95 to 2.112)

Decision-making

21. Entities have in place delegations that assist with transparent and accountable decisions in relation to access under the FOI Act. The policies of the three audited entities vary on requirements of decision-making artefacts. No entity had in place policies that address all of the consultations they may undertake on FOI requests, including consultations not specifically provided for in the FOI Act (and the FOI Guidelines issued by the OAIC also do not address those consultations). (See paragraphs 3.2 to 3.16)

22. The poor state of recordkeeping around FOI decisions does not demonstrate that decisions are being adequately informed. In relation to the 498 FOI requests examined by the ANAO across the three audited entities:

• for 32 per cent there was no record maintained of the advice provided to the decision-maker;
• a record of the decision was not evident for 30 per cent; and
• the record of the decision provided to the applicant was not retained for 11 per cent. (See paragraphs 3.17 to 3.42)

23. Documents were exempted, and information was redacted, in 53 per cent of the sampled FOI requests. Decisions to exempt a document or redact information were often not recorded, beyond the decision notice to the applicant. It was not clear from entity records how decisions to exempt information were made, nor how decisions were made not to exempt information and release information where an exemption may have applied. Overall, entity records do not demonstrate a pro-disclosure approach to FOI requests. (See paragraphs 3.43 to 3.71)

24. Decisions taken were recorded by each of the three audited entities in their case management system. Decision notices issued to applicants were comprehensive, and consistent with templates each entity has in place. The notifications issued to applicants were largely consistent with the records of the decision. (See paragraphs 3.72 to 3.77)

25. The three audited entities appropriately engaged with complaints and review mechanisms. Each of the audited entities informed applicants of internal review processes that were available, and provided information on the complaints and review processes of the OAIC. Where there was a request for an Information Commissioner review of a decision, and there was a record of a revised decision or outcome from the OAIC, the decision was to provide further information in 54 per cent of instances. (See paragraphs 3.78 to 3.82)

26. Each of the three audited entities extract reports from their respective case management systems to provide information and statistics to the OAIC. These reports to the OAIC reflect the level of accuracy of the information. There are inaccuracies within each of the entity case managements systems. For example, in 19 per cent of sampled requests the outcome advised to the applicant did not match the outcome recorded in the case management system. Further, information in the case management system could not be verified to records in 47 per cent of sampled requests. (See paragraphs 3.84 to 3.92)

Recommendations

Summary of entity responses

Department of the Prime Minister and Cabinet

PM&C thanks the Australian National Audit Office (ANAO) for the opportunity to respond to its audit report on the administration of the Freedom of Information Act. PM&C acknowledges the findings and values the ANAO’s examination of agencies’ practices, noting the report will support improved administration of the FOI Act in support of its objects. PM&C recognises the findings were affected by insufficient record-keeping, particularly the need to clearly evidence searches and reasons for FOI decisions. PM&C agrees strong record-keeping is essential to meeting statutory obligations, supporting accountability, and enabling accurate reporting. Work is underway to improve record management and data quality. PM&C reiterates its commitment to accountability, transparency, and compliance, including proactively publishing information through the Information Publication Scheme (IPS). PM&C accepts the entity recommendations.

Department of the Treasury

Treasury welcomes the report on the administration of the Freedom of Information Act 1982 by selected entities. Treasury is committed to addressing the findings of the report and agrees with the recommendations directed at Treasury. Treasury considers the shortcomings identified by the report around our administration and record keeping offer opportunities for improvement, which Treasury will address.

Treasury’s FOI Policy has been updated to consolidate existing guidance and will shortly be considered by Treasury’s Executive Board. The Policy now more clearly articulates Treasury’s expectations, is more accessible to decision makers and will be reviewed annually to incorporate developments in the law and external guidance. Treasury has also commenced development of other supporting documents to further information request processing and improve assurance frameworks.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts

The department recognises the importance of the Freedom of Information Act 1982 in supporting open government and robust democracy and takes a continuous improvement approach to FOI processing. For example, we implemented an FOI specific Case Management System in July 2023, established an FOI Processing Framework in August 2024, and are building a catalogue of quick reference guides to support consistent and timely processing.

The department welcomes and appreciates the findings and improvements identified in the audit report and acknowledges the need to strengthen aspects of our FOI processing. This work is well underway as part of an ongoing program of uplift and continuous improvement.

Office of the Australian Information Commissioner

The FOI system is a critical pillar of open government and robust democracy in Australia. As an independent agency within the Attorney-General’s portfolio, the OAIC provides regulatory oversight of the operation of the Freedom of Information Act 1982 (FOI Act), including through the handling of complaints and conducting merits review of decisions of agencies and ministers under the Act. The OAIC’s role as a Commonwealth integrity agency is also secured by both the FOI Act and the Australian Information Commission Act 2010. In this regard FOI performance metrics under the Commonwealth Integrity Strategy are key indicators of the strength of the Commonwealth Integrity Framework.

The OAIC’s regulatory priorities include promoting compliance with the FOI Act and supporting public sector capability in the administration of the FOI Act. The OAIC will continue to exercise its regulatory powers and review and update the FOI Guidelines, Procedure Directions, guidance and education materials to reflect best practice and promote improved compliance with the FOI Act.

The OAIC supports, or supports in principle, recommendations that relate to the OAIC’s regulatory functions and will continue to consider the insights garnered from the audit.