Currently showing reports relevant to the Finance and Public Administration Senate estimates committee. [Remove filter]

Type: Performance audit
Report number: 49 of 2024-25
Portfolios: Industry, Science and Resources; Finance
Entities: National Reconstruction Fund Corporation; Department of Industry, Science and Resources; Department of Finance
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. The National Reconstruction Fund was announced by the Minister for Industry and Science on 25 October 20221, as part of the 2022–23 Federal Budget, as a $15 billion investment to ‘diversify and transform Australia’s industry and economy.’

2. The Department of Industry, Science and Resources (DISR) took the lead for the design and establishment of the National Reconstruction Fund Corporation (NRFC). The Department of Finance provided support to DISR in the design and establishment of the NRFC.

3. The NRFC is a corporate Commonwealth entity established under the National Reconstruction Fund Corporation Act 2023 (NRFC Act). It commenced on 18 September 2023 and is governed by an independent board. Under the NRFC Act, the Minister for Industry and Science and the Minister for Finance are the responsible ministers. In performing its investment functions, the NRFC Board is required to comply with the NRFC Act, the National Reconstruction Fund Corporation (Investment Mandate) Direction 2023 (NRFC Investment Mandate)2 and the National Reconstruction Fund Corporation (Priority Areas) Declaration 2023.3

4. On 19 November 2024, the NRFC announced its first two investments: a $100 million partnership with Resource Capital Funds, which includes a $40 million investment in Russell Mineral Equipment.4 As at 31 May 2025, the NRFC has announced nine investments totalling $434.5 million.5

5. In December 2024, Parliament passed the Future Made in Australia Act 2024. The Future Made in Australia measure establishes a ‘Front Door for investors with major transformational proposals within the Treasury portfolio’6, an Investor Council to support the Front Door and the involvement of Specialist Investment Vehicles in the Investor Council.7

Rationale for undertaking the audit

6. The NRFC was announced on 25 October 2022 as a $15 billion vehicle through which the Australian Government will ‘facilitate increased flows of finance into priority areas of the Australian economy, through targeted investments to diversify and transform Australian industry, create secure, well-paying jobs and boost sovereign capability.’

7. The audit provides assurance to the Parliament as to whether the design and establishment of the NRFC was effective.

Audit objective and criteria

8. The objective of this audit was to assess the effectiveness of the design and establishment of the NRFC.

9. To form a conclusion against the objective, the following high-level criteria were adopted.

  • Was the design process effective?
  • Are governance arrangements sound?
  • Are the Fund arrangements effective?

Conclusion

10. The design of the NRFC was largely effective, the establishment of the NRFC’s governance and fund arrangements was partly effective. There are opportunities to improve NRFC’s governance by establishing a financial strategy and reviewing its performance reporting. Further, there is scope for the NRFC Board to finalise its investment strategy, stakeholder engagement framework and some investment procedures, and to establish assurance over its investment compliance.

11. The design process for the NRFC was largely effective. Due diligence checks for one member of the NRFC Board were not documented. DISR applied lessons from similar programs and considered stakeholder feedback. Stakeholder engagement was largely consistent with better practice — with opportunities to close the loop with stakeholders, and documenting lessons to improve future engagement activities. Constitutional risks to investments were assessed and approaches to manage these were outlined in advice to government and the NRFC Board. Advice on establishing a new corporate Commonwealth entity was sound. Appointments to the NRFC Board were consistent with the NRFC Act.

12. NRFC’s governance arrangements are largely sound. The NRFC Board and CEO appointments, Board meetings and remuneration arrangements have been established under the NRFC Act. Investment Policies have been published pursuant to section 75 of the NRFC Act. NRFC’s reporting arrangements for its annual report, corporate plan, budget estimates, performance measures and statements have been established, with 2024–25 performance to be reported against ‘at least three identified areas of the economy’ out of seven under the National Reconstruction Fund Corporation (Priority Areas) Declaration 2023. NRFC’s risk management, fraud and corruption control arrangements, and accountable authority instructions are underway and progressing as at March 2025. NRFC’s corporate policies are progressing as at March 2025. The NRFC Audit and Risk Committee (ARC) reviewed NRFC’s arrangements for risk management, internal controls, financial reporting except it did not review NRFC’s performance reporting arrangements for 2023–24 in line with the ARC charter and section 17 of the PGPA Rule. Recruitment is continuing, with the asset management function for investments underway as at March 2025. NRFC Board is yet to develop a financial strategy. NRFC has processes for managing procurement, recruitment, declaring gifts and benefits, and Freedom of Information (FOI). Access to NRFC’s released information under FOI is not consistent with guidelines from the Australian Information Commissioner.

13. NRFC’s fund management arrangements are partly effective. The NRFC Board has approved investments without finalising its investment strategy and stakeholder engagement framework. NRFC’s investment strategy and stakeholder engagement framework, listed as outputs within NRFC’s Corporate Plan 2023–24, were not completed. A draft investment strategy, draft stakeholder engagement framework, and the absence of a plan to evaluate them, limits the effectiveness of the NRFC Board’s fund promotion.

14. NRFC’s processes to assess investments against its legislative requirements are developing and partly effective. NRFC’s existing procedures relating to due diligence, risk management and assessing concessionality need clearly defined requirements for officials. NRFC is developing investment procedures relating to: credit risk, national security assessments, and investment impact. Investment assessment processes have gaps in: due diligence, risk management, and considerations of concessionality. NRFC’s Board has not received its Embargo Register to manage associated risks. NRFC did not obtain conflict of interest declarations and confidentiality agreements from suppliers who assisted with investment due diligence.

15. NRFC has established investment targets; and as at 31 May 2025, NRFC had announced investments totalling $434.5 million of a target of $550 million. At at 31 March 2025, NRFC’s Board has not developed a financial strategy and aligned it to its draft investment strategy and stakeholder engagement framework, to inform and support the timely deployment of its investments.

Supporting findings

Design process

16. Lessons from similar programs were considered and addressed in the design and establishment of the NRFC. DISR assessed external reviews of Specialist Investment Vehicles (SIVs), prior ANAO audits and engaged with stakeholders to identify lessons on the design and establishment of the NRFC. A key lesson relating to the need for investment-ready projects for the NRFC, and steps to address this were outlined in advice to government. (See paragraphs 2.4 to 2.11)

17. Stakeholder input on key design parameters of the NRFC was considered and included in advice to government. DISR undertook a structured approach to consulting stakeholders and analysing feedback received. Stakeholder engagement was largely consistent with the APS framework for engagement and participation — with opportunities to close the loop with all stakeholders who have contributed, and documenting lessons to improve future engagement activities being identified. (See paragraphs 2.12 to 2.18)

18. DISR established an appropriate framework for providing advice to government. Advice was based on lessons learned from other SIVs, stakeholder input, and understanding the policy context of the election commitment. Advice outlined risks and approaches to manage risks. Advice on a corporate Commonwealth entity (CCE) being the preferred vehicle to establish the NRFC was based on DISR’s assessment that a CCE provided the most effective way to achieve policy objectives, and was most closely aligned with the election commitment of the NRFC being modelled on the Clean Energy Finance Corporation. Appointments to the NRFC Board were consistent with NRFC Act, except that due diligence checks were not documented for one member appointed to the NRFC Board in October 2023. (See paragraphs 2.19 to 2.55)

Governance arrangements

19. NRFC Board and CEO appointments, Board meetings and the Board and CEO’s remuneration arrangements have been established under the NRFC Act. A Board skills matrix was developed for commencement appointments. NRFC Board members, NRFC CEOs and acting CEO made conflicts of interest declarations and maintain conflicts of interest registers. NRFC experienced leadership changes in the 16 months from its commencement to January 2025, with two CEO appointments and two acting CEO appointments. NRFC has established its risk management, fraud and corruption risk management and reporting arrangements under the PGPA Act, with some elements in progress. The NRFC ARC reviewed NRFC’s arrangements for risk management, internal controls, financial reporting except for NRFC’s performance reporting. Corporate policies continue to be in progress as at March 2025. The NRFC Board has yet to develop a financial strategy to support its financial sustainability and return on investment. Processes are in place for managing procurements, recruitment, declaring gifts and benefits, and managing Freedom of Information, with an opportunity to make available released information for downloading from its website. (See paragraphs 3.2 to 3.57)

20. NRFC has established its Investment Policies under section 75 of the NRFC Act. The NRFC Board has established the Board Investment Committee to provide oversight of investment decision processes, including investment delegations and policies for managing conflicts of interest and personal trading. Recruitment for roles supporting investments management was continuing as at March 2025, and the investments were made prior to establishing the investment asset management function. (See paragraphs 3.58 to 3.71)

21. NRFC has established and published its performance measures in its Corporate Plan 2023–24 and Corporate Plan 2024–25. NRFC reported in its 2023–24 performance statement that it had achieved its performance measure of finalising its core corporate, risk and investment policies. These ‘core’ policies were not defined and there were 39 policies and related documents outstanding at June 2024. NRFC’s performance measures in 2024–25 incorporate measures to report that investments meet at least three of the seven economic priority areas, there is an opportunity to ensure that measures in future years report against all seven economic priority areas. Controls for performance information and methodologies for performance reporting are in development as at March 2025. (See paragraphs 3.72 to 3.79)

Fund arrangements

22. NRFC’s Board and senior executives have engaged with Commonwealth entities, industry stakeholders and prospective applicants. NRFC’s Corporate Plans for 2023–24 and 2024–25 have set out objectives and performance measures for partnering and engaging with stakeholders. In October 2023, the NRFC Board decided to formalise engagement activities. NRFC’s investment strategy and stakeholder engagement framework were in draft and not finalised in 2023–24. A Stakeholder Engagement Strategy was approved by the NRFC Executive Leadership Team in May 2025. NRFC does not have a plan to periodically evaluate the effectiveness of its engagement activities. NRFC’s outputs relating to its investment strategy and stakeholder engagement framework outlined in its Corporate Plan 2023–24 were not completed. NRFC has made investment decisions and engaged with stakeholders without an endorsed investment strategy and stakeholder engagement framework. A draft investment strategy and stakeholder engagement framework limit the effectiveness of the NFRC Board’s fund promotion activities to achieve the performance measures it has set to deliver NRFC’s performance outcomes. (See paragraphs 4.2 to 4.9)

23. NRFC’s processes and controls to assess and approve applications are developing as at March 2025. NRFC’s existing investment procedures address its legislative requirements except for national security and First Nations impact, which are under development. NRFC’s approach to assessing investments has gaps in due diligence, investment risk assessment, and concessionality. These gaps impact the consistency of investment assessments, completeness of risk advice provided to the NRFC Board, and the NRFC Board’s assurance over compliance with its legislative requirements. The NRFC Board has not received updates on the Embargo Register to prevent members from inadvertently dealing in entities on whom the NRFC holds inside information. NRFC has not obtained confidentiality agreements or conflict of interest declarations from suppliers undertaking due diligence on investments. There is scope to improve the consistency of documenting how NRFC’s investments crowd-in and do not crowd-out other market participants. (See paragraphs 4.12 to 4.62)

24. NRFC’s budget estimates and performance measures establish investment targets across the current and forward years from 2024–25 to 2027–28. As at 31 May 2025, NRFC had announced investments totalling $434.5 million against a target of $550 million for 2024–25. The NRFC Board has established quarterly monitoring arrangements for its investment target through its ‘Operating Plan FY2025.’ NRFC took between six and nine months to assess and approve investments reviewed by the ANAO. As at 31 March 2025, NRFC’s Board has not developed a financial strategy that links with its investment strategy and stakeholder engagement framework to support it to deploy investments in a timely manner, and to generate returns to fund its operating expenses. (See paragraphs 4.67 to 4.71)

Recommendations

Recommendation no. 1

Paragraph 3.23

The National Reconstruction Fund Corporation Board establish a financial strategy to support its activities to maintain financial viability and return on investment.

National Reconstruction Fund Corporation response: Agreed.

Recommendation no. 2

Paragraph 3.35

The National Reconstruction Fund Corporation Board ensure that the Audit and Risk Committee review all future performance reporting arrangements in accordance with its charter and to ensure its compliance with paragraph 17(2)(b) of the PGPA Rule.

National Reconstruction Fund Corporation response: Agreed.

Recommendation no. 3

Paragraph 4.10

The National Reconstruction Fund Corporation Board finalise its investment strategy and stakeholder engagement framework and develop a plan to evaluate effectiveness.

National Reconstruction Fund Corporation response: Agreed.

Recommendation no. 4

Paragraph 4.35

The National Reconstruction Fund Corporation:

  1. obtain conflict of interest declarations from its suppliers who assist with investment due diligence and re-validate declarations when the due diligence report is finalised, as part of the monitoring of conflicts of interests; and
  2. execute confidentiality agreements with suppliers who assist it with its investments.

National Reconstruction Fund Corporation response: Agreed.

Recommendation no. 5

Paragraph 4.45

The National Reconstruction Fund Corporation Board should be informed of the risks associated with its Embargo Register.

National Reconstruction Fund Corporation response: Agreed.

Recommendation no. 6

Paragraph 4.63

The National Reconstruction Fund Corporation Board:

  1. ensure existing procedures outline the roles and responsibilities of relevant officials and executives and set out the minimum requirements for due diligence, risk management, assessing concessionality and record keeping; and
  2. finalise and endorse investment procedures that are under development to assess, approve and manage investments.

National Reconstruction Fund Corporation response: Agreed.

Recommendation no. 7

Paragraph 4.64

The National Reconstruction Fund Corporation Board establish assurance arrangements and assign responsibilities to ensure the consistent:

  1. application of investments in accordance with the National Reconstruction Fund Corporation Act 2023 and National Reconstruction Fund Corporation (Investment Mandate) Direction 2023; and
  2. storage of records for investment assessment processes, assessments and decisions.

National Reconstruction Fund Corporation response: Agreed.

Summary of entity responses

25. Relevant parts of the proposed audit report were provided to the National Reconstruction Fund Corporation, the Department of Industry, Science and Resources, and the Department of Finance. Summary responses are reproduced below and full responses are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

National Reconstruction Fund Corporation

The NRFC welcomes the ANAO’s report and its finding that the NRFC’s governance arrangements are largely sound. As the report notes, the NRFC was established on 18 September 2023, with the performance audit commencing less than a year into its operations. This early assessment of the Corporation’s governance processes provides assurance of the direction taken and offers useful insights to inform the Corporation’s commitment to continuous improvement.

The NRFC agrees with all recommendations and is committed to their implementation in a timely manner. We note that in all areas identified by the ANAO, active steps are being taken to ensure effective governance processes, including a number of areas where the recommended actions are already complete or where significant progress has already been achieved. Further work is underway to fully implement the remaining recommendations. The NRFC’s Audit and Risk Committee will oversee this implementation.

Department of Industry, Science and Resources

The department acknowledges the opportunity to comment on the report, noting it only had access to extracts relevant to the department.

In 2022, the Australian Government committed to establishing the National Reconstruction Fund (NRF) to support, diversify and transform Australia’s industry and economy.

To inform the NRF’s design, the department conducted extensive stakeholder engagement and public consultation. This included input from government and external stakeholders. Participants included representatives from business, unions, financial institutions, First Nations communities, regional groups, government and the public. This comprehensive process informed the NRFC’s structure, legislation, and successful establishment by September 2023.

In response to the one identified opportunity for improvement, the department acknowledges the release of RMG 127 in July 2024 and has updated its processes to ensure alignment with this latest guidance.

Department of Finance

The Department of Finance (Finance) welcomes ANAO’s performance audit report on the Design and Establishment of the National Reconstruction Fund Corporation (Report). The report concludes that the implementation and governance of the NRFC was largely effective. Finance notes that the due diligence documentation did not meet the standard of Resource Management Guide 127 – Specialist Investment Vehicles (RMG 127), however this guide was not in place at the time of the appointment.

Finance agrees with the ANAO’s suggested area for improvement to document NRFC board appointment processes. Consistent with guidance in RMG 127, Finance commits to ensuring that all board appointment processes and considerations are thoroughly and accurately documented. This includes retaining all relevant records to ensure transparency and accountability. Finance has already implemented these measures to support the effective governance and oversight of the National Reconstruction Fund Corporation (NRFC).

Key messages from this audit for all Australian Government entities

26. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • When establishing new entities, accountable authorities should establish all corporate policies as early as possible to ensure the appropriate operations of all parts of the entity.
  • Accountable authorities should ensure conflicts of interest and information confidentiality arrangements are managed and monitored from suppliers.
  • Accountable authorities should ensure that there is an appropriate compliance framework to have assurance that legislative obligations and internal policies are being complied with.
  • Accountable authorities of specialist investment vehicles should ensure that their financial and investment strategies, and fund promotion activities are aligned in order to demonstrate performance, accountability for financial sustainability and measure their alignment with policy objectives.
Group title

Transparency of reporting

Key learning reference
  • Governance and oversight arrangements of SIVs should include consideration of how information will be reported to promote transparency, accountability, and the expected financial impact of new policies.
Type: Performance audit
Report number: 40 of 2024-25
Portfolios: Prime Minister and Cabinet; Defence; Education; Employment and Workplace Relations; Home Affairs; Infrastructure, Transport, Regional Development, Communications and the Arts
Entities: Across Entities
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. Reducing the disparity between Indigenous and non-Indigenous economic outcomes has been a longstanding goal of Australian governments. The National Agreement on Closing the Gap aims to strengthen economic participation and development of Aboriginal and Torres Strait Islander people and their communities.1 Increasing opportunities for Indigenous economic participation has also been an area of interest for the Australian Parliament.2

2. The Indigenous Procurement Policy (IPP) was established in 2015 with the objective ‘to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy’.3 One of three elements of the IPP are the mandatory minimum requirements (MMRs), which are targets for minimum Indigenous employment and/or supply use for Australian Government contracts valued from $7.5 million in certain specified industries.4 The National Indigenous Australians Agency (NIAA) is responsible for administering the IPP, including the MMRs.

Rationale for undertaking the audit

3. The stated policy objective of the MMRs is to ‘ensure that Indigenous Australians gain skills and economic benefit from some of the larger pieces of work that the Commonwealth outsources, including in Remote Areas’.5 Compliance with the MMRs is mandatory for non-corporate Commonwealth entities. The MMRs were established in July 2015 and became binding on contractors from 1 July 2016.

4. Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements was undertaken to provide assurance that the MMRs were being effectively administered and selected entities were complying with them.6 The audit concluded that while the MMRs were effectively designed, their administration had been undermined by ineffective implementation and monitoring by the policy owner and insufficient compliance by the selected entities.7 The audit made six recommendations to improve administration of and compliance with the MMRs, which were all agreed to.

5. Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. The tabling in the Parliament of an agreed response to an Auditor-General recommendation is a formal commitment by the entity to implement the recommended action. Effective implementation of agreed Auditor-General recommendations demonstrates accountability to the Parliament and contributes to realising the full benefit of an audit.8

6. This audit examines whether the NIAA; Department of Defence (Defence); Department of Education (Education); Department of Employment and Workplace Relations (DEWR)9; Department of Home Affairs (Home Affairs); and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts (Infrastructure) have effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20. Entities’ implementation of agreed recommendations will help provide assurance to the Parliament about whether the MMRs are meeting the objective of stimulating Indigenous entrepreneurship, business and economic development and providing Indigenous Australians with opportunities to participate in the economy.

Audit objective and criteria

7. The audit objective was to assess whether selected entities effectively implemented agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

  • Did the NIAA implement recommendations related to the administration of the MMRs?
  • Does the NIAA manage exemptions to the MMRs effectively?
  • Did selected entities implement recommendations related to their compliance with the MMRs?

Conclusion

9. Almost five years after the recommendations were agreed to, entities had partly implemented recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements. Although the NIAA had improved guidance for entities and sought to increase MMR reporting compliance, a recommendation for the NIAA as the policy owner to implement an evaluation strategy was not completed. The NIAA has not demonstrated whether the MMRs are improving Indigenous economic participation. A risk related to the inappropriate use of exemptions was not managed. Recommendations intended to address the risk that reporting on MMR contracts is incomplete and inaccurate were partly implemented by audited entities. Reforms to the Indigenous Procurement Policy were announced in February 2025 without a clear understanding of the policy’s effectiveness.

10. The NIAA largely implemented two of three recommendations relating to its administration of the MMRs: to develop guidance on the MMRs for Australian Government entities and contractors; and to implement a strategy to increase MMR reporting compliance. The NIAA did not complete a third recommendation as it developed but did not implement an MMR evaluation strategy. Additional commitments made by the NIAA in response to two recommendations were not met.

11. Contracts subject to the MMRs may be exempted by entities for valid reasons established in the Indigenous Procurement Policy. The inappropriate use of exemptions impedes achievement of the Indigenous Procurement Policy’s objectives. The NIAA’s management of exemptions has been partly effective. Systems have been set up to allow potentially invalid exemptions. There is a lack of guidance and assurance over the appropriate use of exemptions.

12. Defence, Education and Home Affairs largely implemented the agreed recommendations relating to compliance with the MMRs. The NIAA, DEWR and Infrastructure partly implemented the agreed recommendations. The MMRs are relevant to the approach to market, tender evaluation, contract management, reporting and finalisation phases of a procurement. Compliance with the MMR requirements was higher in the approach to market, tender evaluation and contract management phases than in the reporting and finalisation phases. All entities could do more to ensure contractors’ compliance with MMR targets and to gain assurance over reported MMR performance.

Supporting findings

Administration of mandatory minimum requirements

13. Auditor-General Report No. 25 2019–20 recommended that the NIAA develop tailored guidance on managing the MMRs throughout the contract lifecycle in consultation with entities and contractors. The NIAA published updated guidance on managing the MMRs in July 2020, following stakeholder consultation. The guidance included complete information for nine of 14 topics identified as requiring additional guidance in Auditor-General Report No. 25 2019–20. Guidance included incomplete information on MMR exemptions, managing MMR performance reporting, and obtaining assurance over contractors’ MMR performance reporting. As at March 2025, guidance had not been updated since July 2020 despite changes to MMR reporting requirements. A commitment to publish guidance tailored for Indigenous businesses was not met. (See paragraphs 2.5 to 2.22)

14. Contractors must report on, and Australian Government entities must assess, performance in meeting agreed MMR targets. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement a strategy to increase entity and contractor compliance with MMR reporting requirements to ensure information in the Indigenous Procurement Policy Reporting Solution (IPPRS) is complete. The NIAA planned and undertook activities aimed at increasing contractors’ compliance with MMR reporting requirements and entities’ management of reporting non-compliance. These included improvements to the IPPRS and monitoring reporting compliance in Australian Government portfolios. The NIAA closed the ANAO recommendation before planned changes to the IPPRS were implemented. As at February 2025, the IPPRS did not fully support contract managers to meet reporting requirements for all types of MMR contracts. User feedback indicated ongoing access and support issues. While reporting compliance increased between 2022 and 2024, as at June 2024, entities and contractors were not fully compliant with MMR reporting requirements and information in the IPPRS was incomplete. Reforms to the IPP announced by government in February 2025 included potentially increasing transparency of suppliers’ performance against MMR targets. (See paragraphs 2.23 to 2.32)

15. Auditor-General Report No. 25 2019–20 recommended that the NIAA implement an evaluation strategy for the MMRs that outlines an approach to measuring the impact of the policy on Aboriginal and Torres Strait Islander employment and business outcomes. Although an evaluation strategy for the MMRs was finalised, it was not implemented. The NIAA has not met requirements to review the effectiveness of a procurement-connected policy every five years. There is no performance monitoring and limited public reporting about the MMRs. (See paragraphs 2.33 to 2.54)

Exemptions from mandatory minimum requirements

16. Between July 2016 and September 2024, 63 per cent (valued at $69.3 billion) of all contracts recorded in the Indigenous Procurement Policy Reporting Solution (IPPRS) were exempted from the MRRs by relevant entities. The proportion of contracts exempted by entities from the MMRs has increased over time. The IPPRS has been set up by the NIAA to allow entities to record reasons for exemptions. The reason categories in the IPPRS mainly align with the Indigenous Procurement Policy, however include a category called ‘other’ that does not align. Of exempted contracts, 34 per cent (valued at $30.2 billion) used the exemption category ‘other’. The NIAA advised the ANAO that some contracts exempted for ‘other’ reasons were exempted because they are in practice non-compliant with the Indigenous Procurement Policy. Entities’ use of the ‘other’ exemption category for non-compliant contracts obscures the degree of non-compliance with the MMRs and is not appropriate. The NIAA does not provide complete guidance on the use of exemptions, or assurance over the legitimacy of exemptions. The NIAA has not considered the strategic implications of exemption usage for the achievement of policy objectives. (See paragraphs 3.1 to 3.13)

Compliance with mandatory minimum requirements

17. Auditor-General Report No. 25 2019–20 recommended that all audited entities review and update their procurement protocols to ensure procuring officers undertaking major procurements that trigger the MMRs comply with required steps in the procurement process.

  • As at December 2024, all entities updated their procurement protocols for MMR requirements. One component of this was the development of detailed internal guidance. As at December 2024, Defence, Education, Home Affairs and Infrastructure’s guidance identified key MMR requirements for the approach to market to contract management phases of the procurement lifecycle. DEWR’s guidance and the NIAA’s internal guidance did not identify all key MMR requirements.
  • Aside from Home Affairs, all entities’ contracts were largely compliant with the MMRs at the approach to market, tender evaluation and contract management phases of the procurement lifecycle. Home Affairs’ contracts was partly compliant. Defence’s compliance was poorer for contracts resulting from panel procurements.
  • All audited entities could improve tender evaluation processes by including an IPPRS search on tenderers’ past MMR compliance.
  • In summary: Defence, Education, and Infrastructure largely implemented the 2019–20 recommendation, and the NIAA and DEWR partly implemented it. Home Affairs’ guidance was appropriately updated, however it has not consistently ensured that procuring officers undertaking major procurements that trigger the MMRs comply in practice with the required steps. (See paragraphs 4.3 to 4.18)

18. Auditor-General Report No. 25 2019–20 recommended that all audited entities establish processes, or update existing processes, to ensure contract managers and contractors regularly use the IPP Reporting Solution (IPPRS) for MMR reporting.

  • Defence, Education and Home Affairs’ internal guidance identified key IPPRS reporting requirements, while the NIAA, DEWR and Infrastructure’s internal guidance did not identify all key requirements.
  • For a sample of contracts, the NIAA’s MMR reporting was timely and based on accurate IPPRS data. For the other five entities, there were issues with both timeliness and accuracy. None of the five entities consistently followed up on late contractor reporting.
  • When a contract variation is published on AusTender, IPPRS data is not consistently updated. This means a contract may be identified as on track to meet the MMR target based on incorrect values or a contract may move to the finalisation step prematurely as the end date is inaccurate.
  • In summary: Defence, Education and Home Affairs largely implemented the 2019–20 recommendation, and the NIAA, DEWR and Infrastructure partly implemented it. (See paragraphs 4.19 to 4.37)

19. Auditor-General Report No. 25 2019–20 recommended that after guidance has been provided by the policy owner, all audited entities establish appropriate controls and risk-based assurance activities for active MMR contracts.

  • As the policy owner, the NIAA published guidance in July 2020 that has a short overview on how MMR performance information could be verified.
  • All six entities established at least some controls and arrangements to gain assurance over contractors’ MMR performance reporting. Controls and arrangements were more developed in Education and Home Affairs.
  • For a sample of contracts examined, none of the entities consistently undertook assurance activities to verify contractor performance reporting. Defence undertook the most assurance activity.
  • In summary: all entities partly implemented the 2019–20 recommendation. (See paragraphs 4.38 to 4.59)

Effectiveness of the mandatory minimum requirements

Based on MMR performance information reported by Australian Government entities and contractors, the number and value of MMR contracts have grown since the introduction of the Indigenous Procurement Policy (IPP) in 2015. In 2016–17, 17 contracts with MMR targets for Indigenous employment and/or supply use were awarded, with a total value of $756.4 million. In 2023–24, 189 MMR contracts were awarded with a total value of $5.9 billion. Between 1 July 2016 and 30 September 2024, 870 MMR contracts were awarded by 52 Australian Government entities with a total value of $45.2 billion. Indigenous employment and/or supply use targets established under the MMR contracts were reported to be met for 72 per cent of completed MMR contracts.a

The majority of MMR contracts were reported to be meeting established employment and supply use targets. These results, however, were based only on contracts where reporting was complete. As at June 2024, 28 per cent of MMR contracts in the reporting phase were not compliant with MMR reporting requirements. Reporting relies on contractor information, and entities largely had not undertaken activities to verify that MMR performance information was accurate.

While the application of the MMRs is trending upwards, between July 2016 and September 2024, 1,475 contracts valued at $69.3 billion were ‘exempted’ by entities from the MMRs, often for reasons that are unclear.

There is a lack of performance information and evaluation data that allows for the impact and outcomes of the IPP to be assessed. The NIAA’s public reporting on the IPP does not provide information on the MMRs’ effectiveness. It is unclear if the IPP’s objectives of stimulating Indigenous entrepreneurship, business and economic development, and providing Indigenous Australians with more opportunities to participate in the economy, are achieved. While the Indigenous business sector has grown since the introduction of the IPP, in November 2024 the Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs highlighted limitations in available data on the economic contribution of the sector and the impact of policies to support Indigenous economic participation.b

Note a: Based on 161 contracts where an assessment outcome was reported as at 30 September 2024.

Note b: Joint Standing Committee on Aboriginal and Torres Strait Islander Affairs, Inquiry into economic self-determination and opportunities for First Nations Australians (2024), pp. 13–19, 39–40.

Recommendations

20. This report makes eight recommendations.

Recommendation no. 1

Paragraph 2.21

To support Australian Government entities and contractors to comply with the mandatory minimum requirements (MMRs), in consultation with entities and contractors, the National Indigenous Australians Agency review and update MMR guidance material to ensure that it:

  1. accurately reflects the current process for managing MMR reporting in the Indigenous Procurement Policy Reporting Solution and provides guidance on appropriate reporting timeframes;
  2. provides sufficient information to support entities to implement risk-based assurance activities for MMR contracts; and
  3. provides sufficient information for entities and contractors on suitable evidence to support performance reporting.

National Indigenous Australians Agency response: Agreed.

Recommendation no. 2

Paragraph 2.45

The National Indigenous Australians Agency establish a process to ensure it meets Australian Government requirements placed on policy owners of procurement-connected policies, including reapplication for recognition as a procurement-connected policy.

National Indigenous Australians Agency response: Agreed.

Recommendation no. 3

Paragraph 2.52

The National Indigenous Australians Agency:

  1. complete and publish an evaluation of the effectiveness of the mandatory minimum requirements in contributing to meeting the objectives of the Indigenous Procurement Policy; and
  2. develop mandatory minimum requirements performance measures to enable ongoing monitoring.

National Indigenous Australians Agency response: Agreed.

Recommendation no. 4

Paragraph 3.11

To ensure exemptions are accurately recorded in the Indigenous Procurement Policy Reporting Solution, non-compliance with the Indigenous Procurement Policy can be appropriately identified, all applicable contracts are subject to the mandatory minimum requirements reporting and assessment process, and the Indigenous Procurement Policy is achieving its policy objectives, the National Indigenous Australians Agency:

  1. amend its protocols to ensure that it is not treating non-compliance with mandatory minimum requirements as an exemption or exclusion;
  2. consider what scenarios that are consistent with allowable exclusions and exceptions within the Indigenous Procurement Policy are not covered by existing categories in the Indigenous Procurement Policy Reporting Solution and therefore whether the ‘other’ category is still justified and required;
  3. when implementing recommendation 1, provide additional guidance to Australian Government entities on the use of exemption categories, which includes information on when it is appropriate to classify a contract as an ‘exemption’, and when it is appropriate and inappropriate to use the exemption category of ‘other’; and
  4. implement a risk-based assurance process to ensure that reported exemptions or exclusions are legitimate.

National Indigenous Australians Agency response: Agreed to parts a–c, Not agreed to part d.

Recommendation no. 5

Paragraph 4.7

The National Indigenous Australians Agency and Department of Employment and Workplace Relations update internal procurement guidance to better support procuring officers undertaking major procurements that trigger the mandatory minimum requirements to comply with required steps in the procurement process.

National Indigenous Australians Agency response: Agreed.

Department of Employment and Workplace Relations response: Agreed.

Recommendation no. 6

Paragraph 4.16

Department of Home Affairs strengthen controls to ensure compliance with the mandatory minimum requirements at the approach to market, tender evaluation and contract management phases of major procurements.

Department of Home Affairs response: Agreed.

Recommendation no. 7

Paragraph 4.24

The National Indigenous Australians Agency; Department of Employment and Workplace Relations; and Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts establish, strengthen or update guidance to ensure contract managers and contractors appropriately use the Indigenous Procurement Policy Reporting Solution for mandatory minimum requirements reporting.

National Indigenous Australians Agency response: Agreed.

Department of Employment and Workplace Relations response: Agreed.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts response: Agreed.

Recommendation no. 8

Paragraph 4.53

All audited entities meet their responsibility under the Indigenous Procurement Policy to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

National Indigenous Australians Agency response: Agreed.

Department of Defence response: Agreed.

Department of Education response: Agreed.

Department of Employment and Workplace Relations response: Agreed.

Department of Home Affairs response: Agreed.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts response: Agreed.

Summary of entity responses

21. Extracts of the proposed audit report were provided to the NIAA, Defence, Education, DEWR, Home Affairs and Infrastructure. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.

National Indigenous Australians Agency

The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit.

The primary purpose of the Indigenous Procurement Policy (IPP) is to stimulate Indigenous entrepreneurship, business and economic development, providing Indigenous Australians with more opportunities to participate in the economy. The Mandatory Minimum Requirements (MMR) are a key component of this policy.

Prior to the implementation of the policy in 2015, Indigenous businesses secured limited business from Commonwealth procurement. The policy has significantly increased the rate of purchasing from Indigenous businesses.

The NIAA is proud to take the lead on behalf of the Commonwealth in providing advice on how to best meet the requirements of the IPP. The NIAA provides advice to Commonwealth entities through its many publications and its dedicated IPP team. Within the resources available, the NIAA has also invested in providing ICT tools and support to assist Commonwealth entities with their responsibility to ensure accurate reporting on targets and MMRs.

As with all other elements of the Commonwealth Procurement Rules, it is the responsibility of each Commonwealth entity to meet the obligations of the IPP. The NIAA welcomes the ANAO’s recommendations on how it can improve the advice it provides to entities to meet their obligations.

Department of Defence

Defence welcomes the ANAO Audit Report assessing whether selected entities effectively implemented the agreed recommendations from Auditor-General Report No. 25 2019–20 Aboriginal and Torres Strait Islander Participation Targets in Major Procurements.

Defence agrees to the recommendation directed at all audited entities to establish or strengthen processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with the mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

As the Commonwealth’s largest procurer, Defence is proud of its significant commitment towards supporting the long-term growth and sustainability of the Indigenous business sector, and will continue working with the National Indigenous Australians Agency to improve the monitoring and reporting of the MMR targets.

Department of Education

The Department of Education welcomes this report. The report recognises the significant efforts the department has made to implement changes recommended by the ANAO’s performance audit of February 2020, however the department acknowledges the need to continue its efforts to strengthen its processes to ensure contract managers undertake appropriate activities to ensure contractors’ compliance with mandatory minimum requirements (MMR) targets and verify that reported MMR performance information is accurate.

Education is already making progress towards meeting the report’s recommendation, including working with contract managers to ensure that assurance activities are performed more consistently, and that contract managers regularly review and verify contractor reports. Education will continue to engage with departmental contract managers to ensure that MMR contracts are actioned in the IPPRS within the audit’s recommended timeframes.

Education notes the audit’s broader messages to all entities on the importance of strengthening procurement processes to ensure tenderers’ Indigenous Participation Plans are assessed and that assessments are appropriately documented. Education has added additional information to its intranet guidance on the process required when evaluating tender responses for MMR contracts, and its guides on approaching the market and evaluating and selecting suppliers. In addition, Education has updated its Evaluation Plan templates to include MMR requirements as part of the evaluation process, where applicable.

Education are regular participants in the Commonwealth Procurement and Contract Management Community of Practice and participate in networking opportunities across the Australian Public Service, including informal knowledge sharing across entities.

Department of Employment and Workplace Relations

The Department of Employment and Workplace Relations (DEWR) acknowledges the Australian National Audit Office’s (ANAO) report detailing the outcomes of the follow up audit of Targets for minimum Indigenous employment or supply use in major Australian Government procurements.

DEWR is committed to delivering compliant procurement processes that deliver the expected business outcomes. This includes ensuring compliance with the Indigenous Procurement Policy and that our high value (as defined by the Indigenous Procurement Policy) contracts are properly managed and reported on. Starting from a low maturity level, we have been on a continuous journey of improvement since the Department’s creation in July 2022 (following a Machinery of Government change). We acknowledge and accept the ANAO’s findings and commit to implementing their recommendations as part of our broader procurement maturity program of work.

Department of Home Affairs

The Department of Home Affairs is committed to the implementation of the Government’s policy objective to drive growth in Aboriginal and Torres Strait Islander businesses and employment.

The Department agrees with the two recommendations made by the Auditor-General aimed at improving the Department’s compliance with mandatory minimum requirements (MMR) of the Indigenous Procurement Policy throughout the procurement and contract management phases, and will strengthen its processes, guidance, reporting and assurance activities to achieve this.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts

The department supports the policy objectives of the Indigenous Procurement Policy and the achievement of the Mandatory Minimum Requirements (MMR) as a key element of the IPP. This follow up audit, which examined all five of the department’s procurements that triggered the MMR, has highlighted the need for further improvement in aspects of the department’s arrangements for meeting the MMR. The department is committed to making the necessary improvements to its processes.

Key messages from this audit for all Australian Government entities

22. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Policy implementation

Key learning reference
  • The policy owner of a whole-of-government policy is responsible for the stewardship of that policy. As part of their stewardship role, the policy owner should actively monitor the implementation of the policy and whether the policy is effective in achieving its stated purpose and outcomes. This includes understanding entities’ implementation of the policy; monitoring the appropriateness of exemptions from the policy; working with entities to address implementation issues and instances of non-compliance; and evaluating the long-term impacts of the policy.
  • All Australian Public Service employees are stewards. To support implementation of whole-of-government policies, Australian Government officials should work with each other across agencies to share knowledge, learn about good practice and innovate.
Group title

Procurement

Key learning reference
  • Under the Commonwealth Procurement Rules, compliance with procurement-connected policies is mandatory for non-corporate Commonwealth entities and prescribed corporate Commonwealth entities. Central procurement areas can support compliance by: actively promoting awareness of policy requirements; ensuring that procurement templates are up to date; and providing training and operational support to procuring officers and contract managers.
  • The requirement for entities and contractors to comply with the Indigenous Procurement Policy and other procurement-connected policies continues to apply through machinery-of-government changes. Entities undergoing a machinery-of-government change should plan appropriately and maintain appropriate records to ensure that policy requirements continue to be met.
Group title

Governance and risk management

Key learning reference
  • Auditor-General reports and recommendations seek to address risks to the successful delivery of government outcomes. To ensure risks are appropriately managed, entities should close agreed recommendations based on robust evidence that the intent of the recommendation has been met.
Type: Financial statement audit
Report number: 39 of 2024-25
Portfolios: Across Entities
Entities: Across Entities
Date tabled/scheduled:
Audit Summary : show
Type: Performance audit
Report number: 33 of 2024-25
Portfolios: Prime Minister and Cabinet
Entities: Department of the Prime Minister and Cabinet
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. Impact Analysis (IA) is a long-established administrative process in the Australian Public Service (APS) with the intention to support informed policy decision-making. Any policy proposals or action of government with an expectation of compliance, and assessed to have a more than minor change in behaviour or impact on people, businesses or community organisations, are required to have an IA.1 The Australian Government Guide to Policy Impact Analysis provides high-level principles for policy makers and an outline of the process for developing IAs.2

2. The Office of Impact Analysis (OIA), a branch within the Department of the Prime Minister and Cabinet (PM&C), is responsible for the administration of the IA framework.3 The OIA’s work has two elements: an assessment element, to assess the IA work of policy agencies against the requirements of the IA framework; and a coaching element, to lift the APS’s capability to conduct evidence-based policy analysis.4 As at September 2024 the OIA was comprised of 16 staff and had been allocated $2.5 million to undertake its activities in 2023–24.

Rationale for undertaking the audit

3. The Public Service Act 1999 states that the APS ‘provides the Government with advice that is frank, honest, timely and based on the best available evidence’. Providing quality advice to support government in making policy decisions is a core function of the APS. Priority four of the APS reform agenda is ‘An APS that has the capability to do its job well’. This includes improving the capability of the APS to deliver good policy advice to support informed decision-making.

4. The IA framework is intended to support evidence-based policy development and informed decision-making by the Australian Government, including by improving the APS’s capability to undertake quality evidence-based policy analysis. The Assistant Minister to the Prime Minister’s foreword to the Australian Government Guide to Policy Impact Analysis states that an IA ‘provides decision-makers with information about how people, community organisations and businesses may be affected and how the costs and benefits fall across these groups’ to ‘help government choose the best path forward’. Published IAs support transparency over Australian Government decision‐making.

5. This audit provides assurance about whether PM&C is effectively administering the IA framework to achieve the IA framework’s objective of enabling well‐informed and transparent Australian Government decision‐making.

Audit objective and criteria

6. The audit objective was to assess the effectiveness of PM&C’s administration of the IA framework to enable well-informed and transparent Australian Government decision-making.

7. To form a conclusion against the objective, the ANAO adopted the following high-level criteria.

  • Are PM&C’s governance arrangements for the IA framework fit for purpose?
  • Is the IA framework implemented effectively?
  • Has PM&C been an effective steward of the IA framework?

8. The audit focused on the period 1 July 2022 to 30 June 2024.

Conclusion

9. PM&C’s administration of the IA framework, including its governance and day-to-day implementation, has been largely effective. As steward of an Australian Government framework designed to achieve well-informed and transparent policy decision-making, PM&C could do more to evaluate whether the IA framework is fully achieving its objectives.

10. PM&C’s governance arrangements for the Impact Analysis framework are largely fit for purpose. Structural arrangements, settings and practices of the Office of Impact Analysis (OIA) do not clearly support independence of the office from government — a key principle. PM&C has established governance arrangements relating to conflict of interest, risk management, business planning, workforce planning, and information management, which apply to the work of the OIA. The OIA has largely implemented required governance arrangements. As steward of the framework, PM&C undertakes some engagement with stakeholders in Australia and internationally, which could be improved by better strategic planning and coordination across the Australian public sector.

11. The IA framework is implemented largely effectively. PM&C provides effective assistance to policy agencies to comply with the IA framework. PM&C has not examined the merits of a risk-based approach to increasing usage of non-mandatory early assessments, which positively impact IA quality. PM&C’s scrutiny of policy agencies’ use of ‘IA equivalents’, which exempt a policy proposal from the full IA assessment process, has been strengthened. Implementation of preliminary and final assessments is largely effective. Across all stages of the IA assessment process, internal guidance supporting decision-making and documentation of decision-making could be improved.

12. PM&C has been a largely effective steward of the IA framework. It has taken steps to evaluate whether the IA framework is achieving its objectives. PM&C provides advice to government on IA framework activities and on how the IA framework could be improved. PM&C could do more to monitor its effective and efficient implementation of the IA framework, to plan its monitoring and evaluation activities, and to evaluate its secondary role in improving policy capability across the Australian Public Service. Transparency could be enhanced through better public performance reporting.

Supporting findings

Governance

13. Independence of the office is an underlying principle of the IA framework. PM&C states that the OIA ‘maintain(s) day-to-day independence from the Australian Government in our decision-making’. The office is a branch within PM&C. Practical and structural controls to protect independence could be better articulated to increase confidence in how the framework is implemented. PM&C’s governance framework includes relevant policies and tools to manage probity, risk, workforce planning and information management. Conflicts of interest are largely managed by the OIA in accordance with departmental policy. Risk management was insufficient but improved following a ‘health check’ on the office undertaken in 2023. Controls for a workforce risk have been partly implemented. The case management system is being improved. PM&C requires staff to undertake annual mandatory training on integrity, records management and security. This was not completed by all OIA staff in 2023–24, however mandatory training compliance increased in 2024–25. (See paragraphs 2.4 to 2.39)

14. While PM&C undertakes engagement activities related to its stewardship of the IA framework, including some initiated in 2024, it does not have a clearly articulated stakeholder engagement plan that identifies the desired outcomes of engagement activity, who should be part of engagement activity, the form that engagement activities should take or how PM&C will measure the effectiveness of engagement. Engagement with the Australian Public Service Commission could be increased given shared goals. (See paragraphs 2.41 to 2.52)

Implementation of the Impact Analysis framework

15. PM&C provides accessible guidance to policy agencies to assist them to meet the IA framework requirements. PM&C has developed and delivered training sessions for the Australian Public Service (APS). Feedback from training participants is sought, which is analysed and largely positive. A training strategy was finalised in March 2025. PM&C has recognised the policy agency practice of using consultants to develop IAs, and has not considered the risk that this practice may impede the development of APS policy capability. The OIA provides early assessments of IAs to policy agencies to assist with their development. Relatively few agencies participate in the voluntary early assessment stage when drafting an IA. PM&C does not have a risk-based strategy for encouraging participation in training or early assessment. (See paragraphs 3.4 to 3.22)

16. PM&C undertakes a range of assurance activities to ensure IAs have been submitted when required. It maintains guidance regarding special cases that do not require agencies to submit an IA for assessment (IA equivalent reviews, carve-outs, Prime Minister’s exemptions and sunsetting instruments). The inappropriate use of IA equivalent certifications by policy agencies to avoid IA framework requirements has been identified as a risk by government. Processes implemented in 2023 were meant to tighten PM&C’s scrutiny over the use of IA equivalent certifications by policy agencies. Record keeping of suitability decisions over IA equivalent certifications was not always complete, and there could be more internal guidance to support suitability decisions. PM&C reviewed the appropriateness of existing carve-outs in 2024 and found that 12 per cent should have been cancelled. These were cancelled after the review. There is no internal requirement regarding how promptly carve-out decisions should be published or how frequently carve-outs should be reviewed. PM&C’s treatment of Prime Minister’s exemptions and sunsetting instruments was appropriate. (See paragraphs 3.23 to 3.49)

17. The OIA undertakes preliminary assessments to determine if an IA is required for a particular policy proposal. Guidance to assist staff to consistently undertake preliminary assessments was improved in 2023–24. PM&C’s record keeping associated with preliminary assessment decisions would have been improved through better documentation of the OIA’s assessed impacts (affected cohorts, type of impacts) of the policy proposal — a key consideration in determining whether an IA is required — and the rationale for the OIA’s final decision about whether an IA was required. The preliminary assessment process had appropriate quality assurance. The outcome was appropriately communicated to agencies. PM&C provided timely advice to policy agencies on the outcomes of preliminary assessments, although a timeliness service standard was not always met. (See paragraphs 3.50 to 3.60)

18. The OIA assesses IAs for the quality of the analysis and IA development process. It uses a framework to support consistent assessments of the quality of IAs. There could be more documented guidance for assessment scoring and maintaining appropriate records of decision-making. Decision-making (including the rationale) for final assessments was not always appropriately documented. There is a lack of documented procedures for quality assurance over final assessments. Advice to policy agencies on final assessment outcomes was provided in all sampled IAs. On average, PM&C provides feedback to agencies to assist them to improve the quality of their IAs within a five working day standard, although the service standard is not always met. On average, publication of IAs is typically within four days of policy announcement. Publication included all of the required documents (including an accessible version of each document) for 58 per cent of 2022–23 and 2023–24 IAs. (See paragraphs 3.61 to 3.83)

19. Some policy proposals require a post implementation review (PIR). There is a lack of internal guidance about how to identify policy proposals that meet the ‘substantial or widespread economic impact’ criterion for a PIR. Registers of required and overdue PIRs are published by PM&C. As at October 2024, five of 17 required PIRs were overdue, including one due in 2013. (See paragraphs 3.84 to 3.92)

Stewardship

20. PM&C does not have an overarching monitoring plan to establish what needs to be measured and monitored in relation to its effective and efficient delivery of the IA framework process. PM&C has established performance measures in corporate planning documents relating to its administration of the IA framework, some of which are reported to the PM&C executive. PM&C has access to various monitoring data. This data is not always fully utilised, accurate or complete. Despite having timeliness service standards, PM&C does not monitor the timeliness and efficiency of its IA assessment work. (See paragraphs 4.4 to 4.11)

21. The objectives of the IA framework are clearly stated. The OIA’s objectives could be more prominently and consistently communicated, particularly with regard to its secondary role of lifting policy capability across the Australian Public Service. PM&C has taken some steps to evaluate whether the IA framework is meeting its objectives, including a survey of policy agencies in late 2023 that examined perceived impacts of the IA framework on policy uplift. It has not developed an overarching evaluation plan for the IA framework. (See paragraphs 4.12 to 4.24)

22. PM&C regularly reports to government on administration of the IA framework. There was no public performance reporting on PM&C’s implementation of the IA framework or on the achievement of policy objectives in 2023–24. (See paragraphs 4.27 to 4.32)

Recommendations

23. This report makes four recommendations to the Department of the Prime Minister and Cabinet.

Recommendation no. 1

Paragraph 2.13

The Department of the Prime Minister and Cabinet provide further information to the public, Parliament and policy agencies regarding the structural arrangements, settings and practices it has in place to support the independence of the Office of Impact Analysis.

Department of the Prime Minister and Cabinet response: Agreed.

Recommendation no. 2

Paragraph 2.53

The Department of the Prime Minister and Cabinet develop a stakeholder engagement plan to support its stewardship of the Impact Analysis framework that:

  1. clearly identifies stakeholders of the framework;
  2. provides for coordination between stakeholders responsible for targeted impact analyses or that support or share Impact Analysis framework objectives;
  3. prioritises engagement activities of both an administrative and strategic nature; and
  4. involves ongoing assessment of engagement activity.

Department of the Prime Minister and Cabinet response: Agreed.

Recommendation no. 3

Paragraph 3.89

The Department of the Prime Minister and Cabinet develop additional guidance for staff about how to exercise and document judgements made in Impact Analysis equivalent certification assessments, preliminary assessments, final assessments and post implementation review decisions, in line with the department’s Information Management Policy.

Department of the Prime Minister and Cabinet response: Agreed.

Recommendation no. 4

Paragraph 4.25

The Department of the Prime Minister and Cabinet:

  1. develop an evaluation plan to support an evaluation of whether the Impact Analysis framework is achieving its objectives; and
  2. as part of its evaluation plan, in consultation with the Australian Public Service Commission, give consideration to how Impact Analysis assessment data could be used to inform policy capability needs analysis and uplift.

Department of the Prime Minister and Cabinet response: Agreed.

Summary of entity response

24. The proposed audit report was provided to PM&C. PM&C’s summary response to the audit is provided below and its full response is at Appendix 1.

The Department of the Prime Minister and Cabinet (PM&C) welcomes the Auditor-General Report on the Administration of the Impact Analysis framework. PM&C is committed to supporting informed decision-making by ensuring the Prime Minister, the Cabinet and portfolio ministers are provided with advice that is informed, takes a whole-of-government and whole-of-nation perspective, and incorporates the views of a diverse range of stakeholders. Impact Analysis provides decision makers with information about how people, community organisations and businesses may be affected and how the costs and benefits fall across these groups.

PM&C accepts the recommendations made by the Auditor-General on the Administration of the Impact Analysis framework. PM&C will continue to work with other relevant agencies, including the Treasury’s Australian Centre for Evaluation and the Australian Public Service Commission, to ensure that advice to government continues to be accompanied by the best available analysis.

25. An extract of the proposed report was provided to the Department of the Treasury (Treasury). Treasury’s summary response is provided below and its full response is provided at Appendix 1.

Treasury welcomes the report and notes the ANAO’s finding of outstanding post-implementation reviews (PIRs) predating the transfer of that function from the Office of Impact Analysis to Treasury in July 2023. Treasury has contacted the agencies with non-compliant PIRs for action. Further, Treasury will consider PIR non-compliance more generally, as part of a review of the Post-Implementation Reviews Guidance Note that is scheduled for 2025-26.

Key messages from this audit for all Australian Government entities

26. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Policy/program implementation

Key learning reference
  • Policy owners are stewards of that policy. In accordance with the Australian Public Service value of stewardship, this means that policy owners must accept the responsibility of stewardship, including planning for, monitoring and advising on adapting the policy for which they are accountable. Stewardship of a policy includes working with system partners; anticipating how changes in the environment and institutional settings across government can affect implementation; understanding the long-term impacts of the policy; and working to ensure the policy’s ongoing effectiveness.
Type: Performance audit
Report number: 29 of 2024-25
Portfolios: Cross entity; Finance
Entities: Department of Finance; Australian Electoral Commission; Attorney‐General’s Department; Department of Health and Aged Care
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. The Australian Government’s campaign advertising framework (the framework) applies to non-corporate Commonwealth entities under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).1 The overarching aim of the framework, introduced in 2008, is to provide the Parliament and the community with confidence that public funds are used to meet the genuine information needs of the community.2

2. The government periodically issues guidance for entities undertaking information and advertising campaigns. The most recent version of the Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities (the Guidelines) was released in December 2022 (2022 Guidelines)3, replacing the October 2020 Guidelines (2020 Guidelines). The Guidelines are administered by the Department of Finance (Finance) and state that they:

operate on the underpinning premise that:

  1. members of the public have equal rights to access comprehensive information about government policies, programs and services which affect their entitlements, rights and obligations; and
  2. governments may legitimately use public funds to explain government policies, programs or services, to inform members of the public of their obligations, rights and entitlements, to encourage informed consideration of issues or to change behaviour.4

3. The Guidelines apply to all information and advertising campaigns5 undertaken in Australia by non-corporate Commonwealth entities.6 Entities subject to them:

must be able to demonstrate compliance with the five overarching principles when planning, developing and implementing publicly-funded information and advertising campaigns. The principles require that campaigns are:

  • relevant to government responsibilities
  • presented in an objective, fair and accessible manner
  • objective and not directed at promoting party political interests
  • justified and undertaken in an efficient, effective and relevant manner, and
  • compliant with legal requirements and procurement policies and procedures7

Rationale for undertaking the audit

4. This audit is part of an ongoing program of performance audits on Australian Government advertising. The rationale for undertaking this audit is to provide the Parliament with information on key developments in the framework since the period covered by the 2022 ANAO audit8, when the ANAO last reported on its operation.

5. The audit provides independent assurance on whole-of-government administration of the framework by the Department of Finance and selected entities’ compliance with the Guidelines and the wider framework requirements.

Audit objective and criteria

6. The objective of the audit was to assess the effectiveness of the Department of Finance’s and selected entities’ implementation of the Australian Government’s campaign advertising framework.

7. To form a conclusion against this objective, the following high-level criteria were adopted:

  • Does the Department of Finance effectively administer the Australian Government’s campaign advertising framework?
  • Were selected campaigns compliant with the Australian Government’s campaign advertising framework?

8. The audit examined developments in the administration of the framework from November 2021 to November 2024. Three campaigns were selected for review:

  • One Talk at a Time campaign, conducted from October 2023 to April 2025, administered by the Attorney-General’s Department (AGD)9;
  • Your Answer Matters campaign, conducted from August to October 2023, administered by Australian Electoral Commission (AEC)10; and
  • Youth Vaping Education (phase one) campaign, conducted from February to June 2024, administered by the Department of Health and Aged Care (Health).11

Conclusion

9. Finance has been effective at administering the framework. AGD and Health were largely compliant with the framework. The AEC largely complied with its internal requirements and the intent of the framework.

10. Finance has supported entities undertaking campaigns and has arrangements in place to manage brand safety risks relating to advertising on social media platforms. There are emerging gaps relating to the identification and management of risks, including to brand safety, associated with the use of artificial intelligence (AI) and emerging technologies in government advertising campaigns, and the changing nature of campaign activities, such as the use of media partnerships and influencers to reach target audiences in government campaigns. Finance extended the whole-of-government Master Media Agency contract after all extension options had been exercised. Finance has met its reporting requirements for expenditure on advertising campaigns.

11. AGD’s One Talk at a Time campaign largely complied with the review, certification and publication requirements of the framework. AGD complied with the requirements of Principles 1 to 3 and largely complied with Principles 4 and 5 of the 2020 Guidelines. Campaign effectiveness was reduced by the delayed implementation of pre-launch public relations activities. Not all campaign materials contained appropriate attribution of Australian Government involvement and two procurements were not accurately reported on AusTender. The advertising component of the campaign was evaluated, with the evaluation report finding that the campaign ‘achieved’ one objective and ‘partially achieved’ two objectives. At November 2024, an evaluation addressing other aspects of the campaign had not been undertaken as public relations activities were still underway.

12. Since 2009, the AEC has had an exemption from most aspects of the framework and has committed to complying with the intent of the 2022 Guidelines. Documentation capturing the AEC’s requirements for campaign development and certification, known as ‘AEC communication campaigns: Guidelines and mandatory checklist’ (AEC Guidelines), was in draft and there was no documented approval. The AEC’s Your Answer Matters campaign largely complied with the review and publication requirements. Publication requirements were met, although AEC did not publish campaign research reports, did not document consideration of whether doing so was appropriate and there were inaccuracies in the reporting of campaign expenditure figures in the AEC annual report and subsequent reporting to the Department of Finance. The AEC complied with Principles 1 to 4 of the 2022 Guidelines and largely complied with Principle 5. Legal advice addressing all legal requirements of Principle 5 was finalised after the campaign had commenced. The AEC’s requirements for attribution of AEC contribution to media partnerships and public relations materials was not documented. The AEC evaluated the campaign with the evaluation report finding that of the total 23 objectives, 16 were ‘met’, six were ‘partly met’ and one was ‘not met’.

13. Health largely complied with the review, certification and publication requirements of the framework. Health complied with the requirements of Principles 1, 3 and 4 of the 2022 Guidelines and largely complied with Principles 2 and 5 of the 2022 Guidelines. Health did not document how campaign imagery reflected a diverse range of Australians. Not all campaign materials contained attribution of Australian Government involvement. Health evaluated the Youth Vaping Education (phase one) campaign to determine its effectiveness. The evaluation report consolidated the campaign’s original seven objectives into four objectives. The evaluation found that two objectives were achieved and two objectives were partially achieved.

Supporting findings

Administration of the Australian Government campaign advertising framework — Finance

14. Finance maintains a suite of guidance documents on a clearly signposted section of its website and manages a campaign community through its GovTEAMS site to support entities undertaking campaigns throughout the campaign advertising development process. Finance facilitates the Independent Communications Committee’s review process and provides advice to government regarding requests for exemption from the Guidelines. Finance has established arrangements to receive feedback from suppliers and entities through evaluations undertaken at the end of campaigns, with annual reviews providing a whole-of-government view across all campaigns. (See paragraphs 2.3 to 2.21)

15. Finance has arrangements to manage risks relating to brand safety on social media platforms. Given the changing nature of campaign activities there are emerging gaps in relation to the use of media partnerships, public relations and influencers. Gaps relate to the appropriateness of the level of information relating to these activities provided for final government review and the attribution of campaign materials. There is an absence of guidance around emerging risks, including to brand safety, relating to the potential use of AI and emerging technologies in advertising and information campaigns. Finance extended the whole-of-government Master Media Agency contract after all extension options had been exercised. ( See paragraphs 2.22 to 2.80)

16. Finance has reported to the Parliament on annual media placement and associated campaign development expenditure by non-corporate Commonwealth entities, for campaigns with expenditure greater than $250,000 (exclusive of GST), in its annual report on Campaign Advertising by Australian Government Departments and Entities. Details of expenditure relating to Finance’s contracts with the Master Media Agency and Independent Communications Committee (ICC) members have not been included in these reports. Finance guidance does not address the publication of advertising campaign research reports which, under the 2022 Guidelines, must be published on entity websites ‘where it is appropriate to do so’ for campaigns with an expenditure of $250,000 (exclusive of GST) or more. (See paragraphs 2.81 to 2.93)

One Talk at a Time campaign

17. AGD’s One Talk at a Time campaign received government approvals in accordance with the framework requirements applying at the time it was considered.

18. The Secretary of the Attorney-General’s Department (Secretary of AGD), as the accountable authority, certified that the campaign complied with all five principles of the 2020 Guidelines and the certification was published on AGD’s website, as required. The Secretary’s certification was informed by a third-party certification from the ICC, as required by the 2020 Guidelines, and AGD advice on compliance. AGD provided the Attorney-General with the signed Secretary’s certification.

19. AGD complied with publication requirements, except for those relating to the statement in its 2023–24 annual report. AGD published its developmental research report on the One Talk at a Time campaign website. (See paragraphs 3.14 to 3.24)

20. AGD complied with Principles 1 to 3 of the 2020 Guidelines and largely complied with Principles 4 and 5.

21. For Principle 4, campaign effectiveness was reduced by the delayed execution of pre-launch public relations activities. For Principle 5, 17 of the 21 media partnership materials had appropriate attribution statements noting Australian Government involvement and two of the campaign procurements were not accurately reported on AusTender. (See paragraphs 3.25 to 3.62)

22. Advertising components of the One Talk at a Time campaign were evaluated to determine their effectiveness. This evaluation identified that the advertising component of the campaign ‘achieved’ one objective and ‘partially achieved’ two objectives. At November 2024, the planned integrated evaluation of all campaign components, including media partnerships and public relations, had not been completed.

23. The performance of the campaign was monitored against media metrics, including key performance indicators (KPIs). AGD received in-flight monitoring of the campaign’s performance, including a mid-campaign report and a final media performance report. (See paragraphs 3.63 to 3.71)

Your Answer Matters campaign

24. Due to its exemption, the AEC was not subject to review by the ICC or government review and approval processes. The AEC had documented requirements for campaign development and certification in the form of the AEC Guidelines. The version of the AEC Guidelines used for the Your Answer Matters campaign was in draft and there was no documented approval.

25. Under the AEC Guidelines, the AEC has committed to complying with the intent of the 2022 Guidelines. The AEC Guidelines did not establish a requirement for legal advice confirming compliance with Principle 5 of the 2022 Guidelines to be provided to the Electoral Commissioner prior to campaign certification.

26. The AEC followed an internal review process that involved the Electoral Commissioner providing approval for key campaign development milestones. The Electoral Commissioner signed two certifications for the campaign, which were both published on the AEC’s website in accordance with the AEC Guidelines. The AEC did not publish campaign research reports on its website and did not document consideration of whether publication of the research reports was appropriate and there were inaccuracies in the reporting of campaign expenditure figures in the AEC annual report and subsequent reporting to the Department of Finance. (See paragraphs 4.18 to 4.40)

27. The AEC complied with the intent of Principles 1 to 4 of the 2022 Guidelines and largely complied with Principle 5. Legal advice addressing all legal requirements of Principle 5 was finalised after the campaign had commenced. The AEC had not documented attribution requirements for media partnerships or public relations materials. Details of one procurement were not accurately reported on AusTender. (See paragraphs 4.41 to 4.78)

28. The Your Answer Matters campaign was evaluated to determine its effectiveness. Of the 23 objectives across the five phases of the campaign, 16 were assessed as ‘met’, six were assessed as ‘partly met’ and one was assessed as ‘not met’.

29. The performance of the campaign was monitored against media metrics, including KPIs. The AEC received weekly reporting on the performance of media channels. (See paragraphs 4.79 to 4.85)

Youth Vaping Education (phase one) campaign

30. Health’s Youth Vaping Education (phase one) campaign received government approvals in accordance with the framework requirements applying at the time it was considered.

31. The accountable authority, the Secretary of the Department of Health and Aged Care (Secretary of Health and Aged Care), certified that the campaign complied with the five ‘overarching principles’ of the 2022 Guidelines and the certification was published on Health’s website, as required. The Secretary’s certification was informed by a third-party review from the ICC, as required by the 2022 Guidelines, and Health advice on compliance. Health provided the Secretary’s certification to the Minister for Health and Aged Care on 3 May 2024, approximately three months after the campaign commenced, which was not compliant with the 2022 Guidelines.

32. Health complied with publication requirements. Health published the campaign developmental research report on its website. (See paragraphs 5.12 to 5.23)

33. Health complied with Principles 1, 3 and 4 and largely complied with Principles 2 and 5 of the 2022 Guidelines.

34. For Principle 2, Health did not document how campaign imagery reflected a diverse range of Australians. Legal advice provided in support of compliance with Principle 5 addressed the media partnerships component of the campaign but not the influencer component. Seventeen of the 28 media partnership materials did not contain attribution of Australian Government contribution to the materials. Health’s audit trail of procurement decision-making was mostly complete. (See paragraphs 5.24 to 5.74)

35. Health evaluated the Youth Vaping Education (phase one) campaign to determine its effectiveness. The evaluation report consolidated the campaign’s original seven objectives into four objectives. The evaluation found that two objectives were achieved and two objectives were partially achieved.

36. Campaign performance was monitored against media metrics, including KPIs. Health received in-flight monitoring of the campaign’s performance, including a report on the performance of influencers, a mid-campaign report and a final media performance report. (See paragraphs 5.75 to 5.82)

Recommendations

Recommendation no. 1

Paragraph 2.55

The Department of Finance develop supporting policy and guidance to identify and manage emerging risks, including to brand safety, relating to the use of artificial intelligence and emerging technologies in government advertising campaigns.

Department of Finance response: Agreed.

Recommendation no. 2

Paragraph 2.72

When planning future procurements for Master Media Agency services for Australian Government advertising, the Department of Finance provide sufficient time to enable the procurement process to be completed prior to exhausting all extension options available under the existing contract.

Department of Finance response: Agreed.

Recommendation no. 3

Paragraph 4.21

The Australian Electoral Commission update the ‘AEC communications campaigns: Guidelines and mandatory checklist’ (AEC Guidelines) to include:

  1. a requirement for legal advice confirming compliance with Principle 5 of the Australian Government Guidelines on Information and Advertising campaigns to be provided to the Electoral Commissioner prior to campaign certification; and
  2. details of version control and approval of the AEC Guidelines.

Australian Electoral Commission response: Agreed.

Summary of entity responses

37. The proposed audit report was provided to Finance, AGD, AEC and Health, with an extract being provided to the Independent Communications Committee. The entities’ summary responses are provided below, and their full responses are included at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Department of Finance

The Department of Finance welcomes the conclusion that the Department has been effective in the whole-of-government administration of the Government’s campaign advertising framework, including Finance’s role in supporting entities, providing secretariat support to the Independent Communications Committee, meeting its requirements for reporting on campaign advertising expenditure by non-corporate Commonwealth entities, and having arrangements in place to manage brand safety risks relating to advertising on social media platforms.

Finance agrees the two recommendations directed to the Department and will take appropriate action to address the matters raised.

Attorney-General’s Department

The Attorney-General’s Department (the department) welcomes the Australian National Audit Office’s (ANAO) report on Australian Government Advertising: November 2021 to November 2024, in particular the findings for the department’s “One Talk at a Time” campaign.

The department agrees with the recommendations and acknowledges the opportunity for administrative improvements in relation to record keeping, attribution of Australian Government involvement in campaign activity and reporting on AusTender.

The department acknowledges the ANAO’s finding that the campaign successfully achieved one objective and “partially achieved” two others. However, the full evaluation of the campaign’s effectiveness is yet to be completed and is expected to conclude in 2025, following the completion of below-the-line activities.

The department is committed to continuous improvement and will use the ANAO’s findings and recommendations to further refine our campaign processes and guidance.

Australian Electoral Commission

The Australian Electoral Commission (AEC) welcomes the ANAO report.

The AEC notes it is exempt from the Australian Government Guidelines on Information and Advertising Campaigns by non-corporate Commonwealth entities, including exemption from review and approval of AEC campaigns by government. This is due to the need for campaigns on electoral events to be independent of government. Instead, the AEC has its own Guidelines and certification process.

The AEC agrees with the one recommendation relating to improvement of our own Guidelines; and acknowledges the areas for improvement. We have reviewed and are addressing the highlighted administrative processes, noting they do not compromise compliance with our Guidelines.

The AEC remains committed to continuous improvement, and to our ongoing conformance with the intent of the Australian Government Guidelines.

Department of Health and Aged Care

The Department of Health and Aged Care (the department) acknowledges the findings in this report. The department is committed to responding to the opportunities for improvement identified by the Australian National Audit Office.

It is pleasing to note the finding the department was largely compliant with the Australian Government’s campaign advertising framework, including the review, certification and publication requirements.

The department also welcomes the finding the department complied with the requirements of Principles 1, 3 and 4 of the 2022 Australian Government Guidelines on Information and Advertising Campaigns and largely complied with Principles 2 and 5 of the Guidelines. The department also appreciates the report’s recognition the department established arrangements and processes to meet the objectivity requirements of Principle 2 of the Guidelines and mitigate the risks associated with engaging with influencers.

The audit identified two opportunities to improve the documentation of how a diverse range of Australians are reflected in campaign imagery and ensuring campaign materials contain appropriate attribution of the department’s involvement. To address these findings, the department will continue to strengthen its administrative processes when implementing government advertising campaigns.

Key messages from this audit for all Australian Government entities

38. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Stewardship by framework policy owners

Key learning reference
  • Agencies responsible for whole-of-government frameworks should exercise stewardship of these frameworks, including by proactively identifying and managing emerging risks and issues related to the framework and maintaining a system of assurance and evaluation to ensure the framework remains fit for purpose.
Group title

Governance and risk management

Key learning reference
  • Entities undertaking advertising or information campaigns involving media partnerships and social media influencers should have appropriate assurances in place to ensure compliance with requirements, including documenting review and approval of all campaign materials and ensuring materials contain appropriate authorisation or attribution of Australian Government contribution.
Type: Financial statement audit
Report number: 22 of 2024-25
Portfolios: Across Entities
Entities: Across Entities
Date tabled/scheduled:
Audit Summary : show

Executive summary

The Australian National Audit Office (ANAO) publishes an annual audit work program (AAWP) which reflects the audit strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public, and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits, performance statements audits and other assurance activities. As set out in the AAWP, the ANAO prepares two reports annually that, drawing on information collected during financial statements audits, provide insights at a point in time of financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities. These reports provide Parliament with an independent examination of the financial accounting and reporting of public sector entities.

These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entity’s capacity to transparently discharge its duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during audits that pose either a significant or moderate risk to an entity’s ability to prepare financial statements free from material misstatement are reported.

This report presents the final results of the 2023–24 audits of the Australian Government’s Consolidated Financial Statements (CFS) and 245 Australian Government entities. The Auditor-General Report No. 42 2023–24 Interim Report on Key Financial Controls of Major Entities, focused on the interim results of the audits of 27 of these entities.

Consolidated financial statements

Audit results

1. The CFS presents the whole of government and the General Government Sector financial statements. The 2023–24 CFS were signed by the Minister for Finance on 28 November 2024 and an unmodified auditor’s report was issued on 2 December 2024.

2. There were no significant or moderate audit issues identified in the audit of the CFS in 2023–24 or 2022–23.

Australian Government financial position

3. The Australian Government reported a net operating balance of a surplus of $10.0 billion ($24.9 billion surplus in 2022–23). The Australian Government’s net worth deficiency decreased from $570.3 billion in 2022–23 to $567.5 billion in 2023–24 (see paragraphs 1.8 to 1.26).

Financial audit results and other matters

Quality and timeliness of financial statements preparation

4. The ANAO issued 240 unmodified auditor’s reports as at 9 December 2024. The financial statements were finalised and auditor’s reports issued for 79 per cent (2022–23: 91 per cent) of entities within three months of financial year-end. The decrease in timeliness of auditor’s reports reflects an increase in the number of audit findings and legislative breaches identified by the ANAO, as well as limitations on the available resources within the ANAO in order to undertake additional audit procedures in response to these findings

5. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-one per cent of entities delivered financial statements in line with an agreed timetable (2022–23: 72 per cent). The total number of adjusted and unadjusted audit differences decreased during 2023–24, although 38 per cent of audit differences remained unadjusted. The quantity and value of adjusted and unadjusted audit differences indicate there remains an opportunity for entities to improve quality assurance over financial statements preparation processes (see paragraphs 2.138 to 2.154).

Timeliness of financial reporting

6. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. Timeliness of tabling of entity annual reports improved. Ninety-three per cent (2022–23: 66 per cent) of entities that are required to table an annual report in Parliament tabled prior to the date that the portfolio’s supplementary budget estimates hearing commenced. Supplementary estimates hearings were held one week later in 2023–24 than in 2022–23. Fifty-seven per cent of entities tabled annual reports one week or more before the hearing (2022–23: 12 per cent). Of the entities required to table an annual report, 4 per cent (2022–23: 6 per cent) had not tabled an annual report as at 9 December 2024 (see paragraphs 2.155 to 2.166).

Official hospitality

7. Eighty-one per cent of entities permit the provision of hospitality and the majority have policies, procedures or guidance in place. Expenditure on the provision of hospitality for the period 2020–21 to 2023–24 was $70.0 million. Official hospitality involves the provision of public resources to persons other than officials of an entity to achieve the entity’s objectives. Entities that provide official hospitality should have policies, and guidance in place which clearly set expectations for officials. There are no mandatory requirements for entities in managing the provision of hospitality, however, the Department of Finance (Finance) does provide some guidance to entities in model accountable authority instructions. Of those entities that permit hospitality 83 per cent have established formal policies, guidelines or processes.

8. Entities with higher levels of exposure to the provision of official hospitality could give further consideration to implementing or enhancing compliance and reporting arrangements. Seventy-four per cent of entities included compliance requirements in their policies, procedures or guidance which support entity’s obtaining assurance over the conduct of official hospitality. Compliance processes included acquittals, formal reporting, attestations from officials and/or periodic internal audits. Thirty-one per cent of entities had established formal reporting on provision of official hospitality within their entities (see paragraphs 2.36 to 2.56).

Artificial intelligence

9. Fifty-six entities used artificial intelligence (AI) in their operations during 2023–24 (2022–23: 27 entities). Most of these entities had adopted AI for research and development activities, IT systems administration and data and reporting.

10. During 2023–24, 64 per cent of entities that used AI had also established internal policies governing the use of AI (2022–23: 44 per cent). Twenty-seven per cent of entities had established internal policies regarding assurance over AI use. An absence of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences. In September 2024, the Digital Transformation Agency (DTA) released the Policy for the responsible use of AI in government, which establishes requirements for accountability and transparency on the use of AI within entities (see paragraphs 2.67 to 2.71).

Cloud computing

11. Assurance over effectiveness of cloud computing arrangements (CCA) could be improved. During 2023–24, 89 per cent of entities used CCAs as part of the delivery model for the IT environment, primarily software-as-a-service (SaaS) arrangements. A Service Organisation Controls (SOC) certificate provides assurance over the implementation, design and operating effectiveness of controls included in contracts, including security, privacy, process integrity and availability. Eighty-two per cent of entities did not have in place a formal policy or procedure which would require the formal review and consideration of a SOC certificate.

12. In the absence of a formal process for obtaining and reviewing SOC certificates, there is a risk that deficiencies in controls at a service provider are not identified, mitigated or addressed in a timely manner (see paragraphs 2.57 to 2.66).

Audit committee member rotation

13. Audit committee member rotation considerations could be enhanced. The rotation of audit committee membership is not mandated, though guidance to the sector indicates that rotation of members allows for a flow of new skills and talent through committees, supporting objectivity. Forty-six per cent of entities did not have a policy requirement for audit committee member rotation.

14. Entities could enhance the effectiveness of their audit committees by adopting a formal process for rotation of audit committee membership, which balances the need for continuity and objectivity of membership (see paragraphs 2.16 to 2.21).

Fraud framework requirements

15. The Commonwealth Fraud Control Framework 2017 encourages entities to conduct fraud risk assessments at least every two years and entities responsible for activities with a high fraud risk may assess risk more frequently. All entities had in place a fraud control plan. Ninety-seven per cent of entities had conducted a fraud risk assessment within the last two years. Changes to the framework which occurred on 1 July 2024 requires entities to expand plans to take account of preventing, detecting and dealing with corruption, as well as periodically examining the effectiveness of internal controls (see paragraphs 2.16 to 2.21).

Summary of audit findings

16. Internal controls largely supported the preparation of financial statements free from material misstatement. However, the number of audit findings identified by the ANAO has increased from 2023–24. A total of 214 audit findings and legislative breaches were reported to entities as a result of the 2023–24 financial statements audits. These comprised six significant, 46 moderate, 147 minor audit findings and 15 legislative breaches. The highest number of findings are in the categories of:

  • IT control environment, including security, change management and user access;
  • compliance and quality assurance frameworks, including legal conformance; and
  • accounting and control of non-financial assets.

17. IT controls remain a key issue. Forty-three per cent of all audit findings identified by the ANAO related to the IT control environment, particularly IT security. Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage. The number of IT findings identified by the ANAO indicate that there remains room for improvement across the sector to enhance governance processes supporting the design, implementation and operating effectiveness of controls.

18. These audits findings included four significant legislative breaches, one of which was first identified since 2012–13. The majority (53 per cent) of other legislative breaches relate to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal. Entities could take further steps to enhance governance supporting remuneration to prevent non-compliance or incorrect payments from occurring (see paragraphs 2.72 to 2.137).

Financial sustainability

19. An assessment of an entity’s financial sustainability can provide an indication of financial management issues or signal a risk that the entity will require additional or refocused funding. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk (see paragraphs 2.167 to 2.196).

Reporting and auditing frameworks

Changes to the Australian public sector reporting framework

20. The development of a climate-related reporting framework and assurance regime in Australia continues to progress. ANAO consultation with Finance to establish an assurance and verification regime for the Commonwealth Climate Disclosure (CCD) reform is ongoing (see paragraphs 3.20 to 3.24).

21. Emerging technologies (including AI) present opportunities for innovation and efficiency in operations by entities. However, rapid developments and associated risks highlight the need for Accountable Authorities to implement effective governance arrangements when adopting these technologies. The ANAO is incorporating consideration of risks relating to the use of emerging technologies, including AI, into audit planning processes to provide Parliament with assurance regarding the use of AI by the Australian Government (see paragraphs 3.25 to 3.33).

22. The ANAO Audit Quality Report 2023–24 was published on 1 November 2024. The report demonstrates the evaluation of the design, implementation and operating effectiveness of the ANAO’s Quality Management Framework and achievement of ANAO quality objectives (see paragraphs 3.34 to 3.39).

23. The ANAO Integrity Report 2023–24 and the ANAO Integrity Framework 202425 were also published on 1 November 2024 to provide transparency of the measures undertaken to maintain a high integrity culture within the ANAO (see paragraphs 3.44 to 3.46).

Cost of this report

24. The cost to the ANAO of producing this report is approximately $445,000.

Type: Performance audit
Report number: 17 of 2024-25
Portfolios: Prime Minister and Cabinet
Entities: Aboriginal Hostels Limited; Aboriginal Investment NT; Outback Stores Pty Ltd
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.1

2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires an official of a corporate Commonwealth entity (CCE) to:

  • not improperly use their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others2; and
  • disclose the details of any material personal interests that relate to the affairs of the entity.3

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further guidance for CCE officials, including that material personal interests must be disclosed as soon as practicable after becoming aware of them or when there are changes in the interests. The disclosure must include details of the nature and extent of the interest and how the interest relates to the affairs of the entity.4

4. The Corporations Act 2001 (Corporations Act) sets out comparable requirements for Commonwealth companies, including a ‘Director’s duty to notify other directors of [a] material personal interest when [a] conflict arises’, including outlining details of the nature and extent of the interest and how it relates to the affairs of the company. The notice must be given at a directors’ meeting as soon as practicable after the director becomes aware of their interest in the matter and details must be recorded in the minutes of the meeting.5

Rationale for undertaking the audit

5. Public confidence in Commonwealth entities and Commonwealth companies can be damaged when conflicts of interest are not appropriately identified and managed. The public is entitled to have confidence in the integrity of public officials, and to know that officials’ personal interests do not conflict with their public duties.

6. Specialist skills and expertise may be required to provide a suitable composition for Commonwealth boards. The board members that are appointed to boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member.

7. The NACC and the Australian Public Service Commission (APSC) have highlighted functions commonly undertaken by Australian Government entities that have a heightened risk of conflicts of interest, including procurement, recruitment and grant activities.6

8. This audit was conducted to provide assurance to the Parliament that the selected entities are ensuring the integrity of their functions by appropriately managing conflicts of interest.

9. The selected entities represent a cross section of Indigenous portfolio agencies in the Prime Minister and Cabinet portfolio, each with a board as its accountable authority under the PGPA Act:

  • Aboriginal Hostels Limited (AHL) is a Commonwealth company which employs staff under the Public Service Act 1999;
  • Aboriginal Investment NT (known prior to August 2024 as the Northern Territory Aboriginal Investment Corporation) is a CCE; and
  • Outback Stores Pty Ltd (Outback Stores) is a Commonwealth company.

Audit objective and criteria

10. The objective of the audit was to assess the effectiveness of the management of conflicts of interest by AHL, Aboriginal Investment NT and Outback Stores.

11. To form a conclusion against the objective, the ANAO adopted the following two high-level audit criteria:

  • Have the entities developed appropriate arrangements to manage conflicts of interest?
  • Are the entities effectively managing conflicts of interest consistent with their own policies?

12. The audit examined the entities’ management of conflicts of interest over the period 1 July 2021 to 30 June 2024, including in the areas of board governance, recruitment, procurement, annual Senior Executive Service declarations (AHL) and grant management (Aboriginal Investment NT).

Conclusion

13. AHL, Aboriginal Investment NT and Outback Stores were partly effective in the management of conflicts of interest. While there were frameworks in place to manage conflicts of interest, there were shortcomings with the implementation of those frameworks. There were deficiencies with the documentation of board consideration of conflicts and documentation of conflicts of interest declarations and management actions for procurement, recruitment and grant activity.

14. AHL, Aboriginal Investment NT and Outback Stores have developed largely appropriate arrangements to manage conflict of interest consistent with legislative requirements of corporate Commonwealth entities (Aboriginal Investment NT) and Commonwealth companies (AHL and Outback Stores). Each entity has assessed conflict of interest risks, developed a conflict of interest policy and implemented arrangements to support the declaration of interests by board members. AHL and Aboriginal Investment NT require activity specific conflict of interest declarations for staff involved in procurement and recruitment. Aboriginal Investment NT and Outback Stores implemented conflict of interest training for their boards and employees in 2024. AHL requires employees to undertake integrity training but has not implemented training for board members. All entities have implemented some form of assurance arrangement. AHL did not address alleged conflict of interest matters that were identified in three complaints, and Outback Stores did not have a complaints system or undertake controls assessment.

15. The entities were partly effective in implementing arrangements for managing conflicts of interest. Board assessments of declarations of interest were not sufficient to record whether the board had determined declarations to be material personal interests. Aboriginal Investment NT’s board did not include declarations of interests in three out of session meetings and a workshop and did not always record the nature and extent of declared conflicts. There were instances of Aboriginal Investment NT Grants Committee members with declared conflicts of interest recommending grant applications for board approval. AHL did not adequately document conflict of interest management for recruitment as required by its policy. Aboriginal Investment NT did not adequately document conflict of interest management for procurement as required by its policy. The Outback Stores board recorded board members’ interests as conflicts of interest without documenting its assessment of the interests. AHL did not monitor training completion rates.

Supporting findings

Arrangements to manage conflicts of interest

16. All entities assessed conflict of interest risks within their enterprise risk management frameworks. Aboriginal Investment NT’s and Outback Stores’ conflict of interest risk assessments occurred between April and June 2024.

  • AHL had a conflict of interest related risk factor and control for recruitment in its enterprise risk register until March 2023. AHL assessed conflict of interest risks relating to ‘leakage’ of hostel accommodation revenue, procurement, and acceptance of gifts and benefits in its fraud risk register. Not all existing controls for conflict of interest were identified in these assessments.
  • From April to June 2024 Aboriginal Investment NT assessed conflict of interest risks relating to procurement, recruitment and grant assessment. These assessments were undertaken after conflict of interest risks had been realised with its first grant round, which ran from May 2023 to February 2024.
  • Outback Stores included an entity-wide conflict of interest risk in its risk register in May 2024 with mitigation strategies including development of a conflict of interest policy, declaration processes, and training and education arrangements. (see paragraphs 2.3 to 2.17)

17. All entities have developed arrangements for declaring, managing and overseeing conflicts of interest, including establishing gifts, benefits and hospitality policies and registers. All entities refreshed conflict of interest-related policies and procedures during 2024.

  • AHL had a conflict of interest policy and specific arrangements for managing conflict of interest for recruitment. AHL’s procurement policy was updated in April 2024 to include a requirement for activity specific conflict of interest declarations.
  • In May 2024 Aboriginal Investment NT implemented a conflict of interest policy and introduced declaration requirements for recruitment. After conflict of interest issues were identified with its first grant round, which ran from May 2023 to February 2024, it updated its policies, guidelines and forms to strengthen declaration and management requirements.
  • Outback Stores implemented a conflict of interest policy in June 2024. Its Board Charter does not fully align with provisions of the Corporations Act relating to declaration of interests. (see paragraphs 2.18 to 2.81)

18. All entities have developed training and education arrangements to promote compliance with conflict of interest requirements. Board members for all entities are provided with induction packs that outline conflict of interest requirements. Aboriginal Investment NT and Outback Stores developed online conflict of interest training for employees and board members in 2024. New and existing AHL employees undertake mandatory APS integrity training. The National Indigenous Australians Agency provides support to Indigenous portfolio agencies in the Prime Minister and Cabinet portfolio. (see paragraphs 2.82 to 2.104)

19. All entities implemented some form of arrangement to obtain assurance over the management of conflicts of interest.

  • AHL undertook internal audits which detected deficiencies in its conflicts of interest arrangements for recruitment and complaints management. AHL has a complaints system, but it did not consider conflict of interest-related aspects of three complaints in accordance with its Conflict of Interest Policy.
  • Aboriginal Investment NT has implemented a complaints system and undertook an internal audit in 2024 which detected deficiencies in its conflicts of interest arrangements for grants assessment.
  • Outback Stores undertook an internal audit in 2024 that assessed compliance with its June 2024 Conflict of Interest Policy. It did not have a complaints system or undertake controls assessment. (see paragraphs 2.105 to 2.127)

Effectiveness of conflict of interest arrangements

20. Each entities’ board had processes for members to declare interests and conflicts of interests. All of the boards were deficient in recording their assessment of board members’ declared interests and whether they were considered to be material personal interests. Deficiencies were also identified with activity-specific processes for declaring and managing conflicts of interest relating to recruitment (all entities), procurement (all entities), SES declarations (AHL), and grant assessment (Aboriginal Investment NT).

  • AHL did not record its assessment of whether a board member’s declared interest as a conflict and no management plan was put in place. AHL complied with the requirement for annual declaration of SES interests, but record keeping was deficient. While conflicts of interest for AHL’s recruitment activities were generally declared consistent with its policy, management of conflicts were not always documented. AHL’s procurement processes were largely consistent with policy requirements.
  • Aboriginal Investment NT had three out of session board meetings and one board workshop where the standard declaration of interests agenda item did not occur. Aboriginal Investment NT did not always document the nature and extent of conflicts of interest declared by board members and grants committee members, and in some instances grants committee members with declared conflicts voted to recommend board approval of grant applications. Aboriginal Investment NT did not follow its procurement policy requirements for activity-specific conflict of interest declarations.
  • Outback Stores recorded board member’s declared interests as ‘conflicts of interest’ without documenting how it related to the affairs of the entity or management plans. It did not have any declared conflicts of interest for procurement and recruitment activity. (see paragraphs 3.3 to 3.50)

21. Aboriginal Investment NT and Outback Stores established monitoring arrangements for their conflict of interest training, which was implemented in 2024, and achieved employee completion rates of over 90 per cent. AHL does not monitor employee completion rates for mandatory integrity training or conflicts of interest components of induction training. (see paragraphs 3.51 to 3.59)

Recommendations

Recommendation no. 1

Paragraph 2.11

Aboriginal Hostels Limited undertake an assessment of drivers behind employee responses to the corrupt behaviour question in the Australian Public Service Employee Census and use this assessment to reassess the entity’s conflict of interest risks.

Aboriginal Hostels Limited response: Agreed.

Recommendation no. 2

Paragraph 2.112

Aboriginal Hostels Limited establish processes to ensure that conflict of interest matters are addressed and documented in complaint management.

Aboriginal Hostels Limited response: Agreed.

Recommendation no. 3

Paragraph 3.17

Aboriginal Hostels Limited establish processes to ensure that employees comply with its recruitment policy requirements to declare, manage and document conflicts of interest.

Aboriginal Hostels Limited response: Agreed.

Recommendation no. 4

Paragraph 3.30

Aboriginal Investment NT establish processes to ensure employees comply with its procurement policy requirements to declare, manage and document conflicts of interest.

Aboriginal Investment NT response: Agreed.

Recommendation no. 5

Paragraph 3.41

Aboriginal Hostels Limited, Aboriginal Investment NT and Outback Stores implement arrangements to record their boards’ assessment of whether a declaration made by a board member is determined to be a material personal interest. Where the interest is determined to be a material personal interest, boards should record the disclosure and consequence in accordance with legislative requirements.

Aboriginal Hostels Limited response: Agreed.

Aboriginal Investment NT response: Agreed.

Outback Stores response: Agreed.

Summary of entity responses

22. The proposed audit report was provided to AHL, Aboriginal Investment NT and Outback Stores. An extract was provided to the National Indigenous Australians Agency (NIAA). The summary responses are reproduced below. The full responses from each entity are at Appendix 1. Improvements observed by the ANAO during the course of this audit are listed in Appendix 2.

Aboriginal Hostels Limited

AHL acknowledges the findings in the report, gratefully accepts its recommendations and will take appropriate action to strengthen areas relating to the implementation of our established frameworks for managing conflicts of interest.

I would like to thank the ANAO audit team for their professional and collaborative approach throughout this process.

Aboriginal Investment NT

We welcome the report and accept its recommendations. As a newly established corporate Commonwealth entity, ensuring trust and confidence in our arrangements through the highest integrity standards is vital. We are committed to ensuring that appropriate control and procedural arrangements are implemented as our organisation continues to grow and mature. We have already undertaken steps to implement the recommendations and have planned for an internal audit to follow up on their implementation. This internal audit has been scheduled in our 2024–25 Strategic Internal Audit Program.

Outback Stores Pty Ltd

Thank you for your correspondence of 28 October 2024 regarding the proposed report under s.19 of the Auditor–General Act 1997 on the management of conflicts of interest.

Outback Stores acknowledges the importance of the audit in providing assurance to the Parliament over the effectiveness of the management of conflicts of interest. Further, the broader public are entitled to have confidence in officials of all Indigenous portfolio bodies in the integrity of these agencies.

Outback Stores accept the key findings, recommendations and opportunities for improvement outlined in the report, with alignment to the sole recommendation complete.

Key messages from this audit for all Australian Government entities

23. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • As accountable authorities of organisations, boards have a key role to play in setting the tone for dealing with risk and acting with integrity. Identifying and managing conflicts of interests is an area in which the way a board operates can influence the entity it governs. Developing good practice and assuring it can be a positive signal to the entity.
  • Once appropriate frameworks are established, accountable authorities should actively monitor conflict of interest arrangements to ensure that these are being undertaken and remain effective by:
    • regularly assessing conflict of interest risks in the context of entity operations and the Commonwealth Fraud and Corruption Framework;
    • monitoring key metrics including APS Census results, completion of training for conflict of interest and integrity; and completion of SES annual declarations of interest; and
    • undertaking regular communication and assurance activities to ensure conflicts are being declared and managed, and that appropriate records are being maintained.
Group title

Grants and procurement

Key learning reference
  • Where conflict of interest issues arise during a grant assessment, procurement or recruitment activity, it may be appropriate to pause the activity to investigate and address the issues and recommence when the issues have been resolved.
Type: Performance audit
Report number: 14 of 2024-25
Portfolios: Prime Minister and Cabinet
Entities: Indigenous Business Australia; National Indigenous Australians Agency
Date tabled/scheduled:
Audit Summary : show

Summary

Background

1. Indigenous Business Australia (IBA) is a corporate Commonwealth entity established under the Aboriginal and Torres Strait Islander Act 2005. IBA’s purpose includes to enhance Aboriginal and Torres Strait Islander self-management and economic self-sufficiency.1 The National Indigenous Australians Agency (NIAA) is a non-corporate Commonwealth entity established as an executive agency in 2019. It is the lead Australian Government agency for Aboriginal and Torres Strait Islander policies and programs. NIAA’s purpose includes advancing a whole-of-government approach to improving the lives of Aboriginal and Torres Strait Islander people.2

2. Parliamentary committee and Auditor-General reports identify risks to the successful delivery of government outcomes and provide recommendations to address them. Where a parliamentary committee has made policy recommendations, the responsible minister is required to prepare and table a government response in the Parliament. The Auditor-General provides independent assurance as to whether the Executive government is operating and accounting for its performance in accordance with the Parliament’s intent. Auditor-General reports, which include audited entities’ responses to recommendations, are tabled in the Parliament. The tabling in the Parliament of an agreed response to parliamentary committee or Auditor-General recommendations is a formal commitment by the government or an entity to implement the recommended actions.

3. Successful implementation of agreed3 recommendations by Australian government entities requires effective governance arrangements to respond to, monitor and implement recommendations, with fit-for-purpose and proportionate implementation planning that sets clear responsibilities and timeframes for delivering the agreed actions.

4. The ANAO undertakes audits of implementation of recommendations made by parliamentary committees and the Auditor-General.4

Rationale for undertaking the audit

5. Parliamentary committee and Auditor-General reports have identified risks to and shortcomings in the successful delivery of outcomes in the Indigenous affairs portfolio. Recommendations have specified actions aimed at addressing those risks and identified opportunities for improving public administration. Implementation of agreed recommendations delivers on a formal commitment to the Parliament and is an important part of realising the full benefit of a parliamentary inquiry or audit. Appropriate and timely implementation of agreed recommendations demonstrates accountability to the Parliament and a commitment to improving public administration.

6. This audit provides assurance to the Parliament about whether recommendations directed to IBA and NIAA are being implemented as agreed.

Audit objective and criteria

7. The audit objective was to examine whether the selected entities have implemented a selection of agreed parliamentary committee and Auditor-General recommendations.

8. To form a conclusion against the objective, the following high-level criteria were adopted.

  • Do IBA and NIAA have fit-for-purpose arrangements to respond to, monitor and implement agreed recommendations?
  • Did IBA and NIAA respond to and implement agreed recommendations effectively?

9. To allow sufficient time for implementation, the ANAO examined implementation of agreed recommendations made between January 2020 and December 2022. The 25 recommendations examined comprised 10 recommendations from three parliamentary committee reports, and 15 recommendations from four Auditor-General reports.

Conclusion

10. As at August 2024, IBA had largely implemented the agreed recommendations examined in this audit, and NIAA had partly implemented the agreed recommendations. Implementation was not supported by robust governance arrangements in either entity, although arrangements matured during the course of the audit.

11. IBA’s arrangements to respond to, implement and monitor agreed parliamentary committee and Auditor-General recommendations are largely fit for purpose. IBA documented practices for managing recommendations in 2024. As at August 2024, these practices were not fully implemented as IBA was not subject to any parliamentary committee recommendations. NIAA’s arrangements to respond to parliamentary committee and Auditor-General recommendations are partly fit for purpose. NIAA documented practices for managing recommendations in 2024. These included new practices for managing parliamentary committee recommendations. As at August 2024, these practices were not fully implemented. The practices have the potential to be fit for purpose.

12. NIAA’s advice to government on how to respond to parliamentary committee recommendations was partly effective. IBA fully implemented three of the four agreed Auditor-General recommendations and largely implemented the remaining one. NIAA fully implemented six of 21 agreed parliamentary committee and Auditor-General recommendations and largely implemented one. Implementation of the remaining 14 NIAA recommendations was either partial (seven) or ongoing as at August 2024 (seven).

Supporting findings

Arrangements for managing agreed recommendations

13. IBA documented practices to respond to, implement, monitor and close agreed parliamentary committee recommendations in April 2024. These practices include implementation planning that covers roles and responsibilities, timeframes and risk. As at August 2024, these practices had not been implemented as IBA had no active parliamentary recommendations. NIAA documented practices to identify and respond to parliamentary committee recommendations in September 2023. NIAA does not monitor compliance with required timeframes for responding to parliamentary committee recommendations, and practices could be improved to promote better timeliness. NIAA documented practices to implement, monitor and close agreed parliamentary committee recommendations in August 2024. This followed commitments made to the Executive Board, Audit and Risk Committee and the Parliament to clarify and improve practices. As at August 2024, NIAA’s practices documented in August 2024 have not been implemented. (See paragraphs 2.4 to 2.39)

14. IBA and NIAA have established practices to respond to, implement, monitor and close agreed Auditor-General recommendations, including reporting to audit and risk committees and providing implementation updates to accountable authorities. IBA’s management practices for Auditor-General recommendations were documented and strengthened to include implementation planning in April 2024. IBA’s practices could be improved to clarify the role of the IBA Board in approving responses to recommendations. NIAA’s practices were documented in August 2024. This included formalising practices for implementation planning established in October 2023, requiring reporting to the Executive Board on implementation and closure, and improving closure practices to support the Audit and Risk Committee to fulfil its assurance function. (See paragraphs 2.40 to 2.63)

Implementation of agreed recommendations

15. IBA was not the subject of parliamentary committee recommendations in the timeframe examined in this audit. NIAA was responsible for coordinating the government response to two parliamentary committee reports examined in this audit. NIAA did not provide draft responses and associated advice in sufficient time to enable government to table responses in the timeframes set by the Parliament. Draft responses prepared by NIAA were consistent with relevant Australian Government guidelines, except that responses to disagreed recommendations did not always clearly state why the recommendation was not accepted. Advice to the Minister for Indigenous Australians (the minister) for recommendations that were accepted did not always include implementation details; risks or sensitivities; or a timeframe. In October 2022, the minister requested more information on outstanding responses to parliamentary committee reports, which was not provided. In April 2024, NIAA recommended to the minister that a ‘standard response’ be made to 39 recommendations in 10 outstanding parliamentary reports dating back to 2010. The response ‘noted’ the recommendations and stated that, given the passage of time, a substantive response was no longer appropriate. This was in line with correspondence from the government, except that NIAA did not advise the minister on whether or why a different response might be warranted. (See paragraphs 3.5 to 3.21)

16. Implementation planning for the examined recommendations was limited in both entities.

  • IBA assigned responsibility and identified implementation actions for all four recommendations. It did not establish timeframes or assign risk ratings.
  • NIAA’s implementation planning for 10 parliamentary committee recommendations was partial or not undertaken. NIAA assigned responsibility for all 11 Auditor-General recommendations examined. Other elements of implementation planning were not consistently undertaken. (See paragraphs 3.22 to 3.26)

17. IBA’s monitoring, assurance and closure of the four recommendations improved over the time period examined by the audit. IBA monitored implementation progress for all Auditor-General recommendations. Reporting on some recommendations to the Audit, Risk and Performance Committee was not timely nor complete until the committee requested evidence of implementation in September 2022. After September 2022, IBA prepared closure reports and effectively closed all recommendations.

18. NIAA did not consistently monitor implementation progress for the parliamentary committee recommendations examined in this audit, or report on progress to an oversight or assurance body. NIAA did not formally close the three (of 10) recommendations it considered implemented. NIAA monitored implementation progress for all 11 Auditor-General recommendations examined in this audit, and reported progress to the Audit and Risk Committee. Reporting on some recommendations was not timely. While closure reports were prepared for all 11 recommendations (which NIAA considered implemented), one closure report had no supporting evidence, senior official approval was inconsistently recorded and evidenced, and 10 closure reports were not shared with the Audit and Risk Committee. The committee noted closure of all 11 recommendations. (See paragraphs 3.27 to 3.42)

19. IBA and NIAA’s implementation of the 25 agreed recommendations examined in this audit, as at August 2024, was as follows.

  • Of four Auditor-General recommendations to IBA, IBA considered all four to have been implemented. The ANAO assessed that three recommendations were fully implemented and one was largely implemented.
  • Of 10 parliamentary committee recommendations relevant to NIAA, NIAA considered two were fully implemented and one was partly implemented. The ANAO assessment agreed with NIAA’s.
  • Of 11 Auditor-General recommendations to NIAA, NIAA considered all 11 to be fully implemented. The ANAO assessed that four recommendations were fully implemented, one was largely implemented, and six were partly implemented.
  • Of the 21 recommendations relevant to NIAA, responses to 11 included commitments that were additional to the recommendation. The ANAO assessed that additional commitments were fully implemented for three; partly implemented for five; and that implementation was still ongoing for three. (See paragraphs 3.43 to 3.54)

Recommendations

20. The Auditor-General did not make any recommendations. Eight opportunities for improvement were identified, relating to:

  • IBA’s practices for responding to parliamentary committee and Auditor-General recommendations;
  • NIAA’s practices for monitoring parliamentary activity, assisting government to responding to parliamentary committee recommendations, and closing Auditor-General recommendations; and
  • the Department of the Prime Minister and Cabinet’s guidance to Australian Government entities on responding to parliamentary committee recommendations.

Summary of entity responses

21. The proposed audit report was provided to IBA and NIAA. An extract of the proposed audit report was provided to the Department of the Prime Minister and Cabinet. Entities’ summary responses are provided below. Entities’ full responses are provided at Appendix 1.

Indigenous Business Australia

Indigenous Business Australia (IBA) wishes to thank the ANAO for their professional and collaborative engagement with IBA throughout this audit.

The performance audit process has been useful for IBA in driving further improvements in internal processes relating to the implementation and management of ANAO and parliamentary committee recommendations and IBA will consider the further opportunities for improvement as part of its continual improvement processes.

National Indigenous Australians Agency

The National Indigenous Australians Agency (NIAA) welcomes the findings of the audit, including that it has established practices to respond to, implement, monitor and close parliamentary committee and Auditor-General recommendations. The NIAA acknowledges the opportunities for improvement identified in the report and has already made significant progress to strengthen processes for managing and implementing parliamentary committee and Auditor-General recommendations.

Department of the Prime Minister and Cabinet

The Department of the Prime Minister and Cabinet (the department) regularly reviews processes to ensure the robust provision of support to parliamentary committees and guidance to entities. This includes providing advice to entities on parliamentary committee reports with substantive recommendations that require responses from the Government. As part of this process, the department ensures entities are aware of the timeframes under Senate resolution 44 for responding to committee reports.

The department’s Tabling Guidelines provide advice on the preparation of government responses, including that all recommendations must be addressed and reasons provided for not accepting a recommendation, and timeframes for responses as set by Parliament.

Key messages from this audit for all Australian Government entities

22. The ANAO undertakes audits of implementation of recommendations made by parliamentary committees and the Auditor-General. In June 2021, the ANAO published Audit Insights: Implementation of Audit Recommendations, which includes observations from these audits for the benefit of all Australian Government entities.

23. Below are further key messages identified in this audit and which may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • Supporting government to meet its responsibilities to the Parliament is an important element of public sector integrity.
    • For parliamentary committee recommendations, Australian Government entities can support government by: advising ministers on requirements and better practice for the form and timing of responses to parliamentary committee reports; and monitoring compliance with required timeframes.
    • For parliamentary committee and Auditor-General recommendations, Australian Government entities can support accountability and integrity by: establishing fit-for-purpose and proportionate implementation planning for agreed recommendations; monitoring implementation; and closing recommendations on the basis of robust evidence that the intent of the recommendation has been met.
  • Parliamentary committee and Auditor-General recommendations seek to address risks identified through inquiries and audits. Audit committees are required to provide independent advice and assurance on entities’ systems of risk oversight and management and internal controls. Complete and regular reporting to audit and risk committees, including by providing evidence-based closure packs for completed parliamentary committee and Auditor-General recommendations, gives audit and risk committees visibility over how risks are being managed. This assists audit and risk committees to meet their advice and assurance functions.
Type: Performance audit
Report number: 12 of 2024-25
Portfolios: Cross-entity
Entities: Across entities
Date tabled/scheduled:
Audit Summary : show

Summary and recommendations

Background

1. The National Anti-Corruption Commission’s (NACC’s) 2022/2023 Integrity Outlook states:

Conflicts of interest are also a prevalent source of corruption issues. Many types of corrupt conduct – such as breaches of public trust, abuse of office and misuse of information – originate from conflicts of interest. Such conflicts therefore pose a substantial risk for government agencies, parliamentarians, and public officials. This is why identifying, disclosing and managing potential conflicts of interest is a critical pillar of integrity architectures.1

2. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) sets out general duties of accountable authorities and officials of Australian Government entities.2 The general duties related to conflicts of interest for an official include:

  • not improperly using their position or information obtained through their position to gain or seek to gain a benefit or advantage for themselves or others, or to cause detriment to the entity, Commonwealth or others3; and
  • disclosing the details of any material personal interests that relate to the affairs of the entity.4

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) provides further detail on requirements for managing conflicts of interest.5 Under the PGPA Act, accountable authorities have a duty to establish and maintain appropriate systems of risk oversight and management and internal control.6 In addition, the PGPA Rule establishes a requirement for the accountable authority to take all reasonable measures to prevent, detect and deal with fraud and corruption relating to the entity.7

4. Boards of corporate Commonwealth entities (CCEs) are the accountable authority unless otherwise prescribed by an Act or the rules. Membership of boards can consist of both executive directors and non-executive directors. CCE boards are responsible for the operations of their entities.

5. The Department of Finance states:

Corporate Commonwealth entities generally have enabling legislation that establishes the scope of their activities and a multi-member accountable authority (such as a board of directors).

6. Specialist skills and expertise may be required to provide a suitable composition for a CCE board. The board members that are appointed to CCE boards in respect of their specialist skills or expertise can have inherent interests that exist as a consequence of their specialist experience. For example, they may be involved in industry associations or have duties to other organisations. These interests can conflict with their duties as a board member of a CCE.

7. The operations of boards for four CCEs were selected for examination as a part of this audit:

  • the Australian Sports Commission (ASC);
  • Food Standards Australia New Zealand (FSANZ);
  • Infrastructure Australia (IA); and
  • the National Portrait Gallery of Australia (NPGA).

Rationale for undertaking the audit

8. According to the Australian Public Service Commissioner, the public is entitled to have confidence in the integrity of public officials, and to know that the personal interests of public officials do not conflict with their public duties.8 Apparent conflicts can be just as damaging to confidence in public administration as real conflicts, so disclosures and effective management of real, apparent and potential conflicts of interest is an important element of the Australian Government’s integrity framework.

9. Section 29 of the PGPA Act provides a duty to disclose material interests. CCE board members may have material personal interests that relate to their role as a member of an accountable authority. Board requirements for specific qualifications, skills and experience pose the risk that domain knowledge and industry familiarity may lead to conflicts of interest.

10. This audit was conducted to provide assurance to the Parliament that the boards of the four CCEs are effectively managing conflicts of interest.

Audit objective and criteria

11. The objective of the audit was to assess the effectiveness of the operations of the boards of four CCEs in managing conflicts of interest.

12. To form a conclusion against the objective, the ANAO examined:

  • Have the boards developed appropriate arrangements to manage board conflicts of interest?
  • Have the boards effectively managed board conflicts of interest consistent with their own policies?

13. The audit examined the operations of the boards of four CCEs in managing conflicts of interest over the period 1 July 2021 to 31 December 2023. The appointment process for board members was not examined as part of this audit.

Conclusion

14. The operations of the boards in managing conflicts of interest were largely effective. Arrangements for managing conflicts of interest were implemented by the boards in accordance with legislative requirements and documented by some of the boards in policies and procedural guidance. The effectiveness in implementing these arrangements were inconsistent across the boards which resulted in deficiencies in declaring and managing conflicts of interest by the boards. This reduced the overall effectiveness of the boards in their management of conflict of interest risks.

15. The boards have developed largely appropriate arrangements for managing conflicts of interest. All boards have implemented arrangements to support the declaration of interests by board members, including following their appointment and during the term of their appointment. The arrangements implemented by the boards were aligned to requirements in the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The board of the NPGA did not have a conflict of interest policy that included managing conflicts of interest related to its board. The boards of the ASC and FSANZ had not developed conflict of interest management plans for board members holding other roles within the Australian Government. The boards have largely relied on board induction processes to provide training and education in relation to managing conflicts of interest. The boards had implemented varying arrangements to obtain assurance over the management of conflicts of interest relating to board members.

16. The boards were partly effective in implementing arrangements for managing board conflicts of interest consistent with their own policies. There were shortcomings in the operating effectiveness of processes for declaring and managing conflicts of interest across all boards. This included instances where: declarations of interest were not obtained from newly appointed board members in a timely manner; declarations of interests were not implemented as a standing agenda item at board meetings; and boards’ assessments of declarations of interest were not sufficiently documented to record whether the board had determined declarations to be material personal interests.

Supporting findings

Arrangements to manage conflicts of interest

17. The boards had identified and assessed fraud and corruption risks within their risk management frameworks. The board of IA had identified conflict of interest controls for its then board within its operational and fraud risk registers. (See paragraphs 2.3 to 2.14)

18. All boards had arrangements for board members to declare interests following appointment and at board meetings. The arrangements implemented by the boards were aligned to requirements in the PGPA Act and PGPA Rule. The ASC, FSANZ and IA boards had policies and procedural guidance to manage board conflicts of interest. The NPGA board did not have a conflict of interest policy that provided coverage of the board, with the exception of a policy for declaring, managing and overseeing board conflicts of interest related to the acquisition of works. The boards for ASC and FSANZ had not developed management plans for potential conflicts of interest relating to ex-officio board members that held other roles within the Australian Government. (See paragraphs 2.15 to 2.60)

19. The boards largely relied on board induction processes and related resources from the Department of Finance for promoting compliance with conflict of interest requirements. The boards for the ASC and FSANZ had developed guidance specific to managing board conflicts of interest. The FSANZ board provided board members with access to its learning management system, which included training related to conflicts of interest. The IA board had delivered training for board members that included a module on conflicts of interest. None of the boards had documented training plans for board members or arrangements for monitoring training undertaken by board members. The Department of Finance’s resources on managing conflicts of interest are not specific to boards of corporate Commonwealth entities. (See paragraphs 2.61 to 2.84)

20. None of the boards had implemented an assurance strategy or framework that was specific to, or provided coverage of, board conflicts of interest. All boards had developed some form of arrangement to obtain assurance over board conflicts of interest.

  • The ASC board obtained attestations from its board members on compliance with section 29 of the PGPA Act and provided reporting to its audit committee.
  • The FSANZ board maintains a centralised register of interests declared by board members that is published on its website.
  • The IA board undertook an internal audit in 2018–19 that covered board conflicts of interest and conducted Australian Securities and Investments Commission register searches of board members’ interests in 2021 to confirm declarations.
  • The NPGA board had undertaken a specific review of board declarations to update its register of interests for board members. (See paragraphs 2.85 to 2.105)

Effectiveness of conflict of interest arrangements

21. There were instances across all boards where processes for declaring interests were not operating effectively.

  • The ASC, FSANZ and NPGA boards had instances where they held board meetings where declarations of interests were not included in agendas or obtained during board meetings.
  • The ASC and NPGA boards had instances where they did not obtain declarations of interests from newly appointed board members in a timely manner.
  • All boards did not sufficiently document their assessment of declared interests and whether they were considered to be material personal interests. (See paragraphs 3.3 to 3.24)

22. All boards had implemented induction processes for their board members that covered conflict of interest. The ASC’s board induction processes were updated to provide coverage of conflicts of interest for board members commencing from March 2022, but not all current members had received the guidance. The FSANZ, IA and NPGA boards had implemented additional training and education arrangements on conflict of interest obligations for board members. (See paragraphs 3.25 to 3.35)

Recommendations

Recommendation no. 1

Paragraph 2.52

The National Portrait Gallery of Australia update its conflict of interest policy to document requirements and arrangements for declaring, managing and overseeing conflicts of interest relating to the board.

National Portrait Gallery of Australia response: Agreed.

Recommendation no. 2

Paragraph 2.58

The Australian Sports Commission and Food Standards Australia New Zealand assess conflict of interest risks for board members holding other roles within the Australian Government, and develop mitigations that are documented in a management plan.

Australian Sports Commission response: Agreed.

Food Standards Australian New Zealand response: Agreed.

Recommendation no. 3

Paragraph 2.82

The Department of Finance improve training and education arrangements for corporate Commonwealth entities to raise awareness for entities and their board members in understanding how to implement arrangements to meet conflict of interest obligations. This should be undertaken in consultation with portfolio departments.

Department of Finance response: Agreed.

Recommendation no. 4

Paragraph 3.21

The Australian Sports Commission, Food Standards Australia New Zealand, Infrastructure Australia and National Portrait Gallery of Australia implement arrangements to record the board’s assessment of whether a declaration made by a board member is determined to be a material personal interest. Where the interest is determined to be a material personal interest, boards should record the disclosure and consequence in accordance with the Public Governance, Performance and Accountability Rule 2014.

Australian Sports Commission response: Agreed.

Food Standards Australian New Zealand response: Agreed.

Infrastructure Australia response: Agreed.9

National Portrait Gallery of Australia response: Agreed.

Summary of entity responses

23. Extracts of the proposed report were provided to the ASC, the Department of Finance, FSANZ, IA and the NPGA. The summary responses are provided below, and the full responses are included at Appendix 1. Improvements observed by the ANAO during the course of the audit are listed in Appendix 2.

Australian Sports Commission

Thank you for providing the Australian Sports Commission (ASC) with the opportunity to comment on the Australian National Audit Office (ANAO) proposed audit report on Management of Conflicts of Interest by Corporate Commonwealth Entity Boards.

The ASC acknowledges and accepts the key findings, recommendations and the opportunities for improvement presented in the Section 19 Report.

Department of Finance

The Department of Finance agrees the recommendation and findings provided in the report extract.

Food Standards Australia New Zealand

FSANZ acknowledges the importance of this audit to provide assurance to Parliament that the operations of Boards effectively manage conflicts of interest. In this context it is noted FSANZ is one of four entities (out of 74 CCE’s) assessed over the period July 2021 to December 2023.

The Board notes the audit’s findings that our arrangements for managing conflicts of interest align with the relevant legislation and are largely effective. As the independent agency responsible for the development of draft food standards for Australia and New Zealand, trust and confidence of decision-makers and stakeholders is important. The FSANZ Board takes a very conservative approach to managing conflicts of interest and, for transparency, we maintain and manage a register of all interests of Board members, regardless of whether they are classified as a material personal interest or not.

Infrastructure Australia

As the Australian Government’s independent adviser on nationally significant infrastructure investment planning and project prioritisation Infrastructure Australia values accountability, acting with integrity and upholding the highest ethical standards.

We appreciate the work of the ANAO which found that the boards of the four CCEs were largely effective in their management of conflicts of interest.

Infrastructure Australia accepts the recommendation that we strengthen our recording of the assessment and consequences of declared conflicts of interest. We have also commenced work to reflect the ANAO feedback on opportunities for improvement in administrative and management practices to strengthen our governance framework in relation to conflicts of interest.

National Portrait Gallery of Australia

The National Portrait Gallery (NPGA) welcomes the Australian National Audit Office’s (ANAO) report and accepts the recommendations made for the agency.

The report finds that the NPGA has developed largely effective arrangements for managing conflicts of interest for its the Board in accordance with legislative requirements.

The report identifies areas for improvement and makes two recommendations where the NPGA can take steps to strengthen its processes and assurance activities through update of its existing Conflict of Interest policy and processes. The NPGA agrees with, and is already taking steps to implement, these recommendations.

The NPGA also recognises the other areas of improvement identified in the Report, notably the expansion of assurance activities and the implementation of a Board training workplan. This will ensure that the NPGA is operating in alignment with government best practice in conflicts of interest management.

The NPGA thanks the ANAO audit team for their professionalism during the audit process.

Key messages from this audit for all Australian Government entities

24. Below is a summary of key messages, including instances of good practice, which have been identified in this audit and may be relevant for the operations of other Australian Government entities.

Group title

Governance and risk management

Key learning reference
  • As accountable authorities of organisations, boards have a key role to play in setting the tone for dealing with risk and acting with integrity. Identifying and managing conflicts of interests is an area in which the way a board operates can influence the entity it governs. Developing good practice and assuring it can be a positive signal to the entity.
  • Public sector board members have of a duty to disclose and manage material personal interests. The composition of boards can include members who are appointed based on their specialist expertise and industry affiliations. This presents risks to corporate Commonwealth entities — the integrity of operations and functions of an entity can be compromised if conflicts of interest are not managed. Corporate Commonwealth entity boards should assess these risks and develop appropriate arrangements to manage conflicts of interest, including policies and procedures that are tailored to entity risks and training that is specific to board members’ roles. Establishing assurance activities over the management of board conflicts of interest can help to help to ensure arrangements are operating effectively.