Australian Taxation Office

Entity overview

The ATO has a single outcome delivered through 19 programs. It administers legislation governing tax, superannuation and the Australian Business Register and supports the delivery of government benefits to the community. The Commissioner of Taxation is the accountable authority for the ATO. In addition, the Commissioner of Taxation is also the accountable authority for the Tax Practitioners Board, the Australian Business Registrar and the Australian Charities and Not-for-profits Commission. The Commissioner is also the Registrar of the Australian Business Register and the first Registrar of the Australian Business Registry Services. Further information is available from the Australian Taxation Office’s website.

In the 2025–26 Portfolio Budget Statements (PBS) for the Treasury portfolio, the aggregated budgeted expenses for the Australian Taxation Office for 2025–26 total $35.2 billion. The PBS contain budgets for those entities in the general government sector (GGS) that receive appropriations directly or indirectly through annual appropriation Acts.

The level of budgeted departmental and administered expenses, and the average staffing level are shown in Figure 1. Administered expenses represent the largest proportion of the ATO’s total budgeted expenses.

Figure 1: Australian Taxation Office – total expenses and average staffing level by entity

Source: ANAO analysis of 2025–26 Portfolio Budget Statements.

Audit focus

In determining the 2025–26 audit work program, the ANAO considers prior-year audit and other review findings and what these indicate about portfolio risks and areas for improvement. The ANAO also considers emerging risks from new investments or changes in the operating environment.

The ANAO had regard to the final report of the capability review of the Australian Taxation Office that was endorsed by the Australian Public Service Commissioner in March 2025.

The primary risks identified by the ANAO for the ATO relate to strengthening debt collection, protecting data including the personal information of taxpayers held by the ATO and technology capability due to increasing ICT sustainment costs.

Specific risks in the ATO relate to governance, service delivery, regulation, and financial management.

Governance

The ATO is heavily reliant on IT systems to perform its functions. The ATO holds a significant amount of business and personal information. Arrangements to support the adoption of artificial intelligence, data governance and management, Essential Eight and Protective Security Policy Framework compliance, and contract management are key risks. Weaknesses have been identified in the way the ATO manages enterprise change management for key IT systems and in its arrangements for the design, development, deployment and monitoring of AI models.

Systems integrity is important due to the ATO’s reliance on its IT systems. Cyber resilience, risk controls and their adequacy, and taxpayer privacy are specific risks. Related risks include segregation of tax IT systems, connections with other Australian Government systems, project management, resourcing, and staff capacity and capability.

Service delivery

Technology capability will be a key risk in realising a future where ‘tax just happens’ , balanced against managing growing ICT costs, which could constrain the ATO’s ability to fund improvements in other business areas.

There is strategic risk for the ATO if it does not analyse its complaints data to identify the underlying causes of complaints and use this information to improve business processes and complaint handling.

Regulation

The ATO faces a series of compliance risks. These include risks arising from administering tax legislation, private rulings, new policies and programs, risk profiling, delivery of budget measures, combating the shadow economy, performance measures relating to compliance activities, and accurately reporting on compliance performance in its performance statements.

There are risks relating to the effectiveness of debt recovery and management if the ATO does not implement appropriate and lawful policies and procedures. This risk may lead to an increase in non-recoverable debts and potential reputational risk to the ATO around debt recovery and increases in tax gaps.

There are potential risks associated with the ATO workforce, particularly around skills shortages in the IT area. The nature of the ATO’s work means that the ATO needs to maintain a consistent focus on promoting compliance with the requirements of its ethical and probity frameworks, including steps to support risk management and assessments of ethical considerations for artificial intelligence.

Financial management

Risks in the preparation of financial statements arise from the significant value of taxation revenue, specifically the accuracy of taxation revenue, estimates of administered income and expenses and the valuation of tax receivables and provisions for refunds. The application of the law in relation to offsetting debt deemed uneconomical to pursue remains a risk.

Previous performance audit coverage

The ANAO’s performance audit activities involve the independent and objective assessment of all or part of an entity’s operations and administrative support systems. Performance audits may involve multiple entities and examine common aspects of administration or the joint administration of a program or service.

During the performance audit process, the ANAO gathers and analyses the evidence necessary to draw a conclusion on the audit objective. Audit conclusions can be grouped into four categories:

unqualified;
qualified (largely positive);
qualified (partly positive); and
adverse.

In the period between 2020–21 and 2024–25 the Australian Taxation Office was included in 15 performance audits. The conclusions directed toward the Australian Taxation Office were as follows:

one was unqualified;
11 were qualified (largely positive);
three were qualified (partly positive); and
none were adverse.

Figure 2 shows the number of audit conclusions for the Australian Taxation Office that were included in ANAO performance audits between 2020–21 and 2024–25 compared with all audits tabled in this period.

Figure 2: Audit conclusions 2020–21 to 2024–25: the Australian Taxation Office compared with all audits tabled

Source: ANAO data

The ANAO’s annual audit work program is intended to deliver a mix of performance audits across seven audit activities: governance; service delivery; grants administration; procurement; policy development; regulation and asset management and sustainment. These activities are intended to cover the scope of activities undertaken by the public sector. Each performance audit considers a primary audit activity. Figure 3 shows audit conclusions by primary audit activity for audits involving the Australian Taxation Office.

Figure 3: Audit conclusions by activity for audits involving the Australian Taxation Office, 2020–21 to 2024–25

Source: ANAO data

Performance statements audit

The audit of the 2024–25 Australian Taxation Office (ATO) annual performance statements is being conducted following a request from the Minister for Finance on 2 July 2024, under section 40 of the Public Governance, Performance and Accountability Act 2013. The audit is conducted under section 15 of the Auditor-General Act 1997.

The ATO is in its second year of inclusion in the annual performance statements audit program.

The ANAO considers the risk associated with the ATO’s performance statements audit as moderate. This is due to:

the prior-year qualified audit conclusion and unresolved findings; and
the ATO’s operating and IT environment where multiple processes across different business areas are applied to the preparation of the annual performance statements, managed by a dedicated performance reporting team.

Key risks for the ATO’s performance statements that the ANAO has highlighted include:

the entity-wide performance framework and alignment of the ATO’s purposes, key activities performance measures targets;
the appropriateness of performance measures and targets;
data governance and IT controls supporting the ATO’s performance reporting; and
performance statements preparation processes that ensure the reliability and verifiability of data sources and methodologies, and the completeness and accuracy of reported performance information.

Financial statements audits

Overview

The Australian Taxation Office is part of the Treasury portfolio. The risk profile of the Australian Taxation Office is shown in Table 1.

Table 1: Australian Taxation Office risk profile

	Type of entity	Engagement risk	Number of higher risks	Number of moderate risks
Material entity
Australian Taxation Office	Non-corporate	High	4	0
Other audit engagements (including Auditor-General Act 1997 section 20 engagements)
Australian Taxation Office – GST Cost Statement
Australian Taxation Office – GST Controls Statement

Material entities

The Australian Taxation Office (ATO) is Australia’s principal revenue collection entity and is part of the Treasury portfolio. The ATO’s role is to administer Australia’s tax system, significant aspects of Australia’s superannuation system and business registry services, together with the provision of support to the Tax Practitioners Board and the Australian Charities and Not-for-profits Commission.

Australian Taxation Office’s total budgeted revenue for 2025–26 is $677.5 billion, with the majority of these revenues attributable to income tax and indirect tax. Budgeted taxation receivables are $46.6 billion, or around 66% of total budgeted assets (Figure 4).

Figure 4: Australian Taxation Office’s total budgeted financial statements by category ($’000)

Source: ANAO analysis of 2025–26 Portfolio Budget Statements.

The Australian Taxation Office has been classified by the ANAO as a high risk engagement. This engagement risk rating reflects the number and quantum of key areas of financial statements risk that will be a focus of the audit, as well as the: dependence on sophisticated and interfaced business systems for financial reporting; considerable judgement and significance of the use of estimation and allocation processes to determine key financial balances; and ongoing scrutiny by Parliament and the public.

There are four key risks for the Australian Taxation Office’s 2024–25 financial statements that the ANAO has highlighted for specific audit coverage, including two risks that the ANAO considers potential key audit matters (KAMs).

The estimation and allocation processes associated with the reporting of taxation revenue, given the value of transactions subject to estimation that involve the application of significant judgement and specialist knowledge. (KAM – Accuracy of taxation revenue)
The processes for estimating debt provisions and adjustments to taxpayer accounts, including settlement adjustments and the allowance for credit amendments and impairment losses associated with taxation receivable balances at year end. This is due to the complexity of the ATO’s debt management and settlement processes and the volume of transactions subject to estimation. (KAM – Valuation of taxation receivables and provisions for refunds)
The compliance program relating to the collection of taxation revenues, supported by the ATO’s risk management approach to compliance activities in a self-assessment and voluntary compliance regime.
The complexity of, and reliance on, IT business systems for processing taxpayer returns and statements.