Australian National Audit Office (ANAO)

This audit would assess the effectiveness of commercial entities complying with relevant government cybersecurity requirements.

The scope of the audit would include an examination of the effectiveness and maturity of commercial entities' cybersecurity strategies, and the effectiveness of government in ensuring that contracted providers comply with relevant security requirements, such as the Protective Security Policy Framework.

This audit would examine the effectiveness of selected agencies' management of their policy on non-ongoing staff for large employers such as the Department of Defence, the Australian Taxation Office, Services Australia and the Department of Veterans' Affairs.

The audit would compare the frameworks implemented by the entities and report on how the entities' frameworks were developed. It would assess the appropriateness of the entities' policy and delivery of workforce outcomes through the employment of non-ongoing staff, through the lens of risk management. It would also examine how the arrangements differ to those for ongoing staff, such as payments through the human resources system.

This audit series would assess the effectiveness of governance arrangements in selected entities for monitoring and implementing agreed Australian National Audit Office (ANAO) performance audit and parliamentary committee recommendations.

ANAO and parliamentary committee reports identify areas where administration can be improved and make recommendations to improve the delivery of outcomes. Once entities have agreed to implement performance audit recommendations, or in the case of parliamentary committee reports, the Australian Government has committed to the implementation of recommendations, timely implementation in line with the intended outcome of the recommendation is important in achieving the full benefit of the recommendation.

This audit would examine whether appropriate systems and processes are in place in a selection of entities, including the Department of Finance, to identify to potential tenderers how to make a complaint, and would also examine the management of complaints received about the conduct of procurement activities.

In relation to ethical behaviour, the Commonwealth Procurement Rules (CPRs) require that, if a complaint is received, entities must apply timely, equitable and non-discriminatory complaint handling procedures, including providing acknowledgement soon after the complaint has been received. In the first instance, complaints are to be made to the entity responsible for the procurement. Complaints can also be referred to the Procurement Coordinator in the Department of Finance. In addition to the arrangements under the CPRs, the Government Procurement (Judicial Review) Act 2018 established an independent complaint mechanism for certain procurement processes.