Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.
This audit would examine the effectiveness of the management of cyber security risks within selected entities.
The scope would include:
reviewing the actions taken by selected entities in prioritising cyber security to support the themes stated in Australia’s Cyber Security Strategy;
assessing cyber security controls implemented against the entities’ cyber security frameworks; and
comparing the entities’ implemented cyber security frameworks and controls against the mandatory controls required under the Protective Security Policy Framework and the Australian Signals Directorate’s Essential Eight Maturity Model.
This audit would examine the effectiveness of a selection of entities’ development and implementation of intellectual property (IP) policies and practices.
The Australian Government is a major investor in the creation and development of IP through activities in science, health, education, public infrastructure, information technology, defence, and arts and culture. The Intellectual Property Principles for Commonwealth Entities provide a policy for the management of IP by Commonwealth entities covered by the Public Governance, Performance and Accountability Act 2013. Entities have been individually responsible for implementing the Statement of IP Principles since 1 July 2008.
This audit would examine the effectiveness of management of major multi-year information and communications technology (ICT) projects by selected entities.
Previous performance audits have found that entities have not established appropriate governance and oversight arrangements to support the delivery of project outcomes on time and on budget. In particular, outcomes may be compromised by a lack of competition in tendering processes, scope creep and passive contract management. The scope of this audit would include a selection of key business improvement projects with long-term delivery schedules. The audit would assess the initial scope and benefit proposition, and the effectiveness of entity arrangements to request tenders, manage contracts and maintain value for money following government approval.
This audit would examine the effectiveness of the Department of the Prime Minister and Cabinet’s strategies to implement and monitor the Australian Government Public Data Policy Statement (the statement), as well as selected entities’ compliance with data-sharing requirements.
Published in December 2015, the statement acknowledges government data as a significant national resource with economic and strategic value. The statement commits government entities to make data ‘open by default’ and sets out basic principles for sharing and publishing data.
This audit series would assess the effectiveness of governance arrangements in selected entities for monitoring and implementing agreed Australian National Audit Office (ANAO) performance audit and parliamentary committee recommendations.
In their reports, the ANAO and parliamentary committees identify areas where administrative improvements can be made and make recommendations to improve the delivery of outcomes. Once entities have agreed to implement performance audit recommendations — or in the case of parliamentary committee reports, the Australian Government has committed to the implementation of recommendations — timely implementation in line with the intended outcome of the recommendations is important in achieving the full benefit of the recommendations.
This audit would examine the effectiveness of selected entities’ implementation of the annual performance statements requirements for 2018–19 under the Public Governance, Performance and Accountability Act 2013 and the Public Governance, Performance and Accountability Rule 2014.
This would be the fifth in a series of audits of the implementation of annual performance statements requirements, and would complement the previous and proposed audits of corporate plans and risk management.
This audit would assess the effectiveness of the Attorney-General’s Department (AGD) in promoting the revised Protective Security Policy Framework (PSPF) and the extent to which selected entities are meeting the framework’s core requirements.
The Attorney-General has overall policy responsibility for Australian Government protective security arrangements, while accountable authorities are responsible for protective security arrangements within their own organisations. The PSPF assists entities to protect their people, information and assets at home and overseas by providing policy, guidance and better practice advice for governance, personnel, and physical and information security.
In 2015, the Independent Review of Whole-of-Government Internal Regulation identified the PSPF as an opportunity for reform and red-tape reduction. The review recommended a shift from the existing compliance framework underpinned by risk management principles, to a principles-based approach. The new PSPF policy aims to reduce the administrative burden of compliance and to support entities to better engage with risks relevant to their functions. Entities are required to review their policies, procedures and templates and consider whether any changes are necessary to implement core requirements.
This audit would examine the use of incentive-to-retire provisions for Senior Executive Service (SES) officers in the Australian Public Service (APS).
Accountable authorities have the discretion to offer an SES employee an incentive to retire under section 37 of the Public Service Act 1999. The Australian Public Service Commission (APSC) has provided advice and guidance about the basis for offering an incentive to retire, determining the offer amount, and the minimum time period before re-entering the APS. APSC guidance is that such incentives may be offered where the SES employee is in excess of requirements or no longer has the skills to perform at their SES classification. In determining the incentive amount, a balance is to be struck between an offer that gives the employee sufficient incentive to retire and the requirement to ensure the proper use of public money.
APSC guidance further states that the standard non-SES redundancy formula of two weeks’ pay per year of service, to a maximum of 48 weeks, is an appropriate reference point, and that agency heads are to consult the Australian Public Service Commissioner where a payment in excess of 48 weeks is considered. Incentive-to-retire payments are subject to the restrictions applying to subsequent employment in the APS as set out in section 48 of the Australian Public Service Commissioner’s Directions 2016.
This audit would examine the efficiency and effectiveness of centralised government grants hubs, including the Business Grants Hub (within the Department of Industry, Innovation and Science), the Community Grants Hub (within the Department of Social Services) and GrantConnect, the Australian Government’s whole-of-government grant information system.
Grants hubs are intended to reduce red tape for grant applicants and recipients and result in administrative efficiencies for government. This audit would assess whether grants hubs deliver efficiency savings and provide sufficient transparency and assurance about grant processes and outcomes.
This audit would assess the effectiveness of the Australian Government’s use of its collective buying power in the purchase of cloud services to achieve appropriate outcomes and value for money.
While the government has a goal to use cloud-based solutions to reduce costs, lift productivity and develop better services, a number of potential issues also need to be addressed when acquiring cloud solutions. These include security, privacy, financial and legal implications. In January 2015, the Department of Finance established a whole-of-government Cloud Services Panel to support the implementation of the government’s Cloud Computing Policy. This panel, which is now managed by the Digital Transformation Agency, was recently expanded and extended to 31 March 2020. It is a non-mandatory procurement avenue.