Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.
This audit would assess the effectiveness of commercial entities complying with relevant government cybersecurity requirements.
The scope of the audit would include an examination of the effectiveness and maturity of commercial entities' cybersecurity strategies, and the effectiveness of government in ensuring that contracted providers comply with relevant security requirements, such as the Protective Security Policy Framework.
This audit would review the progress of the Digital Identity system's implementation, design and functionality, the roles and responsibilities of stakeholders (the Digital Transformation Agency (DTA), the Australian Taxation Office (ATO), Services Australia and service providers), and the allocation and expenditure of funding, including contract management.
The Digital Identity program is led by the DTA and is made up of four intersecting elements: the Trusted Digital Identity Framework, the identity exchange (run by Services Australia), digital identity providers (currently myGovID managed by the ATO) and over 75 services currently connected to the system.
This audit would assess the effectiveness of governance arrangements for executive remuneration in selected government business enterprises (GBEs). It would examine the basis on which performance targets are set and measured and provide assurance that they are set at reasonable levels. Remuneration arrangements, including allowances and entitlements, are set by the board of each GBE.
The Public Governance, Performance and Accountability (PGPA) Rule 2014 has standardised and transparent arrangements for disclosing the remuneration of key management personnel in GBE annual reports. GBEs are required to disclose information on policies and practices that set out their governance and the basis on which remuneration is determined.
This audit could assess the extent to which GBE policies and practices align with PGPA Rule requirements and arrangements set by the board.
This audit would continue the ANAO's series of audits of cybersecurity.
The scope would include comparing the entities' cybersecurity frameworks and controls against the controls required under the Protective Security Policy Framework for Policy 2 – Management structures and responsibilities, Policy 4 – Security maturity monitoring, and Policy 10 – Safeguarding information from cyber threats, and the Australian Signals Directorate's Essential Eight Maturity Model.
This audit would examine whether appropriate systems and processes are in place in a selection of entities, including the Department of Finance, to identify to potential tenderers how to make a complaint, and would also examine the management of complaints received about the conduct of procurement activities.
In relation to ethical behaviour, the Commonwealth Procurement Rules (CPRs) require that, if a complaint is received, entities must apply timely, equitable and non-discriminatory complaint handling procedures, including providing acknowledgement soon after the complaint has been received. In the first instance, complaints are to be made to the entity responsible for the procurement. Complaints can also be referred to the Procurement Coordinator in the Department of Finance. In addition to the arrangements under the CPRs, the Government Procurement (Judicial Review) Act 2018 established an independent complaint mechanism for certain procurement processes.
This information report would seek to provide greater transparency over board membership across the public sector. This information report would neither be an audit nor an assurance review and would present no conclusions or opinions. The report would present in a variety of ways, including tables and figures, publicly available data on public sector board membership recorded in annual reports.
This audit would examine the effectiveness of arrangements to manage conflicts of interest in selected Commonwealth regulators.
The implementation of a robust ethical framework supports probity and accountability in regulatory decision-making and public confidence in the regulator. Conflicts of interest may arise through the personal interests of staff and their engagement with regulated entities and industry bodies. Under Commonwealth legislation, public servants are required to take reasonable steps to avoid real or apparent conflicts of interest and disclose any relevant material personal interests.