Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.
This review would examine the arrangements to support development of Regional Australia Impact Statements (RAIS) as part of the Cabinet submission process. This review would provide assurance that Government is receiving complete and accurate assessments of the effects of policy proposals on regional Australia.
Australian Government policy proposals that have the potential to impact regional Australia, either positively or negatively, must include a RAIS. The intent of the RAIS is to ensure regional impacts are made visible to ministers as part of the decision-making process. The Department of Infrastructure and Regional Development is responsible for supporting entities to analyse the regional impacts of their policy proposals and to develop these statements.
This review would examine the extent to which the recommendations made in ANAO Audit Report No. 22 of 2011–12, Administration of the Gateway Review Process, have been implemented, and the timeliness of implementation action.
The Gateway Review Process aims to improve delivery and implementation of large and complex policies, projects and services, while building the Australian Public Service’s capability to deliver and implement government programs and projects. It involves a series of short, intensive reviews at critical points across a proposal’s implementation life cycle.
ANAO Audit Report No. 22 of 2011–12 concluded that, overall, the Gateway Review Process has been effectively implemented within the Australian Government. The audit report made five recommendations to improve the administration of, and benefits gained from, the Gateway Review Process. All recommendations were agreed to by the responding entities.
This cross-entity audit would examine a selection of Australian Government entities’ implementation of the Australian Public Service (APS) Disability Employment Strategy. The audit would review how the strategy is being applied across all government entities and examine implementation, in detail, in a selection of entities. The audit would complement ANAO Report No. 33 of 2013–14, Indigenous Employment in Australian Government Entities.
People with disability are under-represented in both the Australian labour force and the APS. In 2012, people with disability comprised 8.8 per cent of the total Australian workforce. In comparison, in 2016, 3.7 per cent of ongoing APS employees were people with disability. When compared with other Organisation for Economic Co-operation and Development (OECD) countries in 2010, Australia ranked 21st out of 29 countries in employment participation rates for people with disability.
The As One—APS Disability Employment Strategy was published in 2012 in response to the National Disability Strategy 2010–20 launched in 2011. The RecruitAbility scheme was introduced as a key initiative of the As One strategy to attract and better support people with disability to apply for positions within APS entities, while retaining the merit principle. The Australian Public Service Commission is responsible for the overall As One strategy. The As One: Making it Happen, APS Disability Employment Strategy 2016–19 builds on the first strategy and forms part of the Australian Government’s response to the National Disability Strategy 2010–20.
This audit would assess the effectiveness of the Government’s use of its collective buying power in the purchase of cloud services to achieve appropriate outcomes and value for money.
While the Government has a goal to use cloud-based solutions to reduce costs, lift productivity and develop better services, there are also a number of potential issues that need to be addressed when acquiring cloud solutions. These include security, privacy, financial and legal implications. In January 2015, the Department of Finance established a whole-of-government Cloud Services Panel to support the implementation of the Government’s Cloud Computing Policy. This panel was recently expanded and extended to 31 March 2018. It is a non-mandatory procurement avenue.
This audit would examine controls in place to manage cyber resilience in selected corporate Commonwealth entities and government business enterprises. This audit would use the strategies outlined in the Australian Government Information Security Manual as the baseline against which cyber resilience will be assessed—although mandatory for non-corporate Commonwealth entities, these requirements are not mandatory for government business enterprises.
The Australian Signals Directorate (ASD) has identified those strategies that entities should implement in order to mitigate 85 per cent of the techniques used in targeted cyber intrusions. Through the Protective Security Policy Framework (PSPF), the implementation of these strategies has been made mandatory for non-corporate Commonwealth entities. In 2017, ASD has expanded the original ‘Top 4’ strategies to the ‘Essential 8’, to deliver a baseline cyber security posture, although these have not yet been mandated through the PSPF.
The ANAO conducted its first cyber resilience audit in 2013–14 (ANAO Audit Report No. 50 of 2013–14). This report highlighted non-compliance by the seven participating entities with the ‘Top Four’ strategies in the Information Security Manual. The second audit in the cyber resilience series was completed in May 2016 (ANAO Audit Report No. 37 of 2015–16), and a third audit, which followed up progress made by three of the original seven entities, was completed in March 2017 (ANAO Audit Report No. 42 of 2016–17). This audit would continue the ANAO’s audit coverage in this area.
The ANAO can conduct performance audits of government business enterprises where requested by the Joint Committee of Public Accounts and Audit.
This audit would assess how effectively selected public sector entities manage risk.
The Public Governance, Performance and Accountability Act 2013 (the PGPA Act) requires accountable authorities to establish and maintain an appropriate system of risk oversight and management, and to comply with the Commonwealth Risk Management Policy. The goal of the policy is to embed risk management as part of the culture of Commonwealth entities, where the shared understanding of risk leads to well-informed decision-making.
Implementation of the resource management and performance framework established by the PGPA Act is an audit priority of the Parliament. This is the second audit in a series that has monitored progress in risk management and identified good practice for the benefit of all entities.
This audit would examine selected entities’ implementation of agreed ANAO performance audit recommendations.
The ANAO’s performance audits are designed to inform the Parliament and provide a stimulus for improved public sector accountability and performance. In its performance audits, the ANAO identifies areas in which administrative improvements can be made and, in most cases, makes specific recommendations to assist entities to improve their performance and address risks to the delivery of planned outcomes. Once an entity has agreed to implement a recommendation, timely implementation in line with the intended outcome for the recommendation is important in achieving the full benefit of the recommendation.
This audit would examine the operation of a governing board of a public sector entity, including the extent to which the board meets it statutory obligations and discharges its governance responsibilities.
In the context of the Australian Government’s policy for public sector governance structures, a governing board is usually established for a Commonwealth body when collective decision-making and diverse expertise (beyond what can be expected from one individual) are required to govern the body. Boards are usually given autonomy to determine an entity’s corporate strategy and direction (subject to statutory constraints) and, therefore, can operate with a degree of managerial freedom.
This audit would examine the adequacy of public service record keeping across a selection of entities.
The ANAO has previously identified, through its auditing activity, that the poor quality of record keeping is a recurring theme across entities. Record keeping is a fundamental requirement for effective and accountable public administration, from recording decisions of government to the delivery of benefits.