Portfolio overview

The Home Affairs portfolio brings together the functions of: counter-terrorism; cybersecurity policy and coordination; counter-foreign interference; transport and civil maritime safety; emergency management and critical infrastructure security; border protection and the facilitation of legitimate trade and travel; immigration, citizenship and multicultural affairs; and natural disaster response and mitigation.

The Department of Home Affairs is the lead entity in the portfolio and is responsible for central coordination, strategy and policy in relation to: cyber and critical infrastructure resilience and security; immigration, border security and management; counter-terrorism; and emergency management. It also deals with the management and delivery of the migration, humanitarian and refugee programs, along with multicultural programs, citizenship and settlement services. The department includes the Australian Border Force, which is responsible for border, investigatory, compliance, detention (facilities and centres) and enforcement functions, as well as Australia’s customs functions. Considering the portfolio’s focus on national security, maintaining a high-integrity culture, including compliance, is critical. Further information is available from the department’s website.

In addition to the Department of Home Affairs, there are two entities in the portfolio: the Australian Security Intelligence Organisation and the National Recovery and Resilience Agency (NRRA). The natural disaster response and mitigation function, including the NRRA was transferred from the Prime Minister and Cabinet portfolio to the Home Affairs portfolio on 1 July 2022.

The NRRA was established on 5 May 2021. Its role is to lead Commonwealth action and national efforts to improve preparedness for, reduce risks associated with, and support relief and recovery from, disasters and emergencies of all kinds, including by providing strategic leadership, policy advice and program delivery, community outreach and stakeholder engagement.

On 1 July 2022 an Administrative Arrangements Order took effect which changed some of the Portfolio’s responsibilities. The total expenses and average staffing level by entity for the Home Affairs portfolio will be updated in this overview following the Budget, expected in the third quarter of 2022, which will reflect these changes.

Audit focus

In determining the 2022–23 audit work program, the ANAO considers prior-year audit and other review findings and what these indicate about portfolio risks and areas for improvement. The ANAO also considers emerging risks from new investments, reforms or changes to the operating environment.

Portfolio risks predominantly relate to ensuring consistent compliance with governance frameworks including in exercising departmental and agency powers, contract and procurement management and critical infrastructure security. Inconsistent compliance can lead to a failure to deliver policy objectives.

Specific risks in the Home Affairs portfolio relate to governance, service delivery, regulation and financial management.

Governance

The portfolio is responsible for the management and administration of strategically important projects in the areas of maritime surveillance, immigration processing and biometric identification. To enable the market to be tested appropriately in these areas, projects should allow sufficient time for pre-planning ahead of any procurement activity commencing.

  • Audit work has identified areas for improvement in the portfolio’s administration of contractual arrangements associated with major projects.

Successive internal and external reviews since 2005 have shown critical deficiencies in the department’s record keeping. When combined with a high level of staff turnover, the deficiencies in record keeping have negatively impacted the department’s ability to retain and manage key corporate knowledge and decisions.

There is an ongoing need to address operational compliance with the department’s fraud control, integrity and anti-corruption framework. Considering the nature of the department’s business and its decentralised operations within Australia and around the world, risks remain in relation to ongoing review and reporting of fraud and underlying fraud risk factors.

Service delivery

Audits of workforce planning within the portfolio identified the need to use resources efficiently to conduct citizenship application processing, the need for improved workforce planning for patrol boats, and to develop implementation plans when undertaking major workforce planning activities.

Establishing a new entity to support communities impacted by natural disasters also brings challenges. The NRRA will need to consolidate several government functions and programs effectively and rapidly to ensure that it can support affected communities and adequately plan for future disasters and subsequent recovery.

Regulation

Australia’s Cyber Security Strategy 2020 outlines a range of initiatives to uplift Australia’s cyber security, including to harden government IT systems. Home Affairs is one of the pilot entities under the ‘cyber hub’ model developed as part of the Harden Australian Government IT initiative. While this initiative aims to strengthen Government’s cyber security posture across Commonwealth entities, it is still under development and there are risks related to the delivery and implementation of services to entities.

The department is responsible for critical infrastructure policy, regulatory and strategy functions under the Security of Critical Infrastructure Act 2018 (SoCI Act), and amendments to Part 14 of the Telecommunications Act 1997. In November 2021, amendments to the SoCI Act expanded sectors covered by the legislation from four to 11 to include: communications, financial services and markets, data storage and processing, defence industry, higher education and research, energy, food and grocery, health care and medical, space technology, transport, and water and sewerage.

  • Audit work has identified that the department’s administration and regulation of critical infrastructure required improvement in relation to risk management, coordination with stakeholders, and ensuring the compliance framework reflected current policy and legislative settings.

Financial management

The Department of Home Affairs is the largest collector of revenue for the Australian Government after the Australian Taxation Office. It administers a large and widely distributed information and communications technology environment to support revenue collection activities. There are associated risks in achieving completeness and accuracy of activities such as customs duty and visa fees.

 

 

Financial statements and other audit engagements

Overview

On 1 July 2022 an Administrative Arrangements Order (AAO) took effect which included changes to the responsibilities of the Home Affairs portfolio. Entities which are now part of this portfolio are shown in Table 1. The risk profile for each entity is based on the 2021–22 financial statements which were prepared prior to the AAO on 1 July 2022 taking effect.

Table 1: Home Affairs portfolio entities and risk profile

 

Type of entity

Risk of material misstatement

Number of higher risks

Number of moderate risks

Material entities 

Department of Home Affairs

Non-corporate

High

3

3

Australian Security Intelligence Organisation

Non-corporate

Moderate

0

1

Non-material entities 

National Recovery and Resilience Agency

Non-corporate

Moderate

 

         

Material entities

Department of Home Affairs

The Department of Home Affairs coordinates policy and operations for Australia’s national and transport security, cybersecurity, border, immigration, multicultural affairs, emergency management and customs-related functions.

On 1 July 2022 an AAO took effect which included changes to the responsibilities of the Department of Home Affairs. The total budgeted financial statements by category for the department will be updated in this overview following the Budget, expected in the third quarter of 2022, which will reflect these changes.

Financial statements audit

There are six key risks for the department’s 2021–22 financial statements that the ANAO has highlighted for specific audit coverage that the Department of Home Affairs will continue to have responsibility for from 2022–23 including three risks that the ANAO considers potential key audit matters (KAMs).

  • The accuracy and completeness of customs duty collections and refunds, due to the self-assessment regime and complexity of the related information technology (IT) systems. (KAM – Completeness and accuracy of customs duty).
  • The accuracy and completeness of visa revenue, which is collected through numerous domestic and international locations, by both departmental staff and third parties under service level agreements using various IT systems. (KAM – Completeness and accuracy of visa application charges).
  • The management of the onshore and offshore detention network and processing centres. Third-party providers are engaged for health services and centre management under a variety of complex service delivery contract arrangements to undertake services on behalf of the department. (KAM – Accuracy of detention and regional processing centre expenses).
  • The valuation of land and buildings associated with the onshore and offshore detention network and processing centres, which is subject to judgement and estimation.
  • The accounting for employee benefits, due to selected departmental staff being entitled to a range of allowances, subject to numerous varying conditions. Staff are also located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations.
  • The reporting of overseas transactions managed under third-party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission, due to the decentralised and remote nature of operations and reliance on third party arrangements for complete and accurate financial reporting information.

Australian Security Intelligence Organisation

The Australian Security Intelligence Organisation (ASIO) is responsible for protecting Australia, its people and its interests from threats to security through intelligence collection, assessment and advice to the government.

ASIO’s total budgeted expenses for 2022–23 is just under $649.5 million, as shown in Figure 1. Included in this amount is employee expenses, among other expense items.

Figure 1: Australian Security Intelligence Organisation’s total budgeted financial statements by category ($’000)

 
 

Source: ANAO analysis of 29 March 2022–23 PBS.

The key risk for ASIO’s 2021–22 financial statements is the accuracy and completeness of employee benefits, due to reliance on manual calculations because of limitations in the current payroll system.

Potential audits

Potential Performance audit: 2022-23
Activity
Potential Performance audit: 2022-23
Activity
Potential Performance audit: 2022-23
Activity

In progress audits