Home Affairs portfolio

In determining the 2022–23 audit work program, the ANAO considers prior-year audit and other review findings and what these indicate about portfolio risks and areas for improvement. The ANAO also considers emerging risks from new investments, reforms or changes to the operating environment.

Portfolio risks predominantly relate to ensuring consistent compliance with governance frameworks including in exercising departmental and agency powers, contract and procurement management and critical infrastructure security. Inconsistent compliance can lead to a failure to deliver policy objectives.

Specific risks in the Home Affairs portfolio relate to governance, service delivery, regulation and financial management.

Governance

The portfolio is responsible for the management and administration of strategically important projects in the areas of maritime surveillance, immigration processing and biometric identification. To enable the market to be tested appropriately in these areas, projects should allow sufficient time for pre-planning ahead of any procurement activity commencing.

• Audit work has identified areas for improvement in the portfolio’s administration of contractual arrangements associated with major projects. 

Successive internal and external reviews since 2005 have shown critical deficiencies in the department’s record keeping. When combined with a high level of staff turnover, the deficiencies in record keeping have negatively impacted the department’s ability to retain and manage key corporate knowledge and decisions. 

There is an ongoing need to address operational compliance with the department’s fraud control, integrity and anti-corruption framework. Considering the nature of the department’s business and its decentralised operations within Australia and around the world, risks remain in relation to ongoing review and reporting of fraud and underlying fraud risk factors.

Service delivery

Audits of workforce planning within the portfolio identified the need to use resources efficiently to conduct citizenship application processing , the need for improved workforce planning for patrol boats , and to develop implementation plans when undertaking major workforce planning activities. 

Establishing a new entity to support communities impacted by natural disasters also brings challenges. The NRRA will need to consolidate several government functions and programs effectively and rapidly to ensure that it can support affected communities and adequately plan for future disasters and subsequent recovery.

Regulation

Australia’s Cyber Security Strategy 2020 outlines a range of initiatives to uplift Australia’s cyber security, including to harden government IT systems. Home Affairs is one of the pilot entities under the ‘cyber hub’ model developed as part of the Harden Australian Government IT initiative. While this initiative aims to strengthen Government’s cyber security posture across Commonwealth entities, it is still under development and there are risks related to the delivery and implementation of services to entities.

The department is responsible for critical infrastructure policy, regulatory and strategy functions under the Security of Critical Infrastructure Act 2018 (SoCI Act), and amendments to Part 14 of the Telecommunications Act 1997. In November 2021, amendments to the SoCI Act expanded sectors covered by the legislation from four to 11 to include: communications, financial services and markets, data storage and processing, defence industry, higher education and research, energy, food and grocery, health care and medical, space technology, transport, and water and sewerage. 

• Audit work has identified that the department’s administration and regulation of critical infrastructure required improvement in relation to risk management, coordination with stakeholders, and ensuring the compliance framework reflected current policy and legislative settings. 

Financial management

The Department of Home Affairs is the largest collector of revenue for the Australian Government after the Australian Taxation Office. It administers a large and widely distributed information and communications technology environment to support revenue collection activities. There are associated risks in achieving completeness and accuracy of activities such as customs duty and visa fees. 

Department of Home Affairs

The Department of Home Affairs coordinates policy and operations for Australia’s national and transport security, cybersecurity, border, immigration, multicultural affairs, emergency management and customs-related functions.

On 1 July 2022 an AAO took effect which included changes to the responsibilities of the Department of Home Affairs. The department’s total budgeted revenues are just under $23.9 billion, with customs duty and other taxes accounting for 70 per cent and 16 per cent respectively, as shown in Figure 2. Total budgeted expenses are just under $5.7 billion, with suppliers expenses and employee benefits representing 55 per cent and 28 per cent, respectively. Buildings represent 50 per cent of total assets.

Figure 2: Department of Home Affairs’ total budgeted financial statements by category ($’000)

Source: ANAO analysis of 25 October 2022–23 PBS.

Financial statements audit

There are six key risks for the department’s 2021–22 financial statements that the ANAO has highlighted for specific audit coverage that the Department of Home Affairs will continue to have responsibility for from 2022–23 including three risks that the ANAO considers potential key audit matters (KAMs).

• The accuracy and completeness of customs duty collections and refunds, due to the self-assessment regime and complexity of the related information technology (IT) systems. (KAM – Completeness and accuracy of customs duty).
• The accuracy and completeness of visa revenue, which is collected through numerous domestic and international locations, by both departmental staff and third parties under service level agreements using various IT systems. (KAM – Completeness and accuracy of visa application charges).
• The management of the onshore and offshore detention network and processing centres. Third-party providers are engaged for health services and centre management under a variety of complex service delivery contract arrangements to undertake services on behalf of the department. (KAM – Accuracy of detention and regional processing centre expenses).
• The valuation of land and buildings associated with the onshore and offshore detention network and processing centres, which is subject to judgement and estimation.
• The accounting for employee benefits, due to selected departmental staff being entitled to a range of allowances, subject to numerous varying conditions. Staff are also located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations.
• The reporting of overseas transactions managed under third-party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission, due to the decentralised and remote nature of operations and reliance on third party arrangements for complete and accurate financial reporting information.

Australian Security Intelligence Organisation

The Australian Security Intelligence Organisation (ASIO) is responsible for protecting Australia, its people and its interests from threats to security through intelligence collection, assessment and advice to the government.

ASIO’s total budgeted expenses for 2022–23 is just under $649.5 million, as shown in Figure 1. Included in this amount is employee expenses, among other expense items.

Figure 3: Australian Security Intelligence Organisation’s total budgeted financial statements by category ($’000)

Source: ANAO analysis of 29 March 2022–23 PBS.

The key risk for ASIO’s 2021–22 financial statements is the accuracy and completeness of employee benefits, due to reliance on manual calculations because of limitations in the current payroll system.