Browse our range of publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Portfolio overview
The Home Affairs portfolio brings together the functions of: counter-terrorism; cybersecurity policy and coordination; counter-foreign interference; transport and civil maritime safety; emergency management and critical infrastructure security; border protection and the facilitation of legitimate trade and travel; immigration, citizenship and multicultural affairs; and natural disaster response and mitigation.
The Department of Home Affairs is the lead entity in the portfolio and is responsible for central coordination, strategy and policy in relation to: cyber and critical infrastructure resilience and security; immigration, border security and management; counter-terrorism; and emergency management. It also deals with the management and delivery of the migration, humanitarian and refugee programs, along with multicultural programs, citizenship and settlement services. The department includes the Australian Border Force, which is responsible for border, investigatory, compliance, detention (facilities and centres) and enforcement functions, as well as Australia’s customs functions. Considering the portfolio’s focus on national security, maintaining a high-integrity culture, including compliance, is critical. Further information is available from the department’s website.
IIn addition to the Department of Home Affairs, there are two entities in the portfolio: the Australian Security Intelligence Organisation and the National Emergency Management Agency (NEMA).
On 1 July 2022 an Administrative Arrangements Order took effect which changed some of the Portfolio’s responsibilities. This included relocating the National Resilience and Recovery Agency (NRRA) to sit within the Home Affairs portfolio.
The NRRA was then merged with Emergency Management Australia (which already sat within the Home Affairs portfolio) on 1 September 2022 to form the NEMA. Its role is to lead Commonwealth action and national efforts to improve preparedness for, reduce risks associated with, and support relief and recovery from, disasters and emergencies of all kinds, including by providing strategic leadership, policy advice and program delivery, community outreach and stakeholder engagement.In the October 2022–23 Portfolio Budget Statements (PBS) for the Home Affairs portfolio, the aggregated budgeted expenses for 2022–23 total $9.0 billion. The October PBS contains budgets for those entities in the general government sector (GGS) that receive appropriation directly or indirectly through annual appropriation Acts.
The level of budgeted departmental
and administered expenses, and the average staffing level for entities in the GGS within this portfolio are shown in Figure 1. The Department of Home Affairs represents the largest proportion of the portfolio’s expenses, and administered expenses of the portfolio are the most material component, representing 54 per cent of the entire portfolio’s expenses.Figure 1: Home Affairs’ – total expenses and average staffing level by entity

Note: ASIO staffing levels are not for publication
Audit focus
In determining the 2022–23 audit work program, the ANAO considers prior-year audit and other review findings and what these indicate about portfolio risks and areas for improvement. The ANAO also considers emerging risks from new investments, reforms or changes to the operating environment.
Portfolio risks predominantly relate to ensuring consistent compliance with governance frameworks including in exercising departmental and agency powers, contract and procurement management and critical infrastructure security. Inconsistent compliance can lead to a failure to deliver policy objectives.
Specific risks in the Home Affairs portfolio relate to governance, service delivery, regulation and financial management.
Governance
The portfolio is responsible for the management and administration of strategically important projects in the areas of maritime surveillance, immigration processing and biometric identification. To enable the market to be tested appropriately in these areas, projects should allow sufficient time for pre-planning ahead of any procurement activity commencing.
- Audit work has identified areas for improvement in the portfolio’s administration of contractual arrangements associated with major projects.
Successive internal and external reviews since 2005 have shown critical deficiencies in the department’s record keeping. When combined with a high level of staff turnover, the deficiencies in record keeping have negatively impacted the department’s ability to retain and manage key corporate knowledge and decisions.
There is an ongoing need to address operational compliance with the department’s fraud control, integrity and anti-corruption framework. Considering the nature of the department’s business and its decentralised operations within Australia and around the world, risks remain in relation to ongoing review and reporting of fraud and underlying fraud risk factors.
Service delivery
Audits of workforce planning within the portfolio identified the need to use resources efficiently to conduct citizenship application processing
, the need for improved workforce planning for patrol boats , and to develop implementation plans when undertaking major workforce planning activities.Establishing a new entity to support communities impacted by natural disasters also brings challenges. The NRRA will need to consolidate several government functions and programs effectively and rapidly to ensure that it can support affected communities and adequately plan for future disasters and subsequent recovery.
Regulation
Australia’s Cyber Security Strategy 2020 outlines a range of initiatives to uplift Australia’s cyber security, including to harden government IT systems. Home Affairs is one of the pilot entities under the ‘cyber hub’ model developed as part of the Harden Australian Government IT initiative. While this initiative aims to strengthen Government’s cyber security posture across Commonwealth entities, it is still under development and there are risks related to the delivery and implementation of services to entities.
The department is responsible for critical infrastructure policy, regulatory and strategy functions under the Security of Critical Infrastructure Act 2018 (SoCI Act), and amendments to Part 14 of the Telecommunications Act 1997. In November 2021, amendments to the SoCI Act expanded sectors covered by the legislation from four to 11 to include: communications, financial services and markets, data storage and processing, defence industry, higher education and research, energy, food and grocery, health care and medical, space technology, transport, and water and sewerage.
- Audit work has identified that the department’s administration and regulation of critical infrastructure required improvement in relation to risk management, coordination with stakeholders, and ensuring the compliance framework reflected current policy and legislative settings.
Financial management
The Department of Home Affairs is the largest collector of revenue for the Australian Government after the Australian Taxation Office. It administers a large and widely distributed information and communications technology environment to support revenue collection activities. There are associated risks in achieving completeness and accuracy of activities such as customs duty and visa fees.
Financial statements and other audit engagements
Overview
On 1 July 2022 an Administrative Arrangements Order (AAO) took effect which included changes to the responsibilities of the Home Affairs portfolio. Entities which are now part of this portfolio are shown in Table 1. The risk profile for each entity is based on the 2021–22 financial statements which were prepared prior to the AAO on 1 July 2022 taking effect.
Table 1: Home Affairs portfolio entities and risk profile
|
Type of entity |
Risk of material misstatement |
Number of higher risks |
Number of moderate risks |
Material entities |
||||
Department of Home Affairs |
Non-corporate |
High |
3 |
3 |
Australian Security Intelligence Organisation |
Non-corporate |
Moderate |
0 |
1 |
Non-material entities |
||||
National Recovery and Resilience Agency |
Non-corporate |
Moderate |
|
|
Material entities
Department of Home Affairs
The Department of Home Affairs coordinates policy and operations for Australia’s national and transport security, cybersecurity, border, immigration, multicultural affairs, emergency management and customs-related functions.
On 1 July 2022 an AAO took effect which included changes to the responsibilities of the Department of Home Affairs. The department’s total budgeted revenues are just under $23.9 billion, with customs duty and other taxes accounting for 70 per cent and 16 per cent respectively, as shown in Figure 2. Total budgeted expenses are just under $5.7 billion, with suppliers expenses and employee benefits representing 55 per cent and 28 per cent, respectively. Buildings represent 50 per cent of total assets.
Figure 2: Department of Home Affairs’ total budgeted financial statements by category ($’000)
Source: ANAO analysis of 25 October 2022–23 PBS.
Financial statements audit
There are six key risks for the department’s 2021–22 financial statements that the ANAO has highlighted for specific audit coverage that the Department of Home Affairs will continue to have responsibility for from 2022–23 including three risks that the ANAO considers potential key audit matters (KAMs).
- The accuracy and completeness of customs duty collections and refunds, due to the self-assessment regime and complexity of the related information technology (IT) systems. (KAM – Completeness and accuracy of customs duty).
- The accuracy and completeness of visa revenue, which is collected through numerous domestic and international locations, by both departmental staff and third parties under service level agreements using various IT systems. (KAM – Completeness and accuracy of visa application charges).
- The management of the onshore and offshore detention network and processing centres. Third-party providers are engaged for health services and centre management under a variety of complex service delivery contract arrangements to undertake services on behalf of the department. (KAM – Accuracy of detention and regional processing centre expenses).
- The valuation of land and buildings associated with the onshore and offshore detention network and processing centres, which is subject to judgement and estimation.
- The accounting for employee benefits, due to selected departmental staff being entitled to a range of allowances, subject to numerous varying conditions. Staff are also located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations.
- The reporting of overseas transactions managed under third-party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission, due to the decentralised and remote nature of operations and reliance on third party arrangements for complete and accurate financial reporting information.
Australian Security Intelligence Organisation
The Australian Security Intelligence Organisation (ASIO) is responsible for protecting Australia, its people and its interests from threats to security through intelligence collection, assessment and advice to the government.
ASIO’s total budgeted expenses for 2022–23 is just under $649.5 million, as shown in Figure 1. Included in this amount is employee expenses, among other expense items.
Figure 3: Australian Security Intelligence Organisation’s total budgeted financial statements by category ($’000)
Source: ANAO analysis of 29 March 2022–23 PBS.
The key risk for ASIO’s 2021–22 financial statements is the accuracy and completeness of employee benefits, due to reliance on manual calculations because of limitations in the current payroll system.