In determining the 2020–21 audit work program, the ANAO considers prior-year audit and other review findings and what these indicate about portfolio risks and areas for improvement, and emerging risks from new investments, reforms or changes to the operating environment. A key area of risk for the public sector, including the Home Affairs portfolio, is the impact of COVID-19, both on entity operations, but also through the rapid implementation of government policy responses. The Home Affairs portfolio operates within a complex environment and is responsible for the management and administration of strategically important projects. This requires the development of governance frameworks to guide operational activities and appropriate monitoring to ensure high levels of compliance with the established frameworks. Audit work has frequently identified deficiencies in the consistent application of policy frameworks, administration of contractual arrangements, records management, and workforce planning to support administrative and operational capabilities.

Portfolio risks predominantly relate to ensuring compliance with governance frameworks, contract and procurement management, as well as emerging risks relating to border control and COVID-19. In addition, risks that may impact the effectiveness of service delivery in the portfolio include workforce management and the bringing together of information and analysis from entities across the portfolio.

Governance

Audit work  has identified areas for improvement in the portfolio’s effective administration of contractual arrangements associated with major projects, which impacts on performance against program or portfolio objectives and value for money over the life cycle of the project. The portfolio is responsible for the management and administration of strategically important projects in the areas of maritime surveillance, immigration processing and biometric identification.

Risk management is critical in a period of rapid response to policy changes, given the impacts on business-as-usual compliance controls and service delivery. If risk tolerances change during a pandemic, these need to be documented and implemented consistently, and the broader impacts considered.

Successive internal and external reviews since 2005 have shown critical deficiencies in the department meeting records management requirements. While in recent audits, improvements in record keeping have been observed, in an operating environment where decisions are reviewable under the law, it is critical to maintain records of decisions and the basis for these decisions. When combined with a high level of staff turnover, the deficiencies in record keeping has negatively impacted the department’s ability to retain and manage key corporate knowledge and decisions.

The Australian Federal Police and Australian Border Force have extensive statutory powers in relation to sensitive areas such as surveillance, detention and the use of force. Previous audit work and investigations by the Commonwealth Ombudsman relating to the use of coercive powers highlighted risks relating to the need for effective assurance controls to ensure the use of powers is lawful and appropriate.

There is an ongoing need to address operational compliance with the department’s fraud control, integrity and anti-corruption framework. In light of the nature of the department’s business and its decentralised operations within Australia and around the world, risks remain in relation to ongoing review and reporting of fraud and underlying fraud risk factors.

Service delivery

Audit work within the department has identified issues in workforce planning to support administrative and operational capabilities, specifically in relation to the use of resources to efficiently conduct citizenship application processing;  and the need for improved workforce planning for patrol boats  and for detention centre operations. 

Following the 2018 completion of a review into the Australian Security Intelligence Organisation’s (ASIO’s) use of technology, ASIO has commenced a major transformation program impacting workforce, culture and infrastructure in order to ensure it remains fit for purpose in a digital operating environment. This program will require strong project and performance management processes to ensure results against objectives.

The department is responsible for facilitating the movement of goods and people across the Australian border. The delivery of associated services requires the department to bring together the intelligence collection and analysis capabilities of security agencies across the Australian Government, which in turn necessitates effective planning and performance management processes to ensure services are delivered in line with government priorities and community expectations.

Financial management

The department is the largest collector of revenue for the Australian Government after the Australian Taxation Office, and administers a large and widely distributed ICT environment to support revenue collection activities. There are associated risks in achieving completeness and accuracy of activities such as customs duty and visa fees. 

An audit in 2017–18  found that the department committed to both the collection of additional customs duty revenues and a detailed benefits realisation plan, as part of the integration of the Department of Immigration and Border Protection and the Australian Customs and Border Protection Service. At the time, the department had not demonstrated achievement of these commitments. In an environment of tighter fiscal management, a focus on revenue collection and benefits realisation is prudent.

Department of Home Affairs

The Department of Home Affairs coordinates policy and operations for Australia’s national and transport security, federal law enforcement, criminal justice, cybersecurity, border, immigration, multicultural affairs, emergency management and trade-related functions.

The department’s total budgeted expenses for 2019–20 are just over $6.63 billion, with 48 per cent of these expenses attributable to supplier expenses, as shown in Figure 2.

Figure 2: Department of Home Affairs’ total budgeted expenses by category ($’000)

Source: ANAO analysis of 2019–20 PBS and 2019–20 PAES.

The seven key risks for the department’s 2019–20 financial statements that the ANAO has highlighted for specific audit coverage in 2019–20, including those that the ANAO considers potential key audit matters (KAMs), are the:

• accuracy and completeness of customs duty collections and refunds, due to the self-assessment regime and complexity of the related IT systems (KAM – Completeness and accuracy of customs duty);
• accuracy and completeness of visa revenue, as this is collected through a number of domestic and international locations, by both departmental staff and third parties under service level agreements, using a number of IT systems (KAM – Completeness and accuracy of visa application charges);
• management of the onshore and offshore detention network and processing centres. Third-party providers are engaged for health services and centre management under a variety of complex service delivery contract arrangements to undertake services on behalf of the department (KAM – Accuracy of detention and regional processing centre expenses);
• valuation of land and buildings associated with the onshore and offshore detention network and processing centres, which is subject to judgement and estimation;
• payment of personal benefits to victims of natural disasters under third-party arrangements with Services Australia applying predetermined eligibility criteria;
• accounting for employee benefits, due to selected departmental staff being entitled to a range of allowances, subject to a number of varying conditions. Staff are also located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations; and
• reporting of overseas transactions managed under third-party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission.

Australian Federal Police

The Australian Federal Police (AFP) is responsible for the provision of police services in relation to laws of the Commonwealth, the provision of policing services to the Australian Capital Territory and external territories, combatting transnational serious organised crime and terrorism, disrupting crime offshore, supporting regional security, and protecting Australian interests and assets.

The AFP’s total budgeted expenses for 2019–20 are just over $1.5 billion, with 60 per cent of these expenses attributable to employee benefits, as shown in Figure 3.

Figure 3: Australian Federal Police’s total budgeted expenses by category ($’000)

Source: ANAO analysis of 2019–20 PBS and 2019–20 PAES.

The two key risks for the AFP’s 2019–20 financial statements are the:

• recognition and measurement of payroll, due to its size and complexity and the underpayment of superannuation on allowances in prior years; and
• IT general controls, due to unresolved audit findings from prior years.

Australian Security Intelligence Organisation

The Australian Security Intelligence Organisation (ASIO) is responsible for protecting Australia, its people and its interests from threats to security through intelligence collection, assessment and advice to the government.

ASIO’s total budgeted expenses for 2019–20 are $607 million, with 46 per cent of these expenses attributable to employee benefits, as shown in Figure 4.

Figure 4: Australian Security Intelligence Organisation’s total budgeted expenses by category ($’000)

Source: ANAO analysis of 2019–20 PAES.

The key risk for ASIO’s 2019–20 financial statements is the accuracy and completeness of employee benefits, due to reliance on manual calculations because of limitations in the current payroll system.