In determining the 2021–22 audit work program, ANAO considers prior year audit and other review findings and what these indicate about portfolio risks and areas for improvement. The ANAO also considers emerging risks from new investments, reforms or operating environment changes. In Services Australia, delivery depends to a significant extent on effective governance and oversight processes, managing current ICT assets while developing new systems, and implementing services on behalf of other agencies. In 2019–20 and 2020–21, Services Australia was delivering services and reforming IT systems in an environment of significant demand due to the COVID-19 pandemic. This creates additional compliance and control risks. Specific risks in Services Australia relate to governance, service delivery, asset management and ICT governance.

Governance

The delivery of public funds to individuals, for multiple programs, requires Services Australia to maintain high levels of quality, integrity, security, assurance and management oversight of its activities. Weaknesses in the implementation and operation of the governance and monitoring processes that support Services Australia’s information security framework, compliance and quality assurance activities, and payment integrity processes increases the risk of fraud and inaccurate payments. This risk is heightened in an environment of emergency response involving rapid changes in policy parameters and the deployment of new staff to assist in the response. 

Services Australia must also ensure the adequacy of performance information. Collecting, analysing and reporting program data and performance information to management, client departments, the parliament and the public is necessary for Services Australia to deliver initiatives effectively and retain accountability. 

The delivery of services on behalf of other entities places a responsibility on Services Australia to provide adequate assurance to the accountable authority of other entities of payment accuracy and timeliness to meet the accountable authority’s responsibilities under the PGPA Act. 

Service delivery

Services Australia delivers a range of services on behalf of policy agencies including in emergencies. While some of these programs may be small in comparison to others, their priority and associated risk and compliance management approach should be developed with the policy department so that that department’s view of appropriate compliance management can be balanced with the whole of Services Australia view. Audits have highlighted the need for a comprehensive set of performance measures that tell an accurate performance story, including with regards to efficiency and cost-effectiveness.

Asset management

Services Australia faces challenges around the effective implementation of new ICT systems while also maintaining the entity’s current ICT infrastructure. Not all planned elements of recent ICT redevelopment projects have been delivered and significant further investment is planned to design, build and transition to a new integrated welfare payment platform.  Under-delivery or overspending in this area will put pressure on planned expenditures or delivery in other areas. The ANAO’s audit work will therefore focus on Services Australia’s ICT general control environment, financial expenditure and the performance of ICT project management and delivery.

ICT Governance

Services Australia delivers programs through a large number of ICT systems. IT control weaknesses increases the risk of fraudulent, unauthorised or erroneous transactions being processed, and an increased risk of such transactions not being detected in a timely manner.  Given the dependencies on the appropriate governance of the ICT environment to ensure accurate payments, the ANAO’s work includes a focus on access management, change management and program development.

Services Australia

Services Australia is responsible for delivering a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include: income support payments and services; aged care payments; Medicare payments and services; and child support services. Social and health related payments and services delivered by Services Australia on behalf of other entities are recognised within each of the individual policy agencies’ financial statements.

Services Australia’s total budgeted expenses for 2021–22 are approximately $7.0 billion with 36 per cent of these expenses attributable to employee benefits, as shown in Figure 2.

Figure 2: Services Australia’s total budgeted expenses by category ($’000)

Source: ANAO analysis of 2021–22 PBS.

There are three key risks for Services Australia’s financial statements that have been highlighted for specific audit coverage in 2020–21, including those that have been considered potential Key Audit Matters (KAM) by the ANAO.

• The value of child support payments yet to be paid by non-custodial parents at the end of each financial year, which involves an actuarial estimation process and requires significant judgement and assumptions. (KAM — Valuation of receivables related to the Child Support Scheme)
• The complexities in capturing the actual costs of various internally developed software applications and their accounting treatment in accordance with relevant accounting standards. (KAM — Valuation of Intangible Assets)
• The valuation of right-of-use (ROU) assets due to the large property and ICT lease holdings, which involves an assessment of key judgements associated with ROU valuations, particularly the treatment of lease options and assurance processes for identifying and recognising lease modifications and new or terminated leases.