This audit would assess the effectiveness of Services Australia administration of Medicare Compensation Recovery.

Medicare compensation recovery aims to recover any Medicare benefits, nursing home benefits, residential care, or home care government subsidies paid to a claimant resulting from compensable injury or illness. When a person receives a lump sum compensation payment of more than $5000, they may have to pay the costs of these back to the Australian Government before they receive their compensation payment. In 2023–24 46,634 cases were finalised and $29.2 million in benefits was recovered.

This audit would review the progress of selected components of the Australian Government’s Digital Identity program including the effectiveness of the implementation, design and functionality of the Digital Identity System, roles and responsibilities of stakeholders and the allocation and expenditure of funding, including contract management.

The Digital Identity program is delivered by the Department of Finance (policy and program lead), with Services Australia and the Australian Taxation Office (ATO) delivering critical operational functions. Components of the program include the Digital ID Act 2024, the Identity Exchanges (delivered by Services Australia), myID (the Commonwealth’s Identity Provider, delivered by ATO) and connected services to the system.

The Digital ID Act 2024 and the Digital ID (Transitional and Consequential Provisions) Act 2024 commenced on 1 December 2024 and support the expansion of the Australian Government Digital ID System and introduce a voluntary accreditation scheme for digital ID services providers. The Digital ID Regulator is the Australian Competition and Consumer Commission; and the Office of the Information Commissioner as the privacy regulator and Digital ID Data Standards Chair.

Justice reinvestment is a long-term, community-led approach that aims to prevent crime, address the drivers of contact with the justice system, and improve justice outcomes for First Nations peoples in a particular place or community. Justice reinvestment aligns with Outcomes 10 and 11 and the Priority Reforms under the National Agreement on Closing the Gap, to reduce the overrepresentation of young people and adults in the criminal justice system. In the October 2022 Budget $69 million was committed over 4 years (from 2022–23) to establish a National Justice Reinvestment Program to support up to 30 community-led justice reinvestment initiatives, with ongoing funding of $20 million per year from 2026–27. In the 2023–24 Budget, an additional $10 million was committed over 4 years to support place-based justice reinvestment initiatives in the Central Australia region of the Northern Territory. Funding was delivered through open, non-competitive grant funding rounds. As of May 2025, information in relation to 25 grant agreements had been published valued at $55.4 million across the two funding rounds (with two assessment cycles in each round). A potential audit would examine the award of funding was in accordance with the Commonwealth Grant Rules and Principles.

This audit would assess the effectiveness of the design and implementation of the Consumer Data Right (CDR).

The CDR is a secure online system that enables consumers to get value from data that is collected about them through the provision of specific goods and services by consenting to that data being shared with trusted accredited third parties. CDR is an economy-wide reform that will be rolled out sector by sector. The CDR has already been rolled out to banking and energy, with non-bank lending to follow as the third sector. The Treasury, Australian Competition and Consumer Commission (ACCC), and Office of the Australian Information Commissioner (OAIC) are the key agencies leading the CDR initiative. The Treasury leads policy development and determines which sectors should be included in the CDR, while the ACCC focuses on accreditation and compliance of data recipients, and the OAIC handles privacy and data breach notifications. The Data Standards Body develops the technical standards for how data is shared under the CDR, working closely with the Treasury, ACCC, and OAIC.

This audit would examine the effectiveness of the Australian Taxation Office’s (ATO) regulation of Self-Managed Superannuation Funds (SMSFs), and include a follow-up audit on employer compliance with Superannuation Guarantee requirements.

Australians generally rely on superannuation as their main asset (other than the family home) to save for their retirement. The ATO’s role in the superannuation system includes regulating and supporting Self-Managed Superannuation Funds to comply with superannuation and taxation laws to safeguard retirement incomes, and to support employers to meet their superannuation obligations.

The ATO corporate plan 2024–25 identifies the maintenance of high levels of compliance across the superannuation system and avoiding any deterioration in performance as a core priority. The ANAO last examined the ATO’s approach to managing SMSFs in 2007, and addressing Superannuation Guarantee non-compliance in 2022.

This audit would examine the effectiveness of the Department of Climate Change, Energy, the Environment and Water’s (DCCEEW) administration and operation of the Recycling Modernisation Fund (RMF).

The RMF was established in 2020 to support industry to transition to the regulation of waste exports, by increasing Australia’s onshore capacity to collect, reuse, recycle ad recover waste materials. The Australian Government has committed to over $200 million towards new and upgraded recycling infrastructure through the RMF, with funding provided to states and territories via the Federation Funding Agreement–Environment and the National Partnership on Recycling Infrastructure.

This audit would assess the effectiveness of the Australian Taxation Office’s (ATO) management of confidential information.

The ATO manages commercially and legally sensitive information as part of its administration of the taxation and superannuation systems. Mobility between the public and private sector presents challenges to entities like the ATO to ensure that confidential information is not compromised. The provisions of the APS Code of Conduct, the Public Service Regulations 1999, the Privacy Act 1988, the Crimes Act 1914 and specific secrecy offences in Commonwealth laws outline the responsibilities of employees and agencies to manage confidential information.

This audit would examine the effectiveness of the Australian Taxation Office’s (ATO) governance of data and analytics.

The ATO has established a new enterprise risk relating to misuse of data and analytics: ‘There is a risk that we (or those we share our data or analysis with) do not lawfully or appropriately use our data and/or analysis, caused by a failure in our data and analytics governance, resulting in adverse impacts on individuals, loss of revenue and/or loss of public trust and confidence and reduction in willing participation.’

This audit would assess the efficiency and effectiveness of the Australian Taxation Office’s (ATO) management of taxpayers involved in the ATO’s Client Identity Support Centre (CISC).

When an individual has had their identity compromised, the ATO through the CISC supports the taxpayer to continue to participate in the taxation and superannuation system with further safeguards around their ATO account, and monitoring processes over their tax records.

The ANAO will conduct a program of audits of entities’ compliance with legislative and Australian Government policy requirements derived from the Public Governance, Performance and Accountability Act 2013, the Public Service Act 1999 and other legislative and policy frameworks. These audits include a focus on public sector ethics, integrity and probity.

Topics that may be considered for audit include compliance with: requirements to establish audit committees; requirements relating to recruitment and remuneration in the Australian Public Service; requirements related to privacy; and information management requirements.

ANAO audits continue to find that in routine areas of public administration (e.g. record keeping, governance, procurement and risk management), performance consistently falls short. Compliance — not just with mandatory requirements, but also their intent — is a hallmark of integrity, and essential to the craft of public administration.

The selection of entities for these audits will be based on relevance, materiality, representativeness and performance history. Audits may include any Commonwealth entities and companies. The audits would examine the effectiveness of entities’ design, implementation and governance arrangements to ensure compliance with relevant requirements.