Procurement remains one of the most significant risk areas across the Australian Government sector. It is also an area where strong planning, disciplined execution and leadership attention can make a material difference to outcomes, integrity and value for money.

Our recent performance audit Implementation of Procurement Reforms: Digital Transformation Agency and Department of Finance reinforces themes we continue to see across procurement-related audit work. While frameworks and policies are often well established, shortcomings arise when entities do not consistently apply those arrangements in practice.

The audit highlighted the importance of having fit-for-purpose processes to identify, analyse, allocate and treat risk throughout the procurement lifecycle. Staying on top of risk, whether in procurement or other activities, is a common theme from our audit work. Dusting off risk assessments throughout delivery lifecycles, including procurement assessments, is a valuable exercise and helps you to adjust plans.

Internal probity guidelines need to be actively followed, documented and applied to decision-making as procurements progress. Weaknesses in governance and documentation can limit transparency over how key procurement decisions are made and reduce confidence that the intent of the Commonwealth Procurement Rules is being achieved.

A number of practical messages from the audit are relevant more broadly across the sector: 

• when using an established procurement panel, seeking quotes from multiple suppliers can help promote competition and provide a clearer basis for demonstrating that value for money has been achieved
• delegates need to be satisfied that briefing materials clearly explain how value for money will be achieved, including how risks and any probity matters have been identified and managed
• where existing suppliers are under consideration, having an established process for managing the risk of incumbency can help mitigate potential bias and support open and effective competition

Good procurement outcomes are often determined well before a request to go to market is issued. Our audit work continues to show the importance of early and disciplined planning — including as contracts approach their end — to consider whether arrangements remain fit-for-purpose, whether supplier performance meets expectations, and whether there is sufficient time to plan extensions or a return to market in a way that supports value for money.

Effective planning also means allowing time to understand what the market can offer. Market soundings and requests for information can help identify available capability and emerging risks, but they need to be undertaken early enough to inform a well-designed approach to market and allow suppliers sufficient time to respond.

Integrity underpins public trust in government and is foundational to effective public administration. It shapes how decisions are made, how risks are managed, and how public servants exercise their responsibilities in what are often complex or high-pressure environments.

We recently published our Integrity Framework 2025–26 and Integrity Report 2024–25. Together, these documents set out how we structure, operate and report on integrity. While our framework is tailored to our role, it illustrates how integrity arrangements can be strengthened when they are embedded in day-to-day practice and supported by clear assurance and reporting. Effective integrity frameworks also benefit from being clearly connected to broader enterprise initiatives — such as people, capability and performance strategies — so that integrity expectations are reinforced through everyday systems and behaviours.

These themes align with findings from our performance audit Implementation of Ethical Frameworks: the Department of Employment and Workplace Relations. The audit highlighted that having an overarching ethical framework or strategy is only one part of the picture — effective implementation, embedding and monitoring are critical.

The audit reinforced the importance of ‘tone from the top’ in shaping ethical culture. Senior leaders play a central role in modelling expected behaviours, reinforcing ethical expectations and setting clear signals about what matters, particularly where staff are exercising judgement or balancing competing priorities.

It also highlighted the need for clear and well-integrated mechanisms to give effect to ethical strategies and policies. This includes aligning ethical frameworks with administrative arrangements such as accountable authority instructions, annual management assurance processes, conflicts of interest declarations, complaints handling and investigation mechanisms, and fraud and corruption controls. When these elements operate in isolation, it becomes harder to assess whether ethical frameworks are working as intended.

The audit emphasised the importance of assurance and reporting. Regular, evidence-based reporting to executive boards, audit and risk committees and accountable authorities supports effective oversight of ethical risks and helps entities identify and address emerging issues early.

In late October, we published the second edition of what we intend to be an annual performance audit outcomes information report. The report draws together key themes from the 44 performance audit reports that were tabled in FY2024–25.

Four consistent themes emerged, with the first being integrity — highlighting the importance of strong integrity management, compliance with established frameworks and sound recordkeeping practices. We are still seeing breaches of core requirements including the CPRs and the CGRPs, and ongoing weaknesses in records management across the public sector.

The second theme was stewardship — emphasising the need for long-term planning, particularly in areas such as asset management and the renewal of long-term contracts. It is also important to understand the responsibility of policy owners to ensure that whole-of-government frameworks remain fit for purpose over time, not just effective at the point they are introduced.

Risk management was another recurring theme, with audits highlighting the importance of actively identifying and managing risks, including through the effective use of risk-based approaches to regulation.

Finally, performance management featured strongly, particularly the need for robust monitoring and reporting, effective contract management and stronger evaluation of programs and initiatives. We continue to see persistent weaknesses in evaluation across the sector.

We published the Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2025 this week. This report presents the results of our most recent financial statements audits of 243 Australian Government entities (and the Consolidated Financial Statements).

Based on the findings in the report, the quality of financial reporting across the Australian Government sector remains strong. We continue to see improvements in financial statements preparation processes. This reflects the sustained effort by entities to strengthen their financial reporting capability and supports confidence in the reliability of financial information provided to the Parliament.

It has also been encouraging to see the progress entities have made in implementing the Commonwealth Fraud and Corruption Control Framework 2024. Most entities have successfully integrated corruption risk considerations into their fraud control arrangements and strengthened governance over fraud and corruption risks. These steps are critical in safeguarding public funds and in preventing both financial and reputational harm to government.

As in previous years, our audits continue to highlight that IT controls remain the most significant area of risk across the sector — at a time when cyber threats are increasing, reliance on IT systems for service delivery is growing, and IT environments are becoming more complex. Security fundamentals including user access management and controls over system changes remain issues, and have the potential to cause significant financial and operational disruption if risks are realised. These risks need to be managed as enterprise-wide business risks, not just technical issues.

Our audit work also shows that getting the basics right in IT is essential to managing a rapidly changing digital environment. We have seen strong examples this year of entities making concerted efforts to address long-standing IT findings. A common feature of these entities has been strong leadership and a clear recognition that IT control weaknesses are business-critical matters.

A continued increase in the identification of legislative breaches, indicates that assurance over the lawfulness of decision-making and delivery remains an area for improvement across the sector. Our audit work points to the importance of greater visibility of legal advice within entities on a risk basis, building staff capability and understanding of relevant legislation, and ensuring that IT systems and business processes align with legal requirements as they evolve over time.

Finally, I’d like to acknowledge the role that portfolio departments play in supporting smaller entities within their portfolios, particularly in navigating complex financial reporting matters. This support helps strengthen capability, supports compliance and provides a practical example of collaboration and stewardship in action. I encourage entities to continue this approach.

Our latest major projects report (MPR) also tabled this week. The MPR is an annual review of a selection of the Department of Defence’s major equipment acquisition projects. The 2024–25 MPR is the eighteenth in the series and is undertaken at the request of the Joint Committee of Public Accounts and Audit (JCPAA). The report supports parliamentary scrutiny and contributes to the national conversation on the management of major Defence acquisitions.

The report included one emphasis of matter relating to the extent of information classified as ‘not for publication’. Of the 21 projects examined, 19 PDSSs contained information marked as not for publication, which reduces the level of transparency available to the Parliament and other stakeholders.

The MPR provides the Parliament with an important source of independent assurance over the transparency and reporting of major Defence projects. The JCPAA is currently conducting an inquiry into the 2023–24 Major Projects Report. People involved in major capital programs may wish to consider how the themes raised in the report — including transparency, risk management and schedule performance — apply more broadly to the governance of large, complex projects.

A key focus for us this year has been supporting the formation of the 48th Parliament of Australia, and particularly through our engagement with the JCPAA. Our reports to the Parliament play an important role in supporting parliamentary scrutiny, providing transparency over government operations, supporting informed scrutiny through estimates and inquiries, and helping build trust and confidence in government.

The JCPAA has established momentum early in the new Parliament, having already commenced five inquiries based on our work:

• Commonwealth Financial Statements 2023-24
• 2023-24 Major Projects Report
• Administration of the National Disability Insurance Scheme
• Effectiveness of Australia's National Anti-Doping Scheme
• Procurement of mandated national support and advocacy services for victims of child sexual abuse

We’ve already provided a number of private briefings to support the committee’s understanding of our role and work, and appeared at numerous public hearings to assist with its inquiry program.

We look forward to the JCPAA’s reports as its inquiries progress. JCPAA reports are an important resource for the public sector, and consistently provide insights that help identify areas for improved performance, strengthen accountability and support better outcomes for the Parliament and the public.

We are always happy to share our insights and lessons to help to improve public administration and to educate entities about the ANAO’s audit processes. If you would like senior ANAO staff to come and speak to your executive board, SES cohort or other groups of staff, please discuss this with your ANAO audit contact or reach out to engagement@anao.gov.au.