The ANAO Corporate Plan 2018–19 is the ANAO's key strategic planning document. It guides our operating environment and sets out how we will deliver on our purpose. The corporate plan is complemented by the annual audit work program which reflects the ANAO's audit strategy and deliverables for the coming year.


Auditor-General’s foreword

The ANAO Corporate Plan 2018–19 updates the previous plan and outlines how the Australian National Audit Office (ANAO) intends to deliver against its purpose. This plan sets out our approach and priorities for the next four years (2018–2022) and the measures by which we will be held to account. It recognises our commitment to continue building capability and highlights our desire to engage positively and transparently in delivering audit and support services to the Parliament.

The corporate plan is the ANAO’s primary planning document. Our strategic planning process allows us to continually improve practices and capabilities to demonstrate value in the delivery of services to the Parliament. The corporate plan is complemented by the annual audit work program, which reflects the ANAO’s audit strategy for the coming year.

The ANAO operates in a dynamic environment that can impact our ability to deliver our purpose. This plan outlines the key capability investments we will make over the next four years to achieve our purpose. In addition, the plan provides detail about our approach to risk management, which is critical to successfully meeting our responsibilities in providing professional and independent audits to the Parliament.

Statement of preparation

As the accountable authority of the Australian National Audit Office, I am pleased to present the ANAO Corporate Plan 2018–19 as required under paragraph 35(1)(b) of the Public Governance, Performance and Accountability Act 2013.

Grant Hehir
4 July 2018

At a glance

A summary of the ANAO’s purpose, outcomes and activities is shown in Figure 1.

Figure 1: ANAO’s purpose, outcomes and activities


Our purpose

The purpose of the Australian National Audit Office is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance.

The ANAO delivers its purpose under the Auditor-General’s mandate in accordance with the Auditor-General Act 1997, the Public Governance, Performance and Accountability Act 2013 and the Public Service Act 1999.

The executive arm of government is accountable to Parliament for its use of public resources and the administration of legislation passed by the Parliament. The Auditor-General scrutinises and provides independent assurance as to whether the executive is operating and accounting for its performance in accordance with Parliament’s intent (see Figure 2).

Figure 2: How the ANAO delivers its purpose

Our role

The Auditor-General is appointed for a term of 10 years by the Governor-General on the recommendation of the Joint Committee of Public Accounts and Audit (JCPAA) and the Prime Minister. As an independent officer of the Parliament, the Auditor-General has complete discretion in the performance or exercise of the functions or powers under the Auditor-General Act 1997 (the Act). In particular, the Auditor-General is not subject to direction in relation to:

  • whether a particular audit is to be conducted;
  • the way a particular audit is to be conducted; or
  • the priority given to any particular matter.

In the exercise of the functions or powers under the Act, the Auditor-General must have regard to the audit priorities of the Parliament, as determined by the JCPAA.

Under the Act, the Auditor-General’s functions include:

  • auditing the financial statements of Commonwealth entities, Commonwealth companies and their subsidiaries;
  • conducting performance audits, assurance reviews, and audits of the performance measures, of Commonwealth entities and Commonwealth companies and their subsidiaries;
  • conducting a performance audit of a Commonwealth partner as described in section 18B of the Act;
  • providing other audit services as required by other legislation or allowed under section 20 of the Act; and
  • reporting directly to the Parliament on any matter or to a minister on any important matter.

The ANAO supports the Auditor-General in this role.

ANAO values

The ANAO upholds the Australian Public Service (APS) values as set out in the Public Service Act 1999. In addition to the APS values, the ANAO places particular focus on respect, integrity and excellence — values that align with the APS values and address the unique aspects of the ANAO’s business and operating environment. The ANAO’s values guide the office in performing its role objectively, with impartiality and in the best interests of the Parliament.

Corporate structure

The ANAO is organised into five functional areas:

  • Assurance Audit Services Group provides independent assurance on the financial statements and financial administration of all Australian Government entities. It also conducts assurance reviews.
  • Corporate Management Group leads corporate strategy and change for the ANAO. It provides services based on specialised knowledge, best practices and technology that enable the delivery of the ANAO’s purpose and audit outcomes.
  • Performance Audit Services Group conducts performance audits, audits of performance statements and assurance reviews of Australian Government entities and their activities and produces related publications and other information reports.
  • Professional Services and Relationships Group provides technical accounting, audit and legal advice and support to the Auditor-General, establishes, manages and monitors the implementation of the quality assurance framework, and manages the ANAO’s external relations.
  • Systems Assurance and Data Analytics Group provides IT audit and data analytics support to the ANAO’s assurance and performance audit work, with staff from a range of professional and technical backgrounds including project management, system administration, database development, data analysis and financial systems management.

The ANAO website contains further information about the ANAO’s corporate structure.

Key relationships

The ANAO’s primary relationship is with the Australian Parliament. The ANAO’s key interaction with the Parliament is through the JCPAA. Among its responsibilities, the JCPAA considers the operations and resources of the ANAO, including consideration of the ANAO draft budget estimates and making recommendations to both houses of Parliament. The JCPAA is also required to review all ANAO reports that are tabled in Parliament and to report the results of its deliberations to both houses of Parliament. The JCPAA’s primary purpose in reviewing audit reports is to assess whether audited agencies have responded appropriately to the Auditor-General’s findings. The ANAO supports the work of the Parliament more broadly by providing independent assurance and opinions, including submissions, information, assistance and briefings to parliamentarians and to parliamentary committees. The Parliament and its committees also scrutinise the work of the ANAO.

The ANAO’s relationship with the accountable authorities of Australian Government entities is important as they have primary responsibility for and control over Australian Government entity operations. This relationship is supported by the ongoing engagement undertaken with officials of audited entities and by the ANAO’s attendance at audit committees of Australian Government entities.

The ANAO invests in a number of key external relationships to support organisational learning through the exchange of information and practices. The ANAO contributes to the Australasian auditing community as a member of the Australasian Council of Auditors-General. The ANAO also has close links with the international and regional auditing community through the International Organization of Supreme Audit Institutions and its regional working groups, and contributes to the delivery of the Australian Government’s aid program in the Indo-Pacific region. The ANAO values its relationships with the Australian Accounting Standards Board and the Auditing and Assurance Standards Board in their roles of setting and maintaining professional and ethical standards for the accounting and auditing professions.

The ANAO website contains further information about the ANAO’s relationships.

Strategic planning framework

The ANAO’s planning, governance and strategic direction are underpinned by a strategic planning framework (see Figure 3). The corporate plan is the ANAO’s primary planning document and covers a rolling four-year period. From this plan, the ANAO’s annual priorities flow into the annual audit work program, business plans, and then to individual performance agreements. The ANAO reports on its activities through its Annual Report.

Figure 3: ANAO’s strategic planning framework


Adapting and responding to changes in a dynamic operating environment is critical to delivering the ANAO’s purpose. The ANAO’s operating environment is characterised by factors:

  • that are largely outside of its control, such as changes in the government sector;
  • over which the ANAO has partial control, such as the impact of data on audit; and
  • which are within the ANAO’s control, such as ensuring staff are equipped to deliver quality audit products.

The extent to which an environmental factor is within or outside the ANAO’s control impacts on the approach that the ANAO takes in responding to that factor. The capability section of this corporate plan sets out the actions that the ANAO is taking to respond to changes in the operating environment to support achievement of the ANAO’s purpose over the next four years.

This section sets out the nature of the ANAO’s operating environment over the four-year period of this corporate plan, and how the operating environment may affect the ANAO’s operations and influence the focus of the ANAO’s annual audit work program.

The Parliament

Primarily through the legislation it enacts, the Parliament shapes and determines the environment in which the public sector operates. Transparency and accountability ensures that government can demonstrate performance against stated objectives and that the actions and decisions taken by public officials are subject to oversight. To assist in facilitating this transparency and accountability, the Parliament has established the Auditor-General as an independent officer of the Australian Parliament with discretion in the performance or exercise of their functions or powers. This independence is fundamental to the ability of the ANAO to provide evidence-based reports for Parliament to enable further enquiry, noting that the JCPAA reviews every audit report tabled by the Auditor-General. To maintain credibility in exercising the Auditor-General’s powers and delivering the mandate, the ANAO should demonstrate the strongest integrity. Parliament needs confidence that the ANAO operates with the highest levels of impartiality and independence, and that the auditing approach meets the auditing standards set by the Auditor-General. This requires the ANAO to have a strong quality framework and an actively managed integrity and controls framework.

The Public Management Reform Agenda (PMRA), with the PGPA Act as its cornerstone, has sought to modernise the resource management framework of the Government. This regulatory framework is based on a principles and risk management approach to compliance with rules and guidance. The PGPA Act and PGPA Rule provide a useful framework for increasing transparency through emphasis of risk management, corporate planning and performance reporting. These elements of the framework have the potential to facilitate improved risk and performance management and improved accountability to Parliament and the community. The operation of the PGPA Act and Rule are currently subject to an independent review which is assessing whether these benefits have been realised, in line with the objects of the PGPA Act. The review may make recommendations about what could be done in the future, including recommendations on refining the PGPA Act and Rule.

In an environment where accountable authorities are charged with the delivery of the Government’s agenda with little central public service oversight, the ANAO identifies risks to the sector in that delivery against the frameworks established by Parliament, government and by accountable authorities themselves. This can create tension when the principles and risk management approaches of recent reforms do not deliver the level of compliance with mandatory requirements that the Parliament expects. There is some evidence that the Parliament is signalling a desire for more system-level assurance and transparency of the operation of frameworks in the public sector such as the Performance Reporting, Corporate Planning and Risk Management rules under the PGPA, Protective Security Framework including cyber security rules, Commonwealth Procurement Rules, and Commonwealth Grant Rules and Guidelines. Increasingly the Parliament is also seeking insight from the ANAO on the relationship between compliance and organisational culture.

New models of government service delivery

The ANAO must maintain a contemporary understanding of the public sector. This supports delivery of an integrated audit work program that provides assurance of public sector performance and sustainability and ensures that the ANAO’s operations remain contestable and efficient. Failure to adequately respond to changes in the government sector could negatively impact:

  • confidence in the ANAO;
  • the ability to encourage improved performance and accountability in the public sector; and
  • the effective and professional operation of the ANAO.

Changes to service delivery by the public sector are intended to deliver government services more effectively and efficiently. The way in which the Government seeks to deliver cost effective services continues to evolve. This includes direct service delivery by government, joined–up service delivery within the sector and with private sector providers, contracted providers, and equity investment, grants and loans. In this environment the ANAO must remain abreast of new approaches in order to provide high quality, insightful audits to Parliament.

Many aspects of public sector work are now delivered through contracting of providers. This requires skills sets in procurement and performance management within the Australian Public Service (APS). The ongoing desire for government to have access to new policy ideas and the quest for innovation in both policy advice and implementation requires focus on planning and risk management and quality of evidence. For the ANAO, the use by the public sector of outsourced providers can lead to challenges including access to information, and concerns regarding the use of ‘commercial’ information. The focus remains on providing independent and timely audit findings to the Parliament to support accountability.

The Prime Minister has commissioned a major review of the APS to ensure it is best placed to serve Australian governments and the Australian people into the future. The review will examine ‘the capability, culture and operating model of the APS, to ensure the APS is ready to capitalise on these opportunities, improve citizens’ experience of government, and deliver better services’. The objective of the review is to ensure that the APS is fit for purpose for the coming decades. The outcomes of the review will factor into the ANAO’s consideration of delivery and risk.

Technology and digital transformation

Technological advances over the last decade have enabled the collection of large datasets that present opportunities for analysis to reveal trends, patterns and associations and change the interface between citizens, businesses and government. In response to technological advances, government is working to improve how it delivers services online. A major component of this change is the Digital Transformation Agenda. Under the agenda, government departments and agencies will increasingly deliver a range of initiatives that are expected to provide benefits to all users and improve their experience in dealing with government. Major initiatives include Single Touch Payroll, My Health Record, the Modernising Health and Aged Care Payments Services Program, the Trusted Digital Identity Framework, whole-of-government platforms, grants administration, and a streamlined online business registration services.

Further changes include the Digital Service Standard, which ensures digital teams build government services that are simple, clear and fast. At the same time, the ongoing shift to digital services brings additional risks to stability and security of systems, integrity of data and business continuity.

It is expected that public sector entities will continue to collect, generate and share ever-increasing volumes of data and information, which will be managed and analysed to inform decision-making about the effectiveness and efficiency of government services. Data analytics can inform evidence-based policy, drive risk-based compliance and regulatory activities, and enable performance monitoring and measurement. This presents the ANAO with opportunities and challenges regarding accessing and using data in the audit evidence base. Data and analytics are enabling auditors to better identify financial reporting, fraud and operational business risks, and tailor their approach to deliver more targeted risk-based audits.

Failure to adequately respond to key technological and data changes, and how government uses technology, could negatively impact the ability of the ANAO to achieve its purpose through failing to leverage audit opportunities and efficiencies that data analytics presents. Investing in a workforce that is skilled to utilise data as part of the audit is a key priority for the ANAO.

Adequate security and privacy restrictions are critical in considering the proliferation of data capture and storage. At a global level, data breaches are illustrating the importance of maintaining personal privacy over large datasets. With the rapidly growing cyber security threats, it is necessary for organisations to understand their information and data risks and protect their critical information assets — including private, sensitive and security classified data — from malicious adversaries. This has important consequences for the ANAO in terms of ensuring appropriate management of data collected through the audit process. Failure to do so effectively could result in a loss of confidence in the ANAO, which is the most significant risk the office faces in delivering its purpose.

Audit profession

The ANAO is a professional organisation of people with strong technical and specialist skills who produce quality audits. It is through its high-quality, high-performing people that the ANAO delivers its purpose to the Parliament. The ANAO must continue to deliver the right people, in the right numbers, in the right places, at the right times. As the external environment changes, the ANAO must ensure that it remains relevant and effective. Continuous improvement of staff skills will be a key requirement over the next four years, through the office’s ability to attract, retain and develop quality people.

Auditors will always need deep knowledge and experience in traditional areas such as auditing standards, financial accounting and reporting, internal controls, IT, managerial accounting, and taxation. ANAO auditors, now and in the future, will also have:

  • good communication skills;
  • deep industry expertise;
  • strong digital skills;
  • the ability to think critically and creatively; and
  • the ability to use technology to analyse external audit data to find risks and insights.

The ANAO is alert to changes in the auditing profession and their impact on the ANAO workforce. Globally, there is increased discussion of the importance of the quality of audit work due to reliance that is placed on that work. This is equally important in the public and private sectors. Community expectations of the performance of entities increasingly sees it turning to the audit profession to give independent and robust assurance. Integrity and quality in auditing will remain strong cornerstones of the ANAO’s work.

The ANAO upholds the APS values as set out in the Public Service Act 1999. In addition to the APS values, the ANAO places particular focus on respect, integrity and excellence — values that align with the APS values and address the unique aspects of the ANAO’s business and operating environment. The ANAO’s values guide the office in performing its role objectively, with impartiality and in the best interests of the Parliament. The ANAO stresses high standards to ensure independence and accountability across all levels of the organisation, which is essential in the ‘glasshouse’ in which the ANAO operates.

The ANAO will continue to embed a culture of professionalism and quality, retaining a strong cohort of leaders that can effectively respond to current and emerging challenges. The ANAO will also build capability in the areas of data analytics, cyber security, digital communication, and risk identification and management. Failing to maintain and develop an appropriately skilled workforce has a direct impact on the office’s risk management and ability to deliver its audit work.


From 2016 to 2018, the ANAO delivered its capability investments through implementation of the Future Ready change program, which outlined the strategic shifts of the ANAO towards the delivery of sustainable, value-adding audit services. Future Ready focused on four capability areas for the ANAO to improve business delivery against the corporate plan. These key capabilities included new models of audit service delivery; advanced information and communications technology (ICT) strategy and systems; contemporary communication capabilities; and leadership capabilities.

To position the ANAO to continue to meet its purpose within the environment described above, the ANAO will make investments in improving ways of working, data and analysis, workforce capability and the quality framework over the next four years. Investments in these four capability areas will support the ANAO in achieving its purpose.

Ways of working

ANAO auditors are a mobile workforce, often working at client sites. The ANAO building lease and IT support contract are expiring in close proximity to each other. These are key enablers of the work of the office. Work has commenced to source office accommodation arrangements and technology services that will support audit work into the next decade.

The ANAO will focus on ways of working that will:

  • enable access to and analysis of audit information securely from anywhere;
  • simplify business processes by automating where appropriate; and
  • provide an office environment and support sharing of learnings and insights, and collaboration on audit work.

Over the next four years, the ANAO will implement the following strategies to support enhancements to the ANAO’s ways of working:

  • new IT support contract with a focus on performance, remote availability of ANAO systems, and security;
  • developing a cloud strategy;
  • refurbished flexible, activity-based working environment;
  • improved day-to-day operations of the ANAO through streamlined process administration projects, such as the whole-of-office resourcing tool; and
  • refreshed strategic communications, particularly with respect to the Parliament.

Data and analysis

The ANAO created the Systems Assurance and Data Analytics Group in 2017. Its focus is on increasing quality and productivity in our audit work in an environment of increased data collection and generation in the public sector. Investing in the data capability of the ANAO is also expected to support audit planning, improved audit outcomes, and new audit products and services. Investing in data analytics capability will be supported by implementation of the ANAO Data Analytics Strategy over the next four years. Initially, the strategy will focus on delivering the following three projects:

  • the Data Analytics Pilot, which will leverage technology to automate manual audit procedures and enable our auditors to quickly focus audit attention on higher risk areas across complete populations of procurement data;
  • identification of tools and systems to support data analysis in audit work; and
  • electronic access to information and evidence in government.

Workforce capability

The ANAO employs approximately 340 staff — who are our biggest investment and integral to the delivery of quality audits, other reports and support functions. Failure to build a sustainable workforce would directly impact the ANAO’s ability to deliver high-quality audit reports and insights, and therefore achieve its purpose.

The ANAO has developed a workforce plan that will address current and future capability needs, identify critical roles, and guide professional development and talent management.

The workforce plan will be implemented over the next four years through the development of two enabling frameworks and three strategies:

  • human resource metrics framework;
  • core capability framework, including new capability areas such as data analytics and assurance;
  • recruitment strategy;
  • onboarding and separation strategy; and
  • development and high performance strategy.

Quality framework

The ANAO maintains an ongoing focus on the quality framework as a core business investment. A sound quality framework supports delivery of high-quality audit work and enables the Auditor-General to have confidence in the opinions and conclusions in reports prepared for the Parliament.

The ANAO quality framework is in accordance with the requirements of Auditing Standard ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and other Financial Information, other Assurance Engagements and Related Services Engagements (ASQC1). Under ASQC 1 the system of quality control established and maintained by the ANAO is required to include policies and procedures that address a number of elements including leadership responsibilities for quality, ethical requirements, human resources, engagement performance and monitoring of quality.

The framework encompasses a number of key elements including learning and development requirements, delegations framework, methodology development and review, an escalation framework for accounting policy and qualifications risk, both supervisory and arms’ length internal review, and external review. The framework and its activities are overseen by the Professional Services and Relationships Group which reports to the Auditor-General on technical quality and standards issues.

The ANAO is subject to external review, both through peer review arrangements with international colleagues and external audits. Section 41 of the Auditor-General Act 1997 establishes the position of the Independent Auditor, appointed by the Governor-General. Under section 45(1) of the Act, the Independent Auditor may at any time conduct a performance audit of the ANAO (having regard to the audit priorities of the Parliament determined by the JCPAA) and audits the ANAO financial statements annually.

The ANAO maintains a continued focus on independence through the application of the ANAO Independence Policy which manages threats to independence in the conduct of the ANAO’s audit and assurance work and other activities — this is a key risk in auditing work which goes to the heart of quality.

In support of an ongoing focus on quality, over the next four years the ANAO will implement a revised quality framework that will incorporate independent quality reviews, following trials in 2017–18. Further work will also occur in the development of methodology to support the implementation of new accounting and audit standards, performance statements audits, data assurance activities and new workflow systems for all audit types.

Activities and performance

The ANAO has one purpose: to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby improve public sector performance.

Performance measurement informs the Parliament about the ANAO's performance and delivery of its purpose, and provides accountability to the Parliament. The performance framework is also designed for the ANAO's leadership and staff to understand the impact of the activities they are responsible for in delivering against the ANAO's purpose.

The performance measures provide information about what the ANAO expects to achieve in the next four years. The measures will be reported annually over the life of the corporate plan and will be reviewed annually.

The performance measurement framework is based on measuring:

  • what we did (output);
  • how well we did it (quality and/or efficiency); and
  • what the benefits were (impact).

Taken together, the performance measures tell a story of the ANAO's achievement of its purpose. The output measures relay progress in the delivery of the ANAO's audit work. This audit work generates findings and recommendations for improvement that are directed at entities and tabled in Parliament. The impact measures seek to provide information on entities' implementation of audit findings and recommendations for the information of the Parliament, and the extent to which Parliament's engagement with our work leads to improvements in public sector administration.

The ANAO performance measures also include measures relating to quality and/or efficiency. The ANAO operates in a contestable environment and is committed to demonstrating transparency of its operations. The quality and efficiency measures are intended to demonstrate efficient use of taxpayer resources and the ANAO's commitment to quality in its work.

The ANAO annual report contains the annual performance statements, which reports on the achievement of the performance measures and provides narrative and analysis relating to the ANAO's performance. The annual performance statements tell a cohesive performance story on the extent to which the ANAO is meeting its purposes through the activities we undertake.

The activities that contribute to achieving the ANAO's purpose are assurance audit services, performance audit services, and relationships and corporate and professional services.

Assurance audit services

Assurance audit services contribute to achieving the ANAO's purpose through:

  • providing assurance on the fair presentation of financial statements of the Australian Government and its controlled entities by providing independent audit opinions for the Parliament, the executive and the public;
  • presenting two reports annually addressing the outcomes of the financial statement audits of Australian Government entities and the consolidated financial statements of the Australian Government, to provide the Parliament with an independent examination of the financial accounting and reporting of public sector entities; and
  • contributing to improvements in the financial administration of Australian Government entities.

The ANAO audits the annual financial statements of Australian Government entities and the consolidated financial statements of the Australian Government. The consolidated financial statements present the consolidated whole-of-government financial result inclusive of all Australian Government controlled entities, including entities outside the general government sector. These audits are designed to give assurance to the Parliament that an entity's financial statements fairly represent its financial operations and financial position at year end. The ANAO also undertakes a range of assurance reviews by arrangement with entities, and in accordance with section 20 of the Auditor-General Act 1997. An assurance review of defence major projects is also undertaken annually. More detail on the ANAO's assurance audit services is contained in the annual audit work program.

To assess its performance against its purpose in relation to assurance audit activities, the ANAO measures:

  • the number of financial statements audit opinions issued;
  • the number of other assurance reports produced;
  • the number of financial statements–related reports produced;
  • the timeliness of issuing the auditor's opinions; and
  • the average cost of financial statements audits. The ANAO also measures the percentage of recommendations agreed and implemented by audited entities.

The performance measures and targets for assurance audit services from 2018–19 to 2021–22 are shown in Table 1.

Table 1: ANAO performance measures — assurance audit services

Performance measure

Annual target

Reported in





What we did (output)

Percentage of the mandatory financial statements auditor's reports completed






Number of financial statements–related audit reports presented to Parliament






Number of assurance audit reports by arrangement






How well we did it (quality and/or efficiency)

Percentage of auditor's reports issued within three months of the financial-year-end reporting date






Percentage increase to average cost per financial statements audit






What the benefits were (impact)

Percentage of moderate or significant findings from assurance audit reports agreed to by audited entities






Percentage of moderate and significant findings that are addressed by entities within one year of reporting







Performance audit services

Performance audit services contribute to achieving the ANAO's purpose through:

  • audits of the performance of Australian Government programs and entities, including identifying opportunities for improvement and lessons for the sector; and
  • other assurance reviews and information reports to Parliament.

The ANAO's performance audit activities involve the audit of all or part of an entity's operations to assess its economy, efficiency, effectiveness, ethics and legislative and policy compliance. The ANAO identifies areas where improvements can be made to aspects of public administration and makes specific recommendations to assist public sector entities to improve their program management. Entities indicate their agreement to implement ANAO recommendations in the audit report, which is tabled in Parliament. In this way, entities inform Parliament of improvements they intend to make as a result of ANAO audits. More detail on the ANAO's performance audit services is contained in the annual audit work program.

To assess performance against purpose in relation to performance audit activities, the ANAO measures:

  • the number of performance audits presented;
  • the timeliness of completing performance audits;
  • the average cost of performance audits; and
  • the percentage of recommendations agreed and implemented by audited entities.

The performance measures and targets for performance audit services from 2018–19 to 2021–22 are shown in Table 2.

Table 2: ANAO performance measures — performance audit services

Performance measure

Annual target

Reported in





What we did (output)

Number of performance reports prepared for Parliament






How well we did it (quality and/or efficiency)

Average elapsed time (months) for completion of performance audits






Percentage increase to average cost per performance audit






What the benefits were (impact)

Percentage of recommendations included in performance audit reports agreed by audited entities






Percentage of ANAO recommendations implemented within 24 months of a performance audit report







Relationships, corporate and professional services

Relationships, corporate and professional services are not a separate program in the ANAO's Portfolio Budget Statements, and activity measures here are shared across the ANAO. This area of activity contributes to achieving the ANAO's purpose through:

  • facilitating dissemination of the ANAO's findings to members of Parliament, the executive and the public;
  • providing organisation-wide support services for the ANAO, based on specialised knowledge, professional practice and technology; and
  • ensuring ANAO audits are of high quality and compliant with auditing standards.

To assess its performance against its purpose in relation to relationships and professional and corporate services, the ANAO measures its performance in delivering audit services through its key relationship with the Parliament; and the publication of audit insights and key learnings from audit work. The ANAO also evaluates whether the independent Quality Assurance Program indicates that audit conclusions are appropriately supported. The performance measures and targets for relationships, corporate and professional services from 2018–19 to 2021–22 are shown in Table 3.

Table 3: ANAO performance measures — relationships, corporate and professional services

Performance measure

 Annual target

Reported in






What we did (output) 

Number of appearances and submissions to parliamentary committees






Percentage of private briefings undertaken at request of parliamentarians






How well we did it (quality and/or efficiency)

The ANAO Quality Assurance Program indicates that audit opinions and conclusions are appropriate






Percentage of inquiries and audit requests from parliamentarians finalised within 28 days






What the benefits were (impact)

Percentage of JCPAA members surveyed who were satisfied that the ANAO improved public sector performance and supported accountability and transparency






Number of published audit insights and key learnings from across ANAO activities







Risk oversight and management systems

The effective management of risk is critical to achieving our purpose over the four years of this corporate plan. The ANAO’s Risk Management Framework is based on adherence to the Commonwealth Risk Management Policy of July 2014. The policy adopts definitions outlined in the international standard on risk management, AS/NZS ISO 31000:2009 Risk management – Principles and guidelines. The standard defines risk as ‘the effect of uncertainty on objectives’, and risk management as the ‘coordinated activities to direct and control an organisation with regard to risk’. The policy has nine elements and the ANAO has established risk oversight and management systems to address each of those elements, as outlined below.


Elements 1 and 2 — Establishing a risk management policy and framework

The ANAO’s risk management policy statement communicates the ANAO’s approach to effective risk management and our desire to implement a single framework that contributes to strong management practices and decision-making associated with the ANAO’s business operations. The purpose and scope of the ANAO’s Risk Management Framework is to:

  • articulate the ANAO’s risk management policy;
  • provide an overview of the risk management processes adopted by the ANAO;
  • define the key attributes and objectives for the ANAO’s risk culture;
  • describe roles and responsibilities for managing risk; and
  • outline the process for reporting on risk and ongoing monitoring and review.

The effective management of risks plays an important role in shaping the ANAO’s strategic direction, and thereby the successful delivery of the ANAO’s purpose. The ANAO’s Risk Management Framework is reviewed annually and endorsed by the Auditor-General.

Element 3 — Defining responsibility for managing risk

The Auditor-General, taking into account the advice of the Executive Board of Management, approves our Risk Management Framework and Risk Register and determines the ANAO’s appetite and tolerance for risk. The framework identifies specific responsibilities for key personnel across the ANAO, and the Risk Register assigns owners for each enterprise-level risk. In addition, all ANAO staff have a general responsibility to practice active risk management. This includes remaining vigilant to changes in the ANAO’s operating environment that could result in new risks or changes to the ANAO’s exposure to current identified risks.

Each individual audit work plan assesses engagement and operational risks and mitigation strategies, and risk is assessed at all audit review points. Responsibility for managing operational audit risk is assigned to responsible senior executives and audit managers.

The ANAO Audit Committee also reviews the Risk Management Framework and Risk Register at least annually.

Element 4 — Embedding systematic risk management into business processes

Effective risk management requires senior executives and all ANAO staff to understand the business risks in their area and actively manage those risks as part of their day-to-day activities. The ANAO’s management of risk is designed to be built into business-as-usual practices, with the aim of using consistent language, approaches and documentation across all levels of the organisation. The ANAO requires that formal risk assessments be undertaken in all key areas, including when:

  • planning and conducting audits;
  • assessing specific work health and safety implications or concerns;
  • conducting significant procurement activities;
  • undertaking business continuity and disaster recovery planning; and
  • assessing protective security requirements.

Staff allocated responsibility for managing particular risks must ensure appropriate monitoring and reporting occurs through the ANAO’s existing management reporting and governance framework.

Element 5 — Developing a positive risk culture

Risk influences the outcome of all work undertaken by the ANAO. The ANAO’s Risk Management Framework fosters a positive risk culture where risks are appropriately identified, assessed, communicated and managed across all levels of the entity as part of everyday decision-making processes. Recognising that the ANAO generally has a low risk appetite regarding its business-critical activities, the ANAO looks to increase its engagement with risk in order to support innovation and a more positive risk management culture within the office. Senior management and other identified individuals are responsible for driving the risk culture and proactively provide feedback through normal reporting channels on external interactions with key stakeholders regarding areas of potential risk.

Element 6 — Communicating and consulting about risk

The ANAO’s Risk Management Framework was developed in consultation with the ANAO’s service groups and support areas and is also based on the ANAO’s knowledge and discussions with stakeholders and audited entities. The framework is available on the ANAO website. The Risk Register is reviewed quarterly and endorsed by the Executive Board of Management, and is available for ANAO staff on the intranet.

Element 7 — Understanding and managing shared risk

Given the nature of the ANAO’s role in the public sector and the need for the Auditor-General to maintain independence, the ANAO does not generally engage in activities that involve shared inter-entity or cross-jurisdictional risks. The ANAO considers its environment and stakeholders in the assessment and management of risk, but generally it does not jointly or collaboratively manage risks.

The ANAO also engages with other jurisdictions’ auditors-general on risks in the public sector environment that may impact successful delivery of auditors-general mandates. In addition, the ANAO sometimes responds to changes in its operating environment (e.g. changes to accounting standards), and the related risks, in a shared way — through its participation in organisations and associations such as the Australasian Council of Auditors-General and the International Organization of Supreme Audit Institutions.

Element 8 — Maintaining risk management capability

The ANAO provides risk management training for all ANAO staff. This training includes on-the-job training, induction programs, e-learning modules and face-to-face training.

Element 9 — Reviewing and continuously improving the management of risk

The ANAO’s Risk Management Framework and Risk Register are formally reviewed and approved by the Executive Board of Management at least once annually. The framework is reviewed by an external independent consultant on a biennial basis. Strategic and operational risks are monitored and reviewed by the relevant ANAO governance committees. These committees report to the executive board on a regular basis. A summarised strategic risk review, including any risks assessed as high, is presented to the Executive Board of Management quarterly. This process is supported by ongoing discussions at weekly operational meetings attended by executive board members and practice managers.

The ANAO’s internal audit function has a role, via a rolling program of audits, to comment on and provide insights into risk management within the internal audit reports prepared for the Audit Committee. As mentioned previously, the Audit Committee also reviews the draft Risk Management Framework and Risk Register at least annually.

The ANAO participates in the Comcover benchmarking survey and in 2017 our risk management approach was rated as ‘integrated’.

Identification of strategic risks

Changes in the ANAO’s operating environment can impact the ANAO’s risk management approach and the risk rating or risk tolerance for specific risks, and may directly affect the ANAO’s ability to achieve its purpose. Damage to our reputation is the single most important consequence should our risk management fail in a significant way, as it goes to the core of the way we conduct our business and our integrity as a professional audit organisation. The ANAO’s strategic risks are:

  • Parliament loses confidence in the ANAO;
  • the ANAO’s recommendations and findings do not lead to improvements in public sector performance and accountability;
  • the ANAO does not keep pace, in a contestable environment, with reliable, efficient and professional business practices;
  • the ANAO does not achieve the quality standards required to support its work; and
  • the ANAO duplicates effort by not effectively leveraging the data and information it collects.