Introduction

1. This report presents the results of the ANAO’s 2024–25 financial statements audits. This includes the results of the audits of 243 Australian Government entities, including the Australian Government’s Consolidated Financial Statements (CFS).

2. The assessments included in this report are as at 30 June 2025 and the entity names, responsibilities and portfolio allocations used in this report reflect the Administrative Arrangements Orders (AAOs) in place as at that date. Revised AAOs were subsequently made that transferred functions between entities.

Consolidated financial statements

Audit results

3. The Consolidated Financial Statements (CFS) presents the whole of government and the General Government Sector financial statements. The 2024–25 CFS were signed by the Minister for Finance on 23 November 2025, and an unmodified auditor’s report was issued on 25 November 2025.

4. Without modifying the audit opinion, the auditor’s report included an emphasis of matter which draws attention to the accounting policies that describe the inherent uncertainty associated with a number of the assumptions used in the calculation of the Department of Veterans’ Affairs’ (DVA) military compensation provisions and the sensitivity of the valuation of the provision to changes in these assumptions.

5. There were no significant or moderate audit issues identified in the audit of the 2024–25 CFS.

Australian Government financial performance and position

6. The Australian Government reported a net operating balance of a deficit of $41.2 billion ($10.1 billion surplus in 2023–24). The deficit is because expenses outpaced revenue growth in 2024–25. Revenue grew by $29.8 billion (4.1 per cent) while expenses grew by $81.1 billion (11.3 per cent). The largest contributors to the growth in expenditure in 2024–25 was the National Disability Insurance Agency’s participant expenses which increased by $4.5 billion from 2023–24, and DVA’s health care payments and provisions which increased by $22.0 billion from 2023–24.

7. The Australian Government’s net worth position deteriorated from negative $573.7 billion in 2023–24 to negative $632.4 billion in 2024–25 mainly due to a significant increase in liabilities associated with DVA’s military compensation provisions, which grew by $59.7 billion in 2024–25 (see paragraphs 2.1 to 2.19).

Financial audit results

Audit findings

8. Across all financial statements audits, the number of audit findings identified by the ANAO has decreased from 2023–24. A total of 178 audit findings and legislative non-compliance were reported to entities at the conclusion of the 2024–25 financial statements audits (2023–24: 214). These comprised three significant (2023–24: six), 31 moderate (2023–24: 46) and 123 minor (2023-24: 147) audit findings, and 21 instances of legislative non-compliance (2023–24: 15).

9. The three significant audit findings related to compliance and quality assurance frameworks and the accounting and control of non-financial assets and were reported for the Department of the House of Representatives, the Royal Australian Mint, and Services Australia.

10. Seven of the instances of legislative non-compliance related to significant legislative breaches and were reported for the Australian Centre for International Agricultural Research, the Australian Pesticides and Veterinary Medicines Authority, the Department of Health, Disability and Ageing, the Department of the House of Representatives, the Northern Land Council, Tiwi Land Council, and Services Australia.

11. A further seven instances of legislative non-compliance related to incorrect payments of remuneration to key management personnel and/or non-compliance with determinations made by the Remuneration Tribunal and were reported for the Australian Renewable Energy Agency, the Australian Sports Commission, the Australian Fisheries Management Authority, Indigenous Business Australia, WSA Co Limited, the Australian Film, Television and Radio School, and the Australian Institute of Family Studies.

12. IT controls remain a key issue. Forty-five per cent of all audit findings identified by the ANAO related to the IT control environment, particularly IT security. Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage. The number of IT findings identified by the ANAO indicate that there remains room for improvement across the sector to enhance governance processes supporting the design, implementation and operating effectiveness of controls. These matters extend beyond technical IT concerns; they pose significant business risks to the security and the integrity of information systems. Addressing these fundamentals is essential in an environment where entities increasingly rely on technology, including artificial intelligence (AI).

Compliance with Section 83 of the Australian Constitution

13. Section 83 of the Australian Constitution (section 83) provides that no money shall be drawn from the Treasury of the Commonwealth except under appropriation made by law.

14. The Australian Government’s financial reporting framework requires entities to disclose in their financial statements whether a breach has occurred or may have occurred during the reporting period. During 2024–25, 11 entities (2023–24: 10 entities) reported breaches of section 83. (see paragraphs 3.67 to 3.71).

Quality and timeliness of financial statements preparation

15. The ANAO had issued 238 auditor’s reports as at 30 November 2025. The financial statements were finalised and auditor’s reports issued for 82 per cent (2023–24: 79 per cent) of entities within three months of financial year-end.

16. A quality financial statements preparation process will reduce the risk of inaccurate or unreliable reporting. Seventy-four per cent of entities delivered financial statements in line with an agreed timetable (2023–24: 71 per cent). The total number of adjusted and unadjusted audit differences decreased during 2024–25, although 28 per cent of audit differences remained unadjusted (2023–24: 38 per cent).

17. Improvements in the quality and timeliness of financial statements preparation supports observations made by the ANAO that financial reporting processes across the Australian Government sector continues to improve (see paragraphs 3.72 to 3.82).

Timeliness of annual reports

18. Annual reports inform the Parliament, the community and other stakeholders about the performance of entities. Annual reports are approved by the entity’s accountable authority before being provided to the minister and tabled in Parliament.

19. Annual reports that are not tabled in a timely manner before budget supplementary estimates hearings decrease the opportunity for the Senate to scrutinise an entity’s performance. For the 2024–25 reporting period, supplementary estimates hearings were held from 7 to 10 October 2025, and from 1 to 4 December 2025. Twelve per cent of entities tabled annual reports before the October hearings, and 90 per cent of entities tabled annual reports before the December hearings. Of the entities required to table an annual report, 10 per cent had not tabled an annual report as at 30 November 2025 (see paragraphs 3.11 to 3.24).

Fraud and Corruption control frameworks are largely in place

20. The Commonwealth Fraud and Corruption Control Framework 2024 (the Framework) came into effect on 1 July 2024. The Framework captures amendments to the Public Governance, Performance and Accountability Rule 2014, strengthening requirements for Australian Government entities to prevent, detect and deal with fraud and corruption.

21. The ANAO observed that all non-corporate and corporate Commonwealth entities had established a fraud and corruption control plan. Commonwealth companies are not bound by the requirements of the PGPA Rule, however, the ANAO observed that 20 per cent of all Commonwealth companies had adopted the requirements of the Framework as better practice. (see paragraphs 3.112 to 3.125).

Financial sustainability

22. The ANAO’s analysis concluded that the financial sustainability of the majority of entities was not at risk, however, 46 per cent of not-for-profit entities reported a deficit in 2024–25, and 33 per cent of for-profit entities reported a deficit in 2024–25 (see paragraphs 3.83 to 3.111).

1.1 The ANAO prepares two reports annually that provide insights at a point in time to the financial statements risks, governance arrangements and internal control frameworks of Australian Government entities, drawing on information collected during our audits.

1.2 This report is the second of the two reports and focuses on the results of the 2024–25 financial statements audits, including the audit of the Australian Government’s Consolidated Financial Statements (CFS).

Entities included in this report

1.3 This report examines all Commonwealth entities, Commonwealth companies and their subsidiaries that are required to prepare annual financial statements. In 2024–25, this comprised 243 entities (2023–24: 244), including the CFS.

1.4 The assessments included in this report are as at 30 June 2025 and the entity names, responsibilities and portfolio allocations used in this report reflect the Administrative Arrangements Orders (AAOs) in place as at that date.¹ Revised AAOs were made that subsequently transferred functions between entities.

1.5 Appendix 1 lists all entities that are included in this report.

ANAO financial statements audits

1.6 The Auditor-General Act 1997 establishes the mandate for the Auditor-General to undertake financial statements audits of all Australian Government entities. The Public Governance, Performance and Accountability Act 2013 (PGPA Act) requires Commonwealth entities, Commonwealth companies and their subsidiaries to prepare annual financial statements, and for the Auditor-General to audit and report on, those annual financial statements.²

1.7 The Australian Government’s financial reporting framework is primarily based on standards made independently by the Australian Accounting Standards Board (AASB).

1.8 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board. As IFRS are designed primarily for use by private sector and for-profit organisations, the AASB amends the IFRS to reflect significant transactions and events unique to the public sector and not-for-profit private sector. In doing so, the AASB considers standards issued by the International Public Sector Accounting Standards Board (IPSASB).

1.9 The PGPA Act requires Commonwealth entities to apply Australian accounting standards when preparing financial statements. In addition to Australian accounting standards, the Minister for Finance prescribes additional financial reporting requirements for Commonwealth entities via the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (FRR).

1.10 The audits of the financial statements of Australian Government entities are conducted in accordance with the ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997 (A-G Act). The ANAO Auditing Standards incorporate, by reference, the auditing standards made by the Australian Auditing and Assurance Standards Board (AUASB). The AUASB bases its standards on those made by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting board of the International Federation of Accountants.

1.11 The ANAO conducts its financial statements audits in four phases: planning, interim, final and completion. Figure 1.1 outlines the key elements of each phase.

Figure 1.1: ANAO financial statements audit process

Source: ANAO.

Engagement Risk

1.12 The ANAO assesses engagement risk on an annual basis. Engagement risk includes the risks of material misstatement relating to a financial statements audit engagement, and other professional risks such as reputational and litigation risks. The determination of engagement risk provides a basis to determine whether additional quality management responses, in accordance with the Auditing Standards, are required.

1.13 Eight of the entities included in this report have been assessed as having a high engagement risk for 2024–25 (2023–24: 10 entities).

1.14 Table 1.1 shows entities with a high engagement risk rating for 2023–24 and 2024–25.

Table 1.1: Entities with a high engagement risk rating for 2023–24 and 2024–25

Key Audit Matters

1.15 Communicating Key Audit Matters (KAM) helps users of financial statements better understand those matters that, in the auditor’s professional judgement, were of the most significance in the audit of the financial statements³.

1.16 While ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report (ASA 701) requires KAM reporting only for listed entities, the Auditor-General considers including KAM to be good practice for financial statements auditing in the public sector and includes KAM in certain audit reports.

1.17 The ANAO has reported KAM in 2024–25 for the entities included in Auditor-General Report No. 39 2024–25 Interim Report on Key Financial Controls of Major Entities and the Consolidated Financial Statements (CFS). In 2024–25, a total of 60 KAM were reported across 27 entities, consistent with 2023–24. The majority of KAM related to the accuracy, valuation and allocation of assets and liabilities, including:

• advances, loans and other receivables, including accounting for concessional loans and expected credit losses;
• non-financial assets including property, plant and equipment and specialist military equipment, including investment properties;
• investments in listed or unlisted entities, foreign currency and other investment products;
• intangibles, including computer software;
• treasury bonds and notes (Australian Government Securities);
• leases; and
• provisions, including defined benefit superannuation funds, personal benefits and military compensation provisions.

1.18 Other KAM included: completeness and accuracy of expenses relating to personal benefits and grants; and completeness and accuracy of revenue relating to taxation, levies, customs duty, royalty and other revenue arising from fees and charges. Further details of the KAM reported to entities are included in the discussion of results of financial statements audits in Chapter 4.

Key Areas of Financial Statements Risk

1.19 The ANAO’s risk assessment process identifies key areas that have the potential to materially impact an entity’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items, the results of recent ANAO performance audits and an understanding of the entity’s environment and governance arrangements, including its financial reporting regime and system of internal control.

1.20 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. The ANAO also assesses the IT general and application controls for key systems that support the preparation of an entity’s financial statements.

Audit Findings

1.21 Audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Weaknesses in internal controls increase the possibility that a material misstatement of an entity’s financial statements will not be prevented or detected in a timely manner. The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The rating scale is presented in Table 1.2.

Table 1.2: Findings rating scale

Background

2.1 Government accountability and transparency is supported by the preparation and audit of the Australian Government’s Consolidated Financial Statements (CFS). The CFS and the associated financial analysis provide information to assist users in assessing the financial performance and position of the Australian Government. The CFS is prepared by the Department of Finance (Finance) and issued by the Minister for Finance.

2.2 The CFS presents the consolidated whole of government financial results which includes the results of all Australian Government controlled entities, as well as the General Government Sector (GGS) financial statements. The 2024–25 CFS is prepared in accordance with section 48 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and the requirements of the Australian Accounting Standards, particularly AASB 1049 Whole of Government and General Government Sector Financial Reporting (AASB 1049).

2.3 AASB 1049 requires, with limited exceptions, the principles and rules in the Australian Bureau of Statistics’ Government Finance Statistics (GFS) Manual to be applied in the preparation of the CFS where compliance with the GFS Manual does not conflict with Australian Accounting Standards.⁴

Key areas of financial statements risk

2.4 The ANAO’s 2024–25 audit approach identified five key areas of financial statements risk that had the potential to impact the Australian Government, and which were considered Key Audit Matters, as shown in Table 2.1.

Table 2.1: Key areas of financial statements risk

Note a: Figures presented in Table 2.1 may differ from the financial statements of individual entities because of eliminations and adjustments at the CFS level or where the entities identified contribute a majority to the balance of the financial statement line item.

Note b: These are the main government entities responsible for administration and reporting of Australian Government superannuation liabilities. Liabilities also include schemes managed by other entities, such as the Australian Postal Corporation.

Source: ANAO 2024–25 audit results, and the CFS for the year ended 30 June 2025.

Audit results and observations

2.5 The 2024–25 CFS was signed by the Minister for Finance on 23 November 2025 and the Auditor-General’s unmodified auditor’s report was issued on 25 November 2025.

2.6 Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph which draws attention to the accounting policies that describe the inherent uncertainty associated with a number of the assumptions used in the calculation of the Australian Government’s military compensation provisions and the sensitivity of the valuation of the provision to changes in these assumptions.

2.7 The military compensation provisions recognised by the Australian Government increased significantly from $92.3 billion in 2023–24 to $152.0 billion in 2024–25. There were a number of factors that contributed to this increase including new legislation, the Veterans Entitlements, Treatment, and Support (Simplification and Harmonisation) Act 2025 (the VETS Act), that was passed in February 2025.

2.8 There were no significant or moderate audit findings arising from the 2024–25 financial statements audit of the CFS.

Australian Government’s financial outcome

2.9 Figure 2.1 presents the Australian Government’s net operating balance from 1 July 2024 to 30 June 2025.

Figure 2.1: Changes in the Australian Government’s net operating balance from 1 July 2024 to 30 June 2025

Source: ANAO analysis of the 2024–25 CFS.

2.10 The net operating balance was a deficit of $41.2 billion (compared to a surplus of $10.1 billion in 2023–24). A key contributor to the deterioration in the net operating balance is supply of goods and services expense which has increased by $34.6 billion from $201.9 billion in 2023–24 to $236.5 billion in 2024–25.

2.11 The primary driver for the Australian Government’s increase in total expenses is an increase of $22.0 billion in veterans’ health care payments and provisions due mostly to changes in legislation under which payments are made, increased costs, and other economic factors such as interest rates, inflation and risk factors.

2.12 The other reason for the increase in total expenses is the National Disability Insurance Agency’s (NDIA) participant expenses which have increased by $4.5 billion to $46.4 billion as a result of increases in participant numbers and average payments which have increased to $65,800 per participant in 2024–25 ($64,400 in 2023–24).

2.13 For further details on other key movements refer to the 2024–25 CFS commentary published on the Department of Finance’s website.⁵

Figure 2.2: Changes in the Australian Government’s net worth from 1 July 2024 to 30 June 2025

Source: ANAO analysis of the 2023–24 CFS.

Figure 2.3: Australian Government’s total assets, total liabilities and net worth, from 2015–16 to 2024–25

Source: ANAO analysis of the 2015–16 to 2024–25 CFS.

2.14 During the period the Australian Government’s total assets increased by $83.8 billion from $989.6 billion to $1,073.4 billion while total liabilities increased by $142.5 billion from $1,563.3 billion to $1,705.8 billion. Overall, the Australian Government’s net worth position decreased further by $58.7 billion from a deficit of $573.7 billion to a deficit of $632.4 billion.

2.15 The deteriorating net worth position was mainly driven by increased provisions and payables owed by the Australian Government especially DVA’s military compensation provisions which have grown by $59.7 billion. A $23.4 billion portion of the increase is attributed to the VETS Act which expanded coverage, $21.5 billion for increased costs in meeting liabilities, $8.7 billion for net new exposure and $6.1 billion in other actuarial adjustments for interest rates, inflation and risk.

2.16 For further details on other key movements refer to the 2024–25 CFS commentary published on the Department of Finance’s website.⁶

Figure 2.4: Australian Government’s total revenue and total expenses, from 2015–16 to 2024–25

Source: ANAO analysis of the 2024–25 CFS

2.17 Government securities are primarily issued to meet the financing needs, and to fund the operations of the Australian Government during periods when total expenses exceed total revenue. During the period from 2015–16 to 2021–22, the Australian Government’s expenses have been greater than the revenue it received. This briefly reversed from 2022–23 to 2023–24, however, in 2024–25, total expenses exceeded total revenue. Figure 2.4 above illustrates the trend of Australian Government revenue and expenses over the period 2015–16 to 2024–25.

Figure 2.5: AOFM Government Securities Interest Paid from 2019–20 to 2024–25

Source: ANAO analysis of AOFM from 2019–20 to 2024–25.

2.18 The Australian Office of Financial Management (AOFM) is responsible for managing the Australian Government Securities, which totalled $887.0 billion (2023–24: $844.2 billion) for the GGS at 30 June 2025, comprised of Treasury Bonds, Treasury Indexed Bonds and Treasury Notes. The value of the Australian Government’s Securities is $679.5 billion (2023–24: $611.0 billion), which is lower due to the RBA holding a large portion of Australian Government Securities on issue.

2.19 Figure 2.5 demonstrates the interest paid by AOFM on Government Securities over the six-year period from 2019–20 to 2024–25. For 2024–25, new securities issued resulted in increased interest payments despite the weighted average market yield on Treasury Bonds (the major portion of Australian Government Securities) decreasing to 3.67 per cent (2023–24: 4.20 per cent).

Definitions used in this chapter

2.20 Table 2.2 below provides a glossary of the key fiscal aggregates and other terminology used in this chapter to explain the Australian Government’s net worth and financial performance.

Table 2.2: Definitions of terms used

Source: Australian Bureau of Statistics (2015). Australian System of Government Finance Statistics: Concepts, Sources and Methods; AASB 101 Preparation of Financial Statements, paragraph 5 and 7; AASB 1049 Whole of Government and General Government Sector Financial Reporting, Appendix A; and Reserve Bank of Australia (2017). Glossary RBA. [Internet], available from https://www.rba.gov.au/glossary/ [accessed 22 October 2025].

Summary of 2024–25 auditor’s reports

3.1 A financial statements audit is finalised when the auditor has formed an opinion on the financial statements, and that opinion has been expressed through a written report.

Auditor’s reports issued

3.2 A comparison of the number and type of auditor’s reports issued by the Auditor–General and their delegates in 2023–24 and 2024–25 (as at 30 November 2025), including the CFS is summarised at Table 3.1.

Table 3.1: Summary of auditor’s reports issued and outstanding as at 30 November 2025 and 9 December 2024

Source: 2023–24 and 2024–25 ANAO auditor’s reports.

Emphasis of Matter

3.3 Emphasis of matter paragraphs are included in an auditor’s report when the auditor considers it necessary to draw users’ attention to a matter presented or disclosed in the financial statements that is fundamental to users’ understanding.⁷

3.4 The auditor’s report for the following seven entities (2023–24: 13) included emphasis of matter paragraphs: Seafarers Safety, Rehabilitation and Compensation Authority; Australian Sports Foundation Charitable Fund; Darwin Hotel Partnership; Gagudju Lodge Cooinda Trust; IBA Retail Property Trust; Tennant Creek Land Holding Trust; and the Performance Bond Fund Trust. Further details on each entity are included in Chapter 4.

Modified Opinion

3.5 An auditor’s opinion is modified in the auditor’s report when the auditor concludes that the financial statements are not free from material misstatement, or the auditor is unable to obtain sufficient appropriate audit evidence to conclude that the financial statements as a whole are free from material misstatement.⁸

3.6 The auditor’s report for two entities (2023–24: 0 entities) contained a modification to the auditor’s opinion. These were the Royal Australian Mint, due to the ANAO being unable to obtain sufficient appropriate audit evidence regarding the carrying amount of the heritage and cultural assets because of inadequate accounting records, and the Department of the House of Representatives, due to the ANAO being unable to obtain sufficient appropriate audit evidence to determine whether the cash balance and appropriations note disclosures were free from material misstatement. Further details on each entity are included in Chapter 4.

Not yet issued

3.7 There were four entities for which the 2024–25 financial statements audit had not been finalised by the ANAO as at 30 November 2025. They were Anindilyakwa Land Council, Northern Territory Aboriginal Investment Corporation, Aboriginal Investment NT Trust, and the Australian Secret Intelligence Service. Further details are included in Chapter 4.

Timeliness of auditor’s reports

3.8 The ANAO’s 2025–26 Corporate Plan includes a performance measure ‘Percentage of mandated financial statements audit reports issued in time to meet entity annual reporting timeframes’, for which the target was set at 85 per cent within three months of the end of the financial year. This measure will report on the auditor’s reports issued in 2025–26, which predominantly relate to audits of 2024–25 financial statements.

3.9 Figure 3.1 shows that the finalisation of financial statements audits within three months of the reporting date has improved slightly from the prior year. Eighty-two per cent of auditor’s reports were issued within three months of the end of the reporting period compared to 79 per cent in the prior year. The primary reasons for the 85 per cent target not being met were: delays in the preparation of financial statements by some entities that resulted in delays in the audit process; unplanned staff absences in some audit teams; and changes to planned financial statements signing dates by audited entities.

3.10 The ANAO issued 96 per cent of 2024–25 auditor’s reports within two business days of the signing of the financial statements by the accountable authority (2023–24: 99 per cent).

Figure 3.1: Timeframes for auditor’s report signing from the end of financial year

Source: ANAO analysis.

Timeliness of annual reports

3.11 Annual reports inform the Parliament, the community and other stakeholders about the performance of entities. The publication of the annual report containing the audited financial statements is a key means to meet accountability and legislative obligations. For 2024–25, there were 189 entities required to present annual reports to the responsible minister under the PGPA Act.

3.12 Annual reports are approved by the entity’s accountable authority before being provided to the minister and tabled in Parliament. RMG 135 Annual reports for non-corporate Commonwealth entities⁹, and RMG 136 Annual reports for corporate Commonwealth entities¹⁰ state that annual reports are to be provided to the relevant minister by the 15th day of the fourth month after the end of the reporting period. RMG 137 Annual reports for Commonwealth companies¹¹ states that Commonwealth company directors must give the annual report to the responsible minister the earlier of 21 days before the next annual general meeting after the end of the reporting period for the company or four months after the end of the reporting period for the company.

3.13 Figure 3.2 shows the time in days between the issue of the auditor’s report to the:

• approval of the annual report by the accountable authority; and
• tabling of the annual report in Parliament.

Figure 3.2: Timeframe for tabling 2024–25 annual reports from issuance of auditor’s report

Source: ANAO analysis of entity annual reports

3.14 Figure 3.3 shows entities annual report tabling date in relation to the year ending 30 June 2025.

Figure 3.3: Entities annual report tabling date in relation to the year ending 30 June 2025

3.15 The analysis above shows that accountable authorities approved 36 per cent of annual reports within 10 days of the issue of the auditor’s report (2023–24: 54 per cent), with an overall average of 10 days (2023–24: 13 days). The average days between the accountable authority’s approval of the annual report and tabling in Parliament was 30 days (2023–24: 30 days).

3.16 Twenty per cent of annual reports were tabled within 30 calendar days from the issue of the auditor’s report (2023–24: 28 per cent). The tabling of annual reports in Parliament occurred on average 41 days after the auditor’s report was issued (2023–24: 43 days).

3.17 Annual reports should be tabled in Parliament to allow sufficient time for review before Senate supplementary budget estimates hearings. The RMGs on annual reports indicate that normally annual reports are tabled on or before 31 October and it is expected annual reports are tabled prior to the supplementary budget estimates hearings. ¹²

3.18 In 2024–25, supplementary budget estimates hearings were held from 7 to 10 October 2025, ahead of the 31 October deadline to table in Parliament. Additional supplementary budget estimates hearings were held from 1 to 4 December 2025. In 2023–24, supplementary budget estimates hearings were held from 4 to 8 November 2024.

3.19 Figure 3.4 shows that 2024–25 annual reports were tabled by 5 per cent of entities greater than one week before the October supplementary budget estimates hearing dates for their portfolio.

Figure 3.4: Entities annual report tabling date in relation to the October 2025 supplementary budget estimates

Note: This graph does not add to 100 per cent as a result of entities that had not tabled an annual report as at 30 November 2025.

Source: ANAO analysis of entity tabled annual reports.

3.20 Figure 3.5 shows that 2024–25 annual reports were tabled by 88 per cent of entities greater than one week before the December supplementary budget estimates hearing dates for their portfolio.

Figure 3.5: Entities annual report tabling date in relation to the December 2025 supplementary budget estimates

Note: This graph does not add to 100 per cent as a result of entities that had not tabled an annual report as at 30 November 2025.

3.21 In 2023–24, supplementary budget estimates were held from 4 to 8 November, after the 31 October deadline to table annual reports in Parliament. In that year, 57 per cent of entities tabled an annual report with greater than one week before the hearings, and 93 per cent of entities had tabled annual reports before the entity’s portfolio hearing date.

3.22 In 2024–25, supplementary budget estimates hearings were held from 7 to 10 October 2025, ahead of the 31 October deadline to table in Parliament. For those hearings, 5 per cent of entities tabled an annual report with greater than one week before the hearings, and 16 per cent of entities had tabled annual reports before the entity’s portfolio hearing date.

3.23 Additional supplementary budget estimates hearings were held from 1 to 4 December 2025. For those hearings, 88 per cent of entities tabled an annual report with greater than one week before the hearings, and 91 per cent of entities had tabled annual reports before the entity’s portfolio hearing date.

3.24 There are 20 entities (11 per cent) that are required to table an annual report which had not done so as at 30 November 2025 – the date of this report (2023–24: 4 per cent at 9 December 2025).

Audit findings

3.25 Audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Often these risks arise from deficiencies within an entity’s internal control processes or frameworks.

3.26 Where the ANAO identifies one or more control deficiencies, the ANAO assesses whether, individually or in combination, the deficiencies constitute a significant deficiency and reports these to accountable authorities as audit findings. The ANAO applies professional judgement in determining whether a deficiency represents a significant control deficiency. The ANAO’s rating scale is presented in Table 1.2, in the Introduction to this report.

3.27 At the conclusion of the 2024–25 audits, the ANAO has identified the following.

Trends in audit findings

3.28 Figures 3.6 and 3.7 show a summary of all significant, moderate, minor and legislative findings identified by the ANAO for the period 2021–22 to 2024–25. For 2021–22, this included 248 entities, 244 entities in 2022–23, 244 entities in 2023–24, and 243 entities in 2024–25.

3.29 Unresolved audit findings are those findings that have been identified by the ANAO and are not yet addressed by the entity. When reporting an audit finding to an entity the ANAO details the implications, risk and recommendations to the entity for resolution. Each audit finding reported is classified by the level of risk that may be posed to the entity, or the entity’s financial statements, if unaddressed. As a result, entities should take action to address unresolved audit findings, and the particular weakness in internal control identified, in a timely manner which is commensurate with the level of risk identified.

Figure 3.6: Audit findings 2021–22 to 2024–25

Figure 3.7: Legislative non-compliance 2021–22 to 2024–25

Significant audit findings

3.30 Significant audit findings indicate issues that pose a significant business or financial management risk to the entity or are instances of significant non-compliance with legislation. This includes issues that could result in a material misstatement of the entity’s financial statements.

3.31 There were three significant audit findings, and seven significant legislative non-compliance at the conclusion of the 2024–25 audits (see Tables 3.2 and 3.3). Details of these significant audit findings are included in Chapter 4.

Table 3.2: Significant audit findings at the conclusion of the 2024–25 audits

Source: ANAO data

Table 3.3: Significant non-compliance with legislation at the conclusion of the 2024–25 audits

Source: ANAO data

Unresolved findings

3.32 Unresolved audit findings are those findings that have been identified by the ANAO and are not yet addressed by the entity. When reporting an audit finding to an entity the ANAO details the implications, risk and recommendations to the entity for resolution.

3.33 Each audit finding reported is classified by the level of risk that may be posed to the entity, or the entity’s financial statements, if unaddressed. As a result, entities should take action to address unresolved audit findings in a timely manner which is commensurate with the level of risk identified.

3.34 Fifty per cent of audit findings (89 findings) reported at the conclusion of the 2024–25 audits were findings unresolved from prior audits.

3.35 Figure 3.8 provides an analysis of the period in which the 89 unresolved audit findings were first identified by ANAO. Of the unresolved findings three per cent were first identified in 2020–21, ten per cent in 2021–22, 26 per cent in 2022–23, and 61 per cent in 2023–24.

Figure 3.8: Number of audit findings by period first identified by the ANAO

Source: ANAO data

Audit findings partially resolved, or the risk rating reduced

3.36 The ANAO may reassess the associated risk rating attributed to an audit finding when significant progress has been made to address the risks identified, and the reassessed risk rating better represents the overall risk to an entity.

3.37 During 2024–25, the ANAO reassessed 10 significant or moderate audit findings by reducing the associated risk rating (see Table 3.4). Further details on actions taken by entities to reduce the risk rating is included in Chapter 4.

Table 3.4: Significant and moderate findings partially resolved, or the rating reduced

Resolved audit findings

3.38 The ANAO considers audit findings to be resolved when entities have implemented the agreed recommendations, and satisfactorily addressed the risks identified. During 2024–25, 150 audit findings were either fully resolved, or the risk rating was reduced.

3.39 The below case study sets out the Department of Defence’s approach to addressing a significant audit finding.

3.40 Figure 3.9 shows that 45% of all audit findings at the conclusion of 2024–25 audits related to the IT control environment. Legislative non-compliance accounted for 12% of audit findings, and 10% related to compliance and quality assurance frameworks.

Figure 3.9: Percentage of audit findings by category at the conclusion of 2024–25 audits

Information Technology control environment

3.41 The information technology (IT) control environment refers to the policies, procedures and controls that maintain the integrity of information and security of data in an entity and includes automated controls that may be relied upon in the financial statements audit. In 2024–25 findings related to the IT control environment represented the largest proportion of audit findings, a trend consistent with previous years, with 45 per cent of total findings relating to IT controls. Figure 3.10 shows the total number of IT control environment findings open at year-end for the years 2021–22 to 2024–25.

Figure 3.10: IT control environment findings open at year-end 2021–22 to 2024–25

Source: ANAO data

Developments in IT control findings since 2023–24

3.42 All three of the significant IT control environment findings that were open at the commencement of the 2024–25 audit cycle were reassessed at the 2024–25 interim audit phase to either moderate or minor findings. These include:

1. a significant IT security finding at the Department of Defence, reassessed at interim as a result of actions including the reconciliation of data on terminated staff, internal audit activity and the implementation of new user access controls;
2. a significant IT control finding at Services Australia being reassessed following implementation of multiple initiatives, including updates to policies, testing to confirm adherence to policies, staff training, updates to disaster recovery plans and changes to governance committees; and
3. the ATO’s significant finding regarding change management being reassessed to two moderate findings, following a strengthening of relevant controls and partial implementation of automated deployment tools.

3.43 The net decrease in overall open findings from the prior year demonstrates that more findings were closed than opened during the cycle. Twenty-seven new IT control environment findings were raised in the 2024–25 audit cycle, representing 34 per cent of the total 80 open IT control environment findings. Figure 3.11 shows the age distribution of currently open IT control environment findings and their categorisation.

Figure 3.11: Current open findings by year raised and category

Source: ANAO data

3.44 The four oldest open IT control environment findings relate to IT security and were first reported in 2020–21. These findings are:

1. Services Australia – the monitoring of super users’ activity for Medicare, Child Support, and Health related systems (moderate audit finding);
2. Services Australia – the monitoring of super users’ activity for Centrelink related systems (moderate audit finding);
3. Department of Veterans’ Affairs – the management of security risks relating to upgrades to the claims processing ICT system, Process Direct (moderate audit finding); and
4. National Disability Insurance Agency – the timeliness of terminating user access for former staff (moderate audit finding).

Key themes and issues

3.45 Figure 3.12 provides an overview of the categorisation of open IT control environment findings by theme. The majority (64 per cent) of IT control environment findings related to IT security in 2024–25.

Figure 3.12: Categorisation of 2024–25 IT control environment findings by theme as at year-end 2024–25

Source: ANAO data

3.46 Four findings related to Information Processing Controls, which help ensure that IT systems process data completely and accurately. The significant themes identified over the course of 2024–25 audits, and consistent with prior years, include:

1. deficiencies in IT security, including issues such as insufficient monitoring of the activity of privileged users and removal of access from terminated staff;
2. deficiencies in change management processes, particularly over segregation of duties between development activities and release management;
3. issues relating to IT governance, which concerns the processes by which entities ensure their IT operations are aligned with business objectives; and
4. deficiencies in computer operations, primarily relating to business continuity planning and testing, and the timeliness of resolving errors in scheduled processes.

3.47 These themes are discussed in further detail below. Details of specific entity findings are discussed further in Chapter 4.

IT security

3.48 Weaknesses in IT security controls have the potential to compromise an entity’s ability to maintain business operations, maintain the integrity and confidentiality of sensitive data, and reduce the confidence that data used for financial reporting is accurate. At the conclusion of 2024–25 financial statements audits, a total of 51 IT security findings (15 moderate, 36 minor) were open. Table 3.5 shows those entities with open moderate findings related to IT security at the conclusion of 2024–25 audits.

Table 3.5: Moderate IT security findings by entity as at year-end 2024–25

Source: ANAO data

3.49 The ANAO observed that 49 of the 51 IT security findings related to management and monitoring of user access. User access management includes processes to authenticate, authorise and deauthorise access to IT systems to prevent inappropriate access, and ensure accountability of key operations. Additionally, access monitoring controls ensure that use of system access, and privileged access, is logged and reviewed. Issues with these controls threaten the reliability of data residing in significant IT systems that support key business processes.

3.50 IT security management continues to remain the most common area of weakness in the IT control environment, with 64 per cent of total IT control environment findings, and 75 per cent of the moderate IT control environment findings relating to this area. Focus is required by entities to ensure that the risks of unauthorised system access are being appropriately managed.

IT Governance

3.51 IT governance concerns the processes by which entities ensure their IT operations are aligned with business objectives. At the completion of 2024–25 audits, eight open findings (three moderate, five minor) related to IT governance. Those entities receiving moderate findings are shown in Table 3.6 below.

Table 3.6: Moderate IT governance findings by entity as at year-end 2024–25

Source: ANAO data

3.52 IT governance findings observed in 2024–25 related to:

1. overarching issues with entities IT general controls and/or policies; and
2. processes by which entities assured themselves of the effectiveness of the controls of third-party IT services on which they rely (such as cloud environments), with risks that entities were not adequately reviewing advisories from those third parties of control deficiencies that may have impacted business operations.

3.53 As entities incorporate increasingly advanced emerging technologies into their operations and leverage a variety of delivery models to optimise costs, the importance of effective governance and oversight arrangements becomes increasingly critical in ensuring the integrity of IT operations.

Change Management

3.54 Change management involves the appropriate authorisation, testing, review and maintenance of changes to key components of an IT system. Effective change management controls support the integrity of key business processes, while the absence of an effective change management framework may limit the ability to senior management to assure themselves that systems are operating as intended.

3.55 At the conclusion of the 2024–25 audits, there were eight unresolved audit findings relating to change management (two moderate, six minor). Table 3.7 shows those entities with open moderate change management findings at the conclusion of 2024–25 audits:

Table 3.7: Moderate IT change management findings by entity as at year-end 2024–25

Source: ANAO data

3.56 Across change management findings in the 2024–25 audits, the ANAO observed issues in the following areas:

1. ineffective segregation of duties between developers and staff migrating changes to production environments, increasing the risk that inappropriate or inaccurate changes may be deployed without sufficient levels of testing or authorisation; and
2. insufficient testing of programs that generate financial or management reports, increasing the risk that management decisions are made based on incomplete or inaccurate data.

Computer Operations

3.57 Computer operations involve the delivery of IT services to achieve business objectives. This includes the scheduling of IT processes to automate tasks requiring limited human involvement, and processes to ensure business continuity in the event of a critical incident that compromises an IT system. At the conclusion of the 2024–25 audits, there were nine unresolved audit findings relating to computer operations.

3.58 All nine findings were assessed as having a minor impact to financial statements assurance but have the potential for broader business impact. Seven related to the ability of entities to assure themselves that they are able to recover from a disaster, such as a significant IT outage or loss of critical data. A further two findings related to batch processing, and controls around scheduled tasks that process large volumes of financial transactions. Due to the significant volume of financial transactions typically processed through batch jobs, weaknesses in these controls have the potential to result in significant financial consequences.

Lessons for entities

3.59 Accountable authorities should seek their own assurance that IT control environments are effectively mitigating key business risks. Entities with more effective regimes regularly monitor and evaluate the effectiveness of key IT controls to ensure continued effectiveness in changing environments. A systematic approach to assessing the design, implementation and operating effectiveness of controls is key to ensuring successful IT risk management.

3.60 These matters extend beyond technical IT concerns; they pose significant business risks to the security and the integrity of information systems. Addressing these fundamentals is essential in an environment where entities increasingly rely on technology, including artificial intelligence (AI).

Legislative non-compliance

3.61 Significant legislative breaches include instances of significant potential or actual breaches of the Constitution; and instances of significant non-compliance with the entity’s enabling legislation, legislation that the entity is responsible for administering, and the PGPA Act. Figure 3.13 below illustrates legislative breaches identified by the ANAO between 2021–22 to 2024–25.

Figure 3.13: Legislative breaches 2021–22 to 2024–25

Source: ANAO data.

3.62 There were seven instances of significant legislative non-compliance reported during 2024–25. Two of the breaches were identified during 2024–25 and five were identified in prior years. The significant legislative breaches relate to the following entities:

• Australian Centre for International Agricultural Research: Potential breaches of section 83 the Constitution¹³;
• Australian Pesticides and Veterinary Medicines Authority: Legislative non-compliance relating to the administration of levies under the Agricultural and Veterinary Products (Collection of Levy) Act 1994;
• Department of Health, Disability and Ageing: Legislative non-compliance and governance risks in program payments;
• Department of the House of Representatives: Significant potential non-compliance with the Constitution and PGPA Act;
• Northern Land Council: Royalty Trust Account: The ANAO identified contracts where the distribution of royalty monies to traditional owners was not made within six months, as required under subsections 35(3) and 35(4) of the Aboriginal Land Rights (Northern Territory) Act 1976 ;
• Services Australia: Significant legislative matters in Services Australia’s program delivery; and
• Tiwi Land Council: Non-compliance with the Aboriginal Land Rights (Northern Territory) Act 1976.

3.63 The 14 other breaches primarily related to:

• non-compliance with determinations made by the Remuneration Tribunal for remuneration of key management personnel (incorrect payments); and
• other instances of non-compliance with sub-ordinate legislation

Key management personnel remuneration

3.64 The appropriateness of governance of key management personnel remuneration (KMP) has been a continued focus for the ANAO in 2024–25. Over the period 2021–22 to 2024–25 the ANAO has continued to identify legislative breaches relating to KMP remuneration.

3.65 The Australian Accounting Standards require entities to disclose key management personnel compensation in total¹⁴, regardless of amount or materiality. ANAO policy considers key management personnel disclosures material by nature due to the role that these personnel play in organisations and that these personnel set the ‘tone at the top’ of organisations.

3.66 Seven instances of legislative non-compliance related to incorrect payments of remuneration to key management personnel and/or non-compliance with Determinations made by the Remuneration Tribunal, they include:

1. Australian Renewable Energy Agency – total remuneration paid to the CEO was more than amounts specified under the Remuneration Tribunal Determinations.
2. Australian Sports Commission – total remuneration paid to Board members was more than amounts specified under the Remuneration Tribunal Determinations.
3. Australian Fisheries Management Authority – total remuneration paid to key management personnel was more than amounts specified under the Remuneration Tribunal Determinations.
4. Indigenous Business Australia – total remuneration paid to Board members was more than amounts specified under the Remuneration Tribunal Determinations.
5. WSA Co Limited – an underpayment of Audit and Risk Committee member fees to one Director, and an overpayment to another Director.
6. Australian Film, Television and Radio School – total remuneration paid to key management personnel was more than amounts specified under the Remuneration Tribunal Determinations.
7. Australian Institute of Family Studies – total remuneration paid to key management personnel was more than amounts specified under the Remuneration Tribunal Determinations.

Compliance with Section 83 of the Australian Constitution

3.67 Section 83 of the Australian Constitution (section 83) provides that no money shall be drawn from the Treasury of the Commonwealth except under appropriation made by law.

3.68 The Australian Government’s financial reporting framework requires entities to disclose in their financial statements whether a breach of section 83 has occurred or may have occurred during the reporting period.¹⁵ Australian Government entities monitor their compliance with section 83 and are expected to obtain legal advice to determine the likelihood of a breach, and requirement for disclosure in their financial statements.

3.69 During 2024–25, 11 entities (2023–24: 10 entities) reported breaches of section 83 in their financial statements. These entities were the Australian Communications and Media Authority, the Australian Taxation Office, the Department of Agriculture, Fisheries and Forestry, the Department of Climate Change, Energy, the Environment and Water, the Department of Foreign Affairs and Trade, the Department of Social Services, the Department of Veterans’ Affairs, the Department of Education, the Department of Health, Disability and Ageing, Services Australia, and Department of the Treasury.

3.70 Section 83 breaches are characterised as either potential or actual breaches. The ANAO applies judgement to determine whether breaches of section 83 are reported to an entity as a significant legislative breach. Considerations include the nature of the breach, whether the control deficiencies that resulted in the breach have been appropriately addressed by the entity, are in the process of being addressed, and whether the breaches have been appropriately disclosed in the entity’s financial statements.

3.71 Case studies 2 and 3 highlight examples of section 83 breaches in 2024–25. Further information on the breaches across each of the 11 entities are included in each entity’s 2024–25 financial statements.

Quality and timeliness of financial statements preparation

3.72 The primary purpose of financial statements is to provide relevant and reliable information to users about a reporting entity’s financial position. Financial statements preparation is often a complex task, involving compliance with several requirements established by Australian Accounting Standards and the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015.

3.73 To provide relevant and reliable financial information to the users, entities should prepare quality financial statements in a timely manner to support entities to meet legislative reporting obligations including the tabling of annual reports. The preparation of quality financial statements will be demonstrated by adherence to a well-defined financial statements preparation timetable with minimal adjustments required to financial statements throughout the audit process.

3.74 In concluding an audit, the ANAO reports on the quality of financial statements preparation to entities. The following measures are considered by the ANAO when assessing the quality of the financial statements preparation process:

• number and quantum of adjusted and unadjusted audit differences; and
• timeliness of financial statements preparation.

3.75 At the completion of the 2024–25 financial statements audits, the ANAO reported one moderate audit finding and six minor audit findings relating to processes supporting financial statements preparation (2023–24: two moderate and 13 minor findings).

Financial statements preparation

3.76 The ANAO assessed the timeliness of financial statements preparation. Timeliness in preparation was assessed by comparing the date of delivery of the financial statements to previously agreed timeframes. The timeframe was established by entities and agreed with audit teams for the delivery of financial statements.

3.77 Timeliness in financial statements preparation in 2024–25 overall improved compared to 2023–24, with delivery of financial statements:

• in line with the agreed timeframes achieved by 74 per cent of entities (2023–24: 71 per cent);
• a further eight per cent of entities delivered financial statements within two working days of the agreed timeframe (2023–24: 10 per cent); and
• nineteen per cent of entities delivered financial statements after two working days of the agreed timeframe (2023–24: 19 per cent).

Audit differences

3.78 The quality of financial statements preparation is also assessed by considering the number and value of audit differences identified. Throughout the financial statements audit process, audit differences other than those considered trivial are communicated to entities. Entities are encouraged to adjust all audit differences. The total number of individual audit differences identified in 2024–25 decreased compared with 2023–24. A total of 186 individual audit differences were identified in 2024–25 (2023–24: 209) which impacted the revenue, expenses, assets and equity balances reported. The ANAO also identified 236 audit adjustments associated with the presentation and disclosure of financial statements.

3.79 A key indicator of the quality of entity financial statements is whether audit differences identified are adjusted by entities. Of the 186 audit differences identified by the ANAO during 2024–25, 53 or 28 per cent remained unadjusted by entities (2023–24: 80 or 38 per cent). Of these unadjusted differences, 25 related to material entities (2023–24: 40).¹⁶

3.80 Table 3.8 shows that the net value impact of unadjusted audit differences compared to the prior year has decreased for revenue, expense and liabilities. There has been an increase net value impact compared to 2023–24 for assets.

Table 3.8: Total value of unadjusted audit differences ($ million)

Source: ANAO analysis of entity 2024–25 and 2023–24 closing reports.

3.81 The ANAO also considers the impact of the unadjusted audit differences on the CFS. Of the unadjusted differences identified in the 2024–25 financial statements audits, a total of three adjustments were reported to the preparer of the CFS, the Department of Finance (Finance) and was subsequently adjusted in the CFS.

3.82 The total value of adjusted audit differences has increased compared to 2023–24 for expenses, assets and equity. There was a decrease in adjusted audit differences relating to revenue and liabilities. Table 3.9 shows the net value impact of adjusted audit differences compared to 2023–24.

Table 3.9: Total value of adjusted audit differences ($ million)

Source: ANAO analysis of entity 2024–25 and 2023–24 closing reports.

Financial sustainability and management

3.83 Section 15 of the PGPA Act requires that the accountable authority of an entity must govern the entity in a way that promotes: the proper use and management of public resources; the achievement of the purposes of the entity; and the financial sustainability of an entity.

3.84 Financial sustainability measures the ability of an entity to manage its financial resources so it can meet present and future spending commitments. This can provide an indication of financial management issues or point to an increased risk that an entity’s resourcing or functions are not sustainable.

3.85 The Department of Finance has established a portal for centrally capturing publicly available corporate information for all Commonwealth entities (transparency.gov.au). The portal includes tools that enable users to obtain and compare financial results across all entities through the application of the following financial ratios:

• total liabilities to total assets ratio, which indicates the level of ownership of the entity’s assets but can also be used to gain an understanding of the net equity of the entity;
• financial assets to total liabilities ratio, which indicates the extent to which an entity’s liabilities can be covered by its financial assets;
• current ratio, which indicates whether an entity’s current assets are greater than its current liabilities and whether the entity is likely to be able to pay its short-term liabilities as they fall due; and
• capital turnover ratio, which indicates whether an entity is replacing its assets at a sustainable rate.

3.86 The portal also provides general information about what each of these ratios measures and improvements or deterioration in the ratios indicate.¹⁸ However, guidance to assist users of financial statements in assessing whether the ratios indicate strong or weak financial performance in the context of the government sector has not been developed. There would be benefit in the Australian Government developing performance targets or benchmarks. This would enable an entity to assess its own financial sustainability against agreed parameters over time, and against like entities.

3.87 The analysis in this report is based on reported operating results (surpluses or deficits) of entities after adjusting for unfunded expenses, where relevant, highlighting the full cost of operations.¹⁹ The ANAO’s analysis of the operating results of all entities identified that:

• 46 per cent of not-for-profit entities reported a deficit in 2024–25; and
• 33 per cent of for-profit entities reported a deficit in 2024–25.

3.88 The Budget Process Operational Rules Rule 10 describes the process under which entities are required to follow to budget for any operating loss.²⁰ Entities cannot budget for an operating loss without approval from the Minister for Finance, except for the following circumstances:

• a technical loss (accounting or timing issues);
• a charging entity with a loss less than $10.0 million;
• entities within the Agriculture, Fisheries and Forestry portfolio which are funded by levy revenue.

3.89 Fifty-five entities for which Rule 10 applies incurred operating losses in 2024–25. Of these entities, five had not received approval for their operating loss from the Minister for Finance.

Financial sustainability of material entities

3.90 In the absence of guidance specific to the government sector, the ANAO has developed parameters based on generally accepted concepts of financial sustainability and applied these to the operating results and balance sheets of material entities. These parameters are described in Table 3.10 and Table 3.11 and below.

Operating results analysis

3.91 A key measure of an entity’s financial management is its operating result for the year. Although the operating result is not the sole measure of performance of a public sector entity, a history of large deficits or surpluses in a not-for-profit Commonwealth entity could suggest the need for additional funding or policy reform, elimination of non-value adding costs, and/or improved financial management.

3.92 Similarly in the case of for-profit entities and those with quasi-commercial operations, there is an expectation that financial management focuses on meeting expected returns.²¹ As a result, any entity in this category averaging a large deficit should be considered more closely.

3.93 The ANAO analysed the operating results of all material entities over a five-year period from 2020–21 to 2024–25. Of the 65 material entities, 50 were not-for-profit and 15 were corporate or Commonwealth companies, or not-for-profit entities which have quasi-commercial operations or departmental functions operating on a for-profit basis.

3.94 For the purposes of this analysis, material entities are grouped into three operating result categories as part of this analysis, outlined in Table 3.10 below.

Table 3.10: ANAO parameters for operating result category

Source: ANAO analysis.

3.95 Figure 3.14 illustrates the summary of average operating results for not-for-profit and for profit/quasi-commercial entities and whether they had large or small average deficits or surpluses over the five-year period from 2020–21 to 2024–25.

Figure 3.14: Average operating results analysis

Source: ANAO analysis of material entities’ average operating results.

3.96 The level of large deficits for not-for-profit material entities over a five-year period has remained relatively stable from 2020–21 to 2024–25, however, there has been a decrease in large surpluses. Figure 3.15 illustrates the percentage of not-for-profit material entities with a large average deficit or small average surplus over a five-year period for the period 2020–21 to 2024–25.

Figure 3.15: Average operating results for not-for-profit entities for the period 2020–21 to 2024–25

Source: ANAO analysis of material not-for-profit entities’ average operating result for the period 2020–21 to 2024–25

3.97 The level of large deficits for for-profit and quasi commercial material entities over a five-year period has remained stable from 2020–21 to 2024–25, and there has been a slight increase in large surpluses. Figure 3.16 illustrates the percentage of for-profit and quasi commercial material entities with a large average deficit or small average surplus over a five-year period for the period 2020–21 to 2024–25.

Figure 3.16: Average operating results for for-profit and quasi commercial entities for the period 2020–21 to 2024–25

Source: ANAO analysis of material for-profit and quasi commercial entities’ average operating result for the period 2020–21 to 2024–25.

Balance sheet analysis

3.98 Consistent with the duties established in the PGPA Act entities are expected to actively manage their underlying financial position, maintaining asset levels to support their operations and ensuring that sufficient funds will be available to meet liabilities as they fall due.

3.99 The ANAO analysed the balance sheet positions of material Australian Government entities as at 30 June 2025. While it is necessary to have regard to the public sector context, the following two measures are generally accepted indicators of the soundness of entities’ balance sheets and are consistent with the ratios published by Finance:

• Liquidity: the extent to which an entity’s liabilities are covered by cash or other financial assets. Where liabilities significantly exceed its financial assets, an entity may need a future injection of cash from government to meet those liabilities; and
• Gearing: the extent to which an entity’s total assets are funded by debt rather than equity. An entity with high gearing may be running down its asset base that could indicate the need for a future capital injection from government.

3.100 Based on the measures developed by Finance, the ANAO has reviewed an entity’s ability to manage its underlying financial position. As no guidance to assist users in assessing whether the ratios indicate strong or weak financial performance in the context of the government sector has been issued, the ANAO has determined these parameters, outlined in Table 3.11 below.

Table 3.11: ANAO parameters for balance sheet categories

Source: ANAO analysis.

3.101 Figure 3.17 illustrates the strength of material entity balance sheets over the period 2020–21 to 2024–25.

Figure 3.17: Balance sheet analysis 2020–21 to 2024–25

Source: ANAO analysis of material entities’ balance sheets.

3.102 Sixty per cent of material entities had strong balance sheets in 2024–25 (compared to 66 per cent in 2023–24), while 28 per cent had less strong balance sheets (compared to 29 per cent in 2023–24). The improvement in balance sheet strength is mainly driven by improved liquidity ratios stemming from increased financial asset values against decreasing liabilities balances.

3.103 Seven per cent of material entities had weak balance sheets in 2024–25 (compared to 8 per cent in 2023–24). The entities with weak balance sheets are predominantly those whose operations are dependent on government policy and continued funding by the Parliament. On this basis, and provided that appropriate attention is given to liquidity issues in the future, these entities are not at high risk of experiencing liquidity problems.

3.104 During 2024–25 Airservices Australia moved to the weak balance sheet category, mostly due to increased borrowings at 30 June 2025 contributing to a higher gearing ratio.

3.105 Entities which remained in the weak balance sheet category in 2024–25 are detailed below:

• the Australian Bureau of Statistics, consistent with the prior year, the weak balance sheet is attributable to a low liquidity ratio, as a result of lower appropriations and funding available to meet liabilities;
• Voyages Indigenous Tourism Australia Pty Ltd.’s balance sheet continues to be impacted by debt facilities. The entity holds borrowings to finance operations and construction and development of new assets.
• the Department of Social Services (DSS) – consistent with prior years, DSS’s weak balance sheet is attributable to the significance of lease liabilities recorded which impacted DSS’s liquidity ratio. DSS subsequently meet these payments through annual appropriations passed by the Parliament; and
• NBN Co Limited’s balance sheet continues to be impacted by debt facilities, including loans and bonds, incurred during the construction and operation of the national broadband network.

Estimated future commitments

3.106 Effective financial management provides entities the ability to meet present and future spending commitments. In some cases, the inherent uncertainty of future events requires entities to estimate either the timing, or the amount of future expenditure required to settle a present obligation.

3.107 The Australian Accounting Standards require entities to recognise this uncertainty on their balance sheets by recognising a provision. AASB 137 Provisions, Contingent Liabilities and Contingent Assets defines a provision as a liability of uncertain timing or amount.²²

3.108 At 30 June 2025, 171 Australian Government entities reported provision balances that were material to their financial statements. Table 3.12 shows that most of those were employee-related provisions or remediation provisions. Other significant provision balances included the Department of Veterans’ Affairs military compensation provision, the Department of the Treasury’s provision for Disaster Recovery Funding Arrangements, the Australian Taxation Office’s provision for subsidies, and the Department of Social Services’ provision for personal benefits.

3.109 The Future Fund Management Agency supports the Future Fund Board of Guardians in investing the assets of seven special purpose public funds. Each fund managed has an investment mandate determined under legislation and is used to strengthen the Australian Government’s balance sheet and to provide for future payments, where required, under its mandate. Refer to paragraphs 4.7.32 to 4.7.37 for further information on the Future Fund.

Table 3.12: Australian Government provisions balances at 30 June 2025

3.110 As described in Chapter 2, the Australian Government’s deteriorating net worth position is largely driven by an increase in provisions and payables at 30 June 2025.

3.111 Between the period 2021–22 to 2024–25, there has been a net increase of $116,088.6 million in provisions attributable to the Australian Government. During that time, the increase is driven mostly by increases in DVA’s military compensation provision ($109,965.8 million), and Treasury’s disaster recovery provision ($10,987.2 million), shown in Figure 3.18.

Figure 3.18: Movement in provisions between 2021–22 and 2024–25 relating to DVA and Treasury

Fraud and Corruption Control Arrangements

Fraud and Corruption Framework

3.112 The Commonwealth Fraud and Corruption Control Framework 2024²³ (the 2024 Framework) administered by the Attorney-General’s Department sets out the Australian Government’s fraud and corruption control requirements.

3.113 The 2024 Framework supersedes and expands on the Commonwealth Fraud Control Framework 2017 (2017 Framework)²⁴, capturing amendments to the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule). The amendments include corruption and strengthening requirements for Commonwealth entities to prevent, detect and deal with fraud and corruption.²⁵

Three Tiers of the Framework

3.114 Section 10 of the PGPA Act establishes the Fraud and Corruption Rule (the Rule). It is a legislative instrument that sets out the key requirements of fraud and corruption control and binds all Commonwealth entities.

3.115 The Fraud and Corruption Policy (the Policy) is an Australian Government policy that binds non-corporate Commonwealth entities, setting out procedural requirements for specific areas of fraud and corruption control such as investigations and reporting.

3.116 Fraud and Corruption guidance developed by the Department of Finance. Resource Management Guide 201 – Preventing, detecting and dealing with fraud and corruption is a better practice document that provides all Commonwealth entities with detailed guidance to implement the requirements of the Rule and the Policy.

Fraud and Corruption Framework Requirements

3.117 During 2024–25, the ANAO observed that for non-corporate and corporate Commonwealth entities, all had implemented a Fraud and Corruption Control Plan.

3.118 The ANAO also noted that as a best practice approach, 20 per cent of all Commonwealth companies had adopted the requirements of the Fraud and Corruption Rule, despite not being bound by the Rule.

Fraud and Corruption Risk Assessments

3.119 Fraud and corruption risk assessments assists entities to identify, understand and document their exposure to fraud and corruption, associated risks and existing control arrangements. This enables entities to implement fit-for-purpose mitigation strategies.

3.120 The Accountable Authority’s responsibilities regarding the establishment of an appropriate risk oversight and management in an entity are set out in Section 16 of the PGPA Act. An understanding of an entity’s process to identify and manage risk is essential to an effective and efficient financial statements audit. The ANAO reviews this process to understand how entities identify, manage and respond to fraud and corruption risks impacting financial statements.

3.121 During 2024–25, the ANAO observed that of the non-corporate and corporate Commonwealth entities, 92 per cent had performed a fraud and corruption risk assessment within the last two years per the requirement.

3.122 Of the entities that were not compliant, seven per cent of the entities last performed risk assessments in 2020–21 and 2021–22; and one entity, Royal Australian Navy Central Canteens Board had not performed a risk assessment.

Fraud and Corruption Control Effectiveness

3.123 Periodically reviewing the effectiveness of controls helps entities ensure their most important controls are working to mitigate the entity’s identified fraud and corruption risks. Resource Management Guide 211 Implementing the Commonwealth Risk Management Policy²⁶ provides advice on the regularity of control testing, which could depend on the following factors:

• the critical nature of the control;
• the risk appetite and tolerance of an entity; and
• recent changes to the internal or external operating environment of an entity.

3.124 Control effectiveness assessments assist the ANAO to understand the robustness of the internal control environment and how the entity is prepared to mitigate fraud risks that arise and may have a material impact to an entity’s financial statements.

3.125 During 2024–25, the ANAO observed that 97 per cent of non-corporate and corporate Commonwealth entities had established processes to periodically review the effectiveness of their fraud and corruption controls. Of these entities, 82 per cent had conducted a review of control effectiveness in the last two years. Entities that were yet to establish a process of periodically reviewing fraud and corruption control were Aged Care Quality and Safety Commission, National Anti-Corruption Commission, and Torres Strait Regional Authority.

4.1 Agriculture, Fisheries and Forestry portfolio

Portfolio overview

4.1.1 The Agriculture, Fisheries and Forestry portfolio is responsible for advising the government and implementing programs on rural adjustment and drought issues, plant and animal biosecurity and Australia’s agricultural, fisheries, food and forestry industries.

4.1.2 Table 4.1.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.1.1: Agriculture, Fisheries and Forestry portfolio material and other entities discussed in this chapter

Audit findings

4.1.3 Table 4.1.2 presents a summary of the total number of unresolved findings by entities in the Agriculture, Fisheries and Forestry portfolio at the conclusion of the 2024–25 final audits.

Table 4.1.2: Unresolved audit findings by entity in the Agriculture, Fisheries and Forestry portfolio

Source: ANAO 2024–25 audit results.

4.1.4 Table 4.1.3 presents a summary of the total number of legislative breaches by entities in the Agriculture, Fisheries and Forestry portfolio at the conclusion of the 2024–25 final audits.

Table 4.1.3: Legislative breaches by entity in the Agriculture, Fisheries and Forestry portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.1.5 Table 4.1.4 provides a summary of audit differences that relate to entities within the Agriculture, Fisheries and Forestry portfolio.

Table 4.1.4: The number of audit differences by entity in the Agriculture, Fisheries and Forestry portfolio

Source: ANAO analysis of audit differences reported to entities in the Agriculture, Fisheries and Forestry portfolio.

Department of Agriculture, Fisheries and Forestry

4.1.6 The Department of Agriculture, Fisheries and Forestry (DAFF) is responsible for developing and implementing policies and initiatives to promote more sustainable, productive, internationally competitive and profitable Australian agricultural, food and fibre industries; safeguarding Australia’s animal and plant health status to maintain overseas markets and protect the economy and environment from exotic pests and diseases.

Engagement risk rating

4.1.7 The engagement risk for DAFF’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• multiple pieces of legislation governing DAFF’s import and export functions, affecting DAFF’s departmental revenue;
• the self-assessment regime for administered levies collected from primary producers and agents; and
• judgement required by management to determine significant financial statements balances.

2024–25 audit results

4.1.8 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to DAFF. Two minor audit findings were identified during the 2024–25 audit.

Key financial balances and areas of financial statements risk

4.1.9 Figures 4.1.1 and 4.1.2 shows the key financial statements balances reported by DAFF at 30 June 2025.

Figure 4.1.1: Key departmental financial statements balances

Source: DAFF’s 2024–25 financial statements.

Figure 4.1.2: Key administered financial statements balances

Source: DAFF’s 2024–25 financial statements.

4.1.10 Table 4.1.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DAFF.

Table 4.1.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DAFF’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.1.11 The ANAO issued an unmodified auditor’s report on DAFF’s financial statements on 5 September 2025.

Comments on non-material entities

Australian Pesticides and Veterinary Medicines Authority

4.1.12 The Australian Pesticides and Veterinary Medicines Authority (APVMA) is established under the Agricultural and Veterinary Chemicals (Administration) Act 1992 (Administration Act). The APVMA’s principal responsibilities are described in the Administration Act and the Agricultural and Veterinary Chemicals Code Act 1994. APVMA supports the delivery and management of the National Registration Scheme (NRS) through the responsible regulation and control of agricultural and veterinary (agvet) chemicals up to and including the point of retail sale.

2024–25 audit results

4.1.13 At the conclusion of the 2024–25 financial statements audit, one significant legislative breach was identified.

Table 4.1.6: Status of audit findings

New significant legislative breach

Legislative non-compliance relating to the administration of levies under the Agricultural and Veterinary Products (Collection of Levy) Act 1994

4.1.14 APVMA management identified a significant legislative non-compliance relating to the administration of levies under the Agricultural and Veterinary Products (Collection of Levy) Act 1994 (the Collection of Levy Act). The breach related to the non-collection of some levies under the Collection of Levy Act.

4.1.15 Prior to the audit, the APVMA commenced a process to assess the financial impact of the non-collection of past levies on disposals of unregistered products under permit.

4.1.16 APVMA will confirm with the Finance Minister the amount and method of collection of these levies.

4.1.17 The ANAO will review the actions taken by APVMA in relation to this audit finding during the 2025–26 audit.

4.2 Attorney-General’s portfolio

Portfolio overview

4.2.1 The Attorney-General’s portfolio is responsible for legal services; national security and criminal law; integrity and anti-corruption matters; the Commonwealth justice system including courts, tribunals, justice policy and legal assistance; regulation and reform; protecting and promoting human rights; and support for Commonwealth royal commissions.

4.2.2 Table 4.2.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.2.1: Attorney-General’s portfolio material and other entities discussed in this chapter

Audit findings

4.2.3 Table 4.2.2 presents a summary of the total number of unresolved findings by entities in the Attorney-General’s Department portfolio at the conclusion of the 2024–25 final audits.

Table 4.2.2: Unresolved audit findings by entity in the Attorney-General’s portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.2.4 Table 4.2.3 provides a summary of audit differences that relate to entities within the Attorney-General’s Department portfolio.

Table 4.2.3: The number of audit differences by entity in the Attorney-General’s portfolio

Source: ANAO analysis of audit differences reported to entities in the Attorney-General’s portfolio.

Attorney-General’s Department

4.2.5 The Attorney-General’s Department (AGD) supports the Attorney-General through the provision of expert advice and services on a range of law, justice, integrity, and national security issues

Engagement risk rating

4.2.6 The engagement risk for AGD’s 2024-25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• stable structure and operations of AGD; and
• low complexity of transactions and balances in AGD’s financial statements.

2024–25 audit results

4.2.7 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to AGD. One minor finding remains unresolved.

Key financial balances and areas of financial statements risk

4.2.8 Figures 4.2.1 and 4.2.2 shows the key financial statements balances reported by AGD at 30 June 2025.

Figure 4.2.1: Key departmental financial statements balances

Source: AGD’s 2024-25 financial statements.

Figure 4.2.2: Key administered financial statements balances

Source: AGD’s 2024-25 financial statements.

4.2.9 Table 4.2.4 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of AGD.

Table 4.2.4: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and AGD’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.2.10 The ANAO issued an unmodified auditor’s report on AGD’s financial statements on 24 September 2025.

High Court of Australia

4.2.11 The High Court is responsible for interpreting and applying the law of Australia; deciding on cases of special federal significance, including challenges to the constitutional validity of laws; and hearing appeals, by special leave, from federal, state and territory courts.

Engagement risk rating

4.2.12 The engagement risk for High Court of Australia’s 2024-25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• low complexity of transactions and balances in High Court of Australia’s financial statements;
• overall operating effectiveness of High Court of Australia’s control frameworks; and
• limited prior year audit adjustments.

2024-25 audit results

4.2.13 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to the High Court of Australia.

Key financial balances and areas of financial statements risk

4.2.14 Figure 4.2.3 shows the key financial statements balances reported by the High Court of Australia at 30 June 2025.

Figure 4.2.3: Key financial statements balances

Source: High Court of Australia’s 2024–25 financial statements.

4.2.15 Table 4.2.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the High Court of Australia.

Table 4.2.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and High Court’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.2.16 The ANAO issued an unmodified auditor’s report on the High Court’s financial statements on 27 August 2025.

4.3 Climate Change, Energy, the Environment and Water portfolio

Portfolio overview

4.3.1 The Climate Change, Energy, the Environment and Water portfolio is responsible for advising the government and implementing programs on climate change; energy supply efficiency; the environment, biodiversity and heritage; meteorological services; water resources; and Australia’s interests in the Antarctic and Southern Ocean.

4.3.2 Table 4.3.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.3.1: Climate Change, Energy, the Environment and Water portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.3.3 Table 4.3.2 presents a summary of the total number of unresolved findings by entities in the Climate Change, Energy, the Environment and Water portfolio at the conclusion of the 2024– 25 audits.

Table 4.3.2: Unresolved audit findings by entity in the Climate Change, Energy, the Environment and Water portfolio

Source: ANAO 2024–25 audit results.

4.3.4 Table 4.3.3 presents a summary of the total number of legislative breaches by entities in the Climate Change, Energy, the Environment and Water portfolio at the conclusion of the 2024–25 audits.

Table 4.3.3: Legislative breaches by entity in the Climate Change, Energy, the Environment and Water portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.3.5 Table 4.3.4 provides a summary of audit differences that relate to entities within the Climate Change, Energy, the Environment and Water portfolio.

Table 4.3.4: The number of audit differences by entity in the Climate Change, Energy, the Environment and Water title portfolio

Source: ANAO analysis of audit differences reported to entities in Climate Change, Energy, the Environment and Water portfolio.

Department of Climate Change, Energy, the Environment and Water

4.3.6 The Department of Climate Change, Energy, the Environment and Water (DCCEEW) is responsible for developing and implementing policies and initiatives to protect Australia’s environment, biodiversity and heritage; helping Australia respond to and address climate change; and managing Australia’s water and energy resources.

Engagement risk rating

4.3.7 The engagement risk for DCCEEW’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• DCCEEW’s broad strategic direction across several diverse functions that have a high level of public interest and Parliamentary scrutiny;
• the complexity of some financial statements balances which require increased management judgement, are reliant on external advice, and impact the Australian Government’s consolidated financial statements;
• shared services arrangements with other Australian Government entities that support key financial statements balances; and
• a financial reporting function, internal control environment and governance arrangements that has matured since DCCEEW was established on 1 July 2022.

2024–25 audit results

4.3.8 At the conclusion of the 2024–25 financial statements audit, one finding that poses a moderate business or financial risk to DCCEEW, and one minor finding remain unresolved. One minor finding was identified during the final audit.

4.3.9 During the 2025–26 audit, the ANAO will assess action taken by DCCEEW to address the risks identified.

Audit findings

Table 4.3.5: Status of significant and moderate audit findings raised by the ANAO

Unresolved moderate audit finding

TechOne privileged user activity

4.3.10 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights, known as privileged user access. Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.3.11 During the 2023–24 interim audit, the ANAO identified weaknesses in the effectiveness of DCCEEW’s monitoring of privileged user activities within the TechOne Financial Management Information System (FMIS).

4.3.12 The ANAO recommended that DCCEEW update the privileged user access monitoring policy to regularise these reviews, including the requirement to retain evidence to support that the reviews had been appropriately undertaken in accordance with the policy.

4.3.13 During the 2024–25 audit, DCCEEW developed a standard operating procedure for logging and monitoring privileged user activities in its FMIS and had conducted some reviews of privileged user activities during the year. Despite this, the reviews were not formalised, did not cover the full financial year, and there was insufficient documentation evidencing the reviews.

4.3.14 The ANAO will focus on the action taken by DCCEEW in response to this finding as part of the 2025–26 audit.

Key financial balances and areas of financial statements risk

4.3.15 Figures 4.3.1 and 4.3.2 shows the key financial statements balances reported by DCCEEW as at 30 June 2025.

Figure 4.3.1: Key departmental financial statements balances

Source: DCCEEW’s 2024–25 financial statements.

Figure 4.3.2: Key administered financial statements balances

Source: DCCEEW’s 2024–25 financial statements.

4.3.16 Table 4.3.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DCCEEW.

Table 4.3.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DCCEEW’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.3.17 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements. DCCEEW has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by DCCEEW as part of the 2025–26 audit.

4.3.18 The ANAO issued an unmodified auditor’s report on DCCEEW’s financial statements on 24 September 2025.

Bureau of Meteorology

4.3.19 The Bureau of Meteorology (the Bureau) is responsible for providing weather, climate and ocean services for Australia.

Engagement risk rating

4.3.20 The engagement risk for the Bureau’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• the Bureau’s stable, yet geographically dispersed business operations providing essential products and services regarding Australia’s weather, climate and water;
• the Bureau’s significant balance of non-financial assets which comprises unique physical assets and software; and
• mature financial statements preparation process and internal control environment.

2024–25 audit results

4.3.21 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to the Bureau. One minor audit finding was identified during the 2024–25 audit.

Key financial balances and areas of financial statements risk

4.3.22 Figure 4.3.3 shows the key financial statements balances reported by the Bureau at 30 June 2025.

Figure 4.3.3: Key financial statements balances

Source: The Bureau’s 2024–25 financial statements.

4.3.23 Table 4.3.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the Bureau.

Table 4.3.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and the Bureau’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.3.24 The ANAO issued an unmodified auditor’s report on the Bureau’s financial statements on 10 September 2025.

Clean Energy Finance Corporation

4.3.25 The Clean Energy Finance Corporation (CEFC) is responsible for facilitating increased flows of finance into the clean energy sector and facilitating the achievement of Australia’s greenhouse gas emissions reduction targets.

Engagement risk rating

4.3.26 The engagement risk for CEFC’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• ongoing growth in CEFC’s debt and equity investment, and a broadening of CEFC’s investment structures;
• the complexity associated with monitoring of CEFC’s operations in compliance with its enabling legislation; and
• complex accounting and reporting arrangements, in particular compliance with the requirements of accounting for financial instruments.

2024–25 audit results

4.3.27 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to CEFC.

Key financial balances and areas of financial statements risk

4.3.28 Figure 4.3.4 shows the key financial statements items reported by CEFC at 30 June 2025.

Figure 4.3.4: Key financial statements balances

Source: CEFC’s 2024–25 financial statements.

4.3.29 Table 4.3.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of CEFC.

Table 4.3.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and CEFC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.3.30 The ANAO issued an unmodified auditor’s report on CEFC’s financial statements on 27 August 2025.

Clean Energy Regulator

4.3.31 The Clean Energy Regulator (CER) is responsible for the administration of market-based mechanisms that incentivise reduction in greenhouse gas emissions and the promotion of additional renewable electricity generation. In achieving these objectives, the CER is responsible for the administration of the Australian Carbon Credit Units Scheme (ACCU) and the programs and regulation supporting the Renewable Energy Target (RET).

Engagement risk rating

4.3.32 The engagement risk for CER’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the size and complexity of CER’s operations, particularly due to a significant increase in market activity in response to anticipated demand for ACCUs;
• the administration of the ACCUs scheme and the RET, which are complex in nature and are managed in complex IT environments; and
• continuing developments in the Australian Government’s response to climate change, including the impact of the Safeguard Mechanism and other policy and regulatory processes, which are administered by CER.

2024–25 audit results

4.3.33 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to CER. One moderate audit finding, and one minor audit finding were resolved, and two minor audit findings remain unresolved.

4.3.34 During the 2025–26 audit, the ANAO will assess action taken by CER to address the risks identified.

Audit findings

Table 4.3.9: Status of significant and moderate audit findings raised by the ANAO

Resolved moderate audit finding

Privileged and other user access

4.3.35 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights, known as privileged user access. Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.3.36 During the 2021–22 audit, the ANAO identified that CER lacked sufficient policies, procedures, and risk assessments to guide monitoring of privileged user activity across key systems, resulting in the absence of required monitoring.

4.3.37 In 2023–24, the ANAO’s review found weaknesses in design effectiveness of monitoring controls, particularly the exclusion of all relevant privileged users. This indicated limitations in CER’s remediation efforts, which included updating user access related policies, procedures and risk assessments, and implementing processes for regular system log reviews.

4.3.38 Consistent with the recommendations made by the ANAO, during 2024–25 CER:

• implemented a new monitoring control that generates alerts based on changes made to the databases, including modifications to underlying data and system configurations;
• advised the ANAO that alerts are investigated to confirm the appropriateness of the activity, with outcomes documented; and
• conducted periodic reviews to ensure all alerts have been actioned.

4.3.39 The ANAO conducted testing over the implemented control and found it to be effective. As a result, the ANAO considers that CER has addressed the risks identified, and that this audit finding has been resolved.

Key financial balances and areas of financial statements risk

4.3.40 Figures 4.3.5 and 4.3.6 shows the key financial statements balances reported by CER at 30 June 2025.

Figure 4.3.5: Key departmental financial statements balances

Source: CER’s 2024–25 financial statements.

Figure 4.3.6: Key administered financial statements balances

Source: CER’s 2024–25 financial statements.

4.3.41 Table 4.3.10 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of CER.

Table 4.3.10: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and CER’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.3.42 The ANAO issued an unmodified auditor’s report on CER’s financial statements on 1 September 2025.

Snowy Hydro Limited

4.3.43 Snowy Hydro Limited (Snowy Hydro) is a government business enterprise responsible for energy generation activities to supply the National Electricity Market as well as operating as a retail energy provider through the Red Energy, Lumo Energy and Snowy Energy brands.

Engagement risk rating

4.3.44 The engagement risk for Snowy Hydro’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the value of and complexity of delivery of the long-term infrastructure developments relating to the Snowy 2.0 and Hunter Power projects;
• Snowy Hydro’s dynamic and complex operating and regulatory environment and level of competition for customers for the supply of electricity; and
• the complexity of and judgement required in determining the fair value of the energy derivatives portfolio.

2024–25 audit results

4.3.45 At the conclusion of the 2024–25 financial statements audit, one finding that poses a moderate business or financial risk to Snowy Hydro, and one minor finding remain unresolved.

4.3.46 During the 2025–26 audit, the ANAO will assess action taken by Snowy Hydro to address the risks identified.

Audit findings

Table 4.3.11: Status of significant and moderate audit findings raised by the ANAO

Unresolved moderate audit finding

IT general controls for the financial management information system

4.3.47 Snowy Hydro financial management information system (FMIS) is provided under a cloud computing arrangement. Snowy Hydro’s service provider is largely responsible under contract for system administration activities, including designing and implementing appropriate IT general controls supporting user access management, including for privileged users, and change management processes. Under the terms of the contract, the service provider is required to provide assurance to Snowy Hydro, via a Service Organisation Control (SOC) report prepared by an independent auditor, that these controls are designed, implemented and operating effectively.

4.3.48 During 2023–24 and 2024–25, the service provider provided qualified SOC reports which identified a number of weaknesses in the operating effectiveness of IT general controls for the FMIS, for which no mitigating procedures were performed by Snowy Hydro for the weaknesses noted.

4.3.49 The ANAO recommended that Snowy Hydro perform mitigating procedures to address any significant deficiencies noted in the SOC report in a timely manner.

Key financial balances and areas of financial statements risk

4.3.50 Figure 4.3.7 shows the key financial statements balances reported by Snowy at the conclusion of the 2024–25 audit.

Figure 4.3.7: Key financial statements balances

Source: Snowy Hydro’s 2024–25 financial statements.

4.3.51 Table 4.3.12 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Snowy Hydro.

Table 4.3.12: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Snowy Hydro’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.3.52 Although the ANAO identified audit findings during the 2024–25 audit additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements. Snowy Hydro has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by Snowy Hydro as part of the 2025–26 audit.

4.3.53 The ANAO issued an unmodified auditor’s report on Snowy Hydro’s financial statements on 28 October 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter which draws attention to the re-issuance of the financial report to correct a formatting error that related to a misalignment in a note disclosure regarding loan arrangements.

4.4 Defence portfolio

Portfolio overview

4.4.1 The Defence portfolio includes a number of entities that together are responsible for the defence of Australia and its national interests.

4.4.2 Table 4.4.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.4.1: Defence portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.4.3 Table 4.4.2 presents a summary of the total number of unresolved findings by entities in the Defence portfolio at the conclusion of the 2024–25 audits.

Table 4.4.2: Unresolved audit findings by entity in the Defence portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.4.4 Table 4.4.3 provides a summary of audit differences that relate to entities within the Defence portfolio.

Table 4.4.3: The number of audit differences by entity in the Defence portfolio

Source: ANAO analysis of audit differences reported to entities in the Defence portfolio.

Department of Defence

4.4.5 The Department of Defence (Defence) is responsible for protecting and advancing Australia’s strategic interests through the promotion of security and stability, the provision of military capabilities to defend Australia and its national interests, and the provision of support for the Australian community and civilian authorities as directed by the Australian Government.

Engagement risk rating

4.4.6 The engagement risk for Defence’s 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• the nature, scale and complexity of Defence’s operations and strategic environment;
• a high level of public interest and Parliamentary scrutiny of Defence’s activities;
• the complexity and uniqueness of some financial statements balances, such as specialist military equipment (SME), that require increased management judgement and are subject to high levels of estimation uncertainty; and
• the implementation of an Enterprise Resource Planning (ERP) system replacing the functionality of numerous Defence IT systems.

2024–25 audit results

4.4.7 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Defence. One previously reported audit finding posing a significant business or financial risk was reassessed to a minor audit finding during the ANAO’s 2024–25 interim audit, and three minor audit findings were identified.

Audit findings

Table 4.4.4: Status of significant and moderate audit findings raised by the ANAO

Note a: One significant audit finding was reduced to a minor audit finding during the 2024–25 audit.

Resolved significant audit finding

Removal of system access for Defence personnel and contractors

4.4.8 During previous financial statements audits, the ANAO identified weaknesses in Defence’s IT control environment which resulted in former Defence employees and contractors retaining access to Defence’s ICT systems after their exit from Defence.

4.4.9 The absence of effective controls over the removal or monitoring of user access post-termination increases the risk of inappropriate activity occurring in systems that have significant and sensitive data holdings.

4.4.10 In response to this audit finding, Defence established a dedicated project team, developed a user data reconciliation environment and engaged internal audit to address the risks identified by the ANAO. The ANAO undertook additional audit procedures to verify the design, implementation and operating effectiveness of those procedures and has assessed that Defence has addressed the ANAO’s recommendation regarding the termination of systems access for former employees and contractors.

4.4.11 The audit finding was reassessed to a minor audit finding as Defence implements further procedures to strengthen the management of user access to key systems, specifically, the implementation of role-based position access.

Key financial balances and areas of financial statements risk

4.4.12 Figures 4.4.1 and 4.4.2 shows the key financial statements balances reported by Defence at 30 June 2025.

Figure 4.4.1: Key departmental financial statements balances

Source: Defence’s 2024–25 financial statements.

Figure 4.4.2: Key administered financial statements balances

Source: Defence’s 2024–25 financial statements.

4.4.13 Table 4.4.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Defence.

Table 4.4.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Defence’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.4.14 The ANAO issued an unmodified auditor’s report on Defence’s financial statements on 3 October 2025.

Australian Signals Directorate

4.4.15 The Australian Signals Directorate’s (ASD) purpose is to defend Australia from global threats and advance Australia’s national interest through the provision of foreign signals intelligence, cyber security and offensive cyber operations, as directed by government. The Australian Cyber Security Centre (ACSC) leads the Australian Government’s efforts to improve cyber security and aims to make Australia the most secure place to connect online.

Engagement risk rating

4.4.16 The engagement risk for ASD’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the significant and ongoing investment in ASD’s cyber and intelligence capabilities through the REDSPICE program;
• ASD’s unique and geographically spread business operations, and the compartmentalised and sensitive nature of ASD’s business;
• shared services arrangements with Defence which supports key financial statement balances; and
• ASD’s application of a modified financial reporting framework in the preparation of the financial statements in accordance with Section 105D of the PGPA Act.

2024–25 audit results

4.4.17 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to the ASD.

Key financial balances and areas of financial statements risk

4.4.18 Figures 4.4.3 and 4.4.4 shows the key financial statements balances reported by ASD at 30 June 2025.

Figure 4.4.3: Key departmental financial statements balances

Source: ASD’s 2024–25 financial statements.

Figure 4.4.4: Key administered financial statements balances

Source: ASD’s 2024–25 financial statements.

4.4.19 Table 4.4.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ASD.

Table 4.4.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ASD’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.4.20 The ANAO issued an unmodified auditor’s report on the ASD’s financial statements on 29 August 2025.

Department of Veterans’ Affairs

4.4.21 The Department of Veterans’ Affairs (DVA) is responsible for developing and implementing programs to assist the veteran and ex-service communities. This includes granting pensions, allowances and other benefits, and providing treatment under the Veterans’ Entitlements Act 1986; the administration of benefits and arrangements under the Military Rehabilitation and Compensation Act 2004; determining and managing claims relating to defence service under the Safety, Rehabilitation and Compensation (Defence-related Claims) Act 1998 (DRCT); administering the Defence Service Homes Act 1918 and the War Graves Act 1980; and conducting commemorative programs to acknowledge the service and sacrifice of Australian servicemen and women.

Engagement risk rating

4.4.22 The engagement risk for DVA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity of personal benefit and healthcare claims, the IT systems used to process these claims, and the associated legislation which is administered by DVA; and
• the complexity of the calculation of key financial statement balances including the provision for military compensation.

2024–25 audit results

4.4.23 At conclusion of the 2024–25 financial statements audit, one audit finding posing a moderate business or financial risk to DVA was identified. Five moderate audit findings, and three minor audit findings remain unresolved. Two minor audit findings were resolved.

4.4.24 During the 2025–26 audit, the ANAO will assess action taken by DVA to address the risks identified.

Audit findings

Table 4.4.7: Status of significant and moderate audit findings raised by the ANAO

Source: ANAO 2024–25 audit results.

New moderate audit finding

Claim Quality Assurance Program – Benefit Payments

4.4.25 DVA undertakes a claim quality assurance program to support the accuracy and validity of claims processed. The quality assurance program also seeks to provide input based on the results into training programs or other areas requiring increased focus. The testing is conducted on a sample basis. The ANAO’s review of the quarterly quality assurance reports for income and compensation claims, Quality Assurance Protocols and the processes supporting the quality assurance processes noted the following:

• While DVA’s sampling methodology allows for the projection of the sample error into the population, DVA did not extrapolate the sampling results to determine the population error rate in the claim population by claim types. DVA’s approved Quality Assurance Protocols, state that “the financial impact of QA errors is reported by the Financial Accounting and Compliance Section in the Department’s financial statements.” DVA confirmed this does not occur and no data on payment correctness rates is included in the financial statements, with the exception of the section 83 disclosures which outline actual errors identified for which debt recovery has been initiated.
• The results of testing outcomes are reported as actual sample error percentages which provides limited detail to allow meaningful analysis of actual and trending error projections. It was noted that based on the sample errors, the correctness benchmarks were not met for most compensation programs and for a smaller number of income support programs. DVA’s approved Quality Assurance Protocols state that “The financial impact excludes the effect of recovery, waiver or write off action to correct the error.” If the overall impacts were calculated, excluding these amounts would distort the true financial error profile. A decision to not pursue debt recovery does not preclude a claim noted as erroneous from being defined or included as an error in calculations.
• The ANAO noted that documentation of the sample testing results was incomplete. The quality assurance system did not have sufficient records for the ANAO to assess the conclusions reached by the compliance officers.
• DVA could not demonstrate how they gain assurance over the completeness of the data sets provided by Services Australia or provided by the Claims and Workforce Reporting Team within DVA before the data sets are uploaded into the quality assurance system for sampling. This has previously been the subject of an ANAO audit finding, indicating that the remediating controls and processes have not continued to operate.

Unresolved moderate audit findings

Bank Reconciliations – identification of reconciling items

4.4.26 The ANAO review of bank reconciliations identified that the weaknesses reported by the ANAO in 2023-24 relating to the bank reconciliation issues had not been rectified. The ANAO identified that a significant level of unreconciled items appear in the bank reconciliations. It was noted that payments and receipts have been netted off, and the net amount has been used in the reconciliation. Netting off unmatched transactions does not provide clarity around the nature of reconciling items and assurance that there aren’t large errors or reconciling items embedded in the large variances. Audit queries on the reconciliations performed resulted in adjustments of $2.04 million (departmental cash) and $112.5 million (administered cash). This related to timing differences that the bank reconciliation process was not correctly identifying.

4.4.27 The ANAO will continue to monitor the progress of this issue during the 2025–26 audit. It is envisioned that the issue concerning the bank reconciliations will remediate as DVA transition to their new Financial Management Information System in 2025-26.

Process Direct Security Risk Management

4.4.28 During the 2020–21 audit, the ANAO identified weaknesses relating to the management of security risks as part of an upgrade to Process Direct implemented in November 2020. The ANAO recommended that DVA address the self-identified security risks when implementing the system.

4.4.29 DVA affirmed that accreditation of Process Direct was finalised in August 2021 and all required security documentation developed. The ANAO’s inspection of the accreditation documents, including the Process Direct System Security Plan, identified that one of the three self-identified risks remained untreated. DVA is in the process of remediating the last unmitigated risk.

Security Governance – Monitoring Implementation of Controls

4.4.30 During the 2021–22 audit, the ANAO noted instances that indicated DVA’s information technology governance and monitoring processes were not fully effective to address identified business risks. The ANAO recommended an effective governance and assurance framework be developed over security governance to ensure controls were implemented and operating effectively.

4.4.31 During 2023–24, DVA advised the ANAO that it is planning to implement an assurance framework that addresses IT governance encompassing DVA’s own and outsourced arrangements. The assurance framework will set out the cadence of reporting on the effectiveness of IT controls to the DVA Security Committee. This assurance framework is expected to be finalised and presented to the DVA Security Committee for endorsement in early 2025-26. The ANAO will review this as part of the 2025-26 interim audit.

Monitoring of Privileged Activity – Process Direct & ISH

4.4.32 Process Direct and ISH are ICT systems utilised by DVA for processing claims. The ANAO identified weaknesses in DVA’s monitoring of privileged user activity for both systems and raised individual findings for each.

4.4.33 Users with administrative privileges, commonly referred to as privileged users, are able to make significant changes to IT systems’ configuration and operation, bypass critical security settings and access sensitive information. To reduce the risks associated with this access, the Information Security Manual requires that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored.

4.4.34 DVA was not able to demonstrate activities performed to monitor privileged user transactions or activities in the Process Direct & ISH claim processing IT systems. DVA advised the ANAO that the entity relied on the activities undertaken by Services Australia under the Shared Services Agreement which exists between the two entities. While Services Australia produces a report on user activity which covers all IT platforms (including Process Direct and ISH) and provides the report to DVA, Services Australia does not undertake any monitoring activities on DVA’s behalf.

4.4.35 The ANAO recommended that DVA implement a process to monitor the activities of privileged users in Process Direct and ISH. DVA are working with Services Australia to develop an appropriate monitoring process.

Key financial balances and areas of financial statements risk

4.4.36 Figures 4.4.5 and 4.4.6 shows the key financial statements items reported by DVA at 30 June 2025.

Figure 4.4.5: Key departmental financial statements balances

Source: DVA’s 2024–25 financial statements.

Figure 4.4.6: Key administered financial statements balances

Source: DVA’s 2024–25 financial statements.

4.4.37 Table 4.4.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DVA.

Table 4.4.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DVA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.4.38 The ANAO issued an unmodified auditor’s report on DVA’s financial statements on 12 September 2025.

Australian War Memorial

4.4.39 The Australian War Memorial (the Memorial) has responsibility for commemorating, interpreting and understanding the Australian experience of war and its enduring impact through maintaining and developing the national memorial and its collection, and exhibiting historical material, and undertaking commemorative ceremonies and research.

Engagement risk rating

4.4.40 The engagement risk for the Memorial’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• well established and effective governance structures in place over the management of financial reporting;
• the low number of audit adjustments identified in prior year audits.

2024–25 audit results

4.4.41 At the conclusion of the 2024–25 financial statements audit, one finding that poses a moderate business or financial risk to the Memorial was identified. One minor finding remained unresolved.

Audit findings

Table 4.4.9: Status of significant and moderate audit findings raised by the ANAO

New moderate audit finding

Valuation of land and building assets

4.4.42 The valuation of land and buildings involves estimates and a high level of professional judgement in arriving at the fair value. Revaluation results, including movements within a financial year are required to be supported by sufficient and appropriate management analysis and working papers to conclude on the appropriateness of key judgements and estimates, and to support the interpretation of and conformance to accounting standard requirements.

4.4.43 During the 2024–25 audit, the ANAO identified weaknesses in the management analysis supporting the revaluation results for the Memorial’s building assets, requiring ANAO to undertake additional audit procedures to gain assurance that the 2024–25 financial statements were not materially misstated. The Memorial’s land and building assets are of a specialised nature and restricted use which require additional estimates and judgement to that of a traditional property valuation. Notably, there have been significant capitalised additions in the 2024–25 financial year due to the Memorial’s redevelopment project.

4.4.44 The ANAO recommended that the Memorial:

• strengthen materiality assessments for the financial statements preparation process to ensure supporting analysis considers both the nature and measurement of quantitative and qualitative assumption impacts; and
• for sections of the financial statements that involve significant estimation and judgement, establish and conduct annual evaluations of key indicators aligned with these estimates and judgements to ensure the continued material accuracy of the reported financial statements.

4.4.45 The Memorial did not agree with the assessment of risk for the financial statements, however noted the ANAO’s recommendations regarding enhancements to the supporting analysis for complex judgements and estimates, specifically in relation to the 2024–25 external valuation of land and buildings, and more generally for future assessments. The Memorial’s conformance with accounting standard requirements for fair value reporting will remain an area of focus for the 2025–26 audit.

Key financial balances and areas of financial statements risk

4.4.46 Figure 4.4.7 shows the key financial statements balances reported by the Memorial at 30 June 2025.

Figure 4.4.7: Key financial statements balances

Source: The Memorial’s 2024–25 financial statements.

4.4.47 Table 4.4.10 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the Memorial.

Table 4.4.10: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and the Memorial’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.4.48 The ANAO issued an unmodified auditor’s report on the Memorial’s financial statements on 25 August 2025.

Defence Housing Australia

4.4.49 Defence Housing Australia (DHA) is responsible for providing housing and related services to members of the Australian Defence Force and their families, consistent with Defence’s operational requirements. To meet these requirements, DHA is responsible for constructing, purchasing and leasing houses for Australian Defence Force (ADF) personnel.

Engagement risk rating

4.4.50 The engagement risk for DHA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the nature of DHA’s operations and business activities, which increases the level of management judgement to account for key financial statements balances including the valuation and impairment of investment properties, and in accounting for lease contracts in accordance with the relevant accounting standards; and
• the number of revenue streams and complexity of transactions relating to housing services provided to Defence that impact the complexity of financial reporting of such transactions.

2024–25 audit results

4.4.51 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business risk to DHA. One minor finding remains unresolved.

Figure 4.4.8: Key financial statements balances

Source: DHA’s 2024–25 financial statements.

4.4.52 Table 4.4.11 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DHA.

Table 4.4.11: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DHA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.4.53 The ANAO issued an unmodified auditor’s report on DHA’s financial statements on 4 September 2025.

Comments on non-material entities

Army and Air Force Canteen Service

4.4.54 The Army and Air Force Canteen Service (AAFCANS) was established to provide goods, facilities and services to members of the Defence community. AAFCANS operates food services and facilities on 27 Army and Air Force bases and joint Australian Defence Force facilities throughout Australia.

2024–25 audit results

4.4.55 At the conclusion of the 2024–25 financial statements audit, one moderate audit finding was resolved, and one moderate audit finding was reduced to a minor audit finding.

Table 4.4.12: Status of audit findings

Resolved moderate audit findings

Supplier rebates

4.4.56 AAFCANS receives rebates from suppliers based on the volume of purchases made over a specified period. The Australian Accounting Standards require supplier rebates to be recorded as an adjustment to cost of goods sold.

4.4.57 During the 2023–24 audit, the ANAO identified AAFCANS had been recording supplier rebates as part of its revenue balance. This resulted in a material prior period error in the 2022–23 financial statements. In addition, AAFCANS has been recording its supplier rebates on a cash basis rather than recognising rebates when AAFCANS becomes entitled to the discount.

4.4.58 AAFCANS corrected its accounting treatment in the 2023–24 financial statements and disclosed the prior period error in its financial statements in accordance with the Australian Accounting Standards.

4.4.59 During 2024–25, the ANAO confirmed that AAFCANS is now applying the correct accounting treatment for these transactions, and therefore the ANAO considers this audit finding resolved.

Fair value assessment of property, plant and equipment

4.4.60 AAFCANS records its property, plant and equipment using the fair value model in accordance with Australian Accounting Standards. The fair value model requires that property, plant and equipment is carried at fair value at reporting date less any subsequent accumulated depreciation and/or impairment losses and revaluations must occur with sufficient frequency to ensure the carrying amount of property, plant and equipment is not materially different to the fair value at each balance date. AAFCANS engages an expert to perform a valuation on a three-to-five-year rotational basis. AAFCANS management performs its own internal assessment in years where a valuer is not engaged.

4.4.61 During 2023–24, the ANAO observed weaknesses in management’s fair value assessment, including no assessment of the appropriateness of the methodology applied, no assessment against available market data and current economic conditions or consideration of relevant indices, and limited analysis to support that assets were recorded at fair value.

4.4.62 During 2024–25, the ANAO observed AAFCANS had conducted an assessment to demonstrate that the value of property, plant, and equipment recognised in the financial statements did not differ materially from their fair value, as required by the financial reporting framework. For future valuations, the ANAO recommended that AAFCANS engage an independent valuer to ensure that assessment remains appropriate.

Australian Strategic Policy Institute Limited

4.4.63 The Australian Strategic Policy Institute Ltd (ASPI) is an independent, non-partisan strategic policy research centre established by the Australian Government in 2001. ASPI strives to provide insightful and timely research and analysis to inform government decisions and enhance public understanding of critical strategic and defence issues.

2024–25 audit results

4.4.64 At the conclusion of the 2024–25 financial statements audit one moderate audit finding was reassessed to a minor audit finding, and one minor audit finding was identified.

Table 4.4.13: Status of audit findings

Note a: One moderate audit finding was reassessed to a minor audit finding during the 2024–25 audit.

Resolved moderate audit findings

Governance risk – establishment of the US subsidiary

4.4.65 ASPI received funding from Defence to establish a branch office in Washington, D.C., United States of America (US). The branch office commenced operations in 2021. Upon establishment, ASPI identified that it was unable to generate other sources of income as the branch office did not have tax deductibility status under US law, impacting its future viability. ASPI obtained legal advice which recommended the branch office become a US incorporated subsidiary. The Board authorised the US subsidiary’s creation in early 2023.

4.4.66 As part of the 2022–23 audit, ASPI provided the ANAO with a written declaration that the US subsidiary had not been established. Subsequently, in January 2024, ASPI informed the ANAO that the US subsidiary had been incorporated on 3 April 2023, and two ASPI officers had been appointed as directors of the subsidiary. The failure to disclose the creation of the US subsidiary and the appointment of ASPI officers as key management personnel of the new entity resulted in a material prior period error in ASPI’s 2022–23 financial statements.

4.4.67 The ANAO reviewed the processes around the establishment of the US subsidiary and identified a number of governance risks which were not addressed. ASPI did not undertake a fulsome risk assessment process and did not properly assess the legal and regulatory risks in both the US and Australia before the Board approved the subsidiary’s creation. Significant legal compliance risks raised in advice prepared by two separate legal firms for ASPI were not addressed until the ANAO inquired as to the status of these matters.

4.4.68 The ANAO recommended ASPI obtain legal advice to determine whether the legal compliance risks would result in a breach of Australian law. The ANAO also recommended ASPI strengthen its governance processes for significant business decisions. This would include assessing the strategic, financial and operational risks, as well as the legal implications to ensure due diligence is undertaken before committing to an operational change.

4.4.69 During 2024–25, the ANAO observed that ASPI has addressed the most critical elements of legal compliance and disclosure with remediation strategies in place. The branch office operates as a business unit of ASPI. The subsidiary (ASPI USA) operates with tax deductibility status under US law and the ability to attract donations and fund the operations of the US branch office. Given the progress made by ASPI, the ANAO has reassessed the risk rating of this audit finding to minor, and the ANAO will assess the implementation and effectiveness of ASPI’s action in addressing this audit finding during the 2025–26 audit.

4.5 Education portfolio

Portfolio overview

4.5.1 The Education Portfolio is responsible for creating a better future for all Australians through education. The entities within the portfolio are responsible for policy, program and regulation responsibilities and delivering better outcomes for students, educators and teachers in early learning and care centres, schools and higher education providers.

4.5.2 Table 4.5.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.5.1: Education portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.5.3 Table 4.5.2 presents a summary of the total number of unresolved findings by entities in the Education portfolio at the conclusion of the 2024–25 final audits.

Table 4.5.2: Unresolved audit findings by entity in the Education portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.5.4 Table 4.5.3 provides a summary of audit differences that relate to entities within the Education portfolio.

Table 4.5.3: The number of audit differences by entity in the Education portfolio

Source: ANAO analysis of audit differences reported to entities in the Education portfolio.

Department of Education

4.5.5 The Department of Education (Education) is responsible for leading implementation of national policy and programs that help to build a strong future by supporting the early childhood education and care and schooling systems, developing strong frameworks for Australia’s young people, and enabling access to higher education, so that Australia can maximise personal, social and economic outcomes.

Engagement risk rating

4.5.6 The engagement risk for Education’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• Education’s role in administering programs across Australia’s education system, including the Higher Education Loan Program (HELP) and the Higher Education Superannuation Program (HESP);
• a complex IT environment used for making payments to schools, universities, and other education providers; and
• the complexity of some financial statements balances, such as the valuation of loans under HELP, and valuation of the HESP provision, that require management judgement and involve estimation uncertainty.

2024–25 audit results

4.5.7 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Education. One minor audit finding was identified during the 2024–25 audit, and one minor audit finding was resolved.

Key financial balances and areas of financial statements risk

4.5.8 Figures 4.5.1 and 4.5.2 shows the key financial statements balances reported by Education at 30 June 2025.

Figure 4.5.1: Key departmental financial statements balances

Source: Education’s 2024–25 financial statements.

Figure 4.5.2: Key administered financial statements balances

Source: Education’s 2024–25 financial statements.

4.5.9 Table 4.5.4 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Education.

Table 4.5.4: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Education’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.5.10 The ANAO issued an unmodified auditor’s report on Education’s financial statements on 4 September 2025.

Australian Research Council

4.5.11 The Australian Research Council (ARC) is responsible for administering the National Competitive Grants Program (NCGP), assessing the quality, engagement and impact of research, and providing advice and support on research matters.

Engagement risk rating

4.5.12 The engagement risk for ARC’s 2024–25 financial statements audit has been assessed as low.

2024–25 audit results

4.5.13 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ARC.

Key financial balances and areas of financial statements risk

4.5.14 Figures 4.5.3 and Figure 4.5.4 shows the key financial statements balances reported by ARC at 30 June 2025.

Figure 4.5.3: Key departmental financial statements balances

Source: ARC’s 2024–25 financial statements.

Figure 4.5.4: Key administered financial statements balances

Source: ARC’s 2024–25 financial statements.

4.5.15 Table 4.5.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ARC.

Table 4.5.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ARC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.5.16 The ANAO issued an unmodified auditor’s report on ARC’s financial statements on 1 September 2025.

4.6 Employment and Workplace Relations portfolio

Portfolio overview

4.6.1 The Employment and Workplace Relations portfolio is responsible for: skills, vocational and employment pathways; workplace relations; work health and safety; and rehabilitation and compensation.

4.6.2 Table 4.6.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.6.1: Employment and Workplace Relations portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.6.3 Table 4.6.2 presents a summary of the total number of unresolved findings by entities in the Employment and Workplace Relations portfolio at the conclusion of the 2024–25 audits.

Table 4.6.2: Unresolved audit findings by entity in the Employment and Workplace Relations portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.6.4 Table 4.6.3 provides a summary of audit differences that relate to entities within the Employment and Workplace Relations portfolio.

Table 4.6.3: The number of audit differences by entity in the Employment and Workplace Relations portfolio

Source: ANAO analysis of audit differences reported to entities in the Employment and Workplace Relations portfolio.

Department of Employment and Workplace Relations

4.6.5 The Department of Employment and Workplace Relations (DEWR) is responsible for ensuring Australians can experience the social well-being and economic benefits that training and employment provide. The department is also responsible for workplace relations and work health and safety, rehabilitation and compensation.

Engagement risk rating

4.6.6 The engagement risk for DEWR’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• DEWR’s administration and regulation of a complex legislative framework that underpins various significant payments; and
• financial statements balances, such as the valuation of the Vocational Student Loans, and Australian Apprenticeship Support Loans, which require significant management judgement and are subject to estimation uncertainty.

2024–25 audit results

4.6.7 At the conclusion of the 2024–25 financial statements audit, one moderate audit finding was reassessed to a minor audit finding.

Audit findings

Table 4.6.4: Status of significant and moderate audit findings raised by the ANAO

Note a: One moderate audit finding was reassessed to a minor audit finding during 2024–25.

Resolved moderate audit finding

Governance of legal and other matters

4.6.8 On 26 February 2025, the DEWR Secretary (the Secretary) advised the Senate Education and Employment Committee and published on DEWR’s website, details of decisions made under the Social Security Administration Act 1999, which may not have been valid. Around the same time DEWR advised the ANAO of the matter. The Social Security Administration Act 1999, in so far as it relates to mutual obligations requirements and compliance for some social security payments, are administered by DEWR. The Secretary explained IT systems and decision-making processes were not operating in alignment with the legal framework.

4.6.9 Across the legal and business areas of DEWR, SES officials were aware of the potential legislative validity issues at the time of the Secretary and Chief Financial Officer signing the 2023–24 financial statements and written representations. However, there was no documented consideration of this matter through the 2023–24 Management Assurance Certificate survey, nor communication to the ANAO in response to enquiries made last year.

4.6.10 As the responses in the 2023–24 Management Assurance Certificate were incomplete, there is a risk that legal and other matters were not sufficiently considered for financial reporting purposes, including supporting the written representations made by the Accountable Authority and Chief Financial Officer for the annual financial statements audit.

4.6.11 In July 2025 DEWR provided the ANAO revised Management Assurance Certificate questions planned to be used for 2024–25. It was observed that the questions included additional context which would assist the SES officers’ in discharging their responsibilities in terms of reporting complete and accurate financial information, effectiveness of existing controls, and identification of any legal and financial non-compliance.

4.6.12 DEWR has advised the ANAO that it has commenced design and implementation of a range of additional controls and framework documents, such as management assurance maps. Some aspects of the revised processes, such as subsequent event confirmations from business areas are operating for the first time in 2024–25. The additional work undertaken by DEWR supports the reassessment of the risk rating of this finding from moderate to minor.

4.6.13 The ANAO will consider the operation and maturity of these revised mechanisms across DEWR during 2025–26.

Key financial balances and areas of financial statements risk

4.6.14 Figures 4.6.1 and 4.6.2 shows the key financial statements balances reported by DEWR at 30 June 2025.

Figure 4.6.1: Key departmental financial statements balances

Source: DEWR’s 2024–25 financial statements.

Figure 4.6.2: Key administered financial statements balances

Source: DEWR’s 2024–25 financial statements.

4.6.15 Table 4.6.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DEWR.

Table 4.6.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DEWR’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.6.16 The ANAO issued an unmodified auditor’s report on DEWR’s financial statements on 24 September 2025.

Coal Mining Industry (Long Service Leave Funding) Corporation

4.6.17 The Coal Mining Industry (Long Service Leave Funding) Corporation (Coal LSL) collects levies from employers to fund long service leave payments made to employees in the Australian black coal mining industry. The levies collected are invested until the employee takes long service leave, at which point the employer makes a payment to the employee and seeks reimbursement from Coal LSL in accordance with legislative arrangements.

Engagement risk rating

4.6.18 The engagement risk for Coal LSL’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complex valuation processes used to determine the fair values attributed to unlisted trust investments.
• risks associated with the completeness and accuracy of investment holdings, its valuation as part of transition of custodians during 2024–25 for trust investments.
• the significant judgement required by management to estimate the value of the liability for reimbursement of employers’ long service leave obligations, due to a range of assumptions relied on to underpin the valuation methodology and estimation process.

2024–25 audit results

4.6.19 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Coal LSL. One minor audit finding was identified during the 2024–25 audit.

Key financial balances and areas of financial statements risk

4.6.20 Figure 4.6.3 shows the key financial statements balances reported by Coal LSL at 30 June 2025.

Figure 4.6.3: Key financial statements balances

Source: Coal LSL’s 2024–25 financial statements.

4.6.21 Table 4.6.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Coal LSL.

Table 4.6.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Coal LSL’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.6.22 The ANAO issued an unmodified auditor’s report on Coal LSL’s financial statements on 15 September 2025.

Comcare

4.6.23 Comcare is the Australian Government’s work health and safety regulator, a workers’ compensation scheme administrator and an insurer and claims manager. Comcare’s purpose is “to promote and enable safe and healthy work”. Comcare’s strategic priorities are focused on the prevention of work-related injuries and delivering better return to work outcomes particularly in relation to psychological injuries.

Engagement risk rating

4.6.24 The engagement risk for Comcare’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• valuation of Workers’ Compensation and Asbestos Claims Provision due to the judgements involved in the assumptions, calculations underpinning the actuarial assessment, and the availability, quality and completeness of data used to derive the valuation; and
• revenue recognition due to the complexity of legislation involved and the significance of the amounts involved in the ongoing operations of Comcare.

2024–25 audit results

4.6.25 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Comcare. Four minor audit findings were identified during the 2024–25 audit.

Key financial balances and areas of financial statements risk

4.6.26 Figure 4.6.4 shows the key financial statements balances reported by Comcare at 30 June 2025.

Figure 4.6.4: Key financial statements balances

Source: Comcare’s 2024–25 financial statements.

4.6.27 Table 4.6.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Comcare.

Table 4.6.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Comcare’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.6.28 The ANAO issued an unmodified auditor’s report on Comcare’s financial statements on 22 September 2025.

Comments on non-material entities

Seafarers Safety, Rehabilitation and Compensation Authority

4.6.29 The Seafarers Safety, Rehabilitation and Compensation Authority (Seacare Authority) oversees a national scheme of occupational health and safety and workers’ compensation arrangements for defined seafarers. The Seacare Authority administers the Seafarers Safety Net Fund that acts in the place of an employer if a default event occurs, enabling employees to lodge a claim event when there is no employer to lodge against.

Conclusion

4.6.30 The ANAO issued an unmodified auditor’s report on the Seacare Authority’s financial statements on 19 September 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph to draw the attention of users to the Overview note of the financial statements.

4.6.31 The Overview note states that the Seacare Authority has not been able to negotiate insurance for the Seafarers Safety Net Fund (the Fund) from an authorised insurer beyond 31 March 2022 in accordance with the requirements of section 102(1) of the Seafarers Act 1992 (Seafarers Act).

4.6.32 If the Seacare Authority does not hold insurance for the Fund but the Fund becomes liable to pay compensation under the Seafarers Act, of any quantum:

• the Seacare Authority will be required to pay the compensation from the available assets of the Fund; and
• any liability that cannot be met from the available assets of the Fund, the Seacare Authority will be responsible for coordinating the settlement of the remaining liability.

4.6.33 As a non-corporate Commonwealth entity, the Seacare Authority does not have a legal personality separate to the Australian Government and any liability to pay compensation will ultimately be the Australian Government’s liability.

4.7 Finance portfolio

Portfolio overview

4.7.1 The Finance portfolio is responsible for a range of finance related functions, including providing the Australian Government with budget policy advice, superannuation arrangements for government employees, deregulation policy, data and digital policy and services, insurance and risk management services, ministerial and parliamentary services and the Australian Government asset management service.²⁷

4.7.2 Table 4.7.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.7.1: Finance portfolio material and other entities discussed in this chapter

Audit findings

4.7.3 Table 4.7.2 presents a summary of the total number of unresolved findings by entities in the Finance portfolio at the conclusion of the 2024– 25 audits.

Table 4.7.2: Unresolved audit findings by entity in the Finance portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.7.4 Table 4.7.3 provides a summary of audit differences that relate to entities within the Finance portfolio.

Table 4.7.3: The number of audit differences by entity in the Finance portfolio

Source: ANAO analysis of audit differences reported to entities in Finance portfolio.

Department of Finance

4.7.5 The Department of Finance (Finance) is responsible for supporting the government’s budget process and oversight of public sector resource management, and for governance and accountability frameworks. The Department of Finance also provides shared services through the Service Delivery Office and is responsible for the production of the Australian Government’s Consolidated Financial Statements.

Engagement risk rating

4.7.6 The engagement risk for Finance’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity of key accounting balances, estimates and judgements that impact the financial statements; and
• the significance of the administered schedule of financial position to the Australian Government’s consolidated financial statements.

2024-25 audit results

4.7.7 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Finance. One minor audit finding remains unresolved.

Key financial balances and areas of financial statements risk

4.7.8 Figures 4.7.1 and 4.7.2 shows the key financial statements balances reported by Finance at the conclusion of the 2024–25 audit.

Figure 4.7.1: Key departmental financial statements balances

Source: Finance’s 2024–25 financial statements.

Figure 4.7.2: Key administered financial statements balances

Source: Finance’s 2024–25 financial statements.

4.7.9 Table 4.7.4 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Finance.

Table 4.7.4: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Finance’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.7.10 The ANAO issued an unmodified auditor’s report on Finance’s financial statements on 16 September 2025.

ASC Pty Limited

4.7.11 ASC Pty Ltd (ASC) is a Government Business Enterprise (GBE) wholly owned by the Australian Government, represented by the Department of Finance. ASC is Australia’s sovereign submarine sustainment and shipbuilding company, responsible for the design, build, and maintenance of the Royal Australian Navy’s submarine fleet.

Engagement risk rating

4.7.12 The engagement risk for the ASC’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating is the significant estimation and judgements involved in the recognition of Collins Class submarine projects.

2024–25 audit results

4.7.13 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ASC. One moderate audit finding, and three minor audit findings were resolved.

Audit findings

Table 4.7.5: Status of significant and moderate audit findings raised by the ANAO

Resolved moderate audit finding

Effective management of, and controls over, IT equipment

4.7.14 ASC records its IT assets in an inventory management system which is reconciled to the Financial Management Information System (FMIS) on a regular basis. During the 2023–24 audit, the ANAO identified several discrepancies where IT assets were not recorded in the inventory management system, however, were recorded in the fixed asset register in ASC’s FMIS (and vice versa). Additionally, the ANAO identified there were several fully depreciated assets identified which had reached the end of their planned useful lives, however, were recorded in ASC’s fixed asset register. These weaknesses indicate an increased risk that assets could be subject to misappropriation.

4.7.15 During the 2024–25 audit, the ANAO observed that ASC had taken appropriate action to address the 2023–24 finding, and the risks identified. This included resolving the identified discrepancies, establishing procedures for handling missing assets, and improving asset tracking protocols. Further, an Internal Audit conducted over ASC’s IT Asset Management Framework concluded that ASC had implemented robust and well-defined workflows throughout the IT asset lifecycle. Noting this, the ANAO considers this audit finding resolved.

Key financial balances and areas of financial statements risk

4.7.16 Figure 4.7.3 shows the key financial statements balances reported by ASC at the conclusion of the 2024–25 audit.

Figure 4.7.3: Key financial statements balances

Source: ASC’s 2024–25 financial statements.

4.7.17 Table 4.7.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ASC.

Table 4.7.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ASC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.7.18 The ANAO issued an unmodified auditor’s report on ASC’s financial statements on 28 August 2025.

Australian Naval Infrastructure Pty Ltd

4.7.19 Australian Naval Infrastructure Pty Ltd (ANI) is a Government Business Enterprise (GBE) wholly owned by the Australian Government. ANI’s primary function is to support the Australian Government’s continuous naval shipbuilding program by acting as the owner, developer, and manager of infrastructure and related facilities.

Engagement risk rating

4.7.20 The engagement risk for ANI’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• ANI’s assets are subject to judgement in relation to their valuation and estimation of useful economic lives;
• the complex nature of evaluating criteria for capitalisation of construction costs; and
• significant government investment in current capital works and higher external interest in activities relating to military shipbuilding.

2024–25 audit results

4.7.21 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ANI.

Key financial balances and areas of financial statements risk

4.7.22 Figure 4.7.4 shows the key financial statements items reported by ANI at the conclusion of the 2024–25 audit, and the key areas of financial statements risk.

Figure 4.7.4: Key financial statements balances

Source: ANI’s 2024–25 financial statements.

4.7.23 Table 4.7.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ANI.

Table 4.7.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ANI’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.7.24 The ANAO issued an unmodified auditor’s report on ANI’s financial statements on 5 September 2025.

CEA Technologies Pty Ltd

4.7.25 CEA Technologies Pty Ltd (CEA Technologies) was prescribed as a Government Business Enterprise on 14 March 2025, following the Australian Government’s acquisition of a majority shareholding of the company.

4.7.26 CEA Technologies designs, develops, manufactures and sustains advanced active electronically scanned array radar systems. The company’s technology is used by the Australian Defence Force and its close allies.

Engagement risk rating

4.7.27 The engagement risk for CEA Technologies’ 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• transition of ownership and governance arrangements, including the new reporting requirements; and
• the nature of the industry within which CEA Technologies operates and its recent growth in its order book.

2024–25 audit results

4.7.28 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to CEA Technologies.

Key financial balances and areas of financial statements risk

4.7.29 Figure 4.7.5 shows the key financial statements balances reported by CEA Technologies at the conclusion of the 2024–25 audit.

Figure 4.7.5: Key financial statements balances

Source: CEA Technologies’ 2024–25 financial statements.

4.7.30 Table 4.7.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of CEA Technologies.

Table 4.7.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and CEA Technologies audited financial statements for the year ended 30 June 2025.

Conclusion

4.7.31 The ANAO issued an unmodified auditor’s report on CEA Technologies financial statements on 30 September 2025.

Future Fund Management Agency

4.7.32 The Future Fund Board of Guardians, supported by the Future Fund Management Agency (together the Future Fund), is responsible for investing the assets of the Future Fund under the Future Fund Act 2006, and other investment funds managed on behalf of the Department of Finance. The investment of the other funds is managed under the DisabilityCare Australia Fund Act 2013; the Medical Research Future Fund Act 2015; the Aboriginal and Torres Strait Islander Land and Sea Future Fund Act 2018; the Future Drought Fund Act 2019; the Disaster Ready Fund Act 2019; and the Housing Australia Future Fund Act 2023 as a means to provide financing sources for substantial future investments in the Australian economy.

Engagement risk rating

4.7.33 The engagement risk for the Future Fund’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• significant judgements required by management to value the investments of the Future Fund for financial reporting purposes, which are subject to estimation uncertainty;
• the significance of the Future Fund’s investment portfolio to the Australian Government’s financial position; and
• the reliance on external parties, particularly the valuation undertaken by the investment custodian.

2024–25 audit results

4.7.34 There were no significant or moderate audit findings arising from the 2024–25 financial statements audit.

Key financial balances and areas of financial statements risk

4.7.35 Figure 4.7.6 shows the key financial statements balances reported by the Future Fund at the conclusion of the 2024–25 audit.

Figure 4.7.6: Key financial statements balances

Source: The Future Fund’s 2024–25 financial statements.

4.7.36 Table 4.7.9 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the Future Fund.

Table 4.7.9: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and the Future Fund’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.7.37 The ANAO issued an unmodified auditor’s report on the financial statements on 30 September 2025.

Comments on non-material entities

Digital Transformation Agency

4.7.38 The Digital Transformation Agency (DTA) provides digital and ICT strategy and policy leadership, investment advice, strategic sourcing and delivery oversight to drive the government’s digital transformation and deliver benefits to all Australians.

2024–25 audit results

4.7.39 At the conclusion of the 2024–25 financial statements audit, the ANAO identified one finding that poses a moderate business risk to DTA. Three minor audit findings were resolved during the year.

4.7.40 During the 2025–26 audit, the ANAO will assess action taken by DTA to address the risk identified.

Audit findings

Table 4.7.10: Status of significant and moderate audit findings raised by the ANAO

New moderate audit finding

Reconciliation of Special Account Transactions

4.7.41 DTA administers the Digital Transformation Special Account which has been established to assist DTA in administering the Whole of Australian Government ICT coordinated procurement contracts.

4.7.42 During the 2024–25 audit the ANAO observed that reconciliations of customer and supplier invoices relating to the special account had identified items that were unmatched dating back several years.

4.7.43 The ANAO recommended that DTA undertake a comprehensive reconciliation of those invoices to clear all outstanding unmatched invoices, and to implement processes to ensure the timely reconciliation of transactions relating to the special account. The ANAO will review DTA’s progress against this audit finding during the 2025–26 audit.

Conclusion

4.7.44 Although the ANAO identified audit findings during the 2024–25, audit additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements. DTA has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by DTA as part of the 2025–26 audit.

4.7.45 The ANAO issued an unmodified auditor’s report on DTA’s financial statements on 21 October 2025.

4.8 Foreign Affairs and Trade portfolio

Portfolio overview

4.8.1 The Foreign Affairs and Trade portfolio is responsible for delivering a global network of embassies and missions and international affairs policy capability to support Australia’s interests and influence abroad. The Portfolio, which is comprised of five entities in addition to the Department of Foreign Affairs and Trade (DFAT), works in partnership across government to promote a stable and prosperous regional and global environment.

4.8.2 Table 4.8.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.8.1: Foreign Affairs and Trade portfolio material and other entities discussed in this chapter

Audit findings

4.8.3 Table 4.8.2 presents a summary of the total number of unresolved findings by entities in the Foreign Affairs and Trade portfolio at the conclusion of the 2024–25 audits.

Table 4.8.2: Unresolved audit findings by entity in the Foreign Affairs and Trade portfolio

Source: ANAO 2024–25 audit results.

4.8.4 Table 4.8.3 presents a summary of the total number of legislative breaches by entities in the Foreign Affairs and Trade portfolio at the conclusion of the 2024–25 audits.

Table 4.8.3: Legislative breaches by entity in Foreign Affairs and Trade portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.8.5 Table 4.8.4 provides a summary of audit differences that relate to entities within the Foreign Affairs and Trade portfolio.

Table 4.8.4: The number of audit differences by entity in the Foreign Affairs and Trade title portfolio

Source: ANAO analysis of audit differences reported to entities in the Foreign Affairs and Trade portfolio.

Department of Foreign Affairs and Trade

4.8.6 The Department of Foreign Affairs and Trade (DFAT) is responsible for the administration of Australia’s foreign, trade, international development and international security policies.

Engagement risk rating

4.8.7 The engagement risk for DFAT’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity of DFAT’s business operations arising from a decentralised control framework;
• the degree of professional judgement and estimation required to determine the fair value of land and buildings recognised in the financial statements; and
• the degree of reliance on third parties for the provision of services associated with the delivery and maintenance of the overseas property portfolio and provision of international development assistance.

2024–25 audit results

4.8.8 At the conclusion of the 2024–25 financial statements audit, one finding that poses a moderate business or financial risk to DFAT remains unresolved.

4.8.9 During the 2025–26 audit, the ANAO will assess action taken by DFAT to address the risk identified.

Audit findings

Table 4.8.5: Status of significant and moderate audit findings raised by the ANAO

Source: ANAO 2024–25 audit results.

Unresolved moderate audit finding

Governance over compliance with corporate policies

4.8.10 DFAT’s operations are highly decentralised, where development and management of corporate policies typically rest with a centralised team, while accountability for the application of the respective corporate policies is dispersed widely across DFAT, including the international post network.

4.8.11 During the 2023–24 audit, the ANAO identified a number of instances of non-compliance with corporate policies across a range of corporate functions, including procurement, human resources, monitoring of gifts and benefits and administration of international development assistance. The breadth, nature and number of instances of non-compliance with corporate policies indicated that there is a systemic breakdown in the control environment within DFAT to effectively monitor compliance with corporate policies and to drive improvements in compliance rates over time. DFAT has taken steps to address the finding by enhancing resourcing, strengthening compliance and assurance activities, and investing in staff capability and financial literacy. Key initiatives include the establishment of two new Procurement and Grants sections, expansion of assurance testing across financial controls, introduction of bi-annual contract management reviews, reinforcement of compliance expectations by the Secretary, and integration of PGPA Act obligations into SES and non-SES performance agreements. DFAT has also delivered targeted briefings to Divisions, overseas posts, and Heads of Mission to strengthen compliance culture and awareness. However, there is still further improvement required.

4.8.12 Consistent or systemic non-compliance with corporate policies could increase the risk of breaches of the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Additionally, non-compliance increase could also indicate an increased exposure to the risk of fraud or undetected errors in financial processes.

4.8.13 While DFAT are actively responding to the finding, the control and assurance environment require further refinement. Embedding reforms, strengthening first and second line controls and ensuring effective governance oversight will be critical to improving compliance culture and assurance effectiveness.

Key financial balances and areas of financial statements risk

4.8.14 Figures 4.8.1 and 4.8.2 shows the key financial statements balances reported by DFAT at the conclusion of the 2024–25 audit.

Figure 4.8.1: Key departmental financial statements balances

Source: DFAT’s 2024–25 financial statements.

Figure 4.8.2: Key administered financial statements balances

Source: DFAT’s 2024–25 financial statements.

4.8.15 Table 4.8.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DFAT.

Table 4.8.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DFAT’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.8.16 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken in order to obtain sufficient and appropriate evidence on the financial statements by undertaking additional audit procedures. DFAT has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by DFAT as part of the 2025–26 audit.

4.8.17 The ANAO issued an unmodified auditor’s report on DFAT’s financial statements on 11 September 2025.

Export Finance and Insurance Corporation (Export Finance Australia)

4.8.18 Export Finance Australia (EFA) provides financing solutions for Australian exporters and interests, including overseas infrastructure development that delivers benefits to Australia.

Engagement risk rating

4.8.19 The engagement risk for EFA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• impairment of loans and receivables;
• valuation and classification of financial instruments; and
• recognition of interest income.

2024–25 audit results

4.8.20 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to EFA.

Key financial balances and areas of financial statements risk

4.8.21 Figure 4.8.3 shows the key financial statements items reported by EFA at the conclusion of the 2024–25 audit.

Figure 4.8.3: Key financial statements balances

Source: EFA’s 2024–25 financial statements.

4.8.22 Table 4.8.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of EFA.

Table 4.8.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and EFA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.8.23 The ANAO issued an unmodified auditor’s report on EFA’s financial statements on 28 August 2025.

Comments on non-material entities

Australian Centre for International Agricultural Research

4.8.24 The Australian Centre for International Agricultural Research (ACIAR) supports Australia’s national interests by investing in collaborative research and capacity-building partnerships to increase global food security and improve the livelihoods and resilience of smallholder farming, fishing and forestry communities in the Indo-Pacific.

2024–25 audit results

4.8.25 At the conclusion of the 2024–25 financial statements audit, the ANAO identified one significant legislative breach and one finding that poses a minor business or financial risk to ACIAR.

Audit findings

Table 4.8.8: Status of significant and moderate audit findings raised by the ANAO

4.8.26 For the finding listed below, the ANAO undertook additional audit procedures to gain assurance that the entity’s 2024–25 financial statements were not materially misstated.

New significant legislative breach

Potential breaches of section 83 of the Constitution

4.8.27 Section 83 of the Australian Constitution states that money cannot be withdrawn from the Consolidated Revenue Fund (CRF) except under an appropriation made by law. During 2024–25 potential breaches of section 83 of the Constitution were identified. These potential breaches related to departmental and administered employee entitlements being misclassified and the incorrect funding being used for associated payments.

4.8.28 These potential breaches result in the misclassification of expenditure between departmental and administered, increased risk of financial reporting misstatement, potential for undetected misstatements and potential breaches of section 83 of the Constitution.

4.8.29 The ANAO recommended that ACIAR:

• develop Standard Operating Procedures (SOPs) for the correct accounting treatment, supplemented by staff training to reinforce requirements;
• implement a review process and approval of all staff reclassifications as well as annual CFO review and re-endorsement of the treatment to ensure it remains current and appropriate; and
• correct the identified transactions and confirm the appropriateness of treatment for all current staff.

Conclusion

4.8.30 The ANAO issued an unmodified auditor’s report on the Australian Centre for International Agricultural Research’s financial statements on 24 October 2025.

4.9 Health, Disability and Ageing portfolio

Portfolio overview

4.9.1 The Health, Disability and Ageing portfolio works towards achieving better health and wellbeing for all Australians, now and for future generations.

4.9.2 Table 4.9.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.9.1: Health, Disability and Ageing Care portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.9.3 Table 4.9.2 presents a summary of the total number of unresolved findings by entities in the Health, Disability and Ageing portfolio at the conclusion of the 2024–25 audits.

Table 4.9.2: Unresolved audit findings by entity in the Health, Disability and Ageing Care portfolio

Source: ANAO 2024–25 audit results.

4.9.4 Table 4.9.3 presents a summary of the total number of legislative breaches by entities in the Health, Disability and Ageing portfolio at the conclusion of the 2024–25 audits.

Table 4.9.3: Legislative breaches by entity in the Health, Disability and Ageing portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.9.5 Table 4.9.4 presents a summary of audit differences that relate to entities within the Health, Disability and Ageing portfolio.

Table 4.9.4: The number of audit differences by entity in the Health, Disability and Ageing portfolio

Source: ANAO analysis of audit differences reported to entities in the Health, Disability and Ageing portfolio.

Department of Health, Disability and Ageing

4.9.6 The Department of Health, Disability and Ageing (Health) is responsible for achieving the Australian Government’s health, disability, and ageing policy priorities through evidence-based policy, program administration, research, regulatory activities, and partnerships with other government entities, consumers and stakeholders.

Engagement risk rating

4.9.7 The engagement risk for Health’s 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• the complexity of the environment in which the department operates, with a public health system jointly administered by the Australian Government, and state and territory governments;
• the broad range and complex environment in which health and aged care is regulated;
• the diversity and complexity of programs administered by the department; and
• the high number of enterprise level risks that have implications on the financial statements.

2024–25 audit results

4.9.8 At the conclusion of the 2024-25 financial statements audit, the ANAO identified one significant legislative breach and two findings that pose moderate business or financial risks to Health. One significant finding, and three moderate findings were resolved during the period. Five new minor findings were identified during the period, and six minor findings remain unresolved.

4.9.9 During the 2025–26 audit, the ANAO will assess action taken by Health to address the risks identified.

Audit findings

Table 4.9.5: Status of significant and moderate audit findings raised by the ANAO

Note a: One moderate audit finding was reassessed to a minor audit finding at the conclusion of the 2024–25 audit.

Source: ANAO 2024–25 audit results.

New significant legislative breach

Legislative non-compliance and governance risks in program payments

4.9.10 Health has primary responsibility for administering legislation relating to health care. In 2024–25, payments totalling approximately $95.8 billion were authorised against special appropriations, including special accounts. A significant portion of these payments are administered on the department’s behalf by Services Australia.

4.9.11 Section 83 of the Australian Constitution states that money cannot be withdrawn from the Consolidated Revenue Fund (CRF) except under an appropriation made by law. During 2024–25 Health identified and disclosed a number of section 83 breaches of the Constitution. These matters highlight ongoing compliance challenges given the complexity, volume, and scale of its responsibilities. The following significant matters of non-compliance were reported:

• Aged care subsidies and fees – quarterly review process: The retrospective review undertaken by Services Australia to validate recipients’ maximum entitlement for aged care subsidies was found to be inconsistent with provisions of the Aged Care Act 1997.
• Home care – crediting of unspent funds: Services Australia systems currently credit home care accounts with unspent funds after 70 days when recipients transfer between providers. There is no legal authority to credit funds within 1–56 days of transfer, which in some cases has led to overpayments.
• Supply of Complex Authority Required (CAR) drugs: Some CAR medicines under the National Health (Highly Specialised Drugs Program) Special Arrangement 2021 were prescribed and claimed with increased quantities or repeats above the legislated maximum under the PBS.
• Exemption process for Authority Required prescriptions: Exemptions have been granted over a number of years to PBS Authority Required restrictions contrary to the National Health Act 1953.
• Private health insurance rebates: Payments made to insurers under the Private Health Insurance Act 2007 may in certain circumstances result in breaches of section 83. These issues demonstrate a heightened risk of non-compliance with legislative requirements and the Constitution.

4.9.12 These breaches demonstrate that the department’s processes for administering large and complex payment arrangements remain exposed to a higher risk of non-compliance with legislative requirements. The size, scale, and complexity of Health’s responsibilities increase the likelihood of further breaches occurring if control weaknesses are not addressed. The continued existence of unresolved and recurring matters indicates that without timely and effective remediation, there is an ongoing risk of significant non-compliance with section 83 of the Constitution and related legislative provisions, which could undermine the integrity of financial reporting and public confidence in program administration.

New moderate audit finding

Inventory Management System IT General Controls – Privileged User Monitoring

4.9.13 The Inventory Management System is used for financial and operational management of the National Medical Stockpile. Information from the Inventory Management System is used to inform decision making in response to national health emergencies. The IT general controls support the effective operation of information processing controls and other IT dependencies within an IT system. These include processes to manage security and changes to programs and data. Such controls address the risks of: users bypassing system enforced controls, privileged users making direct changes to underlying data, and incorrect or inappropriate changes being made to programs or configurations. The department utilises privileged user accounts to perform administrative functions in the Inventory Management System, including both platform support and development of changes to the system.

4.9.14 The ANAO identified deficiencies in controls relating to privileged user logging as the department does not perform any monitoring over privileged user activities in the Inventory Management System. While audit logging is enabled on system events, no risk assessment is performed to identify a scope of high-risk privileged user activities that should be reviewed by an appropriate, independent reviewer to ensure such activities were done in accordance with an appropriate business case.

4.9.15 There is an increased likelihood that the risk of privileged users of the Inventory Management System making direct changes to underlying data, and incorrect or inappropriate changes being made to programs or configurations is not mitigated by the department’s control activities. This reduces the department’s ability to rely on the Inventory Management System to produce complete and accurate data to support the financial and operational management of the National Medical Stockpile, and for financial reporting.

Unresolved moderate audit finding

Network Terminations

4.9.16 User access management is fundamental to the effective operation of the Department’s IT systems, such as SAP and Inventory Management System (IMS). Revoking user access to a system in a timely manner is necessary to ensure that all access to IT systems, financially sensitive or otherwise is authorised in accordance with the Information Security Manual (ISM). Additionally, the ISM requires a secure record is maintained for the life of each system, including when user access was withdrawn.

4.9.17 The ANAO identified deficiencies in controls relating to post-termination activity monitoring. The department does not monitor post termination activity or conduct reviews to ensure that users who have had their access revoked in an untimely manner following their employment cessation have not performed any inappropriate activities using their unauthorised access following their termination date.

4.9.18 The ANAO recommended that the department:

• implement an effective post termination monitoring process that identifies post termination access, investigates users’ activities and rectifies/mitigates the associated risk with these activities; and
• incorporate in-scope activities in IMS in the post-termination activity monitoring control as informed by an appropriate risk assessment over Inventory Management System end-user functions;
• document these processes perform them consistently, and including a reporting mechanism so that management is aware of any risks identified.

Resolved significant audit finding

Legal Conformance

4.9.19 During the 2023–24 audit, the ANAO reviewed the risk assessments performed by the department over its Administered legislation. The department did not have a centralised process to assess whether the risk assessments were consistently undertaken.

4.9.20 The ANAO was advised that program areas are responsible for undertaking the risk assessment for their administered legislation in accordance with the department’s risk management framework. The program areas rated their legislation in different ways. Legislation which results in section 83 breaches was not assessed as high risk, despite known legislative compliance issues.

4.9.21 Legislation which has given rise to potential non-compliance identified during the 2023–24 financial year has not been assessed as high risk and therefore Health has not undertaken further work to ensure payments to recipients are compliant with legislative requirements.

4.9.22 The ANAO has reviewed the supporting evidence and associated risk assessments and is satisfied that the previously raised issue is now resolved. The department has implemented a consistent risk assessment process and established a working group, supported by a draft charter/framework, to oversee legal matters. The supporting evidence demonstrates that recommended remediation actions, including the collation of higher-risk programs and issues, have been completed. While this issue is now closed, the ANAO has identified additional matters, which have resulted in a new finding.

Resolved moderate audit findings

Asset Management

4.9.23 An internal review conducted by Health during 2023–24 identified issues relating to the classification of capital and operating expenses allocated within several internally developed Work In Progress projects. The review identified incorrectly capitalised assets and incorrect depreciation charges. In addition, the ANAO identified weaknesses around Health’s asset impairment and asset valuation processes

4.9.24 Health has addressed the majority of the recommendations associated with this finding, with the recommendation relating to the impairment assessment of departmental non-financial assets, remaining open at the conclusion of the 2024–25 audit. As a result of Health’s progress this finding has been reassessed to a minor audit finding. We continue to recommend Health ensure that impairment assessments are fully documented and supported by reconciliation workpapers to enable closure of this recommendation.

Inventory Management

4.9.25 The department had advised the ANAO during the 2023–24 audit that it had identified two prior period errors affecting the inventory balance. This was due to a failure of the department’s processes to detect the errors raises concerns about the effectiveness of the department’s internal control. Issues were also identified with the reconciliation of the department’s inventory balances.

4.9.26 At the completion of the 2024–25 audit, no further issues were noted with the reconciliation of inventory balances. The ANAO attended a stocktake and observed that the procedures were conducted in line with the updated stocktake guidance. Management has not reported, and the ANAO has not identified, any errors in relation to inventory balances for 2024–25.

Compliance activities over Pharmaceutical Benefits Scheme advanced payments

4.9.27 During the 2023–24 final audit, Health identified $1.8 billion in advance payments which should have been recorded as a statutory receivable. The receivable related to payments made to suppliers which had not been certified within 65 days as required by the National Health Act 1953.

4.9.28 During 2024–25 Health undertook an assessment of the recoverability of the receivable and concluded that the entire balance was impaired.

4.9.29 The ANAO reviewed further documentation provided by the department that assesses the possibility of the existence of contingent asset and concludes that the arrangements do not result in a disclosable contingent asset.

4.9.30 The ANAO has been advised that Services Australia, in consultation with Health, will adopt a process whereby, if the Chief Executive Medicare (CEM) assesses a claim and determines that the payment amount is less than the advance provided, the difference will be offset against a future payment to the approved supplier. The ANAO considers this finding as resolved and will reassess ongoing progress against the backlog of claims, including the formalisation of offsetting of claims on future payments, as part of the 2025–26 financial statements audit.

Key financial balances and areas of financial statements risk

4.9.31 Figures 4.9.1 and 4.9.2 shows the key financial statements balances reported by Health at the conclusion of the 2024–25 audit.

Figure 4.9.1: Key departmental financial statements balances

Source: Health’s audited financial statements for the year ended 30 June 2025.

Figure 4.9.2: Key administered financial statements balances

Source: Health’s audited financial statements for the year ended 30 June 2025.

4.9.32 Table 4.9.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Health.

Table 4.9.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Health’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.9.33 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements by undertaking additional audit procedures. Health has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by the entity as part of the 2025–26 audit.

4.9.34 The ANAO issued an unmodified auditor’s report on Health’s financial statements on 23 September 2025.

National Blood Authority

4.9.35 The National Blood Authority (NBA) is responsible for securing the supply of safe and affordable blood products, including through national supply arrangements and coordination of best practice standards within agreed funding policies under the national blood arrangements.

Engagement risk rating

4.9.36 The engagement risk for the 2024–25 financial statements has been assessed as low. Key factors contributing to this rating include:

• the size and level of complexity of the NBA’s operations;
• the NBA has effective entity level controls and effective transactional controls over key processes; and
• there were no significant changes to the NBA’s operations, processes, or key personnel from the prior year.

2024–25 audit results

4.9.37 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NBA. Two minor findings were resolved, and two minor findings remain unresolved.

Key financial balances and areas of financial statements risk

4.9.38 Figure 4.9.3 and 4.9.4 shows the key financial statements items reported by NBA at the conclusion of the 2024–25 audit.

Figure 4.9.3: Key departmental financial statements balances

Source: NBA’s 2024–25 financial statements.

Figure 4.9.4: Key administered financial statements balances

Source: NBA’s 2024–25 financial statements.

4.9.39 Table 4.9.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NBA.

Table 4.9.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NBA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.9.40 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken in order to obtain sufficient and appropriate evidence on the financial statements by undertaking additional audit procedures. NBA has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by NBA as part of the 2025–26 audit.

4.9.41 The ANAO issued an unmodified auditor’s report on NBA’s financial statements on 29 September 2025.

National Health and Medical Research Council

4.9.42 The National Health and Medical Research Council (NHMRC) is the Australian Government’s key entity for managing investment in, and integrity of, health and medical research. The NHMRC is also responsible for developing health advice for the Australian community, health professionals and governments, and for providing advice on ethical practice in health care and in the conduct of health and medical research.

Engagement risk rating

4.9.43 The engagement risk for the 2024–25 financial statements has been assessed as low. Key factors contributing to this rating include:

• a mature system of internal control, management oversight, and quality review procedures to support the preparation of the financial statements; and
• no findings carried over from the prior year audit.

2024–25 audit results

4.9.44 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NHMRC.

Key financial balances and areas of financial statements risk

4.9.45 Figures 4.9.5 and 4.9.6 shows the key financial statements items reported by NHMRC at the conclusion of the 2024–25 audit.

Figure 4.9.5: Key departmental financial statements balances

Source: NHMRC’s 2024–25 financial statements.

Figure 4.9.6: Key administered financial statements balances

Source: NHMRC’s 2024–25 financial statements.

4.9.46 Table 4.9.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NHMRC.

Table 4.9.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NHMRC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.9.47 The ANAO issued an unmodified auditor’s report on the NHMRC’s financial statements on 28 August 2025.

Australian Hearing Services

4.9.48 Australian Hearing Services (AHS) is a corporate Commonwealth entity established under the Australian Hearing Services Act 1991. AHS is responsible for the provision of research and hearing services through a network of 185 hearing centres and 248 visiting sites (as at 30 June 2025). Services provided include subsidised hearing services to eligible clients under the Australian Government’s Hearing Services Program.

Engagement risk rating

4.9.49 The engagement risk for the 2024–25 financial statements has been assessed as moderate. Key factors contributing to the moderate rating include:

• ongoing weaknesses identified with the prior year implementation of AHS’ customised ERP software, which impacted revenue, debtor balances and inventory and necessitated a substantive audit approach for 2024–25;
• completeness and accuracy of transaction data within the ERP primarily due to the configuration of automated business controls; and
• limited IT general control or application controls could be relied on due to weaknesses arising from the ERP implementation.

2024–25 audit results

4.9.50 At the conclusion of the 2024–25 financial statements audit, the ANAO identified one finding that poses a moderate business or financial risk to AHS. One moderate finding has been resolved.

Audit findings

Table 4.9.9: Status of significant and moderate audit findings raised by the ANAO

Source: ANAO 2024–25 audit results.

4.9.51 For each of the findings listed below, the ANAO undertook additional audit procedures to gain assurance that AHS’s 2024–25 financial statements were not materially misstated.

Unresolved moderate audit finding

General IT controls – improvements required in the monitoring of user access, system changes and system incidents areas

4.9.52 The independent review of AHS’s Enterprise Resource Planning (ERP) implementation identified weaknesses in IT general controls, particularly in relation to user access management and change control processes. While improvements were implemented during 2024–25, the control environment was not operational for the full financial year. As a result, the ANAO was unable to place reliance on IT general controls for the 2024–25 financial statements audit.

4.9.53 An internal audit of IT controls was undertaken by AHS in May and June 2025. Based on the results of initial testing, the ANAO intends to place reliance on IT general controls for the 2025–26 financial statements audit, subject to confirmation of their operating effectiveness.

4.9.54 The audit finding remains open until the ANAO is able to confirm the operating effectiveness of IT general controls supporting the preparation of the financial statements for the 2025–26 financial year.

Resolved moderate audit finding

Issues identified with the design and implementation of Microsoft Dynamics, following the ‘Go Live’ on 1 July 2023

4.9.55 AHS implemented a new ERP system, Microsoft Dynamics, on 1 July 2023. Following the ‘go live’, AHS experienced significant challenges in processing transactional data, particularly in relation to revenue recognition, inventory balances and goods and services expenses. These issues resulted in inaccuracies in financial reporting during 2023–24, which were identified through AHS’s internal monthly financial reporting processes. To ensure completeness and accuracy of financial records, AHS processed a number of material adjustments to balance sheet accounts as at 30 June 2024, including work-in-progress, debtors and inventory.

4.9.56 In response to the issues identified, AHS commissioned an independent review of the ERP implementation and developed an ERP improvement plan. The ANAO incorporated targeted audit procedures to assess the integrity of data supporting the financial statements, with a focus on work-in-progress, debtors and inventory balances as at 30 June 2025.

4.9.57 Based on the results of year-end audit testing, the ANAO has concluded that the prior year finding relating to ERP implementation has been satisfactorily resolved.

Key financial balances and areas of financial statements risk

4.9.58 Figure 4.9.7 shows the key financial statements items reported by AHS at the conclusion of the 2024–25 audit.

Figure 4.9.7: Key financial statements balances

Source: AHS’s 2024–25 financial statements.

4.9.59 Table 4.9.10 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of AHS.

Table 4.9.10: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and AHS’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.9.60 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements. AHS has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by AHS as part of the 2025–26 audit.

4.9.61 The ANAO issued an unmodified auditor’s report on the AHS’s financial statements on 14 August 2025.

National Disability Insurance Agency

4.9.62 The National Disability Insurance Agency (NDIA) is part of the Health, Disability and Ageing portfolio. It was established under the National Disability Insurance Scheme Act 2013. The NDIA has responsibility for delivering the National Disability Insurance Scheme (the Scheme or NDIS). The Scheme is designed to support individuals with significant and permanent disability (participants) to be more independent and engage socially and economically by providing reasonable and necessary disability related supports.

Engagement risk rating

4.9.63 The engagement risk for the 2024–25 financial statements has been assessed as high. Key factors contributing to the high rating include:

• the number and quantum of key areas of financial statements risk that were the focus of the audit;
• level of external scrutiny of the Scheme;
• recent amendments to the NDIS Act and associated rules; and
• the complex decision-making required in the operation of the Scheme, which is supported by a complex and partially outsourced IT environment.

2024–25 audit results

4.9.64 At the conclusion of the 2024–25 financial statements audit, three moderate findings and five minor findings remain unresolved. Two moderate findings were reassessed to minor findings during the year, and three minor findings were resolved.

Audit findings

Table 4.9.11: Status of significant and moderate audit findings raised by the ANAO

Note a: Two moderate audit findings were reassessed to minor audit findings during the 2024–25 audit.

Source: ANAO 2024–25 audit results.

Unresolved moderate audit findings

Privileged user access monitoring — SAP CRM

4.9.65 The NDIA utilises Services Australia as its infrastructure provider for the SAP CRM IT system. SAP CRM is used for essential business functions such as payment delivery. Maintaining and supporting IT systems requires some user accounts to have extensive access rights (privileged access). Privileged user accounts have the potential to modify system configurations or controls and perform inappropriate or fraudulent activities with a financial impact.

4.9.66 The ANAO identified weaknesses in the effectiveness of Services Australia’s logging and monitoring of privileged user activities. The ANAO recommended that the NDIA assess the risk of existing processes, and document and implement processes to address the identified control weakness.

4.9.67 During the final audit phase, the ANAO identified weaknesses in the risk assessment provided by the NDIA. The ANAO will continue to review the NDIA’s progress in addressing the finding as part of the 2025–26 financial statements audit.

Privileged user activity monitoring — PACE

4.9.68 During the interim phase of the 2022–23 audit, the ANAO found that the NDIA did not have a formal process to review privileged user activity in the PACE system. The ANAO recommended that the NDIA should assess whether the real-time alert system meets the underlying business risks relating to privileged user access and implement a formal process to document the outcomes of alerts raised.

4.9.69 During the 2023–24 audit, the NDIA advised the ANAO that it had remediated this weakness by implementing a formal monitoring process over privileged user activity. During testing of the new process, the ANAO identified that the review did not include activity by all privileged users; the appropriateness of each activity performed; and there was no evidence of management oversight of the review.

4.9.70 During the final audit phase of the 2024–25 audit, the ANAO identified weaknesses in the design and implementation of the new process. The ANAO will review this monitoring control during the 2025–26 financial statements audit.

Timeliness of IT user terminations

4.9.71 During the 2020–21 audit, the ANAO’s testing of user access found weaknesses in user access terminations processes. User accounts should be removed upon termination date as they no longer have a legitimate requirement to access the NDIA’s network.

4.9.72 The NDIA moved to a new ICT operating environment and created a new process to address this finding during 2022–23, however there were weaknesses with the reporting used to detect potentially inappropriate activity.

4.9.73 During the 2023–24 audit, the NDIA advised the ANAO that it had remediated the weaknesses previously identified with reporting. The ANAO identified that this process did not cover SAP CRM activities, and that the NDIA did not have formal change management processes to manage the code used to detect post-termination activity. The absence of change management process limits the NDIA’s ability to assure itself that the code being used has been approved, tested, is fit for purpose, and has not been inappropriately modified.

4.9.74 During the 2024–25 final audit phase, the ANAO reviewed the NDIA’s revised processes and assessed them to be effectively designed. The ANAO’s testing over the implementation of the revised process was unable to be completed during the 2024–25 final phase due to delays in the provision of requested supporting documentation. The NDIA’s progress in addressing the finding will be assessed by the ANAO as part of the 2025–26 financial statements audit.

Resolved moderate audit finding

Governance of legal matters and legal advice

4.9.75 In 2022–23, the NDIA received advice on the operation of the NDIS Act in relation to debt management processes. During 2023–24, the ANAO identified weaknesses in the financial statements preparation processes with respect to the consideration of this advice, including the immaturity of systems and processes for determining the financial statements impact of the legal advice, and weaknesses in quality assurance processes over data extracted for related financial statements disclosures.

4.9.76 In line with the ANAO’s recommendation, the NDIA has strengthened its documentation and reporting of legal risks and other legal matters to NDIA management and those charged with governance. As at 30 June 2025, the NDIA was nearing the finalisation of its review and remediation of historical scheme debts. On this basis, the finding was reassessed to a minor audit finding. The ANAO will assess NDIA’s progress in addressing the remaining elements of this finding as part of the 2025–26 financial statements audit.

Key financial balances and areas of financial statements risk

4.9.77 Figure 4.9.8 shows the key financial statements items reported by NDIA at the conclusion of the 2024–25 audit.

Figure 4.9.8: Key financial statements balances

Source: NDIA’s 2024–25 financial statements.

4.9.78 Table 4.9.12 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NDIA.

Table 4.9.12: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NDIA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.9.79 Although the ANAO did not identify any new audit findings during the 2024–25 audit, additional audit procedures were undertaken over the unresolved audit findings in order to obtain sufficient and appropriate evidence on the financial statements. The NDIA has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by the entity as part of the 2025–26 audit.

4.9.80 The ANAO issued an unmodified auditor’s report on the financial statements on 22 September 2025.

4.10 Home Affairs portfolio

Portfolio overview

4.10.1 The Home Affairs portfolio comprises a range of national security and national resilience functions including managing Australia’s migration program; cyber security policy and protection of critical infrastructure; countering terrorism and foreign interference; law enforcement policy and operations; emergency management and disaster preparedness, response and recovery; border protection and the facilitation of legitimate trade and travel.

4.10.2 Table 4.10.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.10.1: Home Affairs portfolio material and other entities discussed in this chapter

Audit findings

4.10.3 Table 4.10.2 presents a summary of the total number of unresolved findings by entities in the Home Affairs portfolio at the conclusion of the 2024– 25 audits.

Table 4.10.2: Unresolved audit findings by entity in the Home Affairs portfolio

Source: ANAO 2024–25 audit results.

4.10.4 Table 4.10.3 presents a summary of the total number of legislative breaches by entities in the Home Affairs portfolio at the conclusion of the 2024–25 audits.

Table 4.10.3: Legislative breaches by entity in the Home Affairs portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.10.5 Table 4.10.4 provides a summary of audit differences that relate to entities within the Home Affairs portfolio.

Table 4.10.4: The number of audit differences by entity in the Home Affairs portfolio

Source: ANAO analysis of audit differences reported to entities in Home Affairs portfolio.

Department of Home Affairs

4.10.6 The Department of Home Affairs (Home Affairs) coordinates policy and operations for Australia’s national and transport security, cyber security, immigration, border security, multicultural affairs, counterterrorism and customs-related functions.

Engagement risk rating

4.10.7 The engagement risk for Home Affairs’ 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• the nature of Home Affairs’ geographically dispersed operating environment, including the management of people and goods across Australia’s borders;
• the management of high value contracts and payments for service delivery, including detention centres and regional processing centres, and the development and construction of IT and other assets; and
• the high value of customs revenue collected, and the reliance on IT systems in the collection of revenue, and management of programs.

2024–25 audit results

4.10.8 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Home Affairs. One instance of non-compliance with subordinate legislation was identified, one moderate audit finding was resolved, and two minor audit findings were resolved.

Audit findings

Table 4.10.5: Status of significant and moderate audit findings raised by the ANAO

Resolved moderate audit finding

Management of non-financial assets

4.10.9 Home Affairs’ non-financial assets are geographically dispersed across Australia and overseas and consist of land, buildings, leasehold improvements, vessels and plant and equipment and are core to operational delivery. Home Affairs undertook a revaluation of these assets during 2023–24 which resulted in significant uplifts in the fair value of both departmental and administered asset values ($162.6 million and $277.7 million respectively). A substantial component of the valuation increments was driven by revised assumptions regarding the useful lives of assets, including assets that had been fully depreciated prior to the time of the valuation.

4.10.10 As a result of this analysis in 2024–25, the ANAO identified Home Affairs’ asset register may not be reflective of the operational considerations of the asset custodians. There is an increased risk that this will lead to erroneous information being relied on for the purposes of desktop and risk-based asset valuation and review processes.

4.10.11 Home Affairs has updated its asset accounting policies and implemented a range of improvements to its asset management and validation processes. This has been supported by additional training through the stocktake and fit-for-purpose review processes. In addition, Home Affairs sought additional advice from its valuers as part of the 2024–25 asset materiality review including inspections of assets in Nauru and additional advice on valuation implications where changes to asset lives were identified through the stocktake process.

4.10.12 In 2024–25 the ANAO reviewed Home Affairs’ remediation work over this finding, reviewed the appropriateness of key judgements used in the calculation of the non-financial asset fair value, including testing management’s assessment of the appropriateness of all assumptions, inputs and the work of valuation specialist, and concluded that as a result of the actions taken, the finding was closed.

Key financial balances and areas of financial statements risk

4.10.13 Figures 4.10.1 and 4.10.2 shows the key financial statements balances reported by Home Affairs at 30 June 2025.

Figure 4.10.1: Key departmental financial statements balances

Source: Home Affairs’ 2024–25 financial statements.

Figure 4.10.2: Key administered financial statements balances

Source: Home Affairs’ 2024–25 financial statements

4.10.14 Table 4.10.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Home Affairs.

Table 4.10.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Home Affairs’ audited financial statements for the year ended 30 June 2025.

Conclusion

4.10.15 The ANAO issued an unmodified auditor’s report on Home Affairs’ financial statements on 17 September 2025.

Australian Federal Police

4.10.16 The Australian Federal Police (AFP) is responsible for the provision of police services in relation to laws of the Commonwealth, the provision of policing services to the Australian Capital Territory and external territories, combatting transnational serious organised crime and terrorism, disrupting crime offshore, supporting regional security, and protecting Australian interests and assets.

Engagement risk rating

4.10.17 The engagement risk for AFP’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the AFP is subject of a high degree of scrutiny and a high degree of operational risk due to the nature of its powers and operations;
• the high level of decentralisation including operations and presences throughout Australia and at overseas posts; and
• the number of significant and complex financial statements line items. These include: a large and disbursed land and buildings portfolio; a diverse portfolio of assets requiring specialist valuation; and a provision for underpayment of superannuation which requires significant judgement to calculate.

2024–25 audit results

4.10.18 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to AFP. One minor audit finding was resolved.

Key financial balances and areas of financial statements risk

4.10.19 Figures 4.10.3 and 4.10.4 shows the key financial statements balances reported by AFP at 30 June 2025.

Figure 4.10.3: Key departmental financial statements balances

Source: AFP’s 2024–25 financial statements.

Figure 4.10.4: Key administered financial statements balances

Source: AFP’s 2024–25 financial statements.

4.10.20 Table 4.10.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of AFP.

Table 4.10.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and AFP’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.10.21 The ANAO issued an unmodified auditor’s report on AFP’s financial statements on 15 September 2025.

Australian Security Intelligence Organisation

4.10.22 The Australian Security Intelligence Organisation (ASIO) is responsible for protecting Australia, its people and its interests from threats to security through intelligence collection, assessment and advice to the government.

Engagement risk rating

4.10.23 The engagement risk for ASIO’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the compartmentalised and sensitive nature of ASIO’s business; and
• ASIO’s application of a modified financial reporting framework in the preparation of the financial statements in accordance with section 105D of the PGPA Act.

2024–25 audit results

4.10.24 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ASIO.

Key financial balances and areas of financial statements risk

4.10.25 Figure 4.10.5 shows the key financial statements items reported by ASIO at 30 June 2025.

Figure 4.10.5: Key financial statements balances

Source: ASIO’S 2024–25 financial statements.

4.10.26 Table 4.10.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ASIO.

Table 4.10.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ASIO’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.10.27 The ANAO issued an unmodified auditor’s report on ASIO’s financial statements on 13 August 2025.

Comments on non-material entities

Australian Transaction Reports and Analysis Centre

4.10.28 The Australian Transaction Reports and Analysis Centre (AUSTRAC) is Australia’s financial intelligence unit and anti-money laundering/counter-terrorism financing regulator. AUSTRAC aims to build resilience in the financial system by using financial intelligence and regulation to disrupt money laundering, terrorism financing, and serious crime.

2024–25 audit results

4.10.29 At the conclusion of the 2024–25 financial statements audit, one significant legislative breach was resolved, two minor audit findings were identified, and one minor audit finding was unresolved.

Audit findings

Table 4.10.9: Status of significant and moderate audit findings raised by the ANAO

Resolved significant legislative breach

Instance of significant non-compliance with legislation that AUSTRAC is responsible for administering

4.10.30 AUSTRAC identified an error in the methodology used to calculate levies payable to AUSTRAC under the Australian Transaction Reports and Analysis Centre Industry Contribution Act 2011 (Industry Contribution Act). This led to the over and under collection of levies under the Industry Contribution Act for the financial years 2014–15 to 2022–23.

4.10.31 The ANAO recommended AUSTRAC notify the Finance Minister of the error, disclose the error to affected entities from which the levy was collected, estimate the amounts that may be payable by AUSTRAC in relation to the over-collection of levies, and to recognise that liability in AUSTRAC’s financial statements.

4.10.32 At the conclusion of the 2024–25 audit, AUSTRAC had developed and commenced a remediation plan, including the recognition of a provision for the full expected liability in its financial statements. The ANAO reviewed AUSTRAC’s progress in addressing the risks identified, including the development of a remediation plan, action taken to correct the collection of levies, and AUSTRAC electing to actively remediate the issue and adopt a policy position that protects the rights of affected entities without limitation.

4.10.33 AUSTRAC has undertaken the necessary actions in response to this matter. The ANAO considers that AUSTRAC has addressed the risks identified and the audit finding is resolved.

Conclusion

4.10.34 The ANAO issued an unmodified auditor’s report on AUSTRAC’s financial statements on 23 September 2025.

4.11 Industry, Science and Resources portfolio

Portfolio overview

4.11.1 The Industry, Science and Resources portfolio is responsible for contributing to a productive, resilient, and sustainable economy through science and technology. It does this by encouraging the development of innovative and competitive business, industries and regions, investing in science and technology and supporting the resources sector.²⁸

4.11.2 Table 4.11.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.11.1: Industry, Science and Resources portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.11.3 Table 4.11.2 presents a summary of the total number of unresolved findings by entities in the Industry, Science and Resources portfolio at the conclusion of the 2024–25 audits.

Table 4.11.2: Unresolved audit findings by entity in the Industry, Science and Resources portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.11.4 Table 4.11.3 provides a summary of audit differences that relate to entities within the Industry, Science and Resources portfolio.

Table 4.11.3: The number of audit differences by entity in the Industry, Science and Resources portfolio

Source: ANAO analysis of audit differences reported to entities in Industry, Science and Resources portfolio.

Department of Industry, Science and Resources

4.11.5 The Department of Industry, Science and Resources (Industry) is responsible for supporting a productive, resilient, and sustainable economy that is enriched by science and technology. It does this by growing innovative and competitive businesses, industries and regions, and supporting a strong resources sector. Industry also operates the Business Grants Hub which helps a range of Australian Government agencies design and deliver grants programs.

Engagement risk rating

4.11.6 The engagement risk for Industry’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the size and complexity of Industry’s operations;
• a mature reporting function, internal control environment and governance arrangements; and
• the complexity of financial statements line items such as the Ranger Rehabilitation and the Northern Endeavour Decommissioning provisions that are subject to management judgement and involve estimation uncertainty.

2024–25 audit results

4.11.7 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Industry. One moderate audit finding was reassessed to a minor finding, and two minor findings were resolved in 2024–25.

4.11.8 During the 2025–26 audit, the ANAO will assess action taken by Industry to address the risks identified.

Audit findings

Table 4.11.4: Status of significant and moderate audit findings raised by the ANAO

Note a: One moderate audit finding was reassessed to a minor audit finding during 2024–25.

Resolved moderate audit finding

Management of Work-in-Progress (WIP)

4.11.9 During the 2023–24 audit, the ANAO identified weaknesses in Industry’s management of work in progress, including the incorrect recognition of items as capital in nature, with some but not all items, detected by Industry’s review processes and subsequently corrected prior to the review by audit. Areas of judgement included limited documentation to reconcile the timesheets and invoices capitalised for contractor time on IT projects and potential delays of transferring projects from ‘in progress’ to ‘in use’.

4.11.10 During 2024–25, Industry, with the support of additional contractor and consultant effort, undertook a program of work to address this finding. Industry identified that the 2023–24 assets and expense balances were materially incorrect, and this had prior year implications. Material prior year adjustments were made to the WIP asset balances.

4.11.11 Several new controls have been established by Industry, including monthly reviews. These controls are expected to be embedded and mature in operating effectiveness in 2025–26, including through demonstration of timely and accurate adjustments throughout the financial year, not only at year-end.

4.11.12 Based on the additional remedial work undertaken by Industry, the ANAO is satisfied that the matters raised at the 2023–24 audit have addressed the moderate risk level finding. The ANAO has reassessed the rating to a minor finding and will include the management of work-in-progress as an area of focus as part of the 2025–26 audit.

Key financial balances and areas of financial statements risk

4.11.13 Figures 4.11.1 and 4.11.2 shows the key financial statements balances reported by Industry at 30 June 2025.

Figure 4.11.1: Key departmental financial statements balances

Source: Industry’s 2024–25 financial statements.

Figure 4.11.2: Key administered financial statements balances

Source: Industry’s 2024–25 financial statements.

4.11.14 Table 4.11.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Industry.

Table 4.11.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Industry’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.11.15 The ANAO issued an unmodified auditor’s report on Industry’s financial statements on 24 September 2025.

Australian Nuclear Science and Technology Organisation

4.11.16 The Australian Nuclear Science and Technology Organisation (ANSTO) is Australia’s national nuclear research and development organisation. ANSTO operates Australia’s only nuclear multi-purpose reactor and the Australian Synchrotron, contributes to radiopharmaceutical production and supply, and conducts research into areas of national priority, including human health, the environment and the nuclear fuel cycle. ANSTO also provides advice to government and other stakeholders on matters relating to nuclear science, technology and engineering.

Engagement risk rating

4.11.17 The engagement risk for ANTSO’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity of ANTSO’s nuclear operations with a number of business functions and multiple geographic locations; and
• the complexity of financial statements line items such as the decommissioning and nuclear waste management provisions that are subject to management judgement and involve estimation uncertainty.

2024–25 audit results

4.11.18 At the conclusion of the 2024–25 financial statements audit, ANAO has not identified any findings that pose a significant or moderate business or financial risk to ANTSO.

Key financial balances and areas of financial statements risk

4.11.19 Figure 4.11.3 shows the key financial statements balances reported by ANSTO at 30 June 2025.

Figure 4.11.3: Key financial statements balances

Source: ANTSO’s 2024–25 financial statements.

4.11.20 Table 4.11.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ANSTO.

Table 4.11.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ANTSO’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.11.21 The ANAO issued an unmodified auditor’s report on ANTSO’s financial statements on 28 August 2025.

Commonwealth Scientific and Industrial Research Organisation

4.11.22 The primary functions of the Commonwealth Scientific and Industrial Research Organisation (CSIRO), as set out in the Science and Industry Research Act 1949, are to carry out scientific research and facilitate the application or utilisation of the results of such research. CSIRO is responsible for delivering innovative scientific and technology solutions to benefit industry, the environment and the community through scientific research and capability development, services and advice.

Engagement risk rating

4.11.23 The engagement risk for CSIRO’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the nature, complexity and diverse range of CSIRO’s business operations and activities; and
• complex and judgemental estimation processes supporting the measurement and recognition of unlisted equity investments and valuation of property, plant and equipment and investment properties.

2024–25 audit results

4.11.24 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to CSIRO.

Key financial balances and areas of financial statements risk

4.11.25 Figure 4.11.4 shows the key financial statements items reported by CSIRO at 30 June 2025, and the key areas of financial statements risk.

Figure 4.11.4: Key financial statements balances

Source: CSIRO’s 2024–25 financial statements.

4.11.26 Table 4.11.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of CSIRO.

Table 4.11.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and CSIRO’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.11.27 The ANAO issued an unmodified auditor’s report on CSIRO’s financial statements on 27 August 2025.

Geoscience Australia

4.11.28 Geoscience Australia delivers information and advice on Australia’s geology and geography to support government, industry and community decision-making. The agency develops applications and solutions in response to Australia’s challenges by bringing together observations, data and knowledge from across geoscience disciplines.

Engagement risk rating

4.11.29 The engagement risk for Geoscience Australia’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity and materiality of the contract for the Southern Positioning Augmentation Network (SouthPAN), including various components that requires judgement in applying the appropriate accounting treatment; and
• the nature, complexity and scope of Geoscience Australia’s operations as Australia’s national geoscience organisation.

2024–25 audit results

4.11.30 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Geoscience Australia. One moderate audit finding was resolved during the year.

Audit findings

Table 4.11.8: Status of significant and moderate audit findings raised by the ANAO

Resolved moderate audit finding

Accounting for SouthPAN

4.11.31 Geoscience Australia is currently delivering the SouthPAN network, which is a Satellite-Based Augmentation System that will deliver international open standard signals for positioning. SouthPAN will support end-user services provided as signals, each with an internet service.

4.11.32 During the 2023–24 audit, the ANAO identified that Geoscience Australia:

• did not have a robust life cycle accounting framework for the recognition and measurement of non-financial assets arising from the SouthPAN arrangement. As a result, there were weaknesses identified in the processes established by Geoscience Australia to componentise major portions of assets and determine their useful lives (with reference to the underlying contractual terms). Additionally, the ANAO identified that Geoscience Australia had not undertaken analysis that would support accounting for the fair value of these assets, as otherwise required by the relevant accounting standards; and
• did not have robust contract review process in place for all contracts associated with the SouthPAN program. The ANAO identified a material contract which was not accounted for with the requirements of the relevant accounting standards.

4.11.33 The ANAO recommended that Geoscience Australia develop a policy and process for the financial accounting implications of life cycle management of non-financial assets relating to SouthPAN.

4.11.34 During 2024–25, the ANAO observed that Geoscience Australia established processes to monitor new associated arrangements relating to SouthPan and its components and the appropriate treatment of these arrangements in an ongoing basis as part of their regular operations.

4.11.35 The ANAO conducted a review over the implemented framework prepared by Geoscience Australia and found it to be reasonable. As a result, the ANAO considers that Geoscience Australia has addressed the risk identified, and that this audit finding has been resolved.

Figure 4.11.5: Key financial statements balances

Source: Geoscience Australia’s 2024–25 financial statements.

4.11.36 Table 4.11.9 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Geoscience Australia.

Table 4.11.9: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Geoscience Australia’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.11.37 The ANAO issued an unmodified auditor’s report on Geoscience Australia’s financial statements on 9 September 2025.

4.12 Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio

Portfolio overview

4.12.1 The Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio covers several policy areas, including safety across the civil aviation, maritime and transport sectors; air navigation services; developing and administering the national capital; road, rail and freight transport systems; communication services; digital technologies; and public access to the arts and culture.

4.12.2 Table 4.12.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.12.1: The Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio material and other entities discussed in this chapter

Audit findings

4.12.3 Table 4.12.2 presents a summary of the total number of unresolved findings by entities in the Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio at the conclusion of the 2024– 25 audits.

Table 4.12.2: Unresolved audit findings by entity in the Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio

Source: ANAO 2024–25 audit results.

4.12.4 Table 4.12.3 presents a summary of the total number of legislative breaches by entities in the Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio at the conclusion of the 2024–25 audits.

Table 4.12.3: Legislative breaches by entity in the Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.12.5 Table 4.12.4: provides a summary of audit differences that relate to entities within the Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio.

Table 4.12.4: The number of audit differences for entities in the Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio

Source: ANAO analysis of audit differences reported to entities in Infrastructure, Transport, Regional Development, Communications, Sport and the Arts portfolio.

Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts

4.12.6 The Department of Infrastructure, Transport, Regional Development, Communications, Sport and the Arts (Infrastructure) is responsible for improving infrastructure across Australia through funding coordination of transport and other infrastructure; providing an efficient, sustainable, competitive and safe transport system for all transport users; strengthening the sustainability, capacity and diversity of regional economies; providing advice on population policy; implementing the national policy on cities; and promoting an innovative and competitive communications sector. The department also promotes participation in and access to Australia’s arts and culture through developing and supporting cultural expression and supports governance arrangements in the Australian territories.

Engagement risk rating

4.12.7 The engagement risk for Infrastructure’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the size of the balance sheet assets administered by Infrastructure and the complexity of the valuations; and
• the size of the grants administered by Infrastructure.

2024–25 audit results

4.12.8 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Infrastructure. One moderate finding was resolved.

Audit findings

Table 4.12.5: Status of significant and moderate audit findings raised by the ANAO

Resolved moderate audit finding

Asset management

4.12.9 Infrastructure administers a high volume of non-financial assets, including plant and equipment in the Indian Ocean Territories. During the 2023–24 audit, the ANAO identified weaknesses in Infrastructure’s management of non-financial assets.

4.12.10 Infrastructure has reviewed the adequacy and effectiveness of their asset accounting policy to address the finding issued during the 2023-24 audit. Infrastructure has implemented an action plan to strengthen the controls around asset management.

4.12.11 The ANAO has reviewed the design and tested the operating effectiveness of the controls as modified by action plan. As a result, the ANAO considers that this finding has been resolved.

Key financial balances and areas of financial statements risk

4.12.12 Figures 4.12.1 and 4.12.2 shows the key financial statements balances reported by Infrastructure at 30 June 2025.

Figure 4.12.1: Key departmental financial statements balances

Source: Infrastructure’s 2024–25 financial statements.

Figure 4.12.2: Key administered financial statements balances

Source: Infrastructure’s 2024–25 financial statements.

4.12.13 Table 4.12.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Infrastructure.

Table 4.12.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DITRDCSA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.14 The ANAO issued an unmodified auditor’s report on Infrastructure’s financial statements on 12 September 2025.

Airservices Australia

4.12.15 Airservices Australia (Airservices) is responsible for the provision of air navigation services across Australia and oceanic airspace, and the provision of aviation rescue firefighting services at major Australian airports. Airservices is funded through domestic charges levied on its customers and borrowings from debt markets.

Engagement risk rating

4.12.16 The engagement risk for Airservices’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complex and developing regulatory environment for the aviation industry; dependence on numerous, sophisticated and interfaced business systems for financial reporting, including for airways revenue;
• considerable judgement required to account for material financial statement balances including determining the classification of complex project expenditure as expenses or capital; and the valuation of non-financial assets, defined benefit obligations, employee provisions and decontamination provision; and
• extensive planned investment activity in updating infrastructure and systems, with significant expenditure outlaid.

2024–25 audit results

4.12.17 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Airservices. One minor finding was resolved, and two minor findings remain unresolved.

Key financial balances and areas of financial statements risk

4.12.18 Figure 4.12.3 shows the key financial statements balances reported by Airservices Australia at 30 June 2025.

Figure 4.12.3: Key financial statements balances

Source: Airservices Australia’s 2024–25 financial statements.

4.12.19 Table 4.12.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Airservices.

Table 4.12.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Airservices’ audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.20 The ANAO issued an unmodified auditor’s report on Airservices’ financial statements on 23 September 2025.

Australian Broadcasting Corporation

4.12.21 The Australian Broadcasting Corporation (ABC) is primarily responsible for providing innovative and comprehensive broadcasting and digital media services of a high standard that contribute to a sense of national identity, inform and entertain audiences, and foster the performing arts.

Engagement risk rating

4.12.22 The engagement risk for ABC’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• ABC’s public profile and the complexity of the environment the entity operates within; and
• the number of financial statements balances which are subject to professional judgement and estimation uncertainty.

2024–25 audit results

4.12.23 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ABC.

Key financial balances and areas of financial statements risk

4.12.24 Figure 4.12.4 shows the key financial statements items reported by ABC at 30 June 2025, and the key areas of financial statements risk.

Figure 4.12.4: Key financial statements balances

Source: ABC’s 2024–25 financial statements.

4.12.25 Table 4.12.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ABC.

Table 4.12.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ABC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.26 The ANAO issued an unmodified auditor’s report on ABC’s financial statements on 26 August 2025.

Australian Communications and Media Authority

4.12.27 The Australian Communications and Media Authority (ACMA) is responsible for the regulation communications infrastructure, content and services for Australia including broadcasting, radio communications (spectrum management), telecommunications and online content.

Engagement risk rating

4.12.28 The engagement risk for ACMA’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• no significant changes in ACMA’s operations during the year;
• an organisational structure, operations and financial reporting framework that is well understood and embedded; and
• an established governance framework, including fraud control, internal audit and monitoring committee processes.

2024–25 audit results

4.12.29 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ACMA. The ANAO identified one minor finding during the audit, which was resolved

Key financial balances and areas of financial statements risk

4.12.30 Figure 4.12.5 shows the key financial statements balances reported by ACMA at 30 June 2025.

Figure 4.12.5: Key departmental financial statements balances

Source: ACMA’s 2024–25 financial statements.

Figure 4.12.6: Key administered financial statements balances

Source: ACMA’s 2024–25 financial statements.

4.12.31 Table 4.12.9 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ACMA.

Table 4.12.9: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ACMA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.32 The ANAO issued an unmodified auditor’s report on ACMA’s financial statements on 22 September 2025.

Australian Postal Corporation

4.12.33 The Australian Postal Corporation (Australia Post) is a government business enterprise responsible for supplying postal services to Australia, including the distribution of letters and parcels in Australia and internationally.

Engagement risk rating

4.12.34 The engagement risk for Australia Post’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity of Australia Post’s business and financial operations;
• the ongoing reform agenda; and
• the number and complexity revenue streams and revenue recognition.

2024–25 audit results

4.12.35 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Australia Post.

Key financial balances and areas of financial statements risk

4.12.36 Figure 4.12.7 shows the key financial statements balances reported by Australia Post at 30 June 2025.

Figure 4.12.7: Key financial statements balances

Source: Australian Post’s 2024–25 financial statements.

4.12.37 Table 4.12.10 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Australia Post.

Table 4.12.10: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Australia Post’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.38 The ANAO issued an unmodified auditor’s report on Australia Post’s financial statements on 25 August 2025.

Australian Rail Track Corporation Limited

4.12.39 The Australian Rail Track Corporation Ltd (ARTC) is responsible for the development, maintenance, management and delivery of some of Australia’s major rail networks, including the national interstate rail network, the Hunter Valley coal rail network, and the construction of the Inland Rail network.

Engagement risk rating

4.12.40 The engagement risk for ARTC’s 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• the number of financial statements balances which are subject to professional judgement and estimation uncertainty.
• ongoing scrutiny by Parliament and the public around the governance changes associated with the delivery of the Inland Rail project.

2024–25 audit results

4.12.41 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ARTC.

Key financial balances and areas of financial statements risk

4.12.42 Figure 4.12.8 shows the key financial statements balances reported by ARTC at 30 June 2025.

Figure 4.12.8: Key financial statements balances

Source: ARTC’s 2024–25 financial statements.

4.12.43 Table 4.12.11 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ARTC.

Table 4.12.11: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ARTC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.44 The ANAO issued an unmodified auditor’s report on ARTC’s financial statements on 25 August 2025.

National Archives of Australia

4.12.45 The National Archives of Australia (National Archives) is an Australian Government entity established under the Archives Act 1983. It sets information and data management policy and standards for Australian Government entities to meet in creating, retaining, maintaining, securing, preserving, appropriately disposing of, and providing appropriate access to trusted government information and data. The National Archives collects records of government decisions and actions.

Engagement risk rating

4.12.46 The engagement risk for National Archives’ 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• maturing financial statements preparation process; and
• relatively low complexity of financial statement balances other than identified areas of key financial statements risk.

2024–25 audit results

4.12.47 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to the National Archives. One minor audit finding remains unresolved.

Key financial balances and areas of financial statements risk

4.12.48 Figure 4.12.9 shows the key financial statements balances reported by National Archives at 30 June 2025.

Figure 4.12.9: Key departmental financial statements balances

Source: National Archives’ 2024–25 financial statements.

4.12.49 Table 4.12.12 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of National Archives.

Table 4.12.12: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and National Archives’ audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.50 The ANAO issued an unmodified auditor’s report on National Archives’ financial statements on 26 November 2025.

National Capital Authority

4.12.51 The National Capital Authority (NCA) performs the role of trustee and manager of areas in Canberra and the Australian Capital Territory that are designated as National Land for the special purpose of Canberra as Australia’s National Capital. The NCA shapes the future of Canberra for all Australians through the National Capital Plan and related planning and development work.

Engagement risk rating

4.12.52 The engagement risk for NCA 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• no major changes in the operational or business environment during the year; and
• no significant or moderate audit issues noted in the prior audit period.

2024–25 audit results

4.12.53 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NCA.

Key financial balances and areas of financial statements risk

4.12.54 Figures 4.12.10 and 4.12.11 shows the key financial statements balances reported by NCA at 30 June 2025.

Figure 4.12.10: Key departmental financial statements balances

Source: NCA’s 2024–25 financial statements.

Figure 4.12.11: Key administered financial statements balances

Source: NCA’s 2024–25 financial statements.

4.12.55 Table 4.12.13 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NCA.

Table 4.12.13: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NCA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.56 The ANAO issued an unmodified auditor’s report on the financial statements on 5 September 2025.

National Gallery of Australia

4.12.57 The National Gallery of Australia (NGA) is responsible for developing and maintaining a national collection of works of art to exhibit or to make available for others to exhibit and making the most advantageous use of the national collection in the national interest.

Engagement risk rating

4.12.58 The engagement risk for NGA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity and judgement over the measurement and recognition of heritage and cultural assets; and
• judgements over the valuation of the NGA’s land and building asset classes.

2024–25 audit results

4.12.59 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NGA.

Key financial balances and areas of financial statements risk

4.12.60 Figure 4.12.12 shows the key financial statements balances reported by NGA at 30 June 2025.

Figure 4.12.12: Key departmental financial statements balances

Source: NGA’s 2024–25 financial statements.

4.12.61 Table 4.12.14 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NGA.

Table 4.12.14: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NGA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.62 The ANAO issued an unmodified auditor’s report on NGA’s financial statements on 15 August 2025.

National Intermodal Corporation Limited

4.12.63 The National Intermodal Corporation Limited (National Intermodal) was originally established as Moorebank Intermodal Company Limited to oversee the development and future operation of the Moorebank Intermodal Precinct in Sydney’s south-west. After National Intermodals’ mandate expanded to include Melbourne and Brisbane terminals as part of the Inland Rail program, a name change occurred to reflect their national focus. Once completed, the Moorebank Intermodal Precinct will have an import and export rail terminal with a direct link to Port Botany, and also an interstate and regional facility to connect to the national rail freight network.

Engagement risk rating

4.12.64 The engagement risk for National Intermodal’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the expansion of National Intermodal’s mandate to design, build and operate additional intermodal terminals in Victoria and Queensland;
• the complexity of National Intermodal’s operations and finances, particularly the level of estimation and judgement required to determine key balances in the financial statements; and
• the level of public and parliamentary interest and scrutiny over the delivery of infrastructure projects.

2024–25 audit results

4.12.65 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to National Intermodal.

Key financial balances and areas of financial statements risk

4.12.66 Figure 4.12.13 shows the key financial statements balances reported by National Intermodal at 30 June 2025.

Figure 4.12.13: Key departmental financial statements balances

Source: National Intermodal’s 2024–25 financial statements.

4.12.67 Table 4.12.15 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of National Intermodal.

Table 4.12.15: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and National Intermodal’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.68 The ANAO issued an unmodified auditor’s report on National Intermodal’s financial statements on 26 August 2025.

National Library of Australia

4.12.69 The National Library of Australia (NLA) is responsible for developing and maintaining a national collection of library material, including a comprehensive collection of material relating to Australia and the Australian people, and for making this material available to the public.

Engagement risk rating

4.12.70 The engagement risk for NLA’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• established valuation processes supporting the measurement and recognition of collection assets;
• the maturity of the control environment and the NLA’s well established financial operating process;
• an established and effective governance framework supporting the management of financial reporting.

2024–25 audit results

4.12.71 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NLA.

Key financial balances and areas of financial statements risk

4.12.72 Figure 4.12.14 shows the key financial statements balances reported by NLA at 30 June 2025.

Figure 4.12.14: Key departmental financial statements balances

Source: NLA’s 2024–25 financial statements.

4.12.73 Table 4.12.16 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NLA.

Table 4.12.16: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NLA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.74 The ANAO issued an unmodified auditor’s report on NLA’s financial statements on 11 September 2025.

NBN Co Limited

4.12.75 NBN Co Limited (NBN Co) provides wholesale services to internet service providers. NBN Co is a government business enterprise incorporated under the Corporations Act 2001.

Engagement risk rating

4.12.76 The engagement risk for NBN Co 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• the ongoing investment in the build and transition to Fibre to the Premises (FTTP);
• the regulated nature of the industry in which NBN Co Limited operates;
• NBN Co Limited’s financial position. The entity is highly leveraged with exposure to external debt markets; and
• risks to NBN Co arising from technological changes.

2024–25 audit results

4.12.77 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NBN Co. One moderate finding was resolved during the audit.

Audit findings

Table 4.12.17: Status of significant and moderate audit findings raised by the ANAO

Source: ANAO 2024–25 audit results, and NBN Co’s audited financial statements for the year ended 30 June 2025.

Resolved moderate audit finding

Timely removal of user access

4.12.78 During 2023–24 the ANAO assessed the design and implementation of NBN Co’s controls over removing access for terminating employees in a timely manner. The ANAO found control weaknesses where ANAO identified users who had accessed the NBN Co IT network after their termination. Inadequate security measures for timely removal of access from former personnel increase the risk of unauthorised access to sensitive information.

4.12.79 The ANAO has reviewed the design and tested the operating effectiveness of the detective controls as implemented by NBN Co during the 2024–25 audit. This finding was downgraded to minor in Auditor-General Report No. 39 2024–25 Interim Report on Key Financial Controls of Major Entities and was assessed as resolved by the end of the 2024–25 audit phase.

Key financial balances and areas of financial statements risk

4.12.80 Figure 4.12.15 shows the key financial statements balances reported by NBN Co at 30 June 2025.

Figure 4.12.15: Key financial statements balances

Source: NBN Co’s 2024–25 financial statements.

4.12.81 Table 4.12.18 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NBN Co.

Table 4.12.18: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NBN Co’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.82 The ANAO issued an unmodified auditor’s report on NBN Co’s financial statements on 7 August 2025.

WSA Co Limited

4.12.83 WSA Co Limited (WSA Co) was established to construct and operate Western Sydney International (Nancy-Bird Walton) Airport in Badgerys Creek, in south-western Sydney, to the functional specifications determined by the Australian Government. WSA Co Limited is a government business enterprise wholly owned by the Australian Government, represented by the Minister for Finance and the Minister for Infrastructure, Transport, Regional Development and Local Government as shareholder ministers.

Engagement risk rating

4.12.84 The engagement risk for WSA Co’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• significance and scale of the Australian Government’s financial commitment of minimum $5.3 billion of equity financing to construct the airport, along with changes and additional works for commercial and border agency activities;
• detailed requirements of the Project Deeds and Equity Subscription Agreement which govern the project delivery process and infrastructure requirements, along with debt financing;
• complexity of contracts and delivery of services during the airport construction phase; and
• nature, complexity and significance of accounting policies, particularly those relating to the capitalisation of construction costs. Capitalisation policies adopted have a significant impact on WSA Co’s consolidated statement of financial position and valuation considerations for the Australian Government financial statements.

2024–25 audit results

4.12.85 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to WSA Co. ANAO identified one moderate legislative breach during the 2024-25 audit.

Audit findings

Table 4.12.19: Status of significant and moderate audit findings raised by the ANAO

New moderate legislative breach

Remuneration Tribunal Determination - Overpayment

4.12.86 Under the Remuneration Tribunal Determination 2024, Board members who are also members of the audit committee are entitled to $9,040 per year in addition to the underlying fee for directors. During the preparation of its 2024-25 financial statements, WSA Co identified an error in the underpayment of audit committee fees to one Director and an overpayment to another Director of equal value. WSA Co has since corrected the underlying payments.

Key financial balances and areas of financial statements risk

4.12.87 Figure 4.12.16 shows the key financial statements balances reported by WSA Co at 30 June 2025.

Figure 4.12.16: Key departmental financial statements balances

Source: WSA Co’s 2024–25 financial statements.

4.12.88 Table 4.12.20 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of WSA Co.

Table 4.12.20: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and WSA Co’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.12.89 Although the ANAO identified one audit finding during the 2024–25 audit additional audit procedures were undertaken in order to obtain sufficient and appropriate evidence on the financial statements by undertaking additional audit procedures. WSA Co has advised the ANAO of the action it will take to remediate the audit finding identified. The ANAO will review the action taken by the entity as part of the 2025–26 audit.

4.12.90 The ANAO issued an unmodified auditor’s report on WSA Co’s financial statements on 29 August 2025.

Comments on other entities

Norfolk Island Health and Residential Aged Care Service

4.12.91 The Norfolk Island Health and Residential Aged Care Service (NIHRACS) is a multi-purpose health service operated by the Australian Government on Norfolk Island. Oversight of NIHRACS is the responsibility of Infrastructure.

4.12.92 NIHRACS is deemed to be a Commonwealth controlled entity. NIHRACS is a body corporate with perpetual succession under the Norfolk Island Health and Residential Aged Care Act 1985, a Norfolk Island continued law under section 16A of the Norfolk Island Act 1979 (Cth). The PGPA Act does not apply to NIHRACS and as a result the Auditor-General is not mandated as the auditor. The ANAO undertakes the audit in accordance with a request by the Secretary of Infrastructure made under section 20 of the Auditor-General Act 1997. Auditor-General Report No. 43 2018–19 Design, Implementation and Monitoring of Reforms to Services on Norfolk Island made specific recommendations, in relation to NIHRACS, to undertake legislative reform to apply the PGPA Act to the entity. The ANAO is not aware of any action being undertaken to address this recommendation.

4.12.93 The NIHRACS financial statements audits for 2022–23, 2023–24 and 2024–25 were completed on 1 December 2025. These audits were delayed due to the time required by NIHRACS to finalise the financial statements and the impact of a number of unaddressed audit findings and other matters.

2024–25 audit results

4.12.94 At the conclusion of the 2024–25 financial statements audit, three audit findings that pose a moderate financial or business risk to NIHRACS were identified. One significant audit finding was reassessed to a moderate audit finding and one moderate audit finding was reassessed to a minor finding.

4.12.95 During the 2025–26 audit, the ANAO will assess action taken by NIHRACS to address the risks identified.

Audit findings

Table 4.12.21: Status of significant and moderate audit findings raised by the ANAO

Note a: One significant audit finding was reassessed to a moderate audit finding, and one moderate audit finding was reassessed to a minor audit finding.

Unresolved moderate findings

4.12.96 The three unresolved moderate findings relate to: revenue management (first identified in 2016–17; the financial statements preparation processes (first identified in 2021–22) and corporate governance (first identified as a significant finding in 2016–17 and reassessed to a moderate finding in 2024–25 on the basis of work progressed to address the identified risks).

New moderate findings

4.12.97 The three new moderate findings identified at the conclusion of the 2024–25 audit relate to: procurement and contract management practices; business risks due to IT infrastructure and system deficiencies; and IT controls over user and privileged user accesses.

4.12.98 The ANAO provides reports on the outcomes of the audit and audit findings identified to Infrastructure at the conclusion of each audit.

Conclusion

4.12.99 The ANAO issued unmodified auditor’s reports for NIHRACS’ 2022–23, 2023–24 and 2024–25 financial statements on 1 December 2025.

4.13 Parliamentary departments

Portfolio overview

4.13.1 The Parliamentary Departments support the operation of the Parliament of Australia, its committees and members.

4.13.2 Table 4.13.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.13.1: Parliamentary Departments material and other entities discussed in this chapter

Audit findings

4.13.3 Table 4.13.2 presents a summary of the total number of unresolved findings by entities in the Parliamentary Departments at the conclusion of the 2024– 25 audits.

Table 4.13.2: Unresolved audit findings by entity in the Parliamentary Departments

Source: ANAO 2024–25 audit results.

4.13.4 Table 4.13.3 presents a summary of the total number of legislative breaches by Parliamentary Departments at the conclusion of the 2024–25 audits.

Table 4.13.3: Legislative breaches by entity in the Parliamentary Departments

Source: ANAO 2024–25 audit results.

Audit differences

4.13.5 Table 4.13.4 provides a summary of audit differences that relate to entities within the Parliamentary Departments.

Table 4.13.4: The number of audit differences by entity in the Parliamentary Departments

Source: ANAO analysis of audit differences reported to entities in the Parliamentary Departments.

Department of Parliamentary Services

4.13.6 The Department of Parliamentary Services (DPS) is responsible for supporting the operation of the Parliament through the provision of a range of services, including library, research, Hansard, broadcasting, Information, Communication & Technology (ICT) services, physical and cyber security services, visitor services, catering, and building and landscape management.

Engagement risk rating

4.13.7 The engagement risk for DPS’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• non-complex transactions and balances in DPS’s financial statements; and
• mature financial statements preparation process and internal control environment.

2024–25 audit results

4.13.8 At the conclusion of the 2024–25 financial statements audit, one moderate audit finding remains unresolved, and one minor audit finding was identified.

Audit findings

Table 4.13.5: Status of significant and moderate audit findings raised by the ANAO

Unresolved moderate audit finding

Network User Terminations

4.13.9 User access management is fundamental to the effective operation of the IT systems. Revoking user access to a system in a timely manner is necessary to ensure that all access to IT systems, financially sensitive or otherwise, is authorised.

4.13.10 During the 2023–24 audit, the ANAO identified that contractor termination dates could not be readily verified due to the absence of exit forms for such terminations. DPS was unable to provide alternative evidence for the respective contractor terminations and there were no compensating controls relating to contractor terminations.

4.13.11 During 2024–25 DPS has made a significant effort to improve contractor offboarding processes, and the ANAO reviewed the controls implemented by DPS to address the risks identified. From this review, the ANAO concluded that the controls implemented partially addressed the risk of unauthorised access and activity relating to offboarded contractors, and weaknesses continue to be observed around the timely update of contractor termination dates in DPS’s offboarding systems.

4.13.12 Following these observations, DPS established a standard operating procedure for offboarding contractors. The ANAO will review the implementation of these procedures during the 2025–26 audit.

Key financial balances and areas of financial statements risk

4.13.13 Figures 4.13.1 and 4.13.2 shows the key financial statements balances reported by DPS at 30 June 2025.

Figure 4.13.1: Key departmental financial statements balances

Source: Department of Parliamentary Services’ 2024–25 financial statements.

Figure 4.13.2: Key administered financial statements balances

Source: Department of Parliamentary Services’ 2024–25 financial statements.

4.13.14 Table 4.13.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DPS.

Table 4.13.6: Key areas of financial statements risk

Conclusion

4.13.15 The ANAO issued an unmodified auditor’s report on DPS’s financial statements on 23 September 2025.

Comments on non-material entities

Department of the House of Representatives

4.13.16 The Department of the House of Representatives (DHR) is one of four departments of the Parliamentary Service established under the Parliamentary Service Act 1999. DHR supports the House of Representatives, and the wider Parliament, in the role of a representative and legislative body primarily by providing advice and services, and through engaging with the community and other parliaments.

2024–25 audit results

4.13.17 At the conclusion of the 2024–25 financial statements audit, one audit finding posing a significant business or financial risk to DHR, and one significant legislative breach were identified.

4.13.18 During the 2025–26 audit, the ANAO will assess action taken by DHR to address the risks identified.

Audit findings

Table 4.13.7: Status of significant and moderate audit findings raised by the ANAO

Source: ANAO 2024–25 audit results.

New significant audit finding

Management of the Pacific Parliamentary Partnership Fund

4.13.19 The ANAO identified material legal and accounting uncertainties in the DHR’s management of the Pacific Parliamentary Partnership Fund (PPPF). Following the sunsetting of the Inter-Parliamentary Relations Special Account in April 2017, DHR sought the establishment of a new special account. Instead, based on advice from the Department of Finance that a special account was not required, DHR credited the PPPF to its appropriation under section 74 of the PGPA Act. Acting on this advice, DHR subsequently credited interest earnings to its departmental appropriation using the same mechanism. As at 30 June 2025, the PPPF balance was $2.9 million and was included in DHR’s reported departmental cash balance of $6.7 million.

4.13.20 Based on its interpretation of legal advice received in August 2013, DHR did not maintain separate accounts or records to determine whether the PPPF balance included trust money, resulting in the entire balance being treated as a departmental asset. This approach may have led to the misstatement of cash assets and the omission of trust disclosures in the financial statements. Legal advice subsequently obtained by DHR in March 2025 raised doubt about the validity of relying on section 74 to credit the PPPF and interest earned thereon to the departmental appropriation. If section 74 did not apply, the funds should have been remitted to the Consolidated Revenue Fund (CRF), resulting in a potential material misstatement of the appropriations note disclosure.

4.13.21 The PPPF balance was material to DHR’s reported cash balance as at 30 June 2025, and the appropriations note disclosure was material by nature, as it related to the legal authority to draw funds from the CRF.

4.13.22 The ANAO recommended DHR return the principal and interest to the Official Public Account in accordance with RMG 307 Retainable Receipts and liaise with the Department of Finance and the Australian Government Solicitor to resolve the legal and accounting uncertainties. The ANAO also recommended DHR continue to engage with the States and Territories to on any future arrangements, as the funds likely include trust money contributed by these parties. If considered appropriate, DHR should seek legislative authority for the expenditure of any re-appropriated funds.

4.13.23 The ANAO has been advised that DHR has ceased expenditure from the PPPF and is no longer relying on section 74 to credit interest receipts to the departmental appropriation, in light of the legal uncertainty. This approach is supported by the Department of Finance. As at 30 June 2025, $27,000 had been retained in the bank account without legal authority. Options for re-appropriating the funds are being considered by DHR. Any solution should be supported by legal advice confirming the validity of the arrangement.

4.13.24 This issue resulted in the ANAO issuing a modified auditor’s report on DHR’s 2024–25 financial statements. A resolution to validate the retention of funds and to resolve the issues around the cash balance and appropriations note disclosure will be required to address the audit qualification.

New significant legislative breach

Potential non-compliance with the Australian Constitution and the PGPA Act

4.13.25 The ANAO identified significant potential legal non-compliance in DHR’s management of the PPPF. Legal advice obtained by DHR concluded there was a significant risk that expenditure from the PPPF was made without appropriate legislative authority, potentially in breach of section 61 of the Constitution. The advice indicated that reliance on annual appropriations alone did not provide sufficient authority for expenditure on external parliamentary programs, as appropriations must be supported by a substantive law or prerogative power.

4.13.26 The advice also identified a moderate legal risk that the crediting of the PPPF and interest to the departmental appropriation under section 74 of the PGPA Act was not validly authorised. With reliance on previous advice from the Department of Finance, DHR had not maintained proper accounts and records in relation to the component of the cash balance that may constitute trust money, as required under section 41 of the PGPA Act. The circumstances gave rise to potential breaches of the general duties required under the PGPA Act, including duties relating to governance, risk management, and compliance with government policy.

4.13.27 The ANAO recommended that DHR return the PPPF funds to the Official Public Account, seek retrospective legislative authority for past expenditure, and ensure that future transactions are supported by clear and specific legal authority.

Conclusion

4.13.28 The auditor’s report for the DHR’s 2024–25 financial statements included a qualification that the ANAO was unable to obtain sufficient appropriate audit evidence to determine whether DHR’s cash balance and appropriations note disclosures were free from material misstatement.

4.13.29 This was because DHR could not determine the extent to which the cash balance included trust money and whether the crediting of interest to the appropriation was valid. Consequently, the ANAO was unable to determine whether any adjustments to these amounts and disclosures were necessary.

4.13.30 Additionally, comparative information may have been misstated as the cash balance and the appropriations note disclosures for the year ended 30 June 2024 also included the PPPF and interest credited under section 74.

4.13.31 The modified auditor’s report was issued on 23 October 2025.

4.14 Prime Minister and Cabinet portfolio

Portfolio overview

4.14.1 The Prime Minister and Cabinet portfolio is responsible for: providing advice and support to the Prime Minister, the Cabinet, Portfolio Ministers and Assistant Ministers on matters that are at the forefront of public policy and government administration; and providing stewardship of the Australian Public Service (APS).

4.14.2 Table 4.14.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.14.1: Prime Minister and Cabinet portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.14.3 Table 4.14.2 presents a summary of the total number of unresolved findings by entities in the Prime Minister and Cabinet portfolio at the conclusion of the 2024–25 audits.

Table 4.14.2: Unresolved audit findings by entity in the Prime Minister and Cabinet portfolio

Source: ANAO 2024–25 audit results.

4.14.4 Table 4.14.3 presents a summary of the total number of legislative breaches by entities in the Prime Minister and Cabinet portfolio at the conclusion of the 2024–25 audits.

Table 4.14.3: Legislative breaches by entity in the Prime Minister and Cabinet portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.14.5 Table 4.14.4 provides a summary of audit differences that relate to entities within the Prime Minister and Cabinet portfolio.

Table 4.14.4: The number of audit differences by entity in the Prime Minister and Cabinet portfolio

Source: ANAO analysis of audit differences reported to entities in the Prime Minister and Cabinet portfolio.

Department of the Prime Minister and Cabinet

4.14.6 The Department of the Prime Minister and Cabinet (PM&C) is responsible for providing advice to the Prime Minister, the Cabinet, portfolio ministers, and assistant ministers to improve the lives of all Australians. The role of PM&C is to support the policy agenda of the prime minister and Cabinet and the coordination of the implementation of key government programs, to provide leadership to the Australian Public Service, coordination of government activities, effective policy advice and development, and program delivery.

Engagement risk rating

4.14.7 The engagement risk for PM&C’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• accounting for investments in corporate Commonwealth entities and companies; and
• shared services provided to the National Indigenous Australians Agency and other entities.

2024–25 audit results

4.14.8 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to PM&C.

Key financial balances and areas of financial statements risk

4.14.9 Figures 4.14.1 and 4.14.2 shows the key financial statements balances reported by PM&C at 30 June 2025.

Figure 4.14.1: Key departmental financial statements balances

Source: PM&C’s 2024–25 financial statements.

Figure 4.14.2: Key administered financial statements balances

Source: PM&C’s 2024–25 financial statements.

4.14.10 Table 4.14.5 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of PM&C.

Table 4.14.5: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and PM&C’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.14.11 The ANAO issued an unmodified auditor’s report on PM&C’s financial statements on 22 September 2025.

Indigenous Business Australia

4.14.12 Under its enabling legislation, the Aboriginal and Torres Strait Islander Act 2005, Indigenous Business Australia’s (IBA’s) purposes are to assist and enhance Aboriginal and Torres Strait Islander self-management and economic self-sufficiency, and to advance the commercial and economic interests of Aboriginal and Torres Strait Islander peoples by accumulating and using a substantial capital base for their benefit. IBA has 12 actively trading subsidiaries which are audited by the ANAO.

Engagement risk rating

4.14.13 The engagement risk for IBA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the level of diversity in the nature of IBA’s commercial business activities, which include home loans, business loans, commercial property and investments in controlled entities, associated and other business undertakings; and
• the impact of market conditions, and significant management judgment required, in the valuation of these activities for financial reporting purposes.

2024–25 audit results

4.14.14 At the conclusion of the 2024–25 financial statements audit, the ANAO identified one legislative breach that poses a low business or financial management risk, but which, if it had not been addressed, could have posed a moderate risk in the future.

Key financial balances and areas of financial statements risk

4.14.15 Figure 4.14.3 shows the key financial statements balances reported by IBA at 30 June 2025.

Figure 4.14.3: Key financial statements balances

Source: IBA’s 2024–25 financial statements.

4.14.16 Table 4.14.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of IBA.

Table 4.14.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and IBA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.14.17 The ANAO issued an unmodified auditor’s report on IBA’s financial statements on 25 September 2025.

National Indigenous Australians Agency

4.14.18 The National Indigenous Australians Agency (NIAA) was established on 1 July 2019 by an executive order of the Governor-General. The primary functions of the NIAA are to:

• lead and coordinate Australian Government policy development, program design and implementation, and service delivery for Aboriginal and Torres Strait Islander peoples;
• provide advice to the Prime Minister and the Minister for Indigenous Australians on Australian Government priorities for Aboriginal and Torres Strait Islander peoples;
• lead and coordinate the development and implementation of Australia’s Closing the Gap targets in partnership with Indigenous Australians;
• lead Australian Government activities to promote reconciliation;
• to build and maintain effective partnerships with stakeholders to inform whole-of-government priorities for Aboriginal and Torres Strait Islander people and enable policies, programs and services to be tailored to the unique needs of communities;
• to design, consult on and coordinate the delivery of community development employment projects;
• to analyse and monitor the effectiveness of programs and services for Aboriginal and Torres Strait Islander people delivered by the Australian Government; and
• to coordinate Indigenous portfolio agencies and advance a whole-of-government approach to improving the lives of Aboriginal and Torres Strait Islander people.

Engagement risk rating

4.14.19 The engagement risk for NIAA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the decentralised nature of processing and monitoring of grant programs across Australia;
• the NIAA’s administration of the Community Development Program; and
• NIAA’s reliance on the systems managed by other agencies (Department of Prime Minister and Cabinet, Department of Social Services, Department of Employment and Workplace Relations, Services Australia and the Service Delivery Office through shared service arrangements).

2024–25 audit results

4.14.20 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to NIAA.

Key financial balances and areas of financial statements risk

4.14.21 Figures 4.14.4 and 4.14.5 shows the key financial statements balances reported by NIAA as at 30 June 2025.

Figure 4.14.4: Key departmental financial statements balances

Source: NIAA’s 2024–25 financial statements.

Figure 4.14.5: Key administered financial statements balances

Source: NIAA’s 2024–25 financial statements.

4.14.22 Table 4.14.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of NIAA.

Table 4.14.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and NIAA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.14.23 The ANAO issued an unmodified auditor’s report on NIAA’s financial statements on 17 September 2025.

Comments on non-material entities

Darwin Hotel Partnership

4.14.24 The Darwin Hotel Partnership (DHP) is primarily involved in tourism through the operation of Adina Apartment Hotel and Vibe Hotel, both located in Darwin, Northern Territory. DHP is a controlled entity of Indigenous Business Australia who holds an 80 per cent interest in the partnership. DHP is a non-reporting entity and prepares financial statements to meet its obligations under its Partnership Agreement.

Conclusion

4.14.25 The ANAO issued an unmodified auditor’s report on the Darwin Hotel Partnership’s financial statements on 1 September 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph drawing attention to the special purpose reporting framework applied in the preparation of the financial statements.

Gagudju Lodge Cooinda Trust

4.14.26 Gagudju Lodge Cooinda Trust (the Trust) is a unit trust created to hold commercial investment property in Kakadu National Park. The Trust is a controlled entity of Indigenous Business Australia who is the trustee and holds more than 50 per cent of the units in the Trust. The Trust is a non-reporting entity and prepares financial statements to meet its obligations under its Trust Deed.

Conclusion

4.14.27 The ANAO issued an unmodified auditor’s report on the Gagudju Lodge Cooinda Trust’s financial statements on 21 August 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph drawing attention to the special purpose reporting framework applied in the preparation of the financial statements.

Ikara Wilpena Enterprises Pty Ltd

4.14.28 Ikara Wilpena Enterprises Pty Ltd (IWE) is a subsidiary of Indigenous Business Australia (IBA) a corporate Commonwealth entity. IWE is a small to medium sized entity that provided tourism activities, services and products for the Wilpena Pound Resort in the Flinders Ranges, South Australia. In May 2024, IWE entered into a Sales and Business Agreement to sell its business and the majority of its assets. IWE is a non-operating entity following the satisfactory completion of conditions required for settlement of the sales agreement in October 2024.

4.14.29 The 2023–24 financial statements audit was signed on 30 June 2025, and the auditor’s report included an Emphasis of Matter drawing attention to the non-going concern basis of accounting as it is the intention of the directors to wind up IWE. The opinion was not modified in respect of this matter.

2023–24 audit results

4.14.30 Table 4.14.8 summarises the status of audit findings identified by the ANAO in 2023–24.

Table 4.14.8: Status of audit findings

Note a: These findings will not be followed up as IWE is not preparing financial statements in 2024–25.

Source: ANAO 2023–24 audit results.

4.14.31 For each of the findings listed below, the ANAO undertook additional audit procedures to gain assurance that the entity’s 2023–24 financial statements were not materially misstated.

New moderate audit finding

Assessment of going concern and presentation of financial statements

4.14.32 The ANAO identified issues relating to IWE’s assessment of going concern and the presentation of its financial statements following the cessation of operations and the sale of all operating assets in October 2024.

4.14.33 IWE did not undertake a comprehensive assessment of its going concern status, nor did it appropriately consider the implications of the sale agreement on the financial reporting framework. Assets intended for sale were not classified in accordance with the relevant accounting standards, and key disclosures relating to the non-going concern basis were either omitted or inaccurately presented. These deficiencies resulted in materially misstated draft financial statements and necessitated extensive audit adjustments to both the primary financial statements and accompanying notes.

4.14.34 The late identification and correction of these matters contributed to delays in the finalisation of the audit and the signing of the financial statements and auditor’s report. The ANAO recommended that IWE, with the support of its parent entity, IBA, implement the following measures:

• conduct timely and comprehensive assessments of significant transactions and events, including those with implications for going concern and financial statement presentation;
• enhance internal review procedures to validate key accounting treatments and disclosures prior to the commencement of the external audit; and
• strengthen technical capability within the finance function, including through targeted training in complex accounting areas.

4.14.35 IWE agreed with the finding and acknowledged the need for process improvements. It was noted that the circumstances were unique and non-recurring. IBA has advised that financial statements will not be prepared for 2024–25, as IWE is no longer operating and is expected to be wound up.

New moderate audit finding

Financial statements preparation process

4.14.36 The ANAO identified significant delays in IWE’s preparation of financial statements and provision of supporting documentation during the 2023–24 audit. Key working papers and journal entries were not provided in accordance with agreed timelines, and the draft financial statements initially submitted did not reconcile to the final trial balance. Requested documentation was not received until several months later, significantly impacting the audit timeline.

4.14.37 These delays were primarily due to the transition from the previous financial services provider, turnover in key finance personnel, and resource constraints. The lack of continuity and reduced institutional knowledge adversely affected audit coordination and the quality of financial reporting.

4.14.38 The ANAO recommended that IWE strengthen its audit readiness by ensuring financial statements reconcile to the final trial balance, preparing complete and accurate supporting documentation in advance, improving coordination with external service providers, maintaining well-organised records, and ensuring sufficient resourcing and continuity within the finance function.

4.14.39 IWE agreed with the finding and acknowledged the need for process improvements. It was noted that the delays were driven by unique and non-recurring transitional factors. IBA has advised that financial statements will not be prepared for 2024–25, as IWE is no longer operating and is expected to be wound up.

Ikara Wilpena Holdings Trust

4.14.40 Ikara Wilpena Holdings Trust (the Trust) is a subsidiary of Indigenous Business Australia (IBA) a corporate Commonwealth entity. The Trust was established to hold commercial investment property, and IBA is Trustee of the Trust.

4.14.41 The 2023–24 financial statements audit was signed on 5 June 2025, and the auditor’s report included an Emphasis of Matter drawing attention to the non-going concern basis of accounting as it is the intention of the trustee to wind up the Trust. The opinion was not modified in respect of this matter.

2023–24 audit results

4.14.42 Table 4.14.9 summarises the status of audit findings identified by the ANAO in 2023–24.

Table 4.14.9: Status of audit findings

Note a: This finding will not be followed up as the Trust is not preparing financial statements in 2024–25.

Source: ANAO 2023–24 audit results.

4.14.43 For the finding listed below, the ANAO undertook additional audit procedures to gain assurance that the Trust’s 2023–24 financial statements were not materially misstated.

New moderate audit finding

Assessment of going concern and the presentation of the financial statements

4.14.44 The ANAO identified issues in the Trust’s assessment of going concern and the presentation of its financial statements following the sale of Ikara Wilpena Enterprises Pty Ltd (IWE) by Indigenous Business Australia (IBA) in May 2024. Although the Trust was not a direct party to the agreement, the transaction required the relinquishment of the head lease and cessation of operations, materially impacting the Trust’s financial position.

4.14.45 The Trust did not adequately assess the implications of the sale, incorrectly treating itself as unaffected. As a result, the financial statements did not reflect the impact of the lease relinquishment, the fair value of investment property was misstated, and the going concern basis was not appropriately considered. These deficiencies led to material misstatements and significant delays in finalising the audit.

4.14.46 The ANAO recommended the Trust strengthen its financial reporting by undertaking timely and comprehensive assessments of significant transactions, including those involving related entities; improving internal review processes with support from IBA; enhancing communication with stakeholders and auditors; and building technical capability in complex accounting areas.

4.14.47 The Trust agreed with the finding and acknowledged the need for improvement, noting that technical experts were engaged and further consultation occurred during the audit. IBA has advised that financial statements will not be prepared for 2024–25, as the Trust is no longer operating and is expected to be wound up.

IBA Retail Property Trust

4.14.48 The IBA Retail Property Trust (the Trust) is a unit trust created to hold commercial investment property. The Trust is a controlled entity of Indigenous Business Australia who is the trustee and holds more than 50 per cent of the units in the Trust. The Trust is a non-reporting entity and prepares financial statements to meet its obligations under its Trust Deed.

Conclusion

4.14.49 The ANAO issued an unmodified auditor’s report on the IBA Retail Property Trust’s financial statements on 11 August 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph drawing attention to the special purpose reporting framework applied in the preparation of the financial statements.

Kakadu Tourism GLC Pty Ltd

4.14.50 Kakadu Tourism (GLC) Pty Ltd (Kakadu Tourism) is a subsidiary of Indigenous Business Australia (IBA) a corporate Commonwealth entity. Kakadu Tourism provides environmentally sustainable tourism activities, services and products in the Northern Territory in partnership with the Traditional Owners of the Kakadu National Park.

2024–25 audit results

4.14.51 At the conclusion of the 2024–25 financial statements audit, the ANAO identified two audit findings that pose a moderate risk to Kakadu Tourism. One minor audit finding relating to the management of employee leave balances was upgraded and included in the moderate audit finding relating to governance and fraud risk matters. One minor finding related to instances of unauthorised purchase orders was resolved.

Table 4.14.10:  Status of audit findings

Note a: One minor audit finding relating to the management of employee leave balances was upgraded and included in the moderate audit finding relating to governance and fraud risk matters.

Source: ANAO 2024–25 audit results.

4.14.52 For each of the findings listed below, the ANAO undertook additional audit procedures to gain assurance that Kakadu Tourism’s 2024–25 financial statements were not materially misstated.

New moderate audit findings

Governance and fraud risk matters

4.14.53 The ANAO identified weaknesses in Kakadu Tourism’s governance framework and internal control environment, which collectively increase the risk of fraud, financial misstatement, and non-compliance. Key deficiencies included the absence of a formal fraud control plan, lack of independent review of manual journal entries, inconsistent revenue reconciliation practices, outdated IT system access rights, and unresolved variances in cash reconciliations. Additionally, bonus payments lacked formal substantiation, and employee conditions were not clearly aligned with the applicable industrial award, creating potential compliance risks.

4.14.54 The ANAO also noted excessive leave balances among senior finance staff, which limit role rotation and increase fraud risk. These issues reflect insufficient oversight, poor documentation, and a lack of formal governance structures across critical financial processes.

4.14.55 The ANAO recommended Kakadu Tourism strengthen its control environment through improved Executive and Board oversight, formalisation of governance frameworks, enhanced operational controls, and targeted assurance over high-risk areas. Embedding these measures within a structured governance model will support transparency, accountability, and resilience in financial management.

4.14.56 Kakadu Tourism agreed with the finding and has commenced implementation of a Governance Improvement Plan, with monthly reporting to the Board to ensure oversight and accountability. The ANAO acknowledges Kakadu Tourism’s engagement and commitment to strengthening its governance and control environment.

Financial statements preparation

4.14.57 The ANAO identified recurring deficiencies in Kakadu Tourism’s financial statements preparation process, which contributed to audit delays, operational inefficiencies, and increased audit risk. Key issues included the absence of a formal preparation plan and timetable, lack of internal quality assurance protocols, and inadequate documentation to support financial reporting. Reconciliation processes were incomplete or delayed, and several accounting treatments—such as lease disclosures and long service leave provisions—were inaccurate or inconsistent with applicable standards.

4.14.58 Resource constraints and planning challenges further impacted audit readiness, including the absence of key finance personnel during critical periods. These weaknesses reduced confidence in the reliability of financial reporting and increased the risk of material misstatements.

4.14.59 The ANAO recommended Kakadu Tourism strengthen internal controls, implement a structured financial reporting timetable, improve resource planning, and establish formal review and quality assurance processes. Enhanced Board oversight and timely resolution of complex accounting matters will be essential to improving audit efficiency and ensuring compliance with financial reporting obligations.

4.14.60 Kakadu Tourism agreed with the finding and committed to strengthening financial reporting processes and ensuring compliance going forward.

Performance Bond Fund

4.14.61 The Performance Bond Fund (the Trust) was created to assist and enhance indigenous Australian self-management and economic self-sufficiency, and to advance the commercial and economic interests of indigenous Australians. The Trust assists Aboriginal and Torres Strait Islander businesses to secure and deliver contracts by providing performance and warranty bonds. These bonds act as a guarantee to buyers that contractual obligations will be met, reducing the need for businesses to provide 100 per cent cash security as required by banks.

4.14.62 The Trust is a controlled entity of Indigenous Business Australia who is the trustee and exercises significant control over the operations of the Trust. The Trust is a non-reporting entity and prepares financial statements to meet its obligations under its Trust Deed.

Conclusion

4.14.63 The ANAO issued an unmodified auditor’s report on the Performance Bond Fund’s financial statements on 14 August 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph drawing attention to the special purpose reporting framework applied in the preparation of the financial statements.

Tennant Creek Land Holding Trust

4.14.64 The Tennant Creek Land Holding Trust (the Trust) is a unit trust created to hold commercial investment property in Tennant Creek, Northern Territory. The Trust is a controlled entity of Indigenous Business Australia who is the trustee and holds more than 50 per cent of the units in the Trust. The Trust is a non-reporting entity and prepares financial statements to meet its obligations under its Trust Deed.

Conclusion

4.14.65 The ANAO issued an unmodified auditor’s report on the Tennant Creek Land Holding Trust’s financial statements on 20 August 2025. Without modifying the audit opinion, the auditor’s report included an emphasis of matter paragraph drawing attention to the special purpose reporting framework applied in the preparation of the financial statements.

Central Land Council

4.14.66 The Central Land Council (CLC) is a corporate Commonwealth entity established in September 1975, following representation by Aboriginal people in Central Australia to the Australian Government for recognition of their distinct geographic and cultural identity. CLC was formed under the Aboriginal Land Rights (Northern Territory) Act 1976 (ALRA Act) and is the statutory authority with the responsibility and capacity to direct and administer the Central Aboriginal Land Trust. It supports Aboriginal people in acquiring and managing land, protecting sacred sites, and promoting social, cultural, and economic development across the region.

2024–25 audit results

4.14.67 At the conclusion of the 2024–25 financial statements audit, one moderate audit finding was resolved.

Table 4.14.11: Status of audit findings

Source: ANAO 2024–25 audit results.

Resolved moderate audit finding

Related Party Disclosures

4.14.68 During the 2024–25 financial statements audit, a moderate-risk issue was identified relating to CLC’s related party disclosures. The disclosures did not include all information necessary for the users of the financial statements to fully understand the nature of related party relationships and transactions. This was raised in the 2024-25 Interim Management Letter with a recommendation to establish a more thorough process to ensure the related party disclosures are complete and accurate at year-end, including improved documented procedures around preparation of related party disclosures in the annual financial statements.

4.14.69 In response to the interim finding, CLC enhanced its related party disclosures in the 2024–25 financial statements. This included additional details regarding the nature of CLC’s interests in Centrecorp Aboriginal Investment Corporation Pty Ltd. In making these additional disclosures CLC highlighted that the omission of this information in previous years was a prior period error. In response to the audit finding, CLC also undertook to improve its processes around the compilation of the required related parties information going forward.

4.14.70 The ANAO reviewed the updated disclosures and supporting information and agreed with CLC’s assessment that it does not control or have significant influence over Centrecorp, or other entities mentioned in the related parties note. As a result, the ANAO considers that this matter has been resolved.

Northern Land Council

4.14.71 The Northern Land Council (NLC) is a corporate Commonwealth entity formed under section 21 of the Aboriginal Land Rights (Northern Territory) Act 1976 (ALRA Act). The NLC is responsible for assisting Aboriginal peoples in the top end of the Northern Territory to acquire and manage their traditional lands and seas.

2024–25 audit results

4.14.72 At the conclusion of the 2024–25 financial statements audit, one significant legislative breach remains unresolved.

Table 4.14.12: Status of audit findings

Source: ANAO 2024–25 audit results.

4.14.73 For the finding listed below, the ANAO undertook additional audit procedures to gain assurance that NLC’s 2024–25 financial statements were not materially misstated.

Unresolved significant legislative breach

Management of Royalty Trust Account

4.14.74 The Aboriginal Land Rights (Northern Territory) Act 1976 (ALRA Act) establishes the Council’s responsibilities for payments in respect of Aboriginal land, requiring payment of an amount equal to amounts received to, or for the benefit of, the traditional owners of the land, within six months after that amount is received through the Royalty Trust Account. Previous audits have identified non-compliance with this requirement of the ALRA Act.

4.14.75 NLC commenced a royalty reform project in 2016–17 to address the legislative requirements. The project was aimed at reducing incidents of non-compliance with the ALRA Act and reconciling outstanding balances in the royalty trust account to identify the appropriate owners for distribution. The NLC also established a Benefits Distribution Unit, and strategies were undertaken to expedite the distribution of payments to traditional owners. The NLC sought to vary the terms with beneficiaries to allow for payments to be accelerated.

4.14.76 Consistent with the prior year, during 2024–25 the ANAO tested the royalty trust account management for the period 1 July 2024 to 30 June 2025. Based on the procedures performed, the ANAO identified contracts where the distribution of royalty monies to traditional owners was not made within six months, as required under subsections 35(3) and 35(4) of the ALRA Act.

4.14.77 NLC advised the ANAO in 2024–25 that it continues to implement the strategies with a focus on continuous improvement in meeting its statutory obligations under the ALRA Act.

4.14.78 In 2024–25, NLC sought standing instructions from traditional owner groups receiving regular income to facilitate timely distributions and minimise delays associated with consultation. Several groups agreed to receive biannual distributions in June and December, contributing to improved compliance in certain regions. To support this, NLC commenced monthly monitoring of the six-month payment obligation by tracking the proportion of income received and distributed within the prescribed timeframe.

Office of the Official Secretary to the Governor-General

4.14.79 The Office of the Official Secretary to the Governor-General (Office) is a non-corporate Commonwealth entity established by the Governor-General Act 1974. Its functions are to support the Governor-General in their duties, including managing national and international engagements, maintaining official residences, and administering the Australian Honours and Awards system.

2024–25 audit results

4.14.80 At the conclusion of the 2024–25 financial statements audit, the ANAO identified one finding that poses a moderate business risk to the Office. One minor finding was resolved.

Table 4.14.13: Status of audit findings

Source: ANAO 2024–25 audit results.

4.14.81 For the finding listed below, the ANAO undertook additional audit procedures to gain assurance that the Office’s 2024–25 financial statements were not materially misstated.

New moderate audit finding

Financial Sustainability

4.14.82 The financial statements of the Office for the year ended 30 June 2025 has raised concerns about the organisation’s ability to meet its financial obligations in the short and the long term. Below are some of the key indicators:

• Net Deficit: $1,971,979 (2023–24: 2,447,866)
• Negative Net Assets: $499,617
• Negative Net Operating Cash Flows: $14,362
• Actual expenses higher than the budgeted expenditure during 2024–25 (exceed by $1.4 million)

4.14.83 The Office made a notable reduction in the supplier expenses in 2024–25. However, this saving has been partially offset by an increase in employee expenses due to the impact of the new employee bargaining agreement and an increase in number of employees. The Office’s cost base is expected to increase due to general inflation and wage increases overtime. According to the employee bargaining agreement, there are expected wage increases in January 2026 (3.8%) and January 2027 (3.4%).

4.14.84 With the current level of appropriation revenue, the Office’s deficit is going to widen in each of the forward years. In addition to the regular employee and supplier expenses, the Office already has an employee provision liability of $2.8 million of which $1.0 million is expected to be paid within the next 12 months. When these payments fall due in the short term, the funding pressure is expected to increase.

4.14.85 The Office is considering strategies in 2025–26 to meet its expenditure commitments. If these planned strategies are not successful, significant cash flow issues are expected towards May and June 2026. Without appropriate processes to manage cash flows, there is a risk that the Office may not be able to meet some of its financial commitments.

4.14.86 The ANAO has recommended that the Office conduct a short-term and long-term financial planning activity to reach a strategic solution to the current and future funding. This should also be coupled with rigorous cash management controls such as internal budget monitoring and a realignment process on a monthly basis.

Tiwi Land Council

4.14.87 The Tiwi Land Council (TLC) was established on 18 August 1978, following representation by the Tiwi people to the Australian Government for recognition of their distinct geographic and cultural identity. TLC was instituted by the Minister for Aboriginal Affairs at a special gathering on Bathurst Island on 7 September 1978. TLC is the only body with authority and capacity to direct and administer the Tiwi Aboriginal Land Trust established under the Aboriginal Land Rights (Northern Territory) Act 1976 (ALRA Act).

2024–25 audit results

4.14.88 At the conclusion of the 2024–25 financial statements audit, one minor audit finding was resolved, and one significant legislative breach remains unresolved.

Table 4.14.14: Status of audit findings

Source: ANAO 2024–25 audit results.

4.14.89 For the finding listed below, the ANAO undertook additional audit procedures to gain assurance that TLC’s 2024–25 financial statements were not materially misstated.

Unresolved significant legislative breach

Non-compliance with the ALRA ACT

4.14.90 The ALRA Act establishes TLC’s responsibilities for payments in respect of Aboriginal land, requiring payment of an amount equal to amounts received to, or for the benefit of, the traditional owners of the land, within six months after that amount is received through the Royalty Trust Account. Previous audits have identified non-compliance with this requirement of the ALRA Act.

4.14.91 During the 2023–24 audit, the ANAO identified that a total of $808,000 of royalties had been held by TLC for more than 6 months. TLC sought advice regarding distribution of the funds by an alternative mechanism to an identified Aboriginal Corporation who would then pay the funds to the appropriate traditional owners to assist with their township leasing rental payments in accordance with Section 35(4B) and Section 36 of the ALRA Act. These sections of the ALRA Act require that any funds received by TLC from the Aboriginals Benefits Account must be paid to a relevant Aboriginal Corporation within six months of receipt.

4.14.92 TLC advised the ANAO that it has taken all reasonable steps to comply with subsection 35(4B) of the ALRA Act, which requires payment to an Aboriginal and Torres Strait Islander Corporation for the benefit of traditional owners.

4.14.93 As no such corporation currently exists, TLC sought Ministerial approval under subsection 35(5) for an alternative payment method. The Minister declined the proposal and did not issue a determination to enable compliance with subsection 35(4B).

4.14.94 During the 2024–25 final audit, the ANAO noted that funds continue to be held in TLC’s land use funds account. The TLC advised the ANAO that it is awaiting the establishment and registration of a corporation by the Wulirankuwu clan group with ORIC before releasing the funds. TLC is providing administrative support to Tiwi Resources Pty Ltd to assist with progressing this establishment.

Wreck Bay Aboriginal Community Council

4.14.95 The Wreck Bay Aboriginal Community Council (the Council) was established by the Aboriginal Land Grant (Jervis Bay Territory) Act 1986 (the Act). The Act allowed for the grant of freehold title of 403 hectares of land in the Jervis Bay Territory to the Council. The Council: manages and maintains the land; provides services and programs to the community; and conducts business enterprises for the economic and social benefit of the community.

2024–25 audit results

4.14.96 At the conclusion of the 2024–25 financial statements audit, one moderate finding remains unresolved, one minor audit finding was resolved, and one minor audit finding remains unresolved.

Table 4.14.15: Status of audit findings

Note a: One moderate audit finding was reassessed to a minor audit finding during the 2024–25 audit.

Source: ANAO 2024–25 audit results.

4.14.97 For each of the findings listed below, the ANAO undertook additional audit procedures to gain assurance that the Council’s 2024–25 financial statements were not materially misstated.

Unresolved moderate audit finding

Deficiencies in corporate governance arrangements

4.14.98 During the course of the 2022–23 financial statements audit, the ANAO identified a number of deficiencies in the Council’s governance arrangements including relating to procurement, record keeping and approval for expenditure of funds.

4.14.99 The ANAO identified instances where policies and procedures that would support appropriate governance in relation to procurement were not in place or not regularly reviewed, including a procurement policy not being in place and policies relating to the Council’s Community Supporting Program Grants not being subject to regular review and approval as required by each policy.

4.14.100 During 2024–25, the Council implemented a formal procurement policy, commenced development on a SharePoint site to make policies readily available to all staff, maintained a conflict of interest register at all Board meetings and annual disclosures were completed by all Board members.

4.14.101 The Audit Committee was dissolved in March 2025 when a new board was elected. A new Audit Committee has been formed however it is short one community representative required under the Audit Committee Charter. A Board meeting held 29 September 2025 resolved to update the Audit Committee Charter to allow for an independent person to be appointed if not enough community members can be found.

4.14.102 The ANAO recommended that the Council’s Audit Committee should fulfil its responsibilities under the Audit Committee Charter to hold meetings at least four times during the financial year, ensuring attendance to satisfy a quorum, and the Council should introduce more robust reporting through the Audit Committee.

4.14.103 The finding continues to be a moderate risk area while the recommended action remains outstanding.

Reduced moderate audit finding

Financial statements preparation process

4.14.104 During the 2022–23 audit, the ANAO identified a number of weaknesses in the Council’s financial statements preparation process. These weaknesses included a number of amendments and versions of the financial statements being produced by the Council after the draft financial statements were provided to the ANAO for audit as well as a number of errors in balances and disclosures.

4.14.105 These weaknesses indicated there were deficiencies in the Council’s financial statements preparation process, particularly relating to the implementation and/or effectiveness of quality controls; the quality of workpapers; and Council’s processes for interpretation of accounting standards or accounting positions. Weaknesses in the financial statement’s preparation process increase the risk that the financial statements prepared by the Council could include a material misstatement.

4.14.106 Several improvements were noted during the 2024-25 audit, including: prepared lead schedules including explanations for movements in balances from prior year; improved related party processes including annual conflict of interest disclosures by Board members; and improved annual stocktake procedures including sufficient supporting documentation to understand the methodology used, who was involved in the conduct of the stocktake, the results of the stocktake, and sign-off by the person/s involved and the approval of the final result.

4.14.107 The ANAO considered these actions as improving governance arrangements at the Council and the finding was reduced to a minor audit finding. The finding remains outstanding as the process around manual journals lacks documented evidence of the preparer and approver. A review of manual journals is conducted as part of the month end process however this may not contain all journals entered during the period and is not conducted in a timely enough manner to detect fraud.

4.15 Social Services portfolio

Portfolio overview

4.15.1 The Social Services portfolio is responsible for achieving the Australian Government’s social policy outcomes and delivering social security priorities through policy advice, program administration and research.²⁹

4.15.2 Table 4.15.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.15.1: Social Services portfolio material and other entities discussed in this chapter

Source: ANAO 2024–25 audit results.

Audit findings

4.15.3 Table 4.15.2 presents a summary of the total number of unresolved findings by entities in Social Services portfolio at the conclusion of the 2024– 25 audits.

Table 4.15.2: Unresolved audit findings by entities in the Social Services portfolio

Source: ANAO 2024–25 audit results.

4.15.4 Table 4.15.3 presents a summary of the total number of legislative breaches by entities in the Social Services portfolio at the conclusion of the 2024–25 audits.

Table 4.15.3: Legislative breaches by entities in the Social Services portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.15.5 Table 4.15.4 provides a summary of audit differences that relate to entities within the Social Services portfolio.

Table 4.15.4: The number of audit differences for entities in Social Services portfolio

Source: ANAO analysis of audit differences reported to entities in Social Services portfolio.

Department of Social Services

4.15.6 The Department of Social Services (DSS) is the lead entity in the Social Services portfolio and has two core areas of responsibility:

• a sustainable social security system that incentivises self-reliance and supports people who cannot fully support themselves by providing targeted payments and assistance; and
• contributing to stronger and more resilient individuals, children, families and communities by providing targeted supports.

Engagement risk rating

4.15.7 The engagement risk for DSS’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• high level of public interest, and Parliamentary scrutiny of, DSS’ activities in administering social welfare programs for the Australian community;
• improving governance and oversight resulting from reviews such as the Royal Commission into the Robodebt scheme;
• the range and complexity of DSS’ operations, including a complex and outsourced IT environment;
• reliance on third parties to provide information that determines social welfare and grant payments; and
• significant judgements and assumptions made in the estimation process around the valuation of personal benefit provisions and receivables for financial reporting purposes.

2024–25 audit results

4.15.8 At the conclusion of the 2024–25 financial statements audit, one instance of non-compliance with legislation that DSS is required to comply with, and two audit findings posing a moderate business or financial risk to DSS remain unresolved. One minor audit was identified, and three minor audit findings remain unresolved. One moderate and two minor audit findings were resolved.

4.15.9 During the 2025–26 audit, the ANAO will assess action taken by DSS to address the risks identified.

Audit findings

Table 4.15.5: Status of significant and moderate audit findings raised by the ANAO

Note a: One significant legislative breach was reassessed to a non-significant legislative breach during 2024–25

Source: ANAO 2024–25 audit results.

Unresolved moderate audit findings

SAP terminations monitoring and reporting

4.15.10 During previous audits, the ANAO identified weakness in controls relating to SAP user access terminations and instances of users logging into SAP after their termination date where DSS could not provide evidence of the actions taken or recorded for the investigation as part of the terminations review process.

4.15.11 DSS implemented a monthly and quarterly reporting component to address the identified risks. In 2023–24, the ANAO identified that the internally generated reports used as part of these controls may not be complete, accurate or fit for purpose.

4.15.12 During the 2024–25 final audit, the ANAO reviewed DSS’ progress in ensuring the completeness of the SAP termination report generated monthly. This report serves as the basis for the identification of potential post-termination logins. DSS has streamlined the data extraction process to provide a consolidated cessation listing for the detection and investigation of post-termination login activities.

4.15.13 The ANAO evaluated the completeness of the cessation reports generated for March and April 2025 and reviewed the identification of post-termination logins. Post-termination logins are detected and investigated appropriately, however the report is generated using cessation dates recorded during the month and up to the data extraction date for each month. As such, cessations entered after the monthly cut-off (around the 15th) for a preceding month are not included, which leads to potential post-termination logins not being detected.

4.15.14 The ANAO will review DSS’ progress in addressing this finding as part of the 2025–26 audit.

SAP privileged user monitoring

4.15.15 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.15.16 During the 2023–24 audit, the ANAO identified that the monitoring undertaken did not verify that the activities which are being performed by privileged users are appropriate. This is a weakness in the monitoring of privileged user activities within the financial and human resources management information systems. This increases the risk that inappropriate or inaccurate activities undertaken by these privileged users are not identified.

4.15.17 The ANAO recommended that DSS regularly review and annually certify the currency of:

• a comprehensive risk assessment for privileged access;
• risk management strategies for identified risks; and
• results of risk strategy measures; and assessment and appropriate management of any residual risks.

4.15.18 During the 2024–25 final audit, the ANAO tested the design and implementation of relevant activity logging and monitoring controls and assessed them as effective with adequate records being retained to demonstrate the appropriateness of the activity log reviews performed. The ANAO will review the ongoing operating effectiveness of these controls and DSS’ actions to address the remaining elements of this finding during the 2025–26 audit.

Unresolved non-compliance with legislation

Income Apportionment

4.15.19 In 2022–23 the ANAO became aware of legal issues being managed by DSS associated with the ‘income apportionment’ matter that was the subject of an own-motion investigation by the Office of the Commonwealth Ombudsman (Ombudsman).

4.15.20 Income apportionment is a practice that dates back to the early 1990s. The Ombudsman highlighted that “since at least 2003 to 7 December 2020, Services Australia was unlawfully apportioning customer’s income across two or more Centrelink instalment periods and that this in turn likely affected social security payment rates and may have led to unfair debts against customers”. The Ombudsman also noted differences of opinion by legal providers over the interpretation of the Social Services legislation which has made resolution of this issue difficult.

4.15.21 In 2024–25 DSS provided the ANAO a position paper that outlined the department’s proposed treatment of income apportionment including recognition of a liability (provision) in the 2024–25 financial statements. The ANAO reviewed the DSS position paper, tested the recognition of the income apportionment provision and the proposed presentation of disclosure in the 2024–25 financial statements.

4.15.22 As a result of the work to date by DSS, this finding has been reassessed from a significant legislative breach to a non-significant legislative breach at the conclusion of the 2024–25 audit.

4.15.23 The ANAO recommends that DSS:

• continue to monitor the status and effectiveness of the Government’s approach to resolving income apportionment; and
• with the assistance of Services Australia, work to ensure there is effective debt management over individual debt balances impacted by income apportionment.

Resolved moderate audit finding

Disability Employment Services (DES) assurance programs

4.15.24 During the 2022–23 audit, the ANAO identified that there were significant timing delays in presenting the quarterly assurance reports in respect of the Disability Employment Services (DES) programs. This was reported as a minor audit finding. During the 2023–24 audit, the finding was increased to moderate due to the limited progress in addressing the recommendations made by the ANAO, the importance of the related control and existence of both financial and business risks relating to grants to a vulnerable group.

4.15.25 The quarterly reports for 2024–25 were completed ahead of or on-schedule. In addition, DSS developed frameworks and reporting mechanisms to seek to continuously improve controls over the DES.

4.15.26 The ANAO considers that DSS has addressed the risk identified and this audit finding has been resolved.

Key financial balances and areas of financial statements risk

4.15.27 Figures 4.15.1 and 4.15.2 shows the key financial statements balances reported by DSS at 30 June 2025.

Figure 4.15.1: Key departmental financial statements balances

Source: DSS’s 2024–25 financial statements.

Figure 4.15.2: Key administered financial statements balances

Source: DSS’ 2024–25 financial statements.

4.15.28 Table 4.15.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of DSS.

Table 4.15.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and DSS’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.15.29 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements. DSS has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the action taken by DSS as part of the 2025–26 audit.

4.15.30 The ANAO issued an unmodified auditor’s report on DSS’s financial statements on 24 September 2025.

Services Australia

4.15.31 Services Australia is the Australian Government’s primary payment and service delivery provider. Services Australia delivers a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include income support payments and services, aged care payments, Medicare payments and services, child support services, and a range of ICT functionalities for Australian Government departments and agencies.

Engagement risk rating

4.15.32 The engagement risk for Services Australia 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• the role of Services Australia in the delivery of the Australian Government’s social welfare and health benefits programs;
• heightened public interest and parliamentary scrutiny in Services Australia’s operations; and
• significant audit findings identified by the ANAO, and multiple unresolved moderate and minor audit findings.

2024–25 audit results

4.15.33 At the conclusion of the 2024–25 audit, one significant legislative breach, one audit finding posing a significant business or financial risk to Services Australia, and three audit findings posing a moderate business or financial risk to Services Australia remain unresolved from prior audit periods. One significant audit finding was revised to a moderate audit finding, and one moderate audit finding was revised to a minor audit finding. Four minor audit findings were identified, six minor audit findings were resolved, and seven minor audit findings remain unresolved from prior audit periods.

4.15.34 During the 2025–26 audit, the ANAO will assess action taken by Services Australia to address the risks identified.

Audit findings

Table 4.15.7: Status of significant and moderate audit findings raised by the ANAO

Note a: One significant audit finding was reassessed to a moderate audit finding, and one moderate audit finding was reassessed to a minor audit finding.

Source: ANAO 2024–25 audit results.

Unresolved significant audit finding

Medicare Compensation Recovery Scheme

4.15.35 Services Australia is responsible for the administration of the Medicare Compensation Recovery Scheme (MCRS) on behalf of the Department of Health, Disability and Aged Care. In accordance with the Health and Other Services (Compensation) Act 1995 (the Act) receipt of a Medicare health benefit or subsidy, and receipt of compensation greater than $5,000, for the same illness, triggers a requirement to repay the health benefit and subsidy to the Australian Government.

4.15.36 In 2023–24 the ANAO identified that over 50 per cent of cases were not assessed by Services Australia within the statutory timeframes, contrary to specific requirements in the Act to process claims within timeframes or to make decisions to not pursue recovery. The Act requires that Services Australia must issue notices prior to statutory time periods expiring and has no discretion to not pursue recovery.

4.15.37 Services Australia’s non-compliance with the Act resulted in non-collection of revenue from ‘non-advance payments’ that would have otherwise been owed to the Australian Government for Medicare benefits for treatments for which compensation was received.

4.15.38 During 2024–25 the level of processing significantly improved however it is still not within legislative timeframes.

Unresolved significant legislative breach

Significant matters in Services Australia’s program delivery

4.15.39 Services Australia delivers social welfare and health programs and payments. Understanding of, and compliance with, legislation, is a key component underlying Services Australia’s delivery of these programs. During 2023–24, the ANAO became aware of breaches of legislation with respect to the: child support program; aged care program; and private health insurance rebate. These breaches included:

• the use of pre-issue income, instead of taxable income in calculating child support assessments and amounts recoverable from or payable to individuals in contravention of the Child Support (Assessment) Act 1989;
• a quarterly review process used by Services Australia to validate a care recipient’s maximum subsidy entitlement in arrears was inconsistent with the relevant provisions of the Aged Care Act 1997; and
• payments made under the Private Health Insurance Act 2007 without a decision as to the correctness or reasonableness of the claimed amount which may be inconsistent with the legislation.

4.15.40 These issues highlight significant legal concerns with Services Australia’s delivery of key programs on behalf of the Australian Government and policy agencies. Services Australia is making progress towards addressing the risks identified by ANAO and has implemented systems as recommended by the ANAO.

4.15.41 Services Australia has implemented significant processes during the year however the breaches above are yet to be resolved.

Unresolved moderate audit findings

Monitoring of super users (Medicare, Child Support and Health)

4.15.42 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others. During the 2022–23 audit, the ANAO identified weaknesses in the effectiveness of Services Australia’s monitoring of privileged user activities within the Medicare, Child Support and Health IT mainframes.

4.15.43 At the conclusion of the 2024–25 audit, Services Australia had not undertaken remedial actions to fully address the ANAO’s recommendations.

Monitoring of super users (Centrelink)

4.15.44 Maintaining and supporting IT systems requires some user accounts, both at the network and the application level, to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others. During the 2022–23 audit, the ANAO identified weaknesses in the effectiveness of Services Australia’s monitoring of privileged user activities within the Centrelink IT mainframe.

4.15.45 At the conclusion of the 2024–25 audit, Services Australia had not undertaken remedial actions to fully address the ANAO’s recommendations.

New Residential Aged Care System Access Management

4.15.46 In August 2022, Services Australia implemented a new residential aged care system. Maintaining and supporting IT systems requires some user accounts to have extensive access rights (privileged access). Privileged user accounts can be used to circumvent security controls to make direct changes, either to system settings or systems data, or to access files and accounts used by others.

4.15.47 During the 2022–23 audit, the ANAO identified that there were weaknesses in the design and operating effectiveness of controls supporting privileged and other user access. More broadly, the ANAO has observed a break-down in Services Australia’s re-established security governance control framework, particularly the lack of formal system accreditation or other supporting system security risk assessments that would identify and allow system and project owners to formally analyse, understand and mitigate and/or accept key security governance risks prior to the implementation of the new system. The ANAO recommended that Services Australia strengthen privileged user access and logging and monitoring processes.

4.15.48 During the 2024–25 audit, Services Australia implemented a weekly and monthly monitoring process to detect and investigate rule-based alerts generated from its Security Information and Event Management (SIEM) indicating privileged activity.

4.15.49 These reviews mostly verified that the action type was approved rather than confirming the appropriateness of the activity or changes made. The weekly and monthly reviews were not performed consistently, and it was not clear which key control is being relied upon.

Resolved significant audit finding

IT Governance

4.15.50 During the 2022–23 audit, the ANAO examined controls around significant IT systems supporting the preparation of the financial statements. The ANAO identified a significant audit risk in relation to the increasing number of issues in IT governance within Services Australia. In particular, the ANAO identified weaknesses in IT controls in the implementation of the large-scale IT roll-out for residential aged care and the re-emergence of many individual control issues affecting change and access management and business operations. The volume of the findings identified indicates that Services Australia’s IT governance and monitoring processes are not providing appropriate assurance that policy requirements have been implemented and are operating effectively.

4.15.51 This audit finding was revised to a moderate audit finding during the 2024–25 interim audit, recognising Services Australia’s progress in addressing the ANAO’s recommendations, including the implementation of policy compliance testing across key ICT systems, updating Disaster Recovery Plans, the establishment of oversight committees, and other work. The ANAO will continue to review Services Australia’s ongoing implementation of these activities.

Resolved moderate audit findings

Medicare Mainframe Passwords and User Access Management

4.15.52 During previous audits, the ANAO raised separate audit findings for issues relating to passwords and user access management for the Medicare Mainframe system (the Mainframe) and reported these to Services Australia. These findings included:

• Services Australia did not identify and remove Mainframe users in a timely manner who no longer had a valid business case to have access to the Mainframe;
• access management processes were not being managed in accordance with Services Australia’s User Access for ICT Systems Policy;
• supporting evidence of approvals for access was not retained for all users;
• changes to user accounts were being actioned without appropriate supporting evidence of the required approval; and
• lack of documented processes around how internal and external staff authenticate to the Mainframe.

4.15.53 These weaknesses reduce Services Australia’s ability to rely on the Mainframe’s underlying data, including data that is used to support the financial statements.

4.15.54 During 2024–25, Services Australia documented its risk assessment and processes around Medicare mainframe user access management, including passwords. This process included identifying how internal and external users authenticate to the Medicare mainframe.

4.15.55 Services Australia identified four cohorts of users and documented that they have identified all staff within each of the above cohorts and required them to be allocated an RSA token to authenticate to the Medicare Mainframe.

4.15.56 During testing, the ANAO identified nine user accounts that were not identified through the above process. Services Australia is currently reviewing these users.

4.15.57 The actions undertaken by Services Australia have contributed to a reduction in the associated risk. As such, the ANAO has revised the finding to a minor audit finding.

Medicare Benefits Schedule (MBS) Business Rule Restriction Lifts

4.15.58 The MBS Item Fee File system (the IFF System) is maintained by Services Australia to calculate the benefit payable on MBS claims. Within the IFF System, there are business rules and restrictions to ensure claims are automatically approved or pended for review by a service officer in accordance with the conditions applicable to each MBS item.

4.15.59 During the 2023–24 audit, the ANAO identified hat a process had been in place to lift restrictions on certain items when limitations in the IFF System would otherwise cause a valid claim to be rejected. The ANAO identified that invalid MBS claims may be processed using override codes while restriction lifts are active and that policy agencies may be unaware of the frequency or impact of changes to the control environment for MBS claims. Additionally, the ANAO identified that restriction lifts may be activated without appropriate approval as the IFF System’s logging criteria would not capture all restriction lifts to detect an inappropriate restriction lift.

4.15.60 There was a risk that invalid MBS claims may be processed by a service officer using an override code while a restriction lift is active.

4.15.61 This matter has now been resolved with Services Australia implementing a process to monitor MBS Restriction lifts and changes made.

FMIS and HRMIS Privileged User Management

4.15.62 This finding related to the ineffective logging and monitoring of user accounts with access to high-risk, financially significant transactions in the SAP enterprise resource planning system.

4.15.63 Services Australia has provided the ANAO with evidence that these risks have been resolved and the finding has been closed as part of the 2024–25 final audit phase.

Key financial balances and areas of financial statements risk

4.15.64 Figure 4.15.3 shows the key financial statements balances reported by the Services Australia at the conclusion of the 2024–25 audit.

Figure 4.15.3: Key departmental financial statements balances

Source: Services Australia’s 2024–25 financial statements.

4.15.65 Figure 4.15.4 shows the key financial statements balances reported by the Services Australia at 30 June 2025.

Figure 4.15.4: Key administered financial statements balances

Source: Services Australia’s 2024–25 financial statements.

4.15.66 Table 4.15.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Services Australia.

Table 4.15.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Services Australia’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.15.67 Although the ANAO identified audit findings during the 2024–25 audit, additional audit procedures were undertaken to obtain sufficient and appropriate evidence on the financial statements. Services Australia has advised the ANAO of the action it will take to remediate the audit findings identified. The ANAO will review the actions taken by Services Australia as part of the 2025–26 audit.

4.15.68 The ANAO issued an unmodified auditor’s report on Services Australia’s financial statements on 5 September 2025.

4.16 Treasury portfolio

Portfolio overview

4.16.1 The Treasury portfolio is responsible for a range of activities aimed at achieving strong, sustainable and inclusive economic and fiscal outcomes for Australians.

4.16.2 Table 4.16.1 identifies material and other entities specifically mentioned in this chapter.

Table 4.16.1: Treasury portfolio material and other entities discussed in this chapter

Audit findings

4.16.3 Table 4.16.2 presents a summary of the total number of unresolved findings by entities in the Treasury portfolio at the conclusion of the 2024– 25 audits.

Table 4.16.2: Unresolved audit findings by entity in the Treasury portfolio

Source: ANAO 2024–25 audit results.

4.16.4 Table 4.16.3 presents a summary of the total number of legislative breaches by entities in the Treasury portfolio at the conclusion of the 2024–25 audits.

Table 4.16.3: Legislative breaches by entity in the Treasury portfolio

Source: ANAO 2024–25 audit results.

Audit differences

4.16.5 Table 4.16.4 provides a summary of audit differences that relate to entities within the Treasury portfolio.

Table 4.16.4: The number of audit differences for entities in the Treasury portfolio

Source: ANAO analysis of audit differences reported to entities Treasury portfolio.

Department of the Treasury

4.16.6 The Department of the Treasury (Treasury) provides policy advice, analysis and the delivery of economic policies and programs, including legislation, administrative payments and regulatory functions, which support the effective management of the Australian economy.

Engagement risk rating

4.16.7 The engagement risk for Treasury’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity of financial statements balances which require increased management judgement and involves estimation uncertainty; and
• the significance of the payments made by the Treasury under the Federal Financial Relations framework.

2024–25 audit results

4.16.8 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to the Treasury. One moderate finding was resolved during the year, and one minor finding was identified during the audit.

4.16.9 During the 2025–26 audit, the ANAO will assess action taken by Treasury to address the risks identified.

Audit findings

Table 4.16.5: Status of significant and moderate audit findings raised by the ANAO

Resolved moderate audit finding

Estimation process for Disaster Recovery Funding Arrangements

4.16.10 The Disaster Recovery Funding Arrangements (DFRA) provision represents Treasury’s best estimate of future payments expected to be made to States and Territories in respect of financial assistance for declared disaster events. The DFRA provision was previously based solely on estimates (discounted to present value) from States and Territories on their assessment of costs incurred or expected to be incurred for declared natural disaster events.

4.16.11 During 2023–24, there was a large re-estimation for previously declared disasters due to delays in estimating eligible costs for significant declared disasters. As a result, the ANAO identified that the provision may be subject to volatility and at risk of significant over- or under-estimation. The ANAO recommended Treasury review the estimation process adopted, particularly for extreme disaster events, to refine the estimation methodology.

4.16.12 During the 2024–25 audit, Treasury changed its estimation methodology for the DRFA provision to incorporate two actuarial models developed with the assistance of the Australian Government Actuary, to account for the development of state or territory cost estimates over time and incorporate geospatial data in determining a provision for recently occurring disasters. The ANAO noted that this change in methodology results in all declared disaster events as at reporting date being included in the provision and considers the revised methodology improves the reliability of Treasury’s estimate. As a result, the ANAO considers this finding has been resolved.

Key financial balances and areas of financial statements risk

4.16.13 Figure 4.16.1 and Figure 4.16.2 show the key financial statements balances reported by the Treasury at 30 June 2025.

Figure 4.16.1: Key departmental financial statements balances

Source: Treasury’s 2024–25 financial statements.

Figure 4.16.2: Key administered financial statements balances

Source: Treasury’s 2024–25 financial statements.

4.16.14 Table 4.16.6 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the Treasury.

Table 4.16.6: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Treasury’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.15 The ANAO issued an unmodified auditor’s report on the Treasury financial statements on 18 September 2025.

Australian Bureau of Statistics

4.16.16 The Australian Bureau of Statistics (ABS) is Australia’s national statistical agency. It provides independent and trusted official statistics on a range of economic, social, population and environmental matters of importance to governments, industry, and the wider Australian community.

Engagement risk rating

4.16.17 The engagement risk for ABS’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• a mature system of internal control, management oversight, and quality review procedures to support the preparation of the financial statements; and
• no findings carried over from the previous audit.

2024–25 audit results

4.16.18 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to the ABS.

Key financial balances and areas of financial statements risk

4.16.19 Figure 4.16.3 shows the key financial statements balances reported by the ABS at 30 June 2025.

Figure 4.16.3: Key financial statements balances

Source: ABS’s 2024–25 financial statements.

4.16.20 Table 4.16.7 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the ABS.

Table 4.16.7: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ABS’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.21 The ANAO issued an unmodified auditor’s report on the ABS’s financial statements on 4 September 2025.

Australian Office of Financial Management

4.16.22 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets. It issues Treasury Bonds, Treasury Indexed Bonds and Treasury Notes, manages the government’s cash balances and invests in high quality financial assets under the Australian Business Securitisation Fund and the Structured Finance Support Fund.

Engagement risk rating

4.16.23 The engagement risk for AOFM’s 2024–25 financial statements audit has been assessed as moderate. Key factor contributing to this rating include:

• the complexity of AOFM’s operations and investments, including management of the Australian Government’s debt portfolio.

2024–25 audit results

4.16.24 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to AOFM.

Key financial balances and areas of financial statements risk

4.16.25 Figure 4.16.4 and Figure 4.16.5 show the key financial statements items reported by AOFM at 30 June 2025.

Figure 4.16.4: Key departmental financial statements balances

Source: AOFM’s 2024–25 financial statements.

Figure 4.16.5: Key administered financial statements balances

Source: AOFM’s 2024–25 financial statements.

4.16.26 Table 4.16.8 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of AOFM.

Table 4.16.8: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and AOFM’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.27 The ANAO issued an unmodified auditor’s report on AOFM’s financial statements on 1 September 2025.

Australian Prudential Regulation Authority

4.16.28 The Australian Prudential Regulation Authority (APRA) is responsible for the prudential regulation of the Australian financial services industry through the oversight of banks, credit unions, building societies, friendly societies, general insurers, life insurers, private health insurers, reinsurance companies and most of the superannuation industry. APRA is funded largely by the industries that it regulates.

Engagement risk rating

4.16.29 The engagement risk for APRA’s 2024–25 financial statements audit has been assessed as low. Key factors contributing to this rating include:

• APRA’s established governance arrangements for the preparation of financial statements; and
• the ANAO’s assessment of internal controls as effective in prior years and minor nature of audit findings identified in prior years.

2024–25 audit results

4.16.30 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to APRA.

Key financial balances and areas of financial statements risk

4.16.31 Figure 4.16.6 and Figure 4.16.7 show the key financial statements balances reported by APRA at 30 June 2025.

Figure 4.16.6: Key departmental financial statements balances

Source: APRA’s 2024–25 financial statements.

Figure 4.16.7: Key administered financial statements balances

Source: APRA’s 2024–25 financial statements.

4.16.32 Table 4.16.9 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of APRA.

Table 4.16.9: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and APRA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.33 The ANAO issued an unmodified auditor’s report on APRA’s financial statements on 12 August 2025.

Australian Reinsurance Pool Corporation

4.16.34 Australian Reinsurance Pool Corporation (ARPC) was established by the Terrorism and Cyclone Insurance Act 2003. ARPC is responsible for administering the Terrorism Reinsurance Pool, providing primary insurers with reinsurance for commercial property and associated business interruption losses arising from a declared terrorist incident, and the Cyclone Reinsurance Pool providing insurers with reinsurance for household, strata and small business property insurance for losses arising from cyclone and cyclone related flooding for declared cyclone events.

Engagement risk rating

4.16.35 The engagement risk for ARPC’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complex finance and business operations of the Cyclone Reinsurance Pool; and
• the increasing frequency and values of claims expected with applicable cyclone events.

2024–25 audit results

4.16.36 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ARPC.

Key financial balances and areas of financial statements risk

4.16.37 Figure 4.16.8 show the key financial statements balances reported by ARPC at 30 June 2025.

Figure 4.16.8: Key departmental financial statements balances

Source: ARPC’s 2024–25 financial statements.

4.16.38 Table 4.16.10 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ARPC.

Table 4.16.10: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ARPC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.39 The ANAO issued an unmodified auditor’s report on the financial statements on 28 August 2025.

Australian Securities and Investments Commission

4.16.40 The Australian Securities and Investments Commission (ASIC) is Australia’s integrated corporate, financial services, markets and consumer credit regulator, supporting a fair, strong and efficient financial system for all Australians. ASIC’s core responsibility is to maintain and facilitate the performance of Australia’s financial system and promote confident and informed participation by investors and consumers.

Engagement risk rating

4.16.41 The engagement risk for ASIC’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• administration of large revenue streams associated with corporate fees, fines, levies and management of unclaimed monies; and
• estimation uncertainty associated with the determination for the provision for future repayments of unclaimed monies.

2024–25 audit results

4.16.42 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to ASIC. Two minor findings were identified during the audit.

4.16.43 During the 2025–26 audit, the ANAO will assess action taken by ASIC to address the risks identified.

Key financial balances and areas of financial statements risk

4.16.44 Figures 4.16.9 and Figure 4.16.10 show the key financial statements balances reported by ASIC at 30 June 2025.

Figure 4.16.9: Key departmental financial statements balances

Source: ASIC’s 2024–25 financial statements.

Figure 4.16.10: Key administered financial statements balances

Source: ASIC’s 2024–25 financial statements.

4.16.45 Table 4.16.11 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of ASIC.

Table 4.16.11: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ASIC’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.46 The ANAO issued an unmodified auditor’s report on ASIC’s financial statements on 14 August 2025.

Australian Taxation Office

4.16.47 The Australian Taxation Office (ATO) is Australia’s principal revenue collection entity and is part of the Treasury portfolio. The ATO’s role is to administer Australia’s tax system, aspects of Australia’s superannuation system and business registry services, together with the provision of support to the Tax Practitioners Board and the Australian Charities and Not-for-profits Commission.

Engagement risk rating

4.16.48 The engagement risk for ATO’s 2024–25 financial statements audit has been assessed as high. Key factors contributing to this rating include:

• level of ongoing scrutiny of the ATO’s operations by Parliament and members of the public, given ATO’s role as Australia’s principal revenue collection agency and administrator of the legislation governing tax and aspects of Australia’s superannuation system;
• dependence on sophisticated and interfaced IT systems and business applications for financial reporting, including two unresolved moderate audit findings; and
• the significant level of judgement and estimation required to calculate key financial balances.

2024–25 audit results

4.16.49 At the conclusion of the 2024–25 financial statements audit, one significant finding was reduced to two new moderate findings. One moderate finding was reduced to a minor finding during the 2024–25 audit.

4.16.50 During the 2025–26 audit, the ANAO will assess action taken by ATO to address the risks identified.

Audit findings

Table 4.16.12: Status of significant and moderate audit findings raised by the ANAO

Note a: One significant audit finding was reassessed to two moderate audit findings during the 2024–25 audit.

Note b: One moderate audit finding was reassessed to a minor audit finding during the 2024–25 audit.

Unresolved moderate audit findings

4.16.51 In 2024–25, the significant finding relating to Enterprise Change Management was revised to two moderate (B Category) findings following a strengthening of relevant controls and partial implementation of automated deployment tools.

Change Management – Business Data System

4.16.52 During the 2024–25 audit, the ANAO identified weaknesses associated with IT change management for ATO’s business data system, the Enterprise Data Warehouse (EDW). The EDW is transitioning into a new IT change control solution implemented by the ATO to provide additional controls assurance over segregation of duties with respect to development and migration activities.

4.16.53 As part of the review of ATO’s transition to the new IT change control solution, the ANAO identified weaknesses in the design and implementation of privileged logging and monitoring controls for privileged user accounts. Maintaining and supporting IT systems requires some user accounts to have extensive access rights (privileged access). Privileged user accounts have the potential to modify system configurations or controls and perform inappropriate or fraudulent activities with a financial impact.

4.16.54 The issues pose a risk that unauthorised changes negatively impact the ATO’s business operations and required the ANAO to undertake additional testing to obtain assurance over the reliability of data and reports generated from the system to support financial statements balances. The ANAO recommended that the EDW is fully transitioned into the new IT change control solution and that policy and control requirements are established for the management of all privileged user accounts.

4.16.55 At the conclusion of the 2024–25 audit, the implementation of the ATO’s response remains in progress. This will be an area of focus for the 2025–26 interim audit phase.

Change Management – Business Reporting System

4.16.56 During the 2024–25 interim audit, the ANAO identified weaknesses associated with IT change management for ATO’s business reporting system, Cognos. Cognos has not transitioned into the new IT change control solution implemented by the ATO to provide additional controls assurance over segregation of duties with respect to development and migration activities. As a result, the required segregation of duties was not in operation for the 2024-25 financial year.

4.16.57 The issues pose a risk that unauthorised changes negatively impact the ATO’s business operations and required the ANAO to undertake additional testing to obtain assurance over the reliability of data and reports generated from the system to support financial statements balances. The ANAO recommended that ATO formalise policy and control requirements for the management of data and report generation processes within Cognos. At the conclusion of the 2024–25 audit, the implementation of the ATO’s response remains in progress. This will be an area of focus for the 2025–26 interim audit phase.

Resolved significant audit finding

Enterprise Change Management

4.16.58 IT change management provides a disciplined approach to making changes to the IT environment. Change Management processes include controls to prevent unauthorised changes being made, and to reduce the likelihood that normal business operations are interrupted, or data integrity is corrupted through the implementation of unauthorised changes.

4.16.59 During the 2022–23 audit, the ANAO identified weaknesses associated with the ATO’s enterprise change management for key IT systems supporting the preparation of ATO’s financial statements. The ATO’s change management policy and operational procedures did not consistently define the types of changes that required segregation of duties between developers and migrators. As a result, the required segregation of duties were not in operation for the financial year. The ATO was also unable to demonstrate that its IT service management system contained a complete and accurate list of changes made to the systems assessed by the ANAO as in scope for the financial statements audit. Accordingly, the ATO was unable to demonstrate that these changes were appropriately authorised and managed in all instances.

4.16.60 This issue remained unresolved through the 2023–24 audit and posed a risk that unauthorised changes negatively impact the ATO’s business operations, requiring the ANAO to undertake additional testing to obtain assurance over the reliability of reports generated to support financial statements balances.

4.16.61 In response to the audit finding, the ATO has implemented a series of changes to policy and procedural documentation as well as enhancements to the ATO’s change management recording system. As a result, the enterprise change management category significant finding has been reassessed to reflect the remediation work implemented by ATO to strengthen change management practices and processes. At the conclusion of the 2024-25 audit, the ANAO continues to identity weaknesses with change management controls for business reporting and data systems. Individual moderate risk findings have been reported for these issues.

Resolved moderate audit finding

Uneconomical to pursue debt and re-raises

4.16.62 During the 2021–22 audit, the ANAO identified issues in the ATO’s treatment of debts considered to be uneconomical to pursue (‘non-pursued debt’). Excluding non-pursued debts from offsetting was not consistent with Part IIB of the Taxation Administration Act 1953 (Tax Act). Issues identified included:

• the timeframe where the automatic re-raise functionality was switched off resulting in the ATO not re-raising debts that had previously been identified as uneconomical to pursue where the taxpayer became entitled to a credit; and
• the use of exclusionary criteria that had the effect of preventing a re-raise on a taxpayer’s account for non-pursued debt.

4.16.63 In both cases there was a potential effect of a taxpayer being able to receive a full credit despite having a debt owed to the Commonwealth.

4.16.64 At the completion of the 2023–24 audit, the ATO had updated its policies to conform with relevant legislation for debt offsetting and implemented updates to IT systems to remove all selected exclusionary criteria relating to non-pursued debts not currently subject to an approved deferral by the Commissioner of Taxation (Commissioner). One exclusionary criterion remained in place for debts raised prior to 1 January 2017 that has not been removed and is subject to a temporary deferral of recovery by the Commissioner.

4.16.65 The 2024–25 Budget included a measure under which the Australian Government will seek to amend the tax laws to give the Commissioner discretion to not use a taxpayer’s refund to offset old tax debts, where the Commissioner had put that old tax debt on hold prior to 1 January 2017. This discretion is intended to apply to individuals, small businesses and not-for-profits, and will maintain the Commissioner’s current administrative approach.

4.16.66 At the conclusion of the final audit phase, legislation required to give effect to this measure was still in-progress. The ATO enhanced disclosures in Note 13 to the financial statements to quantify the risk and impact. Based on the enhanced disclosure, the audit finding has been reassessed from a moderate to a minor audit finding.

4.16.67 The ANAO will review progress against this finding during the 2025–26 interim audit phase.

Key financial balances and areas of financial statements risk

4.16.68 Figure 4.16.11 and Figure 4.16.12 show the key financial statements balances reported by the ATO at 30 June 2025.

Figure 4.16.11: Key departmental financial statements balances

Source: ATO’s 2024–25 financial statements.

Figure 4.16.12: Key administered financial statements balances

Source: ATO’s 2024–25 financial statements.

4.16.69 Table 4.16.13 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of the ATO.

Table 4.16.13: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and ATO’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.70 The ANAO issued an unmodified auditor’s report on the ATO financial statements on 11 September 2025.

Housing Australia

4.16.71 Housing Australia is responsible for the operation of an Affordable Housing Bond Aggregator (AHBA), which provides finance to registered community housing providers by aggregating their lending requirements and issuing bonds to institutional investors and; the operation of the National Housing Infrastructure Facility (NHIF) to provide loans and grants for social and affordable housing as well as to overcome impediments to the provision of housing that is due to the lack of necessary infrastructure. Housing Australia also administers the Housing Australia Future Fund Facility (HAFFF) and the National Housing Accord Facility (NHAF). The HAFFF provides loans and grants to increase social and affordable housing supply across Australia, and The NHAF provides loans and grants to increase affordable housing supply nationwide. Housing Australia also administers the Home Guarantee Scheme (HGS) to support first home buyers and single parents to access the housing market sooner.

Engagement risk rating

4.16.72 The engagement risk for Housing Australia’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the complexity in the range of operations undertaken and an increase in financing provided by Housing Australia; and
• the functions being added to Housing Australia’s remit including the Housing Australia Future Fund Facility and National Housing Accord Facility.

2024–25 audit results

4.16.73 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to Housing Australia.

Key financial balances and areas of financial statements risk

4.16.74 Figure 4.16.13 shows the key financial statements items reported by Housing Australia at 30 June 2025.

Figure 4.16.13: Key departmental financial statements balances

Source: Housing Australia’s 2024–25 financial statements.

4.16.75 Table 4.16.14 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of Housing Australia.

Table 4.16.14: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and Housing Australia’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.76 The ANAO issued an unmodified auditor’s report on Housing Australia’s financial statements on 28 August 2025.

Reserve Bank of Australia

4.16.77 The Reserve Bank of Australia (the RBA) is responsible for determining and implementing monetary policy that seeks to contribute to the stability of the currency and maintains full employment, works to maintain a strong financial system and efficient payments system and issue the nation’s banknotes. As well as being a policymaking body, the RBA provides selected banking services to a range of Australian Government entities and to a number of overseas central banks and official institutions. The RBA is also responsible for the management of Australia’s gold and foreign exchange reserves.

Engagement risk rating

4.16.78 The engagement risk for the RBA’s 2024–25 financial statements audit has been assessed as moderate. Key factors contributing to this rating include:

• the high level of public interest and accountability for the operations, given the RBA’s role as the central bank of Australia and in conducting monetary policy;
• value, complexity and level of judgment required to manage a significant portfolio of investments and other financial assets and liabilities that support monetary policy outcomes; and
• the reliance by the public and Australian financial institutions on the RBA to manage and provide key banking and settlements infrastructure in addition to issuing Australia’s banknotes.

2024–25 audit results

4.16.79 At the conclusion of the 2024–25 financial statements audit, the ANAO has not identified any findings that pose a significant or moderate business or financial risk to RBA. Four new minor findings were identified during the audit.

Key financial balances and areas of financial statements risk

4.16.80 Figure 4.16.14 shows the key financial statements balances reported by RBA at 30 June 2025.

Figure 4.16.14: Key departmental financial statements balances

Source: RBA’s 2024–25 financial statements.

4.16.81 Table 4.16.15 shows the key areas of financial statements risk identified by the ANAO, relating to the 2024–25 financial statements of RBA.

Table 4.16.15: Key areas of financial statements risk

Source: ANAO 2024–25 audit results, and RBA’s audited financial statements for the year ended 30 June 2025.

Conclusion

4.16.82 The ANAO issued an unmodified auditor’s report on RBA’s financial statements on 10 September 2025.

Comments on non-material entities

Royal Australian Mint

4.16.83 The Royal Australian Mint (the Mint) meets the circulating coin and collector coin needs of Australia and selected international markets, maintains Australia’s National Coin Collection, and provides educational and cultural experiences to local and overseas visitors.

2024–25 audit results

4.16.84 At the conclusion of the 2024–25 financial statements audit, one finding posing a significant business or financial risk to the Mint was identified and one moderate finding was resolved. One minor finding remains unresolved.

4.16.85 During the 2025–26 audit, the ANAO will assess action taken by the Mint to address the risks identified.

Audit findings

Table 4.16.16: Status of significant and moderate audit findings raised by the ANAO

New significant audit finding

Valuation of the National Coin Collection

4.16.86 The ANAO identified significant deficiencies in the valuation of the National Coin Collection (NCC) held by the Mint, which materially impacted the reliability of both current and prior period valuations. The NCC comprises approximately 15,000 numismatic items and is classified as a heritage and cultural asset with an indefinite useful life. It is valued annually in accordance with AASB 13 Fair Value Measurement and the Financial Reporting Rules.

4.16.87 During the audit, the ANAO found the Mint had not conducted a comprehensive stocktake of the NCC. While management undertook a targeted update to a sample of 1,000 items, there was limited documentary evidence to support updates in relation to the remainder of the collection. The absence of a full stocktake undermined confidence in the completeness and accuracy of the asset register and compromised the reliability of valuation inputs.

4.16.88 Significant control weaknesses were identified in the asset data provided to the valuer. In particular, the Mint’s master tools – items such as plasters and araldites used to create coin designs and produce coin dyes - were duplicated in the listing, increasing their reported value from $2.3 million to $9 million before correction. A further duplication occurred when the Mint provided both an original and a secondary asset list, which were processed together by the valuer, resulting in a $6.9 million overstatement. Opening balances did not reconcile with the financial statements, and the Mint was unable to provide sufficient documentation to explain the variances.

4.16.89 Issues were also identified with the valuation process. Significant valuation movements were attributed to changes in item descriptions, yet there was no evidence that similar issues did not exist across the broader collection. The ANAO also raised concerns about the quality control processes undertaken by the management-appointed valuer. Multiple versions of the valuation report were issued with inconsistent figures, duplicated assets were assigned different values and limited evidence was available to substantiate significant valuation movements with market-observable data, raising questions about the defensibility of assumptions under Australian Accounting Standard AASB 13 Fair Value Measurement.

4.16.90 As a result of these deficiencies, the ANAO concluded that there was not sufficient appropriate audit evidence to confirm the NCC was fairly stated in accordance with AASB 13, resulting in a qualification of the stated balances and the associated asset revaluation reserve.

4.16.91 The ANAO recommended that the Mint conduct a comprehensive and fully documented stocktake of the NCC, with curatorial involvement, reconcile asset additions with the Fixed Asset Register, and resolve opening balance variances through formal documentation. Further recommendations included strengthening internal controls to prevent asset duplication, validating item descriptions for valuation accuracy, reassessing the appointed valuer’s suitability, substantiating valuation assumptions with market evidence, and demonstrating compliance with AASB 13 to support a reliable valuation basis.

4.16.92 The Mint accepted the finding and has commenced a project to address the identified issues. The Mint has committed to the safe, secure and appropriate management of the NCC and is undertaking a comprehensive initiative to physically inspect and re-catalogue all items in the collection. Management has advised the work will support the planned relocation of the NCC to a purpose-built storage facility at the Mint’s Deakin site, with completion scheduled by 30 June 2027.

Resolved moderate audit finding

Revenue recognition

4.16.93 During the 2023–24 audit, the ANAO identified control deficiencies in the Mint’s management of foreign circulating coin sales. These related to changes in the invoicing process for advanced payments and the absence of a reconciliation between two IT systems used to record invoice and delivery docket information. The deficiencies give rise to a risk that revenue could be materially understated.

4.16.94 The ANAO recommended the Mint strengthen its processes for managing advanced payments and enhance system functionality to support more detailed analysis of unearned income and gross margins. These improvements were expected to facilitate more robust month-end reconciliation and financial reporting.

4.16.95 As part of the 2024–25 audit, the ANAO reviewed the Mint’s response to the prior year’s recommendations. The Mint has implemented revised procedures for invoicing, implemented a monthly reconciliation process, and introduced system enhancements to improve reporting capability and oversight. Testing conducted during the 2024–25 final audit did not identify any recurrence of the previously reported issues. The ANAO determined that the finding is resolved.

Conclusion

4.16.96 The auditor’s report for the Mint’s 2024–25 financial statements included a qualification that the ANAO was unable to obtain sufficient appropriate audit evidence regarding the carrying amount of the Mint’s heritage and cultural assets and the asset revaluation reserve because the Mint’s accounting records were inadequate. Consequently, the ANAO was unable to determine whether any adjustments to these amounts were necessary.

4.16.97 The carrying amount of the heritage and cultural assets is part of the determination of the asset revaluation reserve. The ANAO was unable to determine whether adjustments might have been necessary in respect of the change in asset revaluation reserve reported within other comprehensive income and the balance of the asset revaluation reserve reported in the Statement of Financial Position.

4.16.98 Additionally, comparative information may have been misstated as similar issues may have impacted the valuation of heritage and cultural assets and the asset revaluation reserve reported as at 30 June 2024.

4.16.99 The modified auditor’s report was issued on 24 October 2025.