The audit objectives were to assess: the appropriateness of agencies' policies for dealing with requests for information in accordance with the FOI Act; and assess agencies' compliance with the provisions of the FOI Act, in relation to selected requests for information.



The Freedom of Information Act 1982 (the FOI Act) came into effect on 1 December 1982. The FOI Act applies to Australian Government agencies and entities. The FOI Act extends a right to every person to access information in the possession of the Australian Government.

The FOI Act creates a general right of access to information that does not require a person to establish a special interest or ‘need to know' before he or she is entitled to seek to have access granted. It also details the circumstances under which access to information can be denied. The FOI Act is not intended to prevent or discourage giving access to information that can be lawfully provided outside the provisions of the FOI Act.

The FOI Act also provides specific direction on a variety of issues, including:

  • decision-making authority;
  • classes of documents which are exempt from release;
  • procedures for making an FOI request;
  • applicants' rights of review;
  • application fees and processing charges; and
  • third and related party consultation.

The FOI Act provides for access to information held by the agency. An agency is, generally, not required:

  • to make available information which is not in its possession in a documentary form; or
  • to collate information from a number of documents in its possession and create a new document.

While each agency is responsible for meeting its own obligations under the FOI Act, the Attorney-General's Department, on behalf of the Attorney-General, is responsible for the general administration of the FOI Act. 1

Audit objectives

The audit objectives were to:

  • assess the appropriateness of agencies' policies and processes for dealing with requests for information in accordance with the FOI Act; and
  • assess agencies' compliance with the provisions of the FOI Act, in relation to selected requests for information.

Audit scope and focus

The audit focus was restricted to the administrative processes used by agencies to support the processing of FOI requests and to meet the other requirements of the FOI Act.

The ANAO did not attempt to form a view on whether the decision to release or not to release information was correct or appropriate. The FOI Act provides for the Administrative Appeals Tribunal to review decisions made by agencies and for the Commonwealth Ombudsman to investigate complaints about how agencies have handled FOI requests.

The agencies included in this audit

The audit was undertaken in six agencies, as follows:

  • Australian Customs Service;
  • Australian Federal Police;
  • Civil Aviation Safety Authority;
  • Department of Communications, Information Technology and the Arts; \
  • Department of Veterans' Affairs; and
  • Attorney-General's Department.

Audit conclusion

The ANAO concluded that, to varying degrees, the audited agencies had in place appropriate policies and processes to support the processing of FOI requests and other obligations of the FOI Act. Further, staff with direct FOI processing responsibilities largely had a sound understanding of the requirements of the FOI Act and its intent.

While general performance information about FOI activity in the Australian Government is provided in an FOI report, prepared annually by the Attorney General's Department, the value of the information is limited because:

  • not all agencies required to report can be readily identified; and
  • there is no Australian Government agency responsible for monitoring compliance with the FOI Act, or identifying opportunities for improvement from the information reported.

The ANAO found that the Attorney-General's Department and the Australian Government Solicitor had effective mechanisms in place to provide practical information to FOI practitioners about significant issues that may impact on the FOI process. The ANAO concluded that all audited agencies had considered issues relevant to the administration of FOI as part of their risk management planning. However, not all the risks and treatments identified were as comprehensive as they could have been as part of a sound culture-wide risk management approach.

All of the audited agencies had developed processes and procedures that reflected the requirements of the FOI Act, although the degree to which these processes and procedures were documented varied across agencies.

In each of the audited agencies, staff with specific FOI coordination responsibilities had a sound knowledge of the FOI Act. However, general understanding by other staff of the FOI Act was often more limited.

Staff with FOI decision-making delegations were at an appropriate level but did not always have to demonstrate that they had the requisite skills and an understanding of the FOI Act, prior to being appointed a delegate.

In most instances, valid requests for information were acknowledged within the 14 day statutory period. The time taken by agencies to advise applicants that their requests were invalid, and the action the applicant was required to take before the agency could process the request, varied from being almost immediate to taking several weeks.

The ANAO found that, in the majority of valid requests reviewed, agencies had advised applicants of the access decisions within the 30 day statutory period.

The consistency between, and within, agencies on decisions as to whether to impose processing charges varied widely. The ANAO found limited guidance available to support the basis of such decisions.

All of the audited agencies had processes in place that enabled them to meet the reporting requirements in the FOI Act, as well as for internal management reporting requirements.


Recommendations three, four, five, eight and nine below are based on the findings from the agencies reviewed but are likely to have relevance to other Commonwealth organisations. Recommendations one, two, six and seven are directed at the Attorney-General's Department.

Responses to the recommendations and general comments provided by agencies

The majority of audited agencies either agreed, or agreed in principle, with all the recommendations. The Department of Veterans' Affairs disagreed with recommendation five, and the Department of Communications, Information Technology and the Arts considered that, in relation to recommendation nine, its training arrangements were appropriate and cost-effective given the small number of FOI requests received and its devolved decision-making arrangements.

Agencies' responses to the recommendations are provided following each recommendation in the main body of the report. General comments provided by the audited agencies have been included at Appendix 4.


1 Attorney-General's Department, Freedom of Information Act 1982 Annual Report 2002–03, paragraph 4.2.