Introduction

1.1 The Department of Defence’s (Defence) mission and purpose is to defend Australia and its national interests in order to advance Australia’s security and prosperity. As at 30 June 2025, Defence was resourced to deliver against this through 20,545 Australian Public Service (APS) personnel and 92,178 Australian Defence Force (ADF) members, including 33,269 ADF reservists.⁴

1.2 Defence conducts a wide range of investigative and inquiry activities in relation to incidents involving ADF members and APS personnel, including matters in relation to: misconduct; public interest disclosures; policing; procurement; security; unacceptable behaviour⁵ and sexual misconduct; vehicle accidents on Defence establishments; and military-specific offences. Defence’s 2024–25 Annual Report stated that it received 1,196 unacceptable behaviour complaints (an increase of less than one per cent from 2023–24), 215 sexual offence allegations (an increase of 29 per cent from 2023–24), and 333 fraud allegations during 2024–25 (a decrease of nine per cent from 2023–24).

Legislative and policy framework

1.3 APS personnel and ADF members are subject to different legislative frameworks and conditions of employment and service. Key differences include the below.

• APS personnel — the Public Service Act 1999, which establishes the APS Code of Conduct framework and requires agencies to have written procedures for determining whether an APS employee has breached the APS Code of Conduct.⁶
• ADF members — the Defence Act 1903 and Defence Force Discipline Act 1982 (DFDA), which forms part of the military justice system and establishes military-specific offences, such as absence without leave or disobeying a lawful command (see paragraphs 1.5–1.8).

1.4 Other laws and policy frameworks set out the obligations for Australian Government entities conducting investigations (which are applicable to both ADF members and APS personnel), including the following:

• 2022 Australian Government Investigations Standard (AGIS) — provides a principles-based standard for Australian Government entities conducting ‘administrative, civil, or criminal (type) investigations’;
• Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) — requires entities to have ‘an appropriate mechanism for investigating or otherwise dealing with’ suspected or actual incidents of fraud or corruption⁷;
• Public Interest Disclosure Act 2013 (PID Act) — requires entities to investigate disclosures if they meet relevant criteria⁸;
• Protective Security Policy Framework (PSPF) — requires that ‘Procedures are developed, implemented and maintained to investigate security incidents in accordance with the principles of the Australian Government Investigations Standards’⁹;
• Government Procurement (Judicial Review) Act 2018 — sets out obligations for Commonwealth entities to investigate complaints made about procurements undertaken by that entity; and
• Commonwealth Fraud and Corruption Control Framework 2024 — established under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) and requires entities to establish and document criteria for making decisions at critical stages in suspected fraud and corruption incidents and to consider referring matters to the Commonwealth Director of Public Prosecutions (CDPP) in cases where an investigation gathers enough evidence to substantiate a criminal charge.¹⁰

Military justice system

1.5 The military justice system is a legal framework underpinning Defence military discipline and command structures. It is critical to maintaining command, reputation, retaining people and operational effectiveness while complying with Commonwealth laws (see paragraphs 1.3–1.4).¹¹ It ‘seeks to achieve an appropriate balance between the right of commanders to maintain good order and discipline in the ADF, and the rights of individual ADF members’.¹² While it is applicable to ADF members, APS personnel can be involved in military justice proceedings. The military justice system is complex and is separated into the ‘discipline system’ and ‘administrative system’, see Figure 1.1.

Figure 1.1: Military justice system — applicable to ADF members

Note a: Under the Defence Force Discipline Act 1982, the discipline system may also deal with offences under other legislation, including the Crimes Act 1914 and Criminal Code Act 1995.

Source: Adapted from Defence documents.

1.6 The ‘discipline system’ is governed by the Defence Force Discipline Act 1982 (DFDA) and provides a framework for the investigation and prosecution of offences. DFDA offences include military-specific offences, such as absence without leave or disobeying a lawful command, as well as conduct that may also be an offence under other Commonwealth laws, such as fraud and assault.

1.7 The ‘administrative system’ is governed by the Defence (Inquiry) Regulations 2018 and Defence Regulation 2016¹³, which allows commanders and supervisors to manage performance and conduct. It includes administrative inquiries, administrative action¹⁴, and mechanisms for ADF members to seek review or redress of decisions.

1.8 Use of the administrative system is not limited to specific offences and is based on the discretion of commanders. Conduct dealt with under the administrative system may also constitute an offence under the DFDA or other Commonwealth laws and may be dealt with concurrently or separately through the discipline system or outside the military justice system.

Defence administrative arrangements

1.9 Defence has developed Administrative Policy Arrangements, which establish the authority and hierarchy for Defence documents under Commonwealth policies. Accountable Authority Instructions and other enterprise-level instructions prescribe the conduct of Defence personnel and confer powers, functions and duties. Enterprise-level policies and manuals are issued under these arrangements. Instructions and policies issued at the Service, Group and Defence Investigative Authority (DIA) level are subordinate to enterprise-level policies and manuals. This hierarchy and its relationship to key documents referred to throughout this report is outlined in Appendix 3 and broadly covers both ADF members and APS personnel.

1.10 The Defence Fraud and Corruption Control Plan 2024–26 outlines Defence’s approach to the prevention, detection and response to fraud and corruption.¹⁵ It identifies the key fraud and corruption risks for Defence including: fraudulent behaviour in relation to procurement and contracting activities; fraudulent claims for entitlements and allowances; and theft, misuse or misappropriation of Defence assets and information.

Defence investigations, inquiries and fact-finding activities

1.11 Investigations within Defence are conducted by four DIAs, established under the Defence Instruction (see paragraphs 2.16–2.18) that sets out requirements for incident reporting and management.

• Investigations and Public Interest Disclosures Branch (IPIDB) — part of the Defence Integrity Division.
• Joint Military Police Unit (JMPU)¹⁶ — part of the Joint Support Services Division.
• Security Threat and Assurance (STA) Branch — part of the Defence Security Division.
• Human Resources Services Branch — part of the People Services and Wellbeing Division.

1.12 The Defence Instruction requires that ‘all Defence personnel who have a reasonable suspicion that a notifiable incident has occurred, must immediately report the incident to a Defence Investigative Authority’. Notifiable incidents are defined in the Defence Instruction (see paragraph 2.9) and, at a summary level, include: criminal offences; fraud, corruption and conflicts of interest; security breaches; deaths or injury associated with Defence activity; and breaches of laws or rules of armed conflict, human rights, or international law. This audit includes examination of the handling of notifiable incidents through Defence’s investigative framework.

1.13 Defence has established the Defence Procurement Complaints Scheme (DPCS) within the Capability Acquisition and Sustainment Group (CASG) to manage procurement-related complaints, including those made under the Government Procurement (Judicial Review) Act 2018 (see paragraphs 2.46–2.50). The DPCS operates alongside other Defence complaint handling mechanisms, including privacy, reviews of action for APS personnel in relation to employment decisions, human rights, aircraft noise, and work health and safety. This audit refers to DPCS as relevant evidence emerged during the course of the audit. Other complaint handling mechanisms were not referred to.

1.14 Defence’s investigation framework operates as a system-of-systems, where matters may involve multiple authorities over their lifecycle. Matters may be referred between DIAs and Defence has mechanisms to refer matters to, or partner with, external entities, including the Australian Federal Police (AFP), state and territory police, the National Anti-Corruption Commission (NACC) and the Commonwealth Director of Public Prosecutions (CDPP).

1.15 The role of the Inspector-General of the Australian Defence Force (IGADF) is established under the Defence Act 1903. It provides the Chief of the Defence Force (CDF) with a mechanism for internal review of the military justice system (see paragraphs 1.5–1.8) and an avenue through which failures and deficiencies in the system can be exposed and examined, ‘independent of the ordinary chain of command’. The Inspector-General is an independent statutory official appointed by the Minister for Defence. The IGADF is not recognised as a separate Commonwealth entity under the PGPA Act, is appropriated by Defence and is administratively located under the CDF in Defence’s organisation structure.

1.16 Functions of the IGADF include:

• inquiring into or investigating matters concerning the military justice system;
• conducting performance reviews and audits of the military justice system;
• advising on matters concerning the military justice system, including making recommendations for improvements;
• promoting military justice values across the Defence Force; and
• inquiring into or investigating a matter concerning the ADF as directed by the CDF or Minister.¹⁷

1.17 These functions are supported by the Inspector-General of the Australian Defence Force Regulation 2016, which provides for the IGADF to:

• inquire into the death of an ADF member, where the death appears to have arisen out of, or in the course of, the member’s service in the ADF;
• inquire into ADF member complaints under the Redress of Grievance Scheme;
• inquire into or investigate complaints relating to ADF military police¹⁸; and
• advise on, or determine, the procedure for handling complaints relating to ADF military police, including conducting audits of the implementation of the complaint-handling procedure.¹⁹

1.18 The IGADF, through its Directorate of Inquiries and Investigations, conducts investigations and inquiries into alleged offences by ADF military police, as well as inquiries into reported failures of military justice.

1.19 In addition to inquiries conducted by the IGADF, inquiries within Defence may be conducted by ‘Inquiry Officers’ or ‘Commissions of Inquiry’, as an administrative component of the military justice system into ‘matters concerning the Defence Force’ as directed by the Minister, the CDF or the Secretary and CDF acting jointly, or their delegates.²⁰

1.20 Investigations, inquiries and fact-finding activities serve distinct purposes and are subject to different requirements.

• Investigations are intended as a focused, evidence-based process to examine instances where misconduct, or a criminal or a service offence may have occurred. The purpose of an investigation is to establish facts relevant to potential culpability to support criminal, disciplinary or administrative action.
• An inquiry is an administrative mechanism designed to understand events, decisions, systemic issues, or organisational risks. The emphasis in inquiries is on making recommendations to enable learning, accountability, and prevention rather than to determine culpability.
• Fact-finding activities are conducted to support administrative decision-making, which are established within Defence policy and are not legislated.²¹

1.21 Investigations, inquiries and fact-finding activities may make adverse findings against individuals or entities. Actions Defence may take in response to adverse findings include: taking action against ADF members under the disciplinary and/or administrative elements of the military justice system; the recovery of fraud-related debts; imposing sanctions against APS personnel under the Public Service Act 1999²²; referring matters to (or working in partnership with) law enforcement agencies, intelligence agencies, the NACC, other Commonwealth departments, and/or the CDPP for potential prosecution; other administrative action, such as the provision of counselling and training; and no further action.

1.22 Figure 1.2 outlines Defence’s arrangements for investigations, inquiries and fact-finding activities. This shows the complexity of Defence’s investigations and inquiries arrangements and that different legislation and policies apply depending on the nature of a matter, including whether it is applicable to APS personnel or ADF members.

1.23 Figure 1.3 outlines the volume of commenced investigations recorded by DIAs in Defence case management systems, aggregated into six-monthly periods, between 1 January 2020 and 31 December 2025. As discussed at paragraph 3.14, limitations in case management system performance and reporting have affected Defence’s ability to provide the ANAO with comprehensive data on reported incidents and investigations across Defence for the audit period (1 January 2020 to 31 December 2025).

1.24 For three DIAs (Human Resources Services Branch, IPIDB, and STA Branch) and the IGADF, the volume of investigations recorded has remained relatively stable over the period. Investigations recorded by JMPU have decreased since 2020.²³

Figure 1.3: Volume of investigations, 1 January 2020 to 31 December 2025

Note: The figures for the IGADF only include DFDA investigations conducted by IGADF’s Directorate of Inquiries and Investigations. The IGADF advised the ANAO in May 2026 that the Directorate of Inquiries and Investigations, ‘normally conducts 1-3 investigations into service police members each year’. Figure 1.3 excludes 120 inquiries commenced by the Directorate of Inquiries and Investigations between 1 January 2020 and 11 December 2025.

Source: ANAO analysis of Defence data.

Reviews into Defence investigations and inquiries

Royal Commission into Defence and Veteran Suicide

1.25 The Royal Commission into Defence and Veteran Suicide was established on 8 July 2021 to examine systemic issues and risks relevant to suicide behaviours of serving and ex-serving Defence members. On 9 September 2024, the Commission’s final report was published and highlighted issues within Defence relating to the ‘fairness, transparency and rigour of internal investigative processes’, the potential weaponisation of the military justice system by commanders, and a failure to use available data to assess risks to current and former ADF members.²⁴

1.26 The report made 122 recommendations, including: improving support for victims of sexual misconduct; conducting reviews into sexual violence and the effectiveness of the military justice system; improving training for the conduct of fact-finds and inquiries; IGADF staff skills and qualifications; and updating and publishing IGADF quality assurance and timeliness measures.

1.27 The Australian Government agreed or agreed-in-principle to 104 recommendations, with Defence taking carriage, jointly or solely, of 76 recommendations. As at February 2026, Defence documentation indicates it has implemented 21 recommendations. Recommendations relevant to investigations, and Defence’s progress in implementing them, are outlined in Appendix 4. IGADF advised the ANAO in November 2025 that the implementation of recommendations relating to them are being considered by the Australian Government alongside recommendations of the IGADF twenty-year review.

IGADF twenty-year review

1.28 In September 2023, the Australian Government approved the conduct of a review into the arrangements and composition of the IGADF, twenty years after the IGADF’s establishment in January 2003. In September 2024, the government released the ‘twenty-year review’ of the IGADF and included recommendations aimed at strengthening the IGADF’s inquiry powers and enhancing the IGADF’s independence.²⁵

Commonwealth Ombudsman

1.29 In December 2023, the Commonwealth Ombudsman released its report Does Defence handle unacceptable behaviour complaints effectively?²⁶ The report found that options for making complaints outside of the chain of command were limited and that complex policies and lack of training presented a risk that complaints are handled unfairly and inconsistently.

1.30 The report made nine recommendations aimed at improving complaints handling processes, improving training and communication, and addressing potential bias and conflicts of interest. Defence advised the ANAO in March 2026 that the Complaint, Resolution and Support Services (CRSS) unit, which sits within the Human Resources Services Branch, became operational in January 2026 ‘as a whole of enterprise mechanism for receiving complaints of unacceptable behaviour’ and for providing Defence personnel with ‘additional options to lodge complaints outside their chain of command or reporting line, including the ability to submit complaints anonymously’.

Rationale for undertaking the audit

1.31 An effective investigation function supports integrity, transparency and accountability, and assists in safeguarding the wellbeing of impacted individuals. The Senate Foreign Affairs, Defence and Trade Legislation Committee²⁷ has raised concerns regarding Defence investigations, inquiries and fact-finding activities at previous hearings. A summary of key themes includes:

• timeliness and robustness of investigative processes;
• decisions to prosecute personnel and contracted companies for fraudulent conduct;
• potential repercussions against people reporting incidents within Defence;
• conduct and recording of fact-finding;
• wellbeing of victims involved in investigations; and
• extent to which the IGADF has been subject to previous ANAO scrutiny.²⁸

1.32 Previous ANAO audits have identified deficiencies in the way Defence handles procurement and contractor integrity issues, including not identifying and reporting notifiable incidents.²⁹

Audit approach

Audit objective, criteria and scope

1.33 The audit objective was to assess the effectiveness of the Department of Defence’s administration of investigations.

1.34 To form a conclusion against this objective, the following high-level criteria were adopted:

• Has Defence established fit-for-purpose arrangements for the conduct of investigations?
• Has Defence effectively implemented its arrangements for investigations?

1.35 The audit examined the handling of reported incidents through Defence’s investigations and inquiries framework. The audit scope included examination of relevant current and historic Defence policies and guidance for APS and ADF investigations, inquiries and fact-finding activities. It also included case study examination of closed investigations conducted by DIAs and closed inquiries and investigations conducted by the IGADF between 1 January 2020 and 31 December 2025.

• Fraud value was used as a selection metric for investigation case studies, as it enabled a comparison of similar cases across DIAs and the IGADF and supported assessment of how matters that may cross jurisdictional boundaries are referred and consulted on.
• Timeliness was used as a selection metric for the IGADF inquiry case study.

1.36 Other mechanisms, including fact-finding processes, complaints made through Defence complaints handling pathways, and inquiries conducted under the Defence (Inquiry) Regulations 2018, were considered where relevant to an investigation or notifiable incident reporting processes. The audit did not examine Redress of Grievance processes or inquiries into the deaths of ADF members, conducted through the IGADF’s Directorate of Select Incident Review.

Audit methodology

1.37 The audit methodology included discussions with relevant Defence officials and an examination and analysis of Defence records. The audit was open to contributions from the public.

1.38 The ANAO has cooperative evidence gathering arrangements in operation with entities. Defence advised the ANAO on 15 November 2024, at the commencement of audit fieldwork, that it was unable to provide certain information to the ANAO on a cooperative basis due to legislative restrictions. On 6 December 2024, the Auditor-General issued two separate notices to Defence including one to the Secretary of Defence and the CDF, and another to the IGADF to provide information pursuant to section 32 of the Auditor-General Act 1997. This enabled Defence to provide access to information taking account of legislative requirements. Following receipt of the notices, Defence provided the ANAO with access to relevant information.

1.39 The audit was conducted in accordance with ANAO Auditing Standards at a cost to the ANAO of approximately $952,000.

2.1 Fit-for-purpose investigation frameworks support the consistent management of reported incidents, promote proportionate and fair investigation outcomes, and reduce the risk of investigative processes being misused.

2.2 Commonwealth legislation and policies require entities to have arrangements in place to conduct investigations. The 2022 Australian Government Investigations Standard (AGIS) sets out whole-of-government requirements for investigations. The AGIS defines an investigation as ‘an activity to collect information or evidence to a particular standard of proof related to an alleged, apparent or suspected breach’.³⁰ AGIS standards are not applied to the conduct of inquiries.

Has Defence established an appropriate framework for managing investigations?

2.3 As shown in Figure 2.1, between April 2005 and June 2025, Defence established key enterprise-level documents to support the conduct of investigations, administrative inquiries and fact-finding.

Figure 2.1: Timeline of enterprise-level documents

Source: ANAO analysis of Defence documentation.

2.4 Key enterprise-level documents detailing the arrangements for investigations, administrative inquiries and fact-finding have different accountable officers assigned. For example:

• Defence Instructions ADMIN 45-4 Defence Investigation Standards (see paragraph 2.19) and FIN 12-1 The Control of Fraud in Defence and the Recovery of Public Moneys (see paragraph 2.15) were established by the Secretary and Chief of the Defence Force (CDF);
• 2026 Defence Instruction (see paragraphs 2.16–2.18) outlines the Deputy Secretary Governance as the ‘accountable officer’ for incident reporting and management;
• Incident Reporting and Management Manual (Edition 2) and the Interim Incident Reporting and Management Policy (see paragraphs 2.13–2.15) were issued by the First Assistant Secretary Defence Integrity (or their equivalent at the time);
• Complaints and Alternative Resolutions Manual (CARM) is managed by the Defence People Group, with individual chapters allocated different sponsors including the Assistant Secretary Human Resources Services Branch, the Inspector-General of the Australian Defence Force (IGADF), the Director of Complaints and Resolution, and the Sexual Misconduct Prevention and Response Office (SeMPRO);
• Defence Investigations Standards Manual (see paragraphs 2.19–2.21) was sponsored by the Provost-Marshal of the Australian Defence Force (PM-ADF)³¹; and
• Good Administrative Decision-Making Manual (see paragraphs 2.30–2.33) is issued by the Chief Counsel.

Investigations

2.5 Framework documents do not clearly establish the role and jurisdiction of DIAs at an enterprise level. Defence’s investigative framework is complex, supported by different processes for each DIA, and different legislative frameworks applicable to Australian Defence Force (ADF) members and Australian Public Service (APS) personnel. As a result, lack of jurisdictional clarity, alignment and interoperability could present risks to equitable treatment of similar matters across DIAs.

2.6 The Defence Act 1903 establishes the functions of the IGADF, and the 2026 Defence Instruction sets out how incidents are to be reported and managed by the four DIAs. Table 2.1 outlines the jurisdiction of the four DIAs and IGADF as established in legislation, enterprise-level documents and supporting DIA-level documents.

Table 2.1: DIA and IGADF jurisdictions and legislation

Source: ANAO analysis of Defence documentation.

2.7 Jurisdictions set out in Defence enterprise-level and DIA-level documents are unclear and overlap responsibility areas, including for matters of sexual misconduct, fraud and security. For example: inappropriate access to Defence ICT systems may fall under the jurisdiction of STA Branch or the Human Resources Services Branch; and fraudulent use of Defence Travel Cards by APS personnel may fall under the jurisdiction of IPIDB or the Human Resources Services Branch. This means that similar matters may be dealt with under different DIAs, increasing the risk that matters are not handled equitably and proportionately. Neither the Defence Instruction or other enterprise-level policies clearly define the jurisdictions or responsibilities of the four DIAs, or how they work together to assess or triage incidents. As discussed at paragraph 3.101, ANAO review of investigation case studies identified that DIAs do not always sufficiently consult with each other or with relevant authorities.

2.8 A September 2020 management initiated review conducted by Synergy on Defence’s investigative functions found that challenges in coordination between DIAs and overlapping jurisdictions led to duplication of effort, and impacts to investigation timeliness and effectiveness of outcomes. The review identified five improvement opportunities, including: the implementation of a centralised integrity investigations function to incorporate all DIAs and standardise Defence investigation processes; and the establishment of an investigation review committee to conduct an initial assessment of matters being considered for investigation, improve information sharing between DIAs, reduce the need for investigations being transferred between DIAs, and improve the identification of emerging risks or trends. Defence advised the ANAO in March 2026 that it implemented three of the five improvement opportunities. It did not implement a centralised investigative function or an investigation review committee.

Notifiable incidents

2.9 The Defence Instruction establishes a definition of notifiable incidents. Definitions of notifiable incidents established in other enterprise-level and DIA-level documents do not align with the Defence Instruction and are subject to judgement. The Defence Instruction requires that ‘Defence personnel who have a reasonable suspicion that a notifiable incident has occurred, must immediately report the incident to a Defence Investigative Authority’. Box 1 sets out how the Defence Instruction defines notifiable incidents.

Note a: Prescribed Serious Operational Incidents were added to the definition of notifiable incidents in June 2023, following completion of the IGADF Afghanistan Inquiry in November 2020, which recommended improvements to the process for reporting breaches of the law of armed conflict.

Source: ANAO analysis of Defence documentation.

2.10 Despite the 2026 Defence Instruction defining a notifiable incident, other Defence documents use different definitions, and its application relies on judgement. For example, the Defence Instruction states that ‘minor offences’ under Schedule 1A the DFDA are not considered notifiable incidents. These offences include, among others: absence from duty; insubordinate conduct; disobeying a lawful command; intoxicated while on duty; cyber bullying; and prejudicial conduct. Some of these offences may also be treated as ‘serious service offences’ under the DFDA, which are classified as notifiable incidents under JMPU’s Jurisdiction Model (see Table 2.3). Whether an offence is considered minor or serious in nature is ultimately determined at the discretion of relevant commanders. There is merit in Defence establishing and promulgating guidance to commanders to mitigate the risk of inconsistent judgement and discretion, and to support the appropriate referral of relevant incidents to the JMPU.

2.11 Defence’s Code of Conduct Policy Guidance states that allegations of ‘serious misconduct that warrant immediate referral’ to the Human Resources Services Branch include incidents of sexual harassment. This is not consistent with Defence’s Complaints and Alternative Resolutions Manual (CARM), which states that ‘JMPU is the appropriate Defence Investigative Authority for sexual offences with a Defence nexus. It does not matter whether the complainant or respondent is ADF, APS or a contractor’. The JMPU is responsible for determining and coordinating with the appropriate jurisdiction for the matter. Defence advised the ANAO in March 2026 that it is reviewing its Code of Conduct policy guidance to ‘better reflect’ the initial notification requirements to JMPU, and that this is anticipated to be completed by the end of June 2026.

Notifiable incident reporting and management

2.12 Since August 2022, key investigation requirements have been removed, including requirements to analyse and report on systemic weaknesses identified through investigations.

2.13 In August 2019, the First Assistant Secretary, Audit and Fraud Control (now known as the First Assistant Secretary Defence Integrity) issued Edition 2 of the Incident Reporting and Management Manual, which required all notifiable incidents to be referred to a DIA.

2.14 In August 2022, this manual was replaced by the Interim Incident Reporting and Management Policy as a temporary measure. The interim policy required managers and commanders to ensure all reported incidents were recorded in a Defence Incident Record and on the Defence Policing and Security Management System (DPSMS) (see paragraph 3.4). It also stated that ‘Where an incident is recorded in the Army Incident Management System there is no requirement to raise a Defence Incident Record’. These inconsistent requirements had also been included in Edition 2 of the Incident Reporting and Management Manual and in Army FORCOMD Directive 22-2 Incident Management, Reporting and Recording, released in March 2022.

2.15 The interim policy also replaced Defence Instruction FIN 12-1 The Control of Fraud in Defence and the Recovery of Public Moneys, which was jointly issued by the CDF and Secretary in April 2005.³²

2.16 In September 2024, the interim policy was replaced by the updated Defence Instruction. Several requirements from Defence Instruction FIN 12-1 and the interim policy were not retained, including requirements for:

• analysis and reporting on patterns of offences and systemic weaknesses in Defence revealed through fraud assessments and fraud investigations;
• annual reporting to the Secretary and CDF on fraud investigation outcomes and trends;
• pursuit of fraud prosecutions in line with the Prosecution Policy of the Commonwealth;
• reporting fraud affecting another agency to that agency in line with privacy laws;
• JMPU to provide fraud investigation reports to IPIDB; and
• DIAs to update managers and commanders on the progress of relevant assessments or investigations.³³

2.17 The Defence Instruction requires incidents reported to managers and commanders to be recorded ‘as close to the time of the incident as practicable’ in Defence’s authorised case management system, the Defence Enterprise Resource Planning Case Management System (DECMS). Prior to being updated in January 2026, the Defence Instruction did not define Defence’s authorised case management system.

2.18 The Defence Instruction also includes a link to a Defence intranet site (established in September 2019) that provides reporting links and DIA contact details for reporting incidents such as fraud and corruption, security, breaches of military discipline, Public Interest Disclosures, and procurement complaints.

Defence Investigation Standards Manual

2.19 In June 2009, Defence introduced Defence Instruction ADMIN 45-4 Defence Investigation Standards and a supporting Defence Investigation Standards Manual following a July 2006 audit of ADF Investigative Capability. Defence’s 2006 audit, requested by the CDF after multiple reviews and inquiries between 1998 and 2005, identified shortcomings in ADF investigations and found ‘considerable variation’ in investigation standards between DIAs. The audit recommended that Defence ‘adopt a common investigation standard … to be complied with by all Defence Investigative Authorities (DIAs) and their investigators.’

2.20 The Defence Investigation Standards Manual stated it was ‘based on the AGIS’ and ‘not to be confused with, investigation procedures and techniques that will be published elsewhere.’ The manual mandated compliance with the AGIS at an enterprise-level and outlined Defence-specific investigation requirements including:

• DIAs to have established written procedures covering engagement with other agencies, the legal and ethical behaviour of staff, and obtaining legal advice;
• DIAs to ensure that their procedures ‘clearly articulate the legislation, powers and directives under which they operate’; and
• the Head of each DIA to provide training to ensure that all relevant personnel ‘have the appropriate qualifications, knowledge, skills and attitude’ required to meet Defence investigation standards.

2.21 The Defence Investigation Standards Manual was not reviewed between its introduction in June 2009 and July 2023 and did not include a scheduled review date.³⁴ In December 2023, Defence cancelled the manual, citing that ‘[t]he DIAs now seek to reduce the policy burden, agreeing that the use of the 2022 AGIS is all that is required to underpin their respective investigative requirements and operating procedures.’ Since its cancellation, the requirement to comply with the AGIS and the Defence-specific requirements have not been documented at an enterprise level.³⁵

Defence Inquiries

2.22 The role of inquiries and fact-finding in relation to notifiable incidents is not clearly established across both enterprise-level and DIA-level documents, presenting a risk that they are conducted without DIA awareness or oversight. As discussed at paragraph 3.93, there were instances where fact-finding activities have been conducted in response to notifiable incidents without the incident being reported to a DIA as required under the Defence Instruction.

2.23 Under the Defence (Inquiry) Regulations 2018, Defence may conduct inquiries to ‘facilitate the making of decisions relating to the Defence Force’ and to ‘assist command in securing the proper functioning of the Defence Force’. The Regulations provide for the establishment of Inquiry Officer Inquiries and Commissions of Inquiry and note that inquiries ‘are not about individuals as such and are not an external accountability mechanism.’

2.24 In August 2024, Defence issued edition 4 of its Administrative Inquiries Manual to ‘assist commanders to determine whether an inquiry under the Defence (Inquiry) Regulations 2018 is appropriate’.

2.25 The manual outlines factors and safeguards where an inquiry may be appropriate, including the death or serious injury of someone who is not an ADF member, and significant security-related incidents. The manual does not cover investigations conducted under the DFDA, fact-finding, inquiries conducted by the IGADF, or Public Interest Disclosures. The manual is not aligned with the requirements of the Defence Instruction. As outlined at Box 1 (see page 29), notifiable incidents that must be reported to a DIA include: any incident that ‘involves a death, serious injury … of personnel involved in any Defence activity, or at any Defence premise’; or any incident ‘resulting in a failure to comply with … the Defence Security Principles Framework’. The manual does not outline notifiable incidents or require such incidents to be referred to a DIA (see paragraph 2.9).

2.26 The manual states that inquiries conducted under the Defence (Inquiry) Regulations 2018 cannot determine whether a disciplinary or criminal offence has occurred, as doing so may prejudice any later proceedings under the DFDA or criminal law. Where potential criminal conduct is identified, the manual requires the relevant parts of the inquiry to cease and be referred to the Appointing Authority, who determines the next steps.³⁶ The manual does not require inquiries to be conducted in accordance with the AGIS.

2.27 While the manual requires that Appointing Authorities confirm inquiry officials are free from actual or perceived bias or conflicts of interest it does not mandate that Appointing Authorities themselves are free from bias or conflicts of interest.

Fact-finding activities

2.28 Prior to August 2015, Defence had established a ‘Quick Assessment’ process to rapidly assess known facts and identify gaps, to inform decisions on how to respond to an incident. Quick assessments were not investigations, were not a pre-cursor to investigations, and were required to be completed within 24 hours.

2.29 In August 2015, Defence replaced the Quick Assessment process with a fact-finding process after a 2014 review found that incidents were attracting ‘disproportionate investigative effort’.³⁷ Defence also introduced the Defence Incident Record system at that time to provide a consistent and high-level summary of incidents, actions taken and recommendations, and were required to be completed within 24 hours of an incident becoming known.

2.30 In July 2022, Defence issued a Good Administrative Decision Making Manual, applicable to APS personnel and ADF members. The manual, updated in March 2026, requires that all notifiable incidents be reported to a DIA prior to conducting a fact-finding and states that, ‘Fact-finding into serious or complex incidents (particularly personnel incidents) is generally not appropriate beyond determining sufficient facts to enable immediate actions such as mandatory reporting, risk mitigation and referral to the appropriate authority or specialist area for formal investigation’.³⁸ Prior to being updated in March 2026, the manual stated that it was not appropriate for fact-finding to be conducted into the ‘substantive issues’ surrounding notifiable incidents without DIA approval.

2.31 The manual also states that fact-finders ‘should seek legal advice if concerned as to the ability to undertake factfinding where an agency is simultaneously asserting jurisdiction over the same matter.’ The manual does not prohibit fact-finding into matters of sexual misconduct, but states that the fact-finder should contact the Sexual Misconduct and Prevention Response Office to support appropriate response and victim support arrangements.

2.32 CDF Directive 25/2019 (see paragraphs 2.74–2.75) requires that all ADF military police professional standards matters be subject to fact-finding at the unit level to determine whether further investigation or inquiry action is necessary.

2.33 The manual provides guidance on selecting fact-finding officers but does not require independence or the declaration of conflicts of interest, as per AGIS requirements.³⁹ It cautions that care should be taken before undertaking or proceeding with any fact-finding where disciplinary or criminal investigation processes are underway, as this may prejudice those proceedings.⁴⁰ The manual also states that decision-makers may be required to observe procedural fairness and that failure to do so may require decisions to be set aside and re-made.

2.34 The use of fact-finds to examine notifiable incidents represents a shift from earlier Defence policies and creates a risk that responses to such incidents may lack independence, transparency, or procedural fairness.⁴¹ Fact-finds have historically been treated as an administrative process rather than disciplinary. The expanded scope of the 2022 AGIS now applies to administrative investigations. The application of AGIS to Defence investigations is outlined at Table 2.2.

2.35 Defence has not established a consistent enterprise-level framework for investigations, inquiries and fact-finding activities. Defence’s framework does not deliver alignment and interoperability of investigative functions and reporting pathways. The definition of a notifiable incident is contained in the 2026 Defence Instruction. Other Defence documents establish definitions of notifiable incidents that do not align with the Defence Instruction, resulting in inconsistent requirements for referrals to a DIA. The role of fact-finding and inquiries in relation to notifiable incidents is unclear, creating a risk that such matters are examined without DIA awareness or oversight.

Has Defence developed training and guidance to support investigations?

DIA-level and IGADF processes and guidance

2.37 Not all DIA and IGADF guidance has been regularly reviewed or clearly establishes jurisdictions or referral mechanisms between the DIAs or to the Australian Government Security Vetting Agency (AGSVA). This presents a risk that matters may not be dealt with equitably, proportionately, and in alignment with Defence policies. An overview of DIA-level processes and guidance is outlined at Table 2.2.

Table 2.2: Summary of DIA-level and IGADF processes and guidance

Source: ANAO analysis of Defence documentation.

Investigations and Public Interest Disclosures Branch

2.38 IPIDB was resourced with 14 personnel in investigation functions in 2024–25.⁴² During the audit period (1 January 2020 to 31 December 2025), IPIDB recorded 2,061 reported incidents and commenced 639 investigations. Investigations were conducted into matters including: fraud (38 per cent), maladministration (17 per cent), and procurement misconduct (11 per cent).

2.39 IPIDB developed draft Fraud Control Instructions (FCI) in 2020 to support fraud related investigations and recovery of debts. The FCIs described IPIDB’s responsibilities, engagement with internal and external entities, and processes for assessing incidents and conducting investigations. IPIDB has also issued separate Standard Operating Procedures for PIDs, released in April 2023. The Standard Operating Procedures have been regularly reviewed, and most recently updated in January 2026.

2.40 The FCIs had an effective date of 1 December 2020 and a scheduled review date of 1 December 2022. Defence was unable to provide evidence of formal review, or a final signed version. The FCIs referenced outdated legislation and policies, did not record a document history, and did not identify an accountable officer.⁴³ Defence advised the ANAO in March 2026 that a ‘review of the FCIs was undertaken in November 2022 as part of a Modernisation Program, which was later discontinued’ and that updated governance documents have been issued between 2024 and 2026 to ‘target specific investigative functions and requirements’. Defence advised the ANAO in May 2026 that these updated documents ‘override the FCIs from their date of earliest introduction, effective 30 August 2022’.

2.41 These documents include guidance and requirements for the use of case management systems, IPIDB jurisdiction, engagement with the National Anti-Corruption Commission (NACC), decision-making authority, and the preparation of investigation reports. As at March 2026, governance documents covering the triage and assessment of reported incidents, investigation planning and interviewing, and evidence management were in draft.

2.42 The Defence Instruction requires all personnel to declare conflicts as they arise using the AF220 Defence Conflict of Interest Declaration Form. Defence advised the ANAO in February 2026 that IPIDB manages independence and conflicts of interest in accordance with the Defence Instruction and that Defence Integrity Division holds the enterprise-level register for recording conflicts.

2.43 IPIDB guidance requires investigators to consult or consider engagement with other DIAs and entities in certain circumstances including: less serious and complex ADF fraud with JMPU; matters that are categorised as not routine or minor with the Australian Federal Police (AFP); serious or systemic corruption with the NACC⁴⁴; and potential APS code of conduct breaches with the Human Resources Services Branch.

2.44 As outlined at Table 2.1, matters that fall under IPIDB’s jurisdiction, such as fraud and conflicts of interest, may constitute a breach of the APS Code of Conduct. IPIDB and Human Resources Services Branch guidance does not establish clear jurisdiction boundaries or clear criteria for consultation on matters that may fall under the remit of both IPIDB and Human Resources Services Branch. Defence advised the ANAO in May 2026 that ‘Fraud and corruption matters may be pursued criminally (by IPIDB) or administratively (by [the Human Resources Services Branch]), with various factors such as alleged value of loss, seriousness of the conduct, availability of evidence, and relevant prosecution policies, informing the most suitable approach for each incident.’ As discussed in Case Study 3, the Human Resources Services Branch did not consult with IPIDB in relation to a $14,800 timesheet fraud investigation.

2.45 The PSPF requires entities to report incidents impacting a person’s suitability to hold a security clearance to AGSVA. Matters that require reporting to AGSVA include: incurring a significant debt; changes in criminal history; disciplinary procedures; and security incidents. Defence advised the ANAO in March 2026 that AGSVA requirements for IPIDB have ‘been incorporated into draft governance guidance awaiting endorsement and is included for consideration in the Investigation Report template, used when finalising a matter.’

Defence Procurement Complaints Scheme

2.46 In March 2019, Defence’s Enterprise Business Committee (EBC), chaired by the Associate Secretary, agreed to the establishment of the Defence Procurement Complaints Scheme (DPCS) to manage all procurement-related complaints.⁴⁵ Responsibility was assigned to the Capability Acquisition and Sustainment Group (CASG). The proposal did not explain how the arrangements aligned with DIA jurisdictions or how complaints involving conflicts of interest or fraud would be treated.⁴⁶

2.47 Defence advised the ANAO in March 2026 that since April 2021, procurement complaints have been received directly by CASG, rather than through the Audit and Fraud Control Division (now known as Defence Integrity Division) as originally proposed to the EBC, to improve timeliness and reduce duplication of effort. CASG has developed a Procurement Complaints Handling fact sheet and flow chart for handling complaints, which includes referring conflict of interest and fraud matters to IPIDB.

2.48 Defence advised the ANAO in October 2025 that CASG consults with IPIDB in instances where matters may fall under IPIDB’s jurisdiction (such as fraud), however there is no documented guidance for managing potential jurisdiction overlap and referring cases to IPIDB. CASG reviews of procurement complaints are not conducted under AGIS. While CASG guidance states that investigating officers should not be ‘involved with decisions regarding procurement method … tender evaluation, the contract award or the administration of the relevant contract’, CASG procedures do not explicitly mandate independence. While AGIS does not specifically address procurement complaints, examining these complaints without independence or alignment to AGIS creates risks, particularly where integrity issues, such as suspected fraud or corruption is identified during CASG’s review. Clearer definitions of CASG’s jurisdiction or role in reviewing procurement complaints would help ensure procurement integrity issues are handled appropriately.

2.49 In February 2025, a briefing provided to the Defence Secretary advised that IPIDB’s caseload increasingly involves complex procurement-related misconduct including fraud and conflicts of interest, indicating potential systemic weaknesses and attitudes across Defence.

Security Threat and Assurance Branch

2.51 STA Branch was resourced with 101 personnel in 2024–25. During the audit period (1 January 2020 to 31 December 2025), STA Branch recorded 7,196 reported incidents and commenced 301 investigations. Investigations were conducted into matters including: inappropriate disclosure or release of information (33 per cent), unauthorised access (14 per cent), and disruptive behaviour (10 per cent).

2.52 Principle 77 Security Incident Management and Investigation in the Defence Security Principles Framework (DSPF), updated in May 2025, requires all security incidents to be reported to the Security Incident Coordination Centre (SICC) within the STA Branch.

2.53 Principle 77 is supported by DSPF Control 77.1, updated in May 2025, which states that investigations conducted by the STA Branch are to be undertaken in accordance with the Protective Security Policy Framework (PSPF) and AGIS, ‘where appropriate.’⁴⁷ The control provides guidance for responding to security incidents and states:

In the course of responding to a security incident, a Commander/Manager may need to conduct a Fact Find to gain more information, to identify vulnerabilities and determine the appropriate treatment action to contain the situation. … Commanders/Managers should not conduct a Fact Find into security incidents with an assessed SIIL [Security Incident Impact Level] of HIGH or EXTREME unless directed by SICC, the SIU [Security Investigations Unit within STA] or another DIA.

2.54 The DSPF does not set a mandatory review cycle for its principles and controls, instead stating that it is a ‘flexible policy framework’ and that ‘DSPF documents will be reviewed and updated as necessary’.⁴⁸

2.55 The STA Branch has also issued Defence Security Investigation Operating Guidelines, approved by the Assistant Secretary STA, which outline the STA Branch’s role in conducting security investigations and reporting outcomes and recommendations.⁴⁹

2.56 The guidelines state for an issue to be considered for investigation, it must be of ‘sufficient significance’ and relate to: a suspected breach, avoidance or failure to meet DSPF requirements; the identification of a failure or ineffective security control; or a series of security matters indicating a systemic or emerging issue. The guidelines include a matrix for assessing significance, and state that ‘[i]n some cases, matters that have a Low to Medium Security Incident Impact Level (SIIL) will not be of sufficient significance to warrant investigation.’ In instances where investigations determine that an individual is a security risk, the guidelines require that investigators report this to AGSVA.

2.57 The guidelines were issued in May 2020 and do not include a scheduled review period. They were updated in October 2024 to reflect the introduction of the Defence Enterprise Resource Planning Case Management System (DECMS) in May 2024 and the 2022 AGIS but still reference an outdated version of the PSPF.

2.58 Where an incident proceeds to investigation, a Security Incident Referral Checklist must be completed by the SICC, which requires the SICC to identify the DIA the incident will be handled by, the assessed Security Incident Impact Level, and whether there are any other factors to warrant investigation. The checklist does not include the Human Resources Services Branch as a DIA. As outlined at Table 2.1, some security incidents, such as inappropriate access to Defence ICT systems, may fall under the jurisdiction of STA Branch or the Human Resources Services Branch. STA Branch guidance does not outline any specific factors to be considered when determining whether a matter should be referred to another DIA.

2.59 STA Branch guidance does not specify requirements for investigator independence. Defence advised the ANAO in February 2026 that STA Branch conflicts of interest are managed through Defence’s existing conflict of interest process (see paragraph 2.42), including initial case discussions and the re-allocation of investigators where a conflict of interest is identified.

Joint Military Police Unit

2.60 JMPU was resourced with between 483 and 490 personnel in 2024–25.⁵⁰ During the audit period (1 January 2020 to 31 December 2025), JMPU recorded 21,736 reported incidents and commenced 2,351 investigations. Investigations were conducted into matters including: entitlement fraud (16 per cent), ‘sexual assault and related offences’ (15 per cent), and ‘acts intended to cause injury’ (14 per cent).

2.61 The JMPU has issued a Military Police Manual, dated 14 March 2023, under the authority of the CDF. The manual requires DFDA investigations to comply with the AGIS, including the use of investigation plans, regular updates to stakeholders, and proper evidence management. It includes templates such as investigation plans, evidence matrices and privacy notices, although the investigation plan template does not provide fields to record delegate approval or dates. JMPU has also developed templates for assessment reports and referrals of Briefs of Evidence to the Office of the Director of Military Prosecutions (ODMP).

2.62 The manual requires investigators to be independent. Defence advised the ANAO in February 2026 that JMPU conflicts of interest are managed through Defence wide processes rather than separate JMPU policies, with declared conflicts recorded in case records and system access restricted when required.

2.63 The manual comprises of four volumes, with investigation procedures set out in Volume 2. It defines the jurisdiction of JMPU and establishes an ADF Military Police Investigation Jurisdiction Model, identifying five levels of offences and responsibility for investigation. Table 2.3 outlines that offence definitions overlap and that the Jurisdiction Model does not provide a clear or consistent approach to identifying and investigating notifiable incidents. As discussed at paragraph 2.10, whether an offence is considered minor or serious under the DFDA is ultimately determined at the discretion of relevant commanders. Defence has not established guidance or safeguards to assist commanders in making this judgement, which would mitigate the risk of inequitable or disproportionate outcomes. Implementing enterprise-wide oversight and reporting arrangements would further mitigate this risk.

Table 2.3: ADF Military Police Jurisdiction Model

Source: ANAO analysis of Defence documentation.

2.64 The manual sets out arrangements for referring matters to IPIDB and states that the First Assistant Secretary Defence Integrity ‘will determine which Defence Investigative Authorities will investigate fraud offences which exceed a loss of $20,000 to the Commonwealth involving ADF members’. This monetary threshold was removed from enterprise-level policy in August 2022.

2.65 The manual also requires complaints related to the conduct of ADF military police to be referred to the IGADF. The manual does not set out a process or requirement for referral of matters to the STA Branch or AGSVA. Defence advised the ANAO in July 2025 that recommendations to notify AGSVA are ‘usually included in the investigation’s final report’ and that the decision to notify AGSVA following a JMPU investigation rests with the relevant unit. This approach is not consistent with IPIDB, STA Branch or the Human Resources Services Branch, which have established guidance or processes for the referral of matters to AGSVA. As discussed in Case Study 2, there is no evidence that a $68,808 entitlement fraud matter investigated by JMPU was referred to AGSVA for consideration of the individual’s security clearance suitability. The manual includes guidance for the referral of matters to Defence’s Sexual Misconduct Prevention and Response Office (SeMPRO) where appropriate.

2.66 The current version of Volume 2 of the manual is dated 14 March 2023 and includes a scheduled review date of 18 March 2024.⁵¹ Defence advised the ANAO in February 2026 that a review of the manual was conducted in March 2024, however ‘no documented evidence exists to confirm the conduct or completion’ of the review and that it will implement ‘formal, traceable, and auditable documentation for all future reviews’ of the manual. Prior reviews of the manual took place in January 2020, November 2020, March 2021 and March 2023.

Human Resources Services Branch

2.67 The Human Resources Services Branch (the Branch) was resourced with 9 personnel in 2024–25. During the audit period (1 January 2020 to 31 December 2025), the Branch recorded 664 reported incidents and commenced 469 investigations. Investigations were conducted into matters including: ‘failure to follow directions or policy’ (36 per cent), and ‘unacceptable behaviour’ (29 per cent).

2.68 The Public Service Act 1999 requires that entities establish written procedures to determine whether an APS employee has breached the Code of Conduct. The Branch has established Code of Conduct procedures that outline requirements for procedural fairness, delegations for decision-making, conduct of interviews and recording of decisions. The procedures state that ‘the decision maker may seek the assistance of an investigator to investigate the alleged breach’. The Branch has also established templates for investigations including: a Code of Conduct Referral Checklist; evidence matrix; and determination and notice letters. The determination and notice letters include prompts for investigators to consider referring the matter to AGSVA, which are supported by AGSVA reporting templates.

2.69 The Branch’s procedures and templates do not stipulate whether AGIS is applied to Code of Conduct investigations and do not establish independence requirements for investigators. Defence advised the ANAO in February 2026 that management of conflicts of interests for the Branch occurs ‘throughout the Code of Conduct process’ and that when a conflict is identified, the matter is reallocated to an alternative investigator or decision maker. Defence further advised that there was no register for declaring, recording or managing conflicts of interest during investigations and that the Branch has since implemented a register ‘to document such decisions in the future, which will help ensure consistent recording, improved accountability, and greater transparency in investigative processes.’

2.70 The Branch’s procedures do not provide detailed guidance on investigation practices such as the management of evidence, dealing with suspected criminal behaviour, or consulting with or referring matters to other DIAs or entities. As discussed in Case Study 3, the Branch did not consult with IPIDB in relation to a $14,800 timesheet fraud investigation and there were deficiencies in the recording of investigation evidence. Defence advised the ANAO in March 2026 that work has ‘commenced on developing procedures relating to consultation with or referral of matters to other DIAs or entities.’

2.71 The Branch uses the Handling Misconduct guide developed by the Australian Public Service Commission. The Handling Misconduct guide provides guidance for dealing with misconduct referrals and conducting investigations, including gathering and reviewing evidence, providing procedural fairness and drafting investigation reports. While the guide includes requirements for the selection of an independent decision-maker, it does not outline independence requirements for investigators and only references the application of AGIS for fraud investigations.

Inspector-General of the Australian Defence Force

2.72 The IGADF was resourced with 211 personnel in 2024–25 including 67 permanent personnel and 144 non-ongoing or ADF reserve members.⁵² The professional standards team, within the Directorate of Inquiries and Investigations was resourced with three DFDA investigators, seconded from the JMPU. During the audit period (1 January 2020 to 31 December 2025), IGADF conducted a total of 295 assessments, investigations and inquiries into professional standards matters including: ‘contravention of professional standards’ (38 per cent), ‘misconduct’ (21 per cent), and ‘harassment and threatening behaviour’ (six per cent). The ‘contravention of professional standards’ category included matters related to misconduct and unacceptable behaviour.

2.73 The IGADF has established the Directorate of Inquiries and Investigations (DII), responsible for the receipt and assessment of submissions, complaints and referrals regarding the application of the military justice system and the conduct of ADF military police.

2.74 CDF Directive 25/2019 Military Police Professional Standards Framework outlines the Military Police Code of Conduct and the role of the IGADF in investigating ADF military police matters. The Directive requires that it is subject to IGADF review at least annually ‘to ensure the currency and appropriateness of both the Code of Conduct and the process of managing professional standards matters involving Military Police.’ The IGADF advised the ANAO in May 2025 that it has participated in ‘periodic reviews’ of the instruction however ‘IGADF is not bound by CDF Directive 25/2019 consistent with [IGADF’s] statutory independence.’ The Directive states that it applies to all ADF military police ‘regardless of whether that member is serving in a Military Police role or any other role’. The Defence Act 1903, which establishes the functions of the IGADF states that the IGADF’s role is to provide the Chief of the Defence Force with mechanisms for review of the military justice system ‘independent of the ordinary chain of command’ (see paragraph 1.15).

2.75 A review of the instruction has been underway since January 2023, including: the drafting of a new Code of Conduct to allow the military police chain of command ‘to handle unit-level administrative and minor disciplinary issues’; and consideration of ‘the most appropriate policy framework in which [the new Code of Conduct] should be published’. The Directive noted that it would remain in place ‘until incorporated into enduring policy’ which the CDF expected to occur ‘no later than December 2021’. Defence advised the ANAO in March 2026 that a ‘revised Military Police Code of Conduct has been drafted’ but not yet incorporated into an ‘endorsed policy instrument’, and that Directive 25/2019 is expected to remain in effect until the end of 2026. IGADF advised the ANAO in May 2026 that it ‘does not own or author the Military Police Professional Standards Framework or the Military Police Code of Conduct. These are both owned by Defence’.

2.76 DII has also established a DII Handbook that outlines processes for IGADF investigations under the DFDA and inquiries under the Inspector-General of the Australian Defence Force Regulation 2016 (IGADF Regulation). The handbook states that it ‘is not Defence policy and other relevant Defence policy (for example the Administrative Inquiries Manual and the Complaints and Resolution Manual) are to be referred to for policy guidance.’⁵³ The handbook has recorded review dates since May 2023.

2.77 The handbook establishes independence requirements for Assistant IGADFs and states that, before commencing an inquiry, the Assistant IGADF ‘is required to consider the key complainants and respondents and assess if they are able to undertake the inquiry in an impartial, unbiased and independent manner.’ Assistant IGADFs are required to submit an annual statement of independence which are ‘centrally managed’, as well as a statement for specific cases.

2.78 The handbook does not establish independence requirements for inquiry officers, or for assessment officers who conduct an initial assessment of referrals and recommend an appropriate course of action.⁵⁴ It also does not establish processes for handling matters that involve potential criminality, or processes for the referral of matters to AGSVA. IGADF advised the ANAO in November 2025 that Assistant IGADFs conducting inquiries ‘are directed not to conduct a criminal or disciplinary investigation or to conclude that an offence has been committed by any person’. In instances where criminal conduct or a service offence is identified ‘the inquiry into that aspect of the matter is to cease’ and the circumstances are to be reported to the relevant authority.

2.79 The DII Handbook provides that the IGADF may undertake an investigation under the DFDA or an inquiry under the IGADF Regulation for complaints regarding ADF military police. The Military Police Manual, which establishes requirements for DFDA investigations, states that it is ‘issued under the authority of the CDF’ and applies to all ADF military police, including those who undertake DFDA investigations. IGADF advised the ANAO in July 2025 that Defence policy and the Military Police Manual ‘does not bind the OIGADF [Office of the IGADF]’. IGADF advised the ANAO in March 2026 that it is updating the DII Handbook ‘to make clearer reference to the Military Police Manual’ and the application of AGIS requirements. As discussed in Case Study 5, deficiencies were identified with an IGADF investigation into entitlement fraud, including not being able to evidence completion of required investigation assessment and planning documents and not providing regular updates to stakeholders.

2.80 The handbook does not include guidance or procedures for determining whether an inquiry or investigation is more appropriate. Unlike investigations: AGIS requirements, including qualification requirements, do not apply to IGADF inquiries; IGADF inquiries are not bound by the rules of evidence⁵⁵; may be conducted in public or private; and establish different limitations for legal representation.⁵⁶

Alignment with AGIS

2.81 The AGIS establishes a standard for Australian Government entities conducting administrative, civil or criminal investigations and states that any deviation from the AGIS ‘is a decision and must be recorded.’ The AGIS are expressed as four ‘principle streams’ with supporting requirements:

• Personnel — requirements for investigators to be fair, unbiased, and appropriately skilled and qualified, and for investigations to be conducted in accordance with relevant legislation and regulations.
• Information and evidence management — requirements for managing the disclosure of investigation information, and the use of information management systems to support investigation recording and decision-making.
• Investigative practices — requirements for the establishment of Risk Management Frameworks and investigation procedures, the collection and handling of evidence, and the recording of decisions.
• Quality assurance — requirements for the establishment of a Quality Assurance Policy and the conduct of quality reviews and audits.

2.82 Table 2.4 outlines the extent to which investigations processes and guidance established by each DIA and the IGADF reflects and aligns with requirements established under each AGIS principle.

Table 2.4: ANAO assessment — DIA and IGADF guidance alignment with AGIS requirements

Key: ● Fully aligned ◕ Largely aligned ◑ Half aligned ◔ Partly aligned ◯ Not aligned

Note a: IGADF uses the Military Police Manual for DFDA investigations. Assessment of IGADF is based on review of the DII Handbook as well as the Military Police Manual, where appropriate.

Source: ANAO analysis of Defence documentation.

2.83 DIA and IGADF guidance has not covered or aligned with the AGIS principles, including:

• quality assurance (see paragraphs 3.60–3.84);
• disclosure and request of documents with internal and external stakeholders;
• transfer or referral of matters to other DIAs or external entities;
• handling information impacted by Legal Professional Privilege;
• investigator competence and qualifications (see paragraphs 2.86–2.96);
• use of case management systems and the management and review of evidence;
• considering the admissibility of evidence in investigation planning; and
• establishment of investigation risk management frameworks.

2.84 DIA guidance has not been regularly reviewed and updated, increasing the risk that changes to Defence and Commonwealth investigation policies are not sufficiently considered in DIA investigative practices. Investigative processes differ across DIAs. While such differences reflect the varying nature of investigative work undertaken by DIAs, the lack of clearly established jurisdictions and referral mechanisms between DIAs presents a risk that matters may not be dealt with equitably.

Qualification and training requirements

2.86 The AGIS establishes qualification requirements for investigators and requires that:

• investigators hold a Certificate IV in Government Investigations (or equivalent); and
• those involved in the supervision of entity investigations hold a Diploma of Government Investigations (or equivalent).

2.87 The AGIS also requires entities to:

• document the qualifications required to conduct investigations and the timeframe in which investigators should obtain the qualifications; and
• consider the legal risk associated with engaging investigators, supervisors or operational decision makers without an appropriate qualification.

2.88 Table 2.5 outlines the extent to which guidance for each DIA and the IGADF addresses AGIS qualification requirements. The Defence Investigation Standards Manual (cancelled in December 2023) reflected AGIS qualification requirements at an enterprise level.

Table 2.5: DIA and IGADF qualification requirements^a

Note a: Qualification requirements that align with the AGIS have not been established for fact-finding officers or by CASG. Procedures developed by CASG state that ‘Training for Investigating Officers is available through the Campus course ‘Fact Finding in Incident Management’.

Note b: The IGADF utilises three investigators seconded from JMPU to conduct DFDA investigations, who are subject to the requirements of PMADF Directive 15-2024 (see paragraph 2.91).

Source: ANAO analysis of Defence documentation.

2.89 Neither Defence nor the IGADF have documented consideration of the legal risk associated with personnel not holding an appropriate qualification. Defence advised the ANAO in March 2026 that the IPIDB requirement for equivalent qualifications or career experience to be assessed by Senior Executive as an appropriate equivalent ‘inherently incorporates consideration of legal risk’ and that legal risk has been considered when establishing qualification criteria.

2.90 Two DIAs (IPIDB and JMPU) have documented the minimum training requirements for investigators. Relevant qualification requirements for JMPU are outlined in PMADF Directive 15-2024 Military Police Qualifications, signed in November 2024. Prior to this Directive, JMPU had not documented investigator training requirements in accordance with the AGIS.

2.91 IGADF uses seconded JMPU investigators for DFDA investigations. These investigators are subject to the requirements of PMADF Directive 15-2024. Assistant IGADFs conducting inquiries are required to ‘hold a form of relevant qualification, which can include’: Advanced Inquiry Officer Course; Certificate IV in Government Investigations; or relevant legal qualifications. As discussed at paragraph 2.80, AGIS requirements do not apply to IGADF inquiries.

2.92 The DIAs and IGADF have established additional mandatory training requirements for investigators covering topics including: the use of investigation case management systems (STA Branch); procedural fairness and managing Code of Conduct investigations (Human Resources Services Branch); and courses on ‘Compassionate Foundations’ and ‘Trauma-informed Practices’ (IPIDB and IGADF). Assistant IGADFs are required to complete courses on ‘Assessing and Protecting Official Information’ (this course is aimed at all Defence personnel who handle official information as part of their duties) and ‘Introduction to Administrative Inquiries’ (this course is aimed at Defence personnel who undertake Inquiry Officer Inquiries). Defence has not established standardised training requirements for investigators at an enterprise level.

2.93 Inquiry officers located with inquiry cells established by Army and Air Force are required to hold a Certificate IV in Government Investigations.⁵⁷ Navy has established a similar requirement in draft policy. Inquiry officers may be issued with a Certificate IV in Government Investigations following successful completion of Defence inquiry officer and fact-finding courses, and experience in previous fact-findings and inquiries. Defence is a Registered Training Organisation and may issue nationally recognised qualifications (such as a Certificate IV in Government Investigations).

2.94 To assess compliance with the AGIS qualification requirements by the DIAs and the IGADF, all personnel who had been recorded against investigations in Defence case management system data between 1 November 2022 (after the introduction of the 2022 AGIS) and 9 December 2024 were identified.⁵⁸ Table 2.6 outlines the extent to which Defence has recorded investigator qualifications.⁵⁹

Table 2.6: Investigator qualifications between November 2022 and December 2024, based on case management system data

Note a: This includes five investigators who are recorded as having either a Certificate IV or Diploma in Government Investigations ‘or equivalent’.

Note b: This includes two investigators who obtained a Certificate IV in Government Investigations after the investigation period being assessed in this table (November 2022 to December 2024). The Human Resources Services Branch advised the ANAO that, as at March 2026, it had ‘a total of five investigators all of which have attained the Certificate IV.’

Note c: This category only includes personnel who have not been identified as holding a Certificate IV or Diploma in Government investigations.

Note d: This includes nine investigators with investigation qualifications obtained through the Defence Force School of Policing, which JPMU considered as equivalent to a Diploma of Investigations.

Note e: Defence advised the ANAO in March 2026 that all fourteen IPIDB investigative personnel employed as at 31 December 2025 ‘held appropriate qualifications’.

Note f: Defence advised the ANAO in March 2026 that as at 1 February 2026, all STA Branch investigators held a ‘Certificate IV, Diploma or higher’.

Note g: This includes two investigators who are ‘seeking to enrol’ or are currently enrolled in a Certificate IV in Government Investigations.

Note h: Defence advised the ANAO in May 2026 that based on IPIDB’s separate register of investigator qualifications, IPIDB had a total of 37 personnel working in investigator roles between November 2022 and December 2024 and that, of these personnel, 30 either held or obtained relevant qualifications, two obtained qualifications outside of the 12-month timeframe, and five did not hold relevant qualifications. As discussed at paragraph 2.94, this table reflects personnel who had been recorded against investigations in Defence data (see footnote 61).

Note i: As discussed at paragraph 2.72, the IGADF utilises three investigators seconded from JMPU to conduct DFDA investigations. For the sampled period (1 November 2022 to 9 December 2024) one individual was recorded against two IGADF DFDA investigations. The total excludes five personnel identified by IGADF as not being investigators and who do not conduct DFDA investigations. Four of these personnel were identified as Assistant IGADFs. None of the Assistant IGADFs were identified by IGADF as holding a Certificate IV in Government Investigations, and AGIS does not mandate qualification requirements for inquiries. IGADF advised the ANAO in March 2026 that ‘many Assistant IGADFs have completed advanced inquiry officer training or hold law degrees or are highly experienced jurists. These professional qualifications and experience exceed the standards set out in the AGIS.’

Source: ANAO analysis of Defence documentation.

2.95 None of the four DIAs were able to provide evidence of appropriate qualifications being held for all investigators conducting investigations for the period sampled. Defence does not hold qualification records for 11 per cent of investigators assigned to investigations between 1 November 2022 and 9 December 2024.

2.96 There were also instances where personnel responsible for oversight or supervision of investigations did not hold, or could not provide evidence of holding, a Diploma-level qualification under AGIS. This includes:

• the Director of the Directorate of Conduct and Performance (within the Human Resources Service Branch) as well as three Assistant Directors within the Directorate who have approved Determination of Breach notices or the findings of preliminary reviews; and
• three former and current Directors of the Directorate of Inquiries and Investigations in IGADF, of which two held a Bachelor of Laws, and one completed an Advanced Inquiry Officer course and had ‘recognised equivalent experience’.

3.1 Enterprise-level monitoring, reporting and quality assurance arrangements are critical to providing senior leaders with assurance that Defence’s investigations framework is operating as intended, managing risk effectively, and supporting continuous improvement. Between 1 January 2020 and 31 December 2025, Defence recorded 31,657 incidents in its investigation case management system.

3.2 In an environment of a high volume of reported incidents investigated by multiple Defence Investigative Authorities (DIAs) and the Inspector-General of the Australian Defence Force (IGADF), with different requirements, enterprise-level oversight is essential to drive equitable, and proportionate outcomes, informed by lessons learned.

Has Defence established monitoring and quality assurance arrangements for investigations?

3.3 In May 2024, Defence implemented the Defence Enterprise Resource Planning Case Management System (DECMS), which formed part of Defence’s Enterprise Resource Planning (ERP) Program, to provide a ‘reliable and single source of data [to] enable real-time reporting, allowing for the timely provision of critical information’.⁶⁰ A proposal for the new system outlined that Defence’s previous case management approach had been fragmented, lacked integration, involved duplication of information, and required improved case management capabilities.⁶¹

3.4 Prior to the implementation of DECMS, Defence used 16 separate case management systems for recording incidents, inquiries and investigations, including:

• Defence Policing and Security Management System (DPSMS) to record Defence Investigation Authority (DIA) investigation activities and IGADF professional standards investigations and inquiries;
• Conduct Reporting and Tracking System (CRTS) to record Joint Military Police Unit (JMPU) investigations conducted under the Defence Force Discipline Act 1982 (DFDA);
• Army Incident Management System (AIMS) to record reportable incidents in Army;
• Conduct and Performance system to record complaints, misconduct, and performance management matters involving Defence personnel;
• Australian Defence Force Administrative Inquiry Tracking System (ADFAITS) to record inquiries conducted under the Defence (Inquiry) Regulations 2018; and
• ComTrack Defence to record Australian Defence Force (ADF) and Australian Public Service (APS) complaints and grievances.

3.5 In May 2024, data from source systems was migrated into DECMS following quality assurance checks. Post-migration data integrity issues were identified by Defence including the duplication of data from incidents recorded in multiple systems, and incorrect incident start dates. These issues have impacted the accuracy of reporting. DIAs have raised concerns about system functionality, including reporting and searching limitations, and system performance and availability. Defence advised the ANAO in May 2026 that system improvements had been implemented or were underway. This included implementation of a trend dashboard in September 2025 and the enabling of reporting based on keyword searches for the Security Threat and Assurance (STA) Branch in January 2026 and for the JMPU in July 2026.

3.6 The STA Branch utilises a case management spreadsheet ‘when DECMS is offline or there is an unexplained outage’ as a contingency. The Investigations and Public Interest Disclosures Branch (IPIDB) records all Public Interest Disclosures (PID) in DECMS, however manually records PID decisions under section 29(2A) of the Public Interest Disclosure Act 2013 on a spreadsheet as DECMS does not ‘currently support the legislative reporting requirements for the Commonwealth Ombudsman’ under the Public Interest Disclosure Act 2013.⁶² Defence advised the ANAO in May 2026 that system changes were in progress ‘to align DECMS functionality with PID legislative requirements.’ As discussed at paragraph 3.14, system performance and reporting limitations have limited Defence’s ability to provide the ANAO with comprehensive data on reported incidents and investigations across the department for the audit period.

Requirement to use case management systems

3.8 The Australian Government Investigations Standard (AGIS) requires that ‘Entities must develop clear procedures and supporting tools to record, retain, register, review, reveal and produce investigation information.’ Prior to its cancellation in December 2023, the Defence Investigation Standards Manual required DIAs to have written procedures for investigation activities and that the procedures ‘are to recognise DPSMS as the DIA’s primary case management system’. The Defence Investigation Standards Manual has not been replaced, as such there is no enterprise-level document that establishes a requirement for DIAs to develop written procedures for the use of case management systems. As discussed at paragraph 2.17, the 2026 Defence Instruction requires all reported incidents to be recorded in DECMS. Table 3.1 outlines whether the four DIAs have mandated the use of DPSMS or DECMS to record and manage incidents and investigations.

Table 3.1: Defence procedures governing the use of case management systems

Note a: As outlined at Table 2.3, the Military Police Manual also states that Level One Offences under JMPU’s Jurisdiction Model do not constitute notifiable incidents and are not to be raised on DPSMS.

Source: ANAO analysis of Defence documentation.

3.9 In March 2025, DECMS guidance was developed by IGADF which states that ‘All IGADF matters are to be recorded in DECMS’. The IGADF’s use of DECMS for inquiries ‘did not commence at go-live on 17 May 2024’ as ‘there were system issues which raised privacy concerns.’ IGADF advised the ANAO in May 2026 that the privacy concerns included that ‘IGADF matters were not operating as confidential, standalone cases’ and that ‘areas of Defence could be inappropriately notified of the existence of IGADF inquiries, contrary to established confidentiality and privacy expectations.’ The privacy issues were resolved in ‘late 2024’ and from August 2025, IGADF had commenced using DECMS for recording inquiries, including for cases back to 1 July 2024.

3.10 DECMS supports the centralised recording of fact-finding. The Defence Instruction requires all reported incidents to be recorded in DECMS but has not established enterprise-level arrangements mandating its use for recording fact-finding activity conducted in response to incidents. The Good Administrative Decision-Making Manual also does not establish a requirement to record fact-finding in a specific system or centralised location.

3.11 Defence advised the ANAO in May 2026 that fact-finding officers are assigned the relevant incident in DECMS and that ‘Once Fact Finding is completed, the information is forwarded to the decision maker, who is required to manage the incident, including management of documents and completion of activity tasks, within DECMS’.

Incident data

3.12 Investigations and inquiries do not meet established DIA-level performance measures for timeliness. Defence has not established enterprise-level performance measures for investigations.

3.13 Deficiencies were identified in the DECMS data, including:

• 107 investigations or inquiries with a ‘Case Status’ of ‘Closed’ with no recorded ‘Case End Date’;
• 354 investigations or inquiries with a ‘Case Status’ of ‘Closed’ where the ‘Case Outcome’ was ‘Not assigned’; and
• 22 incidents and 15 investigations with duplicate case reference numbers but different values in key fields such as ‘Case Outcome’ and start and end dates.

3.14 As outlined at paragraph 3.5, system performance and reporting limitations have been identified. This has limited Defence’s ability to provide the ANAO with comprehensive data on reported incidents and investigations across Defence for the audit period (1 January 2020 to 31 December 2025).

3.15 DECMS data provided by Defence records 31,657 reported incidents allocated to DIAs between 1 January 2020 and 31 December 2025. This included incidents with an ‘Incident category – Level 1’ of:

• policing — 16,770 incidents (53 per cent) including traffic incidents, sexual offences, theft, endangering morale, and absence without leave;
• fraud — 2,943 incidents (nine per cent) including conflicts of interest, corruption, and entitlement and allowance fraud;
• security — 8,173 incidents (26 per cent) including inappropriate handling, access or loss of Defence data, unauthorised disclosure of Defence information, lost or stolen security passes, and suspicious activity;
• Code of Conduct — 721 incidents (two per cent) including poor performance, conflicts of interest, non-performance of duties and ICT misuse; and
• 87 incidents (less than one per cent) that did not have a recorded incident category.

3.16 Figure 3.1 outlines the volume of incidents and investigations, by category, as recorded in DECMS between 1 January 2020 and 31 December 2025. This shows that the progression of incidents to investigation varies depending on the incident category. This variation may be due to the diverse nature of incidents reported to each DIA and differing evidentiary burdens for investigations. Security incidents were the least likely to proceed to investigation (four per cent), and code of conduct incidents were most likely to proceed to investigation (69 per cent).

Figure 3.1: Incidents and investigations by category, 1 January 2020 to 31 December 2025^a

Note a: DECMS data included: 69 investigations allocated to the Human Resources Services Branch where the investigation category included fraud; 74 investigations allocated to the JMPU where the investigation category was recorded as ‘Security’; 20 incidents recorded as ‘Code of Conduct’ or ‘Policing’ that involved elements of fraud; and 11 investigations involving elements of fraud that were recorded under non-fraud-related categories including ‘failure to follow directions’, ‘misconduct’ and ‘policing’.

Note b: Defence advised the ANAO in March 2026 that ‘the total number of Security Reports received for the period 1 January 2020–15 May 2024 was 54,799’. Not all Security Reports are escalated to an ‘incident’ in DECMS.

Note c: ‘Other’ comprises 2,963 incidents with categories including: ‘Duty Log’ (1,951); ‘Misconduct’ (318); ‘Maladministration’ (176); ‘Prohibited Substances’ (56); ‘Procurement Complaint’ (54); ‘Nuisance Calls’ (49); ‘Conduct’ (46); ‘Work Health and Safety’ (43); ‘PID Offences’ (28); ‘ADF Member Incident’ (24); and ‘Grievance’ (24).

Source: ANAO analysis of Defence data.

3.17 The IGADF records inquiries in DECMS. For non-professional standards inquiries it was unable to provide system data which distinguished between submissions received and subsequent inquiries, limiting the ANAO’s ability to conduct analysis of IGADF inquiry data.

3.18 In addition to recording these inquiries in DECMS, the IGADF maintains an excel spreadsheet recording non-professional standards inquiries to support internal reporting and management. Of the 79 closed inquiries recorded in this spreadsheet between 1 January 2020 and 11 December 2025, unacceptable behaviour was the most common IGADF inquiry topic (44 per cent), followed by failure of process (15 per cent), and administration mismanagement (10 per cent). Inquiry data is also recorded on DECMS, however the use of spreadsheets for manually recording inquiry information presents data integrity and security risks.

Investigation timeframes

3.19 For closed cases recorded in DECMS between 1 January 2020 and 31 December 2025, the average:

• time from the investigation start date to end date, by DIA was: IPIDB — 141 days (median 75 days); Human Resources Services Branch — 147 days (median 119 days); JMPU — 215 days (median 171 days); and STA Branch — 266 days (median 194 days);
• time from an incident being reported to the start date of an investigation by DIA was: IPIDB — 91 days (median 25 days)⁶³; Human Resources Services Branch — 55 days (median 15 days); JMPU — 41 days (median seven days); and STA Branch — 27 days (median five days); and
• length of time between incidents being reported and subsequent investigations being finalised across the DIAs was 196 days (median 160 days).⁶⁴

3.20 DECMS data for IGADF military police professional standards cases included fields for ‘Case Start Date’ and ‘Case End Date’ but did not include a field for ‘Incident Reported Date’. The IGADF DECMS data also did not distinguish between professional standards assessments, inquiries and investigations. IGADF advised the ANAO in May 2026 that ‘Internal processes have been amended and staff in the Professional Standards Cell have been directed to ensure all relevant fields within the database are completed correctly and in a timely manner’. The average time between the ‘Case Start Date’ and the ‘Case End Date’ for closed professional standards assessments, inquiries and investigations between 1 January 2020 and 31 December 2025 was 269 days (median 216 days).

3.21 For closed non-professional standards IGADF inquiries between 1 January 2020 and 11 December 2025, the average length of time between ‘inquiry directions being issued’ and ‘inquiry reports being signed’ was 386 days (median 334 days). The IGADF advised the ANAO in May 2026 that ‘matters examined by the IGADF are of a complex nature and a high emphasis is given to approaching investigations in a trauma informed and trauma responsive manner which will invariably extend the length of time a case remains open. The time period reviewed by the ANAO also includes the COVID pandemic which introduced many complicating factors and delayed the completion of inquiries as travel and the collection of evidence was severely restricted.’

3.22 A September 2023 Independent Landworthiness Board report noted that CDF Directive 25/2019 requires all incidents of alleged breaches of the Military Police Code of Conduct to be referred to IGADF, including minor incidents that could be managed at a unit level.⁶⁵ The report observed that the time taken by IGADF to conduct inquiries presented avoidable mental health and employability impacts to ADF military police and noted that affected individuals are not permitted to perform all military police duties while the subject of IGADF inquiries.

3.23 Each DIA has established targets for investigation timeliness. The Human Resources Services Branch has established targets for the completion of code of conduct investigations within 72 days. STA Branch’s Security Investigation Operating Guidelines state that ‘most investigations are expected be completed within 90 business days’ of investigation plan approval and that extensions can be approved by the Assistant Secretary STA based on ‘factors arising on a case-by-case basis.’

3.24 JMPU’s Military Police Manual states that ‘minor’ investigations for Level 1 and Level 2 offences (see Table 2.3) are to be completed within 120 working days ‘where possible’. The manual does not establish timeframes for investigations into Level 3 or Level 4 offences, however Defence advised the ANAO in March 2026 that JMPU applies the 120 working day timeframe across all investigations.⁶⁶ There is merit in JMPU codifying this requirement in the manual.

3.25 Public Interest Disclosures are subject to legislated timeframes in the Public Interest Disclosure Act 2013 (PID Act), including making a decision about the allocation of a disclosure within 14 days, and the completion of investigations within 90 days, unless an extension is granted by the Commonwealth Ombudsman’s Office. Defence advised the ANAO in March 2026 that IPIDB ‘established team-level key performance indicators (KPIs) and measures in May 2024’ including completing assessments of reported incidents within 21 days and finalising non-criminal cases within 120 days. IGADF’s 2023–25 Strategic Plan sets ‘goal measures’ to complete 85 per cent of referral assessments for military police professional standards matters within 110 days; 85 per cent of redress of grievance complaints within 90 days; and 85 per cent of inquiries into ADF member deaths within one year of inquiry directions being issued.

3.26 During the audit period, DIAs and the IGADF reported on the timeliness of investigation and inquiry activity, including through:

• JMPU’s Provost Marshal of the Australian Defence Force (PMADF) biannual report, provided to the Joint Military Police Governance Board (JMPGB);
• Human Resources Services Branch quarterly reporting to the First Assistant Secretary People Services and Wellbeing;
• IPIDB provides biannual reporting to the Commonwealth Ombudsman on compliance with PID Act timeframes, however has not established mechanisms for the regular reporting of timeliness for fraud investigations; and
• the IGADF Annual Report, provided to the Parliament.⁶⁷

3.27 Timeliness targets have not been met for the DIAs or IGADF. The Australian Public Service Commission’s (APSC) Handling Misconduct guide notes that investigation timeliness is important as:

Delays can affect the availability of reliable evidence, and the capacity of the person under investigation to respond fully to the case against them. For these reasons, among others, delays in investigations can reduce the likelihood of reaching a concluded view on whether the person did what they were alleged to have done.

3.28 The Royal Commission into Defence and Veteran Suicide report stated that lengthy inquiry timeframes are ‘unsatisfactory’ as they can have adverse impacts on the wellbeing of those involved, and recommendations made may lose their relevance and impact over time. In response to the report, the Australian Government agreed to improve transparency and accountability of the IGADF through the publication of guidance or Standard Operating Procedures, including quality assurance and performance measures, where appropriate. While the Royal Commission findings were made in relation to IGADF inquiries, the findings may also be relevant for other investigation and inquiry activities conducted in Defence.

Investigation and inquiry outcomes

3.29 As discussed at paragraph 2.5, Defence’s investigative framework is complex, supported by different processes for each DIA, and different legislative frameworks applicable to ADF members and APS personnel. As a result, investigation outcomes differ across Defence’s investigative functions. Figure 3.2 outlines investigation outcomes by the DIAs and IGADF as recorded in DECMS between 1 January 2020 and 31 December 2025.

Figure 3.2: Investigation outcomes by DIA and IGADF between 1 January 2020 and 31 December 2025

Note: This figure excludes 103 cases where the investigation outcome was recorded as ‘Not assigned’ and 84 cases where outcomes could not be clearly mapped to one of the categories listed in Figure 3.2.

Source: ANAO analysis of Defence data.

3.30 For all DIAs except the Human Resources Services Branch, the most common outcome was investigations being ceased due to insufficient evidence or the matter being unfounded. IPIDB recorded the highest proportion of investigations ceased (69 per cent), and the Human Resources Services Branch recorded the lowest proportion (41 per cent). The high proportion of IPIDB investigations ceased may reflect the higher burden of evidentiary proof required for criminal investigations.

3.31 The ‘Recommendations/Actions Provided’ outcome category in Figure 3.2 includes administrative action, charges under the DFDA, and action under the Public Service Act 1999. Defence DECMS data did not include these more detailed outcomes against cases where the recorded outcome was ‘Recommendations/Actions Provided’.

3.32 ANAO analysis of data from Defence’s previous case management system (DPSMS) identified that, between 1 January 2020 and 15 May 2024, investigations which substantiated allegations most commonly resulted in either: action under the Public Service Act 1999 (Human Resources Services Branch); charges under the DFDA (JMPU); or administrative action (STA Branch, IPIDB, and IGADF). As discussed at paragraphs 1.3–1.4, ADF members and APS personnel are subject to different legislative frameworks for administrative and disciplinary matters, including through the DFDA and the Public Service Act 1999.

3.33 Defence was not able to provide evidence on actions taken by units and business areas in response to investigation outcomes for at least five cases. One IGADF inquiry from October 2024 was identified where the relevant unit took no subsequent action against a member as the unit was not satisfied that the inquiry sufficiently considered relevant evidence or that procedural fairness had been provided to the member.⁶⁸

3.34 A November 2021 IGADF own-initiative inquiry report into Implementation of Military Justice Arrangements for Dealing with Sexual Misconduct in the Australian Defence Force stated there was an ‘increasing trend towards the use of administrative action and away from the Defence Force Discipline Act’ and that Defence is ‘unaware of how consistently and rigorously administrative action is applied’.

3.35 There is overlap in the jurisdiction of DIAs and there is limited guidance on assigning and referring cases between the DIAs (see paragraphs 2.37–2.80). Differences in investigation processes across the DIAs and IGADF present risks that similar cases are not dealt with proportionately or equitably across Defence.

3.36 Acknowledging that matters will involve varying circumstances and evidence, a review of DECMS data identified three DIAs (IPIDB, JMPU and Human Resources Services Branch), which had recorded 63 closed investigations with a recorded incident category or sub-category of ‘Conflict of Interest’, between 1 January 2020 and 31 December 2025.

• Eleven investigations were conducted by the Human Resources Services Branch, of which three had a recorded outcome of sanctions imposed under the Public Service Act 1999.
• Forty-nine investigations were conducted by IPIDB, of which: 13 resulted in recommendations being made; five were referred back to units; and two recorded an outcome of ‘No charges’.
• Three investigations conducted by JMPU were either ceased or unsubstantiated.

3.37 One IPIDB investigation into a conflict of interest matter in February 2023 found that undeclared conflicts of interest existed within a unit and that additional undeclared conflicts were ‘probable’. The investigation report noted that the matter was handled as an administrative inquiry to protect operational security. This approach was taken in recognition that criminal proceedings would require significant legal action and formal authority to identify protected witnesses and respondents, and that the ‘established facts would not necessarily warrant’ criminal prosecution.

Reporting arrangements

3.38 Enterprise-level reporting by Defence on the trends and outcomes of incidents and investigations across DIAs and IGADF is not conducted. The 2026 Defence Instruction does not establish requirements for regular reporting by DIAs. Previous Defence instructions established reporting requirements, including:

• Defence Instruction ADMIN 45-4 (see paragraph 2.19) required quarterly reporting on compliance with the Defence Investigation Standards Manual to the quarterly Head Defence Investigative Authorities Conference (HDIAC) (see paragraphs 3.42–3.46); and
• Defence Instruction FIN 12-1 (see paragraph 2.15) required: reporting by DIAs to the Inspector-General Defence Group (now Defence Integrity Division) on systemic weaknesses in Defence and patterns of offences that may be revealed through assessments and investigations of fraud-related matters; and annual reporting to the Secretary and Chief of the Defence Force (CDF) on the outcome of fraud investigations and trends.

3.39 The JMPU provided evidence of quarterly strategic intelligence reporting provided to Defence’s Senior Leadership Group, which included detail on incident trends over the relevant quarter.⁶⁹ Defence advised the ANAO in May 2025 that the Human Resources Services Branch ‘was not classified as a DIA during the period that this Instruction was in force … and therefore was not required to comply’ with the fraud reporting requirements of Defence Instruction FIN 12-1.

3.40 The requirement for annual reporting to the Secretary and CDF on the outcome of fraud investigations and trends was retained in Defence Instruction FIN 12-1 until its cancellation in August 2022. Defence advised the ANAO in May 2025 that annual reporting has been provided to the Secretary and CDF through annual reporting from the Defence Audit and Risk Committee (DARC) to the Secretary and CDF, and the Chief Financial Officer’s annual significant non-compliance report. This reporting did not include information on the outcomes of fraud investigations and trends within Defence.

3.41 Table 3.2 outlines a summary of reporting arrangements established by DIAs and IGADF. Each investigative function has established reporting arrangements. These arrangements do not provide a consolidated view of investigation and inquiry performance at an enterprise level. This limits the Secretary and CDF’s visibility of emerging trends, risks, and opportunities across Defence’s investigative functions.

Table 3.2: DIA-level and IGADF reporting arrangements

Note a: This reporting supports the Commonwealth Ombudsman’s obligation under the Public Interest Disclosure Act 2013 to prepare biannual reports on the operation of the Act.

Note b: Quarterly control reporting was conducted ‘until the introduction of DECMS in May 2024.’ Quarterly reporting recommenced in September 2025 including data backdated to July 2024.

Note c: JMPU was unable to locate JMPGB records for the years 2021 and 2022. Defence advised the ANAO in March 2026 that ‘From 2021 onward, the PM-ADF adopted an annual reporting cycle, resulting in the cessation of biannual reporting by JMPU in alignment with this enterprise-level change’. Despite this change, biannual reports were produced for the periods July 2022 to December 2022 and January 2023 to June 2023.

Note d: The IGADF advised the ANAO in March 2026 that the monthly briefs to the CDF ‘ceased before October 2025’ and that ‘IGADF is preparing to publish quarterly data of the type previously included in his briefs to CDF on the IGADF website.’

Source: ANAO analysis of Defence documentation.

Head Defence Investigative Authorities Conference

3.42 Defence Instruction ADMIN 45-4 Defence Investigation Standards required quarterly reporting on compliance with the Defence Investigation Standards Manual to the Head Defence Investigative Authorities Conference (HDIAC), with any instances of non-compliance to be managed by the IGADF. The role of the HDIAC was to ‘oversee the development of Defence investigation policy and to guide the direction of the Defence investigative effort on behalf of the CDF, Secretary and Service Chiefs’. It comprised of the head of each DIA, (excluding the Human Resources Services Branch, which became a DIA in July 2022) and representatives from IGADF, the Office of the Director of Military Prosecutions (ODMP), and JMPU as permanent observers.

3.43 Since 2008, the HDIAC has not met quarterly as required under its business rules.⁷⁰ The minutes of the December 2019 HDIAC meeting noted that the following meeting would ‘focus on the merits of turning off the HDIAC’ and that:

PM ADF [Provost Marshal Australian Defence Force] … proposed that the HDIAC Permanent Members … attend the next JMP GB in Mar 20 as observers with a view to establishing the potential viability of a Joint Military Police/Defence Investigative Authority under a Joint Sec/CDF Directive in lieu of continued HDIAC Mtgs.

3.44 The requirement for ongoing HDIAC meetings and the establishment of new arrangements ‘in lieu of’ continued HDIAC meetings was not discussed at the subsequent April 2020 JMPGB meeting.⁷¹ There are no records of any HDIAC meetings after December 2019.

3.45 Following the final HDIAC meeting in December 2019, there have been no formalised arrangements put in place for meetings between all DIAs to discuss investigations. Defence advised the ANAO in March 2026 that, since October 2023, Defence has conducted an informal monthly ‘DIA sync meeting’ to cover areas relating to recruitment and staffing, techniques and methods, and training and development. Prior to May 2025, JMPU, which is the DIA responsible for the largest number of investigations, wasn’t included in the DIA meetings.

3.46 Enterprise-level reporting on the trends and outcomes of incidents and investigations across DIAs and IGADF is not conducted.⁷² Since the cancellation of Defence Instruction FIN 12-1 in August 2022, Defence has not established a requirement for DIAs to report the outcomes and trends of fraud incidents and investigations to IPIDB. Defence has also not put in place enterprise-level arrangements to measure the performance and compliance of its investigative functions. This limits Defence’s visibility of enterprise-level investigation risks, trends and outcomes.

Recording and reporting of fraud losses

3.48 Defence reporting on fraud losses and recoveries is not complete and fraud-related debts have not been managed in accordance with the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Section 11 of the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) requires that entities pursue the recovery of debts unless: it is not considered economical to pursue debt recovery; the debt is not legally recoverable; or the debt has been appropriately written off.

3.49 Defence’s Accountable Authority Instruction 7 (AAI7) reflects the requirement to recover financial losses. AAI7 states that, while the Secretary for Defence, or their delegate, may decide to not recover (or write off) a debt, ‘Only the Minister for Finance or their delegate can approve a debt waiver that permanently extinguishes a debt’.

3.50 The Defence Investigation Standards Manual (cancelled in December 2023) also included requirements relating to recovery action, including that DIAs:

• have policies in place that outline the legislative requirements for recovery of losses;
• have processes in place for referring matters to the appropriate authority for recovery action; and
• record the financial value of fraud losses and track debt recovery.

3.51 IPIDB’s Fraud Control Instructions (FCI) established procedures ‘with regard to debt recovery for all fraud and conduct-related debts within Defence … to ensure a consistent, lawful and professional approach to the recovery of fraud and conduct-related debts’. IPIDB’s updated governance documents (see paragraphs 2.40–2.41) do not include finalised guidance for the referral and recovery of fraud-related debts. Accountable Authority Instruction 1 (AAI1) outlines one of the responsibilities of the First Assistant Secretary Defence Integrity as ‘fraud-related and corruption-related debt recovery’.

3.52 The Defence Integrity Division (DID) provides a quarterly update to Defence’s Enterprise Business Committee (EBC) and a biannual fraud control report to the Defence Audit and Risk Committee (DARC).⁷³ These reports include detail on the number of fraud and corruption incidents reported, investigations closed, the financial loss associated with fraud, and losses recovered. Table 3.3 outlines the estimated fraud losses and recoveries as reported to the DARC between September 2021 and September 2025.

Table 3.3: Estimated fraud losses and recovery reported to DARC between September 2021 and September 2025

Note a: Estimated fraud loss figures are based on fraud investigations closed during the relevant financial year, regardless of when the investigation commenced.

Note b: This figure was reported in the September 2021 biannual fraud control report. The December 2024 biannual report amended this figure to $1,326,440 (a reduction of $323,865). This case is discussed at paragraph 3.54.

Note c: This figure was reported in the November 2023 biannual fraud control report. The December 2024 biannual report amended this figure to $1,968,057 (an increase of $302,479). Defence advised the ANAO in November 2025 that the amendment was due to quality assurance activities which ‘identified that the estimated fraud loss for the 141 cases closed was incorrect.’

Note d: Recovery figures include all fraud recovery payments received in the financial year, regardless of the year in which the investigation was closed.

Note e: This figure includes a fraud case related to a Defence contractor with a fraud value of $1,377,897, of which the full amount was recovered (see Case Study 1).

Note f: This figure includes a fraud case related to a Defence contractor with a fraud value of $2,119,144, of which the full amount was recovered (see paragraphs 3.55–3.56).

Source: ANAO analysis of Defence documentation.

3.53 The estimated losses to Defence vary year on year, with variations in 2022–23 and 2023–24 largely driven by fraudulent activity by Defence contractors. Defence’s recovery of funds significantly increased between 2022–23 and 2023–24, largely reflecting the recovery of funds for two individual cases related to high-value contractor frauds.

3.54 The estimated fraud loss for 2020–21 was amended in December 2024 after the loss was attributed to an administrative error rather than fraud. The June 2021 case involved a vendor providing incorrect account details to Defence, resulting in Defence payments being made to the incorrect vendor in March and May 2018.

• The payments were withdrawn from the vendor account by an unknown actor and the vendor did not engage with Defence following efforts to recover the erroneous payments.
• Defence considered it plausible that the vendor knew it was receiving funds it was not entitled to and that ‘an opportunistic criminal offence may have been committed by person/s unknown that operated the [incorrect vendor] Account from where the funds were withdrawn, embarking on criminal investigation would be protracted and complex’.
• Defence decided not to pursue a criminal investigation citing ‘There are other more efficient avenues available to Defence to pursue recovery of the funds that are less likely to attract unwanted attention to such a sizeable error by Defence. Therefore, a criminal investigation is not warranted, appropriate or recommended.’ Defence negotiated repayment of the full debt amount from the vendor’s bank in October 2025.

3.55 In August and September 2023, IPIDB received allegations of Defence contractor fraud across ten Defence projects between November 2020 and August 2023.

• An Investigation Plan developed in October 2023 focused on the awarding of contracts for two Defence projects. An investigation report, finalised in May 2024, found that an employee of the contractor invoiced Defence for work not completed. Defence was reimbursed $2,119,144.
• The report stated that a criminal prosecution was not pursued based on factors including: funds were repaid; there was ‘no fraud committed against Defence’; the matter was reported to the National Anti-Corruption Commission and New South Wales Police; and resourcing implications if an investigation was to be considered to determine whether a criminal offence had been committed under the Criminal Code Act 1995. As an example and acknowledging that each case is assessed on the facts and merits of that case, this contrasts with a previous IPIDB investigation, completed in January 2020, which noted that the CDPP have referred to a $20,000 fraud as serious and ‘warranting consideration of a custodial sentence’. Noting this and the size of the potential contractor fraud, there would have been merit in Defence engaging with the CDPP and other relevant federal agencies such as the AFP to ensure a referral was not warranted.

3.56 The key deficiencies in this case included the following.

• A previous complaint against this contractor had been raised in November 2022, which was not recorded in DPSMS, contrary to IPIDB guidance, which required all incidents and decisions to be recorded in DPSMS.
• The investigation report noted that IPIDB conducted inquiries regarding the over-inflation of quotes. It further stated that the over-inflation of quotes and invoices ‘are outside the remit of [the Directorate of Investigations]’ and that ‘Responsibility of these issues rests with SEG [Security and Estate Group] as the contract manager’. Defence referred the matter to the relevant business area, however there is merit in Defence establishing clear reporting mechanisms to enable instances such as these to be considered in aggregate and identify patterns that may indicate more serious risks.
• One of the contractor staff involved in providing investigation evidence to Defence was alleged by the original complainant as having been made aware of potential fraudulent activities against Defence and failing to take action in response. The complainant provided documentation to support their assertion. There is no evidence that Defence considered this element of the complaint or assessed what risks it may have presented to the integrity of the investigation.
• Four projects were identified involving allegations of inflated invoices. The investigation report noted that these allegations ‘were found to be true’ for three of the four projects and did not provide a clear conclusion for one project.
  • Credit notes were issued for two of the four projects to the value of $69,022. Defence was unable to locate the credit notes for the other two projects but advised that relevant purchase orders were adjusted to the value of $54,179. The total adjustment across the four projects of $123,201 was not included in the overall fraud value of $2,119,144 reported to the DARC.

3.57 The figures reported to the DARC and EBC are based on incidents and investigations with a category recorded as ‘fraud’. Figure 3.1 outlines there were incidents and investigations that involved elements of fraud, which were categorised under non-fraud categories in case management system data. Deficiencies in fraud data and the management of fraud incidents included the following.

• At least five cases were identified as not having corresponding fraud-related entries in case management systems, including one September 2024 case of timesheet fraud (valued at $14,955).
• Not recording fraud values for incidents. For example, an August 2022 case of meal fraud valued at $734 was categorised as a ‘fraud’ incident in DPSMS but did not have an associated fraud value or recovery amount recorded in the system. Defence was unable to advise whether the loss for this case was recovered or written off.
• Unrecovered fraud-related debts have not been written off, including where the recovery efforts were unsuccessful, not undertaken in a timely manner, or abandoned due to the time elapsed. In one case, Defence accepted partial repayment to settle a larger debt in October 2022 but could not provide evidence of the delegate’s approval to do so.
• Non-recovery of fraud-related debts for matters referred back to units for action. In August 2022, an IPIDB investigator identified an instance where the ODMP decided not to prosecute a rental allowance fraud of approximately $16,000 and the matter was referred back to the unit for action. The email noted that ‘no action to recover the funds was pursued because of the decision by ODMP … It seems that some units are making unilateral decisions not to refer these debts … for recovery, instead choosing to do nothing.’
• Instances where: fact-finding was conducted into fraud-related incidents that were not reported to a DIA; potential meal fraud matters were not recorded on DPSMS; and fraud losses and recoveries were not recorded or conducted.

3.58 The impact of these issues is that Defence’s ability to recover fraud-related debts is reduced and the reporting of fraud-related incidents and investigations to the DARC and EBC does not reflect the full scale of fraudulent activity reported and investigated within Defence. Further, Defence’s reporting includes information on fraud losses and recoveries, but it does not include detail on the value of fraud losses written off. This limits the DARC and EBC’s visibility over Defence’s compliance with Section 11 of the PGPA Rule (see paragraph 3.48).

Quality assurance

3.60 None of the DIAs nor the IGADF have established quality assurance arrangements that align with AGIS, and three DIAs have undergone external quality assurance reviews since January 2020. These reviews identified deficiencies in record keeping, the provision of procedural fairness, the consideration of investigation evidence, and decision-making impartiality.

3.61 The AGIS sets out quality assurance requirements including, the requirement for entities to have a Quality Assurance Policy for investigations, with regular quality assurance activities, and a formal external assurance activity every two years.⁷⁴ Outcomes of the quality assurance activity are to be reported to the relevant entity Committees or Executive.

3.62 Defence has not established quality assurance requirements for investigations at an enterprise level.⁷⁵ None of the four DIAs or IGADF have established a Quality Assurance Policy as required under AGIS. Three DIAs (IPIDB, Human Resources Services Branch and STA Branch) underwent a management initiated review in January 2020 (see paragraph 2.8).

3.63 DIAs have established quality assurance arrangements and conducted quality assurance activities as outlined below.

Investigations and Public Interest Disclosures Branch

3.64 The Fraud Control Instructions (FCIs) stated that the AFP would, ‘on occasions, conduct Quality Assurance Reviews (QAR) of [IPIDB’s] investigative performance.’ Defence advised the ANAO in November 2025 that no AFP reviews have been conducted since 1 January 2020. IPIDB provided evidence of an AFP investigation review conducted in March 2019. The review found that the investigation was conducted largely in accordance with the AGIS, but noted that conversations held with the CDPP, attempts to locate the person of interest, and critical decisions made throughout the investigation, were not recorded on DPSMS.

3.65 Two contracted-out quality assurance reviews (September 2020 and January 2022), and one ‘own motion investigation’ by the Commonwealth Ombudsman (September 2022) were conducted during the audit period (1 January 2020 to 31 December 2025). The reviews found deficiencies in IPIDB’s investigation arrangements including that IPIDB was ‘partially compliant with the AGIS’ due to: inconsistent evaluation of referrals; investigation plans lacking key information on offences, evidence sources, resourcing and timeframes; poor record keeping; investigation reports that were not well structured and did not sufficiently reference supporting evidence; insufficient consideration of exonerating evidence; and procedural requirements that did not align with AGIS.⁷⁶ Defence advised the ANAO in November 2024 that IPIDB conducts quality assurance reviews at the completion of every investigation including self-review, peer review, and supervisor review. These reviews are considered ‘informal’ quality reviews under the AGIS.

Security Threat and Assurance Branch

3.66 STA Branch’s investigation procedures require the Director Security Investigations Unit to conduct a quality assurance check of investigation plans and reports before progressing them to the Assistant Secretary STA for approval, and quality assurance checks to be conducted for data entered into DECMS when allegations are referred to another DIA. The procedures do not include requirements for formal internal or external quality assurance reviews.

3.67 A quality assurance review conducted by the Department of Home Affairs in June 2025 found that assessed security investigations were conducted in accordance with AGIS. The review identified one area for improvement, relating to the tracking of recommendations from security investigations.

Human Resources Services Branch

3.68 The Human Resources Services Branch uses the APSC’s Handling Misconduct Guide to support the conduct of investigations (see paragraph 2.71). The guide recommends entities implement quality assurance mechanisms such as:

• checklists to ensure that procedural steps have been completed appropriately and good records kept;
• periodically auditing a sample of misconduct files to evaluate if correct procedures and record keeping requirements are being followed; and
• analysing misconduct data to track case progress and outcomes and identify trends and high-risk individuals.

3.69 The Branch has not established procedures for the above mechanisms or for formal internal or external quality assurance reviews. External reviews of the Branch are ‘primarily through outcomes of Reviews (ie Merit Protection Commission, Fair Work Commission and Federal Circuit Court).’

3.70 Between 1 January 2020 and 31 December 2025, the Branch completed 469 investigations, of which Defence advised that 41 (nine per cent) were reviewed by the Merit Protection Commissioner (MPC). The ANAO examined 28 cases reviewed by the MPC, and of these, the MPC recommended in 15 cases (54 per cent) that Defence’s original decision be partially or fully amended due to deficiencies in investigative processes. This included: failure to provide procedural fairness; findings not supported by sufficient evidence or based on insufficient understanding of legislative requirements; and apprehended bias and lack of impartiality in decision-making. In March 2022, one matter considered by the Fair Work Commission identified a failure to consider exculpatory evidence, and investigation findings that were not supported by evidence.

3.71 The APSC’s Handling Misconduct Guide states that entities should ‘assess the outcomes of reviews conducted by the MPC to identify any concerns about the quality of decision-making in the agency that may point to systemic issues or a need to improve capability’. Defence advised the ANAO in March 2026 that a review of MPC decisions was undertaken in March 2025 ‘to identify systemic issues and remediation action which has since been put in place to improve capability’.

Joint Military Police Unit

3.72 The Military Police Manual outlines requirements for annual Technical Standards Inspections (TSIs) at all Joint Military Police Stations to assess record keeping and compliance with legislation and policy. Supporting TSI procedures require that TSI ‘statistical data is available’ for each Joint Military Police Governance Board (JMPGB) meeting.

3.73 The requirement for annual TSI inspections of Joint Military Police Force (JMPF) stations was introduced in August 2020, to take effect from January 2021. Between January 2021 and December 2025, six of the 10 Joint Military Police Stations have been subject to an annual inspection.⁷⁷ Of the four stations that were not subject to annual inspections, two (Melbourne and Sydney) have been inspected each year except for 2021, one (JMPU Headquarters Select Investigation Team) was inspected in 2023 and 2025, and one (Butterworth) was only inspected in 2023.

3.74 TSIs identified deficiencies relating to: exhibit management; compliance with case management system record keeping requirements; not conducting periodic reviews of incidents; not completing assessment forms and reports in response to incidents; failure to follow correct procedures for search warrants; and referral of incidents back to units that ‘should be assessed by the JMPF [Joint Military Police Force] Assessment Board’. One of the 13 TSI reports reviewed was not signed off by relevant personnel as required by the report template.

3.75 An abridged TSI conducted into JMPU Headquarters’ Select Investigation Team in 2023 identified ‘multiple examples’ of failures to comply with DPSMS record keeping requirements including: not entering key data such as investigation notes, primary investigator, and the identity of alleged offenders; entering information in incorrect DPSMS fields; and not uploading required investigation documentation, such as investigation reports.⁷⁸ The report recommended a ‘full audit within six months’ and noted that the findings potentially reflected ‘a longer-term systemic issue’. The full audit was conducted in July 2025 which identified a ‘marked improvement’, with minor record keeping and exhibit management issues remaining. Defence advised the ANAO in March 2026 that JMPU’s Select Investigation Team ‘have been formally incorporated into the JMPU annual TSI audit program’.

3.76 Of the four JMPGB meetings that were held between January 2021 and April 2025 for which minutes could be located, there was one instance (March 2025) where TSI results were discussed.⁷⁹ The paper presented to the JMPGB noted recurring issues with compliance with DECMS record-keeping requirements.

3.77 The Military Police Manual does not include requirements for external review of JMPU investigation activities. Since January 2020, there have been no external quality assurance reviews conducted into JMPU investigation compliance or performance. It further notes that ‘random checks of Defence Policing and Security Management System (DPSMS) entries should be conducted, when time permits, to ensure compliance with policy and quality of reporting.’ Defence advised the ANAO in September 2025 that ‘There is no evidence of random checks of DPSMS having been conducted’.

IGADF

3.78 The Directorate of Investigations and Inquiries (DII) Handbook requires that an internal legal review is conducted over decision briefs and briefs of evidence for professional standards cases and inquiry reports prior to submission for delegate approval. During the audit period (1 January 2020 to 31 December 2025) the IGADF had not established requirements for external quality assurance and had not been subject to external quality reviews as:

JMPU have not conducted annual technical inspections of our records. An interim QA process involves the IGADF DPSMS Manager reviewing the content of DPSMS data against any Objective and case file records prior to closure.

3.79 The Military Police Manual provides that PMADF exercises ‘technical control’ over all ADF Military Police (MP) and that ‘MP elements outside the JMPU, who are undertaking policing tasks or functions, must maintain standards prescribed by the PM-ADF.’⁸⁰ JMPU ‘informally engaged’ with IGADF ‘In the last half of 2023 … offering to conduct technical standard inspections of IG-ADF’. Minutes from the March 2025 JMPGB meeting state that the need to maintain IGADF independence was discussed and that IGADF maintains technical assurance of ADF military police seconded from JMPU, through Deputy IGADF oversight. IGADF advised the ANAO in May 2026 that ‘as an independent statutory office that oversights the JMPU, it is not appropriate for the JMPU to audit the IGADF.’

3.80 Deputy IGADF oversight is conducted through: the implementation of a formal reporting chain to the Deputy IGADF; monthly updates between the Director of Inquiries and Investigations with the Inspector-General and Deputy IGADF; and Deputy IGADF review and approval of investigation reports. These arrangements do not cover the range of assessments conducted under JMPU TSIs, which include a formalised assessment of investigative processes including: whether incidents have been appropriately assessed; completion of risk assessments and investigation plans; recording of investigation activity; maintenance of exhibits; conduct of interviews and searches; and investigation reporting and closure.

3.81 IGADF advised the ANAO in March 2026 that it ‘will seek to establish a mechanism for independent external reviews to provide further assurance on DII practices (and where appropriate other Office of the IGADF activities)’.

Military justice performance reviews and audits

3.82 As discussed at paragraph 1.16, the IGADF conducts military justice performance reviews and audits to assess ADF member understanding of, and compliance with, military justice requirements. This includes assessing the extent to which units comply with notifiable incident reporting requirements and the conduct of fact-findings. The IGADF has developed a Directorate of Military Justice Performance and Review Handbook which outlines requirements for the frequency of audits, selection of units, distribution of reports and the monitoring of audit recommendations.

3.83 Deficiencies identified through IGADF audits include: poor record keeping for investigations and fact-finds; fact-finds being conducted into potential notifiable incidents; not reporting notifiable incidents in accordance with the Defence Instruction; and not reporting relevant matters to the Australian Government Security Vetting Agency (AGSVA). As an example, one IGADF audit conducted in April 2024 noted unit commentary that JMPU sometimes placed ‘the burden of undertaking a DFDA investigation back on the unit’ and that in one case, a fraud related matter was referred back to the unit ‘for reasons that remain unclear’. Defence advised the ANAO in May 2026 that ‘decisions to manage matters at unit level are informed by a range of legitimate considerations, including evidentiary complexity, resourcing, legal advice, and an assessment of the most effective and proportionate response’.

Privacy breaches

3.85 The Privacy Act 1988 establishes standards for the collection, use, and disclosure of personal information, and provides the legislative basis for the Notifiable Data Breaches Scheme. Under this scheme, a notifiable breach occurs when there is unauthorised access to, or unauthorised disclosure of, personal information that is likely to result in serious harm to individuals and the entity hasn’t been able to prevent the likely risk of serious harm with remedial action. In these cases, entities are required to notify impacted individuals.

3.86 There were two Defence Incident Records on Defence’s intranet that contained sensitive personal information regarding unacceptable behaviour incidents. Defence advised the ANAO in June 2025 that the records were likely uploaded to Defence’s intranet from an automated system process and that work was underway to determine if there is a technical solution to address the issue. Defence also advised that the records ‘remain available to anyone with the link saved but cannot be searched for or found without the link’ and that ‘no logs are available of who may have had access’ to the records. In response to further ANAO queries, Defence advised that it did not consider the matter to be a notifiable data breach under the Privacy Act 1988 as ‘[t]he identified documents have not been accessed by individuals unauthorised to access the documents’. There is merit in Defence obtaining additional assurance that this issue is not more widespread and does not constitute a notifiable data breach.

3.87 In a separate case reviewed by the ANAO, a security incident was reported to the Defence Security Operations Centre (DSOC) in April 2021. An initial assessment conducted by the DSOC in April 2021 identified that an officer within the Office of the Director of Military Prosecutions (ODMP) had been using their personal email and laptop to store sensitive military justice related documents. An STA Branch investigation subsequently determined that these documents ‘were likely accessed by an unknown cyber threat actor’. The investigation report did not identify non-compliance with any specific Defence policies. The specific details are outlined below.

• May 2021, Defence submitted a notifiable data breach notification to the Office of the Australian Information Commissioner (OAIC) on the matter.
• October 2021, a ‘Harm Assessment’ was conducted by an outsourced cyber support service which found that 515 individuals were impacted by the breach and required notification.
• November 2021, Defence requested IGADF inquire into the conduct of the ODMP officer and determine whether there was a ‘potential systemic issue’ of using personal email addresses among ADF Legal Officers. The ANAO was unable to locate an inquiry plan on file for this matter. The IGADF inquiry identified that up to 12 per cent of ADF legal officers sampled sent information to personal email accounts, and a smaller number had ‘concealed the nature of Defence official information’ by under-classifying emails when emailing Defence documents.
• The inquiry report noted that, as the officers were selected randomly, no adverse findings were made against the individuals. There is no evidence that any action was taken against the ADF Legal Officers.
• November 2021, a brief provided to the Associate Secretary noted that the OAIC had raised concerns regarding Defence’s progress in notifying impacted individuals since becoming aware of the breach in April 2021 and that a notice was required to be posted on Defence’s public website as Defence was unable to identify all 515 individuals involved in the data breach. Defence advised the Defence Minister in November 2021 that it would not issue a public notice.
• January 2022, the Associate Secretary wrote to the OAIC seeking an exemption from the requirement to publish information regarding the data breach as it would cause distress to individuals who were not impacted by the breach, noting that not all impacted individuals were able to be identified. Defence was unable to provide evidence of a response from OAIC regarding the exemption. Defence advised the ANAO in December 2025 that it did not publish a notice on its external website and that OAIC was notified of this decision in December 2022.

Have selected investigations been conducted in accordance with the framework?

Referral of incidents for assessment

3.88 Referrals of matters, and decisions to conduct investigations in response to incidents have not been applied consistently within and across DIAs, including in relation to ADF member fraud, sexual misconduct, and security. For example, a July 2023 Defence internal audit found that 3,558 ADF members (49 per cent of those sampled) were non-compliant with the ADF meal entitlements policy, estimating the value of these meals at $357,693.

• JMPU reviewed the 100 members with the highest unentitled meal claims, resulting in the investigation of members who had claimed at least 142 meals (valued at approximately $731) without paying.
• Defence advised the ANAO in May 2026 that ‘as the audit did not identify whether the non-compliances amounted to fraud, or a lack of policy awareness and/or administrative errors no DPSMS incidents were raised for the remaining 3,458 members’. This approach was not consistent with the requirement to record all incidents in DPSMS (see paragraph 2.14). Defence advised the ANAO in March 2026 that there is ‘no record to confirm whether attempts were made to recover any losses in relation to matters that were not investigated’.

3.89 Further, the ANAO identified one instance where a fraud matter, assessed as a Level 3 matter under JMPU’s Jurisdiction Model in April 2020, was not investigated by the JMPU, and the Office of the Director of Military Prosecutions (ODMP) was not consulted on this decision. As outlined in Table 2.3, Level 3 matters are ‘prescribed offences’ under the DFDA. ODMP’s 2019–20 Annual Report stated that ‘an agreement was reached at the end of 2017 to ensure that all potential ‘prescribed offences’ under investigation, in circumstances where a decision was being considered to take no further investigative action by JMPU, would be referred to ODMP for consideration as to the appropriate course of action to be taken.’

3.90 IPIDB referred a May 2024 incident involving a contracted employee forging the signature of an ADF member on an invoice back to the company to resolve. IPIDB assessed that no benefit was gained by the contractor as the form would ‘likely have been signed anyway’, and concluded the matter was outside IPIDB’s jurisdiction because the person was not a Defence contractor. Accountable Authority Instruction 1 (AAI1), which outlines the First Assistant Secretary Defence Integrity’s role in relation to fraud, as well as requirements for personnel to meet standards of governance, performance and accountability, applies to contractors, consultants and outsourced service providers undertaking duties at the direction of Defence.

Fact-finding

3.91 There is no enterprise-level policy which states that DIAs cannot refer reported notifiable incidents to responsible business areas or units for fact-finding or resolution. DIAs have referred notifiable incidents back to units and business areas for fact-finding, including matters related to conflicts of interest, sexual offences, and fraud.

3.92 DIAs have also referred notifiable incidents to CASG for consideration under the Defence Procurement Complaints Scheme (DPCS). For example, on 24 August 2020, the Audit and Fraud Control Division (AFCD), now known as Defence Integrity Division, received a complaint alleging conflicts of interest in a Defence procurement.

• On 25 August 2020, the AFCD referred the matter to CASG. The next day, the same matter was raised with the AFCD by the Defence Minister’s office.
• On 27 August 2020, the AFCD determined the matter was a notifiable incident ‘requiring oversight by AFCD’, reclaimed the matter from CASG and referred it to ADF Headquarters to conduct fact-finding.
• The referral to ADF Headquarters did not provide instruction about not alerting the person of interest, despite guidance that evidence protection should be considered.
• A subsequent IPIDB investigation report, finalised in July 2021, substantiated the allegations and found that CASG had notified the person of interest, providing them with an opportunity to conceal potential evidence. The person of interest advised Defence they altered relevant social media content after they had become aware of the ADF Headquarters fact-finding.

3.93 Fact-finding activities have been conducted in response to notifiable incidents without the incident being reported immediately (or at all) to a DIA, as required under the Defence Instruction. This includes fact-findings in response to allegations of: fraud; probity issues, corruption, or commercial impropriety; security or safety incidents; and sexual offences or misconduct.

3.94 DIAs and the IGADF have identified deficiencies with fact-findings and inquiries including: being subject to bias⁸¹; findings and conclusions that are not supported by evidence or are outside of the terms of reference; lack of experience; failure to provide procedural fairness; failure to conduct interviews with key witnesses or in accordance with Defence policies and legislation; factual inaccuracies; and poor understanding and application of Defence policies when assessing allegations. Concerns regarding conduct of fact-findings and inquiries formed the basis of at least eleven referrals to DIAs between 1 January 2020 and 31 December 2025.

3.95 The conduct of fact-finding activities by units and business areas into notifiable incidents without DIA approval indicates lack of awareness of reporting requirements and associated risks. The lack of systematic recording of fact-finding activities in Defence case management systems means it is unclear how often fact-findings have been used inappropriately or what outcomes have been produced.

Assessment of selected investigations and inquiries

3.97 The Military Police Manual states that effective and efficient fraud investigations are best achieved through case-by-case consultation with the other DIAs. This reflects Defence’s investigation framework operating as a system-of-systems, where matters may involve multiple authorities over their lifecycle. Under Defence policy, cases involving elements of fraud may be reported to IPIDB, JMPU (for ADF-related fraud cases), the Human Resources Services Branch (for Code of Conduct breaches) and IGADF (for Military Police Code of Conduct breaches). Defence also has mechanisms to refer matters to, or partner with, external entities, including the Australian Federal Police (AFP), state and territory police, the National Anti-Corruption Commission (NACC) and the Commonwealth Director of Public Prosecutions (CDPP). This approach enables complex matters to be addressed, in whole or in part, by the authority best placed to do so. Four of the six case studies in this chapter examine matters related to fraud and the interaction between DIAs and external authorities.

3.98 The Human Resources Services Branch and IGADF have not established arrangements to support the consistent referral of fraud cases to either JMPU or IPIDB for information. Establishing such arrangements would allow Defence to obtain greater enterprise-level oversight on the management of fraud cases, while allowing each DIA to maintain responsibility for their relevant components of cases.

3.99 To assess Defence’s application of relevant requirements, one closed investigation from each DIA and IGADF was selected for case study analysis, based on the highest recorded fraud loss between 1 January 2020 and 9 December 2024. Fraud was used as a selection metric as it enabled a comparison of similar cases across DIAs and IGADF and supported assessment of the extent to which DIAs refer and consult on matters that may cross jurisdictional boundaries (see paragraph 1.35).

3.100 The case study selection included one completed investigation conducted by STA Branch into the inappropriate storage of Defence records, which was selected using the methodology above as it was the only STA Branch case with a fraud value recorded in the relevant field (the value was recorded as ‘0’). One closed IGADF inquiry was also selected for case study analysis, based on the longest time between issuing inquiry directions and the inquiry report being finalised, between 1 January 2020 and 30 June 2025. These cases are outlined in Table 3.4.

Table 3.4: ANAO selected case studies

Note a: One case was identified with a higher recorded fraud value of $2,119,144. As at 9 December 2024, DPSMS data recorded this case with status of ‘open’ (noting that DPSMS was replaced with DECMS in May 2024). As such, it was not selected as a case study. Subsequent review of case documents confirmed this case closed on 10 July 2024, and it is discussed separately at paragraphs 3.55–3.56).

Source: ANAO analysis of Defence documentation.

3.101 The ANAO identified deficiencies in compliance with policy requirements across the six selected cases assessed, including common deficiencies such as:

• key documents, investigation evidence, meetings and decisions were not consistently recorded in case management systems, including for other cases referenced throughout this report;
• not following processes for the completion of investigation and inquiry plans;
• not providing or recording required updates to relevant stakeholders; and
• not sufficiently consulting with relevant authorities for fraud-related cases.

3.102 Other deficiencies limited to specific cases included:

• not undertaking assessment activities as directed by supervisors;
• not recording how, or whether, key investigation evidence and witness reliability was considered as part of investigation planning and findings; and
• not referring matters to AGSVA following adverse investigation findings.

Investigations and Public Interest Disclosures Branch

3.103 Case Study 1 outlines a contractor-related fraud that was referred to Defence in December 2020. AusTender data indicates the contractor held 59 contracts with Defence, valued at approximately $433 million, between 1 January 2020 and 1 February 2024. The company entered voluntary administration in February 2024. The case study focuses on Defence’s processes only.

3.104 Key deficiencies in case study 1 included the following.

• IPIDB investigators did not conduct an assessment of the contractor to determine the potential for broader offending, despite being requested by the Acting Director Investigations. Documentation on Defence’s system from March 2019, relating to a separate matter, documented concerns with the same contractor, including that claims for payment were ‘very high in comparison to the works undertaken’ and that the contractor’s claims may be ‘deliberately excessive’.
• Key records, decisions and information were not recorded on DPSMS including: discussions and correspondence with the contractor, the construction authority and the law enforcement agency; the details of identified suspects; and Defence’s consideration of evidence provided by the law enforcement agency and of additional allegations of fraud raised against the contractor.
• Monthly case status reports were not provided to relevant stakeholders as required under the Fraud Control Instructions.
• Noting the size of the potential contractor fraud, there would have been merit in Defence engaging with the CDPP to ensure a referral was not warranted. For the two largest recorded fraud losses in case management data between 1 January 2020 and 9 December 2024, Defence did not consider the matters warranted referral to the CDPP.

Joint Military Police Unit

3.105 Case study 2 outlines a fraud-related matter investigated by JMPU.

3.106 Key deficiencies in case study 2 included the following.

• The decision of the Assessment Board as recorded in the Assessment Form (that further enquiries be undertaken before referring the matter to IPIDB) does not accord with the Assessment Board decision recorded in the subsequent Assessment Report (that the matter would be referred for investigation by JMPU).
• IPIDB raised concerns with JMPU that the case had not been referred to them at an earlier stage and noted that ‘JMPU management did not ‘refer’ the above matter to [IPIDB] because there was a view that they should only ‘refer’ serious matters … JMPU also decided to conduct some investigation before it ‘referred’ the matter to this office. This practice exposes both criminal investigation by this office and DFDA investigations to risk of compromise.’
• The investigation plan did not outline a ‘planned completion date for investigation’ as required by the template.
• Of the eight monthly interim reports identified, two were not recorded on DPSMS.
• The Brief of Evidence provided to ODMP outlined a fraud value of $68,808. The ‘total owed’ and ‘total recovered’ fields in DPSMS recorded a value of $47,854. Defence advised the ANAO in March 2026 that ‘the value in the Brief of Evidence reflects the total debt identified during the investigation, not the remaining balance at the time recovery action commenced, which is the figure reflected in DPSMS.’ The DPSMS record for this matter does not indicate whether the full $68,808 debt was recovered.
• Correspondence from ODMP outlining the decision not to prosecute did not outline: why IPIDB’s consideration of the matter was relevant in informing its decision; whether the evidence provided was sufficient for prosecution; and whether prosecution was in the service interest.⁸²
  • A July 2021 military police intelligence assessment noted that JMPU and ODMP ‘are not liaising with one another with respect to evidentiary requirements and outcomes of fraud investigations where there may be opportunities for improvement’.
  • The intelligence assessment noted that this is resulting in JMPU ‘consistently providing’ briefs of evidence to ODMP which may not meet appropriate standards and which ODMP may decide not to prosecute, and that ODMP responses are ‘often generic’ and do not support improvements to investigative processes.

Human Resources Services Branch

3.107 Case Study 3 provides an example of a matter investigated by the Human Resources Services Branch.

3.108 Key deficiencies for case study 3 included the following.

• The Branch conducted key investigation activities after advising the person of interest that they were not subject to ‘formal action under the misconduct process’. No further evidence gathering activities, beyond receiving evidence provided by the respondent in response to the Branch’s findings, was recorded on DPSMS after the respondent had been advised that a formal inquiry had been initiated.
  • The Handling Misconduct guide provides that preliminary inquiries do not establish whether the alleged conduct occurred and that agencies should ‘seek to avoid duplicating a misconduct investigation prior to deciding whether to notify the employee of an alleged breach of the Code.’
  • It further states that ‘Preparing for a misconduct investigation includes … notifying an employee or former employee that they are the subject of a misconduct investigation’ as it ‘allows the person under investigation to raise any concerns about apprehension of bias’.
  • Defence advised the ANAO in March 2026 that key templates for advising respondents have been updated to make clearer that ‘an initial information gathering activity will occur’ and to remove advice that this is ‘not a formal action’ under the misconduct process.
• An investigation plan was not completed for this investigation. Defence advised the ANAO in July 2025 that formal plans are not required for Human Resources Services Branch investigations because the majority of evidence is provided with the referral and remaining elements of the enquiry do not require a plan. Defence further advised the ANAO in March 2026 that ‘discussions occur at the commencement of the process between the Investigator and the Delegate to address the investigation planning requirements.’
  • AGIS applies to administrative, civil, and criminal investigations and identifies planning requirements beyond identifying initial avenues of inquiry, including considering: what disclosure obligations may exist; media management strategies; and the need for mutual assistance.
  • The APSC’s Handling Misconduct guide states that ‘[i]t is good practice to develop an investigation plan at the beginning of the process to articulate what needs to be done to establish the facts.’
• Investigation evidence, correspondence establishing a debt repayment agreement with the debtor, and correspondence between investigators and the decision-maker were not recorded on DPSMS. The calculation of the debt amount was based on the employee’s hourly rate at the time and did not account for additional benefits that may have accrued through fraudulently claiming additional hours, such as superannuation and leave. Defence advised the ANAO in March 2026 that ‘processes have since been amended to only calculate the hourly amount’ which is then forwarded to Defence’s ‘Pay centre’ to calculate a full salary amount inclusive of factors such as superannuation and leave.

Security Threat and Assurance Branch

3.109 Case Study 4 provides an example of a security matter investigated by the Security Threat and Assurance Branch.

3.110 Key deficiencies in case study 4 included the following:

• There is no evidence in the DPSMS record that weekly reporting on investigation progress was provided to the Assistant Secretary STA as required by STA guidelines for investigations assigned a ‘Very High’ priority rating.
• The investigation report noted that the Defence Security Committee did not need to be advised of the investigation outcome as the matter ‘failed to meet the very high rating’. The investigation report and prioritisation matrix assessed the matter as ‘very high’.

Inspector-General of the Australian Defence Force

3.111 The IGADF’s functions include considering complaints relating to ADF military police. When a military police code of conduct matter is referred to IGADF, an assessment is to be conducted to determine whether the matter warrants an inquiry or DFDA investigation. One professional standards DFDA investigation was selected for case study 5.

3.112 Key deficiencies for case study 5 included the following.

• There is no evidence of an initial assessment of the referral being conducted by IGADF, or delegate approval to commence an investigation as required under the DII Handbook and Military Police Manual.
  • The DII handbook states that ‘The assessment takes the form of a military police decision brief submitted to the appropriate decision maker. An assessment is conducted to: a. confirm the matter falls within jurisdiction, b. identify the key issues, and c. make a recommendation to the delegate on whether the matter should proceed to a [Professional Standards] investigation or inquiry, and if not, what other action — if any — should be undertaken’.
• There is no evidence of an investigation plan being completed.
• There is no evidence that monthly reporting was provided to the referring unit during the investigation as required under the Military Police Manual. IGADF advised the ANAO in July 2025 that the Military Police Manual is ‘strictly not a binding requirement.’

3.113 ANAO review of DFDA investigation cases identified investigations related to matters including: failure to comply with a general order, absence without leave, unacceptable behaviour and fraud. IGADF inquiries covered similar matters. Inquiry and investigation documentation reviewed by ANAO did not outline a rationale as to why IGADF considered an inquiry or a DFDA investigation as the more appropriate response to matters.

3.114 Case Study 6 outlines an IGADF inquiry. The inquiry was selected as it had the longest recorded duration for a closed IGADF inquiry between 1 January 2020 and 30 June 2025. For this inquiry, the time between issuing inquiry directions and the inquiry report being finalised was 956 days. As discussed at paragraph 3.21, for closed non-professional standards IGADF inquiries between 1 January 2020 and 11 December 2025, the average length of time between inquiry directions being issued and inquiry reports being signed was 386 days (median 334 days).

3.115 Key deficiencies for case study 6 included the following.

• The email appointing an assessment officer for the case was sent to the officer’s non-Defence email address. The email included examples of previously completed IGADF assessments classified Official Sensitive: Personal Privacy. A subsequent email acknowledged the error and stated ‘please only work on this from your [Defence] account. We are currently looking into cases where people have transferred classified documents to their private email accounts in breach of policy so you will want to avoid that where possible.’
• The Directorate of Inquiries and Investigations (DII) noted the draft assessment report was ‘hard to follow’ and required amendments. Following DII review of the assessment report, DII ‘reinterviewed’ the complainant and amended the report. As part of the subsequent inquiry process, a further interview with the complainant was requested, who declined on the basis that they had previously provided information through interviews during the assessment phase and that the inquiry process was ‘taxing’.
• There is no evidence that the inquiry plan was submitted to the Directorate of Inquiries and Investigations for approval, or that fortnightly updates were provided to the Directorate as required under the inquiry directions. Monthly updates were not always provided to the complainant as required by the DII Handbook, and the complainant sought updates from IGADF on at least two occasions, following delays in the provision of updates.
• A legal review of the inquiry report was conducted as required by the DII Handbook. The review determined that the report was ‘well written’ and addressed the Terms of Reference. A separate legal review conducted two months later raised concerns that: prior legal review of the draft report was ‘wholly inadequate’; the inquiry committed ‘repeated breaches of privacy’; inquiry evidence was missing, difficult to locate, had not been sufficiently considered or appeared to have been ‘cherry-picked’; interviews did not follow correct processes; and one Assistant IGADF knew one of the witnesses and that the interview of that witness was conducted in an ‘overly friendly’ manner.
• The Assistant IGADFs responded to the legal review noting that they were new to the role and in a ‘learning phase’. The ANAO identified a separate case where an internal review of an assessment report drafted by an Assistant IGADF found that the Assistant IGADF ‘either did not read or dismissed evidence’ and that the assessment report was written ‘in favour of command’.
• A third legal review was conducted three months after the second legal review. The review disagreed with previous concerns raised regarding privacy breaches but noted that:
  • Assistant IGADFs should be ‘highly circumspect’ in dealing with personal information and that ‘this could be impressed upon’ Assistant IGADFs;
  • interview templates should be amended; and
  • inquiry teams should ‘not consist of first timers alone’.
• IGADF advised the ANAO in November 2025 that relevant templates had been amended in response to the observations.
• Including the pre-inquiry assessment phase, the case took three years and five months to complete.⁸³ The IGADF advised the ANAO in May 2026 that there were factors outside the control of the IGADF which contributed to the lengthy inquiry timeframe including: inquiry participants being medically unfit for interview; delays identifying suitably qualified Assistant IGADFs; delays in the provision of information from relevant Defence areas; and the impacts of COVID shutdowns in 2020 and 2021. As outlined at paragraph 3.28, the Royal Commission into Defence and Veteran Suicide report stated that lengthy inquiry timeframes are ‘unsatisfactory’ as they can have adverse impacts on the wellbeing of those involved.

3.116 Record keeping deficiencies were observed across the selected six case studies, as well as other cases referenced throughout this report. Good record keeping is a legislative requirement of the PGPA Act, and the Archives Act 1983, and is particularly important for activities that may result in adverse outcomes against individuals, such as investigations and inquiries. Failure to record key decisions, the basis for those decisions, and the extent to which relevant evidence is considered in the decision-making process presents risks to the integrity of Defence investigations and the ability of Defence to provide transparency in its decision-making.

Appendix 1 Entity responses

Department of Defence

Inspector-General of the Australian Defence Force

Appendix 2 Improvements observed by the ANAO

1. The existence of independent external audit, and the accompanying potential for scrutiny improves performance. Improvements in administrative and management practices usually occur: in anticipation of the Australian National Audit Office (ANAO) audit activity; during an audit engagement; as interim findings are made; and/or after the audit has been completed and formal findings are communicated.

2. The Joint Committee of Public Accounts and Audit (JCPAA) has encouraged the ANAO to consider ways in which the ANAO could capture and describe some of these impacts. The ANAO’s corporate plan states that the ANAO’s annual performance statements will provide a narrative that will consider, amongst other matters, analysis of key improvements made by entities during a performance audit process based on information included in tabled performance audit reports.

3. Performance audits involve close engagement between the ANAO and the audited entity as well as other stakeholders involved in the program or activity being audited. Throughout the audit engagement, the ANAO outlines to the entity the preliminary audit findings, conclusions and potential audit recommendations. This ensures that final recommendations are appropriately targeted and encourages entities to take early remedial action on any identified matters during the course of an audit. Remedial actions entities may take during the audit include:

• strengthening governance arrangements;
• introducing or revising policies, strategies, guidelines or administrative processes; and
• initiating reviews or investigations.

4. In this context, the below actions were observed by the ANAO during the course of the audit. It is not clear whether these actions and/or the timing of these actions were planned in response to proposed or actual audit activity. The ANAO has not sought to obtain assurance over the source of these actions or whether they have been appropriately implemented.

Table A.1: Improvements observed by the ANAO

Source: ANAO analysis of Defence documentation.

Appendix 3 Hierarchy of Defence documents

Source: ANAO analysis of Defence’s Administrative Policy Arrangements.

Appendix 4 Royal Commission recommendations

1. The table below outlines recommendations relevant to Defence investigations, inquiries and fact-finding from the Royal Commission into Defence and Veteran Suicide. This list is not intended to be exhaustive.

Table A.2: Royal Commission recommendations

Source: ANAO analysis. Also see Royal Commission into Defence and Veteran Suicide, Final Report, September 2024, available from https://defenceveteransuicide.royalcommission.gov.au/publications/final-report-all-volumes [accessed 11 February 2026].