The aim of Audit Lessons is to communicate lessons from our audit work and to make it easier for people working within the Australian public sector to apply those lessons.

This edition is targeted at security, information communications technology (ICT) and human resources officials responsible for managing ICT system access and the offboarding process for employees and contractors separating from an entity.

The audit objective was to assess the effectiveness of the Department of Defence’s arrangements to manage the security authorisation of its ICT systems.

The objective of this audit was to assess the extent to which entities’ establishment and use of ICT related procurement panels and arrangements supported the achievement of value for money outcomes.

The objective of the audit was to assess the effectiveness of the Digital Transformation Agency’s procurement of ICT-related services.

The Auditor-General responded on 1 July 2021 to correspondence from the Hon Brendan O'Connor MP and Mr Tim Watts MP dated 5 June 2021, requesting that the Auditor-General consider initiating a performance audit into the use of provisional ICT accreditation within Defence. 

The audit objective was to assess selected agencies’ compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual.

The objective of the audit was to assess the development of Defence’s oversight and management of its portfolio of ICT investments and projects. In particular, the audit examined Defence’s:

• governance, strategic processes and decision-making structures that set out, prioritise and coordinate the integrated ICT reform portfolio and programs;
• ICT risk management and capacity to identify and plan to achieve the benefits of its SRP ICT stream reforms (including methodologies to measure the realisation of savings and non-savings benefits);
• level of portfolio and program management maturity; and
• the impact of improvement efforts on Defence’s ability to deliver the ICT services capacity required to support the SRP.

The objective of the audit was to assess whether entities properly accounted for software assets, and adopted an integrated planning approach to inform software asset investment decisions.

The main focus of the audit was on whether entities accounted for software costs in accordance with relevant accounting standards and the FMOs, paying particular attention to the standard elements of an internal control framework and accounting practices. In addition, in the context of software asset planning, the audit considered whether entities assessed the risks associated with software assets, used life-cycle costing approaches, and aligned ICT and capital management plans, to inform decision-making on software asset investments.