The aim of Audit Lessons is to communicate lessons from our audit work and to make it easier for people working within the Australian public sector to apply those lessons.

This edition is targeted at security, information communications technology (ICT) and human resources officials responsible for managing ICT system access and the offboarding process for employees and contractors separating from an entity.

The audit objective was to assess the effectiveness of the Department of Defence’s arrangements to manage the security authorisation of its ICT systems.

The objective of this audit was to assess the extent to which entities’ establishment and use of ICT related procurement panels and arrangements supported the achievement of value for money outcomes.

The objective of the audit was to assess the effectiveness of the Digital Transformation Agency’s procurement of ICT-related services.

The Auditor-General responded on 1 July 2021 to correspondence from the Hon Brendan O'Connor MP and Mr Tim Watts MP dated 5 June 2021, requesting that the Auditor-General consider initiating a performance audit into the use of provisional ICT accreditation within Defence. 

This audit would examine the effectiveness of the Department of Defence’s (Defence’s) procurement of ICT-related services.

Defence relies on contracted services for the management and delivery of its ICT-related projects. In April 2023, the Defence Strategic Review highlighted this reliance as an important risk. Auditor-General Report No. 1 2021–22 Defence’s Administration of Enabling Services — Enterprise Resource Planning Program: Tranche 1 identified shortcomings in, and made one recommendation to improve, Defence’s management of probity for that program.

This audit would examine the effectiveness of Defence’s procurement and contract management for its ICT-related services to achieve value for money and the successful delivery of intended outcomes. It also provides an opportunity to update the Parliament on Defence’s progress in improving its management of probity risks in ICT procurements.

The audit objective was to assess selected agencies’ compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual.

The objective of the audit was to assess the development of Defence’s oversight and management of its portfolio of ICT investments and projects. In particular, the audit examined Defence’s:

• governance, strategic processes and decision-making structures that set out, prioritise and coordinate the integrated ICT reform portfolio and programs;
• ICT risk management and capacity to identify and plan to achieve the benefits of its SRP ICT stream reforms (including methodologies to measure the realisation of savings and non-savings benefits);
• level of portfolio and program management maturity; and
• the impact of improvement efforts on Defence’s ability to deliver the ICT services capacity required to support the SRP.