Reports and publications

Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.

View reports and publications

Insights

Through Insights, the ANAO aims to contribute to improved public sector performance.

View Insights

Work program

The ANAO work program outlines potential and in-progress work across financial statement and performance audit.

View the work program

Careers

Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.

View Careers

About us

The Australian National Audit Office (ANAO) is a specialist public sector practice providing a range of audit and assurance services to the Parliament and Commonwealth entities.

About Us

403 Items found
10 30 60 120
Performance audit  (Auditor-General Report No. 14 of 2010–11)
Published: Thursday 28 October 2010
Published

Capitalisation of Software

The objective of the audit was to assess whether entities properly accounted for software assets, and adopted an integrated planning approach to inform software asset investment decisions.

The main focus of the audit was on whether entities accounted for software costs in accordance with relevant accounting standards and the FMOs, paying particular attention to the standard elements of an internal control framework and accounting practices. In addition, in the context of software asset planning, the audit considered whether entities assessed the risks associated with software assets, used life-cycle costing approaches, and aligned ICT and capital management plans, to inform decision-making on software asset investments.

Expand
Entity
Australian Bureau of Statistics; Civil Aviation Safety Authority; IP Australia
Sector
Infrastructure
Treasury
Read published report
Performance audit  (Auditor-General Report No. 45 of 2005–06)
Published: Tuesday 13 June 2006
Published

Internet Security in Australian Government Agencies

The audit objective was to form an opinion on the adequacy of a select group of Australian Government agencies' management of Internet security, including following-up on agencies' implementation of recommendations from the ANAO's 2001 audit. The agencies audited were Australian Customs Service (ACS), Australian Federal Police (AFP), Australian Radiation Protection and Nuclear Safety Agency (ARPANSA), Department of Employment and Workplace Relations (DEWR), Department of Industry, Tourism and Resources (DITR) and Medicare Australia. Factors considered in selecting agencies were agency size based on funding levels, whether the agency was included in ANAO's 2001 audit (ACS, ARPANSA, and DEWR), whether the agency's ICT was managed in-house or outsourced, and the nature of the agency's website (that is, general or restricted access).

Expand
Entity
across agencies
Sector
Attorney-General's
Customs
Employment
Health
Science
Tourism
Read published report
Performance audit  (Auditor-General Report No. 23 of 2005–06)
Published: Thursday 22 December 2005
Published

IT Security Management

This audit is a part of the ANAO's protective security audit coverage. The objective of this audit was to determine whether agencies audited had developed and implemented sound IT security management principles and practices supported by an IT security control framework, in accordance with Australian Government policies and guidelines. The audit at each agency examined the framework for the effective management and control of IT security, including the management of IT operational security controls and, where applicable, was based on the Australian Government protective security and information and communications technology (ICT) security guidelines that were current at that time.

Expand
Entity
Across Agency
Sector
Attorney-General's
Defence
Education
Environment
Finance
Foreign Affairs
Immigration
Indigenous
Regional Development
Science
Trade
Transport
Treasury
Read published report
Performance audit  (Auditor-General Report No. 37 of 2015–16)
Published: Thursday 5 May 2016
Published

Cyber Resilience

The audit objective was to assess selected entities’ compliance with the four mandatory ICT security strategies in the Australian Government Information Security Manual (ISM).

Expand
Entity
Australian Federal Police (AFP); Australian Transaction Reports and Analysis Centre (AUSTRAC); Department of Agriculture and Water Resources; Department of Industry, Innovation and Science
Contact

Please direct enquiries relating to reports through our contact page.

Activity
Governance
Sector
Attorney-General's
Science
Treasury
Agriculture
Read published report
Key learning: Performance and impact measurement
  • When entities contract for delivery of ICT goods and services, arrangements should be in place that provide equivalent level of assurance over goods and services delivered internally. Entities cannot outsource security responsibilities and need arrangements to assure cyber security controls are implemented, operated, and maintained by contracted providers.
Show more
Management of Cyber Security Supply Chain Risks Image
From performance audit report: Management of Cyber Security Supply Chain Risks(Auditor-General Report No. 9 of 2022-23)
Key learning: Governance and risk management
  • Implement ICT system controls in accordance with mandatory operational and legislative requirements to assist with mitigating risks associated with decision-making considerations and outcomes.
Show more
Decision-making Controls for NDIS Participant Plans Image
From performance audit report: Decision-making Controls for NDIS Participant Plans(Auditor-General Report No. 14 of 2020-21)
Key learning: Policy/program implementation
  • Major ICT replacement projects require a thorough understanding of business requirements, current functionality and current system shortfalls to plan for scope of the system replacement. Documenting this functionality and any system workarounds will assist in managing risk in the transition to the new system and decommissioning of any existing systems and it will also enable clarity on any approaches to market for new system design.
Show more
System Redevelopment — Managing Risks While Planning Transition Image
From performance audit report: System Redevelopment — Managing Risks While Planning Transition(Auditor-General Report No. 10 of 2020-21)
Key learning: Procurement
  • When procuring a major ICT system that will contain sensitive information, undertaking a thorough risk assessment prior to putting the system into production provides greater assurance that information will be appropriately protected.
Show more
Mitigating Insider Threats through Personnel Security Image
From performance audit report: Mitigating Insider Threats through Personnel Security(Auditor-General Report No. 38 of 2017-18)
Key learning: Governance and risk management
  • Store system recovery tools used to restore ICT services across multiple systems.
Unscheduled Taxation System Outages Image
From performance audit report: Unscheduled Taxation System Outages(Auditor-General Report No. 29 of 2017-18)
Performance audit  (Auditor-General Report No. 42 of 2016–17)
Published: Wednesday 15 March 2017
Published

Cybersecurity Follow-up Audit

The audit objective was to re-assess the three entities' compliance with the 'Top Four' mandatory strategies in the Australian Government Information Security Manual (ISM). The audit also aims to examine the typical challenges faced by entities to achieve and maintain their desired ICT security posture.

Expand
Entity
Australian Taxation Office; Department of Human Services; Department of Immigration and Border Protection
Contact

Please direct enquiries relating to reports through our contact page

Activity
Governance
Sector
Border
Human Services
Immigration
Taxation
Read published report