The objective of the audit was to assess the effectiveness of Services Australia’s management of the privacy of client information.

The ANAO may collect personal information in the course of undertaking its audit program and for operational purposes not related to its audit work. This policy outlines our personal information handling practices, how we handle specific types of personal information and the information collected online by the ANAO.

The objective of this audit was to assess the systems put in place by Centrelink to protect data privacy. The audit reviewed the adequacy of the policies, procedures and the administrative framework associated with data privacy, and the computer systems that are used to store and disseminate data. The ANAO also examined compliance with legislative requirements.

The objective of the audit was to assess the effectiveness of DFAT's implementation of biometric technology to meet international requirements for enhanced passport security. In particular, the audit examined whether:

• Australian ePassports meet international requirements, and coordination with Australian stakeholders is effective;
• Australian biometric passport technology is fit for purpose and has enhanced passport security;
• personal data on the passport microchip is secure and DFAT maintains an appropriate focus on both protecting privacy and client satisfaction; and
• arrangements are in place to evaluate the effectiveness of the ePassport and to monitor risks.

Mr P.J. Barrett (AM) - Auditor-General for Australia, presented to the National Institute of Governance, University of Canberra

The objective of the audit was to evaluate the Tax Office's corporate management of data matching, including analytics.

The ANAO examined the Tax Office's strategic goals and governance arrangements for data matching and analytics, its compliance with privacy requirements and whether the Tax Office is achieving intended results, which include revenue collection, optimised compliance and provision of improved services to taxpayers.

Tax Office executives have been increasingly drawing on the interrelationships and conceptual commonalities of Tax Office data matching and analytics activity. Accordingly, the audit included these relationships and conceptual commonalities within the scope of the audit. The audit was guided, therefore, by a broader definition of ‘data matching': meaning ‘finding relationships and patterns in large volumes of data'. This includes the more traditional idea of data matching as ‘bringing together data from different sources and comparing it'.

The audit objective was to examine the administrative effectiveness of the ATO's use of AUSTRAC data. The audit reviewed the use of AUSTRAC data across three of the ATO Business Service Lines (BSLs) namely, Large Business and International (LB&I), Small Business (SB) and Individuals Non Business (INB). These are the most significant BSLs in terms of revenue collection. The audit focussed on the ATO's use of AUSTRAC data at the strategic and operational levels and its management of AUSTRAC data. Aspects examined include the ATO's relationship with AUSTRAC as well as training, data quality, data privacy and security issues.

The objectives of the audit were to examine the Australian Bureau of Statistics' management of the procedures and processes associated with the planning and operational aspects of the 1996 Census to ascertain: whether the results of the 1991 Census evaluations were used to improve the 1996 Census; whether the Census could be undertaken more efficiently while still yielding data of the required quality; and how privacy concerns were being satisfied by the processes employed. The scope of the audit was limited to reporting on the efficiency and effectiveness of the management by the ABS of the development, collection and initiation of the processing phases of the 1996 Census. The ANAO conducted an assessment of the procedures and processes used in the 1996 Census against the ABS performance indicators and by an examination of ABS documentation. The audit did not seek to review the ABS statistical methodology.

This audit would assess the effectiveness of the Australian Taxation Office’s (ATO) management of confidential information.

The ATO manages commercially and legally sensitive information as part of its administration of the taxation and superannuation systems. Mobility between the public and private sector presents challenges to entities like the ATO to ensure that confidential information is not compromised. The provisions of the APS Code of Conduct, the Public Service Regulations 1999, the Privacy Act 1988, the Crimes Act 1914 and specific secrecy offences in Commonwealth laws outline the responsibilities of employees and agencies to manage confidential information.

You are invited to contribute to the annual audit work program of the Australian National Audit Office (ANAO). Please review the draft potential performance audit topic list and tell us what you think.

The Auditor-General is an independent officer of the Parliament whose role is to support accountability and transparency in the Australian Government sector by providing independent reporting to the Parliament. The Auditor-General’s reports assist the Parliament to hold government entities accountable and to drive improvements in public administration.

The Auditor-General is assisted by the Australian National Audit Office (ANAO) to conduct a range of audits in Australian Government entities, such as: 

• mandated annual financial statements audits, including the audit of the Australian Government’s consolidated financial statements;
• performance audits;
• assurance reviews (including audits by arrangement); and
• audits of the annual performance statements and measures of Commonwealth entities and Commonwealth companies and their subsidiaries.

Since 2007–08, the ANAO has prepared the Defence Major Projects Report (MPR) to enable reporting to the Parliament on the status of major Defence acquisition projects. In March 2026, the Joint Committee of Public Accounts and Audit (JCPAA) announced its decision not to continue the MPR program. Further information is available here.

Contributions must relate to the performance or expenditure of Commonwealth public sector entities. The ANAO does not investigate complaints or disputes, review or provide legal decisions, and does not comment on the merits of government policy and legislation.

While your contribution will be considered and handled with care, we will not provide you with feedback on your submission. The confidentiality of your contribution may be protected by law (see section 36 of the Auditor-General Act 1997). In addition, any personal information gathered by the ANAO will be treated in accordance with the ANAO Privacy Policy.

Please send feedback about this draft program to communication@anao.gov.au. Submissions close on 10 April 2026 at 11:59pm (Australian Eastern Standard Time).

The objective of the audit was to examine the effectiveness of the Department of Human Services’ management of Medicare customer data and the integrity of this data.

The objective of the audit was to examine the efficiency and effectiveness of the administration of the tip-off system, including Centrelink's management of privacy issues related to the tip-off management process.

Medicare is Australia's universal health insurance scheme. Underpinning Medicare is one of Australia's largest and more complex computer databases the Medicare enrolment database. At the end of 2004 the Medicare enrolment database contained information on over 24 million individuals. This audit examines the quality of data stored on that database and how the Health Insurance Commission (HIC) manages the data.

The objective of the audit was to assess the management and effectiveness of DCO’s delivery and coordination of support services to ADF families, in particular support services provided when an ADF member is seriously injured or ill, or dies in service.

The objective of the audit was to assess DoHA's administration of building certification of residential aged care homes. The ANAO examined DoHA's arrangements to: plan for, and report on, the certification program; manage the delivery of certification services; and manage stakeholder relations.

The audit did not seek to validate assessments made under the program by DoHA's contracted assessor and, therefore, does not form an opinion on whether residential aged care homes should or should not have been certified.

The objective of the audit was to review and assess the use, and management of, automatic exchanges of information under Double Taxation Agreements (DTAs) by the Tax Office.

The objective of the audit was to assess the effectiveness of the management of risks arising from the use of PSDs in selected Australian Government agencies. The PSDs included within the scope of this audit were: USB flash drives; CDs and DVDs; external hard drives; laptop computers and smartphones.

The objective of the audit was to assess the effectiveness of DIAC's management of MAL. The scope was confined to DIAC's management and use of the system: it did not examine the work of others with an interest in the system, such as security agencies.

The objective of the audit was to assess the effectiveness of the Department of Human Services' management of Medicare compliance audits.

This audit would assess the effectiveness of the design and implementation of the Consumer Data Right (CDR).

The CDR is a secure online system that enables consumers to get value from data that is collected about them through the provision of specific goods and services by consenting to that data being shared with trusted accredited third parties. CDR is an economy-wide reform that will be rolled out sector by sector. The CDR has already been rolled out to banking and energy, with non-bank lending to follow as the third sector. The Treasury, Australian Competition and Consumer Commission (ACCC), and Office of the Australian Information Commissioner (OAIC) are the key agencies leading the CDR initiative. The Treasury leads policy development and determines which sectors should be included in the CDR, while the ACCC focuses on accreditation and compliance of data recipients, and the OAIC handles privacy and data breach notifications. The Data Standards Body develops the technical standards for how data is shared under the CDR, working closely with the Treasury, ACCC, and OAIC.

The audit objective was to assess the effectiveness of the Department of Veterans’ Affairs management of complaints and other feedback to support service delivery. The audit criteria were that DVA has:

• a well-designed framework for managing complaints and other feedback;
• effective processes and practices to manage complaints; and
• appropriately analysed complaints to inform service delivery.

The primary objective of the audit was to assess FaCS' management of the Internet portals for which it had responsibility as lead agency, www.youth.gov.au, www.community.gov.au, and www.families.gov.au. The ANAO also included in the audit a website directed towards youth. The source which provided many of the services expected of a portal. The audit considered governance structures for the portals; measurement of efficiency and effectiveness; and control factors, such as change management,security, and legal issues.

The audit objective was to determine whether DIAC's biometrics program had appropriate:

• business review processes (including a business case);
• authorisation;
• business and IT governance arrangements; and
• IT project management and systems development arrangements.

This audit would review the progress of selected components of the Australian Government’s Digital Identity program including the effectiveness of the implementation, design and functionality of the Digital Identity System, roles and responsibilities of stakeholders and the allocation and expenditure of funding, including contract management.

The Digital Identity program is delivered by the Department of Finance (policy and program lead), with Services Australia and the Australian Taxation Office (ATO) delivering critical operational functions. Components of the program include the Digital ID Act 2024, the Identity Exchanges (delivered by Services Australia), myID (the Commonwealth’s Identity Provider, delivered by ATO) and connected services to the system.

The Digital ID Act 2024 and the Digital ID (Transitional and Consequential Provisions) Act 2024 commenced on 1 December 2024 and support the expansion of the Australian Government Digital ID System and introduce a voluntary accreditation scheme for digital ID services providers. The Digital ID Regulator is the Australian Competition and Consumer Commission; and the Office of the Information Commissioner as the privacy regulator and Digital ID Data Standards Chair.

The ANAO will conduct a program of audits of entities’ compliance with legislative and Australian Government policy requirements derived from the Public Governance, Performance and Accountability Act 2013, the Public Service Act 1999 and other legislative and policy frameworks. These audits include a focus on public sector ethics, integrity and probity.

Topics that may be considered for audit include compliance with: requirements to establish audit committees; requirements relating to recruitment and remuneration in the Australian Public Service; requirements related to privacy; and information management requirements.

ANAO audits continue to find that in routine areas of public administration (e.g. record keeping, governance, procurement and risk management), performance consistently falls short. Compliance — not just with mandatory requirements, but also their intent — is a hallmark of integrity, and essential to the craft of public administration.

The selection of entities for these audits will be based on relevance, materiality, representativeness and performance history. Audits may include any Commonwealth entities and companies. The audits would examine the effectiveness of entities’ design, implementation and governance arrangements to ensure compliance with relevant requirements.

The objective of the Australian National Audit Office (ANAO) was to examine how the ATO manages its responsibilities under the Taxpayers' Charter as an important element of its performance. This involved an examination of the ATO's: systems and processes used to develop, maintain and update the Charter; strategic commitment to implementing the principles of the Charter; integration of Charter principles with its business processes; and monitoring and reporting of its performance against commitments in the Charter.

The objective of the audit was to express an opinion on the effectiveness of HOP management having regard to: compliance with applicable Australian Government policies; compliance with internal guidelines to assist loans officers to assess applications and manage loans; and programme performance reporting.

This audit was designed to identify the methods used by selected agencies to measure the efficiency and effectiveness of their delivery of services through the Internet, and to evaluate the adequacy of these methods. ANAO also identified better practices, lessons learned and opportunities for improvements.

The objective of the audit was to assess the effectiveness of the implementation and administration of the Small Business Superannuation Clearing House.

During the preparation of the ANAO's Planned Audit Work Program 2006–07, JSCEM suggested that the ANAO consider a possible performance audit into the efficiency and effectiveness of the AEC's management of elections. JSCEM's suggestion was considered in the planning and preparation for this performance audit, which focuses primarily on the AEC's administration of the CEA in the lead-up to and conduct of the 2007 general election.

The audit objective was to provide independent assurance to the Parliament on the effectiveness of Australian Public Service organisations in the use and management of the HRIS to satisfy mandatory reporting requirements, as well as provide meaningful information to management. The audit also considered the use of employee self service facilities offered by the HRIS, which has the capacity to provide staff with access to their personal information, reduce manual processing and streamline processing.

The objective of this audit was to assess key aspects of Australian Government agencies' fraud control arrangements to effectively prevent, detect and respond to fraud, as outlined in the Guidelines. The scope of the audit included 173 agencies subject to the FMA Act or the CAC Act.

The objective of the audit was to assess the effectiveness of the Australian Taxation Office’s (ATO’s) complaints and other feedback management systems in supporting service delivery.

The audit objective was to assess selected agencies’ compliance with the four mandatory ICT security strategies and related controls in the Australian Government Information Security Manual.

The objective of the audit was to examine the effectiveness of Centrelink's approach to investigating and responding to external fraud. The ANAO's assessment was based on four key criteria. In particular, the ANAO assessed whether Centrelink:

• had established a management framework, business systems and guidelines, that support the investigation, prosecution and reporting of fraud;
• had implemented appropriate case selection strategies and controls to ensure resources are targeted to the cases of highest priority;
• complied with relevant external and internal requirements when investigating fraud and referring cases for consideration of prosecution; and
• had implemented an effective training program that supports high quality investigations and prosecution referrals.

The objective of this audit was to the examine action taken by the ATO to improve TFN integrity, particularly through the implementation of the recommendations made in:Report No.37, taking into account any changed circumstances, or new administrative issues, affecting the implementation of those recommendations; and Numbers on the Run, taking into account that the Government has not formally responded to the report at this time.The audit also aimed to identify further opportunities for the ATO to improve the effectiveness and efficiency of the TFN system. The report of this audit is necessarily detailed as it considers each of the recommendations and the extent to which they have been implemented.

The objectives of this performance audit were to: - review the governance and accountability framework for the Scheme, and - assess the efficiency and effectiveness of Treasury's implementation and management of that framework.

The Procedures for Determining Breaches of the (APS) Code of Conduct must be complied with in determining whether an Australian Public Service (APS) employee has breached the Code of Conduct (the Code) set out in section 13 of the Public Service Act 1999 (PS Act), and in determining what, if any, sanction is to be imposed on an APS employee who has breached the Code of Conduct.

The objective of the audit was to assess the effectiveness of AGD's arrangements for coordinating the development of the National Identity Security Strategy.

The ANAO's assessment was based on the following criteria:

• governance arrangements for the NISS;
• progress, to date, of the six NISS elements; and
• AGD's administrative arrangements for developing the NISS.

The audit objective was to assess the effectiveness of the Department of Human Services’ administration of the child support objection review process.

This audit is the thirteenth in a series of audits that have fulfilled the Senate’s request for the Auditor-General to provide an annual report on agencies’ compliance with the Order, since it was introduced in 2001. The audit objective was to assess the appropriateness of the use and reporting of confidentiality provisions in Australian Government contracts.

The objective of this audit was to examine the effectiveness of Medicare Australia's administration of the PBS. In assessing the objective, the audit considered three key areas:

• Medicare Australia's relationship with the PBS policy agency (DoHA) and service delivery policy agency (Department of Human Services (DHS));
• the management arrangements and processes underpinning Medicare Australia's delivery of the PBS (including the means by which Medicare Australia gains assurance over the integrity of the PBS); and
• how Medicare Australia undertakes its three main responsibilities relating to the delivery of the PBS, namely: approving pharmacies; approving authority prescriptions; and processing PBS claims.

The objective of the audit was to assess whether the WHM programme is administered effectively and in accordance with relevant laws and policies. In particular, the ANAO focused on four key areas: the implementation of eWHM visa; authority for the WHM programme; decision-making for WHM visas; and programme performance information. A feature of the audit was the computer-aided scrutiny of over 300 000 visa application records to test DIMA's decision-making processes.

The objective of the audit was to review the effectiveness and efficiency of Centrelink's customer feedback system and the progress Centrelink had made in implementing the recommendations of the 2004–05 audit and the subsequent JCPAA inquiry.

The audit objective was to assess whether all agencies compiled Internet listings as required by the Senate Order, and to examine the appropriateness of the use, by selected agencies, of confidentiality provisions.

The objective of the audit was to assess the effectiveness of the Department of Human Services' arrangements for engaging and managing External Collection Agencies to recover debts arising from Centrelink payments.

The objective of this audit was to evaluate whether selected Australian Government agencies were effectively managing security risks arising from the use of contractors. To address this objective, the audit evaluated relevant policies and practices in the audited agencies against a series of minimum requirements in the management of security issues in procurement and contracting activity. These minimum requirements were developed from the guidance and standards contained in the PSM and also from the ANAO's previous protective security audits.

The audit focused on two broad types of contracting arrangements: contracting of security functions; and contracting of any service or business function that requires, or which has the potential to require, contractors to access sensitive or security classified information.

The following Australian Government agencies were involved in this audit:

• Australian Customs Service (Customs);
• Commonwealth Superannuation Administration (ComSuper);
• Department of Finance and Administration (Finance); and
• Department of Foreign Affairs and Trade (DFAT).

In addition, the Attorney-General's Department, which is responsible for the maintenance of the PSM and for providing advice on contemporary protective security policies and practices, was consulted during the audit.

The objectives of the audit were to assess agency performance in relation to compiling their Internet contract listings as required by the Senate Order and the appropriateness of the use of confidentiality provisions in Commonwealth contracts. The audit involved a review in seven agencies of the processes used to compile their Internet contract listings and the use of confidentiality provisions in contracts.

The objective of the audit was to assess the extent to which entities were meeting their recordkeeping responsibilities. In particular, the audit examined how effectively the entities were managing records that were created and stored electronically in corporate recordkeeping systems and in other electronic systems in accordance with recordkeeping requirements.

The objective of this follow-up audit was to examine the ATO's implementation of the 20 recommendations in: The Administration of Petroleum Excise Collections (Audit Report No.17, 2001(02); and The Administration of Tobacco Excise (Audit Report No. 55, 2001(02), having regard to any changed circumstances, or new administrative issues, affecting implementation of those recommendations. The audit also aimed to identify scope for improvement in the ATO's administration of petroleum and tobacco excise. Follow-up audits are recognised as an important element of the accountability processes of Commonwealth administration. The Parliament looks to the Auditor-General to report, from time to time, on the extent to which Commonwealth agencies have implemented recommendations of previous audit reports. Follow-up audits keep the Parliament informed of progressive improvements and current challenges in areas of Commonwealth administration that have previously been subject to scrutiny through performance audits.

The objective of the audit was to assess the ATO's administration of CGT compliance in the individuals market segment. The focus of the audit was the ATO's administration of compliance by individuals with respect to the two most common CGT events: real property and share disposals. The Australian National Audit Office (ANAO) identified three key areas for review:

• governance – the corporate planning and reporting arrangements relevant to the administration of CGT compliance in the individuals market segment, including how these are integrated with the ATO's overall approach to managing CGT;
• identifying and assessing compliance risks – the mechanisms and strategies used to identify and assess CGT compliance risks in the individuals market segment; and
• compliance activities – the products and processes used to manage CGT compliance in the individuals market segment.

The objective of the audit is to assess the effectiveness of the ATO's administration of debt collection. Micro-business debt is a particular focus of attention. The three key areas examined are:

• strategies–especially the ATO's initiatives trialled in 2006;
• infrastructure–the IT systems, people, policy and processes and risk management framework supporting the collection of debt; and
• management and governance–planning, monitoring and reporting mechanisms and liaison with stakeholders.

The ANAO focused on the work of the campaigns area within the Debt Line, which has collection responsibility for 90 per cent of collectable debt cases and responsibility for other key, centralised functions such as reporting, quality assurance review, consistency and best practice, and the debt collection initiatives.

The audit objective was to assess the effectiveness of physical security arrangements in selected Australian Government agencies, including whether applicable Australian Government requirements are being met.

The objectives of the audit were to determine whether FaCS and Centrelink had: a valid Business Case for the Edge project, as revised from time to time, including estimated costs, actual costs, and expected benefits; effective governance of the project, including reviews at critical points in the project and subsequent decisions to continue or, in the final analysis, to discontinue; an appropriate contract with SoftLaw, which was adequately managed; delivered appropriate advice on progress, project viability, and acceptable solutions to technical issues to Executive of FaCS and Centrelink during the project; and valid reasons for discontinuing the project. The ANAO began this audit in March 2004, four months after the Edge project was terminated, following the Auditor-General's agreement to a suggestion by the Joint Committee of Public Accounts and Audit that the project was a suitable subject for audit.

The objective of the audit was to determine whether the POI information recorded by Centrelink accords with relevant policy and thereby effectively supports informed decision-making regarding eligibility for the payment of various benefits to Centrelink customers