This audit is a part of the ANAO's protective security audit coverage. The objective of this audit was to determine whether agencies audited had developed and implemented sound IT security management principles and practices supported by an IT security control framework, in accordance with Australian Government policies and guidelines. The audit at each agency examined the framework for the effective management and control of IT security, including the management of IT operational security controls and, where applicable, was based on the Australian Government protective security and information and communications technology (ICT) security guidelines that were current at that time.

The audit reviewed the Defence Materiel Organisation's management of the $3.43 billion Wedgetail Airborne Early Warning and Control (AEW&C) project. The Wedgetail project is to provide the Australian Defence Force with an AEW&C capability based on four Boeing 737 AEW&C aircraft and associated supplies and logistic support. At the time of the audit the AEW&C systems were still in their early development phase, and by November 2003, Defence had spent $1.107 billion on the project.

The audit reviewed the operation of the payment of accounts function in 8 Commonwealth organisations against their internal control framework. The main objectives of the audit were to determine whether organisations had implemented appropriate risk management strategies for the processing of accounts and whether payment for goods ans services had been properly authorised. The audit also reviewed progress since the payment of accounts audit undertaken in 1996 ( Audit Report No. 16, 1996-97, Financial Control and Administration Audit, Payment of Accounts).

The report summarises the audit and other related activities of the ANAO in the period January to June 2002. Key issues arising from performance audits tabled in this period are summarised. Appendix 1 of the Activity Report provides a short summary of each of the audits tabled between 1 January 2002 and 30 June 2002.

This audit followed up the ANAO's 2000 performance audit report on retention of military personnel (Audit Report No.35 1999-2000 Retention of Military Personnel), which focused on examining whether ADF personnel management practices to retain personnel were commensurate with the cost of recruiting and training new personnel, or whether more cost- effective steps could be taken to reduce the separation rates of desirable personnel. The objective of the follow-up audit was to assess Defence's implementation of recommendations made in the original audit report and their effectiveness in helping Defence control the flow of trained personnel from the Services.

The audit objective was to form an opinion on the adequacy of a select group of Australian Government agencies' management of Internet security, including following-up on agencies' implementation of recommendations from the ANAO's 2001 audit. The agencies audited were Australian Customs Service (ACS), Australian Federal Police (AFP), Australian Radiation Protection and Nuclear Safety Agency (ARPANSA), Department of Employment and Workplace Relations (DEWR), Department of Industry, Tourism and Resources (DITR) and Medicare Australia. Factors considered in selecting agencies were agency size based on funding levels, whether the agency was included in ANAO's 2001 audit (ACS, ARPANSA, and DEWR), whether the agency's ICT was managed in-house or outsourced, and the nature of the agency's website (that is, general or restricted access).

The objective of this audit was to assess Army's progress in addressing the issues previously identified in Defence reviews and ANAO audits as affecting the Army Reserve's capability; and Identify the extent that the Army Reserve is capable of contributing to contemporary Australian Defence Force capability requirements through fulfilling its assigned roles and tasks.

The Service Chiefs of Navy, Army and Air Force are accountable to the Chief of the Defence Force for the way that equipment is used by their Service. They are also accountable for the safety, fitness for service and environmental compliance of the equipment. The audit report deals with the way that the Service Chiefs are assured of the safety and suitability for service of the Australian Defence Force's (ADF's) ordnance systems. Ordnance systems include munitions such as missiles, shells and mines, and the auxiliary material necessary to aim, launch and guide munitions.

Physical Security Arrangements in Commonwealth Agencies, No.23 2002-2003 Protective security involves the total concept of information, personnel, physical, information technology and telecommunications security. The Commonwealth's Protective Security policy is outlined in the Protective Security Manual (PSM). It provides specific guidance to agencies on the protection of the Commonwealth's assets, personnel and clients from potential security threats. This audit evaluated the protective security policies and practices of seven Commonwealth agencies to determine whether they had established an appropriate physical security control framework based on the principles outlined in Part E of the Commonwealth's Protective Security Manual. The ANAO also examined whether agencies had considered the risks of, and developed an appropriate policy statement on, the physical security arrangements for employees who work from home.

This audit was a follow-on to Audit Report No.21 1997-98 Protective Security, which reviewed, among other things, information security other than computer and communications security, against the policy and procedures outlined in the 1991 PSM. That audit found inconsistencies in the identification and marking of classified information and weaknesses in the handling and storage of classified information, as well as other breakdowns impacting on information security.