The objective of this audit was to evaluate whether selected Australian Government agencies were effectively managing security risks arising from the use of contractors. To address this objective, the audit evaluated relevant policies and practices in the audited agencies against a series of minimum requirements in the management of security issues in procurement and contracting activity. These minimum requirements were developed from the guidance and standards contained in the PSM and also from the ANAO's previous protective security audits.

The audit focused on two broad types of contracting arrangements: contracting of security functions; and contracting of any service or business function that requires, or which has the potential to require, contractors to access sensitive or security classified information.

The following Australian Government agencies were involved in this audit:

• Australian Customs Service (Customs);
• Commonwealth Superannuation Administration (ComSuper);
• Department of Finance and Administration (Finance); and
• Department of Foreign Affairs and Trade (DFAT).

In addition, the Attorney-General's Department, which is responsible for the maintenance of the PSM and for providing advice on contemporary protective security policies and practices, was consulted during the audit.

The audit objective was to determine whether DIAC's biometrics program had appropriate:

• business review processes (including a business case);
• authorisation;
• business and IT governance arrangements; and
• IT project management and systems development arrangements.

In 2000, the ANAO tabled Audit Report No 49 1999-2000, Indigenous Land Corporation operations and performance. The 2000 audit made nine recommendations for improvement. This follow-up audit examined the Indigenous Land Corporation's implementation of the recommendations of the 2000 audit.

The objective of the audit was to assess the effectiveness of the Department of Parliamentary Services’ management of assets and contracts to support the operations of Parliament House.

The objective of this audit was to form an opinion on the effectiveness of Internet security measures within the Commonwealth public sector. The second objective was to provide better practice guidance for managing an Internet connection. The audit covered a range of Commonwealth agencies which had established an Internet facility. It specifically addressed the following matters : Internet security policies; site management - including change control processes, virus prevention and detection strategies, and incident response plans; controls over access to the Internet site and to data sources connected to the site; and user education and training.

The objective of this audit was to examine whether the Tourist Refund Scheme (TRS) is being effectively administered, with the appropriate management of risks.

The audit examined the Aboriginal and Torres Strait Islander Commission's (ATSIC's) grant management practices. The audit sought to determine if ATSIC provides fair and equal access to funding, what the risks to the grants program are, if decision-makers receive the key information they need to make informed funding decisions, and if ATSIC staff complying with grants procedures. The ANAO did not examine the appropriateness of the funding decisions made by regional councils.

The objective of this audit was to examine the effectiveness of Defence’s management of explosive ordnance by the end users of this materiel in Air Force, Army and Navy (the Services). In particular, the focus was on the effectiveness of arrangements for the oversight and physical control of explosive ordnance once it is issued to Service units.

The audit reviewed Defence’s policies, procedures, processes and inventory management systems for explosive ordnance at the unit level in the ADF, from receipt and storage through to the use or return of explosive ordnance.The audit also examined the relationship between the management of explosive ordnance at the unit level and the Explosive Ordnance Services Contract and, where relevant, the regional Garrison Support Services (GSS) Contracts.

The audit surveyed a wide range of Commonwealth agencies' Year 2000 preparedness, their management of the problem and their application of core corporate governance principles, including risk management disciplines. The scope of the audit reflected the wide ranging ramifications of the Year 2000 problem for agencies' overall functions (whole-of-business) internally as well as in terms of external interactions. The audit objectives were to:

• assess the adequacy of agencies' planning in relation to achieving Year 2000 compliance;
• review and assess agencies' implementation, management and monitoring of Year 2000 compliance strategies;
• review agencies' strategic risk assessments in relation to the Year 2000 changeover; and
• raise surveyed agencies' and other Commonwealth agencies' awareness of the various aspects of the Year 2000 problem.

This audit examined the management of contracts for business support processes in eight Commonwealth organisations-six operating under the Financial Management and Accountability Act 1997, and two operating under the Commonwealth Authorities and Companies Act 1997. The objectives of this audit were to:

• provide assurance on the effectiveness of the management of contracted business support processes in selected organisations; and
• identify and disseminate better practices in related contract management.