The objective of the audit was to examine the Department of Defence’s (Defence's) implementation of agreed recommendations made in Auditor-General Report No. 38 of 2017–18 Mitigating Insider Threats through Personnel Security and the related report provided to ministers under section 37(5) of the Auditor-General Act 1997, and by the Parliament’s Joint Committee of Public Accounts and Audit (JCPAA) in Report 479 of 2019 Australian Government Security Arrangements.

The objective of this audit was to form an opinion on the effectiveness of Internet security measures within the Commonwealth public sector. The second objective was to provide better practice guidance for managing an Internet connection. The audit covered a range of Commonwealth agencies which had established an Internet facility. It specifically addressed the following matters : Internet security policies; site management - including change control processes, virus prevention and detection strategies, and incident response plans; controls over access to the Internet site and to data sources connected to the site; and user education and training.

The objective of the audit was to review the Department of Veterans' Affairs' management of the outsourcing of its data centre in Sydney from February 1992, specifically with respect to the management of its contractual arrangements. The audit sought to identify the extent to which DVA achieved its objectives of outsourcing and the effectiveness of its management of the arrangement with the supplier.

The objective of the audit was to evaluate the policies and practices of selected organisations to determine whether they had established sound arrangements for, and maintained effective control over, the administration of security incidents and investigations.

The audit reviewed the fraud control arrangements in the Department of Family and Community Services (FaCS), a policy formulation, and advising body and major purchaser of social welfare services from Centrelink. The objective was to assess whether FaCS had:

• implemented appropriate fraud control arrangements in line with the Fraud Control Policy of the Commonwealth and that these arrangements operated effectively in practice; and
• fulfilled its responsibilities as a purchaser of services in relation to fraud control.

This audit is one in a series of fraud control audit and is complemented by a similar audit of Centrelink, a major provider of services on behalf of FaCS.

The audit reviewed the application by the Department of Finance and the portfolio departments of the 1993 Accountability and Ministerial Oversight Arrangements for Government Business Enterprises and any statutory monitoring and reporting requirements applying to the selected GBEs provided under their own establishing legislation. The objectives of the audit were to examine:

• the effectiveness of the GBE monitoring arrangements in providing appropriate performance information to the Government;
• the extent to which agencies and the selected GBEs comply with the monitoring arrangements and legislative requirements; and
• whether the GBE monitoring system provides an effective level of accountability to Ministers and to the Parliament.

The objective of the audit was to assess whether:

a) the AGD effectively manages the operation of the NSH; and
b) the AFP and ASIO have effective procedures in place to deal with incoming referrals from the NSH.

The objective of the audit was to examine Defence's management of leases that have resulted from property sale and leaseback transactions. Leases subject to review were for a period of ten or more years and included the following six properties: the Defence Plazas in Sydney and Melbourne; the Hydrographic Office Wollongong; DNSDC Moorebank; Campbell Park Offices in Canberra; and ADC Weston Creek in Canberra. The audit examined the process for identifying the properties for sale and leaseback and the sale approval process. The audit sought to determine the basis on which the properties were proposed for sale and leaseback and the financial impact for the Government. The audit also reviewed the lease terms and conditions to determine whether they protect the Government's interests, and examined Defence's management of commitments arising from the leases.

The audit objective was to examine the administrative effectiveness of the ATO's use of AUSTRAC data. The audit reviewed the use of AUSTRAC data across three of the ATO Business Service Lines (BSLs) namely, Large Business and International (LB&I), Small Business (SB) and Individuals Non Business (INB). These are the most significant BSLs in terms of revenue collection. The audit focussed on the ATO's use of AUSTRAC data at the strategic and operational levels and its management of AUSTRAC data. Aspects examined include the ATO's relationship with AUSTRAC as well as training, data quality, data privacy and security issues.

The objective of this follow-up audit was to assess Austrade's implementation of the recommendations contained in ANAO Report No. 4 of 1998-99 (Client Service Initiatives - Australian Trade Commission (Austrade)), and whether the implementation of the recommendations or appropriate alternative measures has improved the management and delivery of Austrade's client service.