Agriculture, Water and the Environment | Department of Agriculture, Water and the Environment[1] | Moderate (B) | New | Weaknesses in monitoring of privileged user activities within the Financial Management Information System |
Attorney-General’s | Attorney-General’s Department | Moderate (B) | New | User access removal |
Administrative Appeals Tribunal | Moderate (B) | New | Lease management |
Defence | Department of Defence | Moderate (B) | New | Weaknesses around the disposal of assets and inventory |
Moderate (B) | Repeat (2020–21) – downgraded from Significant (A) | Valuation of specialist military equipment using the cost attribution model |
Moderate (B) | Repeat (2020–21) | Weaknesses around the governance of ADF health services |
Moderate (B) | Repeat (2020–21) | Management of privacy data |
Royal Australian Air Force Veterans’ Residences Trust | Moderate (B) | New | Independence of audit committee members |
Department of Veterans’ Affairs | Significant (A) | New | Military Compensation Scheme Provision methodology undervaluing DVA’s liability |
Moderate (B) | New | Security governance – Monitoring implementation of controls |
Moderate (B) | New | Personal benefits – incompatible access monitoring |
Moderate (B) | Repeat (2020–21) | Implementation of the process direct system |
Moderate (B) | Repeat (2020–21) | Monitoring of high-risk activity in IT systems |
Moderate (B) | Repeat (2020–21) | User terminations |
Moderate (B) | Repeat (2020–21) | User revalidations |
Moderate (B) | Repeat (2020–21) | Accuracy and completeness of information uploaded into compensation claim QA system |
Royal Australian Air Force Welfare Recreational Company | Significant legislative breach (L1) | New | Alterations made to the signed financial statements after the auditor’s report was issued |
Education, Skills and Employment | Department of Education, Skills and Employment[2] | Moderate (B) | New | Timely removal of user access on termination |
Health | Department of Health | Moderate (B) | New | Impairment status of inventory |
Industry, Science, Energy and Resources | Australian Nuclear Science and Technology Organisation | Moderate (B) | Repeat (2020–21) | Terminated users and audit logging |
Clean Energy Regulator | Moderate (B) | New | Privileged and other user access |
Infrastructure, Transport, Regional Development and Communications | Department of Infrastructure, Transport, Regional Development and Communications[3] | Moderate (B) | New | User access removal |
Prime Minister and Cabinet | Northern Land Council | Significant legislative breach (L1) | Repeat (2012–13) | Non-compliance with the requirement for funds in NLC’s royalty trust account to be distributed to traditional owners within the agreed timeframes |
Moderate (B) | Repeat (2014–15) | Weaknesses in payroll controls and errors in payments to staff |
Social Services | Department of Social Services | Moderate (B) | Repeat (2020–21) | Termination of users |
National Disability Insurance Agency | Moderate (B) | Repeat (2020–21) | Timeliness of IT user access terminations |
NDIS Quality and Safeguards Commission | Moderate (B) | New | IT shared services governance |
Treasury | Department of the Treasury | Moderate (B) | New | Governance over the Federal Payments Management System |
Australian Taxation Office | Moderate (B) | New | Issues with treatment of debts considered to be uneconomical to pursue |
Moderate (B) | New | Assurance over extracts of data |
Summary | 1 Significant (A) | New |
27 Moderate (B) | 15 New 12 Repeat |
2 Legislative (L1) | 1 New 1 Repeat |