Chair's foreword
The ANAO’s independent examination each year of the financial accounting and reporting by Commonwealth entities is a vital part of its scrutiny role. These financial statements audits of 248 separate entities are used by ANAO to assess risks, governance arrangements, and internal control frameworks across the Commonwealth.
In the 2021-22 Financial Statements audit report the highest number of significant and moderate findings were in the categories of IT security management and user access and accounting and control of non-financial assets.
Three areas relating to the 2021-22 Financial Statements audit report were the focus of the Committee’s inquiry:
- Financial sustainability issues for the Departments of Home Affairs and Agriculture, and the National Disability Insurance Agency (NDIA);
- The Department of Defence’s use of appropriations to terminate the Attack Class submarine contract; and
- Cyber security issues for the Commonwealth under the Protective Security Policy Framework (PSPF).
Evidence to the Committee on financial sustainability matters with the three agencies raised areas of key concern.
Home Affairs’ Financial Sustainability
An independent budget review of Home Affairs in 2022 has indicated that the department’s baseline situation was misaligned with its core activities and that it was balancing risk, service delivery and the cost of doing business in an unsustainable manner. This was exacerbated by the former government’s waste of $92 million on a failed privatisation of the visa processing system, despite which the Home Affairs was forced to nevertheless cop $180 million of savings that could not be realised.
The Committee has therefore requested that Home Affairs provides it with an update within six months on how it has implemented the recommendations arising from the independent review and on its actions and those of Government to improve its budget sustainability.
Agriculture’s Financial Sustainability
Evidence revealed that Agriculture has been facing an underlying structural cash deficit for many years, driven by the cost recovery of biosecurity functions. Given the critical importance of biosecurity activities and the economic and environmental costs of breaches, the Committee is of the view that the situation was fundamentally unsustainable and the Government and department must respond appropriately.
NDIA / NDIS Financial Sustainability
The financial situation with the NDIA is understandably complex however as the costs of the National Disability Insurance Scheme (NDIS) have been increasing faster than anticipated, this poses real risks to its long-term sustainability. One of the aims of the current NDIS review is to shed some light on its operations and sustainability, and this is welcomed by the Committee. The acknowledges the evidence from the NDIA that it anticipates more certainty to the forward projections for NDIS expenditure as a result of its efforts. The Committee is requesting an update within six months from NDIA on any gaps between its projected and actual costs for the 2022-23 financial year and a comparison with previous years.
Defence’s compensation payment for cancellation of Attack Class Submarines contract
The Committee was concerned to learn how the payment made by the Department of Defence to terminate the Attack Class submarine contract was made. This contract cancellation was an operating expense, however Defence use funds that had been appropriated by the Parliament as equity funding, which is non-operating expenditure.
The Committee concurs with the Auditor-General’s view that these funds should not have been used for an operating expense without the permission of the Parliament. Notwithstanding legal advice sought by the department and the potential Constitutional implications, the Committee concluded that this is not a matter for the courts, it is a matter for the Parliament to determine the future financial controls over the Executive.
The Committee is firmly standing up for this principle on behalf of the Parliament to ensure this does not happen again.
The Committee has recommended that the Finance Minister review this matter and accept its conclusion. The Committee has also recommended that, in the terminology and framework used for the Appropriation Bills, the Finance Minister clarifies that an ‘equity injection’ or ‘equity funding’ is non-operating expenditure.
Cyber security vulnerabilities
Finally, the inquiry examined the import issue of cyber security vulnerabilities across Commonwealth entities. Unfortunately, IT issues such as a lack of appropriate user access terminations have represented the majority of the ANAO’s adverse findings in its Financial Statements audits for many years.
The Attorney-General’s department (AGD) has ownership of the PSPF which contains cyber security strategies developed by the Australian Signals Directorate (ASD) that are mandatory for most Commonwealth agencies. Each entity is responsible for the application of the PSPF and self-reports on its cybersecurity compliance. However the Committee is concerned by the persistent ‘optimism bias’ which the ANAO has identified in these self-assessments that suggests an understating of the IT vulnerabilities that may exist.
The Committee has recommended that the:
- Government consider implementing an assurance regime on agencies’ self-reporting on cybersecurity compliance to ensure the Government is aware of the true situation in relation to public sector cyber-security and that this is not disguised by agencies, and
- AGD develop appropriate performance measures of its effectiveness in promoting compliance with the cyber security components of the PSPF to be included in its annual performance statement.
I thank the Deputy Chair and other Committee members who participated in the inquiry. I also thank the contributors to the inquiry and the Committee Secretariat for their continued professionalism in supporting the work of the Committee.
Mr Julian Hill MP
Chair