Review of administration and expenditure for ASIO, ASIS and DSD

The Committee is aware that it is not equipped to conduct a detailed examination of the financial records of ASIO, ASIS and DSD.

In the course of its third review of expenditure and administration, the only sources available to the Committee were the Portfolio Budget Statements (which contain only very limited, if any, detail on agency expenditure), the classified submissions of the agencies (which contain a varied but still limited amount of information), ASIO’s unclassified Annual Report to Parliament and the evidence given in the Committee’s hearings.

The Committee examined the available primary sources and questioned the agencies at some length in regard to the information that was and was not provided. Nonetheless, in discharging its responsibility to review agency expenditure, the Committee remains heavily reliant on the reporting of the Australian National Audit Office and the guarantee of the Auditor-General that the financial statements of the agencies are satisfactory and in accordance with ANAO requirements.

In its third review, the Committee wished to explore a number of issues in relation to the auditing of ASIO, ASIS and DSD by the ANAO. These issues related to the transparency of the agencies when being examined by ANAO and the type of audit that is conducted. At a time when the budgets of all three agencies have grown at a very rapid pace, the Committee wished to be satisfied that the ANAO is confident of its ability to monitor agency expenditure and ensure that appropriate financial controls are in place.

ANAO audits

Under the Auditor- General Act 1997 (the Auditor-General Act), the Auditor-General has wide ranging powers to conduct statement and performance audits of agencies and Commonwealth authorities and subsidiaries.

Sections 31-33 of the Auditor-General Act allow the Auditor-General and the ANAO access to any documents or information required for the audit function. The ANAO has the right of access to enter and remain on any premises occupied by the Commonwealth at all reasonable times for audit purposes. The ANAO may freely search and take extracts from any records in the custody of government agencies. The Auditor-General is also able to direct a person to appear and provide evidence under oath, if required, and present any documents requested.

Section 36 of the Auditor-General Act requires ANAO officers to maintain secrecy regarding audit matters when they deal with sensitive information. ANAO officers dealing with Australia’s intelligence and security agencies have appropriate security clearances. Section 37 of the Act gives the Auditor-General powers to decide and indeed a duty not to include sensitive information in public reports or to disclose it to the Parliament if to do so would inter alia prejudice the security, defence or international relations of the Commonwealth. Consequently, provisions in any legislation cannot restrict the Auditor-General from having access to data or premises in the performance of his statutory responsibilities

The ANAO undertakes annual audits of the financial statements of ASIO and ASIS. Annual audits are based on the agency financial statements and examine, in essence, the money coming into and going out of the agency. An audit opinion is provided on the agency statements. Annual audits also look at the internal auditing processes within the agencies and their compliance with the accounting standards set down by the Department of Finance and Administration. This type of audit focuses on expenditure rather than administration. The ANAO may also undertake performance audits of agency operations. These audits are discussed further below.

Summary of ANAO annual audits: ASIO and ASIS

Background

ASIO and ASIS are required to produce financial statements in accordance with the provisions of section 49 of the Finance Management and Accountability Act 1997 (FMA Act) and the Finance Minister’s Orders. In addition, ASIO and ASIS must give due consideration to agreements between the Minister for Finance and Administration and the Attorney-General, and between the Minister for Finance and Administration and the Minister for Foreign Affairs, respectively that provide for the non-disclosure of such information in the notes to the financial statements where disclosure would or could be reasonably expected to be operationally sensitive.

The ANAO, as the external auditor, provides independent audit reports on the financial statements of ASIO and ASIS. These reports are provided by the ANAO as part of the financial statement audit process. The reports provide ANAO’s formal opinion on whether the financial statements :

• are prepared in accordance with the Agreement between the Finance Minister and the relevant portfolio Minister and the Finance Minister’s Orders; and
• give a true and fair view of the matters required by the Agreement and those Orders.

Audit coverage of ASIO and ASIS consists primarily of the annual financial statement audit.

ASIO

ASIO has one outcome listed in its Portfolio Budget Statements, being:

a secure Australia for people and property, for government business and national infrastructure, and for special events of national and international significance.¹

ASIO’s appropriation for 2002-2003 was $85.675m. For 2003-04, this appropriation increased to $95.236m.

The ANAO informed the Committee that the 2002-2003 audit of ASIO was conducted with satisfactory results and good support from ASIO’s staff. ² The audit highlighted four issues of significance for the attention of ASIO management. These were:

• bank account reconciliations;
• cash advance certification;
• segregation of duties in the Finance section; and
• currency of Chief Executive Instructions.³

According to the ANAO’s submission to the Committee, two of these issues (bank account reconciliations and cash advance certification) had been resolved while the other two were subject to management attention as at September 2003. The Committee questioned the ANAO about the two unresolved issues and also sought further advice from ASIO. ASIO has advised that due to the relatively small size of its finance unit, there is limited capacity to adopt full-scale segregation of duties and practices.⁴ ASIO has implemented additional controls, within resourcing constraints, backed up by an internal audit program ―an approach ANAO has indicated should be effective in addressing the area of concern.⁵ ASIO is currently reviewing and updating its Chief Executive’s Instructions to reflect current financial management controls and related administrative practices consistent with requirements under Section 42 of the FMA Act. ⁶

There were no other significant matters raised as part of the final audit process and an unqualified audit report was issued by the ANAO on 16 September 2003. Pursuant to section 37 (5) of the Auditor-General’s Act, a confidential report on the financial statements was issued by the Auditor-General to the Attorney-General, the Minister for Finance and Administration, and the Prime Minister. This concerned a requirement under the Australian Accounting Standard for the disclosure of information that was not disclosed by ASIO. The disclosure of this information was deemed to be operationally sensitive, a view that ANAO accepted.⁷

ASIS

ASIS has one outcome that is to:

Enhance government understanding of the overseas environment affecting Australia’s vital interests and take appropriate action, consistent with applicable legislation, to protect a particular identified interest.⁸

The ASIS appropriation in 2002-2003 was $60.3m. $57.4m was allocated in the 2002-2003 budget and a further $2.93m was allocated in supplementary estimates, mainly to fund counter terrorism measures.⁹

The ANAO provided evidence that the 2002-2003 ASIS audit was completed with satisfactory results and an unqualified audit report was issued on 27 August 2003.¹⁰ No audit issues were noted relating to the underlying control framework supporting the financial statements. However, the audit did identify a number of minor matters in relation to asset management and some scope for improvement in the area of accounting research and development expenditure that management is addressing.¹¹ The Committee questioned ASIS on the minor matters raised in the ANAO audit.

DSD

DSD is part of the Intelligence Output Group of the Department of Defence. As a component of a Department of State, there is no requirement for DSD to prepare a separate financial report and ANAO’s submission noted that it has never separately audited the financial statements of DSD. Instead the financial operation of DSD is incorporated as part of the financial reporting of the Department of Defence. Accordingly, in undertaking the financial statement audit for the Department of Defence, the ANAO examines DSD’s financial operations, but only as part of a greater whole: An ‘(a)udit of DSD’s financial operations is broadly included in the financial statement audit of the Department of Defence.’¹²

As discussed in Chapter One, the Government has not accepted the Committee’s recommendation that DSD produce a separate annual financial statement. In the course of their evidence to the Committee’s second review, the ANAO commented as follows:

I want to pick up on the previous recommendation of this committee that the Auditor-General undertake an audit of DSD activities. On consideration, the Auditor-General was quite happy to do that if he had a formal request for the Department of Defence to do so. To date, we have not had such a request. To date, the audit of DSD is part of the Defence audit, rather than being separate activity.¹³

ANAO stated in their submission that over the 2002-2003 period, no issues were specifically identified that related to the financial operations of DSD.¹⁴

Difficulties in auditing intelligence agencies

On the 25 March 2004, senior ANAO representatives appeared as witnesses before the Committee as part of its review.

The Committee has expressed reservations in regards to its ability to adequately review the administration and expenditure of agencies, given the fact that the Committee does not have access to key documentation, notably the classified annual reports of ASIO, ASIS and DSD. The Committee therefore sought a guarantee from ANAO that they had full access to the accounts and relevant information held by the agencies and were confident in their audit findings.

In response a senior ANAO officer stated:

If there is wholesale collusion to hide information from the auditors, it would be very difficult to say that that is not happening. I do not believe that is the case and I am quite happy that I seem to have access to the information I seek.¹⁵

The ANAO further elaborated on this assurance:

We know the amount of money that is funded by government through appropriations. We can see that flow through the bank accounts and we see that that is dispersed. If there were anything else, it would have to be some sort of very suss slush fund that does not go through normal government processes. I am not suggesting that I am hinting at that or suggesting that that is the case. I suppose that is the caveat around any comment.¹⁶

The Committee wished to ascertain what percentage of total expenditure is subject to ANAO audits. A witness from ANAO stated:

We look at it as a global number, so all of it is subject to examination. Individual expenditure is subject to sampling, so you make sure that the processes and systems that support payments are reliable and then you look at individual payments on a statistical sampling basis. Will most payments be individually checked? Some will but most will not be.¹⁷

The ANAO auditor for ASIO was asked if he were satisfied that the agencies were handling increased funding effectively and whether that was something the ANAO examined. The auditor responded that ANAO essentially looked at what was spent and whether it was accurately recorded rather than the performance achieved through expenditure.¹⁸

The Committee was interested to know if auditing intelligence agencies presented a more complex or otherwise different task from auditing other government departments or agencies. The ANAO officers expressed the view that

To some extent we have tried to push these audits as being no different from any other audit, apart from the possibility that public reporting may be constrained for secrecy reasons.¹⁹

Further, the witness stated:

If corruption were around and if it were significant, we would want to pursue it in the same way as we would with any other agency, but the reporting may be constrained if that were deemed to be relevant by the Auditor-General. We have certainly been pushing to have total, open and free access to the audit processes but we have to think about how we would finalise them. To a large extent we have shifted ground over the last four or five years to have that sort of access, whereas previously parts were carved out that we could not look at. I am reasonably confident now that we do have that access.²⁰

The Committee asked ANAO whether the Committee would necessarily be informed if evidence of corruption or other malpractice was ever found in relation to the operations of an intelligence agency.²¹

Section 23(1) of the Auditor-General Act provides that the Auditor-General may provide advice or information to a person or body relating to the Auditor-General's responsibilities if, in the Auditor-General's opinion, it is in the Commonwealth's interests to provide the information or advice. Section 25 of the Auditor-General Act provides that the Auditor-General may at any time cause a report to be tabled in either House of the Parliament on any matter and that the Auditor-General must give a copy of the report to the Prime Minister, the Finance Minister and to any other Minister who, in the Auditor-General's opinion, has a special interest in the report. A senior ANAO officer commented:

The formal mechanism for reporting in the Auditor-General Act is to report to the relevant minister, to the Prime Minister and, I think, to the Minister for Finance. If you have something that falls under the secrecy provision, to my knowledge there is no formal mechanism to report to this committee in that context—and I think that is where we are at the moment. ²²

Further to this, the witness stated:

…as I understand it, you may be barred from seeking that information ―unless one of those ministers were to advise you of that. That would be the legal constru ct as I understand it.²³

The Committee notes that it would presently be a matter for the discretion of the Auditor-General to provide the Committee with copies of audit reports or any other audit information relating to ASIO, ASIS and DSD, subject to “the Commonwealth’s interests”, or it would be at the discretion of a Minister of a particular agency, to pass on such information. Clearly it is in the Commonwealth’s interests to provide this information to the Committee, especially if it included any evidence of malpractice, to assist the Committee to discharge its statutory function of reviewing the expenditure and administration of ASIO, ASIS and DSD.

To avoid doubt, the Committee considers that appropriate legislative provision should be made to require the Auditor-General to provide the Committee with copies of the ANAO’s annual audits of ASIO, ASIS and DSD agencies, and any other relevant information.

Performance audits

Section 5 of the Auditor-General Act defines a performance audit as a ‘review or examination of any aspect of the operations’ of a government agency, authority or subsidiary.²⁴

The objectives of performance auditing are twofold:

• to provide Parliament with assurance about the quality of management of public resources; and
• to assist public sector managers by identifying and promoting better management practices.

A performance audit may include a review of:

• the use of human, financial and other resources;
• information systems, performance measures and monitoring arrangements; and
• procedures followed by entities for remedying identified deficiencies.²⁵

The mandate for this type of audit stops short of a review of Government policy decisions. T he scope of a performance audit may, however, incorporate the audit of information leading to policy decisions, an assessment of whether policy objectives have been met, and an assessment of the results of policy implementation both within the administering body and externally.²⁶

One of the aims of the performance audit process is to assist public sector bodies in identifying improvements to public administration.²⁷ The ANAO takes special care of information provided in-confidence, such as commercially sensitive information received during the course of performance audits.²⁸ In the course of the Committee’s first review, ANAO indicated that, in 1999, ASIO was part of a general performance audit relating to the Sydney Olympic Games. These audits review how a number of agencies perform in a certain area. For example, the ANAO conducted a general performance audit relating to Internet security, and suggested potential audits relating to management of leave in the Australian Public Service, and management of internal investigations units.²⁹ It was noted by a senior ANAO witness that a performance audit was planned on the coordination of counter-terrorism. But the witness was uncertain as to the degree of involvement this audit would have with ASIO or ASIS.³⁰

ANAO’s annual audits focus on accounting of expenditure rather than administrative efficiency and performance. In view of the current large increases in funding for ASIO, ASIS and DSD and the agencies expansion of activities, the Committee is concerned that these financial audits do not alone provide an adequate review of agency administration and expenditure. Performance audits are a potentially important means by which the Committee, and through the Committee, the Parliament and public, can be assured that the agencies are performing to high standards of efficiency and effectiveness.

The Committee asked ASIO whether they could foresee any difficulties in participating in an ANAO performance audit. ASIO responded:

The Auditor-General has not previously proposed a performance audit. ASIO has employed external consultants to conduct a variety of performance -type audits in various areas, for example ―Olympics preparations, T4, the recruitment process and the PM&C Implementation Review on counter-terrorism.

ASIO would have real difficulties with the Auditor-General doing a performance audit of say, our collection capabilities, both human and technical. That is not to say that alternative arrangements,
perhaps including the Auditor - General, could not be made, but would need to be worked through on a case-by-case basis.³¹

Clearly appropriate security arrangements would need to be made in relation to performance audits of intelligence collection activities and other particularly sensitive matters. The Committee can see no reason, however, why appropriate arrangements, including the preparation of classified reports, could not be made.

The Committee notes that Section 10 of the Auditor-General Act provides that in performing or exercising his or her functions or powers, the Auditor-General must have regard to the audit priorities of the Parliament determined by the Joint Committee of Public Accounts and Audit and any reports made by that Committee.

Other issues

The ANAO noted that Senate Order for Department and Agency Contracts requires FMA agencies to list details of certain contracts on the Internet and indicate, among other things, whether any of the contracts listed contain confidentiality provisions.³²

It was noted by ANAO that ASIO and ASIS have not listed their contracts on the Internet because of national security concerns. In the interest of accountability, the ANAO, as part of its next audit of compliance with the Senate Order, will examine ASIO and ASIS contracting practices for compliance with all legislative and policy requirements. This examination will not be publicly reported as it will contain classified information.³³