Our audit followed 2 lines of enquiry:
1. Do agencies track all their servers and apply foundational security controls to them?
2. Do agencies monitor their server security and strengthen it in response to threats?
To answer these questions, we examined:
Download a PDF copy of Appendix C: Audit scope and method.
Download a PDF copy of Appendix B: Abbreviations, acronyms and glossary.
Download a PDF copy of Appendix A: Submissions and comments.
Departments we examined did not actively assess how savings affected either frontline or back-office services.
Departments’ existing performance measures do not track savings' impacts and do not consistently measure all outputs across all business areas.
Without targeted metrics or specific monitoring, departments cannot show if savings affected service delivery.
Covered in this section:
All departments told us that they delivered their 2023–24 DER savings targets, but only DEECA tracks implementation at the initiative level.
Other departments monitored progress against their overall budgets, which include a mix of savings and other funding decisions.
This means they could not easily show if they delivered the specific initiatives approved in their DER implementation plans.
Covered in this section:
Most departments planned to deliver DER savings without reducing frontline roles.
But DPC and DTF did not give clear guidance to departments on how they should apply the government's commitment to protect frontline roles when departments developed their savings proposals.
Not all departments could show how they applied their frontline worker definitions.
Covered in this section:
We made 3 recommendations to address our findings. The relevant agencies have accepted all recommendations in full.
Our audit followed 2 lines of inquiry:
1. Were departments' plans to deliver savings and efficiencies consistent with the COVID Debt Repayment Plan?
2. Are departments on track to deliver savings and efficiencies, while maintaining frontline services?
To answer these questions, we examined: