A performance audit into the Department of Home Affairs’ administration and regulation of its Critical Infrastructure Protection Policy has found it to have been “partly effective”.
In his report Administration of Critical Infrastructure Protection Policy, Auditor-General Grant Hehir said overseas terrorist attacks in 2001 and 2002 prompted the Government and industry to engage in critical infrastructure asset and prepare responses in Australia.
Mr Hehir said the Department of Home Affairs estimated that the 168 assets registered as critical infrastructure would increase 10-fold as a result of legislative changes in 2021.
“The Department has partly effective governance arrangements to administer critical infrastructure protection policy,” Mr Hehir said.
“Implementation of critical infrastructure-related risk assessments and reporting was not captured in risk documentation,” he said.
“The effectiveness of the Department’s stakeholder coordination arrangements is reduced by not having an engagement strategy and providing limited support to other critical infrastructure regulators.”
Mr Hehir said Home Affairs’ performance framework as it related to critical infrastructure was not adequate with “performance statements, regulatory performance assessment, and use of internal measures to inform policy and regulation requiring improvement.”
He said the Department’s administration of compliance activities that was consistent with critical infrastructure protection requirements was partly effective.
“The Department’s compliance framework does not reflect existing responsibilities or compliance requirements,” he said.
“Compliance activities are not supported by approved procedures or systems controls.”
Mr Hehir made seven recommendations for Home Affairs to use risk management to inform decision-making. These included using appropriate performance measurement; improving its existing framework to manage compliance; establishing an engagement strategy; and review the effective use of all available regulatory tools.
The Auditor-General’s Report can be accessed at this PS News link and a 66-page printable version at this link.
The audit team was Glen Ewers, Rebecca Helgeby, Jessica Kanikula, Edwin Apoderado, Ji Young Kim and Alex Wilkinson.
