The handling of cyber security and the purchase of goods and services remain key problems for federal government departments and agencies, the auditor-general says.

The Australian National Audit Office’s annual report released on Thursday said there continued to be evidence the public sector’s approach to some core activities “regularly falls short of expectations”.

Auditor-General Grant Hehir said in terms of the public sector’s implementation of cyber security “little assurance is given to the government or the Parliament of adherence to mandatory requirements, other than through external audit”.

As well, audits of procurement show “the sector’s approach regularly falls short of expectations”.

We've just published our annual report for 2020-21. The annual report documents our performance in the financial year ended 30 June 2021, and includes our annual performance statement. Read it on our website: https://t.co/ZeePmE2LVk pic.twitter.com/3KIG1j7AdG

— Audit Office (ANAO) (@ANAO_Australia) August 26, 2021

In his previous annual report the Auditor-General made a strong plea for more funding, which the government provided in its last budget.

“The funding will enable the ANAO to operate on a more sustainable basis, to meet mandated financial statements audits, an appropriate program of performance audits and the staged roll-out of performance statements audits,” he said.

Over the year, 142 findings were reported to entities as a result of the 2019-20 financial statements audits.

These comprised two significant, 22 moderate and 118 minor findings.

One significant legislative breach was also reported during 2019-20.

The report said the highest number of findings continued to be in the compliance and quality assurance frameworks supporting program payments and financial reporting, and management of IT security and user access, in particular the management of privileged users.

The ANAO also produced 42 performance audits.

-AAP