Audit finds agencies ramped up AI in 2024 with no policies in place

It has been reported on Information Age that at least 20 government entities were using artificial intelligence last year without any policies in place governing its use.

An audit report issued by the Australian National Audit Office (ANAO) — ‘Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2024’ — included a focus on AI use in the public service, and revealed that as of mid-last year, 56 government departments and agencies were using artificial intelligence, more than double the number in the previous year.

Most of these entities were using AI for research and development, IT systems administration, and data and reporting. Of these entities, less than 65% had established internal policies governing the use of AI, and only 27% had established internal policies around assurance over AI use.

“An absence of governance frameworks for managing the use of emerging technologies could increase the risk of unintended consequences,” the ANAO report said.

Among these entities that as of June last year were using AI but didn’t have internal policies in place were the Australian Criminal Intelligence Commission, the Bureau of Meteorology, the Department of Industry, Science and Resources, and Services Australia.

The ANAO findings relate to before the federal government released new Australian Public Service guidelines for the responsible use of AI within government, which require agencies to publicly outline the use of AI by March this year, and appoint an accountable official to ensure its safe rollout.

This applies to all government departments and agencies, except for those in Defence and the “national security community”.

The ANAO report also found a concerning recurrence of significant tech issues identified throughout audits conducted by the watchdog: more than 40% of all audit findings made by the ANAO in 2023–24 related to the IT control environment, particularly in relation to security. The most common findings revolved around privileged and other user access as well as change management.

“Weaknesses in controls in this area can expose entities to an increased risk of unauthorised access to systems and data, or data leakage,” the ANAO report said. There are 32 unresolved audit findings in relation to user access management, including one listed as “significant” directed at the Department of Defence.

Image credit: iStock.com/Kwanchanok Taen-on