The continued failure to modernise outdated tech systems across Australia’s federal agencies is not only harming operational efficiency but also making it more expensive for the national auditor to conduct financial oversight. A new government report reveals that enduring issues like weak cybersecurity, inadequate user access controls and flawed IT rollouts are increasing audit expenses and exposing agencies to serious cyber threats.
Aging technology across the public service continues to hinder efforts to meet the demands of secure and efficient governance. Despite repeated warnings and numerous failed IT projects, over 70% of federal agencies still depend on legacy systems. These systems often lack current protections against data breaches and are becoming costlier to maintain as they approach the end of their supported life.
The Australian National Audit Office’s latest report outlines that weak IT controls - including security flaws, poor system changes and insufficient access management - are the most frequent challenge encountered during financial audits. These issues come alongside rising market costs for specialist support and external auditing services, adding further budget pressure. Past audits have also identified cases where agencies failed to carry out proper risk assessments in tenders worth millions or made unrealistic commitments during major technology projects.
Costs and compliance are not the only concerns. A separate analysis warns that outdated systems could cost taxpayers up to $13.5 billion if agencies do not modernise quickly enough. The findings suggest that greater adoption of cloud technology, better procurement practices and collaboration with the private sector could significantly reduce technical downtime - currently wasting close to 3 million hours each year - and improve the nation’s digital security.
Some systems are expected to reach “technical retirement” by 2025, yet many still lack vendor support or essential security updates. Agencies are left to manage vulnerabilities themselves, a difficult task for internal teams already operating under strain. Without urgent changes, the risks are likely to grow along with their impact on both national budgets and cybersecurity.
