- governance - the governance arrangements supporting ongoing management of the Portals;
-portals development, user satisfaction and realisation of expected benefits – the ATO’s processes for involving users in developing the Tax Agent and Business Portals, assessing user satisfaction, and evaluating business benefits arising from uptake of the Portals; and
- information technology (IT) security and user access controls – the ATO’s IT security environment and user access controls supporting the operation of the Tax Agent and Business Portals.
The ANAO's conclusions are summarised in paras 21-23 of the report as follows:
"21. The ATO in developing and implementing the Tax Agent and Business Portals was aiming to make its clients’ experience with the taxation system easier, cheaper and more personalised. The ANAO considers that introduction of the Tax Agent and Business Portals has been a significant achievement for the ATO.
22. The ATO’s governance arrangements established for the Portals support their ongoing management. The Tax Agent Portal has been well received by the tax agent community. This has assisted the ATO in improving its relationship with tax agents. The Tax Agent and Business Portals have facilitated easier access to information for both tax agents and businesses. Since the Tax Agent Portal was introduced, around 80 per cent of tax agents have accessed it. Surveys undertaken by the ATO indicate a high level of satisfaction with the Tax Agent Portal. The ANAO considers that uptake of the Business Portal has been slow but has improved with more recent efforts by the ATO to encourage greater business use of the Portal. Around 6 per cent of businesses have accessed the Business Portal.
23. The ANAO concluded that the ATO has implemented a range of IT security and user access controls. The ANAO found that the Portals’ IT security architecture provides appropriate security over the data flows and information processed and that appropriate control mechanisms have been implemented for user access. The ANAO also found that the ATO’s incident management process was well established. However, the ANAO has identified several areas where the ATO needs to strengthen its IT security and user access controls around the Portals. These include: enhancing IT security planning, strengthening application security controls and user access administration, and improving IT security reporting."
The ANAO has made 6 recommendations. The first recommendation is aimed at strengthening the ATO’s processes supporting the ongoing management of the Tax Agent and Business Portals. The remaining five recommendations are focused on improving aspects of the ATO’s IT security, in order to preserve the integrity of its online channel. The ATO has agreed to the implementation of the 6 recommendations.
For a copy of the ANAO report, Audit Report No 4 2006-07, go here
For a copy of the ANAO report brochure, go here