Recommendation 19

The data breach was also not reported in the MoD’s Annual Report and Accounts for 2023–24. The Comptroller & Auditor General, who is an officer of the House of Commons, is responsible for the audit of these accounts, which is carried out by his staff at the National Audit Office (NAO).48 The Department said it was accounting for all of the spend on the ARR in the way that it was accounting for the public Afghan relocations and assistance policy spend. It took the judgment that it would not ‘read in’ the C&AG at that point.49 The Permanent Secretary commented that, “In the 2023–24 accounts, my sense was that, at that point, there was nothing material that the Comptroller and Auditor General needed to know about, but it may well be that the Comptroller and Auditor General will come to a different view as we finalise the accounts for 2024–25”.50 In correspondence received after our evidence session the Permanent Secretary stated that he took the decision not to inform the C&AG in the knowledge of the Ministerial position on reading in Parliamentarians and because he judged it would extend the circle of knowledge without offering an opportunity for meaningful scrutiny while the super-injunction was in place.51