Annual reports

GCSB Annual Report 2025

This is the annual report of the Government Communications Security Bureau (GCSB) for the year ended 30 June 2025.

Independent Auditor’s Report

Audit New Zealand logo To the readers of the Government Communications Security Bureau’s annual report for the year ended 30 June 2025.

The Auditor-General is the auditor of the Government Communications Security Bureau (the GCSB). The Auditor-General has appointed me, Kelly Rushton, using the staff and resources of Audit New Zealand, to carry out, on his behalf, the audit of:

  • The statement of expenses and capital expenditure of the GCSB for the year ended 30 June 2025 on page 35.
  • The end-of-year performance information of the GCSB for the year ended 30 June 2025 on pages 20 to 25. The end-of-year performance information presented is the unclassified performance information and is a subset of the GCSB’s full performance information for the appropriation.

Opinion

In our opinion:

  • The statement of expenses and capital expenditure incurred in relation to the appropriation for the year ended 30 June 2025 is presented fairly, in all material respects, in accordance with the requirements of section 221(4)(a) of the Intelligence and Security Act 2017.
  • The presented end-of-year performance information accurately reports, in all material respects, the GCSB’s actual performance against the presented performance measures.

Our audit was completed on 30 September 2025. This is the date at which our opinion is expressed.

Basis for our opinion

We carried out our audit in accordance with the Auditor-General’s Auditing Standards, which incorporate the Professional and Ethical Standards, the International Standards on Auditing (New Zealand), and New Zealand Auditing Standard 1 (Revised): The Audit of Service Performance Information issued by the New Zealand Auditing and Assurance Standards Board. Our responsibilities under those standards are further described in the Responsibilities of the auditor section of our report.

We have fulfilled our responsibilities in accordance with the Auditor-General’s Auditing Standards. 

We believe that the audit evidence we have obtained is sufficient and appropriate to provide a basis for our audit opinion.

Responsibilities of the Director-General of the GCSB for the information to be audited

The Director-General of the GCSB is responsible on behalf of the GCSB for:

  • Preparing a statement of expenses and capital expenditure of the GCSB that is presented fairly, in all material respects, in accordance with the requirements of section 221(4)(a) of the Intelligence and Security Act 2017.
  • Preparing end-of-year performance information for the appropriation that provides an appropriate and meaningful basis to assess what has been achieved with the appropriation and fairly presents what has been achieved and that complies with generally accepted accounting practice in New Zealand.
  • Selecting from the full end-of-year performance information for the appropriation the  unclassified performance information, that is a subset of the GCSB’s full performance information, and presenting unclassified performance information that accurately reports, in all material respects, the GCSB’s actual performance against the unclassified performance measures.

The Director-General of the GCSB is responsible for such internal control as is determined is necessary to enable the preparation of the information to be audited that is free from material misstatement, whether due to fraud or error. 

In preparing the information to be audited, the Director-General of the GCSB is responsible on behalf of the GCSB for assessing the GCSB’s ability to continue as a going concern. 

The Director-General of the GCSB’s responsibilities arise from the Intelligence and Security Act 2017 and the Public Finance Act 1989.

Responsibilities of the auditor for the information to be audited

Our objectives are to obtain reasonable assurance about whether the information we audited, as a whole, is free from material misstatement, whether due to fraud or error, and to issue an auditor’s report that includes our opinion. 

Reasonable assurance is a high level of assurance, but is not a guarantee that an audit carried out in accordance with the Auditor-General’s Auditing Standards will always detect a material misstatement when it exists. Misstatements are differences or omissions of amounts or disclosures, and can arise from fraud or error. Misstatements are considered material if, individually or in the aggregate, they could reasonably be expected to influence the decisions of readers, taken on the basis of the information we audited.

For the budget information reported in the information we audited, our procedures were limited to checking that the information agreed to the Estimates of Appropriations for the Government of New Zealand for the Year Ending 30 June 2025.

We did not evaluate the security and controls over the electronic publication of the information we audited. 

As part of an audit in accordance with the Auditor-General’s Auditing Standards, we exercise professional judgement and maintain professional scepticism throughout the audit. Also:

  • We identify and assess the risks of material misstatement of the information we audited, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. The risk of not detecting a material misstatement resulting from fraud is higher than for one resulting from error, as fraud may involve collusion, forgery, intentional omissions, misrepresentations, or the override of internal control.
  • We obtain an understanding of internal control relevant to the audit in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the GCSB’s internal control.
  • We evaluate the appropriateness of accounting policies used and the reasonableness of accounting estimates and related disclosures made by the Director-General of the GCSB.
  • We evaluate whether the end-of-year performance information that is presented accurately reports, in all material respects, the GCSB’s actual performance against the presented performance measures.
  • We evaluate whether the statement of expenses and capital expenditure has been prepared in accordance with legislative requirements.
  • We conclude on the appropriateness of the use of the going concern basis of accounting by the Director-General of the GCSB.
  • We evaluate the overall presentation, structure and content of the information we audited, including the disclosures, and whether the information we audited represents the underlying transactions and events in a manner that achieves fair presentation.

We communicate with the Director-General of the GCSB regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. 

Our responsibilities arise from the Public Audit Act 2001.

Other information

The Director-General of the GCSB is responsible for the other information. The other information comprises all of the information included in the annual report other than the information we audited and our auditor’s report thereon.

Our opinion on the information we audited does not cover the other information and we do not express any form of audit opinion or assurance conclusion thereon.

Our responsibility is to read the other information. In doing so, we consider whether the other information is materially inconsistent with the information we audited or our knowledge obtained in the audit, or otherwise appears to be materially misstated. If, based on our work, we conclude that there is a material misstatement of this other information, we are required to report that fact. We have nothing to report in this regard.

Independence

We are independent of the GCSB in accordance with the independence requirements of the Auditor-General’s Auditing Standards, which incorporate the independence requirements of Professional and Ethical Standard 1: International Code of Ethics for Assurance Practitioners (including International Independence Standards) (New Zealand) issued by the New Zealand Auditing and Assurance Standards Board. 

Other than in our capacity as auditor, we have no relationship with, or interests, in the GCSB.

Signature

Kelly Rushton
Audit New Zealand
On behalf of the Auditor-General
Wellington, New Zealand

View all

Table of contents