A damning audit has found the AEC misled the public in 2016.

A review by the National Audit Office has found that the Australian Electoral Commission (AEC) misled the public about the security of its data during the 2016 federal election and did not properly ensure it had not been compromised.

The probe found the commission did not meet the Federal Government's basic cyber-security requirements despite being warned by the Australian Signals Directorate (ASD) that it was unlikely to resolve its security weaknesses before the July 2 poll.

The AEC contracted an external company to digitally scan and count all Senate votes and preferences for the first time in 2016.

But days before the election, it switched to manual cross-checking of all ballots.

The decision cost the Federal Government somewhere between $6.6 and $8.6 million.

Auditor-General Grant Hehir says the Government agency had not been honest about the security risk.

“Insufficient attention was paid to ensuring the AEC could identify whether the system had been compromised,” Mr Hehir said.

“The level of IT security risk accepted by the AEC on behalf of the Australian Government and the extent of the non-compliance with the Australian Government IT security framework, was not transparent.

“The wording used in some of the internal records and published materials would generate confidence in the security of the system whereas the underlying assessments indicated significant risk.”

AEC Commissioner Tom Rogers has responded, saying the electronic scanning solution functioned as intended.

He denied being misinformed about security risks.

“The AEC remains confident that the range of measures put in place for the 2016 federal election ensured the integrity of the Senate count,” he said.

“Indeed, the [Australian National Audit Office] report does not cite any evidence to the contrary.”

Mr Rogers said counting ballot papers manually helped maintain public confidence in the process.

The full report is accessible here.