The Australian Electoral Commission (AEC) misled the public about the security of its data during the 2016 federal election and failed to ensure it had not been compromised, a damning audit has found.

Key points: AEC ran out of time to comply with basic Federal Government cyber-security requirements

AEC ran out of time to comply with basic Federal Government cyber-security requirements Australian Signals Directorate warned AEC it was unlikely to resolve security weaknesses before election day

Australian Signals Directorate warned AEC it was unlikely to resolve security weaknesses before election day Days before election day, plans to count Senate votes digitally via a contractor were bolstered, costing $6.6m-8.6m

The National Audit Office has revealed the AEC did not comply with the Federal Government's basic cyber-security requirements due to time restraints, and accepted the extra security risk.

The audit also revealed the Government's cyber-spy agency, the Australian Signals Directorate (ASD), warned the AEC it was unlikely to resolve its security weaknesses before the July 2 poll.

For the first time, the AEC contracted a company to digitally scan and count all Senate votes and preferences.

But just days before the election, a decision was made to manually cross-check all ballots to ensure accuracy.

That decision, which came after warnings about potential vulnerabilities, cost the Federal Government somewhere between $6.6 and $8.6 million.

Auditor-General Grant Hehir's report found the Government agency had not been honest about the security risk.

"Insufficient attention was paid to ensuring the AEC could identify whether the system had been compromised," Mr Hehir said.

"The level of IT security risk accepted by the AEC on behalf of the Australian Government and the extent of the non-compliance with the Australian Government IT security framework, was not transparent.

"The wording used in some of the internal records and published materials would generate confidence in the security of the system whereas the underlying assessments indicated significant risk."

AEC 'remains confident' in security of 2016 election

In response to the audit, AEC Commissioner Tom Rogers said the electronic scanning solution was developed in 12 weeks and functioned as intended.

He rejected claims he was misinformed about security risks, saying he received daily briefings from staff and the ASD.

"The AEC remains confident that the range of measures put in place for the 2016 federal election ensured the integrity of the Senate count," he said.

"Indeed, the [Australian National Audit Office] report does not cite any evidence to the contrary."

Mr Rogers said the decision to count ballot papers manually was not made due to doubts about accuracy, but to maintain public confidence in the process.

He said the decision was made after consultation with major parties.