Introduction

1. The Auditor-General Act 1997 establishes the mandate for the Auditor General to undertake financial statement audits of all Australian Government entities including those of government agencies, statutory authorities and government business enterprises.

2. The preparation of audited financial statements in compliance with the Finance Minister’s Orders[1] is a key element of the financial management and accountability regime applicable to Australian Government entities. It is generally accepted in both the private and public sectors that a good indicator of the effectiveness of an entity’s financial management is the timely finalisation of its annual financial statements, accompanied by an unmodified audit opinion. Australian Government entities, in cooperation with the Australian National Audit Office (ANAO), devote considerable effort to achieving such an outcome.

3. Financial statement audits are an independent examination of the financial accounting and reporting of public sector entities. The results of the examination are presented in an auditor’s report, which expresses the auditor’s opinion on whether the financial statements as a whole and the information contained therein fairly present each entity’s financial position and the results of its operations and cash flows. The accounting treatments and disclosures reflected in the financial statements by the entity are assessed against relevant accounting standards and legislative reporting requirements.

4. Under section 57 of the Financial Management and Accountability Act 1997 (FMA Act) the Auditor-General is required to report each year to the relevant Minister, on whether the financial statements of agencies have been prepared in accordance with the Finance Minister’s Orders (FMOs) and whether they give a true and fair view of the matters required by those Orders.

5. To assist agencies to manage their responsibilities, the ANAO periodically publishes better practice guides on a range of aspects of public administration. During 2010–11, the ANAO published two Better Practice Guides, Strategic and Operational Management of Assets by Public Sector Entities and Fraud Control in Australian Government Entities. An updated guide on Public Sector Audit Committees is due to be released in the near future. Better Practice Guides are well received by agencies and contribute to agencies maintaining the maturity of their internal control systems.

6. Our interim audits of agencies encompass a review of governance arrangements related to agencies’ financial reporting responsibilities, and an examination of relevant internal controls, including information technology system controls. The ANAO’s examination of these areas is designed to assess the reliance that can be placed on agencies’ internal controls to produce complete and accurate information for financial reporting purposes.

7. The audit findings in this report have been reported to the management of each entity, and to the responsible Minister(s).

Developments in accounting and auditing standards

8. The Australian Accounting Standards Board (AASB) continued to enhance the accounting standards framework during 2010–11 with a range of changes affecting public sector entities but these are not expected to have a significant financial effect.

9. Future changes to Australian accounting standards are being driven largely by major developments in accounting standards internationally. Significant changes to accounting standards and the conceptual frameworks used to develop standards are underway. A suite of new and revised standards is expected to come into effect from 2013–14, changing reporting requirements in important areas such as financial instruments, revenue, leases, fair value measurement and reporting by groups of entities. During 2010–11, work continued on new conceptual frameworks for financial reporting designed to provide a sound base for the development of future accounting standards.

10. The most significant development in relation to Australian auditing standards in 2010–11 saw the application for the first time of revised standards in ‘clarity format’ for most ANAO financial statement audits. This follows the release of revised and redrafted International Standards on Auditing (ISAs) in 2009 by the International Auditing and Assurance Standards Board, and the subsequent issue of revised Australian auditing standards by the Australian Auditing and Assurance Standards Board in line with the ISAs, that are operative for audits of financial statements in Australia for reporting periods beginning on or after 1 January 2010.

Summary of audit results

Internal control in agencies

11. A central element of the ANAO’s financial statement audit methodology, and the focus of the interim phase of our audits, is a sound understanding of an agency’s internal controls. To do this, the ANAO uses the framework contained in the Australian Auditing Standards ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment. The key elements of internal control, as discussed in ASA 315, are the control environment; the risk assessment process; information systems, including the related business processes relevant to financial reporting, and communication; control activities; and monitoring of controls.

Control environment

12. The ANAO assesses whether an agency’s control environment includes measures that contribute positively to sound corporate governance in the context of the preparation of an agency’s financial statements. These measures should be designed to mitigate identified risks of material misstatement in the financial statements, and reflect the specific governance requirements of each agency.

13. The ANAO observed that agencies have in place key elements of a control environment designed to provide a sound basis for the effective preparation of the agency’s financial statements. Audit Committees, in particular, continue to have a positive influence on the effectiveness of agencies’ control environment particularly in the areas of risk assessment, legislative compliance and financial system controls.

Risk assessment process

14. An understanding of an agency’s risk assessment process is an essential element of the ANAO’s financial statement audits. Agencies are expected to manage the key risks specific to their environment and our interim audits include a review of controls relating to risks that may have a material impact on agencies’ financial statements. The ANAO found that the majority of agencies have a well-established risk assessment process, overseen by audit committees or other committees with specific risk management responsibilities.

15. Important elements of the risk assessment process common to all agencies are business continuity and fraud control management. Our audits identified a general improvement in the level of awareness and maintenance of business continuity and disaster recovery controls in agencies. However a number of agencies did not test their Business Continuity Plans (BCPs) as part of normal business practice. In relation to fraud control, all agencies have fraud control plans prepared in accordance with the Commonwealth Fraud Control Guidelines.[2] Consistent with our observations in previous years, a small number of agencies needed to improve mechanisms for assessing the effectiveness of their fraud control plans.

Information systems

16. Information technology facilitates the way in which Australian Government agencies operate, and supports the business processes that deliver services to the Australian community.

17. During the 2010–11 interim audits, the ANAO assessed the design and operation of key IT controls to determine the effectiveness of these controls and their impact on reducing risks to the integrity of financial information presented in agencies’ financial statements.

18. The ANAO noted improvements in elements of agencies’ IT control environments during 2010–11, particularly in respect of incident and problem management controls. However, the management of user access, particularly the logging and monitoring of user activities for privileged users, remained an area requiring further attention in some agencies. This situation is consistent with previous years’ findings.

19. The assessment of Financial Management Information Systems’ (FMIS) and Human Resource Management Information Systems’ (HRMIS) application controls identified that although the effectiveness of FMIS business continuity arrangements has improved, the management of HRMIS business continuity required improvements in a number of agencies.

Control activities

20. The results of the 2010–11 interim audits indicated that, overall, control activities relating to financial and accounting processes have been maintained at an effective level. The total number of significant and moderate audit findings has decreased, continuing the trend over recent years. Control issues identified by our audits related to areas such as: the management of inventory and assets, including stocktakes, controls relating to business systems; the management of user access to key financial systems; and business continuity management. A total of 158 Category A, B and C [3] findings were identified from our 2010–11 interim audits, a significant reduction compared with the 188 findings identified in 2009–10.

Monitoring of controls

21. Many activities undertaken by agencies contribute to their regime of monitoring controls. These include quality assurance arrangements, internal and external reviews, control self-assessment processes, and internal audit. In particular, all agencies have in place arrangements to enable Chief Executives to provide an annual Certificate of Compliance.

22. The ANAO continues to include an assessment of compliance in relation to annual appropriations, special appropriations, annotated appropriations, special accounts and the investment of public moneys in its financial statement audits as a result of interest shown by the Joint Committee of Public Accounts and Audit in past years. Consistent with the results over the last three years, our 2010–11 audits found a high level of compliance in these areas.

Agency audit findings

23. The results of our 2010–11 interim audits reflect a continuation of the reduction over recent years in the number of significant (Category A) and moderate (Category B) audit findings. This reflects the general stability and maturity of the control regimes in the majority of agencies and actions taken by agencies to address prior year audit findings.

24. As noted above, our audits do, however, continue to identify control weaknesses in a number of areas particularly relating to: the management of inventory and assets, including stocktakes; controls relating to business systems; the management of user access to key financial systems; and business continuity management.

25. Generally, agencies have been positive and timely in their response to ANAO audit findings.

26. A summary of the trend in Category A and B audit findings between 2009–10 and 2010–11 is outlined below:

• there was one agency with Category A audit findings in 2010–11 and three agencies in 2009–10;
• the total number of Category A audit findings in 2010–11 is three, the same number as in 2009–10;
• the total number of Category B audit findings across all agencies decreased from 52 in 2009–10 to 31 in 2010–11; and
• there was a decrease in the number of Category B audit findings in 12 agencies; three showed an increase; the number of Category B audit findings in one agency remained the same as in 2009–10; and 11 agencies had no Category B findings in either 2009–10 or 2010–11.

27. A summary of Category A and B audit findings by agency is provided in Table 5.1 in Chapter 5.

Future audit coverage

28. The ANAO will complete its assessment of the effectiveness of internal controls for the full financial year and its coverage of all areas of audit focus for each agency as part of the final audit of agencies’ financial statements. The results of this work will be reported in the ANAO’s end of year report to be tabled in December this year.

Footnotes

[1] The Finance Minister’s Orders (FMOs) made by the Minister for Finance and Deregulation set out the requirements for the preparation of financial statements of all reporting entities covered by the Finance Management and Accountability Act 1997 and the Commonwealth Authorities and Companies Act 1997.

[2] The Fraud Control Plan for the Department of Regional Australia, Regional Development and Local Government (DRARDLG) was in draft form at the time of our audit.

[3] The ANAO rates its audit findings according to a risk scale. Audit findings that pose a significant business or financial management risk to the entity are rated as ‘A’. Findings that pose a moderate business or financial management risk are rated as ‘B’. Findings that pose a low business or financial management risk are rated as ‘C’.