Introduction

1. The Auditor-General Act 1997 establishes the mandate for the Auditor-General to undertake financial statement audits of all Australian Government entities including those of non-corporate Commonwealth entities, corporate Commonwealth entities and Commonwealth companies.

2. The preparation of audited financial statements in compliance with the Australian Accounting Standards and other requirements prescribed by the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015¹ is a key element of the financial management, governance and accountability regime applicable to Australian Government entities. It is generally accepted in both the private and public sectors that a good indicator of the effectiveness of an entity’s financial management is the timely finalisation of its annual financial statements, accompanied by an unmodified audit opinion. Australian Government entities, in cooperation with the Australian National Audit Office (ANAO), devote considerable effort to achieving such an outcome.

3. Financial statement audits are an independent examination of entities’ financial statements and the results of the examination are presented in an auditor’s report. This report expresses the auditor’s opinion on whether the financial statements as a whole, and the information contained therein, fairly present each entity’s financial position and the results of its operations and cash flows. The accounting treatments and disclosures reflected in the financial statements by the entity are assessed against relevant accounting standards and legislative reporting requirements.

4. Under section 43 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act), the Auditor-General is required to report each year to the relevant Minister on whether the financial statements of entities² comply with the accounting standards and any other requirements prescribed by the FRR, and present fairly the entity’s financial position, financial performance and cash flows.

5. To assist entities to manage their responsibilities, the ANAO periodically publishes better practice guides on a range of aspects of public administration. In 2014–15, the ANAO has published three Better Practice Guides: Successful Implementation of Policy Initiatives; Public Sector Audit Committees: Independent assurance and advice for Accountable Authorities; and Public Sector Financial Statements: High-quality reporting through good governance and processes. Better Practice Guides are well received by entities and contribute to entities maintaining the maturity of their internal control systems and enhancing their performance.

6. The interim phase of the audit of entities, the focus of this report, encompasses a review of governance arrangements related to entities’ financial reporting responsibilities, and an examination of relevant internal controls, including information technology system controls. The ANAO’s examination of these areas is designed to assess the reliance that can be placed on entities’ internal controls to produce complete and accurate information for financial reporting purposes.

7. The audit findings in this report have been reported to the management of each entity and to the responsible Minister(s).

Developments in financial reporting and auditing frameworks

8. The most significant change to Australian Accounting Standards applicable to reporting periods commencing on or after 1 January 2015 is the new standard AASB 1055 Budgetary Reporting. AASB 1055 requires Commonwealth entities to compare their financial results to the original budgets as presented to the Parliament, and to explain major variances in their financial statements.

9. Other changes, that will take effect from 2016–17, include extending related party disclosures currently applicable to the private sector to not-for-profit public sector entities, and improving the quality of disclosures by clarifying entities are only required to disclose information relevant to users of their financial statements. The ANAO Better Practice Guide Public Sector Financial Statements, published in March 2015, includes a discussion and associated examples designed to assist entities improve the presentation of financial statements by omitting information that is not relevant or useful to users.

10. A proposed change to the Australian Auditing Standards is the introduction of ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report. This standard will apply to audits of the financial statements of listed entities and also to circumstances when the auditor otherwise decides or is required by law to communicate key audit mattes in the auditor’s report. The standard proposes to enhance the value of the auditor’s report by providing greater transparency and assisting users to understand the entity and areas of significant management judgement in the financial statements. This change is proposed to apply for reporting periods ending on or after 15 December 2016 and the ANAO will give consideration to applying the standard to the audits of the more significant Australian Government entities.

Summary of audit results

Internal control in entities³

11. A central element of the ANAO’s financial statement audit methodology, and the focus of the interim phase of ANAO audits, is a sound understanding of an entity’s responsibilities and internal controls. This understanding informs our audit approach, including the reliance we may place on entity systems to produce financial statements that are free from material misstatement. To do this, the ANAO uses the framework contained in the ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment. The key elements of internal control, as discussed in ASA 315, are the control environment; the risk assessment process; the information system, including the related business processes relevant to financial reporting and communication; control activities; and monitoring of controls.

Control environment

12. The ANAO assesses whether an entity’s control environment includes measures that contribute positively to sound corporate governance in the context of the preparation of an entity’s financial statements. These measures should be designed to mitigate identified risks of material misstatement in the financial statements, and reflect the specific governance requirements of each entity.

13. The ANAO observed that entities have in place mature financial control environments designed to provide a sound basis for the effective preparation of the entity’s financial statements. Audit committees, in particular, continue to have a positive influence on the effectiveness of entities’ control environments particularly in the areas of risk assessment, legislative compliance and financial system controls.

Risk assessment process

14. An understanding of an entity’s risk assessment processes is an essential element of the ANAO’s financial statement audits. Entities are expected to manage the key risks specific to their environment and the interim audit phase includes a review of controls relating to risks that may have a material impact on entities’ financial statements. Generally, the ANAO found that entities have established formal risk assessment processes, reviewed by audit committees or a separate committee with specific responsibilities for risk.

15. An important element of the risk assessment process common to all entities is fraud control management. All major entities have fraud control plans and have formal processes for updating, reviewing and monitoring these plans.

Information system

16. Information technology facilitates the way in which Australian Government entities operate, and supports the business processes that deliver services to the Australian community.

17. Consistent with past practice, during the 2014–15 interim audits, the ANAO assessed the design and operation of key IT controls to determine the effectiveness of these controls and their impact on reducing risks affecting the integrity of financial information presented in entities’ financial statements.

18. The majority of IT controls continued to be well maintained by most entities during 2014–15. This includes IT controls in relation to change management, IT security governance and monitoring and financial management information system and human resources management information master file maintenance. There has, however, been an increase in the number of entities where improvements were warranted in the management of privileged and other user access to key financial business systems. While business continuity and disaster recovery plans were also generally well designed and testing of these arrangements had been undertaken, changes in organisational and system arrangements that are occurring in the Australian Public Sector will require entities to be alert to the need to review, and as necessary revise, these plans.

Control activities

19. The results of the 2014–15 interim audit phase indicated that, overall, control activities relating to financial and accounting processes have continued to be maintained at an effective level, and there has been a small decrease in the total number of audit findings compared with 2013–14.

20. A total of 129 category A, B, C and L1 findings⁴ were identified in the 2014–15 interim audit phase, with the majority of these findings posing a low business or financial management risk, a small decrease compared with the 135 findings identified in 2013–14. Within this total number of findings, there was also a decrease in the combined number of significant and moderate findings discussed further at the entity level in chapter 5 of this report. Common control issues identified by the audits related to areas such as IT general and application controls, the management of non-financial assets and the effectiveness of quality assurance and compliance processes.

21. The ANAO continues to include an assessment of compliance in relation to annual appropriations, special appropriations, special accounts and the investment of public moneys in its financial statement audits, as a result of interest shown by the Joint Committee of Public Accounts and Audit in past years. The 2014–15 interim audits continued to identify a high level of compliance in these areas, although actual or potential breaches of section 83 of the Constitution⁵ continue to be identified by a number of entities. At the time of the 2014–15 interim audits, risk assessments by a number of entities in relation to potential section 83 breaches were in progress. This matter is discussed at paragraphs 3.17 to 3.30 of chapter 3 of this report.

Monitoring of controls

22. Entities’ arrangements for the monitoring of controls include quality assurance arrangements, internal and external reviews, control self-assessment processes, and internal audit. In particular, all entities have in place arrangements to enable Accountable Authorities to provide an annual Compliance Report⁶.

Entity audit findings

23. Entity control regimes overall continue to be stable and well maintained and entities have generally addressed prior year audit findings in a timely manner. The Machinery of Government changes that took place in December 2014 have required some entities to review their governance and operating arrangements, in addition to the continuing effects of the September 2013 Machinery of Government changes, resulting in some delays in the completion of planned audit coverage as part of the 2014–15 interim audit phase. A sustained effort will be required by the entities concerned and the ANAO to ensure that the 2014–15 financial statements are prepared and audited in a timely manner.

24. However, as noted above, audits continue to identify control weaknesses in a number of areas such as IT general and application controls, particularly the management of privileged and other user access to key financial business systems; non-financial assets management, including the timely capitalisation of assets to enable the accurate calculation of depreciation, the maintenance of complete and accurate asset registers and the appropriateness of impairment assessments; and the effectiveness of quality assurance and compliance processes.

25. Generally, entities have been positive and timely in their response to ANAO audit findings.

26. The following summary outlines the trend in category A, B and L1 audit findings between 2013–14 and 2014–15 reported at the completion of the interim audit phase. There were:

• two category A findings reported for two entities in 2014–15, an increase on nil reported during 2013–14;
• twenty category B audit findings across 12 entities in 2014–15. This is a decrease from 26 findings reported in 2013–14. Five entities decreased their number of category B audit findings; four showed an increase; six remained constant; and eight entities had no category B findings in either 2013–14 or 2014–15; and
• twelve category L1 findings reported in 2014–15 compared to 15 in 2013–14.

27. A summary of category A, B and L1 audit findings by entity is provided in table 5.1 in chapter 5 of this report.

Future audit coverage

28. In completing the audits of entities’ 2014–15 financial statements, the ANAO will complete its assessment of the effectiveness of internal controls and areas of audit focus in each entity. The summary results of this work is expected to be reported by the ANAO in December 2015.

Background

1.1 In addition to undertaking financial statement audits of individual entities, the ANAO tables two reports annually that summarise the findings of the financial statement audits of public sector entities. These reports also discuss contemporary issues and practices affecting public sector entities’ financial reporting responsibilities and the ANAO’s responsibilities. This report outlines the ANAO’s assessment of the internal controls of major entities, including governance arrangements, information systems and control procedures. The findings summarised in this report are the results of the interim phase⁷ of the financial statement audits of 23 major General Government Sector⁸ (GGS) entities that represent some 95 per cent of total GGS revenues and expenses.

1.2 In reporting on the results of the interim phase of the financial statement audit program, the ANAO is providing assurance to the Parliament that the systems, controls and processes that are in place in major Australian Government entities are operating in a way that allows entities to prepare financial statements that present fairly their financial position, performance and cash flows at financial year end.

1.3 The audit coverage undertaken forms an integral part of the ANAO’s audit of the 2014–15 financial statements of these entities. This report includes reference to issues that pose a significant or moderate business or financial risk to the entity and other issues requiring attention by entity management.

1.4 At the individual entity level, a report on the results of the audit is provided to each entity chief executive and audit committee. Audit activity can act as a catalyst for improvement and provide a stimulus to entity management for the resolution of issues, where this is warranted.

1.5 The preparation of financial statements in compliance with the Australian Accounting Standards and other requirements prescribed by the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015⁹ is a key element of the financial management and accountability regime applicable to Australian Government entities. It is generally accepted in both the private and public sectors that a good indicator of the effectiveness of an entity’s financial management is the timely finalisation of its annual financial statements, accompanied by an unmodified audit opinion. Australian Government entities, in cooperation with the ANAO, devote considerable effort to achieving timeliness in financial reporting.

Report structure

1.6 The report is organised as follows:

• Chapter 2 discusses a number of recent developments in accounting and auditing requirements and, in doing so, provides an overview of changes impacting the Australian Government’s reporting and accountability frameworks.
• Chapter 3 provides summary observations relating to various elements of entities’ internal controls (including the control environment, the risk assessment process, the information system, control activities and monitoring of controls). This chapter also includes a discussion of audit findings over the period 2011–12 to 2014–15.
• Chapter 4 outlines findings relating to the audit of Information Technology (IT) systems, focusing on the IT control environment, IT security and application controls in financial management and human resource management information systems. There is also a discussion of business continuity and disaster recovery arrangements.
• Chapter 5 outlines, for each entity covered by this report, details of business operations that influence financial statement audit coverage; governance arrangements relevant to the entity’s financial statements; areas of audit focus; and any significant and moderate audit issues identified during the 2014–15 interim audit phase. The chapter is structured in accordance with the portfolio arrangements established by the Administrative Arrangements Order (AAO) of 23 December 2014.

Acknowledgements

1.7 Based on the work completed during the interim audit phase, the ANAO is well placed to complete the audit program following the preparation by entities of their financial statements after the close of the 2014–15 financial year. This is due to the commitment and application of the staff of the ANAO. The contribution and cooperation of Chief Finance Officers, other entity staff, and the key role undertaken by audit committee members is also greatly appreciated.

Introduction

2.1 The Australian Government’s financial reporting and auditing frameworks are based, in large part, on standards made independently by the Australian Accounting Standards Board (AASB) and the Australian Auditing and Assurance Standards Board (AUASB). These frameworks are designed to support decision‐making by, and accountability to, the Parliament. The financial reporting and auditing frameworks that applied in 2014–15 are illustrated in appendices 2 and 3 of this report.

2.2 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB). Because IFRS are designed primarily for use by for‐profit organisations, the AASB amends the IFRS to reflect significant transactions and events that are particularly prevalent in the public and not‐for‐profit private sectors. In doing so, it takes into account standards issued by the International Public Sector Accounting Standards Board. The Finance Minister prescribes additional financial reporting requirements for Australian Government entities; from 2014–15 these are contained in the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (FRR). This rule is made under the Public Governance, Performance and Accountability Act 2013 (PGPA Act) which came into full effect on 1 July 2104. This Act sets out the responsibilities of Commonwealth entities and Commonwealth companies to prepare annual financial statements and the requirements for the audit of the financial statements by the Auditor-General. The Act also requires the Finance Minister to prepare annual consolidated financial statements and for these to be audited by the Auditor-General.

2.3 The most significant change to Australian Accounting Standards effective from 2014–15 is the new standard AASB 1055 Budgetary Reporting. Other changes, that will take effect from 2016–17, include related party disclosures by not-for-profit public sector entities and measures to improve the quality of disclosures.

2.4 Major developments in accounting standards internationally continue to be a significant driver of changes to Australian Accounting Standards. At the international level, a new standard on the accounting for leases is expected to be released later in 2015.

2.5 The audits of the financial statements of Australian Government entities are conducted in accordance with ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997. The ANAO Auditing Standards incorporate, by reference, the auditing standards made by the AUASB. The AUASB bases its standards on those made by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting board of the International Federation of Accountants.

Recent changes to the Australian public sector reporting framework

Budgetary Reporting

2.6 The Australian Government prepares its financial statements under AASB 1049 Whole of Government and General Government Sector Financial Reporting. AASB 1049 requires governments to compare their financial results to the original budgets as presented to the Parliament, and to explain major variances.

2.7 In March 2013, the AASB issued AASB 1055 Budgetary Reporting, extending the budget reporting requirements to all not-for-profit entities in the General Government Sector. This standard applies to reporting periods beginning on or after 1 July 2014.

Transactions with Related Parties

2.8 AASB 124 Related Party Transactions requires an entity to disclose transactions with its related parties. AASB has recently extended the application of this standard to all not-for-profit public sector entities. These entities will be required to identify and disclose related parties transactions, such as those with key management personnel, including Ministers. This new requirement applies to reporting periods beginning on or after 1 July 2016.

Improving the quality of disclosures

2.9 There are ongoing initiatives by both Australian and international standard setters to reduce the volume and complexity of disclosures in financial statements to make them more useful to users. In 2014, the AASB published a staff paper¹⁰ proposing ways in which entities can remove unnecessary clutter from their financial statements. More recently, the AASB amended AASB 101 Presentation of Financial Statements as a result of the IASB’s project to improve disclosures. The amendments clarify that entities are only required to disclose information that is relevant to users of their financial statements. The amendments apply to reporting periods beginning on or after 1 January 2016.

2.10 The ANAO supports initiatives that reduce the compliance workload of Australian Government entities and make financial statements easier to read, while preserving sufficient disclosures to satisfy the needs of the Parliament. The ANAO Better Practice Guide Public Sector Financial Statements, published in March 2015, includes a discussion and associated examples designed to assist entities to improve the presentation of financial statements.

Future changes to the public sector reporting framework

2.11 Further changes to the financial reporting framework are expected over the next few years, as projects by Australian and international accounting standard setters lead to new accounting standards for both the public and private sectors.

2.12 Projects specific to the public sector include: fair value disclosures; reporting of service performance information; and new accounting requirements for grants, taxes and appropriations. Projects aimed primarily at the private sector, but with public sector implications, include the continuing initiative to improve the quality of disclosures, and major revisions to lease accounting.

Recent changes to the Australian auditing framework

2.13 As previously mentioned, the AUASB uses International Standards on Auditing as the primary basis for the Australian Auditing Standards. In making its standards and guidance, the AUASB consults formally with organisations representing stakeholders, including users of financial statements, regulators and the accounting profession. The consultative processes are scheduled so that the AUASB can consider stakeholder views in making submissions on proposals from the IAASB. The AUASB also works closely with the New Zealand Auditing and Assurance Standards Board to facilitate harmonisation of auditing and assurance standards in Australia and New Zealand.

2.14 During 2014–15 there were no major changes to existing standards or new standards issued by the AUASB related to the audit of financial statements.

Future changes to the Australian auditing framework

Auditor reporting

2.15 In April 2015, the AUASB released an exposure draft Reporting on Audited Financial Reports – New and Revised Auditor Reporting Standards and Related Conforming Amendments, following the release of new and revised standards by the IAASB. The major change proposed is the introduction of a new standard, ASA 701, Communicating Key Audit Matters in the Independent Auditor’s Report. This standard will apply to audits of the financial statements of listed entities and also to circumstances when the auditor otherwise decides or is required by law to communicate key audit matters in the auditor’s report.

2.16 The purpose of communicating key audit matters is to enhance the value of the auditor’s report by providing greater transparency about how the audit was performed. Communicating key audit matters provides additional information to intended users of the financial statements to assist them in understanding those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements. It may also assist intended users to understand the entity and the areas of significant management judgment in the financial statements.

2.17 This change is proposed to apply for reporting periods ending on or after 15 December 2016. The ANAO will give consideration to applying these standards to the audits of the more significant Australian Government entities.

Other changes to the auditing standards

2.18 The auditing standard-setting Boards are also working on other new and revised standards, including in relation to the auditor’s responsibility for other information published with the audited financial statements, the auditing of financial statement disclosures and the audits of special purpose financial reports.

Conclusion

2.19 Ongoing developments in accounting and auditing frameworks and standards continue to have an impact on the financial reporting responsibilities of public sector entities and on the ANAOʹs auditing methodology. The ANAO will continue to assist Australian Government entities through client seminars and publications that explain new regulatory and accounting requirements.

2.20 The only major change in Australian Accounting Standards for the public sector during 2014–15 was the introduction of AASB 1055 Budgetary Reporting. However, significant changes to the financial reporting framework are under way, both in Australia and internationally.

2.21 The proposed changes to auditor reporting of key audit matters, while not currently directed to the public sector, indicate a clear trend towards enhanced reporting by auditors, which the ANAO will monitor closely for application to the audits of the more significant Australian Government entities.

Introduction

3.1 Accountable Authorities¹¹ of General Government Sector (GGS) entities subject to the PGPA Act are required to prepare annual financial statements and present them to the Auditor-General for audit.¹² For large entities, the audit is conducted in two main phases, interim and final. The interim phase focuses on an assessment of entities’ key internal controls; in the final audit phase the ANAO completes its assessment of the effectiveness of key controls for the full year, substantively tests material balances and disclosures in the financial statements, and finalises its audit opinion on the entities’ financial statements. This report focuses on the results of the interim audit phase of the 2014–15 financial statement audits of all portfolio departments and other major General Government Sector entities that collectively represent some 95 per cent of total GGS revenues and expenses.

3.2 Accountable Authorities are also required to govern their entity in a way that promotes the proper use and management of public resources, the achievement of the purposes of the entity and the entity’s financial sustainability.¹³ This requires the development and implementation of effective corporate governance arrangements and internal controls designed to meet the individual circumstances of each entity and to assist in the orderly and efficient conduct of its business and compliance with applicable legislative requirements, including the preparation of annual financial statements that present fairly the entity’s financial position, financial performance and cash flows.¹⁴

3.3 The overall objective of an audit of an entity’s financial statements, as identified in the Australian Auditing Standards, is to form an opinion on whether the financial statements, in all material¹⁵ respects, are in accordance with the Australian Government financial reporting framework.¹⁶ In planning the audit, audit procedures are designed to achieve reasonable assurance that the financial statements taken as a whole are free from material misstatement, whether due to fraud or error. The auditor is concerned with material misstatements, and is not responsible for the detection of misstatements that are not material to the financial statements taken as a whole.¹⁷

3.4 A central component of the ANAO’s financial statement audit methodology, and the focus of the interim phase of our financial statement audits, is a sound understanding of the entity and its environment, including its internal controls, as they relate to the preparation of the financial statements. This enables the ANAO to make a preliminary assessment of the risk of material misstatement in an entity’s financial statements and to plan an audit approach to reduce audit risk to an acceptable level. The ANAO evaluates an entity’s key internal controls to assess its capacity to prevent and detect errors that may result in a material misstatement of the financial statements. In doing so, the ANAO recognises that the reliability of business processes, accounting records and financial systems can be enhanced through effective internal controls, and this influences the timing and extent of audit work required.

3.5 The auditor’s understanding of the entity, its environment and its internal controls, helps the auditor design the work needed and respond to significant risks that bear on financial reporting.¹⁸ Broad areas of audit focus determined as a result of this planning approach are discussed in chapter 5 for each entity covered by this report.

3.6 In accordance with generally accepted auditing practice, the ANAO accepts a low level of risk that the audit procedures will fail to detect that the financial statements are materially misstated. This low level of risk is accepted because it is too costly to perform an audit that is predicated on no level of risk. Specific audit procedures are performed to ensure that the risk accepted is low. These procedures include, for example, obtaining knowledge of the entity and its environment, reviewing the operation of internal controls, undertaking analytical reviews, testing a sample of transactions and account balances, and confirming significant year end balances with third parties.

Internal control

3.7 The ANAO uses the framework in ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment to consider the impact of different elements of an entity’s internal controls on the design and conduct of an audit. These elements, as detailed in ASA 315¹⁹, are the:

• control environment;
• entity’s risk assessment process;
• information system, including the related business processes, relevant to financial reporting, and communication;
• control activities relevant to the audit; and
• monitoring of controls.

3.8 This chapter discusses each of these elements and outlines our observations in relation to each one, based on our review of relevant aspects of each entity’s control environment and the results of our interim audits. As such it includes, where relevant, summary comments on category A, B, C and L1 audit findings.²⁰

Control environment

3.9 An entity’s business and operations influence the control environment, which needs to be carefully reviewed as part of the audit process when assessing the risk of material misstatement in financial systems and reports. ASA 315 at paragraph A76 states:

The control environment includes the governance and management functions and the attitudes, awareness, and actions of those charged with governance and management concerning the entity’s internal control and its importance in the entity. The control environment sets the tone of an organisation, influencing the control consciousness of its people.

3.10 In conducting an audit of an entity’s financial statements, the ANAO focuses on specific elements of the control environment. In doing this, the ANAO establishes whether the environment in place comprises elements that contribute positively to establishing a foundation for effective internal control, and whether it minimises both financial and non-financial risks to the entity. This judgement has a major influence on the way that the audit is conducted, including the amount of audit work needed to form the audit opinion. Generally, the main elements reviewed are:

• governance arrangements—including the framework within which an entity’s activities for achieving its objectives are planned, executed, controlled and reviewed;
• audit committee arrangements—including the arrangements in place to meet the committee’s assurance role, including as a forum for communication between management and internal and external audit;
• assurance arrangements—including the internal audit function and quality assurance systems and processes;
• systems of authorisation, recording and procedures—designed to ensure that transactions are processed, recorded and accounted for correctly, including the assignment of appropriate authority and that responsibilities and compliance arrangements accord with applicable legislative requirements; and
• a financial performance management regime—that involves the preparation of financial reports, including comparison of actual results to budgets, variance analysis and relevant commentary to provide assurance about the financial performance of the entity.

3.11 The ongoing performance and effectiveness of these measures can make a significant contribution to the level of assurance that an entity’s management and, in turn, the ANAO obtains for financial statement purposes.

Observations

3.12 Entities generally have mature governance arrangements in place to provide direction, guidance and control over the financial management of their organisations²¹. Executive management committees met regularly to plan and monitor strategic direction and financial performance. Each entity produces a corporate plan or similar document that outlines the entity’s goals and objectives, and thereby facilitates measuring entities’ progress in meeting them. Accountable Authorities, their senior management group, and governance committees such as audit or risk committees, continued to give attention to financial and risk management, including entity control environments.

3.13 The audit committee arrangements of entities are well-established. These include a formal charter that outlines each committee’s composition, roles, responsibilities and reporting lines, and processes for the regular reporting to the Accountable Authority and the periodic self-assessment of performance. The requirements for audit committee arrangements are set out in the Public Governance, Performance and Accountability Rule 2014, section 17.

3.14 To provide guidance to entities on the composition and role of the audit committee following the implementation of the PGPA Act, the ANAO issued a Better Practice Guide Public Sector Audit Committees: Independent assurance and advice for Accountable Authorities in March 2015.

3.15 Under the PGPA Act, all entities were required to establish Accountable Authority Instructions (AAIs). The ANAO observed that all entities had established AAIs, and in line with the requirements of the PGPA Act established processes to facilitate the review of those AAIs periodically, with the objective of ensuring that they remain relevant. In addition, the ANAO observed that all delegations and authorisations were updated to reflect the new financial management framework that came into full effect on 1 July 2014.

3.16 Consistent with previous years, consideration of the financial position regarding current and future operations is included on the agenda of entities’ executive management meetings. Periodic financial performance reports to entities’ executives included budget forecasts and commentary on performance. The financial information provided to the entities’ executives was generally supplemented by non-financial operational information, to provide a balanced view of performance.

Legislative compliance

3.17 As previously mentioned, the financial framework for the Australian Government entities included in this report is established by the PGPA Act and its subsidiary legislation. The key feature of the framework is that the Accountable Authority of each entity is responsible for the financial management of their entity, including compliance with applicable laws and associated policies.

3.18 In reviewing an entity’s control environment, the ANAO assesses whether management has established adequate controls to enable the entity to comply with key aspects of the financial framework.

3.19 In more recent years, the ANAO has increased its focus on legislative compliance as part of its financial statement audit coverage. This recognises the importance of the authority that the Parliament has conveyed to the executive government in relation to these arrangements and the concerns expressed by the Joint Committee of Public Accounts and Audit in the past in relation to legislative compliance by entities.

3.20 The coverage by the ANAO involves assessing key aspects of legislative compliance in relation to annual appropriations, special appropriations, special accounts and the investment of public monies. Audit testing includes confirming the presence of key documents or authorities, and testing of relevant transactions directed at obtaining reasonable assurance about entities’ compliance with these key components of the financial management framework. ANAO audits also review the results of compliance self-assessment processes and other reviews undertaken in the context of entities’ compliance responsibilities that involve the annual reporting to the Finance Minister of any known breaches of the financial management framework.

Observations

3.21 As in previous years, overall, the ANAO identified a high level of compliance in these areas, except in respect of potential or actual breaches of section 83 of the Constitution, which is discussed at paragraphs 3.27 to 3.30 below.

3.22 The 2014–15 interim audits identified that, generally, entities continue to maintain updated listings of the laws, regulations and associated government policies that are relevant to their responsibilities. Entities also have well-established processes to monitor compliance with legislation to enable Accountable Authorities to provide an annual report on compliance (Compliance Report) to their Minister and the Finance Minister.

3.23 Generally, audit committees are responsible for reviewing the effectiveness of legislative compliance arrangements, particularly in relation to financial management requirements. An entity’s internal audit function often assists with the monitoring of these arrangements.

3.24 Entities also have established a variety of mechanisms to communicate the importance of compliance with legislation through documents such as AAIs, corporate plans, fraud control plans and delegation instruments. These mechanisms support entities in meeting their responsibilities under the PGPA Act, and facilitating the annual Compliance Report process.

3.25 Entities’ reporting of legislative compliance with the Australian Government’s financial management framework was first established in 2006–07 to improve compliance and ensure that Ministers are kept informed of compliance issues within their Portfolios. This requirement has been carried forward under the PGPA Act, with Accountable Authorities required to certify to their portfolio Minister the entity’s compliance with the components of the Government’s financial management framework for the previous financial year.

3.26 As part of the 2014–15 interim audits the ANAO reviewed entities’ progress in addressing the risk of breaches of section 83 of the Constitution.

Section 83 of the Constitution

3.27 Section 83 of the Constitution provides that no money shall be drawn from the Treasury of the Commonwealth except under appropriation made by law. The effect of section 83 is that all spending by the executive government from the Consolidated Revenue Fund must be in accordance with an authority given by the Parliament. Breaches of section 83 can occur when conditions legislated by the Parliament are not met before payments are made from special appropriations and special accounts. In these circumstances the payments may be made without a valid appropriation. This includes situations where an administrative error such as a duplicate payment occurs, even if the overpayment is able to be recovered.

3.28 Potential breaches can take many forms, including:

• a payment or overpayment made as a result of an error, including payments made based on incorrect or inaccurate information used in assessing payment eligibility; or
• a payment made despite certain legislative preconditions, such as those that regulate an entitlement to a payment, not being fulfilled.

3.29 As reported in ANAO Audit Report No.16 2014–15 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2014, the 2013–14 financial statements of 15 entities, including 14 of the entities covered by this report, included a reference to potential or actual breaches of section 83 of the Constitution. The auditors’ reports on the financial statements of these entities contained a report on other legal and regulatory requirements which drew attention to these disclosures due to their importance in a public sector context, but the audit opinions were unqualified as the financial statements fairly represented the financial operations and position of the entity at year end.²²

3.30 As part of the 2014–15 interim audits, the ANAO reviewed progress made by entities in assessing the ongoing risk of breaches of section 83 of the Constitution and actions taken to address these risks. Chapter 5 of this report includes details of these reviews for relevant entities.

Shared services arrangements

3.31 The increasing utilisation of shared services arrangements in entities can have important implications on the control environment of both entities providing these arrangements and those entities purchasing services.

3.32 Within the Australian Government, shared services arrangements can differ in size and scope, ranging from the clustering of a particular business function or activity with one or more entities, to larger scale operations involving all support functions being centralised with a single shared services provider. The shared services provider can be a Commonwealth entity, a contracted third party, or a combination of both. These arrangements can at times represent a significant portion of the business operations of an entity.

3.33 Government shared services arrangements can support efficient and well managed business services, including in relation to information technology services where methods such as internet based solutions provide increased flexibility for entities. Such arrangements have the potential, if well managed, to deliver overall savings in providing government services, and allow for the implementation of more uniform operational controls.

3.34 At the time of our interim audit work, 13 of the 23 entities covered by this report were providers of shared services, six entities were purchasers and some entities operated as both providers and purchasers. Of the 13 entities providing shared services, ten advised the ANAO they had plans to expand the number of purchasers and seven of these were actively seeking further purchasers of shared services. Three of the six entities using shared services expected to purchase additional shared services.

3.35 Based on a review of information provided by entities, including governance and policy documentation covering shared services arrangements, the ANAO observed that increased management attention may be required in some entities to ensure there are sound agreements in place between providers and purchasers that clearly outline respective governance arrangements and responsibilities, costing arrangements, performance standards and mechanisms for the review and reporting of performance against these standards.

3.36 From a financial statement perspective, our enquiries also reinforced that financial statement preparation can be put at risk if entities do not have in place appropriate governance arrangements and well-designed system controls to mitigate the risk of difficulties arising during the preparation of financial statements by entities utilising shared services arrangements. These, and a number of other measures that can mitigate the risk of difficulties arising during the preparation of financial statements by entities utilising shared services arrangements, are discussed in the ANAO’s Better Practice Guide Public Sector Financial Statements23.

Risk assessment process

3.37 An understanding of an entity’s risk assessment process is essential to an effective and efficient financial statement audit. The ANAO reviews how entities identify risks relevant to their financial statements, how these risks are managed and considers the risk of material misstatement of an entity’s financial statements.

3.38 The ANAO found that entities generally had well established arrangements in place for developing and updating risk management plans at the organisational and work area levels. The risk assessments of most entities also included consideration of the risks relevant to financial statement preparation. The process is generally reviewed by the entity’s audit committee or a separate committee with specific responsibility for risk management.

Fraud control management

3.39 The Commonwealth Fraud Control Framework outlines the principles for fraud control within the Australian Government and sets minimum standards to assist entities in carrying out their responsibilities to combat fraud²⁴ against their programs. The Framework consists of both binding and non-binding rules, policy and guidance including section 10 of the Public Governance, Performance and Accountability Rule 2014, the Commonwealth Fraud Control Policy, and the Resource Management Guide No. 201 Preventing, detecting and dealing with fraud.

3.40 The importance of entities establishing effective fraud control arrangements is recognised in section 10 of the Public Governance, Performance and Accountability Rule 2014 which specifies that Accountable Authorities must develop and implement a fraud control plan for their entity. The Framework requires entities to conduct fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity.

3.41 All entities are required to provide the Australian Institute of Criminology (AIC) with fraud control information on fraud against the Australian Government, and fraud control arrangements within Australian Government entities.

3.42 Unaudited data provided to the AIC for the year ended 30 June 2014 showed that:

• the Australian Federal Police accepted 76 referrals of fraud-related matters in 2013–14 and estimated the value of these referrals to be $304.4 million;
• 1 134 referrals for prosecution were made to the Commonwealth Director of Public Prosecutions, leading to 1 271 defendants prosecuted by the Commonwealth Director of Public Prosecutions in fraud type matters; and
• of those prosecuted in fraud type matters, 946 convictions for fraud were achieved, 13 defendants were acquitted and a further 312 matters resulted in other outcomes such as matters not proceeding or being withdrawn.

3.43 These results continue to highlight the risk of fraud and the importance of entities effectively managing their fraud control responsibilities.

3.44 An explanation of an auditor’s responsibility for preventing and detecting fraud is provided in Australian Auditing Standard ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report, which notes in paragraph 5:

An auditor conducting an audit in accordance with Australian Auditing Standards is responsible for obtaining reasonable assurance that the financial report taken as a whole is free from material misstatement, whether caused by fraud or error. Owing to the inherent limitations of an audit, there is an unavoidable risk that some material misstatements of the financial report may not be detected, even though the audit is properly planned and performed in accordance with the Australian Auditing Standards.

3.45 In considering the risks of material misstatement of the financial statements due to fraud, ASA 240 requires that a number of audit procedures be undertaken. These include making enquiries of entities regarding their risk assessment processes for identifying and responding to the risks of fraud, and the controls that management has established to mitigate these risks.

3.46 As with risk management plans, fraud control plans need to be reviewed regularly and updated when significant changes to roles or functions occur, so that they reflect an entity’s current fraud risk and control environment. There are benefits in entities assessing their fraud risks as part of their risk management processes.

Observations

3.47 ANAO enquiries, as part of the 2014–15 interim audits, identified that entities continue to recognise the importance of adhering to the Commonwealth Fraud Control Framework, with all entities having a fraud control plan. Entities also had a formal process for updating fraud control plans, and oversight and monitoring of fraud control strategies and initiatives.

Information system

3.48 An entity’s information system is used extensively for the processing of financial information that is used to prepare its financial statements. As a consequence, the review of each entity’s information system and its related controls forms a significant part of the ANAO audit examination of internal controls. Information system controls include entity-wide general controls that establish an entity’s IT infrastructures, policies and procedures, together with specific application controls that validate, authorise, monitor and report financial and human resource transactions.

Observations

3.49 The ANAO observed that the majority of entities had effective IT general controls and IT application controls that support the preparation of entities’ financial statements, although increased attention to the management of privileged and other user access was required in a number of entities. A discussion on the results of the ANAO’s review of information systems that underpin the financial transactions processing within major Australian Government entities is provided in chapter 4 of this report.

Control activities

3.50 Australian Auditing Standard ASA 315 at paragraph A96 states:

Control activities are the policies and procedures that help ensure that management directives are carried out.

3.51 The auditor is required to obtain an understanding of control activities relevant to the audit, being those that the auditor considers it is necessary to understand in order to assess the risks of material misstatement. Further audit procedures responsive to these risks then need to be designed.

3.52 To illustrate trends in audit findings, that generally relate to entities’ control environments, aggregate details of category A, B and C findings²⁵ over the last four years have been grouped into the following categories:

• IT control environment;
• purchases and payables;
• grant accounting;
• accounting and control of non-financial assets;
• revenues, receivables and cash management;
• human resource management processes; and
• other control matters.

Aggregate audit findings

3.53 Aggregate audit findings for the last four years, identified during our interim audit phases, are outlined in figure 3.1 below.

Figure 3.1: Aggregate audit findings – categories A, B and C

 

 

3.54 Over the last four years, the ANAO’s interim audits have identified around 495 audit findings.²⁶ Over this period, there has been a reduction in the total number of findings, with the majority being category C findings. There were two category A findings identified in 2014–15, up from nil in 2013–14. The number of category B findings decreased from 26 in 2013–14 to 20 in 2014–15 and category C findings increased from 94 in 2013–14 to 95 in 2014–15. The trend in the number of audit findings is reflected in the analysis of findings by category outlined below.

IT control environment

3.55 As mentioned above, the review of information systems and their related controls are an integral part of an entity’s internal control environment. The main components reviewed are: IT general controls that encompass an entity’s IT infrastructure, policies, procedures and standards that support accounting and business processes; and IT application controls that validate, authorise, monitor and report financial and human resource transactions.

3.56 The number of audit findings over the last four years is outlined in figure 3.2 below.

Figure 3.2: IT control environment – aggregate audit findings

 

 

3.57 Findings in relation to entities’ IT control environments represent some 33 per cent of all findings, with 165 findings in total over the four years. The ANAO has observed an overall improvement in the management of IT controls over the past four years. In particular, the number of category B findings decreased from 13 in 2013–14 to four in 2014–15.

3.58 Common issues noted for attention over the four years include controls to manage IT incidents and change management, the regular review and updating of change management processes, and the management of user access to key financial systems. The 2014–15 interim audits continued to identify the need for improvements in the management of FMIS and HRMIS privileged and other user access in a number of entities, and a number of instances of non-compliance with the requirements of the Protective Security Policy Framework and the Australian Government Information Security Manual²⁷.

3.59 A discussion on the results of the ANAO’s review of information systems that underpin the financial transactions processing within major Australian Government entities is provided in chapter 4.

Purchases and payables

3.60 The main component of purchases and payables is payments to suppliers, including contractor and consultancy expenses, lease payments and general administrative and utility payments. Payments to suppliers generally represent a significant percentage of total departmental expenses incurred by entities.

3.61 In 2013–14, the Consolidated Financial Statements, that include entities in the General Government Sector, reported total expenses for the payments of goods and services of $84.5 billion.

3.62 The main controls over purchases and payables which are given particular focus in our interim audits include: approval of the commitment and expenditure of public monies in accordance with delegations and authorisations; segregation of duties; controls to prevent duplicate payments; and controls over expenditure associated with credit cards and major contracts.

3.63 The number of audit findings over the last four years is outlined in figure 3.3 below.

Figure 3.3: Purchases and payables – aggregate audit findings

 

 

3.64 Over the last four years, entities’ controls over purchases and payables subject to audit review have been generally effective with a relatively small number of audit findings, representing some six per cent of total audit findings. The results of our 2014–15 interim audits continue to indicate effective controls in place over purchase and payables. The small number of category C issues identified related to controls over credit card expenditure and accounting for lease expenditure.

Grant accounting

3.65 Many entities administer grant programs that involve the provision of funds to eligible recipients in accordance with legislative and policy requirements. Grant recipients include state and local governments and community organisations.

3.66 To assist decision-makers and administering entities to understand, implement and comply with policy requirements and related guidance, the ANAO issued a Better Practice Guide Implementing Better Practice Grants Administration in December 2013.

3.67 The main controls over the accounting of grant expenditure include: approval of the commitment and expenditure of grants to eligible recipients; the payment of grants in accordance with funding agreements; and controls over grant acquittals. Our interim audit work assessed these control areas.

3.68 In 2013–14, the Consolidated Financial Statements reported total grant expenditure of $128.3 billion.

3.69 The number of audit findings over the last four years is outlined in figure 3.4 below.

Figure 3.4: Grant accounting – aggregate audit findings

 

 

3.70 Entities’ controls over the payment of grants have been generally effective, with a very small number of audit findings representing less than two per cent of total audit findings.

3.71 Audits of the general administration and the effectiveness of grant programs by entities are included in the ANAO’s performance audit program. These audits generally include: an examination of the design of the program to reflect policy intention and legislative requirements for the expenditure of public money; the processes by which grant applications are sought, received and assessed; and the monitoring and reporting arrangements undertaken to measure progress against the program objective.

3.72 ANAO performance audits continue to identify the need for an improvement in a number of aspects of the administration of grants by entities, including the establishment and application of clear eligibility requirements; appropriately documenting decisions relating to the assessment and selection of applicants; the monitoring of the delivery of programs and the management of funding agreements.²⁸

Accounting and control of non-financial assets

3.73 The accounting and control of non-financial assets represents an important aspect of entities’ financial management responsibilities. Entities control a diverse range of non-financial assets on behalf of the Commonwealth, with the main classes of assets being land and buildings, leasehold improvements, infrastructure plant and equipment, inventories and internally developed software.

3.74 In 2013–14, the Consolidated Financial Statements reported total non-financial assets of some $137.3 billion.

3.75 The main controls over assets that are given particular focus in our interim audits include: the approval of the commitment and expenditure of public monies in accordance with authorisations and delegations; reconciliations between the general ledger and subsidiary asset accounts; the maintenance of a reliable asset register that includes information about assets acquired, disposed of, and asset locations; physical security over assets including asset identification numbers; the appropriateness of depreciation rates and useful lives; approval of, and the accounting for, the disposal of assets; and the periodic conduct of stocktakes. The valuation of assets is covered as part of our final audit phase.

3.76 The number of audit findings over the last four years is outlined in figure 3.5 below.

Figure 3.5: Accounting and control of non-financial assets – aggregate audit findings

 

 

3.77 Over the last four years there have been 92 audit findings relating to the accounting and control of non-financial assets, representing approximately 19 per cent of the total number of audit findings. The results of our 2014–15 interim audits indicate a number of areas requiring improvement. These include issues relating to the timely capitalisation of assets to enable the accurate calculation of depreciation, the maintenance of complete and accurate fixed asset registers, and the appropriateness of impairment assessments.

Revenue, receivables and cash management

3.78 The main components of revenue and receivables consist of Parliamentary appropriations, taxation revenue, customs and excise duties and administered levies. Other revenue is also generated by entities from the sale of goods and services and a range of other sources including from interest earned from cash funds on deposit. Cash management involves the collection and receipt of public monies and the management of official bank accounts.

3.79 In 2013–14, the Consolidated Financial Statements reported total taxation revenues of $349.1 billion, and non-taxation revenues of $37.1 billion and reported cash holdings totalling $4.5 billion.

3.80 The main controls over revenue and receivables that are given particular focus in our interim audits include: policies for the recognition of revenue; the regular review of receivables and accounting for impairment; and the segregation of receipting and recording of cash functions.

3.81 The main controls over the management of cash that are given particular focus in our interim audits include: the approval to open and close bank accounts; the exercise of delegations; and the preparation of bank reconciliations on a regular basis.

3.82 The number of audit findings over the last four years is outlined in figure 3.6 below.

Figure 3.6: Revenue, receivables and cash management – aggregate audit findings

 

 

3.83 Over the last four years, the interim audits have identified that entities’ key controls over revenue, receivables and cash have generally been effective, with audit findings in respect of these areas representing seven per cent of total findings.

3.84 There has been no change in the total number of findings in 2014–15, with the issues identified continuing to mainly relate to cash reconciliation processes and the management of receivables.

Human resource management processes

3.85 Human resource management processes encompass the day-to-day management and administration of employee entitlements and payroll functions. The main components of employee expenses consist of salary and wages, leave and other entitlements, employer superannuation contributions, separation and redundancy payments and workers compensation expenses. These items represent the largest departmental expenditure for most entities. Employee entitlement liabilities, particularly relating to annual and long service leave, generally are one of the larger liabilities on an entity’s balance sheet.

3.86 In 2013–14, the Consolidated Financial Statements reported $45.1 billion in employee benefits expenses.

3.87 The main controls over human resource management processes that are given particular focus in our interim audits include: approvals over new employees; independent checks of employee salary and personnel details entered into the HRMIS; approval of changes of key HRMIS data; independent checks over payroll processes including leave entitlement calculations; the timely conduct and review of reconciliations; and the approval of leave and termination payments. To assist HR systems managers and practitioners to implement better practice the ANAO issued a Better Practice Guide Human Resource Management Information Systems: Risks and Controls in June 2013.

3.88 The number of audit findings over the last four years is outlined in figure 3.7 below.

Figure 3.7: Human resource management process – aggregate audit findings

 

 

3.89 Over the four year period, there have been 40 findings in this category, representing approximately eight per cent of total audit findings. There has been an increase in the number of category B audit findings reported in 2014–15 relating mainly to processes for the commencement and termination of employees, including quality assurance and review processes. The number of category C findings has consistently decreased over the four years from 13 in 2011–12 to six in 2014–15.

Other control matters

3.90 Our audits also include a review of entities’ general control environments, particularly when they impact on entities’ financial statements. Issues considered include such matters as: compliance and assurance processes; areas of estimation and judgement; the management of service level agreements and memoranda of understanding; risk management; and financial statements quality assurance processes.

3.91 The number of audit findings over the last four years is outlined in figure 3.8 below.

Figure 3.8: Other control matters – aggregate audit findings

 

 

3.92 There have been 125 findings in this category over the last four years, representing approximately 25 per cent of total audit findings. There has been an increase in all three findings categories from the previous year, with the most noticeable being two category A findings reported in 2014–15 compared to nil in 2013–14, and nine category B findings compared to four. These mainly related to quality assurance and compliance processes in programs involving significant expenditure. The details of these issues are discussed further in chapter 5. Common category C issues noted over the four years include control weaknesses across a range of business and quality assurance processes.

Monitoring of controls

3.93 Australian Auditing Standard ASA 315 at paragraph A106 states:

Monitoring of controls is a process to assess the effectiveness of internal control performance over time. It involves assessing the effectiveness of controls on a timely basis and taking necessary remedial actions. Management accomplishes monitoring of controls through ongoing activities, separate evaluations, or a combination of the two. Ongoing monitoring activities are often built into the normal recurring activities of an entity and include regular management and supervisory activities.

3.94 Entities undertake many types of activities as part of their monitoring of control processes, including external evaluation reviews, control self-assessment processes, post-implementation reviews and internal audits. The level of review of different types of activities by the ANAO is dependent on the nature of each entity. However, given the significance of the internal audit function to Australian Government entities, this function is reviewed by the ANAO each year to gain an understanding of its contribution to the overall control environment.

Internal audit function

3.95 In the public and private sectors, internal audit has long been recognised by better practice entities as a valuable resource, and entities have given internal audit a key role in their governance arrangements.

3.96 Internal audit is a key source of independent and objective assurance advice on an entity’s risk framework and internal control. Depending on the role and mandate of an entity’s internal audit function, it can play an important role in assessing the adequacy of both the financial systems that underpin an entity’s financial statements, and the preparation process.

3.97 To assist entities in the management of their internal audit functions, the ANAO issued a Better Practice Guide Public Sector Internal Audit in September 2012. The Better Practice Guide outlines the key characteristics of a well performing Internal Audit function. The presence of these characteristics will provide confidence and assurance to chief executives and, where relevant, Boards that those financial and operational controls, which manage organisational risks, are operating in an efficient and effective manner.

3.98 As part of its financial statement coverage, the ANAO reviews the activities of internal audit in accordance with Australian Auditing Standard ASA 610 Using the Work of Internal Auditors29. The ANAO approach takes into account the work completed by internal audit, and, where appropriate, reliance is placed on it to ensure an effective audit approach.

Observations

3.99 The ANAO observed that internal audit coverage is generally based on an internal audit plan that is aligned with entities’ risk management plans and includes a combination of audits that address assurance, compliance, performance improvements and IT systems reviews. In addition, recommendations from management, audit committees and external influences such as the ANAO work program are factors considered in the development of internal audit work plans.

3.100 Where appropriate, the ANAO places reliance on internal audit work with aspects of the work being used to determine the nature, timing and extent of the ANAO audit procedures. The extent of reliance varies between entities. Greater reliance is placed on internal audit work where the work is focused on financial controls and legislative compliance. The ANAO continues to encourage entities to identify opportunities for internal audit coverage of key financial systems and controls as a means of providing increased assurance to Accountable Authorities to support their expressing an opinion on the entity’s financial statements.

3.101 The ANAO also found that the internal audit functions of most entities are generally subject to periodic review by their respective audit committee and/or by external reviewers. These reviews are generally based on a balanced set of indicators to assess internal audit performance. At the time of the 2014–15 interim audits, those internal audit functions that had been reviewed had been assessed as generally providing a satisfactory service.

Conclusion

3.102 The results of our 2014–15 interim audits identified that the effectiveness of controls over finance and accounting processes in the majority of entities supports the production of reliable financial statement information, reflecting the general maturity of entities’ control environments, demonstrated by the decrease in category B findings. Nevertheless, there has been a small increase in category A and C findings arising from the 2014–15 interim audits compared to the number of these findings in 2013–14. Entities have an ongoing responsibility to monitor the effectiveness of their systems and related controls to be confident of the integrity of the financial information reported to management and in their annual financial statements.

Introduction

4.1 Information Technology (IT) systems facilitate the way in which Australian Government entities operate and support the business processes that deliver services to the Australian community. Accordingly, systems are required to be accurate, reliable, and sustainable.

4.2 The Australian Government has reported that total government IT expenditure in recent years has been between $5 billion and $6 billion per annum.

4.3 The business processes that support financial statement preparation and reporting also require the support of IT systems. As a result, an assessment of IT controls is a core component of the assessment of an entity’s control environment, and the financial statement audit process. The ANAO assesses both IT general controls³⁰ and application controls³¹ for significant financial systems.

4.4 The issues identified in this chapter are reported to entities as category B or C findings, with details of category B audit findings included in chapter 5 of this report.³² Aggregate findings relating to the IT control environment, including category C findings, are discussed at paragraphs 3.55 to 3.59 of chapter 3 of this report.

4.5 This chapter includes a discussion on trends observed in the four year period 2011–12 to 2014–15 in relation to a number of IT control categories. An assessment of business continuity and disaster recovery arrangements in entities³³ is also included.

IT control environment

4.6 The ANAO assesses the design, implementation and operation of key IT controls that are designed to ensure the integrity of financial information presented in entities’ financial statements. The ANAO undertakes this assessment each year in accordance with the Australian Auditing Standards. The accuracy, completeness and integrity of entities’ financial transactions and information are important considerations in formulating an entity’s overall audit risk profile and, as such, it is important that controls are well designed and operate effectively.

Changes to the IT control environment

4.7 As part of the overall audit approach, an assessment is made each year of significant changes to entities’ control environments. By its nature, the IT environment is subject to change and modification on a regular basis. For some entities, changes to their IT systems, applications and processes represent major business change initiatives. Such changes may have a significant impact on the underlying IT control environment.

Elements of the IT control environment

4.8 Table 4.1 outlines the elements of the IT control environment³⁴ assessed by the ANAO as part of the 2014–15 financial statement audits of the major entities covered by this report. The total number of entities can vary from year to year³⁵, with 23 entities reported in 2014–15.

Table 4.1: Elements of the IT control environment

Source: ANAO compilation

4.9 The charts and associated discussion that follow outline the ANAO’s assessment of the integrity of general IT controls and application controls, as categorised in table 4.1. The discussion of audit findings in these areas focusses on those controls where increased management attention was warranted in some entities.

General IT controls

4.10 General IT controls are the foundation of an entity’s IT control environment. These controls commonly relate to all information systems and establish the environment in which application systems and controls operate in an entity. The ANAO’s assessment of IT general controls focused on the controls present in the IT environment relevant to those systems that process financial transactions and information.

IT security management

4.11 The administration of government programs often involves entities managing, protecting, and preserving large amounts of financial and personal information. The integrity of such information can be threatened by an IT security event, and put at risk Commonwealth resources and the accuracy and completeness of an entity’s financial information. Some events can also pose a risk to the program, operational, and other responsibilities of entities, and may result in loss of public confidence.

4.12 IT security management is the primary mechanism used to protect information and information systems from unauthorised access, use, disclosure, modification, or destruction. The minimum standards for the protection of Australian Government information and data that entities must meet are outlined in the Protective Security Policy Framework (PSPF)³⁶ and the Australian Government Information Security Manual (ISM).³⁷

4.13 The ANAO assessed the following categories of IT security management that are fundamental to safeguarding the security and confidentiality of entities’ financial information:

• general user access management;
• systems privileged user access management;
• network security;
• security governance; and
• security monitoring and reporting.

Observations

4.14 A summary of the ANAO’s assessment of the effectiveness of security control categories within entities is provided in figure 4.1.

Figure 4.1: 2014–15 assessment of IT security management

 

 

4.15 Entities generally had effective³⁸ network security, security governance, and security monitoring and reporting. However, there were a significant number of entities where the management of general user and systems privileged user access management to systems required improvement.

4.16 Issues were identified in general user access management in 11 entities that warrant further management attention. In particular, the process of approval, establishment, monitoring and termination of user access to computer systems and networks requires improvement. The ANAO also identified six issues in entities in relation to systems privileged user access management. To ensure a range of specific tasks are able to be performed, privileged users have additional access rights to computer systems and the broader information technology environment. To minimise the risk of inappropriate systems access or the performing of inappropriate transactions, entities need to have in place appropriate controls to manage those with privileged access to systems. The appropriate number of privileged users should be regularly reviewed, and the actions performed by this group monitored regularly.

4.17 All entities had established effective security governance frameworks, and had implemented effective controls for managing their IT security monitoring and reporting responsibilities. Three entities required improvements to their network security arrangements, to more effectively manage the risk of external threats to networks.

4.18 There is an increased focus by government on IT security arrangements following a greater appreciation of the security risks involved in the protection of government information and systems. Security standards required of entities are described in the PSPF and ISM, and for a number of entities this is taking some time to implement.

4.19 A cross entity performance audit of the ICT security arrangements of seven entities was tabled by the ANAO in June 2014.³⁹ The audit assessed compliance with the requirements of the PSPF and the ISM, particularly in relation to the top four mandated security strategies⁴⁰ and underpinning general IT controls. In general, the audit found ICT security arrangements required improvement in the selected entities, and for several entities significant improvement to strengthen appropriate protection to entities’ systems and information was required.⁴¹ A performance audit assessing the ICT security arrangements of a further four entities is expected to be tabled in late 2015.

IT change management

4.20 Changes to an entity’s IT environment are generally managed using a standardised process, although changes relating to the financial management information system (FMIS) and human resource management information system (HRMIS) are sometimes managed through a separate change management process. The findings in figure 4.2 relate to an entity’s standard change management process; the change management findings relating specifically to FMIS and HRMIS applications are shown in figures 4.5 and 4.6.

4.21 A change management process covers changes to all technology and communications components, including networks, hardware platforms, application software, and requires appropriate supporting documentation. The aim of the change management process is to manage changes in a controlled and timely manner, with a minimal number of incidents or problems occurring on release to the production environment.

4.22 Sound change management controls reduces the risk of system changes being implemented that may affect the integrity of financial information.

4.23 For changes made to key business systems, the ANAO tested controls supporting entities’ change management processes in the following key categories:

• approval and tracking;
• testing;
• backout procedures;
• change logs and reporting;
• emergency changes;
• policy and governance frameworks; and
• release management.

Observations

4.24 The findings from the testing of IT change management controls are summarised in figure 4.2.

Figure 4.2: 2014–15 assessment of IT change management

 

 

4.25 Almost all entities had effective change management arrangements across all control categories. Improvements were warranted in one entity in relation to policy and governance frameworks, change approval and tracking, change management testing, and backout procedures. The entity also needed to improve its processes regarding emergency changes, which often have a streamlined approval process and rely on a post implementation review of such changes.

4.26 The results for 2014–15 continue the steady improvements of recent years in change management arrangements observed by the ANAO.

Application controls

4.27 Australian Government entities generally rely on two key financial reporting systems in the preparation of financial information. These are the financial management information system and the human resource management information system.

4.28 The ANAO assesses entities’ key FMIS and HRMIS controls in view of their importance for financial reporting.

4.29 The ANAO has published a Better Practice Guide, SAP ECC 6.0: Security and Control, to assist entities manage the risks in SAP FMIS environments, a common system in use by entities. The ANAO has also published a Better Practice Guide Human Resource Information Systems: Risks and Controls to assist entities in managing the risks involved in HRMIS functions.

4.30 Figure 4.3 and figure 4.4 detail the various FMIS and HRMIS applications⁴² used by the entities covered by this report over the last four years.

Figure 4.3: Summary of FMIS applications 2011–12 to 2014–15

 

 

Figure 4.4: Summary of HRMIS applications 2011–12 to 2014–15

 

 

4.31 The ANAO observed that there has been very little change in the range of FMIS and HRMIS applications used by entities over the past four years, with no changes from 2013–14 to 2014–15. The small number of changes in recent years related mostly to Machinery of Government changes. The selection and deployment of HRMIS and FMIS are costly projects for entities and can impose considerable disruption to business operations. As a result, the number of entities that change systems to an alternative application can be expected to be low.

Financial management information system

4.32 The FMIS is the IT application that processes financial transactions and summarises financial information. It supports financial management decision making, budget and financial planning, and the preparation of an entity’s financial statements.

4.33 The following FMIS control categories were assessed as part of the 2014–15 financial statement audits:

• application change management;
• masterfile maintenance;
• payment processing;
• application privileged user access management; and
• application user access management.

Observations

4.34 The ANAO’s assessment of the key FMIS control categories integral to the preparation of entities’ financial statements, is summarised in figure 4.5.

Figure 4.5: 2014–15 assessment of FMIS controls

 

 

4.35 FMIS privileged user access management remains an area requiring improvement in five of 23 entities. FMIS user access management also required improvement in one entity. The required improvements in FMIS user access management are similar in nature to the required improvements in IT security user access arrangements, as reflected in figure 4.1.

4.36 Ineffective user access controls, including those related to the management of FMIS system administrators, increase the risk of individuals undertaking actions that may undermine the integrity of financial systems and information. It is therefore important that entities take steps to address any deficiencies in application user access management controls, particularly in light of increasing security risks and an enhanced security focus.

4.37 The ANAO also identified that FMIS change management arrangements required improvement in one entity. Without sound change management arrangements in place, it is possible for changes to be implemented without appropriate testing, review, and approval. This may undermine the integrity of financial systems and information.

Human resource management information system

4.38 The HRMIS is the IT application that facilitates payroll and human resource management. The payroll and related data held in the HRMIS is a major component of the financial reporting process.

4.39 The key categories of HRMIS controls assessed as part of the 2014–15 audit coverage were:

• application change management;
• masterfile maintenance;
• payroll processing;
• application privileged user access management; and
• application user access management.

Observations

4.40 The ANAO’s assessment of key HRMIS control categories that enhance the completeness and accuracy of entities’ HR financial information is outlined in figure 4.6.

Figure 4.6: 2014–15 assessment of HRMIS controls

 

 

4.41 The ANAO identified that in the majority of entities the key HRMIS controls used to support the preparation of entities financial statements were effective. However, HRMIS user management including for privileged users remained an area requiring improvement in a number of entities. Having appropriate controls for managing HRMIS system administrators and other users who have high levels of access to HRMIS financial transactions and information is required to manage the risk of inappropriate access, and the potential for individuals to undertake actions that may place Commonwealth resources at risk and undermine information integrity.

4.42 The required improvements in HRMIS user access management, including the management of privileged users, are similar in nature to the issues in relation to IT security user access arrangements, as reflected in figure 4.1.

4.43 The need to improve payroll processing controls was required in one entity. It is important that all entities continue to effectively manage the information technology aspects of payroll processing, including the protection of payroll files as they are prepared and used by the HRMIS and banking systems.

4.44 All but one entity also had effective HRMIS change management arrangements. Sound change management arrangements assist in ensuring the effective implementation of system changes, and reduce the risk of inaccurate HR financial information.

Business continuity management

4.45 Entities can be expected to have well designed and tested business continuity and disaster recovery arrangements as part of their internal control environment. Business continuity planning provides for entity wide consideration of the most significant business processes, and how they may continue to operate in the event of a serious interruption. Significant business processes include those related to the collection, payment, and recording of information, with these processes commonly supported by significant IT systems. In the event of an incident, these business processes and supporting IT systems require an appropriate disaster recovery plan to support their continued operation, or restoration of the service, within agreed timeframes.

4.46 The design and operation of well designed back-up and recovery arrangements underpins the ability to maintain services in the event of an incident, and supports the disaster recovery plan and the business continuity plan. The design of an entity’s business continuity plans and disaster recovery plans, together with the supporting information backup and recovery regime, may vary considerably according to their particular business and operational circumstances. Such variations may also be expected in business continuity testing arrangements, including the extent and frequency of testing arrangements.

4.47 The ANAO observations regarding business continuity arrangements are summarised in figure 4.7.

Figure 4.7: Business continuity arrangements

 

 

4.48 The ANAO observed that the all but one entity had business continuity and disaster recovery plans and testing arrangements that catered for all of the entity’s significant financial and information technology systems, and were appropriate to their business circumstances.

4.49 The ANAO identified that an unplanned event had been used by some entities for the testing and review of business continuity and disaster recovery plans. Such an approach can increase the risk of entities having an inadequate response to such incidents, including the potential for a lack of a coordinated approach or a lack of preparation for the type of incident experienced. Although all entities adopting this approach had experienced an unplanned business continuity event during 2014–15, entities should ensure that they are in a position to test their business continuity plans if such an event does not occur for some time.

4.50 All entities had well established backup and recovery processes. Backup and recovery arrangements underpin an entity’s business continuity and disaster recovery plans, and may also be used to support the resumption of business operations. As such, it is important entities continue to have developed well managed and appropriate technology facilities to ensure backup and recovery arrangements are in place.

4.51 A number of entities reported they were continuing to review their business continuity and disaster recovery arrangements in light of Machinery of Government changes that had taken place since September 2013. These changes have also increased the number of cross entity agreements and dependencies in relation to service delivery. It is important entities have a process of ongoing and timely review of their business continuity and disaster recovery arrangements, and supporting backup and recovery arrangements, in light of revised responsibilities or operational arrangements.

Trends over the period 2011–12 to 2014–15

4.52 The ANAO’s ongoing assessment of entities’ IT control environments identified a number of trends over the period 2011–12 to 2014–15 for particular control categories. Some trends point to areas that have improved over the last four years, while others suggest that stronger management attention is required in a number of entities⁴³ due to an increase in the control issues identified in 2014–15. The trend in a number of control categories are discussed below.

IT security governance

4.53 An IT security governance framework is an overarching set of policies and procedures that define and establish security measures within an entity. An effective security governance framework supports entities to remain current with technology innovations and organisation changes, and to be better positioned to manage security threats and incidents, including those related to cyber security. As mentioned previously, whole-of-government security framework changes, as reflected in the PSPF and ISM, have been further refined in 2014–15. Entity functions also undergo periodic changes, including as a result of Machinery of Government changes, and this may require adjustments to an entity’s IT security governance arrangements. As a result, it is important entities establish and maintain an effective security governance framework, and implement related processes and procedures that complies with government requirements as determined from time to time.

4.54 The trend of recent years in relation to IT security governance is summarised in figure 4.8.

Figure 4.8: IT security governance: 2011–12 to 2014–15

 

 

4.55 In recent years the large majority of entities have had effective security governance frameworks, and this trend continued in 2014–15.

IT security user access management, including privileged users

4.56 Effective user access management provides protection for the networks, computer systems, and business applications of entities, and the information these facilities contain. User access management includes the process of approval, establishment, monitoring and termination of user access to computer systems. The process applies to all users of an entity, particularly privileged users.

4.57 Systems privileged users have additional access rights to computer systems and the broader information technology environment. To minimise the risk of inappropriate systems access or inappropriate transactions being performed, entities can be expected to have in place rigorous controls to manage those with privileged access, over and above the controls in place for general users. The managing of these privileged users requires a targeted, regular review of the need for these users to hold such access, and regular reviews of the actions performed by those who hold privileged access rights.

4.58 The trend in recent years in relation to IT security general and privileged user access management is summarised in figure 4.9.

Figure 4.9: IT security general and systems privileged user access management: 2011–12 to 2014–15

 

 

4.59 In recent years there has been a marked decline in the effectiveness of user access management, for both general users and for those holding higher level privileged system access. In 2013–14, ten entities required improvement in the effectiveness of their user management arrangements. This has increased slightly in 2014–15, with 11 entities now requiring improvements. The increase in recent years in the number of issues relating to user access management increases the risk to Commonwealth resources through inappropriate systems access, changes to systems, and data loss.

4.60 While the overall attention to IT security has increased in recent years, and Machinery of Government changes has led to an increase in IT security related activity for some entities, the trend discussed above indicates that, in a number of entities increased management focus and operational attention should be given to improving the management of user access, particularly the management of privileged users access.

IT change management policy and governance frameworks

4.61 IT change management policy and governance frameworks assist entities to create a consistent and reliable approach to making changes in their IT environments. The ANAO observations regarding change management policy and governance frameworks over the past four years are summarised in figure 4.10.

Figure 4.10: Change management policy and governance frameworks: 2011–12 to 2014–15

 

 

4.62 The policy and governance structures that support change management processes have been effective in the large majority of entities since 2011–12. In 2014–15, all entities except one had effective change management governance arrangements in place, including the effective implementation of related policies.

4.63 A high level of oversight and control over system changes decreases the risk of system changes being implemented that may affect the use of Commonwealth resources and the integrity of financial information, and it is therefore important for entities to continue to have effective change management policy and governance arrangements in place.

Management of application privileged user access

Financial Management Information and Human Resource Management Information Systems

4.64 The management of FMIS and HRMIS privileged user access involves implementing a regime of system controls on users in respect of their access rights to edit and change data within the FMIS and HRMIS. The ANAO observations regarding the management of FMIS and HRMIS privileged user access over the past four years are summarised in figure 4.11 and figure 4.12.

Figure 4.11: FMIS privileged user access: 2011–12 to 2014–15

 

 

Figure 4.12: HRMIS privileged user access: 2011–12 to 2014–15

 

 

4.65 The administration of FMIS privileged user accounts was effective in all but two entities in 2011–12. However, there was a decline in 2012–13 and this trend has continued in 2013–14 and 2014–15, with five of 23 entities in 2014–15 having weaknesses in the management of FMIS privileged user access.

4.66 In 2011–12 an improvement in the management of HRMIS privileged user access was required in a small number of entities. There was a decline in 2012–13 when six entities were not effectively administering HRMIS privileged user accounts, and this trend continued in 2013–14 and 2014–15, with five of 23 entities in 2014–15 having weaknesses in the management of HRMIS privileged user access.

4.67 As previously mentioned, a reduced level of oversight and control over the managing, logging, and monitoring of privileged user activities increases the risk of inappropriate system access and activity. As privileged users typically have full access to all FMIS and HRMIS financial transactions and information, there is a risk to Commonwealth resources and the integrity of financial and related information. As a result, and consistent with the position in relation to the management of general and systems privileged users reflected in figure 4.9, in a number of entities increased management attention and operational focus is required to the management of FMIS and HRMIS privileged users access.

Conclusion

4.68 The effective implementation and operation of general and application controls assists entities to provide IT services in a reliable, timely and consistent manner. Such controls also reduce the risk to Commonwealth resources and to financial information being inaccurate, incomplete, or stored insecurely, increasing the risk that financial information may be inaccurately reported.

4.69 The majority of IT controls continued to be effective in most entities during 2014–15. This includes IT controls in relation to change management, IT security governance and monitoring, and the management of FMIS and HRMIS master file data.

4.70 However, in 2014–15 there has been a number of issues identified in relation to general user access and privileged user access arrangements. This is consistent with the trend observed over the last three years and suggests that a number of entities need to improve the management of their user access arrangements. These issues increase the risk of unauthorised changes being made to systems and data, including key financial information.

4.71 The ANAO identified that in some entities weaknesses in user and privileged user access arrangements were as a result of entities requiring additional time to plan and implement enhanced IT security arrangements that have come into effect. This situation is consistent with the findings of the ANAO’s cross entity performance audit Cyber Attack: Securing Agencies’ ICT Systems. In addition, the Machinery of Government changes since 18 September 2013 have required a number of entities to review and modify IT systems and applications access arrangements. Maintaining appropriate user access arrangements in such circumstances is important in ensuring that entities continue to appropriately protect systems and information, including financial information.

4.72 In future audits, the ANAO will continue to focus on the IT general control environment and on FMIS and HRMIS application controls. This will include user access management including for privileged users, IT security governance, and change management.

4.73 Business continuity and disaster recovery plans and related testing arrangements continued to be satisfactory in the majority of entities. Continuing changes in organisational and systems arrangements that are occurring in the Australian public service will require entities to be alert to the need to review, and as necessary revise, their business continuity plans and associated testing arrangements.

Introduction

5.1 This chapter summarises the results of the ANAO’s examination of the internal control of entities as part of the interim phase of the audits of financial statements for the year ending 30 June 2015. These entities comprise the portfolio departments and other entities that account for the majority of the financial activities of the General Government Sector (GGS), and are listed at appendix 1.

5.2 The final results of the audits of the entities covered by this report will be included in the Auditor-General’s report on the audits of financial statements of Australian Government entities for the year ended 30 June 2015, expected to be tabled in December 2015.

5.3 This chapter outlines the following information for each entity:

• the entity’s primary role as reflected in its Portfolio Budget Statements; a summary of the entity’s business operations; and the key characteristics of these operations that shape the ANAO’s 2014–15 overall risk assessment and audit coverage;
• key financial balances and staffing levels for 2013–14 and 2014–15⁴⁴;
• governance arrangements relevant to the entity’s financial management responsibilities;
• the key areas of audit focus for the audit of the 2014–15 financial statements; and
• any significant and moderate (category A, B and L1) audit findings⁴⁵, and the conclusion relating to the audit coverage undertaken to date.

5.4 The ANAO’s overall assessment of the risk of material misstatement of the financial statements takes into account, for the purposes of planning the audit coverage, the significance and complexity of each entity’s operations as well as the ANAO’s knowledge of the entity’s internal control. Key audit related business and financial statement risks are also identified and communicated to each entity. The ANAO’s interim phase of the audit focuses on the steps taken by entities to manage risks that have a potential impact on the financial statements, including their systems of internal control.

5.5 A new area of audit focus across each not-for-profit entity within the GGS and the Consolidated Financial Statements is the application of AASB 1055 Budgetary Reporting that applies for the first time in respect of the 2014–15 financial statements of each of these entities. AASB 1055 requires the disclosure of the original budget as well as explanations for major variations between the original budget and the actual amount disclosed in the financial statements. As such, the ANAO’s focus will be on gaining assurance that major variations are adequately explained in entities’ financial statements.

5.6 Issues identified during our audits are rated in accordance with the seriousness of the particular matter. The ratings are defined as follows:

• Category A (significant): Issues that pose a significant business or financial management risk to the entity; these include issues that could result in the material misstatement of the entity’s financial statements.
• Category B (moderate): Issues that pose a moderate business or financial management risk to the entity; these may include prior year issues that have not been satisfactorily addressed.
• Category C (minor): Issues that pose a low business or financial management risk to the entity; these may include accounting issues that, if not addressed, could pose a moderate risk in the future. ⁴⁶
• Category L1: Instances of potential or actual breaches of the Constitution; and instances of non-compliance with the entity’s enabling legislation, legislation that the entity is responsible for administering, and the PGPA Act.

5.7 Category B or C issues remaining unresolved at the time of the subsequent year’s audit, depending on the seriousness of the issue, may be given a higher rating.

5.8 The following table provides details of the number of category A, B and L1 findings relating to each entity identified in our 2014–15 and 2013–14 interim audits.

Table 5.1: Significant and moderate findings of entities grouped by portfolio, reported at completion of the 2014–15 and 2013–14 interim audit phases

* See table 5.1 on p. 78 of ANAO Audit Report No.44 2013–14.

** Following the Machinery of Government changes in September 2013, administrative responsibility for the Aboriginal Benefits Account (ABA) transferred from the Department of Social Services to the Department of the Prime Minister and Cabinet. As a result, the responsibility for addressing the legislative issue relating to the ABA also transferred to PM&C.

Source: ANAO.

Agriculture Portfolio

Department of Agriculture

5.9 The Department of Agriculture (Agriculture) is responsible for: the development of policy advice and the provision of services to support and improve the productivity, competitiveness, and sustainability of Australia’s agricultural, fisheries, forestry and related industries; and protecting Australia’s economy and environment against the potential risks associated with pests and diseases.

5.10 Agriculture’s business operations include:

• increasing access to global markets for Australia’s agriculture, fisheries, forestry and related industry export products;
• developing and implementing deregulation initiatives to reduce the regulatory burden on business and farmers;
• the delivery of high quality forecasts, research and statistics to support effective decision making by the Government and the private sector;
• supporting farmers facing hardships through farm finance and national drought assistance programs, in addition to the implementation of the Farm Household Allowance;
• supporting rural research, development and extension, including through research and development corporations;
• the provision of efficient and effective biosecurity and export certification services within a risk based approach;
• strengthening biosecurity and quarantine arrangements, including emergency response arrangements for incursions of exotic pests and disease;
• supporting the eradication and management of nationally significant agricultural and environmental plant and animal pests and diseases;
• progressing biosecurity reforms to more effectively and efficiently manage biosecurity risk in the context of continued growth in trade volumes; and
• progressing the transition of post entry quarantine operations to a single facility, which will occur from late 2015.

5.11 The key characteristics of Agriculture’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• a self-assessment regime for the collection and reporting of levy revenue, supported by a risk-based compliance program;
• a Memorandum of Understanding between the department and the Australian Customs and Border Protection Service that establishes arrangements to collect a range of biosecurity import fees on behalf of the department;
• drought and farm assistance programs, including the funding of low interest loans; and
• reliance on IT business systems and associated processes, particularly those that support revenue collections and disbursements to industry bodies and research and development corporations.

5.12 In light of these characteristics and the ANAO’s understanding of the operations of the department, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.13 Agriculture’s key financial balances are:

Agriculture’s estimated average staffing level for 2014–15 is 4 109 (2013–14: 4 397).

Governance arrangements

5.14 The department has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of Agriculture’s business objectives. These arrangements are designed to support the department’s financial reporting requirements, the effectiveness and efficiency of its operations, and compliance with applicable legislative requirements.

5.15 The key elements of Agriculture’s corporate governance arrangements include:

• an Executive Management Team that meets monthly, and provides leadership to the department’s divisions on administrative and operational responsibilities, and advice to the Secretary on strategic policy, budgets and performance;
• a fraud control plan which outlines Agriculture’s approach to identifying, monitoring and managing the risk of fraud;
• a risk management process that involves updating strategic risk management plans at the departmental and divisional levels;
• an internal audit function that provides planned risk‐based audit coverage of Agriculture’s operations, including its quarantine and biosecurity functions;
• an audit committee that meets a minimum of five times a year and focuses on financial reporting, internal control structures, risk management systems, internal and external audit functions, and fraud control; and
• a financial statements sub-committee of the audit committee that meets at least five times a year and reviews the preparation of the annual financial statements.

Areas of audit focus

5.16 In light of the ANAO’s understanding of Agriculture’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Agriculture’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the accuracy and completeness of revenue and receivables arising from primary industry levies and charges, in light of the complexity involved in estimating agricultural production on which the revenue is based, and the self-assessment nature of collections;
• arrangements for the collection of biosecurity revenue and receivables, of which a significant portion is collected by the Australian Customs and Border Protection Service on behalf of the department;
• levy disbursement processes, given the significance and legislative complexities associated with payments to relevant industry service bodies and research and development corporations; and
• the accounting treatments and collectability of farm finance loans and drought assistance packages to eligible farmers through agreements with state and territory governments, given the significant amounts involved.

5.17 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Agriculture’s financial statements.

Audit results

5.18 The ANAO has completed its interim audit coverage, including in the areas of audit focus relating to revenue arising from primary industry levies and charges, and subsequent levy disbursement processes. Audit coverage has also been undertaken of Agriculture’s key IT general and application controls, including an assessment of logical security, change and release management, and controls relating to Agriculture’s FMIS, HRMIS and other supporting systems.

5.19 As part of the 2014–15 final audit phase, work will be undertaken in relation to biosecurity revenue and receivables which will include examining that portion of the revenue collected by the Australian Customs and Border Protection Service on Agriculture’s behalf. The accounting treatment and collectability of farm finance and drought assistance loans will also be examined. Audit coverage of the FMIS and HRMIS controls will also be completed.

5.20 The results of the work undertaken have been satisfactory for the interim audit phase, with no significant or moderate audit issues raised by the ANAO. There were also no significant or moderate audit issues outstanding from the 2013–14 audit.

Conclusion

5.21 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Agriculture will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Attorney-General’s Portfolio

Attorney-General’s Department

5.22 The Attorney-General’s Department (AGD) is the central policy and coordinating department for the portfolio. The department provides policy advice and delivers programs and policies to maintain and improve Australia’s law and justice framework, strengthen national security and emergency management, and provide support for arts and culture.

5.23 AGD’s business operations include:

• facilitating the recognition of rights and responsibilities and the preservation of a free society;
• ensuring an efficient and effective justice system, including by reducing regulation;
• pursuing a national approach to fighting and preventing crime, including through a coordinated response to organised crime and criminal gangs;
• delivering improved counter-terrorism and national security;
• providing national leadership in disaster resilience and emergency management;
• encouraging participation in Australia’s arts and culture and greater private sector support for the arts;
• supporting the development of, and consultation on, a proposal to recognise Aboriginal and Torres Strait Islander peoples in the Constitution; and
• supporting portfolio bodies through the provision of shared services arrangements and uniform core business processes.

5.24 The key characteristics of AGD’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the large number and value of grant programs administered by the department;
• the significant number and amount of administered investments reported in AGD’s financial statements; and
• the governance and reporting arrangements relating to the administration of personal benefit payments by the Department of Human Services on behalf of AGD, in the event of natural disasters.

5.25 In light of these characteristics and the ANAO’s understanding of the operations of AGD, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.26 AGD’s key financial balances are:

AGD’s estimated average staffing level for 2014–15 is 1 641 (2013–14: 1 527)

Governance arrangements

5.27 AGD has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support AGD’s financial reporting requirements, the effectiveness and efficiency of its operations, and compliance with applicable legislative requirements.

5.28 The key elements of AGD’s corporate governance arrangements include:

• an executive board that meets regularly to consider key strategic matters of corporate importance and sets AGD’s strategic direction. The board comprises the Secretary, Deputy Secretaries and other senior officers;
• an audit and risk management committee that meets every two months and is chaired by an external member. The committee is responsible for overseeing the department’s approach to financial and performance reporting responsibilities and risk management, including AGD’s overall control framework and internal audit function;
• a risk management framework and plan that address a broad range of operational risks;
• a fraud control plan that is regularly monitored and updated; and
• an internal audit function that performs a range of review, monitoring and compliance audits.

Areas of audit focus

5.29 In light of the ANAO’s understanding of AGD’s operating environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on AGD’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• grants financial management, as grant expenditure is a major component of AGD’s administered financial statements, and utilises a decentralised grants management system;
• the valuation of administered investments which are a significant component of AGD’s administered accounts and involves relying on information from the relevant entities;
• the valuation of non-financial assets given the diversity and geographical spread of assets, including leasehold artwork; and
• reporting of revenue and unearned revenue, as AGD generates significant own-source revenue from a number of different sources and for services performed on behalf of other entities.

5.30 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of AGD’s financial statements.

Audit results

5.31 The ANAO has completed its interim audit coverage, including an assessment of controls over grants and revenue. IT general and application controls, and key controls over payroll and appropriation processes, cash administration and special account payments have also been assessed.

5.32 As part of the 2014–15 final audit phase, audit coverage in relation to the valuation of non-financial assets, including artwork and administered investments, will be completed.

5.33 The results of the work undertaken to date have been satisfactory, with the exception of a new significant issue relating to the National Disaster Relief and Recovery Arrangements (NDRRA)⁴⁷ and a moderate risk issue identified in 2013–14, relating to IT network user access management.

5.34 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

Outstanding audit issue

IT network user access management

5.35 During the 2013–14 interim audit phase, the ANAO identified a number of weaknesses in AGD’s management of user access to the department’s IT network. The system access rights of a number of employees whose employment had ceased had not been deactivated. In addition, an effective process for logging and monitoring privileged user access to the IT network had not been implemented. These issues increased the risk of unauthorised access and the integrity of the data maintained in the various IT applications supporting the financial information.

5.36 During the interim phase of the 2014–15 audit, the ANAO identified that an effective process for monitoring system access had yet to be implemented and also identified a number of individuals with inappropriate access levels to the IT network. The ANAO will review AGD’s progress on addressing these issues during the 2014–15 final audit phase.

New significant audit issue

Administration of the National Disaster Relief and Recovery Arrangements

5.37 Pursuant to the Natural Disaster Relief and Recovery Arrangements (NDRRA) between the Commonwealth and the states and territories⁴⁸, the Commonwealth reimburses up to 75 per cent of state expenses after certain thresholds are met. The arrangements generally operate on a reimbursement basis requiring the Australian Government to provide in its financial statements for the estimated cost of its contribution at the time of the disaster, with payments subsequently occurring following the submission of claims by the affected state(s).

5.38 The AGD administers the NDRRA and provides a range of information to the Treasury to allow that department to account for the Australian Government’s liability and associated payments for disaster relief and recovery. As at 30 June 2014, the Australian Government has provided $3.6 billion for its obligations under NDRRA.

5.39 Recent audit coverage of the NDRRA⁴⁹ has highlighted a range of issues in relation to the processes followed to account for the estimate of the Australian Government’s liability and the subsequent payments. The main issues were:

• the need to strengthen the validation of information provided by the states used to support estimates of future costs; and
• significant weaknesses in the payment framework, including limited analysis and verification by the department, of the eligibility of claims.

5.40 In terms of the above-mentioned weaknesses, ANAO Audit Report No.34 2014–15 identified the payment of millions of dollars of ineligible expenditure in relation to claims made by three states in respect of seven disaster events that occurred between 2006 and 2011.

5.41 The above issues represent a significant operational and business risk to AGD and the ANAO considers that improvements are required to improve the processes involved in determining the Commonwealth’s obligations for future reconstruction and relief payments and in administering the Ministerial determination and NPAs with Queensland and Victoria in respect of future claims from the states and territories for financial assistance. In particular, the ANAO considers that AGD should:

• liaise with the states and territories with a view to strengthening the sign-off arrangements on data used to calculate the NDRRA liability;
• strengthen the department’s controls and processes in relation to the validation of state and territory based information, including reviewing project level information that supports estimates of future costs by the states and territories, and subsequent claims for expenditure from the states and territories⁵⁰; and
• quantify the extent of past ineligible expenditure to assist the Treasury to consider the financial reporting and other implications of ineligible payments.

5.42 The department has advised that it is seeking amendments to the Ministerial determination and will undertake collaborative audits with the states and territories. The department indicated that these steps are part of an interim measure, while pursuing a longer term solution involving moving to an upfront recovery model proposed by the Australian Government.

5.43 The department also advised that it was taking steps to strengthen the Commonwealth’s assurance processes over the validation of state and territory based estimates and expenditure information but did not think it was reasonable to undertake assessments of project level information, especially during the estimates process when such information is unlikely to be available.⁵¹

Conclusion

5.44 Based on our audit coverage to date, and except for the IT network user access management referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Communications Portfolio

Department of Communications

5.45 The Department of Communications (Communications) aims to promote an innovative and competitive communications sector, through policy development, advice and program delivery, so that all Australians can realise the full potential of digital technologies and communication services. The department’s strategic priorities of enhancing digital productivity, expanding digital infrastructure and promoting efficient markets, supports the effective use of digital technologies and communications services which underpin Australia’s future economic prosperity.

5.46 Communications’ business operations include:

• providing strategic advice on digital technologies and services, and the delivery of the National Broadband Network;
• delivering the Mobile Black Spot Programme to further expand reliable mobile phone coverage and competition in outer metropolitan, regional and remote communities;
• reforming the current spectrum policy arrangements to ease the compliance burden on users and improve accessibility for new technologies;
• assessing regulatory frameworks and advising on regulatory reform and deregulation options to promote competition, consumer safeguards, efficient and responsive portfolio entities, and reduced regulatory burden; and
• research and advice on sectoral developments, largely undertaken by the Bureau of Communications Research, to inform strategic policy directions.

5.47 The key characteristics of Communications’ business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• a legislative environment that is subject to ongoing change;
• significant administered activities including programs such as the Regional Backbone Blackspots and the National Broadband Network;
• significant administered grants expenses; and
• the reporting of significant administered assets relating to Australian Government investments in portfolio entities.

5.48 In light of these characteristics and the ANAO’s understanding of the operations of the department, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.49 Communications’ key financial balances are:

Communications’ estimated average staffing level for 2014–15 is 430 (2013–14: 529).

Governance arrangements

5.50 The department has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support Communications’ financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.51 The key elements of the department’s corporate governance arrangements include:

• an executive committee, chaired by the Secretary, that meets weekly and addresses strategic issues, monitors the department’s financial and non-financial performance, oversees the operational performance of divisions, and contributes to the development of the department’s policies and procedures;
• an investment committee that provides strategic advice to the executive committee on significant financial investments across the department, including on implementation and management issues;
• an audit committee that meets at least five times a year and has a focus on monitoring internal controls, internal and external audit activity, risk management, the review of financial and performance reporting, fraud control, and regulatory compliance;
• a financial statements sub-committee of the audit committee that meets at least three times a year and assists with the review of the department’s financial statements and other related financial matters as requested by the audit committee;
• an internal audit function that undertakes risk-based audit coverage of the department’s activities; and
• fraud control and risk management plans that are regularly monitored and updated.

Areas of audit focus

5.52 In light of the ANAO’s understanding of the department’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the department’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the valuation of administered investments where significant judgement is applied in determining the appropriate basis of valuation;
• the valuation of the assets related to the Regional Backbone Blackspots Program, which are complex infrastructure assets requiring expert assessment;
• the presentation and disclosure of large administered contingent liabilities and commitments. This is due to the complex nature of the contracts associated with the National Broadband Network. The Commonwealth has provided certain capped guarantees to Telstra Corporation Limited and the Optus Group in respect of obligations under the contracts those entities have entered into with NBN Co Limited; and
• administered grants expenses which represent a significant portion of total administered expenses.

5.53 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Communications’ financial statements.

Audit results

5.54 The ANAO has completed its 2014–15 interim audit coverage, including an assessment of the controls relating to administered grants expenses, cash and asset management, payroll processing, supplier expenses and IT general controls.

5.55 The areas of audit focus relating to the valuation of administered investments, the valuation of assets associated with the Regional Backbone Blackspots Program, and the presentation and disclosure of administered contingent liabilities and commitments, together with additional coverage of the key areas identified above, will be undertaken as part of the planned 2014–15 final audit phase. IT application controls in the FMIS and HRMIS will also be assessed as part of the final audit phase.

5.56 To date, our audit coverage of the above areas has not identified any new significant or moderate audit issues. The 2013–14 audit also did not identify any significant or moderate audit issues.

Conclusion

5.57 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Communications will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Defence Portfolio

Department of Defence

5.58 The primary role of the Department of Defence (Defence) is to protect and advance Australia’s strategic interests through the provision of appropriately prepared, equipped and supported armed forces. To achieve this, Defence prepares for and conducts military operations and other tasks directed by the Government.

5.59 Defence’s business operations include:

• maintaining the capacity to support current commitments and provide strategic response options to the Government to meet the range of potential future security contingencies, including working collaboratively with Australia’s neighbours and the broader international defence community, and contributing to coalition operations in support of Australia’s national interests;
• undertaking a range of military operations at the Government’s direction to ensure the defence of Australia and its national interests. The Australian Defence Force’s military operations and other tasks contribute to the achievement of the Government’s strategic objectives, contributing to the security of the immediate neighbourhood and supporting wider interests; and
• providing emergency and non-emergency assistance to the Government and the Australian community in non-combat related roles. These responsibilities may include emergency assistance, search and rescue, disaster recovery, surveillance, security or non-emergency law enforcement roles, and are directed by the Government or requested by other civil authorities or government entities.

5.60 The key characteristics of Defence’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• a diverse organisational structure that has a significant geographical spread nationally and internationally;
• the magnitude, complexity and dispersed nature of Defence’s operations which comprise the management, storage and distribution of large inventory and asset holdings, management of a significant property estate, technology research and development and project management in specialised fields such as warfare;
• military operations requiring the deployment of personnel, supporting assets and inventory to numerous locations in Australia and overseas;
• the arrangements between Defence and Defence Materiel Organisation (DMO) in relation to the acquisition, construction, maintenance and modification of equipment and systems and shared services;
• the aggregation of financial reporting information drawn from numerous independent information technology systems, together with the significant estimation required for the calculation of a number of financial balances; and
• long-term strategic reform activities that drive change to business and control processes, including changes in accountability and responsibility. The most recent of these reform activities commenced with the release of the “First Principles Review” of Defence on 1 April 2015. The Government has agreed, or agreed in-principle, to 75 of the 76 recommendations made by this Review. Implementation of these recommendations will commence immediately, with the majority of changes expected to be implemented within two years.

5.61 In light of these characteristics and the ANAO’s understanding of the operations of Defence, the ANAO assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as high.

Key financial balances

5.62 Defence’s key financial balances are:

Defence’s estimated average staffing level for 2014–15 is 77 300 (2013–14: 92 209).

Governance arrangements

5.63 Defence has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s objectives. These arrangements are designed to support Defence’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.64 The key elements of Defence’s corporate governance arrangements include:

• a structure which reflects the individual responsibility and accountability of the Chief of the Defence Force (CDF) and the Secretary, and also their joint responsibilities and accountabilities, so that Defence achieves the Government’s outcomes in relation to the defence of Australia and its national interests. A joint Ministerial directive provides detailed direction to the Secretary and the CDF on how the Minister expects them to conduct their business in delivering these outcomes;
• a Defence Committee, chaired by the Secretary. This committee meets on a monthly basis and considers Defence policy and management issues;
• the Secretary and CDF Advisory Committee, which is the primary decision making forum for the Secretary and the CDF for week to week management of the Defence organisation. The Secretary and the CDF jointly chair the committee with other participants invited as necessary in an advisory capacity;
• the Chiefs of Service Committee, chaired by the CDF, which provides military advice to assist the CDF to discharge his responsibilities in command of the Defence Force and as principal military adviser to the Government;
• a governance committee framework, including the Defence Audit and Risk Committee (DARC), the Defence Capability and Investment Committee and the Service Delivery Reform Committee;
• a fraud control framework that includes the development and monitoring of Defence’s fraud control plan. This is the responsibility of the Inspector-General within the Audit and Fraud Control Division. Divisional fraud control officers are responsible for implementing the plan, with the Fraud Control Investigations Branch assessing and investigating allegations of fraud; and
• an internal audit function, which performs a range of internal audits across Defence, and reports findings to the DARC and the Defence Executive.

Areas of audit focus

5.65 In light of the ANAO’s understanding of Defence’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Defence’s financial statements.

5.66 Areas highlighted for specific audit coverage in 2014–15 are:

• the accounting for, and valuation of, specialist military equipment (SME) which includes Defence Weapons Platforms (DWPs)⁵², Military Support Items and Assets Under Construction (AUC). Although SME is reported at cost, there are elements such as the annual impairment and revision of useful lives that are subject to a high degree of judgement and subjectivity. The management of AUC is dispersed across numerous projects that have complex multi-year contractual arrangements and project management requirements;
• the management and valuation of general assets. This asset class involves a high volume of capital works and associated purchases managed across numerous locations. The valuation of these assets relies on a complete and accurate fixed asset register, and the accurate calculation of any depreciation or impairment adjustments;
• the calculation and reporting of military superannuation balances due to the complexity of the basis of calculation and the nature of the economic and demographic assumptions involved;
• the management and valuation of inventory due to the decentralised holdings and management by multiple parties, as well as the identification of, and accounting for, obsolete stock; and
• legislative compliance, focusing on the specific conditions to be met before payments are made from each special account.

5.67 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Defence’s financial statements.

Audit results `

5.68 The ANAO has substantially completed its planned interim audit coverage. The ANAO’s interim audit included assessing asset management processes and the analysis of data used to calculate the value of the inventory balance at year end. Our interim audit coverage also included assessing IT general and application controls for systems that support the preparation of Defence’s financial statements, in addition to assessing the operation of key non-IT controls in areas including appropriation management and supplier expenses. The ANAO has also assessed progress by Defence in addressing audit issues previously identified.

5.69 During the 2014–15 final audit phase, the ANAO will complete testing of the internal controls relating to specialist military equipment and other fixed assets, employee benefits, inventories and supplier expenses. The ANAO will also complete work in relation to the 30 June 2015 balances for employee provisions, inventory, specialist military equipment and other fixed assets, as well as assessing the valuation of the military superannuation provision, with the assistance of an actuary, and in assessing legislative compliance, particularly in respect of appropriations and special accounts.

5.70 To date, our audit coverage of the key areas of audit focus has not identified any new significant or moderate audit issues.

5.71 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

* The 2013–14 issue relating to the management of heritage and cultural assets has been reclassified to a category C following the 2014–15 interim audit phase.

Resolved audit issues

Management of Special Accounts

5.72 Special accounts are established for specific purposes and have particular conditions that must be met prior to payments being made. As reported in 2012–13, the ANAO’s assessment of Defence’s special accounts identified deficiencies in the retention of supporting documentation and inconsistencies between payments made and the stipulated conditions for payments from these special accounts. During 2014–15, in accordance with legal advice, Defence has closed all special accounts with insufficient documentation, transferring funds to the Consolidated Revenue Fund and making any subsequent payments from departmental funds. Payments have continued from special accounts where Defence has confirmed the payments to be within the scope of the conditions of the establishing instrument. As a result of these actions this issue is resolved. The ANAO will continue to monitor payments made from special accounts as part of future audit coverage.

Management of Heritage and Cultural Assets

5.73 Physical assets generally have a limited useful life and are depreciated on a systematic basis over the useful life of the asset. However, some heritage and cultural assets may be assigned an indefinite useful life where appropriate conservation and preservation policies are developed and implemented. In 2013–14 the ANAO reported that, for some Defence heritage and cultural assets with indefinite useful lives, Defence could not provide evidence to support the implementation of preservation policies. During 2014–15 Defence reassessed the classification of all estate assets that were reported within the heritage and cultural asset class in the 2013–14 financial statements. Where the criteria for recognition of heritage and cultural assets were not met, the assets were reclassified and assigned a useful life.

5.74 At the time of the 2014–15 interim audit, Defence had not assessed the heritage and cultural assets which do not form part of the Defence estate. The ANAO will undertake testing over these assets during the 2014–15 final audit phase. As a result of the actions of Defence to date, this issue has been reclassified as a category C issue.

Unresolved audit issues

Accuracy of the Schedule of Commitments

5.75 A number of issues relating to the completeness and accuracy of Defence’s Schedule of Commitments were identified by the ANAO during the 2013–14 final audit phase, and a significant adjustment to the draft 2013–14 financial statements was required to correct inaccuracies in the schedule. Defence has reinforced existing accounts payable and financial reporting mechanisms and implemented a range of procedural controls and processes for commitments arising from purchase orders over $15 million. The ANAO has confirmed that these controls were in place during January and February 2015 and will complete testing in this area as part of the 2014–15 final audit phase.

Privileged user access

5.76 The ANAO identified two moderate audit issues during the 2013–14 interim audit in relation to weaknesses in the management of privileged security users to the financial management information system (ROMAN) and the IT general control environment. These weaknesses included:

• the absence of approval documentation;
• inadequate password control for a privileged user;
• privileged users not being removed when a business need was no longer required;
• inadequate documentation of the review of user access; and
• the failure to monitor privileged user access.

5.77 Defence has updated its security procedures and has removed privileged user accounts from ROMAN when the business need was no longer required. However our assessment indicated that the majority of the above weaknesses have not yet been resolved. The ANAO will perform further testing in this area once Defence has completed an upgrade to the IT general controls environment and the ROMAN system.

Fixed asset register and reporting processes for Military Support Items

5.78 Entities are required to assess annually whether there is any indication that assets may be impaired. In relation to Defence assets, the main factors taken into account are obsolescence and changes in the condition of assets and their use. The ANAO identified a number of weaknesses in relation to the assessment of impairment for Military Support Items (MSI). These weaknesses included:

• errors in the value of MSI assets held on the asset register;
• errors in the useful life of MSI assets recorded in the asset register;
• the results of remediation activities not being processed in a timely manner; and
• the poor quality or lack of availability of evidence to support transactions processed within the MSI system, including the annual assessment of impairment.

5.79 During 2014–15, the ANAO assessed the impairment processes at a number of Defence sites. This assessment indicated that sole reliance on the indicators included in the MSI system as a way of identifying impaired assets does not provide sufficient information to support an impairment assessment over all MSI assets. To gain coverage over all MSI assets, Defence has engaged a statistician to develop a sampling approach to assess the impairment information available from Defence sites. The ANAO will assess the results of this work when they are available.

Management of fixed assets

5.80 The integrity of the fixed asset register is important as it is used for stocktaking and asset revaluation purposes and underpins the asset balance reported in the financial statements. During the 2013–14 final audit phase, ongoing issues were identified in relation to the integrity of the fixed asset register including:

• inaccurate asset descriptions and location details;
• delays in processing details of assets no longer held or that should be transferred from AUC to assets in use;
• misclassification of assets; and
• the incomplete processing of stocktake results.

5.81 In addition, the ANAO identified errors in the 2013–14 fixed asset valuation process, including:

• demolished assets being revalued;
• assets not being impaired when there was evidence that the assets had a limited future benefit to Defence; and
• adjustments to asset values that did not agree to the revaluation report.

5.82 Defence has provided the ANAO with information on the work they have performed to address this issue. The ANAO will assess Defence’s progress and will conclude on this issue as part of the 2014–15 final audit phase.

Assessment of impairment indicators for general assets

5.83 An audit issue was reported following the 2012–13 interim audit phase in relation to the requirement to annually assess whether there is any indication that general assets may be impaired, taking into account the condition and use of the asset by Defence. The ANAO’s assessment in 2013–14 identified that this requirement was not consistently applied, including instances where:

• an asset’s condition was not considered; and
• asset values reported in the fixed assets register had not been adjusted for known poor condition or discontinued use of assets.

5.84 There was also insufficient training for Defence staff on assessing assets for indicators of impairment.

5.85 The ANAO will assess Defence’s revised impairment assessment process for general assets as part of the 2014–15 final audit phase.

Legislative breach

Potential breaches of section 83 of the Constitution

5.86 During 2013–14, Defence undertook a further review to determine the risk of payments being made in breach of section 83 of the Constitution from the special appropriations for which it is administratively responsible.

5.87 The risk assessment and subsequent analysis in 2013–14 identified 503 potential breaches of section 83 totalling approximately $625 000 in relation to various payments under the Defence Force (Home Loans Assistance) Act 1990 and the Defence Home Ownership Assistance Scheme Act 2008.

5.88 Defence has undertaken to continue to monitor its level of compliance with section 83 of the Constitution across all legislation for which it is administratively responsible. Defence expects that amendments to the above legislation will be progressed with the aim of reducing the risk of future section 83 breaches.

Conclusion

5.89 Based on our audit coverage to date, and except for the issues referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year and the potential breaches of section 83 of the Constitution, will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Defence Materiel Organisation

5.90 The Defence Materiel Organisation (DMO) is the primary service delivery organisation responsible for the effective support of Australian Defence Force (ADF) operations through the acquisition of equipment and supplies, sustainment of the ADF and the deployment of specialist staff. DMO also provides industry and procurement policy advice to Defence and the Australian Government.

5.91 DMO has an integrated ADF, Australian Public Service and contract workforce of over 6 000 people in over 70 locations within Australia and overseas. DMO’s activities are principally determined by objectives set by the Australian Government, Defence policies and the operational requirements of the ADF. Acquisition and sustainment activities are conducted in accordance with the Defence Approved Major Capital Investment Program and support required for current ADF operations.

5.92 DMO receives approximately 90 per cent of its funding from Defence, determined under a number of agreements. The funding agreements cover key operational areas including acquisition, sustainment, military workforce and shared services. The remaining ten per cent of DMO’s funding base comes from a direct appropriation for its workforce and operating expenses, in addition to own-source revenue. The total net estimated funding available to DMO in 2014–15 is $12.7 billion.

5.93 The key characteristics of DMO’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit approach include:

• domestic and international developments, such as the reduction in Defence spending and its effect on the military supply chain and DMO’s ability to deliver targeted budget outcomes in a tighter fiscal environment;
• the number of significant financial statement balances and a complex financial statements process that involves collating data from numerous business systems and locations;
• a variety of corporate and project management information technology applications operating in numerous locations;
• the number of financial and human resource business processes managed by Defence and utilised by DMO;
• complex arrangements between DMO and Defence in relation to the acquisition, construction, maintenance, and modification of equipment and systems and shared services arrangements;
• an increase in sustainment activities resulting from a number of new Defence capabilities moving into the sustainment phase in 2014–15; and
• expected structural changes as a result of strategic reform activities. The most recent of these reform activities commenced with the release of the “First Principles Review” of Defence on 1 April 2015. The key outcome from this review affecting DMO is the disbanding of DMO and the transfer of its core responsibilities in relation to capability delivery to Defence. This is expected to occur from 1 July 2015.

5.94 In light of these characteristics and the ANAO’s understanding of the operations of DMO, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.95 The DMO’s key financial balances are:

DMO’s estimated average staffing level for 2014–15 is 4 482 (2013–14: 6 606).

Governance arrangements

5.96 DMO has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of DMO’s business objectives. These arrangements are designed to support DMO’s financial reporting requirements, the effectiveness and efficiency of its operations and facilitate compliance with applicable legislative requirements.

5.97 The key elements of DMO’s corporate governance arrangements include:

• an executive committee, chaired by the Chief Executive, that meets each month to oversee decision making and strategic direction of DMO;
• the Materiel Audit and Risk Committee (MARC). The MARC is comprised of four independent members and formally meets up to eight times per year. The Committee works in conjunction with the Defence Audit and Risk Committee to oversee matters of shared importance to the DMO and Defence. The Chair of the MARC is also a member of the Defence Audit and Risk Committee;
• an internal audit function that is responsible for providing an independent, objective and systematic evaluation of DMO’s risk management and internal control framework, in addition to monitoring compliance and governance within the DMO. Internal audit activities are delivered through an outsourced provider model, in accordance with a program managed by the Chief Audit Executive;
• an Independent Project Performance Office monitors and reports to the Chief Executive regarding ‘projects of concern’. A project of concern is one encountering significant and unanticipated issues;
• regular management reports to the Chief Executive detailing the status of acquisition and sustainment activities undertaken on behalf of Defence. These reports are also provided to Defence and central government entities, on request;
• a Fraud Control Plan (FCP) that outlines how DMO will prevent, detect, deter and respond to fraud. The FCP aligns with the Commonwealth Fraud Control Framework and is endorsed by the MARC and the Chief Executive. Consistent with the Framework that FCPs should be updated as risks emerge, the DMO continually reviews its risk profile and related assurance activities;
• a high level enterprise-wide risk assessment and management framework that identifies key business risks and drivers; and
• a range of boards that monitor and report on key areas of accountability and risk within DMO, including Gate Review Assurance Boards for all major capital acquisition projects and selected sustainment platforms. Key project milestones are selected for review by these Assurance Boards, with the aim of assuring a project’s or platform’s status, and prospects of achieving the capability required.

Areas of audit focus

5.98 In light of the ANAO’s understanding of DMO’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on DMO’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the accounting for, and disclosure of, assets and revenues associated with liquidated damages or other compensation payable to or by Defence under contracts managed by DMO. These assets and revenues comprise a range of benefits that may be delivered to Defence and/or DMO over multiple years and include receipt of goods-in-kind, offset of future sustainment service costs and/or cash settlements;
• the accounting for, and recording of, cost of goods sold and repairs and overhaul expenses. These expenses involve a large number of transactions and a high level of complexity in terms of contractual arrangements and project management requirements, given the wide variety of agreements involved;
• the accounting for, and the reporting of, prepayments which are complex in nature, derived from a decentralised manual recording process and subject to material fluctuations as projects and contracts change;
• the accounting for, and the reporting of, monies owed by Defence to DMO, which involves a range of stakeholders across both Defence and DMO and comprises multiple calculations and compilations; and
• the aggregation of financial information and financial statement disclosures from different operational areas, systems and processes.

5.99 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of DMO’s financial statements.

Audit results

5.100 The ANAO has substantially completed its interim audit coverage to assess the effectiveness of internal controls in those areas of audit focus that have the potential to impact on DMO’s financial statements, including IT general controls and application controls for key systems that support the preparation of DMO’s financial statements, site visits to a number of System Project Offices, and expenditure testing. Our interim audit also included assessing the operation of key non-IT controls in areas including appropriation management, cash and the cost of goods sold.

5.101 During the 2014–15 final audit phase, the ANAO will complete audit coverage over the areas of audit focus as well as supplier expenses, revenue, cash and employee provisions. The ANAO will also assess legislative compliance, particularly in respect of appropriations.

5.102 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

Unresolved audit issue

Cash receipting and recording procedures

5.103 During the 2013–14 final audit phase, the ANAO identified several issues relating to the categorisation and recording of receipts as departmental, administered or trust monies. DMO has advised that work is progressing on addressing these issues and the ANAO will complete testing in this area as part of the 2014–15 final audit phase.

New audit issue

Accuracy and completeness of month end System Project Office financial information

5.104 The DMO’s financial framework operates in a decentralised and geographically disparate environment, with over 60 System Project Offices. The collation of DMO’s financial statements relies heavily on information provided by each System Project Office at month end and financial year end.

5.105 A number of issues relating to the accuracy and completeness of information provided by the System Project Offices were identified by the ANAO during the 2014–15 interim audit phase. These issues included:

• prepayments being omitted, incorrectly calculated or not recorded in accordance with DMO’s reporting threshold;
• expenditure on general assets not being appropriately capitalised; and
• accruals not being captured and reported.

5.106 The above issues increase the risk that the 2014–15 financial statements may not accurately reflect all transactions during the financial year. To address this issue, DMO has advised that it will increase its assurance processes over information provided by the System Project Offices for financial statements purposes.

Conclusion

5.107 Based on our audit coverage to date, and except for the issues referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Department of Veterans’ Affairs

5.108 The Department of Veterans’ Affairs (DVA) is the primary service delivery entity responsible for developing and implementing programs that assist the veteran and defence force communities. DVA also provides administrative support to the Repatriation Commission and the Military Rehabilitation and Compensation Commission.

5.109 DVA’s business operations include:

• maintaining and enhancing the financial wellbeing and self-sufficiency of eligible persons and their dependents through access to income support, compensation and other support services, including advice and information about entitlements;
• maintaining and enhancing the physical wellbeing and quality of life of eligible persons and their dependants through health and other care services that promote early intervention, prevention and treatment including advice and information about health service entitlements; and
• acknowledging and commemorating those who served Australia and its allies in wars, conflicts and peace operations through promoting recognition of service and sacrifice, preservation of Australia’s wartime heritage, and official commemorations.

5.110 The key characteristics of DVA’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• a complex legislative environment incorporating various conditions for the provision of benefits to veterans and defence personnel;
• the diverse range of entitlements administered by DVA, and the reliance placed on voluntary disclosure of information by recipients;
• a complex IT environment, including a number of legacy systems used to process a significant number of high volume, low value transactions; and
• extensive contractual arrangements with service providers, institutions, and state and territory governments.

5.111 In light of these characteristics and the ANAO’s understanding of the operations of DVA, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.112 DVA’s key financial balances are:

DVA’s estimated average staffing level for 2014–15 is 1 074 (2013–14: 988).

Governance arrangements

5.113 DVA has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support DVA’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.114 The key elements of DVA’s corporate governance arrangements include:

• an Executive Management Board that meets monthly to determine, and evaluate progress on, the agreed strategic directions of the department. The Board is supported by sub-committees that assess the overall performance of DVA’s operations through a variety of reporting mechanisms;
• an information and communication technology strategic plan aimed at developing the future DVA business model and programs and supporting IT requirements;
• a quality and management assurance strategy that continues to be refined to provide coverage of all major administered payment streams across DVA;
• the implementation of a detailed enterprise risk assessment and management framework that identifies the key business and environmental risks impacting on DVA;
• a fraud control plan that outlines how DVA will prevent, detect and respond to fraud;
• an internal audit function that undertakes risk profiling across DVA and conducts an internal audit program that addresses business and financial risks; and
• a governance committee framework, including an Audit and Risk Committee that provides independent assurance and assistance in relation to risk management, the controls and compliance framework, and external accountability. The committee also has a monitoring role in relation to the progress of internal audit and the financial statements preparation process.

Areas of audit focus

5.115 In light of the ANAO’s understanding of DVA’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on DVA’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the complexity of assumptions and calculations underpinning the actuarial assessment of the military compensation provision;
• the validity of personal benefit and healthcare payments processed by complex and ageing information systems;
• recognition of revenue for each of DVA’s diverse revenue streams;
• DVA’s financial statement preparation, and quality assurance and support processes that underpin the integrity of their financial statement balances, in view of prior year issues;
• the valuation of departmental non-financial assets, due to the diverse nature of DVA’s property plant and equipment and internally developed software; and
• legislative compliance, particularly the implementation of measures designed to address the risk of a breach of s83 of the Constitution, first reported in the 2011–12 financial statements.

5.116 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of the department’s financial statements.

Audit results

5.117 The ANAO’s interim audit coverage has been completed. Our coverage has included an assessment of the department’s methodology to estimate the military compensation provision and related quality assurance controls; and an assessment of the controls supporting personal benefit and healthcare payments.

5.118 Audit coverage has also included an assessment of IT general controls and application controls in the FMIS and HRMIS and controls relating to non-financial assets and revenue. The department’s financial statements preparation plan has also been assessed.

5.119 As part of the 2014–15 final audit phase, additional work will be performed to complete our work in the above mentioned areas including testing to substantiate the year-end balances in respect of the military compensation provision and personal benefit and healthcare payments.

5.120 Audit coverage to date has not identified any new significant or moderate audit issues.

5.121 The following table summarises the status of audit issues reported by the ANAO in 2013–14.

Status of audit issues raised by the ANAO

Unresolved audit issues

Oversight of risk monitoring processes of financial information

5.122 During the interim phase of the 2013–14 audit, the ANAO identified weaknesses in DVA’s oversight and risk monitoring processes, particularly in respect of the assessment of business risks associated with payments in relation to rehabilitation and compensation and income support programs.

5.123 In view of these weaknesses, DVA has advised that it is implementing a revised risk management strategy that includes a stronger focus on review and monitoring processes. The revised strategy was endorsed by the DVA executive in early 2015. Progress in implementing this strategy will be assessed as part of the final phase of the 2014–15 audit.

Financial statement preparation

5.124 During the final phase of the 2013–14 audit, the ANAO identified that DVA did not have adequate processes in place to ensure the timely and accurate preparation of their 2013–14 financial statements. The ANAO identified weaknesses in DVA’s quality assurance review processes, a lack of adherence to financial statement preparation timetables and deficiencies in the preparation of documentation to support the financial statements.

5.125 DVA has implemented a number of procedures designed to address this issue, including the development of a detailed financial statements preparation plan, and strengthening of the department’s quality assurance review and executive monitoring processes.

5.126 The resolution of this issue will depend on the adequacy of the improved financial statement preparation and quality review and monitoring processes implemented by DVA. These will be assessed by the ANAO during the final phase of the 2014–15 audit.

Legislative breach

Potential breaches of section 83 of the Constitution

5.127 The notes to DVA’s 2013–14 financial statements referred to potential breaches of section 83 of the Constitution for payments made from special appropriations and special accounts, particularly in circumstances where the payments do not accord with conditions included in the relevant legislation.

5.128 The department has undertaken to continue to monitor its section 83 compliance across all legislation for which it is administratively responsible. Where possible, future changes to procedures and amendments to legislation will continue to be progressed.

5.129 This issue will be assessed as part of the final phase of the 2014–15 audit.

Conclusion

5.130 Based on our audit coverage to date, and except for the risk monitoring and financial statement preparation issues referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year, and the legislative issue referred to above, will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Education and Training Portfolio

Department of Education and Training

5.131 The Department of Education and Training (Education) assists the Australian Government to take a national leadership role in education at all stages: preschool, school, tertiary and international; together with research, skills and training that support these roles. Education and its portfolio entities work with state and territory governments, other government entities and a range of service providers to provide high quality policy, advice and services for the benefit of Australians.

5.132 As a result of the Machinery of Government changes of 23 December 2014, responsibility for the child care policy and programs and coordination of early childhood development policy was transferred to the Department of Social Services (DSS). Education retains responsibility for the preschool education elements of the Early Childhood Education programme and continues to support the Australian Early Development Census. Responsibility for skills and training functions managed by the Department of Industry and Science (Industry) was transferred to Education as a result of these changes.

5.133 From 1 July 2014, the former Department of Education⁵³ and the Department of Employment (Employment) established a shared service centre for the provision of IT and corporate services to both departments. The establishment of the shared service centre has resulted in a shared control environment relating to IT and corporate services between Education and Employment.

5.134 Education’s business operations include:

• improving access to quality services that support early childhood learning and care for children through a national quality framework; agreed national standards; investment in infrastructure; and support for parents, carers, services and the workforce;
• improving the level of learning and literacy, numeracy and educational attainment for school students, through funding for quality teaching and learning environments, workplace learning and career advice; and
• promoting growth in economic productivity and social wellbeing through access to quality higher education, international education and international research, skills and training.

5.135 The key characteristics of Education’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the significance and diversity of administered activities, including the large number of diverse grant programs, the Higher Education Loan Programme (HELP) and the Higher Education Superannuation Programme (HESP). The HELP balance reported by Education is the Commonwealth’s largest non-taxation receivable;
• the valuation of receivables relating to HELP and the provision for HESP, which are subject to a number of complex valuation issues;
• Education’s reliance on data from third parties to support payments, including those relating to apprenticeship payments and university superannuation liabilities;
• the complexity in accounting for the shared service centre operational costs between Education and Employment, which is dependent on agreed attribution rules; and
• a relatively complex financial statement process that involves data from a number of business systems and other entities.

5.136 In light of these characteristics and the ANAO’s understanding of the operations of Education, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.137 Education’s key financial balances are:

Education’s estimated average staffing level for 2014–15 is 1 679 (2013–14: 1 255).

* The 2013–14 actuals reflect Education’s financial results for the period following the 18 September 2013 Machinery of Government changes to 30 June 2014.

Governance arrangements

5.138 Education has implemented governance arrangements, a financial reporting regime and an internal control system designed to enable the achievement of its business objectives. These arrangements support Education’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.139 The key elements of Education’s corporate governance arrangements include:

• an Executive Board that meets regularly and addresses strategic issues, monitors Education’s financial performance, and oversees the operational performance of groups and programs;
• a governance committee framework, including an audit committee. The audit committee meets at least quarterly and focuses attention on the effectiveness and probity of audit activities, including the assessment and management of risk;
• mechanisms allowing joint participation by Education in the decision making processes of the shared service centre, including representation on the Governance Board;
• mechanisms to facilitate internal and external assurances in relation to financial integrity, including the effectiveness of internal controls that may impact on the financial statements and the Secretary’s annual Compliance Report;
• a framework for incorporating risk management and the consideration of fraud risk into Education’s broader management business planning processes;
• a financial reporting framework that involves the monitoring of the financial and performance management of key business areas, and the preparation and monitoring of monthly financial reports; and
• an internal audit function that provides a risk-based audit coverage of Education’s activities.

Areas of audit focus

5.140 In light of the ANAO’s understanding of Education’s operating environment and governance arrangements, which includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Education’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the actuarial valuation of the HELP balance that represents an estimate of the amount owing to the Commonwealth at year end, due to the complexity involved in projecting future payments and/or non-repayments of loans;
• the actuarial valuation of the provision for grants relating to HESP. These estimates are complex due to different actuarial assumptions and reporting dates used for each university;
• the financial management of grants, as the management of grants is dispersed across a wide variety of programs and different business systems;
• compliance activities and assurance processes underpinning apprenticeship related payments that rely on the accuracy of information provided by a diverse number of recipients, for the period succeeding the 23 December 2014 Machinery of Government changes;
• legislative compliance, particularly the ongoing implementation of measures designed to address the risk of breaches of section 83 of the Constitution, referred to in Education’s 2013–14 financial statements;
• the governance and control regime established for the shared service centre. As mentioned at paragraph 5.133 above, the establishment of shared service arrangements resulted in a shared control environment between Education and Employment. As a result, a coordinated audit approach has been adopted for the financial statement audits of both departments; and
• the financial statements preparation process, with a focus on quality assurance processes as a result of the moderate audit issue identified in 2013–14.

5.141 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Education’s financial statements.

Audit results

5.142 The ANAO has completed its interim audit coverage, including an assessment of the department’s IT general controls over security and change management, and compliance activities and assurance processes relating to apprenticeship related payments and financial grants management.

5.143 The co-ordinated audit approach of those elements of the shared services control environment relevant to the preparation of the financial statements of the respective departments has included an assessment of the shared service’s controls relating to cash and asset management, employee and suppliers expenses, and revenue received from other sources.

5.144 As part of the 2014–15 final audit phase, the impact of the 23 December 2014 Machinery of Government changes on those areas relevant to the preparation of Education’s financial statements will be assessed. Audit coverage during the final audit phase will also include the valuation of the HELP balance at year-end and the provision for grants relating to unfunded superannuation commitments for Australian universities. The assessment of application controls in the FMIS and HRMIS, and the IT systems that support the apprenticeships scheme will also be finalised as planned.

5.145 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

* The responsibility for resolution of the category A audit issue relating to the child care compliance framework transferred to DSS as a result of the 23 December 2014 Machinery of Government changes.

Unresolved audit issue

Financial statement preparation process

5.146 The 2013–14 final audit phase identified that Education needed to improve its financial statement preparation process to better project manage timeframes and deliverables; to facilitate the performance of quality assurance review processes; to minimise reliance on key individuals; and improve communication with key stakeholders.

5.147 Education has undertaken a review of the financial statements preparation process and commenced the implementation of improvements to address the issues previously identified.

5.148 The ANAO will assess Education’s 2014–15 financial statement preparation processes as part of the 2014–15 final audit phase.

Legislative breach

Potential breaches of section 83 of the Constitution

5.149 In 2013–14, Education reported one payment of $125 200 made under the Schools Assistance Act 2008 that was a potential breach of section 83 of the Constitution.

5.150 Education has advised that it is continuing to monitor its level of compliance with section 83 of the Constitution across all legislation for which it is administratively responsible and continues to progress legislative amendments and system changes to reduce the risk of future section 83 breaches, where appropriate.

5.151 The ANAO will continue to assess progress in addressing this issue as part of the 2014–15 final audit phase.

Conclusion

5.152 Based on our audit coverage to date, and except for the moderate audit issue referred to above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Education will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Employment Portfolio

Department of Employment

5.153 The Department of Employment (Employment) assists the Australian Government to achieve its objectives for employment by providing a variety of advice, support, programs and services to the Australian Government and wider community. Employment and its portfolio entities work with other Australian Government entities, state and territory governments, and a range of service providers to deliver a broad range of services to the community to connect people with jobs, workplaces with safety, and businesses with productivity.

5.154 As mentioned above at paragraph 5.133 above, from 1 July 2014, Employment and the former Department of Education⁵⁴ (Education) established a shared service centre for the provision of IT and corporate services to both departments. The establishment of the shared service centre has resulted in a shared control environment relating to IT and corporate services between the department and Education.

5.155 Employment’s business operations include the:

• fostering of a productive and competitive labour market through employment policies and programs that assist job seekers into work, meet employer needs, and increase Australia’s workforce participation; and
• facilitation of jobs growth through policies that promote fair, productive and safe workplaces.

5.156 The key characteristics of Employment’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• reliance on data from third parties to support employment services;
• a reduction in Employment’s planned site reviews of employment service providers; and
• the complexity in accounting for the shared service centre operational costs between Employment and Education which is dependent on agreed attribution rules.

5.157 In light of these characteristics and the ANAO’s understanding of the operations of the department, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.158 Employment’s key financial balances are:

Employment’s estimated average staffing level for 2014–15 is 1 695 (2013–14: 1 660).

* The 2013–14 actuals reflect Employment’s financial results for the period following the 18 September 2013 Machinery of Government changes, to 30 June 2014.

Governance arrangements

5.159 Employment has implemented governance arrangements, a financial reporting regime and an internal control system, designed to enable the achievement of its business objectives. These arrangements support Employment’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.160 The key elements of Employment’s corporate governance arrangements include:

• an executive management group that meets regularly and addresses strategic issues, monitors the department’s financial performance, and oversees the operational performance of groups and programs;
• a governance committee framework, including an audit committee. The audit committee meets at least quarterly and focuses attention on the effectiveness and probity of audit activities, as well as the assessment and management of risk;
• mechanisms allowing joint participation by Employment in the decision making processes of the shared service centre, including representation on the Executive Board;
• mechanisms to facilitate internal and external assurances in relation to financial integrity, including the effectiveness of internal controls that may impact on the financial statements and the Secretary’s annual Compliance Report;
• a framework for incorporating risk management and the consideration of fraud risk into Employment’s broader management business planning processes;
• a financial reporting framework that involves the monitoring of the performance and financial management of key business areas, and the preparation and monitoring of monthly financial reports; and
• an internal audit function providing a risk-based audit coverage of Employment’s activities.

Areas of audit focus

5.161 In light of the ANAO’s understanding of Employment’s operating environment and governance arrangements, which includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the department’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the employment services programs and associated compliance activities and assurance processes. These programs rely on self-assessment by employment service providers and involve complex contract management arrangements;
• the processes and controls of the shared service centre. As discussed at paragraph 5.133 above, the establishment of shared service arrangements resulted in a shared control environment between Employment and Education. As a result, a coordinated audit approach has been adopted for the financial statements audits of both departments; and
• the financial statements preparation process with a focus on quality assurance processes.

5.162 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of the department’s financial statements.

Audit results

5.163 The ANAO has completed its interim audit coverage including an assessment of the department’s IT general controls over security and change management, and compliance activities and assurance relating to the employment services program.

5.164 The co-ordinated audit approach of those elements of the shared services control environment relevant to the preparation of the financial statements of the respective departments has included an assessment of the shared service’s processes relating to cash and asset management, employee and suppliers expenses, and revenue received from other sources.

5.165 As part of the 2014–15 final audit phase, the assessment of Employment’s IT application controls in the FMIS and HRMIS and the IT systems that support the payments to providers of employment services will be finalised. Controls over the financial statements preparation process, and legislative compliance, particularly in respect of appropriations and special accounts, will also be assessed.

5.166 A moderate audit issue relating to the financial statement preparation process reported in 2013–14 remains unresolved.

Unresolved audit issue

Financial Statement Preparation Process

5.167 The 2013–14 final audit identified that Employment needed to improve its financial statement preparation process to better manage timeframes and deliverables; to facilitate the performance of quality assurance processes; to minimise reliance on key individuals and improve communication with key stakeholders.

5.168 Employment has undertaken a review of the preparation process and commenced implementation of improvements to address the issues previously identified.

5.169 The ANAO will assess the effectiveness of Employment’s 2014–15 financial statement process during the 2014–15 final audit phase.

Conclusion

5.170 Based on our audit coverage to date, and except for the moderate audit issue referred to above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Employment will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Environment Portfolio

Department of the Environment

5.171 The Department of the Environment (Environment) supports the four pillars of the Australian Government’s Plan for a Cleaner Environment – Clean Air, Clean Land, Clean Water and Heritage Protection. This forms a guiding framework for water reform, environmental regulation, supporting Australia’s interests in Antarctica, natural resource management, biodiversity conversation and action on climate change.

5.172 The department’s business operations involve contributing to, and reporting of its activities against, the following operations:

• conservation, protection and sustainable management of Australia’s biodiversity, ecosystems, environment and heritage through research, information management, supporting natural resource management, establishment and management of Commonwealth protected areas, and reduction and regulation of the use of pollutants and hazardous substances;
• reduction in Australia’s greenhouse gas emissions, adaptation to the impacts of climate change and contribution to the negotiation of an effective global solution to climate change, through the development and implementation of a national response to climate change;
• advancement of Australia’s strategic, scientific, environmental and economic interests in the Antarctic region by protecting, administering and researching the region; and
• improvement in the health of rivers and freshwater ecosystems and water use efficiency through the implementation of water reforms, and ensuring enhanced sustainability, efficiency and productivity in the management and use of water resources.

5.173 The key characteristics of the department’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• significant administered asset balances, particularly the Australian Government’s investments in water assets, reported in Environment’s financial statements;
• the significant and diverse grant programs administered by the department; and
• the ongoing management of Australia’s Antarctic bases, including the estimate of the cost to restore the bases.

5.174 In light of these characteristics and the ANAO’s understanding of the operations of the department, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.175 Environment’s key financial balances are:

Environment’s estimated average staffing level for 2014–15 is 1 945 (2013–14: 1 932).

Governance arrangements

5.176 Environment has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support the department’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.177 The key elements of Environment’s corporate governance arrangements include:

• an Executive Board that provides assistance and advice to the Secretary in meeting responsibilities under the Public Service Act 1999 to manage the department and meet accountability obligations to the Parliament. As the central governance mechanism for the department, the Executive Board fulfils a leadership role in cross-cutting issues and decisions;
• an audit committee that meets at least four times per year and provides independent assurance to the Secretary on the integrity and reliability of the department’s management of financial processes, risks and fraud controls. The audit committee focuses on risk management, the control environment and reviews the department’s compliance with laws and regulations;
• a risk assessment process which involves identifying, analysing and managing key risks at the operational level for divisions and branches;
• a fraud control plan which outlines the department’s policy and approach to managing fraud risk and provides practical guidance on how staff can embed fraud controls in their day-to-day work practices; and
• an internal audit function, which performs a range of compliance and performance audits across the department, based on a risk assessment of the department’s activities.

Areas of audit focus

5.178 In light of the ANAO’s understanding of the department’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Environment’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are the:

• methodology used to value the water assets the department holds on behalf of the Commonwealth;
• diverse range of administered grant payments; and
• model adopted by the department to estimate its obligation to restore the Antarctic bases, particularly the appropriateness of assumptions used and the calculations involved.

5.179 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Environment’s financial statements.

Audit results

5.180 The ANAO has completed its interim audit coverage of the area of audit focus relating to administered grant payments, and an assessment of the department’s key IT general and application controls, and controls relating to key financial statement balances, including employee entitlements, asset management and supplier expenditure. The ANAO also inspected the department’s facilities at Casey Station as part of the ANAO’s assessment of the department’s restoration obligations in the Antarctic.

5.181 The audit coverage of: the methodology used to value water assets; the ANAO’s assessment of the estimated restoration costs for the Antarctic bases; and the department’s accounting treatment of administered investments and joint venture interests in the River Murray Operations and the Living Murray Initiatives will be completed as part of the 2014–15 final audit phase.

5.182 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

Conclusion

5.183 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that the department will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Finance Portfolio

Department of Finance

5.184 The Department of Finance (Finance) is one of the Australian Government’s central departments. The key purpose of Finance is to support the Australian Government’s objectives and public sector improvement through responsible expenditure. Finance assists the government to develop and deliver its fiscal and economic policies by producing the Budget and Consolidated Financial Statements, and supports the Government’s reform agenda by seeking to improve the effectiveness and efficiency of the use of public resources.

5.185 Finance supports an efficient and high-performing public sector through on-going improvements to public sector governance, systems, frameworks, and policy advice and delivery. Finance’s key business operations include:

• the Commonwealth’s Investment funds, being the DisabilityCare Australia Fund and the Nation-building Funds;
• the superannuation arrangements for Australian Government civilian employees, politicians and judges;
• Commonwealth procurement and grants administration;
• the delivery of Whole of Government information and communications technology;
• the strategy, commercial performance and governance of Government Business Enterprises;
• Commonwealth non-Defence domestic property management and construction; and
• general insurance and risk management.

5.186 Finance also provides support for Parliamentarians, and other persons determined by the Australian Government, through the delivery of, and advice on, entitlements and targeted assistance.

5.187 The key characteristics of Finance’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• a number of financial statement balances that require significant judgement, or the use of specialists, to estimate;
• numerous arrangements with service providers that affect key financial statement balances; and
• a complex financial statement process that involves aggregating data from a number of business systems and other entities.

5.188 In light of these characteristics and the ANAO’s understanding of the operations of Finance, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.189 Finance’s key financial balances are:

Finance’s estimated average staffing level for 2014–15 is 1 347 (2013–14: 1 395).

Governance arrangements

5.190 Finance has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support Finance’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.191 The key elements of Finance’s corporate governance arrangements include:

• a weekly senior executive meeting that discusses strategic matters and oversees operational management;
• an audit committee that meets at least quarterly and focuses on governance, risk management, internal controls, compliance management, performance and financial reporting and ANAO activities;
• a financial statements sub-committee to assist the audit committee with reviewing Finance’s financial statements, Compliance Report and related financial matters;
• an internal audit function providing an internal audit strategy and plan that addresses key business and financial risks and aims to assist line areas in meeting their key objectives;
• a risk management process, both at an organisational and discrete activity level, that includes an assessment of inherent and control risks, the identification of the controls in place to address these risks, and an understanding of the residual risks that remain and how these can be managed to an acceptable level;
• a financial reporting framework that involves the monitoring of the performance and financial management of key business areas, and the preparation and monitoring of monthly financial reports; and
• a fraud risk assessment process, involving input from each business group in Finance with fraud oversight roles, collated into a fraud control plan that includes risk mitigation strategies.

Areas of audit focus

5.192 In light of the ANAO’s understanding of Finance’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Finance’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the complexity of the assumptions and calculations underpinning the actuarial assessment of the public sector unfunded superannuation liability;
• accounting for the major claims and complex assumptions underpinning the valuation of the outstanding claims under the Australian Government’s self-managed general insurance fund (Comcover);
• accounting for, and disclosure of, the sale of Medibank Private;
• the complexity of the assumptions underpinning the valuation of investments held by the Administered Investment Funds, including the accounting for the closure of the three Nation-building Funds and the establishment of three new funds;
• the valuation methods and assumptions applied to the numerous properties in Finance’s property portfolio;
• the judgements used to derive the valuation of intangibles, specifically the Central Budget Management System Redevelopment Project;
• the management and reporting of assets transferred to Finance from Albury-Wodonga Development Corporation following the abolition of this entity;
• the control regime in relation to entitlements paid to Parliamentarians and their staff due to the complexity and nature of these entitlements; and
• legislative compliance, particularly the implementation of measures designed to address the risk of a breach of section 83 of the Constitution.

5.193 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Finance’s financial statements.

Audit results

5.194 The ANAO’s interim audit coverage has been completed. Audit coverage has included assessing key controls over employee entitlements, asset management and supplier expenditure. In addition, the ANAO has substantially completed assessing controls relating to the key focus areas of entitlements paid to Parliamentarians and their staff, and a sample of major Comcover claims. The ANAO has also assessed the accounting treatment for the sale of Medibank Private.

5.195 The areas of focus relating to the valuations of the unfunded superannuation liability, general insurance (Comcover) liability, investments in the Nation-building Funds and Finance’s property portfolio will be completed as part of the 2014–15 final audit phase.

5.196 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

5.197 The legislative matter relating to actual and potential breaches of section 83 of the Constitution reported in 2013–14 remains unresolved.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.198 Finance’s 2013–14 financial statements reported 33 breaches of section 83 of the Constitution in relation to payments made pursuant to the Parliamentary Entitlements Act 1990. The breaches totalled $69 000 and the funds have been recovered.

5.199 During 2014–15, Finance advised that it intended to undertake an assessment of payments made under the Parliamentary Entitlements Act 1990 to determine the risk of payments being made in breach of section 83 of the Constitution. The results of the risk assessment will be assessed as part of the 2014–15 final audit phase.

5.200 In addition, Finance has undertaken to progress a legislative amendment to the Parliamentary Entitlements Act 1990 to reduce the risk of payments being made in breach of section 83 of the Constitution, and will continue to monitor its level of compliance with section 83 of the Constitution across all legislation for which it is administratively responsible. The results of these actions will also be assessed as part of the 2014–15 final audit phase.

Conclusion

5.201 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Finance will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Future Fund Management Agency and the Board of Guardians

5.202 The Future Fund Board of Guardians (the Board), supported by the Future Fund Management Agency (the FFMA), has responsibility for investing the assets of special purpose public funds including the Future Fund, three Nation-building Funds (the Building Australia Fund, the Education Investment Fund and the Health and Hospitals Fund), and the DisabilityCare Australia Fund.

5.203 The FFMA is responsible for the recommendations to the Board on the most appropriate investment strategy for each fund and for the implementation of these strategies. All administrative and operational functions associated with the management of the funds are undertaken by the FFMA.

5.204 Under the Future Fund Act 2006, the FFMA and the Board are treated as a single Commonwealth entity for financial reporting purposes and accordingly the financial statements incorporate the transactions of both the Board (incorporating the Future Fund) and the FFMA.

5.205 Although the Board is responsible for the investing the assets of the Nation-building Funds and DisabilityCare Australia Fund, these funds are reported in the Department of Finance’s financial statements.

5.206 Subject to the passage of legislation, the responsibilities of the Board are to be further broadened by the establishment of two new Australian Government Investment Funds—the Asset Recycling Fund, and the Medical Research Future Fund. On the establishment of the new Funds, the Nation-building Funds would be abolished.

5.207 The business operations of the FFMA and the Board include:

• continued development and implementation of an investment strategy for the Future Fund, the Nation-building Funds, and the DisabilityCare Australia Fund, as agreed by the Board and consistent with the investment mandates from Government; and
• investing the assets of the Future Fund, the Nation-building Funds, and the DisabiltyCare Australia Fund in accordance with the relevant investment strategies.

5.208 The key characteristics of the business operations of the FFMA and the Board that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• complexities associated with the valuation of various investment instruments;
• the use of external service providers to support the investment management function; and
• the use of subsidiaries and collective investment vehicles to access investment opportunities alongside other investors, consistent with the investment strategy.

5.209 In light of these characteristics and the ANAO’s understanding of the operations of the FFMA and the Board, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.210 The FFMA and the Board’s key financial balances are:

The FFMA’s estimated average staffing level for 2014–15 is 104 (2013–14: 90).

Governance arrangements

5.211 The FFMA and the Board have designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of its business objectives. These arrangements are designed to support the financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.212 The key elements of the FFMA and the Board’s corporate governance arrangements include:

• a strategic asset allocation that provides an overview of the Board’s investment plan;
• meetings of the Board at least ten times per year;
• a governance framework, including an audit and risk committee, conflicts committee and a remuneration and nominations committee;
• mechanisms to facilitate internal and external assurances in respect of financial integrity, including the effectiveness of internal controls that impact on financial records;
• the use of a risk and control matrix to support the monitoring of key risks of the organisation;
• a financial reporting framework that involves the monitoring of the performance and financial management of key business areas, including the preparation of monthly financial reports; and
• significant operational controls that reside with the outsourced custodian. These controls are subject to an independent bi‐annual internal controls audit which tests that the controls are appropriately designed and are operating effectively.

Areas of audit focus

5.213 In light of the ANAO’s understanding of the FFMA and the Board’s environment and governance arrangements, which includes the financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the valuation of investments from the perspectives of governance, regulatory oversight and financial reporting;
• a compliance function that reinforces internal assurance procedures;
• the processes for monitoring external service providers, including the custodian;
• group consolidation and tax implications relating to wholly owned subsidiaries; and
• the management of new investments and liquidity requirements given that funds have been fully invested.

5.214 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of the financial statements of the FFMA and the Board.

Audit results

5.215 The audit coverage completed to date has included an assessment of the compliance functions and key controls relating to management of investments and liquidity requirements, including monitoring of its services providers.

5.216 As the most significant element of our audit is in relation to the valuation of investments at year-end, including the assessment of controls that reside within the outsourced custodian, the majority of the ANAO’s audit coverage is completed as part of the final audit phase.

5.217 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage of the areas of audit focus to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

Conclusion

5.218 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that the FFMA and the Board will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Foreign Affairs and Trade Portfolio

Department of Foreign Affairs and Trade

5.219 The Department of Foreign Affairs and Trade (DFAT) supports Ministers in the delivery of Australia’s foreign, trade and investment, development and international security policy priorities with a focus on the Indian Ocean Pacific Region.

5.220 DFAT’s business operations include:

• the advancement of Australia’s international strategic, security and economic interests through bilateral, regional and multilateral engagement on Australian Government foreign, trade and international development policy priorities;
• the protection and welfare of Australians abroad and access to secure international travel documentation through timely and responsive travel advice and consular and passport services in Australia and overseas; and
• a secure Australian Government presence overseas through the provision of security services and information and communications technology infrastructure, and the management of the Commonwealth’s overseas property estate.

5.221 The key characteristics of DFAT’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the complexity of DFAT’s business operations and the ongoing implementation of processes associated with the integration into DFAT of the former Australian Agency for International Development (AusAID)⁵⁵, as 2014–15 will be the first full year of the operation of the integrated department;
• the department’s reliance on external service providers for key operations and financial information. Under service level arrangements with DFAT, these service providers undertake revenue collection services for passport applications and provide a range of property, financial and facilities management services for the overseas estate;
• the geographical spread of operations; and
• the complex and diverse nature of DFAT’s IT environment including the use of multiple IT systems at overseas posts and business continuity and disaster recovery planning in critical overseas locations.

5.222 In light of these characteristics and the ANAO’s understanding of the operations of DFAT, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.223 DFAT’s key financial balances are:

DFAT’s estimated average staffing level for 2014–15 is 5 722 (2013–14: 6 175)

Governance arrangements

5.224 DFAT has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of DFAT’s business objectives. These arrangements are designed to support DFAT’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.225 The key elements of DFAT’s corporate governance arrangements include:

• an executive committee that oversees the operational performance of divisions and posts, reviews departmental wide issues, monitors financial performance and considers reports prepared and referred by other management committees;
• a governance committee framework including an audit and risk committee and a financial statements sub-committee. The audit and risk committee meets at least quarterly and has a focus on the efficiency, effectiveness and probity of activities including risk assessment and management, internal audit planning and results, fraud control and ANAO audit activities;
• a risk management framework and plan that identifies and assists in the management of risk at the strategic, business and project levels, and also at specific locations overseas;
• a fraud risk assessment that is undertaken in line with the Commonwealth Fraud Control Framework; and
• an internal audit strategy and plan that aligns with DFAT’s risk assessment and management priorities.

Areas of audit focus

5.226 In light of the ANAO’s understanding of DFAT’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on DFAT’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the integration of AusAID into DFAT, due to complexities relating to the ongoing integration of IT systems and accounting processes;
• revenue generated from passport operations, as a significant proportion of the passport revenue collection function is outsourced to the Australian Postal Corporation;
• the completeness of departmental revenue for rental accommodation and services provided to other Government entities at overseas posts, due to the significance of this item to DFAT’s financial statements;
• the valuation of the Australian Government’s overseas property due to the significance of the balance to the financial statements, and the judgements and estimates used to derive the balance;
• the valuation, accounting, and reporting of disclosures associated with loans and subscriptions and multilateral liabilities due to the complexities associated with estimating likely recoverability of the loans, and the estimation process to determine the fair value of liabilities at year end;
• grant accounting and contract management, due to the significance of the expenditure relating to these items that is reported in the financial statements, and the diverse range of administered grant payments to international, United Nations and Commonwealth organisations;
• the operations of overseas posts, as a significant component of DFAT’s departmental financial statements relate to operations performed at overseas locations;
• management of IT systems, as DFAT has a complex decentralised business operation supported by a number of unique IT systems; and
• quality assurance and preparation processes supporting the timely finalisation of the 2014–15 financial statements as a result of a moderate audit issue identified in 2013–14.

5.227 The ANAO’s audit coverage will continue to include the accounting treatment and disclosure of transactions in the National Interest Account (NIA) that are reported by the Commonwealth where the recovery of loans made by the Australian Government to overseas governments is considered less than probable. The NIA reports transactions undertaken by the Export Finance and Insurance Corporation, once the Minister for Trade and Investment determines they are in the national interest.

5.228 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of DFAT’s financial statements.

Audit results

5.229 The ANAO’s interim audit phase has been completed. Our coverage has included: the audit focus areas relating to the integration of IT systems and accounting processes following the integration of the former AusAID into DFAT in 2013–14; departmental revenue for rental accommodation and services provided to other entities at overseas posts; administered passport revenue; and the operations of overseas posts.

5.230 Interim audit coverage has also been completed over the department’s processes relating to cash and asset management, employee and supplier expenditure, IT general controls and application controls in the FMIS and HRMIS.

5.231 As part of the 2014–15 final audit phase, audit procedures will be undertaken over the remaining areas of audit focus relating to financial statement balances subject to valuation, grant accounting and contract management, and quality assurance processes supporting the timely finalisation of the 2014–15 financial statements.

5.232 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date.

5.233 The following table summarises the status of audit issues reported by the ANAO in 2013–14.

Status of audit issues raised by the ANAO

Resolved audit issue

Monitoring of user access controls

5.234 In the interim audit phase of the 2013–14 audit, the ANAO identified that for the period 1 July 2013 to 31 March 2014, a number of users had been granted database administrator access and privileged access to the FMIS and HRMIS that was inconsistent with their responsibilities. In addition, the activities associated with their access were not logged and, as a result, no monitoring of access activity by these users was able to be undertaken by the department. In the absence of these controls, there was an increased risk of inappropriate system access and unauthorised changes being made to systems data during the above mentioned period.

5.235 As part of the 2013–14 final audit phase the ANAO identified that DFAT had not undertaken appropriate procedures to address this issue. DFAT advised that processes to remediate the issue would be implemented in 2014–15.

5.236 The ANAO assessed DFAT’s actions to address this issue as part of the 2014–15 interim audit phase and identified that the department had implemented appropriate measures to manage access arrangements, including a review of system access in the period that monitoring was not undertaken. As a result this issue has been resolved but should be subject to ongoing monitoring by DFAT.

Unresolved audit issue

Financial statements preparation process

5.237 During the final phase of the 2013–14 audit, the ANAO identified that DFAT did not have adequate processes in place to ensure the timely and accurate preparation of their 2013–14 financial statements.

5.238 At the time of the 2014–15 interim audit phase, DFAT had commenced implementing processes to address the weaknesses in the financial statements preparation process, including the development of a detailed 2014–15 financial statement preparation plan and a financial statements quality assurance plan. The ANAO will assess progress on the resolution of this matter during the final phase of the 2014–15 audit.

Conclusion

5.239 Based on our audit coverage to date, and except for the unresolved issue referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Health Portfolio

Department of Health

5.240 The role of the Department of Health (Health) is to work towards achieving a health care system that meets the health care needs of all Australians, consistent with government policies and legislative requirements. During 2014–15, the functions of the Australian National Preventive Health Agency, General Practice Education and Training Limited, Health Workforce Australia were transferred to the department. Some of the functions of the Private Health Insurance Administration Council were also transferred to the department.

5.241 Health’s business operations include:

• policy development and working closely with third parties to deliver services in relation to population health; pharmaceutical services; medical and dental services; acute care; primary health care; private health; health infrastructure, regulation, safety and quality; health workforce capacity; biosecurity and emergency response; and sport and recreation;
• institutional reforms negotiated with state and territory governments under the National Health Reform Agreement;
• the reform of dental care to address the waiting lists for public dental services and boost the dental workforce, particularly in rural and remote areas; and
• the provision of improved opportunities for community participation in sport and recreation, investment in sports infrastructure as well as the coordination of Commonwealth involvement in major sporting events.

5.242 The key characteristics of Health’s business operations that shaped the 2014–15 planned financial statement audit coverage include:

• a complex operating environment that involves working with multiple government jurisdictions and entities, and a range of other stakeholders;
• the significant size of administered payments, which include high volume and complex Medicare, pharmaceutical and other health related benefits processed by the Department of Human Services (Human Services) on behalf of Health, and significant grant payments;
• a complex funding model and extensive appropriations disclosure; and
• the consolidation of the Therapeutic Goods Administration in Health’s financial statements.

5.243 In light of these characteristics and the ANAO’s understanding of the operations of Health, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.244 Health’s key financial balances are:

Health’s estimated average staffing level for 2014–15 is 3 196 (2013–14: 3 423).

Governance arrangements

5.245 The department has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of Health’s business objectives. These arrangements are designed to support the department’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.246 The key elements of Health’s corporate governance arrangements include:

• an executive committee, chaired by the Secretary, that is responsible for the management and oversight of all major department policy, and financial and operational decision making;
• a governance committee framework, including an audit committee, that includes three independent members, one of whom is the Chair, meets at least quarterly, and provides advice and assistance on risk, control, and compliance frameworks;
• an internal audit function that has primary responsibility for promoting and improving corporate governance within the department and operates under the direction of the Secretary and the audit committee;
• a risk management framework including Accountable Authority Instructions, Procedural Rules, a Risk Management Policy, and an Enterprise Risk Management Plan;
• a fraud control plan that is monitored and reviewed on a cyclical basis in line with the Commonwealth Fraud Control Framework;
• a Compliance Report regime that incorporates semi-annual control self-assessments, that forms a key part of the department’s corporate governance and compliance framework; and
• governance arrangements with Human Services to manage the relationship between the two entities in relation to an estimated $37.5 billion in health related personal benefits to be paid by Human Services in 2014–15.

Areas of audit focus

5.247 In light of the ANAO’s understanding of the department’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the department’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the high volume and complex administered health related benefits processed by Human Services on behalf of Health;
• the 2014 Machinery of Government changes that resulted in the transfer of the functions of four former portfolio entities into the department, and the offering of shared service arrangements to other portfolio entities;
• the presentation and disclosure of the appropriations and special accounts managed by the department that cover ten outcomes;
• the diverse range of administered grant payments to the states and territories, other service providers and program recipients;
• a complex valuation methodology used to estimate the Government’s liability under the medical indemnity program; and
• the management, accounting and disclosure of the National Medical Stockpile for potentially slow moving and expired inventory.

5.248 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Health’s financial statements. This included an assessment of system access and change management controls, as well as specific controls within the financial management and human resource management information systems.

Audit results

5.249 The ANAO’s interim audit coverage has been completed. Our coverage has included an assessment of the department’s controls over: cash and asset management; accounts payable and receivable; payroll processing; IT general controls in relation to access and change management in the FMIS and HRMIS; testing of grant payments, including those associated with grant projects transferred to the department under the 2014 Machinery of Government changes; an assessment of the controls relating to National Partnership Agreements payments; and health care payments processed by Human Services on behalf of the department.

5.250 An assessment of the valuation methodology used to estimate the medical indemnity liability and the recognition and measurement of the National Medical Stockpile inventory, will be completed as part of the final audit phase.

5.251 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. This is consistent with the 2013–14 audit results.

5.252 The legislative matter relating to actual and potential breaches of section 83 of the Constitution reported in 2013–14 is ongoing.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.253 The 2013–14 financial statements reported breaches of section 83 of the Constitution relating to payments made under the Health Insurance Act 1973. The department also reported potential breaches in relation to payments made under the Medical Indemnity Agreement Act 2002, the National Health Act 1953 and the Aged Care Act 199756.

5.254 During 2014–15, the department continued to review and determine the risk of payments being made in breach of section 83 of the Constitution from special appropriations.

5.255 The department has developed an approach to reduce the risk of section 83 breaches that involves:

• ongoing review of new legislation and payment processes in relation to special appropriations; and
• ongoing reviews of the department’s programs through internal audit reviews and various compliance activities.

5.256 The ANAO’s 2014–15 financial statement audit coverage will continue to monitor and assess the processes the department uses to identify any payments that are not in accordance with the conditions set out in relevant legislation.

Conclusion

5.257 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Health will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Immigration and Border Protection Portfolio

Department of Immigration and Border Protection

5.258 The Department of Immigration and Border Protection (Immigration) is responsible for the delivery of a range of policies, programs and services that support a prosperous and inclusive Australia through the maintenance of strong borders, well-managed migration, refugee protection, and the promotion of Australian citizenship.

5.259 Immigration’s business operations include:

• managing temporary and permanent migration and entry through Australia’s borders, and promoting Australian citizenship;
• supporting Australia’s international and humanitarian obligations by providing protection, resettlement and assistance to refugees and those in humanitarian need; and
• contributing to Australia’s border protection through managing the stay and departure of all non-citizens.

5.260 Legislation has been passed by the Parliament to establish the Australian Border Force as a single frontline operational border control and enforcement entity of the Department of Immigration and Border Protection from 1 July 2015. The functions of Immigration and the Australian Customs and Border Protection Service (the ACBPS) will be formally integrated into a single department (the Department of Immigration and Border Protection), and the ACBPS will cease to exist at that time.

5.261 The key characteristics of Immigration’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the planned integration of the department with the ACBPS, and the establishment of the Australian Border Force, from 1 July 2015;
• accounting for the offshore processing centres on Nauru and Manus Island;
• the use of significant third-party contracts for the delivery of Immigration services, particularly in relation to the construction and operation of detention facilities;
• the decentralised processing of visa application revenue across Immigration’s Australian and overseas offices, supported by online visa application processing. This process is supported by multiple IT systems and service level agreements with other entities, including the Department of Foreign Affairs and Trade, and the Australian Trade Commission; and
• an appropriation funding model that includes variable funding provided under a work load and a demand driven agreement with the Department of Finance.

5.262 In light of these characteristics and the ANAO’s understanding of the operations of the department, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.263 Immigration’s key financial balances are:

Immigration’s estimated average staffing level for 2014–15 is 8 824 (2013–14: 9 322).

Governance arrangements

5.264 Immigration has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support Immigration’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.265 A key strategy for the integration of the department with ACBPS discussed above at paragraph 5.260 is the development of the Plan for Integration, prepared jointly by the department and ACBPS. The Plan outlines the future structure and direction of the integrated entity from 1 July 2015. Transitional arrangements, including a combined executive and organisational structure effective from March 2015, are set out in the Plan.

5.266 The key elements of Immigration’s corporate governance arrangements include:

• an executive committee, jointly chaired by the Immigration Secretary and the Chief Executive Officer of the ACBPS. The executive committee considers planning and performance issues across the Immigration portfolio, significant investment decisions and governance matters;
• a resource and finance committee, which assists the Secretary in setting corporate priorities, overseeing workforce planning and management, and identifying strategies to enhance the Immigration portfolio’s financial management framework;
• a strategy and capability committee that oversees the development of major Immigration portfolio strategies, identifies capability investment priorities and considers the impact of the wider environment on the Immigration portfolio’s strategic direction;
• an audit committee that focuses on matters relating to risk management, internal audit, external audit and financial reporting;
• a financial statement sub-committee of the audit committee that meets regularly, focusing on financial statement issues, risks and deliverables and the integration of the department and ACBPS from 1 July 2015;
• a fraud control plan that is updated and reviewed in line with the Commonwealth Fraud Control Framework; and
• an internal audit function that delivers a strategic, risk-based internal audit plan designed to assist line areas meet their key objectives through a combination of performance and compliance based audits.

Areas of audit focus

5.267 In light of the ANAO’s understanding of Immigration’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Immigration’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the planned integration with the ACBPS and establishment of the Australian Border Force from 1 July 2015 as discussed at paragraph 5.265 above, in view of the potential impact on the 2014–15 financial statements;
• visa revenue, which is a significant component of administered revenue and exceeded $1.5 billion in 2013–14. Visa revenue is collected at a number of locations, including both domestic and international offices, and by third parties under service level arrangements, and is supported by a number of IT systems;
• management of the detention network and estate, both onshore and offshore. Immigration engage third party providers for health services, detention centre management and construction of detention centre assets. This forms a significant component of administered expenditure and administered assets in Immigration’s financial statements;
• appropriation revenue, which is adjusted based on a number of variables assessed under a funding model;
• accounting for employee entitlements as Immigration staff are located both in Australia and overseas, including locally engaged staff; and
• reporting of overseas transactions which are material to the financial statements and managed under third party arrangements through service level agreements with DFAT, and the Australian Trade Commission.

5.268 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Immigration’s financial statements.

Audit results

5.269 The ANAO’s interim audit phase coverage has been completed. Our coverage has included the audit focus areas relating to: the department’s planned integration with the ACBPS; management of the detention network and estate; accounting for employee entitlements; and the reporting of overseas transactions.

5.270 Audit coverage relating to supplier expenditure, cash management, IT general controls, and application controls in the FMIS and HRMIS has also been completed.

5.271 As part of the 2014–15 final audit phase, audit procedures will be completed relating to the remaining areas of audit focus including visa revenue and appropriation revenue.

5.272 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date.

5.273 A moderate audit issue relating to human resource management reported in 2013–14 remains unresolved.

Unresolved audit issue

Human resource management

5.274 During the 2013–14 final audit phase, the ANAO identified weaknesses in the department’s employee cessation processes including:

• inadequate controls relating to the confirmation that all procedures associated with ceasing an employee had been undertaken; and
• a number of instances where ceased employees had retained active system access, an active credit card, and/or documentation on the employee file had not been completed.

5.275 The ANAO also identified during the 2013–14 final audit phase that a number of overpayments had been made to staff, with some overpayments outstanding for a number of years.

5.276 At the time of the 2014–15 interim audit phase, Immigration had commenced implementing processes to address the weaknesses in the employee cessation processes. The ANAO will assess progress on the resolution of this matter during the final phase of the 2014–15 audit.

Conclusion

5.277 Based on our audit coverage to date, and except for the human resource management issue referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Australian Customs and Border Protection Service

5.278 The role of the Australian Customs and Border Protection Service (ACBPS) is to protect the safety, security and commercial interests of Australians by delivering effective border protection. In this role, the ACBPS’ core functions are to target and prevent criminality, whilst fostering legitimate travel and trade and collecting border-related revenue and trade statistics. The collection of border-related revenue includes customs duty, the passenger movement charge and the assessment and collection of the Goods and Services Tax, the Wine Equalisation Tax and the Luxury Car Tax on imported goods on behalf of the Australian Taxation Office (ATO). The Tourist Refund Scheme is also managed by the ACBPS on behalf of the ATO.

5.279 As mentioned above at paragraph 5.260, legislation has been passed by the Parliament to establish the Australian Border Force from 1 July 2015 that will result in the abolition of the ACBPS at this time.

5.280 The ACBPS’ business operations include:

• managing border risks through intelligence-led interventions that enable targeted inspection and examination of people and goods at the border, while streamlining border processes for legitimate trade and travel;
• supporting collaborative cross-entity civil maritime security activities including intelligence analysis, coordinated surveillance and on-water response, and working ahead of the border with international partners to provide controls for maritime security threats;
• partnering with law enforcement entities to address risks and vulnerabilities at the border through joint operations and sharing of intelligence;
• developing and coordinating border management policies, in conjunction with partner entities, to deliver Australia’s customs, trade and industry policy;
• supporting an open economy by ensuring compliance with the rules of trade so that competition occurs on a level playing field and the benefits of competition flow through to the Australian economy;
• administering the Tourist Refund Scheme;
• maintaining border-related revenue collection capabilities and assessing, reporting and collecting border-related revenue, including the application of refunds, concessions and exceptions; and
• undertaking an effective risk-based compliance program, using pre- and post-clearance monitoring and intervention activities to promote observance of Australian border laws as they relate to revenue reporting and payment obligations.

5.281 The key characteristics of the ACBPS’ business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the planned integration of the ACBPS with the Department of Immigration, and the establishment of the Australian Border Force, from 1 July 2015;
• the self-assessment regime that underpins the administration of a significant amount of customs duty and other border related revenue;
• a complex IT environment that supports the collection of customs duty and other revenue; and
• the accounting for significant asset acquisitions in 2014–15 including the Ocean Shield vessel transferred to ACBPS from the Department of Defence and the replacement of the Bay Class vessels with the Cape Class Patrol Boats.

5.282 In light of these characteristics and the ANAO’s understanding of the operations of the ACBPS, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.283 ACBPS’ key financial balances are:

ACBPS’ estimated average staffing level for 2014–15 is 4 920 (2013–14: 5 000).

Governance arrangements

5.284 The ACBPS has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the ACBPS’ business objectives. These arrangements are designed to support the ACBPS’ financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.285 A key strategy for the integration of the ACBPS with the Department of Immigration and Border Protection discussed above at paragraph 5.265, is the development of the Plan for Integration prepared jointly by the department and ACBPS. The Plan outlines the future structure and direction of the integrated entity from 1 July 2015. Transitional arrangements, including a combined executive and organisational structure effective from March 2015 are also set out in the Plan.

5.286 The key elements of the ACBPS’ corporate governance arrangements include:

• an executive committee, jointly chaired by the ACBPS’ Chief Executive Officer and the Secretary of the Department of Immigration and Border Protection. The executive committee considers planning and performance issues across the Immigration portfolio, significant investment decisions and governance matters;
• a risk management framework that has a whole of entity focus and connects the strategic, operational and tactical levels of risk management;
• the preparation of a corporate plan that directs the development of division and branch business plans;
• a fraud control and corruption prevention framework, that includes strategies for fraud and corruption preparedness, prevention, detection and resolution;
• an Integrity and Professional Standards Branch responsible for managing anti-corruption arrangements;
• an audit committee that meets at least quarterly and focuses on internal audit, fraud control and risk management issues;
• a financial statement sub-committee of the audit committee that meets regularly, focusing on financial statement issues, risks and deliverables and the integration of the ACBPS and Immigration from 1 July 2015;
• a practice statement framework that is used to define and implement the ACBPS’ national policies; and
• an internal audit function, that has a planned risk based audit coverage of ACBPS’ activities, including the management of IT systems.

Areas of audit focus

5.287 In light of the ANAO’s understanding of the ACBPS’ environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the ACBPS’ financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the planned integration with the Department of Immigration and Border Protection and establishment of the Australian Border Force from 1 July 2015, in view of the potential impact on the 2014–15 financial statements;
• the accuracy and completeness of customs duty collections and refunds in light of the self-assessment regime and the complexity of the related IT infrastructure that supports the collection of revenue;
• the valuation of the ACBPS’ specialised vessels, as the assessment involves significant judgments and assumptions as part of the estimation process; and
• legislative compliance, particularly in regard to the measures designed to addressed the risk of a breach of section 83 of the Constitution, referred to in the ACBPS’ 2013–14 financial statements.

5.288 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of ACBPS’ financial statements.

Audit results

5.289 The ANAO has completed its interim audit coverage of the area audit focus relating to the planned integration with the Department of Immigration and Border Protection. Audit coverage relating to payroll processing, supplier expenditure, appropriations and cash management, major contracts, and IT general and application controls for the FMIS and HRMIS has also been completed.

5.290 As part of the 2014–15 final audit phase, audit coverage relating to the accuracy and completeness of customs duty collections, the valuation of specialised vessels, and legislative compliance with section 83 of the Constitution, will be completed.

5.291 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

5.292 The legislative matter relating to actual and potential breaches of section 83 of the Constitution reported in 2013–14 remains unresolved.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.293 ACBPS’ 2013–14 financial statements referred to breaches of section 83 of the Constitution for payments made from special appropriations and special accounts, particularly in circumstances where the payments do not accord with condition included in the relevant legislation. ACBPS is progressing legislative amendments to reduce the risk that future payments result in a breach of section 83. The status of the legislative amendments and the ACBPS update of the risk assessment and, if required, implementation of controls to reduce the risk of incorrect payments, will be assessed as part of the final phase of the 2014–15 audit.

Conclusion

5.294 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that ACBPS will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Industry and Science Portfolio

Department of Industry and Science

5.295 The Department of Industry and Science (Industry) consolidates the Australian Government’s efforts to drive economic growth, productivity and competiveness by bringing together industry, energy, resources and science.

5.296 As a result of the Machinery of Government changes of 23 December 2014, the vocational education and skills policy and programs were transferred from the former Department of Industry⁵⁷ to the Department of Education and Training. Small business programs were transferred to the Department of the Treasury.

5.297 The department’s business operations include contribution to the growth and productivity of competitive industries through:

• supporting science and innovation, and promoting the growth of industries;
• encouraging private investment and the creation of new jobs; and
• improving regulation and reducing the burden and costs on businesses.

5.298 The key characteristics of Industry’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the number and extent of programs changing as a result of government initiatives and the associated impact on the staffing and operations of the department;
• the complexity of accounting for the functions transferred from the department as a result of the Machinery of Government changes of 23 December 2014; and
• the department’s reliance on other entities, including the Department of Education and Training, that were responsible for the processing of transactions and the maintenance of IT platforms in relation to Industry functions, prior to the Machinery of Government changes of 23 December 2014.

5.299 In light of these characteristics and the ANAO’s understanding of the operations of the department, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.300 Industry’s key financial balances are:

Industry’s estimated average staffing level for 2014–15 is 2 807 (2013–14: 3 710).

Governance arrangements

5.301 Industry has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support Industry’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.302 The key elements of Industry’s corporate governance arrangements include:

• a strategic plan providing an overview of the department’s future directions, supported by divisional business plans;
• an executive board and other governance committees that meet regularly to discuss key aspects of the department’s activities, including program management and financial performance;
• a structured framework for incorporating risk management into broader management and business processes, including the monitoring and management of risk at the enterprise, divisional and activity levels, and the development and maintenance of a fraud control plan;
• an Audit and Fraud Branch responsible for monitoring, and responding to, the department’s obligations under the Commonwealth Fraud Control Framework;
• an Assurance and Audit Committee that meets at least quarterly, and focuses on the enhancement of the control framework and risk management arrangements to improve the objectivity and reliability of externally published financial and other information;
• an internal audit function that addresses key business and financial risks and aims to assist line areas meet their key objectives; and
• a financial reporting framework that involves the monitoring of the performance and financial management of key business areas and the preparation and monitoring of monthly financial reports.

Areas of audit focus

5.303 In light of the ANAO’s understanding of Industry’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Industry’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the valuation of the Australian Government’s investment in the Snowy Hydro Limited, recognised as an administered investment in Industry’s financial statements, in light of the complexity of the valuation process and the significance of the investment in the financial statements;
• the financial administration of Industry’s grant programs, given the significance of grant expenditure to the department’s administered financial statements;
• the financial administration of the Australian Apprenticeships Incentives Programme, given its significance to the department’s administered financial statements and Industry’s reliance on providers external to the Australian Government for delivery of the program. This program was transferred to the Department of Education and Training as a result of the Machinery of Government changes of 23 December 2014;
• the completeness and accuracy of Industry’s revenue streams derived from sources other than an appropriation, including revenue generated by the National Measurement Institute and offshore petroleum and uranium royalties, given their significance to the department’s financial statements; and
• legislative compliance, particularly the implementation of measures designed to address the risk of non-compliance with section 83 of the Constitution, referred to in Industry’s 2013–14 financial statements.

5.304 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Industry’s financial statements.

Audit results

5.305 The ANAO interim audit phase has been completed. Audit coverage has included the areas of audit focus relating to: the administration of grants and the Australian Apprenticeships Incentives Programme; and assessing the controls supporting the department’s significant revenue streams, including those from the National Measurement Institute and offshore petroleum and uranium royalties.

5.306 Audit coverage has also been completed of the department’s controls relating to employee and supplier expenditure, asset and cash management, and IT general controls, and application controls in the FMIS and HRMIS.

5.307 As part of the 2014–15 final audit phase, audit procedures over the valuation of the Australian Government’s investment in Snowy Hydro Limited and legislative compliance with section 83 of the Constitution will be completed. Audit coverage of the FMIS and HRMIS IT controls will also be completed.

5.308 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

5.309 The legislative matter relating to actual and potential breaches of section 83 of the Constitution reported in 2013–14, referred to below, remains unresolved.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.310 The former Department of Industry’s⁵⁸ 2013–14 financial statements referred to one actual breach of section 83 of the Constitution relating to a payment made pursuant to the Automotive Transformation Scheme Act 2009. The department also reported potential breaches due to overpayments in relation to payments made from the Social Security Act 1991 and the Social Security (Administration) Act 1991 (Social Security Acts), for the period 1 July 2013 to 18 September 2013. Following this date, responsibility for administering the Social Security Acts and addressing the legislative issue was transferred to the Department of Social Services as a result of the September 2013 Machinery of Government changes.

5.311 At the time of preparation of this report, Industry was finalising its review in relation to payments made under legislation for which it is administratively responsible, including reviewing the continued appropriateness of the department’s previous risk assessment, particularly relating to the Automotive Transformation Scheme Act 2009. The ANAO will assess progress in addressing this issue as part of the 2014–15 final audit phase.

Conclusion

5.312 Based on our audit coverage to date, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year and the legislative compliance issue discussed above, will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Infrastructure and Regional Development Portfolio

Department of Infrastructure and Regional Development

5.313 The Department of Infrastructure and Regional Department (Infrastructure) supports the Australian Government to respond to emerging and critical issues affecting the nation, including: growing demand for infrastructure and transport; improving the social and economic outcomes for Australia’s regions; dealing with the opportunities and challenges presented by projected population and demographic changes; and increasing Australia’s economic prosperity.

5.314 Infrastructure provides policy advice, undertakes targeted research, and delivers a range of programs that include investment in infrastructure, transport security, surface and air transport, road safety, regional development, local government and services to Australian territories.

5.315 Infrastructure’s business operations include:

• improving infrastructure across Australia through investment in, and coordination of, transport and other infrastructure;
• providing an efficient, sustainable, competitive, safe and secure transport system for all transport users through regulation, financial assistance and safety investigations;
• strengthening the sustainability, capacity and diversity of regional economies including through facilitating local partnerships between all levels of government and local communities, and providing grants and financial assistance; and
• supporting governance arrangements in the Australian territories through the maintenance and improvement of the overarching legislative framework, and laws and services for these territories.

5.316 The key characteristics of Infrastructure’s business operations that shaped the ANAO’s 2014–15 planned financial statements audit coverage include:

• the complexity and geographical spread of Infrastructure’s business operations;
• the financial management and reporting of grant and subsidy programs, which are diverse and material to the financial statements;
• the accounting for, and appropriate disclosure of, the loan to the ACT government in relation to the Loose Asbestos Removal Program;
• the accounting for the abolition of the Infrastructure Australia special account and its related transactions as a result of amendments to the Infrastructure Australia Act 2008, which came into effect on 1 September 2014. This resulted in Infrastructure Australia becoming a corporate Commonwealth entity under the PGPA Act; and
• the complexity of the valuation methods and calculations underpinning administered investments, given that they represent 87 per cent of Infrastructure’s total administered assets.

5.317 In light of these characteristics and the ANAO’s understanding of the operations of Infrastructure, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.318 Infrastructure’s key financial balances are:

Infrastructure’s estimated average staffing level for 2014–15 is 1 141 (2013–14: 1 107).

Governance arrangements

5.319 Infrastructure has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support Infrastructure’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.320 The key elements of the department’s corporate governance arrangements include:

• an executive management group that meets weekly, addresses strategic issues, monitors Infrastructure’s financial performance and oversees the operational performance of divisions;
• a governance committee framework, including an audit committee that meets regularly and focuses on internal control, the management of risks, the review of financial reports, control of relevant monies and regulatory compliance;
• a framework for incorporating risk management into Infrastructure’s broader management and business processes;
• an internal audit strategy and plan that aligns with Infrastructure’s key business and financial risks, and management’s priorities;
• a legislative compliance regime which forms a key part of Infrastructure’s corporate governance and compliance framework;
• a fraud control plan that is in line with the Commonwealth Fraud Control Framework; and
• a financial reporting framework that involves monitoring the performance and financial management of key business areas, and the preparation and monitoring of monthly financial reports.

Areas of audit focus

5.321 In light of the ANAO’s understanding of Infrastructure’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on Infrastructure’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the accounting for grant and subsidy payments through different programs that are material to Infrastructure’s financial statements;
• the accounting for, and disclosure of, the loan to the ACT government in relation to the Loose Asbestos Removal Program due to the significance of this loan to Infrastructure’s financial statements;
• the accounting for the transfer of assets and liabilities to Infrastructure Australia due to the complexity of the transactions associated with the abolition of the related special account; and
• the valuation of Infrastructure’s administered investments in portfolio entities due to the significant judgements involved in the valuation process.

5.322 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of Infrastructure’s financial statements.

Audit results

5.323 The ANAO’s interim audit coverage has been completed. Audit coverage has included assessing key controls relating to the accounting for grant and subsidy payments, cash, appropriations and special accounts, supplier expenditure and administered revenue and receivables.

5.324 In addition, the ANAO’s interim audit coverage included key IT general controls and application controls of the FMIS and HRMIS. The ANAO also assessed a number of accounting issues relating to the accounting treatment of the loan to the ACT Government, and the transfer of assets to Infrastructure Australia.

5.325 Audit coverage on the other areas of focus relating to the valuations of the administered investments and the disclosure in the 2014–15 financial statements of the abolition of the Infrastructure Australia special account will be completed as part of the 2014–15 final audit phase.

5.326 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

Conclusion

5.327 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Infrastructure will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Prime Minister and Cabinet Portfolio

Department of the Prime Minister and Cabinet

5.328 The principal functions of the Department of the Prime Minister and Cabinet (PM&C) include the provision of policy advice and support to the Prime Minister, the Cabinet, Portfolio Ministers and Parliamentary Secretaries, through the coordination of government activities, policy development and program delivery. As a result of the 2013 Machinery of Government changes, PM&C’s functions also include government policy and program implementation for Indigenous advancement, deregulation and women’s policy.

5.329 PM&C’s business operations include:

• providing policy and implementation advice to the Prime Minister and support in managing the Cabinet program;
• Indigenous policy, programs and service delivery;
• national security, counter terrorism, and cyber policy coordination; ensuring compliance by the Australian Intelligence Community entities with Australian law and ministerial directions; and coordination and evaluation of Australia’s foreign intelligence activities;
• intergovernmental relations and communications with state and territory governments;
• managing the Australian honours and symbols policy, government ceremonial and hospitality duties and the provision of support to the Governor-General in performing official duties; and
• reducing government regulation and administering women’s policies and programs.

5.330 The key characteristics of PM&C’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the formalisation of administered and departmental bureau service arrangements and the implementation of key management and internal controls designed to ensure the effective operation of services provided by other Commonwealth entities;
• the range and complexity of PM&C’s business operations, including administration of Indigenous functions and hosting the G20⁵⁹ forum; and
• the volume and complexity of human resource management transactions in an environment of concurrent enterprise agreements for PM&C staff.

5.331 In light of these characteristics and the ANAO’s understanding of the operations of PM&C, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.332 PM&C’s key financial balances are:

PM&C’s estimated average staffing level for 2014–15 is 2 195 (2013–14: 1 633).

Governance arrangements

5.333 Following the 2013 Machinery of Government changes, PM&C is progressively reviewing and implementing revised governance arrangements. The financial reporting, internal control and compliance frameworks are also being reviewed to assist the achievement of PM&C’s business objectives. These arrangements are being designed to support PM&C’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.334 The key elements of PM&C’s revised corporate governance arrangements include:

• the executive leadership group, comprising the Secretary and Associate and Deputy Secretaries. The group considers strategic risks and issues that impact on PM&C, and also monitors the department’s performance and budget in delivering the department’s outcomes;
• an operations committee which provides a forum for operational decision-making and is supported by individual sub-committees, that will provide assurance to the executive leadership group regarding the performance of PM&C, and its compliance with internal and external requirements;
• a fraud control plan which outlines procedures to assess risk as well as prevent, detect and report fraud. This is updated and reviewed in line with the Commonwealth Fraud Control Framework;
• a risk management framework and plan that identifies and assists in the management of risk at the strategic, business and project level;
• an audit committee that meets at least quarterly and provides independent assurance on PM&C’s financial and reporting responsibilities, risk oversight and management, and system of internal control;
• a financial statements sub-committee, of the audit committee, that provides advice regarding the preparation and certification of the financial statements; and
• an internal audit function, which performs a range of compliance and performance audits across PM&C, based on risk assessments of departmental activities and direction from the audit committee.

Areas of audit focus

5.335 In light of the ANAO’s understanding of PM&C’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on PM&C’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• key management and internal controls designed to ensure the effective operation and management of shared service arrangements with the Departments of Human Services, Social Services, Education and Training, and Employment;
• internal control activities and financial reporting arrangements in respect of the Indigenous functions and administered grants programs;
• human resource management and the valuation of employee liabilities, particularly for those staff transferred to PM&C as a result of the 2013 Machinery of Government changes;
• compliance with statutory and other legal requirements, including constitutional requirements relevant to special appropriations and special accounts;
• the valuation of PM&C’s non-financial assets and administered investments, following the transfer of significant balances to PM&C as a result of the 2013 Machinery of Government changes; and
• internal control activities supporting the preparation and hosting of the November 2014 G20 forum.

5.336 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of PM&C’s financial statements.

Audit results

5.337 The ANAO has completed its interim audit coverage to assess the effectiveness of internal control in the areas which had been identified as significant to the financial statements. In the first full financial year following the 2013 Machinery of Government changes, the interim audit phase included coverage of selected administered grant programs, and IT general and application controls for key systems, including those provided through shared service arrangements with other entities.

5.338 Delays in the completion of PM&C’s human resource remediation program, discussed further at paragraphs 5.341 and 5.342, extended the interim phase of the audit, and will require additional management and audit attention during the 2014–15 final audit phase. In addition, due to the time taken to finalise shared service arrangements, key supporting controls will also require additional audit focus in the final audit phase, as they are implemented and tested by PM&C.

5.339 Audit coverage of the following areas will also be completed as part of the 2014–15 final audit phase:

• an assessment of the department’s transition to the new Indigenous Advancement Strategy program model, the associated grant commitments included within the financial statements and progress with the implementation of internal control and governance processes to confirm effective accountability over future program expenditure. The Indigenous Advancement Strategy program model commences from 1 July 2015; and
• the valuation of PM&C’s non-financial assets and administered investments, and legislative compliance.

5.340 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

Unresolved audit issue

Controls over transferred employee balances and transactions

5.341 During the 2013–14 audit, the ANAO identified that there were inadequate controls and quality assurance processes over the transfer of employee leave balances related to the 2013 Machinery of Government changes. As a result, individual leave balances were incorrectly uploaded into the HRMIS.

5.342 In 2014–15, PM&C commenced a remediation program to review and correct leave balances in the HRMIS, where required. However, while the program includes reviewing data migration processes, HRMIS configuration controls and strengthening of internal policies and procedures, additional internal control weaknesses were identified during the 2014–15 interim audit phase. As the remediation program is ongoing, the review of recalculations of individual leave balances and final corrections will be concluded as part of the 2014–15 final audit phase.

New audit issue

The Remote Jobs and Communities Programme compliance processes

5.343 The Remote Jobs and Communities Programme (RJCP) provides jobs, participation and community-development services in 60 remote regions across Australia, with responsibility for the program transferring to PM&C as part of the 2013 Machinery of Government changes. The delivery of RJCP services is funded through contracted service providers over a five year period, 2013 to 2018, at an estimated total cost of approximately $1 billion.

5.344 During the 2014–15 interim audit phase the ANAO identified that PM&C continue to experience delays in implementing a program compliance framework, including formalising management reporting and oversight responsibilities. As a result, the department lacks sufficient information in relation to service providers’ compliance with their requirements, and assurance that the program as a whole is being managed effectively. The ANAO will assess the progress in addressing this issue during the 2014–15 final audit phase.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.345 Following the 2013 Machinery of Government changes, administrative responsibility for the Aboriginals Benefit Account transferred to PM&C from the Department of Social Services. As a result, responsibility for addressing this unresolved legislative issue also transferred to PM&C. In 2013–14 PM&C reviewed the risk of any section 83 non-compliance across all legislation for which it was administratively responsible, including the Aboriginal Land Rights (Northern Territory) Act 1976 (ALR Act). The risk assessment and subsequent analysis identified that two payments, totalling $116 702, made from the Aboriginals Benefit Account under section 64(3) of the ALR Act⁶⁰, were breaches of the Constitution.

5.346 PM&C advised it was pursuing a legislative amendment to the ALR Act to address the underlying issue. As the legislative amendment is yet to be finalised, this issue remains unresolved; the ANAO will assess progress as part of the 2014–15 final audit phase.

Conclusion

5.347 Based on our audit coverage to date, and except for the issues relating to transferred employee balances and transactions, and the Remote Jobs and Communities Programme referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Social Services Portfolio

Department of Social Services

5.348 The role of the Department of Social Services (DSS) is to provide social policy advice to the Australian Government and deliver the Australian Government’s social policy agenda. DSS works in partnership with other government and non-government organisations, particularly with the Department of Human Services, with the aim of effectively developing, managing and delivering a range of policies, programs and services that are focused on improving the wellbeing of people and families in Australia.

5.349 As a result of the 23 December 2014 Machinery of Government changes, DSS assumed responsibility for child care policy and programs, and the coordination of early childhood development policy from the former Department of Education.

5.350 DSS’ business operations include:

• providing evidenced-based, forward-looking policy and implementation advice to portfolio Ministers to support government decisions and future directions;
• responsibility for the design, funding and regulation of support systems that underpin the lifetime wellbeing, independence and participation of people and families, including social security and family assistance payments, the aged care system, the National Disability Insurance Scheme and disability employment;
• working with the states and territories to achieve outcomes in their areas of responsibility, including disability services, the welfare of children and housing; and
• partnering with organisations to provide local services, including family relationship services, family support, community-based mental health services, early intervention, settlement services, multicultural engagement, aged care support, carer support, emergency relief and supported employment for people with a disability.

5.351 The key characteristics of DSS’ business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• changes in DSS’ operations due to the additional responsibilities for child care related programs transferred to the department in December 2014;
• the department’s reliance on other government entities to deliver personal benefit payments reported in DSS’ financial statements that are based on complex legislative requirements;
• DSS’ reliance on third parties to provide information that is critical to support payments made for personal benefits including child care, aged care subsidies and disability employment services;
• significant judgements and assumptions made in the valuation of personal benefit provisions and receivables, such as the Family Tax Benefit provision and receivable;
• the large number and value of grant programs administered by DSS in accordance with different legislative and policy requirements, and using different business systems; and
• a complex information technology environment that supports payments for personal benefits including child care, aged care subsidies and disability employment services.

5.352 In light of these characteristics and the ANAO’s understanding of the operations of DSS, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.353 DSS’ key financial balances are:

DSS’ estimated average staffing level for 2014–15 is 3 305 (2013–14: 3 467).

Governance arrangements

5.354 DSS has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the department’s business objectives. These arrangements are designed to support DSS’ financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.355 The key elements of the department’s corporate governance arrangements include:

• an executive management group that meets fortnightly. This group takes an active interest in the financial operations of DSS and receives monthly detailed reports from the Chief Finance Officer;
• a committee framework, including an Audit and Assurance Committee. This Committee meets at least quarterly and focuses on risk management and the effectiveness of the control environment, particularly in relation to financial systems, accounting processes and related controls. A financial statements sub-committee, comprising an independent Audit and Assurance Committee member as chair, the Chief Finance Officer and selected DSS Branch Managers, monitors and reviews DSS’ financial reporting timetable and requirements;
• a fraud risk assessment process and fraud control plan. Following the Machinery of Government changes in September 2013 and December 2014, DSS is progressively updating its fraud risk assessments;
• a risk management framework complemented by an Enterprise Risk Map that promotes a coordinated risk management regime and encourages staff to apply risk management principles. DSS is developing an implementation plan to embed the new risk framework in DSS’ practices; and
• an Assurance Branch that undertakes risk-based audit coverage of DSS activities.

Areas of audit focus

5.356 In light of the ANAO’s understanding of DSS’ environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on DSS’ financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• DSS’ controls over personal benefit payments including child care related programs, many of which rely on voluntary disclosure of information by customers;
• the valuation of personal benefit related asset and liability balances due to the significance of actuarial estimates, and the judgements involved in the valuation process;
• aged care subsidy payments that are based on information provided by a large number of aged care providers and use complex IT systems managed by the Departments of Health and Human Services;
• the financial management of grants, including the adequacy of documentation to support grant acquittals. DSS administers a large number of grant payments to state and territory governments, service providers, and other program recipients using different business systems;
• compliance activities and assurance processes underpinning payments for personal benefits including child care, aged care programs and disability employment services that rely on the correct disclosure of personal circumstances by a diverse number of recipients; and
• legislative compliance, particularly the implementation of measures designed to address the risk of non-compliance with section 83 of the Constitution, referred to in DSS’ 2013–14 financial statements.

5.357 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of DSS’ financial statements.

Audit results

5.358 The ANAO has completed its interim audit coverage including: an assessment of the department’s IT general controls over security and change management; and compliance activities and assurance processes relating to personal benefits, aged care and grants.

5.359 Audit coverage of the department’s processes relating to cash, asset management, payroll processing, suppliers expenses, IT general controls, and application controls in the FMIS and HRMIS has also been completed.

5.360 As part of the 2014–15 final audit phase, our assessment of compliance activities and assurance processes covering payments for disability services, and the valuation of personal benefit related asset and liability balances will be completed. The testing of application controls for the IT systems that process payments related to personal benefits, aged care and grants will also be finalised as planned.

5.361 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

* As a result of Machinery of Government changes in December 2014, one category A finding, related to the child care compliance framework, was transferred to DSS from the former Department of Education. Refer to paragraph 5.362 for details.

Unresolved audit issue

Child care compliance program

5.362 In 2013–14, the ANAO identified significant issues in the child care compliance program implemented by the former Department of Education. At that time the department had agreed to strengthen its compliance activities through a significant reallocation of resources to these activities, including establishing a taskforce focused on serious non-compliance matters, and increasing the level of other monitoring activities, including risk based data interrogation and analysis. Based on the results of DSS’ sample checking of childcare attendance, DSS estimated that incorrect payments made totalled approximately $300 million.

5.363 In 2014–15, DSS assumed responsibility for the childcare program from the former Department of Education.

5.364 During the interim phase of the 2014–15 audit, the ANAO identified that DSS had promptly commenced the implementation of measures designed to protect the integrity of the child care fee assistance payments. DSS had developed a plan to strengthen the compliance program with a focus on services identified as being at high risk of non-compliance, and was progressing changes to legislation and policy that would improve the overall integrity of arrangements applying to child care payments.

5.365 The measures taken and proposed by DSS that are designed to improve the integrity of child care payment arrangements are still being progressed. Accordingly, it will take time to determine if the measures will result in a sustained and measurable improvement in the management of these payments. The ANAO will monitor progress in this area as part of the 2014–15 final audit phase.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.366 During 2013–14, DSS undertook a further review to determine the risk of payments being made in breach of section 83 of the Constitution from the special appropriations and special accounts for which it was administratively responsible. The risk assessment and subsequent analysis identified actual breaches for payments made from the Aboriginals Benefit Account under section 64(3) of the Aboriginal Land Rights (Northern Territory) Act 1976 and potential breaches for certain personal benefit payments made pursuant to:

• A New Tax System (Family Assistance ) Act 1999 and A New Tax System (Family Assistance) (Administration) Act 1999;
• Paid Parental Leave Act 2010;
• Social Security Act 1991 and Social Security (Administration) Act 1999;
• Students Assistance Act 1973;
• Aged Care Act 1997; and
• National Health Act 1953.

5.367 These actual and potential breaches were reported in DSS’ 2013–14 financial statements. The 2013–14 auditor’s report included a report on other legal and regulatory requirements referring to the actual and potential breaches.

5.368 As a result of Machinery of Government changes in September 2013, responsibility for the resolution of the unresolved legislative compliance issue related to the Aboriginals Benefit Account was transferred to the Department of the Prime Minister and Cabinet.

5.369 DSS has undertaken to continue to monitor the risk of section 83 non‐compliance across all legislation for which it is administratively responsible. The assessment for 2014–15 has commenced, and any actual or potential breaches identified will be reported in the 2014–15 financial statements. The ANAO will assess progress in addressing this issue as part of the 2014–15 final audit phase.

Conclusion

5.370 Based on our audit coverage to date, and except for the child care compliance issue referred to above, the key internal controls that support the preparation of the financial statements were operating effectively. The effective operation of these controls for the full financial year and the legislative issue referred to above, will be assessed in conjunction with additional audit testing during the 2014–15 final audit phase.

Department of Human Services

5.371 The Department of Human Services (Human Services) provides policy advice on service delivery matters to government aimed at providing effective, innovative, and efficient implementation of government service delivery.

5.372 The department delivers on behalf of other Commonwealth entities a range of personal benefit payments and services to the Australian community including:

• Centrelink payments and services for retirees, the unemployed, families, carers, parents, students, people with disabilities, Indigenous Australians, people from diverse cultural and linguistic backgrounds, and people living overseas, provides services at times of major change including disaster recovery payments;
• Medicare services and payments that support the health of Australians such as Medicare, the Pharmaceutical Benefits Scheme, eHealth⁶¹ the Private Health Insurance Rebate, the Australian Childhood Immunisation Register, the National Bowel Cancer Screening Register and the Australian Organ Donor Register;
• Aged Care payments to services funded under the Aged Care Act 1997 including residential care, home care, and flexible care services; and
• Child Support services for separated parents so they have the financial and emotional support necessary for their children’s wellbeing.

5.373 The key characteristics of the department’s business operations that shaped the ANAO’s 2014–15 planned financial statement audit coverage include:

• the department’s reliance on the voluntary disclosure of information by customers in relation to the assessment and payment of personal benefits;
• the complexity of the IT environment supporting significant business operations, including developing and managing software systems that pay personal benefits;
• the management of agreements and arrangements with policy entities relating to the department’s service delivery responsibilities;
• the quality assurance mechanisms implemented by the department to gain assurance over the accuracy of personal benefit payments; and
• child support arrangements, particularly in relation to child support assessments and payments that are subject to complex legislative requirements.

5.374 In light of these characteristics the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.375 The department’s key financial balances are:

Human Services’ estimated average staffing level for 2014–15 is 30 129 (2013–14: 30 089).

Governance arrangements

5.376 Human Services has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of its business objectives. These arrangements support the associated financial reporting requirements, the operation of its programs, and compliance with applicable legislative requirements.

5.377 The key elements of the department’s corporate governance arrangements include:

• an executive committee, chaired by the Secretary, that meets weekly and is responsible for high level policy issues relating to the department’s strategic leadership and management;
• a governance committee structure comprising an executive committee chaired by the Secretary and eight supporting governance committees, to provide oversight of the delivery and monitoring of the department’s outcomes;
• an audit committee that meets at least quarterly and provides independent assurance and advice to the Secretary on the department’s governance arrangements, risk management, internal control processes, financial reporting processes, and monitoring compliance with legislation, and government policy;
• a fraud control plan that is monitored and reviewed on a cyclical basis in line with the Commonwealth Fraud Control Framework and an investigations framework which includes strategies for fraud prevention, detection and resolution;
• a comprehensive and coordinated framework for incorporating risk management into broader management and business processes; and
• an internal audit function reporting to the Secretary and the audit committee on the risk based audit coverage of the department’s activities.

Areas of audit focus

5.378 In light of the ANAO’s understanding of the department’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the department’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the assessment of the department’s internal control environment, including the IT infrastructure supporting the department’s financial statements;
• child support transactions, specifically focusing on complexities associated with IT system controls, as well as the valuation methodology used to determine child support debts that the department may not be able to collect from the paying parent;
• intangible assets due to the complexities associated with the valuation and measurement of these assets, and the need to assess if the carrying value of assets remains appropriate; and
• the effectiveness of measures designed to improve compliance with legislative payment conditions. In some cases non-compliance will lead to a breach of section 83 of the Constitution.

5.379 As referred at paragraph 5.372 above, the department delivers personal benefit payments in the order of $168 billion made on behalf of the Department of Social Services, the Department of Health and a number of other entities. The areas highlighted for specific audit coverage in relation to these personal benefit payments for 2014–15 are:

• the internal control environment, including the IT general controls related to change, security and access management that support Centrelink, Medicare, and Aged Care related payments;
• the department’s controls over the validation and approval of personal benefit payments in accordance with the relevant legislation;
• the judgements and estimates involved in determining significant year end balances reported in other entities’ financial statements;
• the department’s compliance and quality assurance activities over the integrity of payments;
• the department’s arrangements for providing assurance over the accuracy and completeness of financial reports to other reporting entities;
• the status of changes to the Aged Care Management Payment System to correct errors in payments and data integrity issues. These payments are made on behalf of the Department of Social Services; and
• the effectiveness of measures designed to support compliance with legislative payment conditions. In some cases, non-compliance will lead to a breach of section 83 of the Constitution.

5.380 As an integral part of the interim audit phase, the ANAO also assesses the IT environment which includes the examination of IT general controls in relation to system changes and security management for key systems that support the preparation of the department’s financial statements and financial information reported in other entities’ financial statements.

Audit results

5.381 The ANAO’s interim audit phase has been completed. Our coverage included an assessment of controls in relation to: employee and supplier expenditure; cash and asset management; child support transactions; and IT infrastructure and key IT systems supporting the department’s financial statements. IT general controls that support Centrelink, Medicare, and Aged Care related payments, made on behalf of other Commonwealth entities, were also assessed.

5.382 The remaining areas of audit focus to be completed as part of the 2014–15 final audit phase include the valuation methodology to determine child support debts at year-end, and the valuation of the department’s non-financial assets, particularly intangibles.

5.383 During the 2014–15 final audit phase, the ANAO will also assess the controls over those personal benefits payments paid by the department on behalf of other Commonwealth entities, including the associated compliance and quality assurance activities.

5.384 To date, our audit coverage has not identified any new significant or moderate audit issues.

5.385 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

Unresolved audit issue

Aged Care Management and Payment System

5.386 The department commenced replacing its legacy systems for the social welfare and health care payments during 2013–14. In October 2013, the department introduced a new Aged Care Management and Payment System (ACMPS) to pay subsidy payments to aged care service providers on behalf of the Department of Social Services.

5.387 Defects were detected in ACMPS relating to controls over user acceptance testing and change management approval processes and incident management. The department also identified issues related to system changes, duplicate claims, and cumulative errors. The department had advised that it was reviewing the design of the system and implementing a number of system changes.

5.388 During 2014–15 the department recalculated the payments to aged care providers assessed at risk of error. This process identified approximately $20.7 million of overpayments that the department is in the process of recovering. The department is well advanced in its remediation action plan for ACMPS and the ANAO will confirm the related payments are materially correct for the 2014–15 financial year as part of the 2014–15 final audit phase.

Legislative breach

Actual and potential breaches of section 83 of the Constitution

5.389 The department’s 2013–14 financial statements reported four breaches of section 83 of the Constitution in relation to payments from the Superannuation Clearing House special account for the period 1 July 2013 to 31 March 2014 and payments from the Recovery of Compensation for Health Care and Other Services special accounts for the 2013–14 financial year. From 1 April 2014, the responsibility for the Superannuation Clearing House Special Account and for resolution of the legislative issue, transferred to the Australian Taxation Office.

5.390 At the time of the interim audit phase, the department was reviewing controls over payments made from special accounts, particularly the Child Support Special Account and the Recovery of Compensation for Health Care and Other Services Special Account. The ANAO will assess progress in addressing this issue as part of the 2014–15 phase.

Conclusion

5.391 Based on our audit coverage to date, and except for the issue relating to the aged care management and payment system referred to above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Human Services will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Treasury Portfolio

Department of the Treasury

5.392 The Department of the Treasury (the Treasury) is the primary advisory body to the Australian Government on economic policy and development. The Treasury develops and implements policies to improve the wellbeing of the Australian people, by achieving strong, sustainable economic growth, through the provision of advice to the Australian Government, and the efficient administration of federal financial relations.

5.393 The Treasury’s business operations include:

• supporting a sound macroeconomic environment through monitoring and assessing economic conditions and prospects, both in Australia and internationally which includes providing advice on the formulation and implementation of effective macroeconomic policy, including monetary and fiscal policy, and labour market issues;
• supporting ongoing reform of international financial institutions and the engagement between those institutions, the Australian Government and the Group of 20 (G20) on issues of mutual interest, such as investment and infrastructure;
• providing advice on budget policy issues, trends in Commonwealth revenue and major fiscal and financial aggregates, major expenditure programs, taxation policy, retirement income, Commonwealth-State financial policy and actuarial services provided by the Australian Government Actuary; and
• providing advice on policy processes and reforms that promote a secure financial system and sound corporate practices, removing impediments to competition in product and services markets and safeguarding the public interest in matters such as consumer protection and foreign investment.

5.394 The key characteristics of the Treasury’s business operations that shaped the ANAO’s 2014–15 planned financial statements audit coverage include:

• the Council of Australian Governments (COAG) federal financial relations framework reflected in the Federal Financial Relations Act 2009 (FFR Act). Under this framework, individual Commonwealth entities have responsibility for monitoring the performance of programs and advising the Treasury of details of amounts payable to the states and territories under National Partnership agreements;
• reporting of a number of significant administered balances including the Commonwealth’s liability under the Natural Disaster Relief and Recovery Arrangements (NDRRA) and the fair value of the Commonwealth’s investment in international financial institutions; and
• continuing legislative compliance issues associated with section 83 of the Constitution.

5.395 In light of these characteristics and the ANAO’s understanding of the operations of the Treasury, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.396 The following table sets out the Treasury’s estimated 2014–15 and actual 2013–14 key financial balances. These balances assist in understanding the scale of the financial operations of the Treasury.

The Treasury’s estimated average staffing level for 2014–15 is 815 (2013–14: 899).

Governance arrangements

5.397 The Treasury has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of the Treasury’s business objectives. These arrangements are designed to support the Treasury’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.398 The key elements of the Treasury’s corporate governance arrangements include:

• an executive board, chaired by the Secretary, that meets monthly and is responsible for high level policy issues relating to the Treasury’s strategic leadership and management;
• an audit committee that meets at least six times a year and provides independent assurance and advice to the Secretary and the Executive Board on the Treasury’s governance risk, control and compliance framework;
• a fraud control plan that is monitored and reviewed on a cyclical basis in line with the Commonwealth Fraud Control Framework;
• a comprehensive and coordinated framework for incorporating risk management into broader management and business processes; and
• an internal assurance function that has a planned risk based coverage of the Treasury’s activities.

Areas of audit focus

5.399 In light of the ANAO’s understanding of the Treasury’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the Treasury’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the recognition and measurement of grant payments under the federal financial relations framework, as reflected in the FFR Act, due to the Treasury’s reliance on information provided by third parties, particularly other Commonwealth entities;
• the methodology used to estimate the NDRRA provision due to the complex estimation process involved;
• the valuation, accounting and reporting of disclosures associated with the Commonwealth’s investments in international financial institutions; and
• compliance with relevant aspects of the Commonwealth’s financial framework and the implementation of measures designed to address the risk of a breach of section 83 of the Constitution, referred to in the 2013–14 financial statements.

5.400 As an integral part of the interim audit phase, the ANAO also assesses IT general and application controls for key systems that support the preparation of the Treasury’s financial statements.

Audit results

5.401 The ANAO’s interim audit phase coverage has been completed. Audit coverage included an assessment of the controls relating to grant processing, including controls over the assessment of grant eligibility and grant payments, and the processes that support the estimate of the Commonwealth’s liability for NDRRA.

5.402 Audit coverage of the department’s processes in relation to: cash and asset management; accounts payable and receivable; payroll processing; IT general controls, and application controls in the FMIS and HRMIS, has also been completed.

5.403 The other areas of audit focus, including the planned coverage of the Commonwealth’s investments in international financial institutions, will be completed as part of the final audit phase.

5.404 To date, our audit coverage has identified one new moderate audit issue relating to the reporting of the NDRRA liability, discussed below. No significant or moderate audit issues were identified in 2013–14.

5.405 The legislative matter relating to section 83 of the Constitution identified in 2013–14, also discussed below, remains unresolved.

New moderate audit issue

Administration of the National Disaster Relief and Recovery Arrangements (NDRRA)

5.406 As discussed at paragraph 5.37 above, under the NDRRA the Commonwealth reimburses up to 75 per cent of state expenses after certain thresholds are met. The Treasury is responsible for the NDRRA policy framework⁶², making approved payments to the states based on certifications provided by AGD and reporting the Australian Government’s liability in its annual financial statements. As at 30 June 2014, the liability in Treasury’s financial statements was $3.6 billion (2012–13: $5.7 billion).

5.407 During the 2014–15 interim audit phase, the ANAO reviewed the Treasury’s control framework in relation to the Australian Government’s liability for NDRRA. The ANAO identified that:

• the Memorandum of Understanding between the Treasury and AGD does not clearly define the responsibilities of each party in respect of the assessment of the Australian Government’s liability; and
• the processes in relation to the assessment of this liability, including the role of AGD, required improvement.

5.408 The ANAO considers that the Treasury, in consultation as required with AGD, should:

• strengthen the Memorandum of Understanding between the Treasury and AGD to more clearly define the responsibilities of each party;
• improve the processes for estimating the Australian Government’s liability for NDRRA, including reviewing the assumptions and analysis that support the liability balance included in Treasury’s annual financial statements;
• enhance the disclosure in the 2014–15 financial statements to reflect the estimation uncertainty inherent in the liability, and to disclose information relevant to the calculation of the liability for NDRRA; and
• follow up amounts identified as ineligible in ANAO Audit Report No.34 2014–15 and assess the impact on the 2014–15 financial statements, including whether ineligible payments are potentially in breach of section 83 of the Constitution.

5.409 The Treasury has agreed to progress these matters, and the effectiveness of the steps taken to support the estimate of the Australian Government’s liability as at 30 June 2015 will be assessed during the final phase of the 2014–15 audit.

Legislative breach

Potential breaches of section 83 of the Constitution

5.410 In 2013–14, the ANAO reported a risk of a potential breach of section 83 of the Constitution where payments could be made out of the COAG Reform Fund Special Account in contravention of terms and conditions contained within National Partnership Agreements. The Treasury has undertaken a risk assessment of all its National Partnership Agreements and has implemented additional assurance processes where Agreements have been assessed as higher risk.

5.411 The ANAO will complete its review of the risk assessment and key controls during the final phase of the 2014–15 audit.

Conclusion

5.412 Based on our audit coverage to date, and except for the audit finding referred to at paragraphs 5.406 to 5.409 above, in relation to the administration of NDRRA, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that the Treasury will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year, and the potential implications of any breaches of section 83 of the Constitution, will be assessed during the 2014–15 final audit phase.

Australian Office of Financial Management

5.413 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets. AOFM issues treasury bonds, treasury indexed bonds and treasury notes, manages the Australian Government’s cash balances and invests in financial assets. AOFM aims to meet the Australian Government’s financing needs in a cost effective manner subject to acceptable risk and to meet its policy objectives of maintaining liquid and efficient bond and bond futures markets.

5.414 AOFM’s business operations include:

• funding the Australian Government’s budget, to the extent required, through the issuance of Australian Government debt;
• managing the Australian Government’s daily cash balances through short term borrowings and investments;
• undertaking investments in financial assets in accordance with government policy objectives;
• managing its portfolio of debt and financial assets cost-effectively, subject to acceptable risk; and
• supporting the efficient operation of Australia’s financial system.

5.415 The key characteristics of AOFM’s business operations that shaped the ANAO’s 2014–15 planned financial statements audit coverage include:

• the volume of investment activity of financial assets and issuance of financial liabilities, that are material to both AOFM and the Consolidated Financial Statements;
• a continuation of the issuance of treasury indexed bonds to meet the Government’s funding requirements; and
• material and complex financial assets and liabilities and their associated fair value assessment.

5.416 In light of these characteristics and the ANAO’s understanding of the operations of AOFM, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as moderate.

Key financial balances

5.417 AOFM’s key financial balances are:

AOFM’s estimated average staffing level for 2014–15 is 42 (2013–14: 42).

*The administered deficit reflects estimated net re-measurements and gains/losses of $14 538.6m (2013–14: $3 852.5m).

Governance arrangements

5.418 AOFM has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of AOFM’s business objectives. These arrangements are designed to support AOFM’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.419 The key elements of AOFM’s corporate governance arrangements include:

• an advisory board accountable to the Secretary of the Department of the Treasury that meets quarterly and provides general counsel and guidance on debt management policy, operational strategy and the performance of AOFM;
• a governance committee framework, including an audit committee which focuses on internal and external audit; fraud control and the statutory financial statements. Other committee activities include:
  • an Executive Group that coordinates the overall management of the entity, including the consideration of strategic issues; coordination of priorities; financial management; organisational arrangements and resource management;
  • a Portfolio Strategy Committee that advises the Chief Executive Officer on operational debt policy and financial management issues; and
  • an Information Technology Steering Committee that oversees current and planned information technology projects and operations.
• an internal audit function that provides a risk based coverage of AOFM’s activities;
• an integrated enterprise risk management and assurance framework that enable the incorporation of risk management into an assurance strategy which supports AOFM’s broader management objectives and the design of business processes; and
• a financial reporting framework that involves the monitoring of the performance and financial management of key business areas and the preparation and monitoring of monthly financial reports.

Areas of audit focus

5.420 In light of the ANAO’s understanding of AOFM’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on AOFM’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the complex fair value measurement of financial assets and liability securities;
• processes supporting the implementation of a new treasury management system; and
• legislative compliance, particularly the implementation of measures designed to address the risk of breaches of section 83 of the Constitution.

5.421 The ANAO will continue to provide audit coverage of the following areas which have previously been identified as having a significant impact on the financial statements:

• the control environment and the establishment of adequate controls to enable compliance with aspects of relevant financial management legislation;
• the management and control framework for the issuance of debt instruments including treasury bonds, treasury indexed bonds and treasury notes; and
• internal assurance activities, including compliance reporting, and fraud prevention activities.

5.422 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of AOFM’s financial statements.

Audit results

5.423 The ANAO’s interim audit phase coverage has been completed. Audit coverage included the areas of audit focus relating to the implementation of a new treasury management system, and controls supporting the issuance of debt instruments. Audit coverage of cash and other financial asset management; accounts payable and receivable; payroll processing; IT general controls, and application controls in the FMIS and HRMIS, has also been completed.

5.424 The other areas of audit focus, including the assessment of the measurement and disclosure of financial assets and liability securities, will be completed as part of the 2014–15 final audit.

5.425 No significant or moderate audit issues have been raised by the ANAO as a result of the audit coverage to date. The 2013–14 audit also did not identify any significant or moderate audit issues.

Conclusion

5.426 Based on our audit coverage to date, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that AOFM will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Australian Taxation Office

5.427 The Australian Taxation Office (ATO) is the Australian Government’s principal revenue collection entity, administering Australia’s taxation system, regulating aspects of the superannuation system and supporting delivery of government benefits to the community.

5.428 In 2014–15, the ATO is expected to raise over $350 billion in revenue, representing approximately 90 per cent of the Australian Government’s total revenue.

5.429 The ATO’s business operations include:

• the administration of Australia’s taxation, excise and superannuation systems and emphasising to the community the importance of willing and proper participation in these systems;
• protecting Australia’s revenue system by deterring, detecting and engaging with those who have not complied with their taxation obligations;
• supporting the delivery of government benefits to the community including private health insurance, family assistance and fuel grants schemes;
• providing cross-entity support by exchanging information, performing data matching, and the payment of taxation refunds to other entities in respect of debts owing to the Commonwealth;
• supporting whole-of-government initiatives in taxation law enforcement;
• maintaining the Australian Business Register to facilitate the interaction between businesses and government; and
• registering charities, public benevolent institutions and not-for-profit organisations for Commonwealth purposes through the Australian Charities and Not-for-profits Commission.

5.430 The key characteristics of the ATO’s business operations that shaped the ANAO’s 2014–15 planned financial statements audit coverage include:

• the complexity of the collection and measurement of taxation revenue, including reliance on a self-assessment regime;
• the significant use of estimation and allocation processes to determine financial results; and
• extensive IT business systems and associated processes.

5.431 In light of these characteristics and the ANAO’s understanding of the operations of ATO, the ANAO has assessed, for the purposes of planning the audit coverage for 2014–15, the risk of a material misstatement as high.

Key financial balances

5.432 ATO’s key financial balances are:

ATO’s estimated average staffing level for 2014–15 is 19 068 (2013–14: 21 397).

Governance arrangements

5.433 The ATO has designed and implemented governance arrangements, a financial reporting regime and an internal control system to enable the achievement of ATO’s business objectives. These arrangements are designed to support ATO’s financial reporting requirements, the effectiveness and efficiency of its operations and compliance with applicable legislative requirements.

5.434 The key elements of ATO’s corporate governance arrangements include:

• an executive committee that sets the strategic direction and monitors delivery of ATO’s commitments to government and the community;
• an audit and risk committee that meets four times a year and focuses on providing independent assurance and advice to the Tax Commissioner on the existing governance framework, risk management practices and internal control environment;
• a fraud control plan which outlines ATO’s obligations under the Commonwealth Fraud Control Framework and includes information relating to the ATO’s fraud risk assessments, fraud control testing activities and mitigation strategies. The results of these activities are reported to the Audit and Risk Committee;
• a risk assessment process which involves identifying and managing both enterprise and operational risks;
• an internal audit function, that supports the Audit and Risk Committee by undertaking a range of assurance, compliance and performance audits across the ATO; and
• a financial reporting framework that involves the monitoring of the performance and financial management of key business areas and the preparation and monitoring of monthly financial reports.

Areas of audit focus

5.435 In light of the ANAO’s understanding of the ATO’s environment and governance arrangements, that includes its financial reporting regime and system of internal control, the ANAO’s audit approach identifies particular areas of audit focus that have the potential to impact on the ATO’s financial statements. Areas highlighted for specific audit coverage in 2014–15 are:

• the ATO’s compliance program in relation to the collection of taxation revenues;
• the complex estimation and allocation processes associated with financial reporting involving the application of significant judgement and specialist knowledge;
• the estimate of taxpayer credit amendments and the related impact on the recognition of taxation revenue;
• processes for estimating tax debt collectability and the impact on the taxation receivable balance at year end; and
• the ATO’s reliance on IT business systems and associated processing of taxpayer returns and statements.

5.436 As an integral part of the interim audit phase, the ANAO also assesses the IT general and application controls for key systems that support the preparation of ATO’s financial statements.

Audit results

5.437 The ANAO has completed its interim audit coverage of the ATO’s revenue collection and financial administration systems, and its business processes for estimating tax debt collectability. Audit coverage has included an assessment of the ATO’s key IT general and application controls, including a review of logical security, change and release management and controls in the ATO’s FMIS, HRMIS and other supporting financial systems.

5.438 As part of the 2014–15 final audit phase, audit coverage of the estimate of revenue collected at year-end and its reporting in the financial statements, the year-end taxation receivable balance, the estimation of taxation credit amendments, and the finalisation of the work on the ATO’s external compliance program will be completed.

5.439 To date, our audit coverage of the key areas of audit focus has not identified any new significant or moderate audit issues.

5.440 The following table summarises the status of audit issues reported by the ANAO in 2013–14 and 2014–15.

Status of audit issues raised by the ANAO

Unresolved audit issue

Drawing reports from the data warehouse

5.441 In producing the 2013–14 financial statements, the ATO manually extracted data from its data warehouse using queries written in structured query language (SQL). The ANAO identified that a large proportion of these SQLs were not subject to formal controls usually expected in the generation of financial reporting information.

5.442 The ATO is undertaking a significant amount of work to migrate these SQLs to an appropriate control environment. The ANAO will complete its assessment of this work during the final audit phase.

Legislative breach

Actual breaches of section 83 of the Constitution

5.443 In 2013–14, the notes to the ATO financial statements reported two breaches of section 83 of the Constitution totalling $479. These breaches were related to the Superannuation Clearing House Special Account. Responsibility for this account transferred from the Department of Human Services to the ATO on 1 April 2014. However, the payments from the account are made by the Department of Human Services, on behalf of the ATO.

5.444 The Department of Human Services has undertaken, in consultation with the ATO, to improve procedures and provide further training to operational staff regarding the application of the procedures.

5.445 The ATO continues to review the risk of breaches of section 83 of the Constitution on an annual basis. The ANAO will assess the ATO’s compliance with section 83 of the Constitution as part of the final audit phase.

Conclusion

5.446 Based on our audit coverage to date, and except for the data warehouse issue referred to above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that ATO will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2014–15 final audit phase.

Appendices

Please refer to the PDF version of the report for the Appendices:

• Appendix 1: Entities covered by this report
• Appendix 2: The accounting and auditing standards frameworks
• Appendix 3: The financial reporting framework for 2014–15 financial statements

Abbreviations and Acronyms