1. The primary purpose of financial statements is to provide relevant, reliable information to users about a reporting entity’s financial position. In the public sector, the users of financial statements include Parliament, Ministers and the community. The preparation of timely and accurate audited financial statements is also an important indicator of the effectiveness of an entity’s financial management, which fosters confidence in an entity on the part of users.

2. The Australian National Audit Office (ANAO) publishes two reports annually addressing the outcomes of the financial statement audits of Australian government entities¹ and the Consolidated Financial Statements (CFS) of the Australian Government to provide Parliament an independent examination of the financial accounting and reporting of public sector entities.

3. This report focuses on the results of the interim audit phase, including an assessment of entities’ key internal controls, of the 2016–17 financial statements audits of 25 entities, including all departments of state and a number of major Australian government entities. The entities included in the 2016–17 report are selected on the basis of their contribution to the revenues, expenses, assets and liabilities of the 2015–16 CFS. Significant and moderate audit findings are reported to the responsible Minister(s), and all findings are reported to those charged with governance of each entity.

4. The second report provides the results of the 2016–17 final audits of the financial statements of all Australian Government controlled entities and the CFS.

Summary of audit findings and related issues

Entity internal controls

5. A central element of the ANAO’s financial statements audit methodology and the focus of the planning phase of ANAO audits is a sound understanding of an entity’s environment and internal controls. This understanding informs our audit approach, including the reliance placed on entity systems to produce financial statements that are free from material misstatement. To do this, the ANAO uses the framework contained in the Australian Auditing Standard 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment (ASA 315).

6. At the completion of the interim audits, the ANAO reported that:

• Eighteen entities had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
• Four entities, that except for particular finding/s outlined in chapter 3, had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
• The findings outlined in chapter 3 for three entities reduced the level of confidence that can be placed on key elements of internal control that support the preparation of financial statements that are free from material misstatement for these entities.

7. The key elements of internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

Summary of audit findings

8. A total of 110 findings were reported to the entities included in this report as a result of interim audits. These comprised one significant, 20 moderate and 89 minor findings. The number of significant findings is consistent with the 2015–16 results. The level of moderate and minor audit findings increased when compared with the interim results of 2015–16 where 17 moderate and 71 minor findings were reported.

9. Sixty seven per cent of significant and moderate findings continue to be in the areas of: compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting; and management of IT controls, particularly the management of privileged users. These areas warrant further attention by entity management.

10. Entities have an ongoing responsibility to monitor the effectiveness of their systems and related controls to be confident of the integrity of the financial information reported to management and in the annual financial statements.

Audit Committees

11. An independent audit committee is a fundamental principle of good governance. The audit committee plays a key role in assisting the accountable authority to fulfil its governance, risk management and oversight responsibilities through the provision of independent assurance and advice.

12. The entities considered in this report have met the minimum requirements set out in the Public Governance Performance and Accountability Rule 2014 (the PGPA Rule) for the establishment of audit committees in relation to financial reporting. The ANAO’s observations indicate there is an opportunity for entities to build on the core requirements of the PGPA Rule and to consider how the effectiveness of audit committees could be further enhanced.

Reporting relating to compliance with finance law

13. From 2015–16, the Department of Finance changed the compliance reporting process to require entities to report significant non-compliance with finance law² to both the Minister for Finance and the responsible Minister.

14. The ANAO’s review noted that entities had continued to undertake the processes for monitoring and reporting all instances of non-compliance that were applied under the previous certificate of compliance requirements. Entities reported a summary of all instances of non-compliance identified during the 2015–16 reporting period to the accountable authority and audit committee along with a recommendation as to whether any non-compliance was considered to be significant.

Reporting and auditing frameworks

Disclosure of Related Party Transactions

15. From 1 July 2016 all Australian Government controlled entities are required to disclose material transactions with related parties in the notes to their financial statements in accordance with AASB 124 Related Party Disclosures (AASB 124). Related parties may include CEOs, board members and Ministers, as well as close family members and controlled entities of these parties.

Enhancing performance reporting

16. The PGPA Act requires each Commonwealth entity to produce a four-year corporate plan at least once each financial year and provide it to the responsible Minister and the Minister for Finance. Each entity is also required to include annual performance statements in its annual report. The ANAO has continued audit work in this area in 2016–17.

Reduced Disclosure Requirements

17. Australian Accounting Standards include a Reduced Disclosure Regime (RDR) option that allows for some specified disclosures to be omitted from the general purpose financial statements of certain entities. The Minister for Finance has determined that, with some exceptions, Australian Government entities may apply the RDR from 2016–17.

Auditor’s report on the financial statements

18. In December 2015, the Australian Auditing and Assurance Standards Board issued a suite of new and revised standards dealing with auditor reporting. A number of revisions were made in the standards with the aim of increasing the transparency and value of auditor reporting.

19. These changes are now effective for the ANAO and users will see significant changes to the auditor’s reports issued by the ANAO for financial years ended 30 June 2017. Auditor’s reports on financial statements will be longer than before with key information given appropriate prominence. For entities included in this report, the ANAO will also include key audit matters in the 2016–17 auditor’s reports.

Other developments

20. The Minister for Finance and the Secretary of the Department of the Prime Minister and Cabinet have requested respectively government business enterprises and government entities to provide additional information relating to senior management personnel remuneration on their websites.

Cost of this report

21. The cost to the ANAO of producing this report is approximately $435 000.

Introduction

1.1 The ANAO publishes an Annual Audit Work Program (AAWP) which reflects the ANAO’s strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits and other assurance activities.

1.2 The financial statements audit coverage as outlined in the AAWP includes presenting two reports to the Parliament addressing the outcomes of the financial statements audits of Australian Government entities and the Consolidated Financial Statements of the Australian Government (CFS). These reports provide Parliament an independent examination of the financial accounting and reporting of public sector entities.

1.3 This report focuses on the interim results of the audits of 25 entities. This includes a review of the governance arrangements related to entities’ financial reporting responsibilities and an examination of the relevant internal controls, including information technology system controls, that support the preparation of financial statements that are free from material misstatement.

1.4 The second report presents the final results of the financial statements audits of the CFS and all Australian Government entities.

1.5 The entities included in this report are those entities that contribute significantly to the three sectors of the CFS: the General Government Sector (GGS), Public Non-Financial Corporation (PFNC) sector and Public Financial Corporation (PFC) sector.³ A listing of these entities is provided in Appendix 1.

1.6 The ANAO conducts its financial statements audits in four phases: planning, interim, final and completion. Figure 1.1 outlines the key elements of each phase.

Figure 1.1: ANAO financial statements audit process

 

 

1.7 Accountable authorities⁴ of all Commonwealth entities and companies subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act) are required to govern the entity in a way that promotes the proper use and management of public resources, the achievement of the purposes of the entity and the entity’s financial sustainability.⁵ This requires the development and implementation of effective corporate governance arrangements and internal controls designed to meet the individual circumstances of each entity. These processes also assist in the orderly and efficient conduct of the entity’s business, and compliance with applicable legislative requirements, including the preparation of annual financial statements that present fairly the entity’s financial position, financial performance and cash flows.

1.8 A central element of the ANAO’s financial statements audit methodology, and the focus of the planning phase of the ANAO audits, is a sound understanding of an entity’s environment and internal controls relevant to assessing the risk of material misstatement in the financial statements. This understanding informs the ANAO’s audit approach, including the reliance that may be placed on entity systems to produce financials statements that are free from material misstatement. The interim phase of the audit assesses the operating effectiveness of controls. In the final audit phase the ANAO completes its assessment of the effectiveness of controls for the full year, substantively tests material balances and disclosures in the financial statements, and finalises its audit opinion on entities’ financial statements.

1.9 The auditor’s understanding of the entity, its environment and its controls, helps the auditor design the work needed and respond to significant risks that bear on financial reporting. The key areas of financial statements risks determined as a result of this planning approach are discussed in chapter 3 for each entity included in this report.

1.10 In accordance with generally accepted auditing practice, the ANAO accepts a low level of risk that the audit procedures will fail to detect that the financial statements are materially misstated. This low level of risk is accepted because it is too costly to perform an audit that is predicated on no level of risk. Specific audit procedures are performed to ensure that the risk accepted is low. These procedures include: obtaining knowledge of the entity and its environment, reviewing the operation of internal controls, undertaking analytical reviews, testing a sample of transactions and account balances, and confirming significant year end balances with third parties.

1.11 This chapter outlines observations made by the ANAO through obtaining this understanding, and the summarised results of testing of entities’ underlying control activities.

Understanding entities and their environments

1.12 The ANAO uses the framework in ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment to consider the impact of different elements of an entity’s internal controls supporting the preparation of financial statements. This approach provides a basis for designing and implementing responses to the assessed risk of material misstatement. Figure 1.2 outlines these elements.

Figure 1.2: Elements of entity internal controls

Source: ASA 315 Identifying and assessing the risk of material misstatement through understanding the entity and its environment, paragraph A58.

1.13 This chapter discusses each of these elements and outlines observations based on the ANAO’s review of aspects of each entity’s internal control, relevant to the risk of material misstatement to the financial statements, including the detailed results of the interim audits.

Control environment

1.14 The PGPA Act sets out the requirements to establish and maintain systems relating to risk and control. Division 2, section 16 of the PGPA Act states that:

The accountable authority of a Commonwealth entity must establish and maintain:

(a) an appropriate system of risk oversight and management for the entity; and

(b) an appropriate system of internal control for the entity;

including by implementing measures directed at ensuring officials of the entity comply with finance law.⁶

1.15 In assessing an entity’s control environment that supports the preparation of financial statements that are free from material misstatement, the ANAO reviews aspects of the governance structures. The ANAO considers whether management has established frameworks and processes that promote positive attitudes, awareness and actions concerning the entity’s internal controls and their importance in the entity. The main elements reviewed include: governance structures relevant to the preparation of the financial statements; audit committee and assurance arrangements; and systems of authorisation, recording and procedures.

1.16 All entities included in this report had established executive management structures that met at least monthly, in the form of Executive Committees and sub-committees, supporting financial decision making at the strategic and operational levels.

1.17 Consistent with previous years, consideration of financial reporting including accrual information was included on the agendas of all 25 entities’ executive and audit committees. The financial information provided to the entities’ executives was supplemented by non-financial operational information.

1.18 Clear accountability structures are important in establishing a strong internal control environment for the purposes of preparing the financial statements. The involvement of those charged with governance is an important element of these structures. Just as important is ensuring that staff at all levels understand their own role in the control framework. This can be achieved through the issuance of accountable authority instructions⁷, and delegation instruments. All entities reviewed had established accountable authority instructions and delegations reflecting current business arrangements.

1.19 At the completion of the interim audits, the ANAO reported that:

• Key elements of internal control were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.⁸
• Except for particular finding/s outlined in chapter 3, key elements of internal control were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.⁹
• The findings outlined in chapter 3 reduce the level of confidence that can be placed on key elements of internal control that support the preparation of financial statements that are free from material misstatement.¹⁰

1.20 The key elements of internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audits.

Audit committees

1.21 ANAO Report No.33 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016 examined the arrangements of audit committees for a sample of twenty entities. As part of the 2016–17 interim audits, the ANAO extended this assessment to all entities included in this report.

1.22 Section 45 of the PGPA Act requires accountable authorities of Commonwealth entities to establish an audit committee. Commonwealth companies are required to establish an audit committee under section 92 of the PGPA Act.

1.23 An independent audit committee is a fundamental principle of good governance.¹¹ The audit committee plays a key role in assisting the accountable authority to fulfil its governance, risk management and oversight responsibilities through the provision of independent assurance and advice.

1.24 Section 17 of the Public Governance Performance and Accountability Rule 2014 (PGPA Rule) sets out the minimum requirements relating to the audit committee of a Commonwealth entity. Key requirements of the PGPA Rule include:

• A written charter, set by the accountable authority, determining the functions of the audit committee for the entity. These functions must include reviewing the appropriateness of the accountable authority’s:
  • financial reporting;
  • performance reporting;
  • system of risk oversight and management; and
  • system of internal control.
• Membership of the committee to include at least three persons with appropriate qualifications, skills or experience to assist the committee to perform its functions and a majority of committee members must be independent of the entity.
• Persons that must not be a member of the audit committee: the accountable authority or, if the accountable authority has more than one member, the head; the Chief Financial Officer; and the Chief Executive Officer.

1.25 All entities included in this report had established an audit committee and had developed and endorsed an audit committee charter which set out the responsibilities required by the PGPA Rule.

1.26 To assist the audit committee in discharging its responsibilities the entities developed a formal work plan detailing which meetings these responsibilities would be considered during the financial year.

1.27 The PGPA Rule requires that audit committees have a majority of independent members.¹² Audit Committees A Guide to Good Practice, released jointly by the Auditing and Assurance Standards Board, the Australian Institute of Company Directors and the Institute of Internal- Auditors Australia, notes that independent audit committee members are those:

… free from any management, business or other relationship that could reasonably be perceived to materially interfere with their ability to act in the best interests of the entity. Independence is arguably a state of mind, and cannot necessarily be assessed by a person’s relationship with the entity. It is commonplace to examine an audit committee members’ past and current relationships with the entity as indicators of independence, or otherwise.

1.28 The ANAO observed that all entities had established audit committees consisting of a majority of members which were assessed by the entity to be independent. Twenty-one entities had appointed an independent audit committee chair.¹³

1.29 Seventeen¹⁴ entities had established a sub-committee to support the audit committee in discharging its responsibility in regard to advising the accountable authority on the appropriateness of the entity’s financial reporting. Of these, 16 entities’ sub-committees comprised internal staff members and were chaired by an independent member of the audit committee. One sub-committee was chaired by a non-independent audit committee member.¹⁵ Nine financial statements sub-committees included the Chief Financial Officer as a member.¹⁶

1.30 The ANAO observed that the responsibilities of financial statements sub-committees varied among entities and included: oversight of accounting policy decisions; review of key management judgements and estimates; and oversight of the financial statements preparation process. The sub-committees reported to the audit committee through either a standing agenda item at each meeting or at year-end.

1.31 In setting up such sub-committees, audit committee members should ensure that they are not delegating their responsibilities or diluting the independence requirements of the PGPA rule.

1.32 The entities considered in this report have met the minimum requirements set out in the PGPA rule for the establishment of audit committees in relation to financial reporting. The ANAO’s observations indicate there is an opportunity for entities to build on the core requirements of the PGPA Rule and to consider how the effectiveness of audit committees could be further enhanced.

Risk assessment processes

1.33 Section 16 of the PGPA Act sets out an accountable authority’s responsibilities in regard to the establishment of appropriate risk oversight and management in an entity. An understanding of an entity’s risk assessment process is essential to an effective and efficient financial statements audit. The ANAO reviews how entities identify risks relating to financial statements, how these risks are managed and considers the risk of material misstatement of an entity’s financial statements.

1.34 All entities reviewed had a risk management process to develop and update risk management plans at the organisational and work area levels. In addition, each had developed processes for the identification and notification of risks relevant to financial statements preparation either as part of the overall risk management plan, or through a targeted risk identification exercise. The monitoring of risks, and the entities’ implementation of risk management strategies, was typically assigned to either an executive committee and/or the audit committee.

Fraud control management

1.35 The Commonwealth Fraud Control Framework (the Framework) outlines the principles for fraud control within the Australian Government and sets minimum standards to assist entities in carrying out their responsibilities to combat fraud against government programs. As with risk management plans, fraud control plans need to be reviewed regularly and updated when significant changes to roles or functions occur, so that they reflect an entity’s current fraud risk and control environment. There are benefits in entities assessing fraud risks as part of risk management processes.

1.36 The importance of entities establishing effective fraud control arrangements is recognised in section 10 of the PGPA Rule, which specifies that accountable authorities must develop and implement a fraud control plan for the entity. The Framework requires entities to conduct fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity.¹⁷

1.37 In assessing the risks of material misstatement of an entity’s financial statements, the Auditor-General considers misstatements arising from both fraud and error. In respect of fraud, two types of intentional misstatements are relevant – misstatements arising from fraudulent financial reporting and misstatements resulting from the misappropriation of assets. ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report contains requirements for identifying the risks of material misstatement due to fraud, and designing audit procedures to detect such misstatement.

1.38 As part of the ANAO’s 2016–17 interim audits, the ANAO identified that 24 of the entities included in this report had established a fraud control plan that had been reviewed within the last two years. At the time of the ANAO’s interim audit, the Department of the Treasury was in the process of updating its risk assessment.¹⁸

1.39 Entities had also assigned responsibility for the oversight and monitoring of fraud control strategies and initiatives to specified fraud and governance roles or dedicated branches and the audit committee.

Monitoring of controls

1.40 Entities undertake many types of activities as part of their monitoring of control processes, including external reviews, self-assessment processes, post-implementation reviews and internal audits. The level of review of these activities by the ANAO is determined through a risk assessment approach that takes into consideration the nature, extent and timing of each activity and the activities application to the preparation of the financial statements.

Internal Audit

1.41 As part of its financial statements audit coverage, the ANAO reviews the activities of internal audit in accordance with ASA 610 Using the Work of Internal Auditors. The ANAO approach takes into account the work completed by internal audit, and, where appropriate, reliance is placed on it to ensure an effective audit approach.

1.42 Internal audit is a key source of independent and objective assurance advice on an entity’s risk framework and internal control. Depending on the role and mandate of an entity’s internal audit function, it can play an important role in assessing the adequacy of both the financial systems that underpin an entity’s financial statements, and the preparation process.

1.43 The ANAO observed that internal audit coverage in the entities included in this report is based on an internal audit plan that is aligned with entities’ risk management plans and includes a combination of audits that address assurance, compliance, performance improvements and IT systems reviews. In addition, recommendations from management, audit committees and external influences, such as the AAWP, are factors considered in the development of internal audit work plans.

1.44 The extent of the ANAO’s reliance on internal audit coverage varies between entities, and greater reliance is placed on internal audit where the work is focused on financial controls and legislative compliance. The ANAO encourages entities to identify opportunities for internal audit coverage of key financial systems and controls as a means of providing increased assurance to accountable authorities to support the opinion expressed on the entity’s financial statements.

Reporting relating to compliance with finance law

1.45 The PGPA Act sections 19 and 91 require accountable authorities of Commonwealth entities, to give the responsible Minister, reasonable notice, of any significant issue that may affect the entity. Prior to 2015–16, general government sector entities were required to submit an annual Certificate of Compliance to the Minister for Finance and the responsible Minister summarising all non-compliance with the PGPA Framework. From 2015–16, the Department of Finance changed the compliance reporting process to require entities to report significant non-compliance with finance law to both the Minister for Finance and the responsible Minister.

1.46 To support the change in requirements, the Department of Finance issued guidance in relation to reporting of significant non-compliance through the Resource Management Guide 214 Notification of significant non-compliance with finance law (PGPA Act, section 19) (RMG 214). The guide outlines factors which may be considered when determining whether significant non-compliance occurred including:

• failure to comply with the duties of accountable authorities (sections 15 to 19 of the PGPA Act);
• serious breaches of the general duties of officials (sections 25 to 29 of the PGPA Act) including any fraudulent activity by officials;
• systemic issues reflecting internal control failings or high volume instances of non-compliance; and
• non-compliance issues that are likely to impact on the entity’s financial sustainability.

1.47 RMG 214 notes that the accountable authority should consider their entities’ environment when determining whether instances of non-compliance are significant. As part of the interim audits the ANAO considered entities’ application of RMG 214.¹⁹

1.48 Entities advised consideration was applied to the nature and volume of breaches when assessing significance.²⁰ The ANAO observed that two entities included quantitative factors in their formal definition. The assessment of whether breaches constitute a significant non-compliance is reliant on professional judgement. All entities reported a summary of instances of non-compliance identified during the 2015–16 reporting period to the accountable authority and audit committee along with a recommendation as to whether any non-compliance was considered to be significant.

1.49 In addition to notifying the relevant Minister of any significant issues which occur, the entity must also report any significant non-compliance in its annual report in line with the PGPA Rule section 17AG.

1.50 There were three entities which reported on compliance with the finance law in their 2015–16 annual report as outlined below.

• The Department of Defence reported 58 instances of significant non-compliance in relation to matters proven as fraud committed by an official and addressed by Defence authorities through criminal, disciplinary or administrative action.²¹
• The Department of Employment reported a number of instances where contracts were executed by officials outside of their financial delegations. The department noted that ‘While the non-compliance does not clearly align to the guidance on what would be considered ‘significant’ under the Department of Finance’s Resource Management Guide 214 – Notification of significant non-compliance with the finance law, the Secretary has determined that on balance and in the interests of transparent administration, the breaches should be disclosed’.²²
• The Department of Education and Training reported one instance, comprising 57 individual breaches, of systemic significant non-compliance. This relates to the Commonwealth Procurement Rule 7.16 which requires agencies to publish on AusTender the information on individual contracts and amendments within 42 days of entering into (or amending) a contract if they are valued at or above the reporting threshold.²³

1.51 The ANAO’s review noted that entities had continued to undertake the processes for monitoring and reporting instances of non-compliance that were applied under the previous certificate of compliance requirements.

1.52 Through these processes, in 2015–16 the entities included in this report identified a total of 3 963 instances of non-compliance. Two entities reported no non-compliance²⁴, three entities reported 47% of the non-compliance²⁵ and the remaining 20 entities reported between one and seven per cent of the non-compliance.

1.53 Figure 1.3 provides the ANAO analysis of instances of non-compliance by category as identified by entities in 2015–16.

Figure 1.3: Non-compliance identified during 2015–16 by entities

 

 

Source: ANAO analysis of non-compliance identified by entities.

1.54 Further details of the areas of non-compliance reported in 2015–16 are detailed below.

• Of the non-compliance with Commonwealth Procurement rules, 98% of the breaches related to rule 7.16 which requires entities to report contracts entered into or amended over $10 000 on AusTender within 42 days. The following three entities identified the highest levels of non-compliance in this area: the Department of Immigration and Border Protection identified 739 instances; the Department of Health identified 407 instances; and the Department of Industry, Innovation and Science identified 223 instances.
• Section 23 of the PGPA Act provides the powers for accountable authorities of non-corporate entities to enter into or vary contracts, agreements or deeds of understanding relating to the affairs of the entity and approve commitment of funds. Of the instances of non-compliance in 2015–16, 448 were identified by the Department of Defence; 159 by the Department of Foreign Affairs and Trade; and 104 by the Department of Immigration and Border Protection.
• The instances of non-compliance of the PGPA Act excluding section 23 related to the misuse of corporate credit cards and the commitment of expenditure.
• The non-compliance with the PGPA rule relates to failure to document the approvals to enter into arrangements under section 23 of the PGPA Act and banking monies within 5 days from receipt.
• Non-compliance with the Commonwealth Grant Rules and Guidelines resulted from entities not meeting the requirement to publish grants on the website within 14 days.

Information systems

1.55 An entity’s information system is used extensively for the processing of financial information that is used to prepare its financial statements. As a consequence, the review of each entity’s information system and its related controls forms a significant part of the ANAO audit examination of internal controls. Information system controls include entity-wide general controls that establish an entity’s IT infrastructures, policies and procedures, together with specific application controls that validate, authorise, monitor and report financial and human resource transactions.

1.56 Table 1.1 outlines the areas of focus used by the ANAO in assessing entities’ information system controls, including common controls tested to determine the effectiveness of those systems in supporting complete and accurate financial statements reporting.

Table 1.1: Information system controls – areas of focus

Source: ANAO compilation.

1.57 Observations from the ANAO’s interim audit phase relating to entities’ information system controls are provided under the IT Control environment section included in Control activities below. Refer to paragraphs 1.66 to 1.102

Control activities

1.58 As part of the interim audit phase, the ANAO assesses the effectiveness of key controls identified during the planning stages. This assessment is made at a point in time and provides the Parliament and entities an insight into weaknesses which have the potential to impact the financial statements at year end. The broad categories of control activities assessed by the ANAO include entities’:

• IT control environment;
• compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting;
• accounting and control of non-financial assets;
• revenue, receivables and cash management processes;
• human resources financial processes;
• purchases and payables management; and
• other control matters relevant to the financial statements.

1.59 Figure 1.4 presents the percentage of total audit findings by category, reported for the 25 entities considered in this report during the 2016–17 interim audits.

Figure 1.4: 2016–17 interim audit findings – by category

 

 

Source: ANAO compilation of interim findings.

1.60 The following section provides a summary of interim audit findings identified in these categories across the past four financial years, as well as making observations regarding common weaknesses identified in the 2016–17 interim audits across the different finding categories outlined above.

Interim audit findings

1.61 The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The rating scale is presented in Table 1.2.

Table 1.2: Findings rating scale

1.62 A summary of all significant, moderate and minor audit findings identified at the conclusion of the interim audit phase across the past four financial years is presented in Figure 1.5 below.²⁶

Figure 1.5: Aggregate audit findings

 

 

1.63 The ANAO has observed an increase of approximately 24 per cent in total audit findings in 2016–17 when compared with the 2015–16 interim period. Sixty-seven per cent of significant and moderate findings are in the areas of: compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting and management of IT controls, particularly the management of privileged users.

1.64 Table 1.3 summarises the number of significant, moderate and minor findings per category in 2016–17 and common weaknesses noted in each area.

Table 1.3: Significant, moderate and minor audit findings by category

Source: ANAO compilation of interim findings.

Information Technology control environment

1.65 As described in paragraph 1.56, the review of information systems and related controls is an integral part of an entity’s control environment. Figure 1.6 demonstrates the trends in interim audit findings related to entities’ overall IT control environments from 2013–14 to 2016–17.

Figure 1.6: IT control environment findings

 

 

Source: ANAO analysis

1.66 Findings related to entities’ IT control environments represented 33 per cent of total findings identified during the 2016–17 interim period. IT control environment findings continue to represent the highest proportion of all findings categories, as observed in previous years.

1.67 Three moderate findings were reported at interim 2015–16 and have now been resolved. Two new moderate findings were identified during the 2016–17 interim audit phase relating to IT security and change management.²⁷

1.68 An overview of the findings identified during the 2016–17 interim audits for the entities included in this report is provided below, relating to each of the information system control elements:

• IT security;
• IT change management;
• IT application controls; and
• business continuity management.

IT security

1.69 IT security is concerned with protecting an entity’s information assets from internal and external threats. It includes controls to prevent or detect unauthorised access to systems, programs and data.

1.70 As discussed at paragraph 1.13, ASA 315 provides guidance on identifying and assessing the risks of material misstatement of financial statements, including risks associated with an entity’s IT environment. Many of the risks identified in ASA 315 can be mitigated through effective implementation of IT security controls. The extent of controls implemented in an entity may vary depending on their particular business and operational circumstances.

1.71 The key control areas that address risks relating to IT security and that are assessed by the ANAO as part of the interim audit are:

• IT security governance;
• general and privileged user access; and
• monitoring and reporting.

1.72 The ANAO observed that entities continue to effectively manage IT security governance and processes for the monitoring and reporting of IT security events. The ANAO also observed that IT security is considered by entities’ senior management committees above and outside the IT function. The ANAO continues to identify findings related to general and privileged user access.²⁸

1.73 Figure 1.7 illustrates the trends in findings observed by the ANAO in entities’ IT security arrangements between 2013–14 and 2016–17.

Figure 1.7: IT security findings

 

 

1.74 22 findings related to IT security were identified in 2016–17, including one moderate audit finding. The findings related to:

• removal of user access when it is no longer required;
• logging and monitoring of privileged user activity; and
• blocking privileged users from accessing the Internet.

1.75 Terminating an account when a user no longer has a requirement to access it, such as upon departure from an entity, can prevent unauthorised use. Entities must remove or suspend user access on the same day a user no longer has a legitimate business requirement for its use.²⁹ Of the findings raised in this category seven related to entities not removing user access in a timely manner.

1.76 Users with administrative privileges, commonly referred to as privileged user access, are able to make significant changes to IT systems configuration and operation, bypass critical security settings and access sensitive information. As part of reviewing IT security arrangements, the ANAO examined different groups of privileged users, including:

• application administrators, sometimes referred to as super users;
• database administrators;
• system administrators; and
• network or domain administrators.

1.77 To reduce the risks associated with this access, the ISM requires that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored. The ANAO reported one moderate³⁰ and four minor findings related to entities that had not implemented adequate logging and monitoring procedures over privileged users.

1.78 Restricting privileged accounts from accessing email and the Internet minimises opportunities for these accounts to be compromised. Entities must prevent privileged accounts from accessing email and the Internet.³¹ The ANAO reported five minor findings relating to entities that had not blocked privileged accounts from accessing the Internet.

1.79 These issues increase the risk of unauthorised changes being made to systems and data, or unauthorised data leakage. Entities should review their management of these areas in light of the recommendations of the ISM and the risks to their operational environment.

1.80 The remaining five minor findings were raised in relation to other IT security matters such as user access authentication and currency of IT security policies.

IT change management

1.81 IT change management provides a disciplined approach to making changes to the IT environment. It includes controls to prevent unauthorised changes being introduced, and to ensure that the implementation of authorised changes does not disrupt normal business operations.

1.82 Figure 1.8 illustrates the trends in findings identified by the ANAO in entities’ IT change management controls between 2013–14 and 2016–17.

Figure 1.8: IT change management findings

 

 

1.83 The ANAO observed that changes to entities’ IT environments were managed using a standardised process, usually based on the ITIL Framework.³² This process was well understood and well managed. The moderate audit finding reported in 2016–17 relates to approved release of changes in the Department of Defence (this finding also relates to weaknesses in privileged user access). Further detail regarding the unresolved moderate audit finding, can be found in chapter 3 at paragraph 3.6.14. The minor audit finding related to tracking of changes.

1.84 The number of findings in relation to IT change management has remained very low over the past four years. This demonstrates the maturity of the IT change management process in most entities. The following factors contribute to this maturity:

• existence of an internationally accepted framework for change management (ITIL), with associated training and a professional qualification; and
• availability of standard software tools with built-in workflow controls, to support the implementation of this framework.

IT application controls

1.85 Australian Government entities rely on two key financial reporting systems in the preparation of financial information. These are the financial management information system (FMIS) and the human resource management information system (HRMIS).

1.86 The ANAO assesses entities’ key FMIS and HRMIS controls in view of their importance for financial reporting. Areas of focus include:

• changes to the systems or data that are not assessed through the entity’s IT change management system. These are changes that only affect the users of the FMIS or the HRMIS and are therefore often out of scope for the main change management process;
• changes to master data, including banking details;
• controls over invoice payment and payroll processing; and
• management of general and privileged user access to the FMIS and HRMIS.

1.87 Figure 1.9 illustrates the trend in findings observed by the ANAO in relation to entities’ application controls between 2013–14 and 2016–17.

Figure 1.9: IT application control findings

 

 

1.88 Controls over payment processing support the accurate processing of payments to vendors and employees. Additionally, payment processing is an area that is particularly susceptible to fraud. One minor finding relating to securing of payment files from unauthorised modification was raised during the interim phase of the 2016–17 audits.

1.89 Privileged user access in the FMIS or HRMIS includes the ability to bypass normal application controls or make changes to system settings and data. This access is often necessary to fully administer applications, and should be restricted and monitored to reduce the risk of errors or unauthorised activity. Seven findings were identified in relation to entities’ management of application privileged user access.

Business Continuity Management

1.90 Business Continuity is defined as the capability of an entity to continue delivery of products or services at acceptable predefined levels following a disruptive incident.³³ It includes three key elements:

• effective back-up and recovery arrangements, to ensure that current versions of key IT systems and data are available to be recovered;
• business continuity planning, including the development, maintenance and testing of a business continuity plan for each key business area to ensure that the entity can continue operations while waiting for systems and data to be restored; and
• disaster recovery planning, including the development, maintenance and testing of a disaster recovery plan to ensure that IT systems can be recovered in line with defined business requirements.

1.91 The ANAO assesses entities’ business continuity arrangements in view of the potential for a disruptive event to impact on financial reporting.

1.92 Figure 1.10 illustrates the trend for findings identified by the ANAO in entities’ business continuity arrangements between 2013–14 and 2016–17.

Figure 1.10: Business continuity findings

 

 

1.93 All entities had business continuity and disaster recovery plans in place. Four entities received minor audit findings relating to not undertaking testing of their business continuity or disaster recovery plans.

1.94 Overall, the majority of IT controls continued to be effective in most entities included in this report during 2016–17. Consistent with observations in previous years, IT Security, particularly with regard to management of user access, continues to be an area requiring improvement to address the risk of inappropriate access to systems and data.

Cyber resilience

1.95 In addition to work performed as part of the financial statements audit, the ANAO also reviews information systems and related controls as part of its program of performance audits. Since 2013–14, the ANAO has conducted three performance audits to assess the cyber resilience of eleven different government entities.³⁴ These audits assessed both IT general controls and the entities’ implementation of the mandatory Strategies to Mitigate Targeted Cyber Intrusions (the mandatory strategies) in the Australian Government Information Security Manual (ISM)³⁵, which are required by the Protective Security Policy Framework (PSPF). This year, the ANAO reviewed the self-assessment of compliance with the mandatory strategies by entities included in this report.

1.96 All non-corporate Commonwealth entities are required to undertake an annual self-assessment against the requirements of the PSPF. These requirements are divided into four categories:

• Governance (GOV), to implement and manage protective security protocols;
• Personnel Security (PERSEC), to ensure the suitability of personnel to access Australian Government resources;
• Information Security (INFOSEC), to ensure the confidentiality, availability and integrity of all official information; and
• Physical Security (PHYSEC), to ensure a safe working environment for employees, contractors, clients and the public, and to provide a secure environment for official assets.

1.97 Entities are required to report the results of the self-assessment to the relevant Portfolio Minister, with a copy to be sent to the Secretary of the Attorney-General’s Department and to the Auditor-General.

1.98 The mandatory strategies form part of INFOSEC 4³⁶, one of the mandatory requirements of the PSPF under Information Security. According to the Attorney-General’s Department Protective Security Policy Framework 2014–15 Compliance Report, INFOSEC 4 had the highest rate of self-assessed non-compliance or partial compliance. This was consistent with the outcomes of the three ANAO performance audits, which found that eight of the eleven entities assessed were not fully compliant with INFOSEC 4.

1.99 Figure 1.11 shows the proportion of entities included in this report that were compliant, not fully compliant or not required to report in 2016. Three entities in this report are corporate Commonwealth entities and are not required to report on their compliance to the Attorney-General’s Department.³⁷ Eight entities reported that they were compliant and fourteen that they were not fully compliant with INFOSEC 4.

Figure 1.11: Entity 2016 compliance with INFOSEC 4

Source: ANAO analysis.

1.100 Figure 1.12 summarises the 2016 PSPF compliance reporting by the entities included in this report that are required to report.³⁸ INFOSEC 4 continues to be the area of lowest compliance.

Figure 1.12: PSPF compliance comparison by mandatory category

 

 

Source: ANAO analysis.

1.101 Not implementing the mandatory strategies reduces an entity’s ability to continue providing services while deterring and responding to cyber intrusions. It also increases the likelihood of a successful cyber intrusion. The recent ANAO reports in relation to cyber security include a number of recommendations to assist with this, which entities should review and implement where applicable.³⁹

Compliance and quality assurance frameworks

1.102 The business of government requires, in many circumstances, placing reliance on internal and external systems, parties and information in decision making processes. For this reason, the implementation of effective compliance frameworks, and processes that provide assurance regarding the completeness and accuracy of information, are integral to an entity’s internal control. Figure 1.13 demonstrates the trends in interim audit findings related to entities’ compliance and quality assurance frameworks from 2013–14 to 2016–17.

Figure 1.13: Compliance and quality assurance frameworks

 

 

1.103 The significant audit finding relates to weaknesses in the child care compliance program administered by the Department of Education and Training. This was first reported to the Department of Education and Training in 2013–14 and remains unresolved.⁴⁰

1.104 There has been an increase in the number of moderate audit findings in this category over the last four years.⁴¹ These findings mainly related to weaknesses in entities processes to obtain assurance over information sourced from third parties, compliance frameworks supporting revenue collection, and completeness and accuracy of consolidation of divisional or disparate information supporting financial reporting.⁴²

1.105 The number of significant and moderate audit findings reported indicates a need for these entities to focus greater attention on:

• maintaining effective governance over third party or joint service delivery arrangements;
• the risk management arrangements that support the effective engagement with risk in the delivery of programs; and
• implementing effective quality assurance processes over key financial statements inputs particularly those subject to professional judgement and uncertainty.

Accounting and control of non-financial assets

1.106 Entities control a diverse range of non-financial assets on behalf of the Commonwealth, with the main asset classes being land and buildings, specialist military equipment, leasehold improvements, infrastructure, plant and equipment, inventories and internally‐developed software.

1.107 The number of audit findings related to entities’ controls in this area over the last four years is presented in Figure 1.14 below.

Figure 1.14: Accounting and control of non-financial assets audit findings

 

 

 

1.108 The moderate audit findings reported during the 2016–17 interim period related to the Department of Defence. Two of the moderate findings were first reported to the Department of Defence during the 2015–16 final audit phase and relate to the data integrity of the Specialist Military Equipment fixed asset register and the valuation of General Assets. One new moderate audit finding was reported to the Department of Defence during the 2016–17 interim audit phase in relation to the financial and logistical management of explosive ordnance. Further detail regarding these findings can be found at paragraphs 3.6.17 to 3.6.21.

 

1.109 The number of minor audit findings reported in 2016–17 has increased compared with 2015–16. The 15 minor audit findings reported in 2016–17 relate to entities’ asset valuation and stocktaking procedures. Of these unresolved audit findings three minor audit findings remain unresolved from 2013–14.

Revenue, receivables and cash management

1.110 The key financial statements items related to revenue and receivables consist of Parliamentary appropriations, taxation revenue, recoveries, customs and excise duties and administered levies. Other revenue is also generated by entities from the sale of goods and services and a range of other sources including interest earned from cash funds on deposit. Cash management involves the collection and receipt of public monies and the management of official bank accounts.

1.111 Figure 1.15 outlines trends in findings related to revenue, receivables and cash management identified during interim phases between 2013–14 and 2016–17.

Figure 1.15: Revenue, receivables and cash management audit findings

 

 

1.112 Over the past four years, one moderate audit finding has been reported each year. The ANAO noted that each year the finding related to a new weakness and once identified, the entity had resolved the issue within 12 months. The 2016–17 unresolved moderate audit finding relates to the Department of Health’s recoveries of expenditure related to the pharmaceutical benefits scheme. Further information regarding the moderate audit finding can be found in chapter 3, paragraph 3.6.14.

1.113 During the 2016–17 interim audit phase, the ANAO observed weaknesses in entities’ reconciliation processes and controls supporting the completeness and accuracy of revenue reported.

Human resource financial processes

1.114 Human resources encompass the day-to-day management and administration of employee entitlements and payroll functions. Expenditure associated with employee benefits represents the largest departmental expenditure item for most entities and employee entitlement liabilities are typically the largest liability. It is therefore important for entities to establish robust controls in these areas to support complete and accurate payment and recording of transactions.

1.115 The number of audit findings reported in this category over the past four financial years is presented in Figure 1.16.

Figure 1.16: Human resources financial processes audit findings

 

 

1.116 The moderate audit finding reported in 2016–17 relates to weaknesses in the Department of Immigration and Border Protection’s human resource management process. Further detail regarding the unresolved moderate audit finding, can be found in chapter 3, at paragraph 3.15.20.

1.117 Minor audit findings have increased in 2016–17 and relate to weaknesses identified in relation to commencements and terminations of employees and the monitoring of controls over payroll processing and reporting. Of these findings identified, one minor audit finding was first reported in 2012–13, four findings were identified as part of the 2015–16 financial statements audit and three were identified as part of the 2016–17 interim audits.

Purchases and payables management

1.118 The main financial statements components of purchases and payables are payments to, or due to, suppliers including contractor and consultancy expenses, lease payments and general administrative and utility payments. These payments typically comprise the other significant departmental expenditure item of entities following employee entitlements. The number of audit findings identified in this category over the past four financial years is presented in Figure 1.17.

Figure 1.17: Purchases and payables management audit findings

 

 

1.119 The figure above demonstrates the controls in this area for entities included in this report are typically strong, with one moderate finding and no significant audit findings identified in the past four years. Of the minor findings, the most common areas requiring attention are:

• processes supporting the authorisation of expenditure, including maintaining proper segregation of duties;
• maintenance of vendor records; and
• processes supporting the accurate recording of accrual information.

Other control matters

1.120 Other control matters include items regarding maintenance of appropriate documentation to support decision making, general reconciliation processes, and incomplete policies and procedures affecting the administration of government programs, including grants. The number of audit findings identified in this category over the past four financial years is presented in Figure 1.18.

1.121 Further details regarding the two moderate audit findings can be found in the Australian Taxation Office and the Department of Immigration and Border Protection sections in chapter 3.

Figure 1.18: Other control matters audit findings

 

 

Introduction

2.1 The Australian Government’s financial reporting framework is based, in large part, on standards made independently by the Australian Accounting Standards Board (AASB). The framework is designed to support decision-making by, and accountability to, the Parliament.

2.2 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB). Because IFRS are designed primarily for use by private sector and for-profit organisations, the AASB amends the IFRS to reflect significant transactions and events that are particularly prevalent in the public and not-for-profit private sectors. In doing so, it takes into account standards issued by the International Public Sector Accounting Standards Board (IPSASB).

2.3 The Finance Minister prescribes additional reporting requirements for Australian Government entities. These are contained in the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (the FRRs). The Rule is made under the Public Governance, Performance and Accountability Act 2013 (the PGPA Act). The PGPA Act also includes requirements for entity corporate plans and performance reports.

2.4 The audits of the financial statements of Australian Government entities are conducted in accordance with the ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997. The ANAO Auditing Standards incorporate, by reference, the auditing standards made by the Australian Auditing and Assurance Standards Board (AUASB). The AUASB bases its standards on those made by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting board of the International Federation of Accountants.

2.5 The financial reporting and auditing frameworks that apply in 2016–17 are illustrated in appendices 2 and 3 of this report.

Changes to the Australian public sector reporting framework

Disclosure of Related Party Transactions

2.6 From 1 July 2016 all Australian Government controlled entities will be required to disclose material transactions with related parties in the notes to their financial statements in accordance with AASB 124 Related Party Disclosures (AASB 124). Related parties may include CEOs, board members and Ministers, as well as close family members and controlled entities of these parties.

2.7 AASB 124 also requires disclosure of key management personnel remuneration, in aggregate, by major category of remuneration. The FRRs for 2016–17 are consistent with AASB 124 in respect of remuneration disclosures with the additional requirement to disclose the number of key management personnel in the entity. The 2015–16 FRRs required reporting of remuneration of the usually broader category of all senior management personnel. For further discussion of this refer to paragraphs 2.25 to 2.28.

Enhanced performance reporting

2.8 The PGPA Act requires each Commonwealth entity to produce a four-year corporate plan at least once each financial year and provide it to the responsible Minister and the Finance Minister. Each entity is also required to include annual performance statements in its annual report.

2.9 Performance statements assess the extent to which entities have achieved their purposes as outlined in their corporate plans. The accountable authority of each entity must attest to the accuracy of its performance statements. The audit committee must review the appropriateness of the entity’s performance reporting.

2.10 The Auditor-General’s responsibilities, as set out in the Auditor-General Act 1997, include auditing the annual performance statements of entities in accordance with the PGPA Act. The PGPA Act does not require the Auditor-General to conduct annual audits of performance statements unless requested by either the Minister for Finance or the responsible minister. This means that the Parliament does not receive assurance, as a matter of course, on performance statements included in annual reports as it does over financial statements, where an independent audit is mandatory.

2.11 In August 2016, the ANAO released a performance audit report on nine entities’ implementation of the corporate planning requirements.⁴³ The report noted that Finance had provided effective support and the majority of these entities had sound processes for developing their first corporate plan. It also noted that these entities’ arrangements for monitoring implementation of corporate plans were less mature, which could be expected in the early stages of the framework.

2.12 In June 2017 the ANAO released the results of a further performance audit report into entities’ corporate plans.⁴⁴ The objective of this audit was to assess the selected entities’ progress in implementing the corporate planning requirements under the PGPA Act and the PGPA Rule. The audit found the entities involved in the audit were at different levels of maturity in their implementation of the corporate plan requirements, with further work required in all entities to fully embed the requirements into future plans.

2.13 In 2016–17, the ANAO conducted a performance audit of the implementation of the annual performance statements requirements by two entities.⁴⁵ The ANAO reviewed one purpose in the 2015–16 performance statements of the Australian Federal Police and the Department of Agriculture and Water Resources, including the supporting systems and processes. The ANAO concluded that these entities met the minimum requirements for the preparation and publication of the first annual performance statements under the PGPA Act and the PGPA Rule. The audit highlighted opportunities for both entities to improve the appropriateness of the performance criteria, and processes to support performance measurement and reporting, including the development, collection and assurance of performance information and supporting records. The report also included key learnings that may be considered by other Commonwealth entities in preparing annual performance statements.

Reduced Disclosure Regime

2.14 Australian Accounting Standards include a Reduced Disclosure Regime (RDR) option that allows for some specified disclosures to be omitted from the general purpose financial statements of certain entities. The Minister for Finance has determined that, with some exceptions, Australian Government entities may apply the RDR from 2016–17.

2.15 The AASB has been consulting users of RDR financial statements to find a better balance between the benefits to users and the costs of preparing those statements. The AASB has issued a draft accounting standard⁴⁶proposing to focus the minimum RDR disclosures on two key disclosure areas: current liquidity and solvency of the entity; and transactions and other events that are significant or material to an understanding of the entity’s operations as represented by the financial statements. It does not propose to change the entities permitted to use the RDR nor the requirements for recognising and measuring assets, liabilities, income and expenses.

Revenue and Leases

2.16 The AASB has issued a new accounting standard⁴⁷ to change the timing of not-for-profit entities recognising income from non-commercial transactions such as grants and appropriations. Currently, entities recognise income from these transactions when they receive, or are eligible to receive, funds. Under the new standard, entities would recognise income as they meet the obligations attached to funding. The new standard aims to more closely reflect the economic reality of non-commercial transactions entered into by not-for-profit entities.

2.17 The AASB has also issued a new accounting standard to change the accounting for lease transactions.⁴⁸ Currently, lessees do not report leased assets on their balance sheets, unless the lease is effectively a financing transaction. The new standard would require lessees to report almost all their leasehold rights as an asset, with a corresponding liability for payments over the term of the lease. Many Australian Government entities are lessees, and some will have significant increases in their reported assets and liabilities as a result.

2.18 The new standards apply to annual reporting periods beginning on or after 1 January 2019. Entities should be analysing the impacts of these standards now to ensure they are in a position to comply with the new requirements of the standards and the transitional requirements on initial application.

Changes to the Australian auditing framework

Auditor’s report on financial statements

2.19 In December 2015, the Australian Auditing and Assurance Standards Board issued a suite of new and revised standards dealing with auditor reporting.⁴⁹ A number of revisions were made in the standards with the aim of increasing the transparency and value of auditor reporting.

2.20 These changes are now effective for the ANAO and users will see significant changes to the auditor’s reports issued by the ANAO and included in the financial reports tabled in Parliament for financial years ended 30 June 2017. Auditor’s reports on financial statements will be longer than before with key information given appropriate prominence.

2.21 More broadly, the revised auditor’s report provides further information to users on key aspects of the conduct of an audit and the responsibilities of the preparers of financial statements, particularly around the ability of the entity to continue operating.

2.22 The auditor reporting suite also includes a new auditing standard ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report. The purpose of communicating key audit matters is to provide greater transparency about the audit that was performed. Communicating key audit matters helps users of financial statements better understand those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements. Key audit matters may relate to, for example, the highest risks of material misstatement, highly uncertain accounting estimates or significant events or transactions during the reporting period. Communicating key audit matters may also assist users to understand the entity and the areas of significant management judgment in the financial statements.

2.23 The ANAO has assessed that communicating key audit matters (KAM) will help users of financial statements to better understand those matters that, in its professional judgment, were of most significance in the audit of the financial statements. This will enable the Parliament to have insight into the views of the Auditor-General.

2.24 While the auditor reporting standards only require KAM reporting for listed entities, the Auditor-General considers KAM reporting to be better practice in the financial statements auditing profession and consistent with the ANAO’s outcome of improving public sector performance and accountability through independent reporting on Australian Government administration to the Parliament, the Executive and the public. Consequently the Auditor-General has decided to adopt KAM reporting in 2016–17 for entities covered by this report.

Other developments

2.25 As described in ANAO Report No.33 of 2016–17⁵⁰, the key management personnel remuneration disclosures of Australian Government entities are consistent with the requirements for private sector entities that are not listed companies. Listed companies provide more detailed disclosures about key management personnel in their remuneration reports under the Corporations Act 2001. The public sector remuneration disclosure requirements are consistent with those of private sector unlisted entities for the period ending 30 June 2017.

2.26 In February 2017 the Minister for Finance wrote to the Boards of government business enterprises to request that all relevant information relating to the remuneration packages of all individuals who constitute the executive management for the 2015–16 reporting period be made public by 28 February 2017. The Minister for Finance asked that the entities consider the practice of nbn co limited, which disaggregates reporting of executive remuneration in its annual report, in a manner consistent with the requirements for Australian Securities Exchange listed companies. All six entities subsequently placed information regarding executive remuneration packages for the 2015–16 reporting period on the entity’s website.

2.27 In May 2017, the Secretary of the Department of the Prime Minister and Cabinet wrote to portfolio secretaries inviting them to publish relevant information relating to the remuneration of all executives and other highly paid staff of their Department on its website by 31 July each financial year starting from the 2016–17 reporting period. The suggested disclosure relates to remuneration at an aggregate level, within dollar ranges (or bands) and the number of employees within each band. The Secretary also requested the assistance of portfolio secretaries in requesting the same reporting by all other entities and companies within their portfolio.

2.28 Remuneration disclosures on entities’ websites do not form part of the financial statements. The disclosures provide additional information on matters not required in financial statements, where an independent audit is mandatory.

Introduction

3.0.1 The ANAO’s assessment of the overall risk of material misstatement of the financial statements is based on professional judgement relating to the entity’s particular circumstances. The financial statements audit planning process involves joint procedures with performance audit and takes into account each entity’s environment and governance arrangements, its system of internal control, and prior year financial and performance audit findings. These planning processes inform the identification of areas of key risk that have the potential to impact on the integrity of the financial statements.

3.0.2 The ANAO’s interim phase of the audit focuses on the steps taken by entities to manage these risks, including their systems of internal control.

3.0.3 This chapter reflects portfolio arrangements existing at 16 June 2017⁵¹ and outlines the following information for each of the reported entities:

• the entity’s primary role as reflected in its Portfolio Budget Statements;
• the entity’s contribution to the Australian Government’s Consolidated Financial Statements (CFS);
• 2016–17 appropriation funding and key financial statements items;
• key areas of financial statements risk;
• the ANAO’s assessment of the overall risk of material misstatement of the financial statements, which informs the audit processes to be undertaken; and
• the status of significant and moderate audit findings at the completion of the interim audit, and the conclusion relating to audit coverage to date.

3.0.4 AASB 124 Related Party Disclosures (AASB 124) applies for the first time in respect of the 2016–17 financial statements of each of these entities. All Australian Government controlled entities will be required to disclose material transactions with related parties in the notes to their financial statements.⁵²

3.0.5 The entities included in this report include all Departments of State, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the revenues, expenses, assets and liabilities within the 2015–16 CFS.

3.0.6 Figure 3.0.1 provides an analysis of each of these entities’ 2015–16 results as a per cent of the 2015–16 CFS.

Figure 3.0.1: Entities contribution to the Australian Government’s 2015–16 Consolidated Financial Statements⁵³

 

 

Source: ANAO analysis of CFS and entities’ financial statements for the year ended 30 June 2016.

Results of financial statements audits

3.0.7 Table 3.0.1 presents a summary of new and unresolved significant and moderate findings⁵⁴ at the conclusion of our 2016–17, 2015–16 interim audits and the 2015–16 final audit.

Table 3.0.1: Significant and moderate findings by entity

Note a: Minor findings identified previously but upgraded to a moderate or significant finding are considered new for the purposes of this table.

Note b: Findings transferred to another entity as a result of Machinery of Government changes, which remain unresolved, are treated as repeat findings for the purposes of this table.

Source: 2015–16 and 2016–17 ANAO audit correspondence.

3.0.8 Details of the findings summarised above can be found in the relevant entity’s ‘Audit results’ section.

3.1 Department of Agriculture and Water Resources

Overview

3.1.1 The Department of Agriculture and Water Resources (Agriculture) is responsible for developing and implementing policies and programs that: advance the prosperity of Australia's agricultural, fisheries, food and forestry industries; safeguard Australia against animal and plant pests and diseases; and improve water use efficiency and the health of rivers, communities, environmental assets and production systems.

3.1.2 Figure 3.1.1 shows Agriculture's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.1.1: Agriculture's contribution to the Australian Government's revenue, expenses, assets and liabilities⁵⁵

 

 

Source: ANAO analysis of CFS and Agriculture's financial statements for the year ended 30 June 2016.

 

3.1.3 Figure 3.1.2 and Figure 3.1.3 show the 2015–16 departmental and administered financial statement items reported by Agriculture and the 2016–17 key areas of financial statements risk.

Figure 3.1.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Agriculture's financial statements for the year ended 30 June 2016.

Figure 3.1.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Agriculture's financial statements for the year ended 30 June 2016.

3.1.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Agriculture's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Agriculture's environment and governance arrangements, including its financial reporting regime and system of internal control. The recommendations of any performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Agriculture are also considered as part of the ANAO's 2016–17 financial statements audit risk identification processes.

3.1.5 In light of the key areas of risk detailed in Table 3.1.3 and the ANAO's understanding of the operations of Agriculture, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁵⁶

3.1.6 Annual appropriation funding of $398.3 million (departmental) and $958.0 million (administered) was provided to Agriculture in 2016–17 to support the achievement of Agriculture's outcomes.⁵⁷ Agriculture was also budgeted to receive special appropriation funding of $992.3 million.⁵⁸

3.1.7 Table 3.1.1 and Table 3.1.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.1.1: Key expenses and total own-sourced income

Table 3.1.2: Key assets and liabilities

Note a: Agriculture's estimated average staffing level for 2016–17 is 4 531.

Key areas of financial statements risk

3.1.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Agriculture's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.1.3.

Table 3.1.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Agriculture.

3.1.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.34 Implementation of the Biosecurity Legislative Framework was tabled during 2016–17. The audit assessed the effectiveness of Agriculture's implementation of the biosecurity legislation which came into effect 1 July 2016. The report did not include recommendations that impacted the financial statements audit approach.

Audit results

3.1.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to the key areas of financial statements risk disclosed in Table 3.1.3. In addition, interim coverage of IT general controls and supplier and employee benefits expenses has been completed.

3.1.11 Audit coverage of all material financial statements items will be completed as part of the 2016–17 final audit.

3.1.12 No significant or moderate audit findings have been reported by the ANAO as a result of audit coverage to date. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.1.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Agriculture will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.2 Attorney-General's Department

Overview

3.2.1 The Attorney-General's Department (AGD) is responsible for providing advice and services on a range of law and justice matters, national security, emergency management, and disaster recovery assistance to portfolio ministers and to government.

3.2.2 Figure 3.2.1 shows AGD's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.2.1: AGD's contribution to the Australian Government's revenue, expenses, assets and liabilities⁵⁹

 

 

Source: ANAO analysis of CFS and AGD's financial statements for the year ended 30 June 2016.

3.2.3 Figure 3.2.2 and Figure 3.2.3 show the 2015–16 departmental and administered financial statement items reported by AGD and the 2016–17 key areas of financial statements risk.

Figure 3.2.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and AGD's financial statements for the year ended 30 June 2016.

Figure 3.2.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and AGD's financial statements for the year ended 30 June 2016.

3.2.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on AGD's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of AGD's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of AGD also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.2.5 In light of the key areas of risk detailed in Table 3.2.3 and the ANAO's understanding of the operations of AGD the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁶⁰

3.2.6 Annual appropriation funding of $221.1 million (departmental) and $637.1 million (administered) was provided to AGD in 2016–17 to support the achievement of AGD's outcomes.⁶¹ AGD was also budgeted to receive special appropriation funding of $94.3 million.⁶²

3.2.7 Table 3.2.1 and Table 3.2.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.2.1: Key expenses and total own-sourced income

Table 3.2.2: Key assets and liabilities

Note a: AGD's estimated average staffing level for 2016–17 is 1 836.

Key areas of financial statements risk

3.2.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of AGD's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.2.3.

Table 3.2.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for AGD.

3.2.9 AGD manages the Natural Disaster Relief and Recovery Arrangements (NDRRA) on behalf of the Department of the Treasury (the Treasury). AGD provides information to the Treasury to facilitate payments for disaster relief and recovery to the states and territories. These payments and the estimate for the Australian Government liability are reported in the Treasury's financial statements.

3.2.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.12 2016–17 The Design of, and Award of Funding Under, the Living Safe Together Grants Program was tabled during 2016–17. ANAO Report No.12 assessed the effectiveness of the design, and awarding of funding under, the Living Safe Together grants program.

3.2.11 ANAO Report No.12 included observations relevant to the key areas of financial statements risk outlined in Table 3.2.3, in particular grants management, and have been considered in the development of the 2016–17 financial statements audit approach.

Audit results

3.2.12 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: administered grants and personal benefits, departmental revenue, and appropriation and special account management. IT general and application controls and key controls over payroll and cash management have also been assessed.

3.2.13 Audit procedures relating to the valuation of non-financial assets, including administered investments and the integration of AGS information will be undertaken as part of the 2016–17 final audit.

3.2.14 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.2.4: Status of audit findings raised by the ANAO

Unresolved moderate audit finding

Administration of the Natural Disaster Relief and Recovery Arrangements

3.2.15 As discussed at paragraph 3.2.9, AGD manages the NDRRA on behalf of the Department of the Treasury. As at 30 June 2016, the Treasury's financial statements reported a provision of $1 730 million for future payments as at 30 June 2016. During 2016–17 a payment of $978 million has been made to the Queensland Government relating to outstanding claims.⁶³

3.2.16 Previous audit coverage of the NDRRA had highlighted a range of weaknesses in relation to the estimate of the NDRRA liability and subsequent payments. The main issues, which represent a key risk to the AGD, were:

• the need to strengthen the validation of information provided by the states and territories used to support estimates of future costs; and
• weaknesses identified in the payment framework, including limited analysis and verification by the department concerning the eligibility of claims.

3.2.17 The department has made progress in addressing these matters by undertaking a collaborative audit program of the states and territories, designed to validate the NDRRA claims and estimates by obtaining appropriate documentary evidence.

3.2.18 During 2016–17 the department has issued its final reports for the collaborative audits conducted on the Queensland, New South Wales, Victoria and Western Australia NDRRA claims. These states represent the significant part of the outstanding claims with the Commonwealth Government. AGD is undertaking an assessment of the claims. The department has also addressed the identified weaknesses in the payment framework. The ANAO will review the collaborative audits and the work undertaken by AGD as part of the 2016–17 final audit.

Conclusion

3.2.19 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that AGD will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.3 Department of Communications and the Arts

Overview

3.3.1 The Department of Communications and the Arts' (Communications) responsibilities include the promotion of an innovative and competitive communication sector, through policy development, advice and program delivery, to achieve the full potential of digital technologies and communications services. Communications' role includes support for participation in, and access to, Australia's arts and culture through developing and supporting cultural expression.

3.3.2 Figure 3.3.1 shows Communications' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.3.1: Communications contribution to the Australian Government's revenue, expenses, assets and liabilities⁶⁴

 

 

Source: ANAO analysis of CFS and Communications financial statements for the year ended 30 June 2016.

3.3.3 Figure 3.3.2 and Figure 3.3.3 show the 2015–16 departmental and administered financial statement items reported by Communications and the 2016–17 key areas of financial statements risk.

Figure 3.3.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Communications financial statements for the year ended 30 June 2016.

Figure 3.3.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Communications financial statements for the year ended 30 June 2016.

3.3.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Communications' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Communications' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Communications also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.3.5 In light of the key areas of risk detailed in Table 3.3.3 and the ANAO's understanding of the operations of Communications, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁶⁵

3.3.6 Annual appropriation funding of $112.4 million (departmental) and $8 784.0 million (administered) was provided to Communications in 2016–17 to support the achievement of Communications' outcomes.⁶⁶

3.3.7 Table 3.3.1 and Table 3.3.2 provide a summary of the key 2016–17 departmental and administered financial statements items.

Table 3.3.1: Key expenses and total own-sourced income

Table 3.3.2: Key assets and liabilities

Note a: Communications' estimated average staffing level for 2016–17 is 418.

Key areas of financial statements risk

3.3.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Communications' financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.3.3.

Table 3.3.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Communications.

3.3.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.10 2016–17 Award of Funding under the Mobile Black Spot Programme was tabled during 2016–17 and was relevant to the administration of Communications. The report focused on the effectiveness of Communications' assessment and selection of base stations for funding under the first round of the Mobile Black Spot Programme.

3.3.10 The observations of this report were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement. The observations have been used to inform the assessment of controls related to the grants management processes.

Audit results

3.3.11 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: administered grants expenses, cash and asset management, payroll processing, supplier expenses. Audit coverage also included an assessment of Communications' IT general controls and selected applications.

3.3.12 As part of the 2016–17 final audit, audit coverage of the valuation of administered investments and assets associated with the RBBP will be completed.

3.3.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.3.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Communications will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.4 Australian Postal Corporation

Overview

3.4.1 The Australian Postal Corporation (Australia Post) is a government business enterprise that operates post offices and distributes mail and parcels in Australia and internationally.

3.4.2 Figure 3.4.1 shows Australia Post's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.4.1: Australia Post's contribution to the Australian Government's revenue, expenses, assets and liabilities⁶⁷

 

 

Source: ANAO analysis of CFS and Australia Post's financial statements for the year ended 30 June 2016.

3.4.3 Figure 3.4.2 shows the 2015–16 financial statement items reported by Australia Post and the 2016–17 key areas of financial statements risk.

Figure 3.4.2: Key financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Australia Post's financial statements for the year ended 30 June 2016.

3.4.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Australia Post's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Australia Post's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Australia Post also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.4.5 In light of the key areas of risk detailed in Table 3.4.3 and the ANAO's understanding of the operations of Australia Post, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁶⁸

3.4.6 The operational functions of Australia Post are largely funded from internal sources, specifically revenue from Parcel Services, Mail Services and Retail and Agency Services. Australia Post also continues to raise capital through the issue of bonds.

3.4.7 Australia Post is not required to prepare budgeted financial statements as part of the Commonwealth budget process. Table 3.4.1 and Table 3.4.2 provide a summary of the key financial statements items reported in the audited 2015–16 financial statements.

Table 3.4.1: Key expenses and total income

Table 3.4.2: Key assets and liabilities

Note a: Australia Post's staffing level at 30 June 2016 was 34 929.

Key areas of financial statements risk

3.4.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Australia Post's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.4.3.

Table 3.4.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Australia Post.

4.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.4.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash and cash equivalents, trade receivables and property, plant and equipment. An assessment of the IT general controls and IT application controls and controls relating to sales revenue, employee expenses and trade and other payables has also been completed.

3.4.11 As part of the 2016–17 final audit, audit procedures over all key areas will be completed including the valuation of the Australia Post Superannuation Scheme and the valuation of intangible assets.

3.4.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.4.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Australia Post will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.5 nbn co limited

Overview

3.5.1 The primary objective of nbn co limited (nbn) is to provide wholesale services to internet service providers. nbn is a government business enterprise incorporated under the Corporations Act 2001.

3.5.2 Figure 3.5.1 shows nbn's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.5.1: nbn's contribution to the Australian Government's revenue, expenses, assets and liabilities⁶⁹

 

 

3.5.3 Figure 3.5.2 shows the 2015–16 financial statement items reported by nbn and the 2016–17 key areas of financial statements risk.

Figure 3.5.2: Key financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and nbn's financial statements for the year ended 30 June 2016.

3.5.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on nbn's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of nbn's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of nbn also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.5.5 In light of the key areas of risk detailed in Table 3.5.3 and the ANAO's understanding of the operations of nbn, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items⁷⁰

3.5.6 The operational functions of nbn are funded from the committed equity funding of $29.5 billion from the Commonwealth Government. nbn's 2016–17 Corporate Plan estimates peak funding required of $49.0 billion including $29.5 billion provided through equity. The Commonwealth Government has signed a loan agreement with nbn to cover the remaining funding requirement.

3.5.7 As a Commonwealth Company, nbn is not required to prepare budgeted financial statements as part of the Commonwealth budget process. Table 3.5.1 and Table 3.5.2 provide a summary of the key financial statements items reported in the 2015–16 financial statements.

Table 3.5.1: Key expenses and income items

Table 3.5.2: Key assets and liabilities

Note a: nbn's staffing level at 30 June 2016 was 4 913.

Key areas of financial statements risk

3.5.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of nbn's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.5.3.

Table 3.5.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for nbn.

3.5.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17.

Audit results

3.5.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls design relating to: supplier expenses, employee benefits, inventory, fixed assets, revenue and receivables and accounting for the Telstra and Optus agreements. This includes an assessment of non-system controls for purchase and payables and payroll. This audit coverage to date does not include an assessment of IT controls for these accounting processes.

3.5.11 Audit procedures relating to the effectiveness of key processes, where appropriate, will be undertaken as part of the 2016–17 final audit. This includes an assessment of IT controls. In addition, we will perform audit procedures to assess the valuation of network assets.

3.5.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.5.13 At the completion of the interim audit, the ANAO identified that the key elements of non-IT internal control were operating effectively to provide reasonable assurance that nbn will be able to prepare financial statements that are free from material misstatement. The effective operation of these controls for the full financial year will be assessed in conjunction with additional detailed audit testing during the 2016–17 final audit.

3.6 Department of Defence

Overview

3.6.1 The Department of Defence and the Australian Defence Force (ADF), collectively known as Defence, are responsible for protecting and advancing Australia's strategic interests through the provision of a regionally superior ADF with the highest levels of military capability and scientific and technological sophistication. To achieve this, Defence prepares for and conducts military operations and other tasks as directed by the Government.

3.6.2 Figure 3.6.1 shows Defence's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.6.1: Defence's contribution to the Australian Government's revenue, expenses, assets and liabilities⁷¹

 

 

Source: ANAO analysis of CFS and Defence's financial statements for the year ended 30 June 2016.

3.6.3 Figure 3.6.2 and Figure 3.6.3 show the 2015–16 departmental and administered financial statement items reported by Defence and the 2016–17 key areas of financial statements risk.

Figure 3.6.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Defence's financial statements for the year ended 30 June 2016.

Figure 3.6.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Defence's financial statements for the year ended 30 June 2016.

3.6.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Defence's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Defence's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Defence also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.6.5 In light of the key areas of risk detailed in Table 3.6.3 and the ANAO's understanding of the operations of Defence, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items⁷²

3.6.6 Annual appropriation funding of $33 148.2 million (departmental) was provided to Defence in 2016–17 to support the achievement of the entity's outcomes.⁷³ Defence was also budgeted to receive special appropriation funding of $7 826.0 million.⁷⁴

3.6.7 Table 3.6.1 and Table 3.6.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.6.1: Key expenses and total own-sourced income

Table 3.6.2: Key assets and liabilities

Note a: Defence's estimated average civilian employees staffing level for 2016–17 is 17 350 and Australian Defence Force (ADF) permanent force level is 58 876.

Key areas of financial statements risk

3.6.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Defence's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.6.3.

Table 3.6.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Defence.

3.6.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports tabled during 2016–17 were relevant to the financial management or administration of Defence:

• ANAO Report No.11 2016–17 TigerArmy's Armed Reconnaissance Helicopter;
• ANAO Report No.21 2016–17 Reforming the Disposal of Specialist Military Equipment;
• ANAO Report No.29 2016–17 Design and Implementation of Defence's Base Services Contracts;
• ANAO Report No.44 2016–17 Army's Workforce Management;
• ANAO Report No.46 2016–17 Conduct of OneSKY Tender; and
• ANAO Report No.48 2016–17 Future Submarine — Competitive Evaluation Process.

3.6.10 ANAO Reports No.11 and No.21 2016–17 included observations relevant to the accounting for and valuation of Specialist Military Equipment outlined in Table 3.6.3. The observations of ANAO Reports No.29 and No.44 2016–17 were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement.

Audit results

3.6.11 The ANAO has substantially completed its interim audit coverage which included assessing asset management processes and the analysis of data used to calculate the value of the inventory balance at year end. Interim audit coverage also included assessing IT general and application controls for systems that support the preparation of Defence's financial statements, in addition to assessing the operation of key non-IT controls in areas including appropriation management and supplier expenses. The ANAO has also assessed Defence's progress in addressing audit issues.

3.6.12 Audit procedures relating to the 30 June 2017 balances for employee provisions, inventory, SME and other fixed assets, and the military superannuation provision will be undertaken during the final phase of the audit process. In addition, the ANAO will assess legislative compliance, particularly in respect of appropriations and special accounts.

3.6.13 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.6.4: Status of audit findings raised by the ANAO

New moderate audit findings

Monitoring of the Privileged Activities Performed by Service Providers

3.6.14 Defence has engaged an external organisation to manage and maintain Defence's IT Infrastructure that host business applications. Under a services contract, this organisation is required to maintain a reliable and secure ICT environment; perform authorised changes to IT Infrastructure; and support Defence in meeting its performance, monitoring and compliance requirements under the Protective Security Policy Framework (PSPF) and Australian Government Information Security Manual (ISM). This organisation is also responsible for the management and maintenance of hosting infrastructure that supports the enterprise resource planning systems, including the management information domains of the Human Resources and Financial Management Information Systems and the logistics management system.

3.6.15 The ANAO's review of users with privileged access to Defence's supporting systems by the service provider staff identified weaknesses in the operation of the controls supporting both the granting of access for new users and terminating access procedures when the privileged access was no longer required. In addition, the sample of changes tested identified both changes which had been abandoned without sufficient documentation, indicating potential inappropriate closure, and changes which had been withdrawn as no longer required after receiving change board approval, indicating authorised changes were not being made. Defence was not able to explain the circumstances surrounding these exceptions identified by the ANAO. Defence had not received the self-reporting required from the provider under the contract during the financial year or conducted its own independent monitoring to identify these exceptions.

3.6.16 Similar findings related to the monitoring of this service provider were raised during the interim phase of the 2015–16 audit. Controls were implemented to address these weaknesses, resulting in closure at 2015–16 year end. These controls have not been sustained, resulting in this moderate finding being raised again.

Accounting for Explosive Ordnance at repair and maintenance facilities

3.6.17 Defence hold complex Explosive Ordnance (EO) items which are subject to routine repairs and maintenance. During the repairs and maintenance process, the items are dis-assembled into key components. As the process occurs over a substantial period of time, the key components should be recognised in the logistics management system and accounted for as separate items; concurrently the assembled item should be de-recognised.

3.6.18 Through the conduct of our stock taking activities at a Defence repair and maintenance facility, the following issues were noted:

• the ANAO was unable to verify the existence of all EO recorded as stock-on-hand in the logistics management system; and
• where EO were in various states of disassembly, the ANAO was unable to verify the existence of all key components.

3.6.19 Investigation into these issues identified that the process used at the facility for recording the disassembly of complex EO did not result in their de-recognition in the logistics information system. Additionally, some components were not recognised as separate items in the logistics management system.

3.6.20 These issues result in the misstatement of the EO balance:

• as each complex EO item retains its assembled status and value in the logistics management system;
• when dis-assembled only some of the key components are separately recognised and assigned values; and
• there is an insufficient number of key components to support the number of assembled items recorded as stock on hand.

3.6.21 Defence is developing a plan to address these issues by 30 June 2017.

Unresolved moderate audit findings

Data integrity of the specialist military equipment fixed asset register

3.6.22 In 2015–16 a number of data integrity issues were identified within the specialist military equipment (SME) fixed asset register (FAR). In particular the ANAO noted: insufficient records were maintained to support the calculation of the decommissioning provision; incorrect application of useful lives; and the duplication of inspection costs. Further, Defence's ability to track and value some component assets was hindered by the use of high level descriptions within the SME FAR. These weaknesses may result in the misstatement of the SME balance and depreciation expense.

3.6.23 Defence agreed to review its SME business processes to address the ANAO's findings. This is expected to include more stringent requirements on asset owners to assess SME for decommissioning, inspection costs, componentisation, impairment and existence. Asset owners will be required to provide relevant and reliable supporting documentation to the Defence CFO Group for assessment and validation as part of an enhanced quality assurance process.

3.6.24 In 2015–16 Defence valued SME at fair value for the first time to meet the requirements of the revised financial reporting rule. Defence valued SME using three valuation techniques (engagement of an independent valuer, use of comparator assets and application of indices) which resulted in a revaluation increment of $9.4 billion across all SME. Given the magnitude and timing of the exercise most SME fair value adjustments were processed outside of the FAR through clearing accounts at 30 June 2016. Defence is in the process of adjusting the FAR for the 2015–16 valuation and reversing the adjustments processed through the clearing accounts.

3.6.25 There is an increased risk of misstating SME balances arising from the use of clearing accounts to record SME fair value adjustments. The ANAO will undertake detailed testing of the data integrity of the FAR and the clearing accounts in the 2016–17 final audit, which will focus on whether the SME fair value and impairment adjustments are properly accounted for in the FAR, and that depreciation expense is being calculated correctly.

Revaluation and impairment of general assets

3.6.26 On an annual basis, Defence completes a comprehensive valuation and impairment program for general assets. The asset valuation is performed by independent valuation specialists. During 2015–16 the ANAO identified limitations in the scope of the valuer's work relating to access to buildings and difficulties in inspecting infrastructure buried underground. Further issues were noted in relation to significant delays in recognising assets in the FAR.

3.6.27 During 2016–17 Defence has taken steps to strengthen the collaboration between the valuers and the asset management team. Estate appraisal reports are being provided to the valuers with details of each asset subject to valuation. These reports are expected to be used by the valuers to make a better assessment of the depth of inspection required. Defence has also made changes to the valuation instructions to include details of internal inspections in their valuation certificates. In addition details of assets under construction will be provided to the valuers for inclusion in the revaluation assessment.

3.6.28 Further, during 2015–16 the ANAO noted that contrary to Defence's asset management policy, many heritage and cultural assets had not been revalued in the past five years. In response, Defence is co-ordinating the valuation of the artefact and memorabilia assets across the service groups and will also value heritage and cultural assets in the Army and Naval service groups.

3.6.29 The ANAO also noted that where a partial impairment was recognised for an asset, the accounting treatment applied by Defence was inconsistent with the requirements of the Australian Accounting Standards. A directive in relation to the accounting treatment for partially impaired assets is expected to be issued by Defence. The ANAO will test the application of the directive during the final audit.

3.6.30 The observations noted above may result in the misstatement of general assets.

Estimation of Military Support Items (MSI) impairment

3.6.31 In 2014–15, Defence implemented an assurance process in consultation with an independent statistician, to calculate an adjustment to the MSI impairment value by testing a statistical sample of these assets. The ANAO's observations of this process up to 30 June 2016 identified the following limitations in the methodology:

• the level of confidence of the sample would continue to be limited where evidence supporting the condition or serviceability of the MSI is not provided; and
• the volume of evidence required from the groups was not sustainable in an environment of constantly moving MSI holdings, and with an increasingly large sample size was becoming burdensome to operations.

3.6.32 For 2016–17 Defence has revised their methodology, factoring in the ANAO's recommendations to align the selection of MSI for the impairment sample with the locations selected for National Asset and Inventory Sample (NAIS). Following a review of the revised methodology, the ANAO considers that it has been designed appropriately to fulfil the objectives of the assurance sample.

3.6.33 The sample commenced in February 2017 and will be undertaken for the period ending 30 June 2017. Defence will determine whether the information gathered through the execution of the sample has identified indicators of impairment requiring an adjustment to the MSI balance. The ANAO will assess these judgements during the 2016–17 final audit.

Estimation of Defence Weapon Platforms (DWPs) (including assets under construction) impairment

3.6.34 The ANAO raised a moderate audit finding in 2014–15 in respect of Defence's estimation of SME impairment. Although an assurance program was implemented in 2015–16, the process had not been embedded with the appropriate level of follow-up. A number of significant adjustments to the impairment of SME assets were processed as a result of queries raised by the ANAO and through discussions with the three service groups.

3.6.35 Defence has advised that plans are underway to refine their impairment assurance program including the improvement of quality assurance checks over impairment calculations and their allocation to platforms and components. Defence has also agreed to issue impairment guidance and to provide additional training and support to asset owners that manage DWPs at a higher risk of impairment.

3.6.36 In 2016–17 the ANAO will be undertaking a detailed review of Defence's impairment methodology and asset owner assessment as well as the collation, quality assurance and accounting for DWP impairment.

Conclusion

3.6.37 At the completion of the interim audit, the ANAO has reported a number of areas where improvements are required. The audit findings outlined above reduce the level of confidence that can be placed on the key elements of internal control that support the preparation of the financial statements that are free from material misstatement. During the 2016–17 final audit the ANAO will undertake further procedures and assess action taken by Defence to address the weaknesses identified.

3.7 Department of Veterans' Affairs

Overview

3.7.1 The Department of Veterans' Affairs (DVA) is the primary service delivery entity responsible for implementing programs to assist the veteran and defence force communities.

3.7.2 Figure 3.7.1 shows DVA's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.7.1: DVA's contribution to the Australian Government's revenue, expenses, assets and liabilities⁷⁵

 

 

Source: ANAO analysis of CFS and DVA's financial statements for the year ended 30 June 2016.

3.7.3 Figure 3.7.2 and Figure 3.7.3 show the 2015–16 departmental and administered financial statement items reported by DVA and the 2016–17 key areas of financial statements risk.

Figure 3.7.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DVA's financial statements for the year ended 30 June 2016.

Figure 3.7.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DVA's financial statements for the year ended 30 June 2016.

3.7.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DVA's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DVA's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DVA also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.7.5 In light of the key areas of risk detailed in Table 3.7.3 and the ANAO's understanding of the operations of DVA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁷⁶

3.7.6 Annual appropriation funding of $339.3 million (departmental) and $108.6 million (administered) was provided to DVA in 2016–17 to support the achievement of DVA's outcomes.⁷⁷ DVA was also budgeted to receive special appropriation funding of $ 10 631.5 million.⁷⁸

3.7.7 Figure 3.7.1 and Table 3.7.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.7.1: Key expenses and total own-sourced income

Table 3.7.2: Key assets and liabilities

Note a: DVA's estimated average staffing level for 2016–17 is 1 896.

Key areas of financial statements risk

3.7.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DVA's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.7.3.

Table 3.7.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for DVA.

3.7.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.7.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the department's methodology to estimate the military compensation provision; and an assessment of the controls supporting personal benefits and healthcare payments.

3.7.11 Audit coverage also included an assessment of: IT general controls and application controls in the Financial Management Information System (FMIS) and Human Resources Management Information System (HRMIS); manual controls relating to cash and asset management, non‐financial assets, supplier expenses and employee benefits.

3.7.12 As part of the 2016–17 final audit, additional work will be performed to complete the evaluation of the above mentioned areas. This will include testing to substantiate the year‐end balances in respect of the military compensation provision and personal benefits and healthcare payments, review the work of the valuation experts and disclosures relating to legislative compliance.

3.7.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.7.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DVA will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.8 Department of Education and Training

Overview

3.8.1 The Department of Education and Training (Education) works with state and territory governments, other government entities and a range of service providers to deliver education and training related policy, advice and services for the benefit of Australians.

3.8.2 Figure 3.8.1 shows Education's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.8.1: Education's contribution to the Australian Government's revenue, expenses, assets and liabilities⁷⁹

 

 

Source: ANAO analysis of CFS and Education's financial statements for the year ended 30 June 2016.

3.8.3 Figure 3.8.2 and Figure 3.8.3 show the 2015–16 departmental and administered financial statement items reported by Education and the 2016–17 key areas of financial statements risk.

Figure 3.8.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Education's financial statements for the year ended 30 June 2016.

Figure 3.8.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Education's financial statements for the year ended 30 June 2016.

3.8.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Education's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Education's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Education also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.8.5 In light of the key areas of risk detailed in Table 3.8.3 and the ANAO's understanding of the operations of Education, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁸⁰

3.8.6 Annual appropriation funding of $362.8 million (departmental) and $1 922.7 million (administered) was provided to Education in 2016–17 to support the achievement of Education's outcomes.⁸¹ Education was also budgeted to receive special appropriation funding of $42 728.9 million.⁸²

3.8.7 Table 3.8.1 and Table 3.8.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.8.1: Key expenses and total own-sourced income

Table 3.8.2: Key assets and liabilities

Note a: Education's estimated average staffing level for 2016–17 is 1 870.

Key areas of financial statements risk

3.8.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Education's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.8.3.

Table 3.8.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Education.

Note a: As part of further machinery of government changes which was announced in September 2016 and effective from 1 December 2016, core transactional services provided by the SSC transferred to the Department of Finance from Education and the Department of Employment effective from 1 December 2016.

3.8.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports tabled during 2016–17 and were relevant to the financial management or administration of Education:

• ANAO Report No.25 2016–17 The Shared Services Centre;
• ANAO Report No.31 2016–17 Administration of the VET FEE-HELP Scheme; and
• ANAO Report No.49 2016–17 Apprenticeship Training – alternative delivery pilots.

3.8.10 ANAO Report No.25 2016–17 included observations relevant to the Shared Service Centre transition to the Department of Finance outlined in Table 3.8.3. The report identified that the SSC formalised agreements with clients through a memorandum of understanding (MoU) and these agreements did not contain sufficient detail of the responsibilities between the SSC and its clients.

3.8.11 The financial statements audit approach includes a detailed review of the governance and control framework over transactions processed for all users of the shared services.

3.8.12 Report No.31 2016–17 Administration of the VET FEE-HELP Scheme identified that there were weaknesses in Education's administration of the program. These included issues relating to approvals of providers, compliance activities and the management of payments and information.

3.8.13 The financial statements audit approach has been designed to obtain appropriate and sufficient assurance over the approvals and payments relating to the VET FEE-HELP scheme and the new VET student loans program which commenced on 1 January 2017.

3.8.14 Report No.49 Apprenticeship Training – alternative delivery pilots did not include recommendations which impacted the financial statements audit approach.

Audit results

3.8.15 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: VET FEE-HELP and VET student loans; personal benefits payments systems; administered grants payments; and IT application controls.

3.8.16 Audit procedures relating to: child care compliance, the transition of the SSC to the Department of Finance, including substantive testing of departmental balances, payment of grants expenses, and accounting for the HELP and HESP provisions at year end will be completed as part of the 2016–17 final audit.

3.8.17 To date, audit coverage has not identified any new significant or moderate audit findings.

3.8.18 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.8.4: Status of audit findings raised by the ANAO

Note a: The moderate audit issue relating to the governance and control arrangements for shared services has been downgraded to a minor audit finding.

Resolved moderate audit finding

Governance and control arrangements for shared services

3.8.19 As part of the Australian Government's shared and common services strategy, Education and the Department of Employment (Employment) were jointly responsible for the effective operation of the Shared Services Centre (SSC). The SSC delivered a variety of services such as payroll and financial processing, banking, and information technology support to the users of the shared services (clients).

3.8.20 During the 2015–16 final audit, the ANAO identified weaknesses in the design and operational effectiveness of the SSC's controls relating to the Financial Management Information System (FMIS). These included a large number of users with edit access to payment files, lack of appropriate security features over payment files prior to bank processing, and insufficient documentation of key aspects of the governance framework.

3.8.21 From 1 December 2016, core transactional services such as accounts payable, accounts receivable, credit card management, payroll and some elements of travel management, transferred from the SSC to the Department of Finance. The majority of the remaining shared service responsibilities were retained by Employment, with Education providing some non-financial shared services to existing clients.

3.8.22 Although key components of governance are outstanding, Education now has a reduced role in the provision of the shared services and as a result this finding has been down graded to a minor finding.

Unresolved significant and moderate audit findings

Child care compliance – estimated incorrect payments

3.8.23 In 2013–14, the ANAO identified significant weaknesses in the Child Care compliance program implemented by the former Department of Education and noted that the department estimated significant incorrect payments being made to child care service providers. At that time, the department indicated that improvements to its child care compliance framework had been implemented including: establishing a taskforce focused on serious non-compliance matters; increasing the level of other monitoring activities, including risk based data interrogation and analysis; and further improvements were planned.

3.8.24 In 2014–15, responsibility for the Child Care program transferred to Social Services. The ANAO noted at that time that the compliance program included parent confirmation of their child's attendance. This activity seeks to independently verify claims made by service providers, and collects data that is used to determine a statistical estimate of incorrect payments. Social Services identified that the statistical estimate of incorrect payments made to child care service providers due to non‐compliance during 2014–15 was $693 million. Social Services made progress in the implementation of measures designed to protect and improve the integrity of the child care fee assistance payments and entitlements.

3.8.25 In 2015–16, responsibility for the Child Care program transferred from Social Services back to Education. Education has continued the child care compliance program and has directed more resources towards the prevention and detection of serious non-compliance, increasing stakeholder engagement and education, and increasing the level of other monitoring activities.

3.8.26 Education provided the ANAO with a paper outlining a range of improvements to the compliance framework and recent legislative changes. Education has advised that it expects the estimated incorrect payments for 2016–17 to be substantially reduced as a result of this work.

3.8.27 The ANAO will assess the effectiveness of these improvements and test the statistical estimate of incorrect payments as part of the 2016–17 final audit.

Financial Statements Preparation

3.8.28 Balances and disclosures within Education's financial statements are underpinned by multiple complex business information systems, data provided by third-parties, and significant accounting judgements and estimates. This increases the risk of potential misstatements, particularly in the absence of adequate financial statement preparation and quality review processes.

3.8.29 During 2015–16, the ANAO noted weaknesses in Education's financial statements preparation processes, including:

• management had not performed sufficient analysis of information supporting the fair value measurement of administered investments. This balance represents a significant portion of the administered assets balance in the financial statements; and
• the omission of a significant disclosure related to judgements and estimates used to calculate the HELP receivable balance.

3.8.30 These weaknesses highlighted the need for Education to improve the underlying business processes required for financial statements preparation and quality review, including the development of a detailed risk based financial statements preparation plan that includes appropriate detail and analysis relating to key balances.

3.8.31 During the 2016–17 interim audit Education provided the ANAO with a comprehensive financial statement preparation plan. The plan was underpinned by detailed risk assessments and a quality assurance plan.

3.8.32 The ANAO will review the implementation of these enhancements during the 2016–17 final audit.

Conclusion

3.8.33 At the completion of the interim audit, except for the findings outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Education will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.9 Department of Employment

Overview

3.9.1 The Department of Employment's (Employment) role is to provide national policies and programs that help Australians find and keep employment, work in safe, fair and productive workplaces, and improve the employment-related performance of enterprises in Australia.

3.9.2 Figure 3.9.1 shows Employment's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.9.1: Employment's contribution to the Australian Government's revenue, expenses, assets and liabilities⁸³

 

 

Source: ANAO analysis of CFS and Employment's financial statements for the year ended 30 June 2016.

3.9.3 Figure 3.9.2 and Figure 3.9.3 show the 2015–16 departmental and administered financial statement items reported by Employment and the 2016–17 key areas of financial statements risk.

Figure 3.9.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Employment's financial statements for the year ended 30 June 2016.

Figure 3.9.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Employment's financial statements for the year ended 30 June 2016.

3.9.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Employment's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Employment's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audits tabled since 1 July 2016 and relevant to the financial management or administration of Employment also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.9.5 In light of the key areas of risk detailed in Table 3.9.3 and the ANAO's understanding of the operations of Employment, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁸⁴

3.9.6 Annual appropriation funding of $321.0 million (departmental) and $1 671.0 million (administered) was provided to Employment in 2016–17 to support the achievement of the Employment's outcomes.⁸⁵ Employment was also budgeted to receive $432.9 million special appropriation funding.⁸⁶

3.9.7 Table 3.9.1 and Table 3.9.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.9.1: Key expenses and total own-sourced income

Table 3.9.2: Key assets and liabilities

Note a: Employment's estimated average staffing level for 2016–17 is 1 877.

Key areas of financial statements risk

3.9.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Employment's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.9.3.

Table 3.9.3: Key areas of financial statements risk

Note a: As part of further machinery of government changes announced in September 2016 and effective from 1 December 2016, core transactional services provided by the SSC moved to the Department of Finance from the Department of Education and Training and Employment.

Source: ANAO 2016–17 risk assessment for Employment.

3.9.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.25 The Shared Services Centre was tabled during 2016–17 and was relevant to the financial management and administration of Employment. ANAO Report No.25 assessed the effectiveness of Employment's and the Department of Education and Training's (Education) administration of the Shared Services Centre (SSC) to achieve efficiencies and to deliver value to its customers.

3.9.10 ANAO Report No.25 2016–17 included observations relevant to the key financial statement risk outlined in Table 3.9.3, specifically the governance arrangements over the SSC. The observations in this report are consistent with the finding raised in the previous financial statements audit of Employment. Paragraph 3.9.15 to 3.9.20 detail an unresolved moderate audit finding related to Employment's governance arrangements over the former SSC.

3.9.11 The financial statements audit approach includes a detailed review of the governance and control framework over transactions processed in respect of all users of the shared services.

Audit results

3.9.12 The ANAO has completed its 2016–17 interim audit coverage including an assessment of the controls relating to: administered supplier expenses, personal benefits and subsidy payments and grants expenditure. Interim audit coverage also included an assessment of the IT general controls, the transition of the SSC to the Department of Finance, and the design and implementation of the jobactive compliance program has also been completed.

3.9.13 As part of the 2016–17 final audit, the ANAO will perform procedures over all material items and detailed testing over the design and implementation of the jobactive compliance program.

3.9.14 To date, our audit coverage has not identified any new significant or moderate audit findings.

3.9.15 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.9.4: Status of audit findings raised by the ANAO

Unresolved moderate audit finding

Governance and control arrangements for shared services

3.9.16 As part of the Australian Government's shared and common services strategy, Employment and Education were jointly responsible for the effective operation of the SSC. The SSC delivered a variety of services such as payroll and financial processing, banking, and information technology support to the users of the shared services (clients).

3.9.17 During the 2015–16 final audit, the ANAO identified weaknesses in the design and operational effectiveness of the SSC's controls related to the FMIS. These issues included:

• insufficient documentation in the Memoranda of Understanding (MoU) between the SSC and each of its clients regarding the allocation of roles and responsibilities in relation to financial reporting, governance and accountability;
• an inappropriate number of users had access to payment files prior to processing by the Reserve Bank of Australia (RBA). This level of access allowed users to access, edit or delete payment information; and
• security features that identify changes to financial information prior to processing by the RBA had not been activated by the SSC, and as a result, reconciliation processes did not effectively detect any inappropriate changes made to financial information arising from these identified weaknesses.

3.9.18 At the conclusion of the 2015–16 audit, Employment and Education agreed to implement controls to secure the payment file and activate appropriate security features over financial information. In addition, the department agreed to implement a quality control program over shared services provided by and used by the department.

3.9.19 From 1 December 2016, core transactional services such as accounts payable, accounts receivable, credit card management, and some elements of travel management and payroll, transferred from the SSC to the Department of Finance (Finance). Most of the remaining shared services were retained by Employment.

3.9.20 Employment reduced the number of users with access to payment files in July 2016 and has advised that enhanced security features for banking and payment processes were implemented in early February 2017. The ANAO reviewed the application of these features during the interim audit phase and agreed that the enhancements will improve controls over payments from the time of implementation. The ANAO is working with Employment and Finance to gain the required assurance over payments made during the first seven months of the financial year.

3.9.21 Given the complexities of the changes relating to the transfer of the shared services, the finalisation of MoUs and underlying service agreements is still in progress.

Conclusion

3.9.22 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Employment will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.10 Department of the Environment and Energy

Overview

3.10.1 The Department of the Environment and Energy (Environment) advises on and implements, environment and energy policy to support the Australian Government achieving a healthy environment, strong economy and thriving community now and into the future. The Department is also responsible for managing the conservation, protection and sustainability of Australia's natural resources, biodiversity, ecosystems, environment and heritage requirements, and contributes to the national response to climate change. Additional areas of departmental responsibility include advancing Australia's interests in the Antarctic, managing the environmental water use and resources; and supporting the reliable, sustainable and secure operations of energy markets

3.10.2 Figure 3.10.1 shows Environment's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.10.1: Environment's contribution to the Australian Government's revenue, expenses, assets and liabilities⁸⁷

 

 

Source: ANAO analysis of CFS and Environment's financial statements for the year ended 30 June 2016.

3.10.3 Figure 3.10.2 and Figure 3.10.3 show the 2015–16 departmental and administered financial statement items reported by Environment and the 2016–17 key areas of financial statements risk.

Figure 3.10.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Environment's financial statements for the year ended 30 June 2016.

Figure 3.10.3: Key administered financial statement items and areas of financial statements risk

 

3.

 

Source: ANAO analysis and Environment's financial statements for the year ended 30 June 2016.

3.10.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Environment's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of the Department's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Environment also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.10.5 In light of the key areas of risk detailed in Table 3.10.3 and the ANAO's understanding of the operations of Environment, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁸⁸

3.10.6 Annual appropriation funding of $552.1 million (departmental) and $458.1 million (administered) was provided to Environment in 2016–17 to support the achievement of the entity's outcomes.⁸⁹ Environment was also budgeted to receive $2 189.2 million special appropriation funding.⁹⁰

3.10.7 Table 3.10.1 and Table 3.10.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.10.1: Key expenses and total own-sourced income

Table 3.10.2: Key assets and liabilities

Note a: Environment's estimated average staffing level for 2016–17 is 1 947.

Key areas of financial statements risk

3.10.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Environment's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.10.3.

Table 3.10.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Environment.

3.10.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.10.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: administered grant payments, payroll processing and supplier expenses. As part of the interim audit coverage, a review of Environment's key controls underpinning the preparation of financial statements and Environment's key IT general and application controls has been undertaken.

3.10.11 Audit procedures relating to the valuations of water assets and Snowy Hydro Limited; and the assessment of the estimated restoration costs for Antarctic bases will be undertaken as part of the 2016–17 final audit.

3.10.12 To date, audit coverage of the above areas has not identified any significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.10.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Environment will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.11 Department of Finance

Overview

3.11.1 The Department of Finance (Finance) is responsible for supporting the Government's Budget process and oversight of public sector resource management, governance and accountability frameworks. In addition, Finance is responsible for the preparation of the annual Australian Government Consolidated Financial Statements (CFS), which includes the Whole-of-Government, the General Government Sector financial statements, and the Australian Government's financial outcome.

3.11.2 Figure 3.11.1 shows Finance's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.11.1: Finance's contribution to the Australian Government's revenue, expenses, assets and liabilities⁹¹

 

 

Source: ANAO analysis of CFS and Finance's financial statements for the year ended 30 June 2016.

3.11.3 Figure 3.11.2 and Figure 3.11.3 show the 2015–16 departmental and administered financial statement items reported by Finance and the 2016–17 key areas of financial statements risk.

Figure 3.11.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Finance's financial statements for the year ended 30 June 2016.

Figure 3.11.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Finance's financial statements for the year ended 30 June 2016.

3.11.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Finance's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Finance's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Finance also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.11.5 In light of the key areas of risk detailed in Table 3.11.3 and the ANAO's understanding of the operations of Finance, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁹²

3.11.6 Annual appropriation funding of $353.8 million (departmental) and $311.2 million (administered) was provided to Finance in 2016–17 to support the achievement of the Finance's outcomes.⁹³ Finance was also budgeted to receive special appropriation funding of $11 226.5 million.⁹⁴

3.11.7 Table 3.11.1 and Table 3.11.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.11.1: Key expenses and total own-sourced income

Table 3.11.2: Key assets and liabilities

Note a: Finance's estimated average staffing level for 2016–17 is 1 318.

Key areas of financial statements risk

3.11.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Finance's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.11.3.

Table 3.11.3: Key areas of financial statements risk

Note a: As part of further machinery of government changes announced in September 2016 and effective from 1 December 2016, core transactional services provided by the SSC moved to the Department of Finance from the Departments of Education and Training; and Employment.

Source: ANAO 2016–17 risk assessment for Finance.

3.11.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.25 The Shared Services Centre was tabled during 2016–17 and is relevant to the financial management and administration of Finance. ANAO Report No.25 assessed the effectiveness of the Departments' of Employment (Employment) and Education and Training (Education) administration of the Shared Services Centre (SSC) to achieve efficiencies and to deliver value to its customers.

3.11.10 ANAO Report No.25 2016–17 included observations relevant to the key financial statement risk outlined in Table 3.11.3, specifically the governance arrangements over the SSC. The observations in this report are consistent with the finding that was previously reported by the Education and Employment. Paragraph 3.11.15 to 3.11.20 detail an unresolved moderate audit finding related to governance arrangements over the former SSC.

3.11.11 The financial statements audit approach includes a detailed review of the governance and control framework over transactions processed in respect of all users of the shared services.

Audit results

3.11.12 The ANAO's 2016−17 interim audit coverage has been completed and included assessing key controls over employee entitlements, asset management and supplier expenditure. As part of the interim coverage, the ANAO has also substantially assessed controls relating to the payment of entitlements to Parliamentarians and their staff.

3.11.13 Audit coverage relating to the valuations of the unfunded superannuation liability, general insurance liability and Finance's non-defence domestic property portfolio will be completed as part of the 2016–17 final audit.

3.11.14 The following table summarises the status of audit finding reported by the ANAO in 2015–16 and 2016–17.

Table 3.11.4: Status of audit findings raised by the ANAO

Note a: Following the transfer of the SSC from Education and Employment to Finance, the responsibility for addressing the unresolved moderate audit finding transferred to Finance. Details regarding this finding were reported to Parliament in ANAO Report No.33 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016.

Unresolved moderate audit finding

Governance and control arrangements for shared services

3.11.15 As part of the Australian Government's shared and common services strategy, Employment and Education were jointly responsible for the effective operation of a service organisation known as the SSC. The SSC delivered a variety of services such as payroll and financial processing, banking, and information technology support to the users of the shared services (clients).

3.11.16 During the 2015–16 final audit, the ANAO identified weaknesses in the design and operational effectiveness of the SSC's controls related to the financial management information system. These key issues included:

• insufficient documentation in the Memoranda of Understanding (MoU) between the SSC and each of its clients regarding the allocation of roles and responsibilities in relation to financial reporting, governance and accountability;
• an inappropriate number of users with access to payment files prior to processing by the Reserve Bank of Australia (RBA). This level of access allowed users to access, edit or delete payment information; and
• security features that identify changes to financial information prior to processing by the RBA had not been activated by the SSC, and as a result, reconciliation processes did not effectively detect any inappropriate changes made to financial information arising from these identified weaknesses.

3.11.17 At the conclusion of the 2015–16 audit, Employment agreed to implement controls to secure the payment file and activate appropriate security features over financial information and agreed to implement a quality control program over shared services.

3.11.18 From 1 December 2016, core transactional services such as payroll, accounts payable, accounts receivable, credit card management, and some elements of travel management, transferred from the SSC to Finance. The remaining shared services were retained by Employment.

3.11.19 Given the complexities of the changes relating to the transfer of the shared services, the finalisation of the MoUs and associated service agreements are still in progress.

3.11.20 Employment has actioned the items for payment files and security features by reducing the number of users with access to payment files in July 2016 and has advised that enhanced security features for banking and payment processes were implemented in early February 2017. The ANAO reviewed the application of these features during the interim audit phase and agreed that the enhancements will improve controls over payments from the time of implementation. The ANAO is working with Employment and Finance to gain the required assurance over payments made during the first seven months of the financial year.

Conclusion

3.11.21 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Finance will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.12 Future Fund Management Agency and the Board of Guardians

Overview

3.12.1 The Future Fund Board of Guardians, supported by the Future Fund Management Agency, (together the Future Fund) has responsibility for investment of the assets of the Future Fund under the Future Fund Act 2006 and other investment funds under the Nation-building Funds Act 2008, the Disability Care Australia Fund Act 2013, and the Medical Research Future Fund Act 2015, for the benefit of future generations of Australians.

3.12.2 Figure 3.12.1 shows the Future Fund's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.12.1: Future Fund's contribution to the Australian Government's revenue, expenses, assets and liabilities⁹⁵

 

 

Source: ANAO analysis of CFS and the Future Fund's financial statements for the year ended 30 June 2016.

3.12.3 Figure 3.12.2 shows the 2015–16 departmental financial statement items reported by the Future Fund and the 2016–17 key areas of financial statements risk.

Figure 3.12.2: Key Future Fund financial statement items and areas of financial statements risk

 

 

 

Source: ANAO analysis and the Future Fund's financial statements for the year ended 30 June 2016.

 

3.12.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on the Future Fund's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of the Future Fund's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Future Fund's also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.12.5 In light of the key areas of risk detailed in Table 3.12.3 and the ANAO's understanding of the operations of the Future Fund's, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁹⁶

3.12.6 Between May 2006 and June 2008, the Government made cash contributions to the Future Fund totalling $51.3 billion. The Future Fund also received Telstra shares to the value of $9.2 billion. No further Government contributions have been made since this time. As a result, the operational functions of the Future Fund are funded through payments from the administered Future Fund special account and the other Australian Government Investment Funds. In 2016–17, these payments are estimated to total $59.0 million.

3.12.7 Table 3.12.1 and Table 3.12.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.12.1: Key expenses and total own-sourced income

Note a: As noted in paragraph 3.12.6 amounts are transferred from the Future Fund administered special account to offset the operational expenses incurred by the Future Fund Management Agency in managing the Future Fund.

Table 3.12.2: Key assets and liabilities

Note a: The Future Fund's estimated average staffing level for 2016–17 is 138.

Key areas of financial statements risk

3.12.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Future Fund's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.12.3.

Table 3.12.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for the Future Fund.

3.12.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.12.10 The audit coverage completed to date has included an assessment of the compliance functions and controls relating to management of investments and liquidity requirements, including monitoring of its services providers.

3.12.11 The valuation of investments, including the assessment of controls that reside within the outsourced custodian, will be completed as part of the final audit.

3.12.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.12.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that the Future Fund will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.13 Department of Foreign Affairs and Trade

Overview

3.13.1 The Department of Foreign Affairs and Trade (DFAT) is responsible for providing foreign, trade and development policy advice and for leading the Australian Government's international efforts to shape the regional and international environment.

3.13.2 Figure 3.13.1 shows DFAT's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.13.1: DFAT's contribution to the Australian Government's revenue, expenses, assets and liabilities⁹⁷

 

 

Source: ANAO analysis of CFS and DFAT's financial statements for the year ended 30 June 2016.

3.13.3 Figure 3.13.2 and Figure 3.13.3 show the 2015–16 departmental and administered financial statement items reported by DFAT and the 2016–17 key areas of financial statements risk.

Figure 3.13.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DFAT's financial statements for the year ended 30 June 2016.

Figure 3.13.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DFAT's financial statements for the year ended 30 June 2016.

3.13.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DFAT's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DFAT's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DFAT also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.13.5 In light of the key areas of risk detailed in Table 3.13.3 and the ANAO's understanding of the operations of DFAT, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items⁹⁸

3.13.6 Annual appropriation funding of $1 559.8 million (departmental) and $5 209.5 million (administered) was provided to DFAT in 2016–17 to support the achievement of DFAT's outcomes.⁹⁹ DFAT was also budgeted to receive special appropriation funding of $1.0 million.¹⁰⁰

3.13.7 Table 3.13.1 and Table 3.13.2 provide a summary of the key 2016–17 departmental and administered estimated financial statement items.

Table 3.13.1: Key expenses and total own-sourced income

Table 3.13.2: Key assets and liabilities

Note a: DFAT's estimated average staffing level for 2016–17 is 5 723.

Key areas of financial statements risk

3.13.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DFAT's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.13.3.

Table 3.13.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for DFAT.

3.13.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.13.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: departmental revenue for rental accommodation and services provide to other entities at overseas posts; administered passport revenue; and the operations of overseas posts.

3.13.11 Interim audit coverage has also been completed over the department's processes relating to cash and asset management, employee and supplier expenditure, IT general controls and application controls in the Financial Management Information System (FMIS) and Human Resource Management Information System (HRMIS).

3.13.12 Audit procedures relating to financial statement balances subject to valuation and IDA and ADF grants will be undertaken as part of the 2016–17 final audit.

3.13.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify and significant or moderate audit findings.

Conclusion

3.13.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DFAT will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.14 Department of Health

Overview

3.14.1 The Department of Health (Health) is responsible for achieving the Australian Government's health priorities through evidence-based policy, program administration, research, regulatory activities and partnerships with other government entities, consumers and stakeholders.

3.14.2 Figure 3.14.1 shows Health's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.14.1: Health's contribution to the Australian Government's revenue, expenses, assets and liabilities

 

 

Source: ANAO analysis of CFS and Health's financial statements for the year ended 30 June 2016.

3.14.3 Figure 3.14.2 and Figure 3.14.3 show the 2015–16 departmental and administered financial statement items reported by Health and the 2016–17 key areas of financial statements risk.

Figure 3.14.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Health's financial statements for the year ended 30 June 2016.

Figure 3.14.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Health's financial statements for the year ended 30 June 2016.

3.14.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Health's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Health's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Health also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.14.5 In light of the key areas of risk detailed in Table 3.14.3 and the ANAO's understanding of the operations of Health, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹⁰¹

3.14.6 Annual appropriation funding of $682.8 million (departmental) and $8 726.9 million (administered) was provided to Health in 2016–17 to support the achievement of Health's outcomes.¹⁰² Health was also budgeted to receive special appropriation funding of $54 366.7 million.¹⁰³

3.14.7 Table 3.14.1 and Table 3.14.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.14.1: Key expenses and total own-sourced income

Table 3.14.2: Key assets and liabilities

Note a: Health's estimated average staffing level for 2016–17 is 4 642.

3.14.8 The Department of Human Services (Human Services) delivers a range of health related payments on behalf of Health. These payments primarily relate to the Medicare Benefits Schedule, the Pharmaceutical Benefits Scheme, the Private Health Insurance Rebate and services funded under the Aged Care Act 1997.

Key areas of financial statements risk

3.14.9 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Health's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.14.3.

Table 3.14.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Health.

3.14.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of Health:

• ANAO Report No.3 2016–17 Machinery of Government Changes;
• ANAO Report No.6 2016–17 Corporate Planning in the Australian Public Sector;
• ANAO Report No.9 2016–17 Community Pharmacy Agreement: Follow-on Audit;
• ANAO Report No.18 2016–17 Confidentiality in Government Contracts: Senate Order for Entity Contracts (Calendar Year 2015 Compliance);
• ANAO Report No.20 2016–17 The Management, Administration and Monitoring of the Indemnity Insurance Fund; and
• ANAO Report No.53 2016–17 Indigenous Aged Care.

3.14.11 ANAO Report No.20 2016–17 included observations relevant to the valuation of medical indemnity provisions outlined in Table 3.14.3. The report assessed Health's and Human Services' administration, including oversight and monitoring arrangements, for the Indemnity Insurance Fund. The report recommended that Health establish suitable governance and stakeholder engagement arrangements, including risk management plans, to support its and other shared responsibilities for the administration of the Indemnity Insurance Fund and related schemes. The observations from this report were considered in identifying risks relevant to the financial statements audit.

3.14.12 The other audit reports mentioned above were also considered in designing the audit procedures. Given the nature of the audit objectives, the observations from these audits had a limited impact on the design of the audit approach for the financial statements audit.

Audit results

3.14.13 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: IT security and change management in the FMIS and HRMIS; cash and appropriations management; supplier expenses; payroll processing; Therapeutic Goods Administration revenue; and grant payments. In addition, the testing of the accuracy of Pharmaceutical Benefits Scheme recovery revenue and aged care and health care payments made by Human Services on behalf of Health was also undertaken.

3.14.14 Other areas of audit focus including the compliance processes for Aged Care subsidies and Medicare payments and an assessment of the valuation methodologies used to estimate the medical indemnity program and Medicare outstanding claims liability provisions will be performed as part of the 2016–17 final audit.

3.14.15 To date, our audit coverage has not identified any new significant or moderate audit findings.

3.14.16 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.14.4: Status of audit findings raised by the ANAO

Unresolved moderate audit finding

High Cost Drug Recoveries – Pharmaceutical Benefits Scheme

3.14.17 Health's financial statements include administered revenue for recoveries of Pharmaceutical Benefits Scheme expenditure under risk sharing agreements negotiated between Health and pharmaceutical companies. In 2015–16, $1.6 billion of recoveries revenue was recognised, representing some 14.5 per cent of the overall Pharmaceutical Benefits Scheme expenditure for the same period.

3.14.18 During the 2015–16 audit, the ANAO identified that revenue from these recoveries was incomplete and some revenue was not recognised due to the weaknesses in the policies and procedures related to capturing and reporting the recoveries. As a result an adjustment of $332 million was made to the 2015–16 financial statements.

3.14.19 Health has commenced remediation action to address these weaknesses including updating its accounting policies and procedures focussing on the development of an accrual reporting methodology related to the recognition of the recoveries. The ANAO will assess the accounting processes and other remediation actions being implemented by Health as part of the 2016–17 final audit.

Conclusion

3.14.20 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Health will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.15 Department of Immigration and Border Protection

Overview

3.15.1 The Department of Immigration and Border Protection (DIBP) is responsible for: managing the stay and departure of non-citizens; implementing visa, citizenship and refugee and humanitarian assistance programs; facilitating international trade; and collecting border revenue. The Australian Border Force is the operational arm of the department, and has statutory responsibilities to enforce the customs and migration laws and the protection of Australia's border.

3.15.2 Figure 3.15.1 shows DIBP's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.15.1: DIBP's contribution to the Australian Government's revenue, expenses, assets and liabilities¹⁰⁴

 

 

Source: ANAO analysis of CFS and DIBP's financial statements for the year ended 30 June 2016.

3.15.3 Figure 3.15.2 and Figure 3.15.3 show the 2015–16 departmental and administered financial statement items reported by DIBP and the 2016–17 key areas of financial statements risk.

Figure 3.15.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DIBP's financial statements for the year ended 30 June 2016.

Figure 3.15.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DIBP's financial statements for the year ended 30 June 2016.

3.15.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DIBP's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DIBP's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DIBP also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.15.5 In light of the key areas of risk detailed in Table 3.15.3 and the ANAO's understanding of the operations of DIBP, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹⁰⁵

3.15.6 Annual appropriation funding of $2 730.2 million (departmental) and $2 394.1 million (administered) was provided to DIBP in 2016–17 to support the achievement of the DIBP's outcomes.¹⁰⁶ DIBP was also budgeted to receive special appropriation funding of $420.0 million.¹⁰⁷

3.15.7 Table 3.15.1 and Table 3.15.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.15.1: Key expenses and total own-sourced income

Table 3.15.2: Key assets and liabilities

Note a: DIBP's estimated average staffing level for 2016–17 is 14 000.

Key areas of financial statements risk

3.15.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DIBP's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.15.3.

Table 3.15.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for DIBP.

3.15.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of DIBP:

• ANAO Report No.8 2016–17 Controls over Credit Card Use;
• ANAO Report No.13 2016–17 Delivery of Health Services in Onshore Immigration Detention;
• ANAO Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services;
• ANAO Report No.32 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Contract Management of Garrison Support and Welfare Services; and
• ANAO Report No.42 2016–17 Cybersecurity Follow-up Audit.

3.15.10 ANAO Reports No.16 and No.32 2016–17 included observations relevant to the risks outlined in Table 3.15.3 relating to the management of the overseas regional processing centres. The audits noted that DIBP did not have:

• an effective risk based contract management plan commensurate with the value, complexity and risks associated with the garrison welfare and support contracts;
• a robust process for ensuring that contract expenses had been appropriately authorised prior to payment, including confirming whether goods or services had been received and the retention of relevant documentation; and
• a robust process to ensure that contract expenditure for future periods had appropriate approval from Government before committing the funds.

3.15.11 DIBP agreed with all recommendations relating to these audits. For the purpose of the financial statements audit, the approach for this area includes procedures designed to obtain assurance over the processes for the oversight of contract management expenses, application of relevant instructions and procedures, and obtaining records relevant to confirming that goods and services have been received. The ANAO will undertake further testing on this area as part of the final audit.

3.15.12 The observations of the remaining reports have been considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement.

Audit results

3.15.13 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: collection of customs duty revenue and visa application revenue; management of the detention network and estate; specific elements of accounting for employee entitlements; the reporting of overseas transactions and IT application controls.

3.15.14 Audit procedures relating to: the management of the detention network and estate; collection of customs duty revenue; payment of personal benefits under the SRSS programme; and the remaining elements of accounting for employee entitlements at year end will be undertaken as part of the 2016–17 final audit.

3.15.15 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.15.4: Status of audit findings raised by the ANAO

Unresolved moderate audit findings

Customs duty compliance program

3.15.16 An effective compliance program is a key management control in confirming that all customs duty revenue that should be collected by DIBP has been. During the 2014–15 audit of the former Australian Customs and Border Protection Service (ACBPS), the ANAO completed testing of the customs duty compliance program and identified weaknesses in the governance and management oversight arrangements for the program. In particular, the ANAO identified a lack of regular oversight and monitoring; inconsistent policies and procedures related to planning, managing and executing compliance activities; no end-to-end risk assessment process, register or plan for compliance activities; and no documented rationale for the sample size and selection methodology that is consistent with the level of assurance that the ACBPS aimed to achieve from the compliance program.

3.15.17 DIBP has made substantial progress in addressing the audit finding. At the time of the 2016–17 interim audit, DIBP had continued remediation action to address the weaknesses identified including the:

• establishment of the Customs Compliance Branch with primary responsibility for assessing risks of non-compliance with the relevant customs regulations and coordinating risk treatments and management plans within DIBP;
• development of key governance arrangements and plans, such as risk identification, treatment and management policies, including development of a risk register;
• appointment of risk leads within the Customs Compliance Branch with responsibilities to: coordinate and establish an appropriate risk register and treatment plan; and determine operational priorities for identified risks of non-compliance; and
• implementation of revised reporting structures for compliance outcomes, including formal reporting to key governance committees charged with the oversight of the compliance function.

3.15.18 During the 2016–17 financial year DIBP has advised it will continue to develop the revised policies and procedures in relation to the compliance program. Additional remediation action relating to documenting a rationale for the sample size and selection methodology used within the compliance program is scheduled to be finalised in 2017–18.

3.15.19 The ANAO will continue to review remediation action implemented by DIBP as part of the 2016–17 final audit.

Human resources management

3.15.20 During the 2015–16 audit, the ANAO identified weaknesses associated with the employee commencement and cessation processes, particularly relating to the timely finalisation of processes associated with these activities and the retention of documentation on employee files to support processing undertaken. The ANAO also identified weaknesses in relation to the payment of allowances to eligible employees, including inadequate controls to identify and process changes in eligibility for receipt of these allowances.

3.15.21 DIBP has recently implemented a wide range initiatives to address the identified weaknesses, including:

• identifying and documenting key controls and policies and procedures to support the human resources process;
• a quarterly quality assurance process to examine the validity and accuracy of transactions for commencements, terminations, superannuation and allowances;
• automated processes to support timely processing of employee cessations; and
• completed reviews of leave balances, termination payments and allowances.

3.15.22 DIBP has also made progress in the development of a control framework for all employee allowances and the development of HRMIS system enhancements to automate payments for particular allowances.

3.15.23 The ANAO will review the progress against this issue during the 2016–17 final audit.

Record keeping

3.15.24 Section 41 of the PGPA Act requires that the accountable authority of DIBP must cause records to be kept that properly record and explain transactions and DIBP's financial position. DIBP has developed internal financial management and other policies in relation to proper records to be retained relating to the preparation of the financial statements.

3.15.25 In undertaking the 2015–16 audit, the ANAO identified weaknesses in record keeping relating to the following processes supporting the preparation of the financial statements:

• working papers and reports supporting the transfer of employee leave balances and other information from the former ACBPS' payroll system to the DIBP payroll system;
• missing transactional documentation relating to the processing of visa application fees and contract performance management;
• delays in the provision of supporting documentation for material processes and balances, such as accounting for operating leases and impairment of trade debtors; and
• inadequate information maintained on DIBP's asset register to support the stocktake of assets related to information technology and infrastructure.

3.15.26 DIBP has recently established a financial recordkeeping financial management guideline. This will be complemented by progress being made in revising guidelines for the management of information contained within the asset register and documentation requirements for financial reporting processes.

3.15.27 A monthly assurance process has also recently been established to assess compliance with the standard minimum documentation requirements to support manual and adjusting accrual journals.

3.15.28 The ANAO will continue to review DIBP's progress in addressing these weaknesses in the 2016–17 final audit.

New moderate audit finding

Management of privileged security users in the IT networks

3.15.29 The ANAO's review of users with privileged access to DIBP's networks identified weaknesses in the operation of the controls relating to granting and terminating privileged user access and the use of these accounts. The weaknesses related to:

• the use of personal administrator accounts rather than a designated account for the running of scripted jobs;
• scripts to deactivate users for inactivity were not fully operational as there were instances identified with accounts active at the time of our audit despite greater than 90 days of inactivity; and
• domain administrator accounts with internet access. In protecting the related networks, DIBP's position is that this should not occur.

3.15.30 The above control weaknesses increase the risk of susceptibility of the networks being compromised and interruption to DIBP's operations.

3.15.31 DIBP has advised it will strengthen controls to address the above issues. The ANAO will review and assess this process during the 2016–17 final audit.

Conclusion

3.15.32 At the completion of the interim audit, the ANAO has reported a number of areas where improvements are required. The audit findings outlined above reduce the level of confidence that can be placed on the key elements of internal control that support the preparation of the financial statements that are free from material misstatement. During the 2016–17 final audit the ANAO will undertake further procedures and assess action taken by DIBP to address the weaknesses identified.

3.16 Department of Industry, Innovation and Science

Overview

3.16.1 The Department of Industry, Innovation and Science (Industry) is responsible for supporting science and commercialisation, growing business investment and improving business capability, developing Northern Australia and streamlining regulation.

3.16.2 Figure 3.16.1 shows Industry's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.16.1: Industry's contribution to the Australian Government's revenue, expenses, assets and liabilities¹⁰⁸

 

 

Source: ANAO analysis of CFS and Industry's financial statements for the year ended 30 June 2016.

3.16.3 Figure 3.16.2 and Figure 3.16.3 show the 2015–16 departmental and administered financial statement items reported by Industry and the 2016–17 key areas of financial statements risk.

Figure 3.16.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Industry's financial statements for the year ended 30 June 2016.

Figure 3.16.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Industry's financial statements for the year ended 30 June 2016.

3.16.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Industry's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Industry's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Industry also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.16.5 In light of the key areas of risk detailed in Table 3.16.3 and the ANAO's understanding of the operations of Industry, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹⁰⁹

3.16.6 Annual appropriation funding of $426.0 million (departmental) and $601.1 million (administered) was provided to Industry in 2016–17 to support the achievement of Industry's outcomes.¹¹⁰ Industry was also budgeted to receive special appropriation funding of $213.0 million.¹¹¹

3.16.7 Table 3.16.1 and Table 3.16.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.16.1: Key expenses and total own-sourced income

Table 3.16.2: Key assets and liabilities

Note a: Industry's estimated average staffing level for 2016–17 is 2 450.

Key areas of financial statements risk

3.16.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Industry's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.16.3.

Table 3.16.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Industry.

Note a: Includes revenue from sources such as services delivered by the National Measurement Institute, Questacon entry fees and sales of merchandise through shopfronts.

3.16.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.28 2016–17 Collection of North West Shelf Royalty Revenue was tabled during 2016–17 and is relevant to the financial management and administration of Industry.

3.16.10 ANAO Report No.28 2016–17 included observations relevant to the completeness and accuracy of Industry's offshore petroleum and uranium royalties outlined in Table 3.16.3. In response to the higher risk of material misstatement of royalty revenue arising from these observations the ANAO will:

• assess the effectiveness of key assurance activities undertaken by Industry to address the risks of incomplete and/or inaccurate royalty returns for royalty revenue streams; and
• where possible, agree data used by Industry in assurance activities to information obtained independently from external sources.

Audit results

3.16.11 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to employee and supplier expenditure, appropriations and special accounts; and asset and cash management. As part of the interim audit coverage, the ANAO has also assessed controls relating to selected departmental and administered revenue streams, grant and subsidy payments and IT general and application controls for key financial systems.

3.16.12 Audit procedures relating to the: completeness and accuracy of royalties; and valuation of the administered advances and loans, investments and non-financial assets will be undertaken as part of the 2016–17 final audit.

3.16.13 To date, audit coverage has not identified any new significant or moderate audit findings.

3.16.14 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.16.4: Status of audit findings raised by the ANAO

Unresolved moderate audit findings

Administration of North West Shelf royalties

3.16.15 Industry is responsible for the collection of royalties levied on offshore petroleum operations from the North West Shelf. Day-to-day administration of the North West Shelf, including liaison with Joint Venture participants, royalty calculation and obtaining assurance of the accuracy of royalty payments, is undertaken by the Western Australian Department of Mines and Petroleum (DMP) as set out in the Offshore Petroleum and Greenhouse Gas Storage Act 2006 and Offshore Petroleum (Royalty) Act 2006.

3.16.16 During the 2015–16 final audit, the ANAO identified that the roles and responsibilities of Industry and the DMP had not been adequately documented and that administrative arrangements provided insufficient assurance that production values and deductions are adequately assessed. At the completion of the 2015–16 final audit, the ANAO recommended that Industry formalise arrangements with the DMP to establish each entity's roles and responsibilities regarding the administration of North West Shelf royalties, including arrangements for effective assurance processes that focus on the validation of the completeness and accuracy of information provided by Joint Venture partners supporting royalties paid to the Commonwealth.

3.16.17 At the time of the 2016–17 interim audit Industry had drafted an assurance framework and advised that the assurance framework will form the basis for a revised memorandum of understanding between Industry and the DMP that will establish the roles and responsibilities of each entity. The revised memorandum of understanding is expected to be effective by 1 July 2017.

3.16.18 The ANAO will review Industry's progress in formalising these arrangements and improving internal assurance processes as part of the 2016–17 final audit.

Conclusion

3.16.19 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Industry will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.17 Department of Infrastructure and Regional Development

Overview

3.17.1 The Department of Infrastructure and Regional Development (Infrastructure) is responsible for: improving infrastructure across Australia, through funding coordination of transport and other infrastructure; providing an efficient, sustainable, competitive, safe and secure transport system for all transport users; strengthening the sustainability, capacity and diversity of regional economies; and supporting governance arrangements in the Australian territories.

3.17.2 Figure 3.17.1 shows Infrastructure's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.17.1: Infrastructure's contribution to the Australian Government's revenue, expenses, assets and liabilities¹¹²

 

 

Source: ANAO analysis of CFS and Infrastructure's financial statements for the year ended 30 June 2016.

3.17.3 Figure 3.17.2 and Figure 3.17.3 show the 2015–16 departmental and administered financial statement items reported by Infrastructure and the 2016–17 key areas of financial statements risk.

Figure 3.17.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Infrastructure's financial statements for the year ended 30 June 2016.

Figure 3.17.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Infrastructure's financial statements for the year ended 30 June 2016.

3.17.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Infrastructure's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Infrastructure's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Infrastructure also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.17.5 In light of the key areas of risk detailed in Table 3.17.3 and the ANAO's understanding of the operations of Infrastructure, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹¹³

3.17.6 Annual appropriation funding of $277.3 million (departmental) and $2 152.5 million (administered) was provided to Infrastructure in 2016–17 to support the achievement of the entity's outcomes.¹¹⁴ Infrastructure was also budgeted to receive special appropriation funding of $3 786.4 million.¹¹⁵

3.17.7 Table 3.17.1 and Table 3.17.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.17.1: Key expenses and total own-sourced income

Table 3.17.2: Key assets and liabilities

Note a: Infrastructure's estimated average staffing level for 2016–17 is 1 130.

Key areas of financial statements risk

3.17.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Infrastructure's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.17.3.

Table 3.17.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Infrastructure.

3.17.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports tabled during 2016–17 were relevant to the financial management or administration of Infrastructure:

• ANAO Report No.38 2016–17 The Approval and Administration of Commonwealth Funding for the WestConnex Project; and
• ANAO Report No.30 2016–17 Design and Implementation of Round Two of the National Stronger Regions Fund.

3.17.10 ANAO Report No.38 2016–17 included observations relevant to the valuation of the concessional loans outlined in Table 3.17.3. Audit procedures have been developed in response to the observations raised in the report in relation to the selection of the market rates used to determine the fair value of the loan.

3.17.11 ANAO Report No.30 2016–17 included observations relevant to the management of grant payments outlined in Table 3.17.3. The observations in the report in respect of effective application and milestone acquittal assessment processes informed the development of substantive testing criteria for grant payments.

Audit results

3.17.12 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash, appropriations and special accounts, supplier expenditure and payroll. Interim audit coverage has also included an assessment of the controls relating to: grant and subsidy payments, administered revenue and receivables and IT general and application controls for key financial systems.

3.17.13 Audit procedures relating to valuation of administered investments, concessional loans and non-financial assets will be undertaken as part of the 2016–17 final audit.

3.17.14 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.17.15 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Infrastructure will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.18 Department of Parliamentary Services

Overview

3.18.1 The Department of Parliamentary Services (DPS) supports the functions of the Australian Parliament and the work of parliamentarians through the provision of a range of corporate and retail products and services. These include library and research, Hansard and broadcasting, communications, security, building maintenance and grounds management and visitor services.

3.18.2 Figure 3.18.1 shows DPS' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.18.1: DPS' contribution to the Australian Government's revenue, expenses, assets and liabilities¹¹⁶

 

 

Source: ANAO analysis of CFS and DPS' financial statements for the year ended 30 June 2016.

3.18.3 Figure 3.18.2 and Figure 3.18.3 show the 2015–16 departmental and administered financial statement items reported by DPS and the 2016–17 key areas of financial statements risk.

Figure 3.18.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DPS' financial statements for the year ended 30 June 2016.

Figure 3.18.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and DPS' financial statements for the year ended 30 June 2016.

3.18.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DPS' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DPS' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DPS also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.18.5 In light of the key areas of risk detailed in Table 3.18.3 and the ANAO's understanding of the operations of DPS, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹¹⁷

3.18.6 Annual appropriation funding of $141.1 million (departmental) and $47.1 million (administered) was provided to DPS in 2016–17 to support the achievement of DPS' outcomes.¹¹⁸

3.18.7 Table 3.18.1 and Table 3.18.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.18.1: Key expenses and total own-sourced income

Table 3.18.2: Key assets and liabilities

Note a: DPS' estimated average staffing level for 2016–17 is 820.

Key areas of financial statements risk

3.18.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DPS's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.18.3.

Table 3.18.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for DPS.

3.18.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.18.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash and asset management; payroll processing; and supplier expenses.

3.18.11 As part of the 2016–17 final audit, audit procedures over all key areas will be completed, including the valuation of non-financial assets and employee provisions, revenue generated by catering services and IT general and application controls.

3.18.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.18.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DPS will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.19 Department of the Prime Minister and Cabinet

Overview

3.19.1 The Department of the Prime Minister and Cabinet (PM&C) is responsible for coordinating policy development across government in economic, domestic and international affairs, Aboriginal and Torres Strait Islander advancement and public service stewardship.

3.19.2 Figure 3.19.1 shows PM&C's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.19.1: PM&C's contribution to the Australian Government's revenue, expenses, assets and liabilities¹¹⁹

 

 

Source: ANAO analysis of CFS and PM&C's financial statements for the year ended 30 June 2016.

3.19.3 Figure 3.19.2 and Figure 3.19.3 show the 2015–16 departmental and administered financial statement items reported by PM&C and the 2016–17 key areas of financial statements risk.

Figure 3.19.2: Key departmental financial statement items and areas of financial statements risk

 

 

 

Source: ANAO analysis and PM&C's financial statements for the year ended 30 June 2016.

 

Figure 3.19.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and PM&C's financial statements for the year ended 30 June 2016.

3.19.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on PM&C's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of PM&C's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 relevant to the financial management or administration of PM&C also inform the ANAO's 2016–17 financial statements audit risk identification processes.

3.19.5 In light of the key areas of risk detailed in Table 3.19.3 and the ANAO's understanding of the operations of PM&C, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹²⁰

3.19.6 Annual appropriation funding of $424.8 million (departmental) and $1 416.9 million (administered) was provided to PM&C in 2016–17 to support the achievement of PM&C's outcomes.¹²¹ PM&C was also budgeted to receive special appropriation funding of $240.3 million.¹²²

3.19.7 Table 3.19.1 and Table 3.19.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.19.1: Key expenses and total own-sourced income

Table 3.19.2: Key assets and liabilities

Note a: PM&C's estimated average staffing level for 2016–17 is 2 075.

Key areas of financial statements risk

3.19.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of PM&C's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.19.3.

Table 3.19.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for PM&C.

3.19.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.35 2016–17 Indigenous Advancement Strategy was relevant to the financial management or administration of PM&C.

3.19.10 ANAO Report No.35 2016–17 included observations relevant to PM&C's administration of grants and the Administered Grants Expense line item outlined in Table 3.19.3. This includes ensuring grant approvals are in place for all Indigenous Advancement expenditure.

Audit results

3.19.11 The ANAO has completed its interim audit coverage, including an assessment of the controls relating to selected administered grant programs and IT general and application controls for key financial systems, including those provided through shared service arrangements with other entities.

3.19.12 Audit coverage of the following areas will also be completed as part of the 2016–17 final audit:

• an assessment of PM&C's implementation of the Indigenous Advancement Strategy program model, including internal controls and governance processes;
• the department's management and oversight of shared service arrangements; and
• the valuation of PM&C's non-financial assets and administered investments.

3.19.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.19.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that PM&C will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.20 Department of Social Services

Overview

3.20.1 The Department of Social Services (Social Services) has four core areas of responsibility: social security, families and communities, disability and carers, and housing. Social Services works in partnership with other government and non-government organisations, particularly with the Department of Human Services (Human Services), to develop, manage and deliver a range of policies, programs and services focused on improving the wellbeing of people and families in Australia.

3.20.2 Figure 3.20.1 shows Social Services' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.20.1: Social Services' contribution to the Australian Government's revenue, expenses, assets and liabilities¹²³

 

 

Source: ANAO analysis of CFS and Social Services' financial statements for the year ended 30 June 2016.

3.20.3 Figure 3.20.2 and Figure 3.20.3 show the 2015–16 departmental and administered financial statement items reported by Social Services and the 2016–17 key areas of financial statements risk.

Figure 3.20.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Social Services' financial statements for the year ended 30 June 2016.

Figure 3.20.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Social Services' financial statements for the year ended 30 June 2016.

3.20.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Social Services' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Social Services' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Social Services also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.20.5 In light of the key areas of risk detailed in Table 3.20.3 and the ANAO's understanding of the operations of Social Services, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹²⁴

3.20.6 Annual appropriation funding of $456.9 million (departmental) and $2 513.5 million (administered) was provided to Social Services in 2016–17 to support the achievement of the Social Services' outcomes.¹²⁵ Social Services was also budgeted to receive special appropriation funding of $110 527.1 million.¹²⁶

3.20.7 Table 3.20.1 and Table 3.20.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

3.20.8 Human Services delivers a range of social security payments (personal benefits) for services and programs that support individuals. These payments relate largely to the Family Tax Benefit, income support for seniors, carers, people with disability and working age payments.

Table 3.20.1: Key expenses and total own-sourced income

Table 3.20.2: Key assets and liabilities

Note a: Social Services' estimated average staffing level for 2016–17 is 1 984.

Key areas of financial statements risk

3.20.9 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Social Services' financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.20.3.

Table 3.20.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Social Services.

3.20.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of Social Services:

• ANAO Report No.3 2016–17 Machinery of Government (a cross entity audit);
• ANAO Report No.23 2016–17 National Rental Affordability Scheme - Administration of Allocations and Incentives;
• ANAO Report No.41 2016–17 Management of Selected Fraud Prevention and Compliance Budget Measures (a cross entity audit);
• ANAO Report No.51 2016–17 Administration of Youth Allowance (Student) and ABSTUDY (a cross entity audit); and
• ANAO Report No.52 2016–17 Managing Underperformance in the Australian Public Service (a cross entity audit).

3.20.11 These reports did not include recommendations that impacted the financial statements audit approach.

Audit results

3.20.12 The ANAO has completed its interim audit coverage including: an assessment of the department's IT general controls over security and change management; and compliance activities and assurance processes relating to personal benefits, disability services and grants.

3.20.13 Audit coverage of the department's processes relating to cash, asset management, payroll processing, suppliers expenses, IT general controls, and application controls in financial management and human resource management information systems has also been completed.

3.20.14 As part of the 2016–17 final audit, assessment of the valuation of personal benefits related asset and liability balances will be completed. The testing of application controls for the IT systems that process payments related to personal benefits, disability services and grants will also be finalised.

3.20.15 No significant or moderate audit findings have been raised by the ANAO as a result of the audit coverage to date. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.20.16 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Social Services will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year and the controls not evaluated during the interim audit, will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.21 Department of Human Services

Overview

3.21.1 The Department of Human Services (Human Services) is part of the wider Social Services Portfolio, and is responsible for delivering a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include: income support payments and services; aged care payments; Medicare payments and services; and child support services.

3.21.2 The range of social and health related payments and services delivered by Human Services on behalf of other entities are budgeted at $172 611.4 million¹²⁷ in 2016–17 and include:

• Centrelink payments and services for retirees, the unemployed, families, carers, parents, students, people with disabilities, Indigenous Australians, farmers, people from diverse cultural and linguistic backgrounds, people living overseas, and provision of services at times of major change, including disaster recovery payments;
• services and programs that support the health of Australians such as Medicare, the Pharmaceutical Benefits Scheme, the Private Health Insurance Rebate, and the Australian Childhood Immunisation Register; and
• Aged Care payments to services funded under the Aged Care Act 1997, including residential care, home care, and flexible care services.

3.21.3 Human Services also delivers other services and payments, including veterans' entitlements and the Tasmanian Freight and Bass Strait passenger equalisation schemes.

3.21.4 Figure 3.21.1 shows Human Services' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.21.1: Human Services' contribution to the Australian Government's revenue, expenses, assets and liabilities¹²⁸

 

 

Source: ANAO analysis of CFS and Human Services' financial statements for the year ended 30 June 2016.

3.21.5 Figure 3.21.2 and Figure 3.21.3 show the 2015–16 departmental and administered financial statement items reported by Human Service and the 2016–17 key areas of financial statements risk.

Figure 3.21.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Human Services' financial statements for the year ended 30 June 2016.

Figure 3.21.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Human Services' financial statements for the year ended 30 June 2016.

3.21.6 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Human Services' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Human Services' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Human Services also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.21.7 In light of the key areas of risk detailed in Table 3.21.3 and the ANAO's understanding of the operations of Human Services, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹²⁹

3.21.8 Annual appropriation funding of $4 561.8 million (departmental) and $1.6 million (administered) was provided to Human Services' in 2016–17 to support the achievement of Human Services' outcomes.¹³⁰ Human Services was also budgeted to receive special appropriation funding of $57.2 million.¹³¹

3.21.9 Table 3.21.1 and Table 3.21.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.21.1: Key expenses and total own-sourced income

Table 3.21.2: Key assets and liabilities

Note a: Human Services' estimated average staffing level for 2016–17 is 29 835.

Key areas of financial statements risk

3.21.10 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Human Services' financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.21.3.

Table 3.21.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Human Services.

3.21.11 As referred at paragraph 3.21.2 above, Human Services delivers payments on behalf of the Departments of Social Services, Health and a number of other Commonwealth entities. These payments are reported in the respective entities' financial statements and are budgeted to be approximately $172 611.4 million in 2016–17. The areas highlighted for specific audit coverage in relation to these payments¹³² for 2016–17 are outlined in this report against the relevant responsible entity.

3.21.12 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of Human Services:

• ANAO Report No.20 2016–17 The Management, Administration and Monitoring of the Indemnity Insurance Fund;
• ANAO Report No.41 2016–17 Management of Selected Fraud Prevention and Compliance Budget Measures;
• ANAO Report No.42 2016–17 Cybersecurity Follow-up Audit;
• ANAO Report No.50 2016–17 Child Support Collection Arrangements between the Australian Taxation Office and the Department of Human Services; and
• ANAO report No.51 2016–17 Administration of Youth Allowance (Student) and ABSTUDY.

3.21.13 While these reports did not include recommendations regarding risks to Human Services' financial administration as it relates to the financial statements, the observations of these reports were considered in designing audit procedures.

Audit results

3.21.14 The ANAO has completed its 2016–17 interim audit coverage including an assessment of controls in relation to areas of audit focus and IT controls over security and change management of the FMIS and HRMIS systems.

3.21.15 As part of the 2016–17 final audit, the ANAO will also assess the controls over social and health related payments made by Human Services on behalf of other Commonwealth entities, including associated compliance and quality assurance activities. In addition, the ANAO's final audit coverage will include the valuation of child support debts and non-financial assets, particularly intangibles.

3.21.16 No significant or moderate audit findings have been raised by the ANAO as a result of the audit coverage to date. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.21.17 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Human Services will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year and the controls not evaluated during the interim audit, will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.22 Department of the Treasury

Overview

3.22.1 The Department of the Treasury (Treasury) is responsible for the development, delivery and implementation of economic policy and advice. This includes advice on: taxation; the Budget and the economy; financial and foreign investment, competition and broader structural policy; small business; and international economic policy.

3.22.2 Figure 3.22.1 shows Treasury's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.22.1: Treasury's contribution to the Australian Government's revenue, expenses, assets and liabilities¹³³

 

 

Source: ANAO analysis of CFS and Treasury's financial statements for the year ended 30 June 2016.

3.22.3 Figure 3.22.2 and Figure 3.22.3 show the 2015–16 departmental and administered financial statement items reported by Treasury and the 2016–17 key areas of financial statements risk.

Figure 3.22.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Treasury's financial statements for the year ended 30 June 2016.

Figure 3.22.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and Treasury's financial statements for the year ended 30 June 2016.

3.22.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Treasury's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Treasury's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Treasury also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.22.5 In light of the key areas of risk detailed in Table 3.22.3 and the ANAO's understanding of the operations of Treasury, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹³⁴

3.22.6 Annual appropriation funding of $171.6 million (departmental) and $104.7 million (administered) was provided to Treasury in 2016–17 to support the achievement of the Treasury's outcomes.¹³⁵ Treasury was also budgeted to receive special appropriation funding of $81 549.4 million.¹³⁶

3.22.7 Table 3.22.1 and Table 3.22.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.22.1: Key expenses and total own-sourced income

Table 3.22.2: Key assets and liabilities

Note a: The Treasury's estimated average staffing level for 2016–17 is 815.

Key areas of financial statements risk

3.22.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Treasury's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.22.3.

Table 3.22.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for Treasury.

3.22.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.22.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash and asset management; payroll processing; supplier expenses; and appropriations. Audit coverage also included an assessment of the IT general controls.

3.22.11 Interim audit coverage has also been completed over the Treasury's risk assessment and payments processes for National Partnership Payments made under the Federal Financial Relations Act 2009.

3.22.12 Audit procedures relating to: the Natural Disaster Relief and Recovery Arrangements; administered investments; and revenue and receivables will be undertaken as part of the 2016–17 final audit. As part of the 2016–17 final audit, procedures will be undertaken over the assurance processes for payments made under the Federal Financial Relations Act 2009.

3.22.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.22.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Treasury will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.23 Australian Office of Financial Management

Overview

3.23.1 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets. AOFM is responsible for issuing treasury bonds, treasury indexed bonds and treasury notes, managing the Australian Government's cash balances, and investing in financial assets.

3.23.2 Figure 3.23.1 shows AOFM's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.23.1: AOFM's contribution to the Australian Government's revenue, expenses, assets and liabilities¹³⁷

 

 

Source: ANAO analysis of CFS and AOFM's financial statements for the year ended 30 June 2016.

3.23.3 Figure 3.23.2 and Figure 3.23.3 show the 2015–16 departmental and administered financial statement items reported by AOFM and the 2016–17 key areas of financial statements risk.

Figure 3.23.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and AOFM's financial statements for the year ended 30 June 2016.

Figure 3.23.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and AOFM's financial statements for the year ended 30 June 2016.

3.23.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on AOFM's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of AOFM's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of AOFM also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.23.5 In light of the key areas of risk detailed in Table 3.23.3 and the ANAO's understanding of the operations of AOFM, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹³⁸

3.23.6 Annual appropriation funding of $11.9 million (departmental) and $0.01 million (administered) was provided to AOFM in 2016–17 to support the achievement of the AOFM's outcomes.¹³⁹ AOFM was also budgeted to receive special appropriation funding of $538 204.7 million.¹⁴⁰

3.23.7 Table 3.23.1 and Table 3.23.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.23.1: Key expenses and total own-sourced income

Note a: This amount reflects estimated net re-measurements and gains/losses of $19 605.4 million.

Table 3.23.2: Key assets and liabilities

Note a: The AOFM's estimated average staffing level for 2016–17 is 36.

Key areas of financial statements risk

3.23.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of AOFM's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.23.3.

Table 3.23.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for AOFM.

3.23.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.23.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to the issuance of debt instruments. Audit coverage of: cash and other financial assets; accounts payable and receivable; payroll processing; IT general controls, and application controls in the FMIS and HRMIS, has also been completed.

3.23.11 The other key areas of risk, including the assessment of the measurement and disclosure of financial assets and liability securities, will be completed as part of the 2016–17 final audit.

3.23.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.23.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that AOFM will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.24 Australian Taxation Office

Overview

3.24.1 The Australian Taxation Office (ATO) is the Australian Government's principal revenue collection entity. Its role is to manage and shape tax, excise and superannuation systems that fund services for Australians. The ATO has a single outcome delivered through: four departmental programs, including the Tax Practitioners Board, the Australian Business Register and the Australian Charities and Not-for‐profits Commission; and 14 administered programs.

3.24.2 Figure 3.24.1 shows the ATO's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.24.1: ATO's contribution to the Australian Government's revenue, expenses, assets and liabilities¹⁴¹

 

 

Source: ANAO analysis of CFS and ATO's financial statements for the year ended 30 June 2016.

3.24.3 Figure 3.24.2 and Figure 3.24.3 show the 2015–16 departmental and administered financial statement items reported by the ATO and the 2016–17 key areas of financial statements risk.

Figure 3.24.2: Key departmental financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and the ATO's financial statements for the year ended 30 June 2016.

Figure 3.24.3: Key administered financial statement items and areas of financial statements risk

 

 

Source: ANAO analysis and ATO's financial statements for the year ended 30 June 2016.

3.24.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on the ATO's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of the ATO's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of the ATO also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.24.5 In light of the key areas of risk detailed in Table 3.24.3 and the ANAO's understanding of the operations of ATO, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items¹⁴²

3.24.6 Annual appropriation funding of $3 364.2 million (departmental) and $5.3 million (administered) was provided to the ATO in 2016–17 to support the achievement of the ATO's outcomes.¹⁴³ The ATO was also budgeted to receive special appropriation funding of $11 495.0 million.¹⁴⁴

3.24.7 Table 3.24.1 and Table 3.24.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.24.1: Key expenses and total own-sourced income

Table 3.24.2: Key assets and liabilities

Note a: The ATO's estimated average staffing level for 2016–17 is 17 901.

Key areas of financial statements risk

3.24.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of the ATO's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.24.3.

Table 3.24.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for ATO.

3.24.9 As mentioned above, the ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2015–16 relevant to the financial management or administration of the ATO:

• ANAO Report No.2 2016–17 Conduct of the External Compliance Assurance Process Pilot;
• ANAO Report No.42 2016–17 Cybersecurity Follow-up Audit;
• ANAO Report No.37 2016–17 Australian Taxation Office's Implementation of Recommendations;
• ANAO Report No.15 2016–17 Meeting Revenue Commitments from Compliance Measures; and
• ANAO Report No.50 2016–17 Child Support Collection Arrangements between the Australian Taxation Office and the Department of Human Services.

3.24.10 These reports included observations supporting the ANAO's assessment of financial statements risk outlined in Table 3.24.3, in particular the ATO's compliance risk management and IT business systems, which is identified as a high and moderate risks.

Audit results

3.24.11 The ANAO has substantially completed its 2016–17 interim audit coverage, including an assessment of the controls relating to the ATO's business operations including key financial administration systems and its key revenue collection processes.

3.24.12 The ANAO's interim audit coverage included an assessment of the ATO's IT general controls and departmental application controls. The assessment included logical security, change and release management and controls in the ATO's FMIS, HRMIS and other key administered financial systems.

3.24.13 As part of the 2016−17 final audit, audit coverage in relation to the estimation and allocation processes associated with reporting of taxation revenue; processes for estimating taxation debt provisions; application of various types of penalties and interest charges; and accounting transactions for settlements of outstanding taxation liabilities including adjustments to taxpayer client accounts, will be finalised. The ANAO will also finalise the assessment of the complex manual processes for financial reporting and coverage over the ATO's external compliance program as part of the 2016–17 final audit.

3.24.14 In December 2016 and February 2017 the ATO experienced major outages of its key business systems including the tax agent portal, business portal and its FMIS system. In response, the ATO engaged an independent expert to review and determine the nature and the cause of these major outages with results expected to be finalised in June 2017. The ANAO will assess the impact of these outages on the ATO's financial statements and continue to assess the effective operation of the ATO's IT general and application controls during the 2016–17 final audit.

3.24.15 The interim audit coverage has not identified any new significant or moderate audit findings.

3.24.16 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.24.4: Status of audit findings raised by the ANAO

Unresolved moderate audit findings

Administration of penalties and interest

3.24.17 The ATO applies interest to unpaid taxation liabilities and amended taxation liabilities where the amendment results in an additional amount of taxation payable to the ATO. Penalties may be imposed when a taxpayer has not taken reasonable care in meeting their tax obligations. In addition to the authority to impose interest and penalties, the ATO also has the authority to remit, partially or in full, any of these charges in certain circumstances.

3.24.18 During the 2015–16 interim audit phase, the ANAO reviewed the imposition and remission of interest and penalties and identified the following weaknesses:

• a number of instances where the officer approving the remission of a charge did not have the appropriate authority; and
• a lack of documentation sufficiently detailing the decision process relating to the remission of charges.

3.24.19 These weaknesses increase the risk that the remission of taxation liability charges is incorrectly administered. Following the 2015–16 audit the ATO agreed to:

• review education, training and guidance to staff calculating and approving interest and penalty remissions;
• where necessary, make changes to improve staff awareness of relevant delegations and authorisations and documentation requirements; and
• review the quality control framework for the remission of penalties and interest.

3.24.20 During the 2016–17 interim audit the activities were still in progress and yet to be fully implemented. The ANAO will review the ATO's progress in addressing this finding during the 2016–17 final audit.

Estimation and allocation processes for revenue and expenses

3.24.21 The ATO's administered income and expense balances incorporate a number of significant estimates and allocation processes that involve high degrees of complexity, sensitivity and uncertainty. These estimates can also involve uncertainty as to future conditions and may have limited availability of information from which to base the estimation.

3.24.22 To manage this risk the ATO has instituted an estimation process. During the 2015–16 final audit, the ANAO identified several weaknesses in the ATO's revenue and expenses estimation processes, including:

• the absence of testing of the validity of selected inputs, including externally provided information, and the reasonableness of methodologies and assumptions adopted over time;
• the need for greater consultation within the ATO of alternate assumptions, in particular to support the reasonableness of significant assumptions; and
• limited documentation to support consideration of the impact of changes to methodologies and data inputs on the ATO's financial statements.

3.24.23 These weaknesses increase the risk that taxation revenue and expense estimates may be unreliable or materially misstated in the ATO's financial statements. The ATO advised it would review the methodologies and processes used in the calculation of revenue and expense estimates and the documentation of changes made to methodologies adopted. At the time of 2016–17 interim audit this was still in progress. The ANAO will review the action taken by the ATO during the 2016–17 final audit.

Debt provision assessments

3.24.24 Taxpayers are entitled to dispute amounts assessed by the ATO. For financial reporting purposes, the ATO estimates the probable outcome from these disputes and this may result in a reduction in the amount of tax owed by a taxpayer. There are two mechanisms to recognise the reduction: an allowance for credit amendment if the disputed debt is unpaid; or a provision for refund if the disputed debt has been paid. In addition, the ATO makes an assessment of the collectability of administered receivables. This estimation process is inherently complex and reliant on a significant degree of specialised knowledge and judgement.

3.24.25 During the 2015–16 final audit the ANAO examined the approach adopted by the ATO to determine the estimate and identified:

• instances of limited documentation to support key judgements made by ATO officers relating to large or complex cases, or revision made to assessments;
• the need for a more robust quality assurance process over the extraction of data used in the development of actuarial and other models; and
• an error in an estimate of interest charges applied.

3.24.26 These weaknesses increase the risk that key judgements may be inconsistently applied by ATO officers or not based on sufficient and appropriate evidence; data extracted from the ATO's key business systems for the development of key estimates for financial reporting may not be complete or accurate; or reported balances may be misstated.

3.24.27 The ATO agreed to undertake a review of its: policies and procedures; training provided to staff; and the documentation requirements supporting provision estimates. At the time of the 2016–17 interim audit this was still in progress. The ANAO will review the action taken by the ATO during the 2016–17 final audit.

Support and quality assurance over manual inputs to the financial statements

3.24.28 In 2015–16 the ATO implemented a project plan to assist in the timely preparation of its financial statements. While the 2015–16 financial statements were delivered on time, the ANAO identified a number of errors, including:

• a number of clerical and calculation errors in data used for financial reporting that resulted in adjustments that were material to the ATO's financial statements and several errors in key financial statement disclosures;
• an inconsistency between estimated balances and underlying business system data; and
• an inconsistency between a documented procedure and established business practice.

3.24.29 These weaknesses highlighted the need for the ATO to develop more robust quality assurance and support processes to enhance the quality of its financial reporting. A lack of robust quality assurance and support processes increases the risk of error and the potential for material misstatement to the ATO's financial statements.

3.24.30 The ATO advised it will review its quality assurance practices and assurance processes of data used in the preparation of its financial statements. At the time of the 2016–17 interim audit the reviews were still in progress. The ANAO will review the action taken by the ATO during the 2016–17 final audit.

Conclusion

3.24.31 At the completion of the interim audit, the ANAO has reported a number of areas where improvements are required. The audit findings outlined above reduce the level of confidence that can be placed on the key elements of internal control that support the preparation of the financial statements that are free from material misstatement. During the 2016–17 final audit the ANAO will undertake further procedures and assess action taken by the ATO to address the weaknesses identified.

3.25 Reserve Bank of Australia

Overview

3.25.1 The objective of the Reserve Bank of Australia (RBA) is to conduct monetary policy, work to maintain a strong financial system and issue the nation's currency. As well as being a policy-making body, the RBA provides selected banking services to a range of Australian Government entities and to a number of overseas central banks and official institutions. It also manages Australia's gold and foreign exchange reserves.

3.25.2 Figure 3.25.1 shows RBA's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.25.1: RBA's contribution to the Australian Government's revenue, expenses, assets and liabilities¹⁴⁵

 

 

Source: ANAO analysis of CFS and RBA's financial statements for the year ended 30 June 2016.

3.25.3 Figure 3.25.2 shows the 2015–16 financial statement items reported by RBA and the 2016–17 key areas of financial statements risk.

Figure 3.25.2: Key financial statement items and areas of financial statements risk

 

 

3.25.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on RBA's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of RBA's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of RBA also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.25.5 In light of the key areas of risk detailed in Table 3.25.3 and the ANAO's understanding of the operations of RBA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items¹⁴⁶

3.25.6 The operational functions of RBA are funded from interest income, gains on securities and foreign exchange and fees and commissions income.

3.25.7 RBA is not required to prepare budgeted financial statements as part of the Commonwealth budget process. Table 3.25.1 and Table 3.25.2 provide a summary of the key financial statements items reported in the audited 2015–16 financial statements.

Table 3.25.1: Key expenses and own-sourced income

Table 3.25.2: Key assets and liabilities

Note a: RBA's average staffing level for 2015–16 was 1 308.

Key areas of financial statements risk

3.25.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of RBA's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.25.3.

Table 3.25.3: Key areas of financial statements risk

Source: ANAO 2016–17 risk assessment for RBA.

3.25.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.25.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the design of controls relating to: domestic and international market operations, Australian bank notes on issue, payments and settlements and banking. Interim audit coverage also included an assessment of the IT general and application controls. The design of the RBA's controls relating to overseas operations, financial administration and risk management and compliance have also been assessed.

3.25.11 Audit procedures relating to the net gains on foreign exchange and securities and the valuation of foreign and domestic investments and deposits will be performed as part of the 2016–17 final audit.

3.25.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.25.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that RBA will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.