Internal control

As part of the interim financial statement audit we consider the different elements of an agencies’ internal control. These elements comprise:

• control environment;
• risk assessment process;
• information technology systems;
• control activities; and
• monitoring of controls.

Each of these elements is discussed below.

Control environment

As part of the financial statement audit process, we assesses whether an agency’s internal control environment includes measures that contribute positively to establishing a foundation for effective internal control, and minimise both financial and non-financial risks to the agency. The measures should be designed to meet the individual circumstances of each agency and to assist in the orderly and efficient conduct of its business in compliance with applicable legislative requirements.

We observed that all agencies have established key elements of control environments which provide a sound basis for effective financial management. Audit committees, in particular, continue to have a positive influence on the effectiveness of agencies’ control environment particularly in the areas of risk assessment, legislative compliance and financial system controls. In addition, a reduction in non-compliance with key elements of the financial framework was noted during the audit process, and the introduction of the Certificate of Compliance has resulted in an increased focus on wider compliance issues.

Risk assessment process

Important elements of the risk assessment process common to all agencies that are subject to review are fraud control and business continuity management. In assessing agencies’ risk management processes, we noted that all agencies have fraud control plans in place, although a small number of agencies needed to improve aspects of their fraud control arrangements.

Overall there has been noticeable improvement in the management of business continuity risks.

Information technology systems

Spending on IT service delivery and development continues to represent a significant expenditure of the Australian Government. Annually, in excess of $4 billion is spent on IT-related activities. The growth of investment in, and importance of, IT systems to Australian Government financial management and service delivery requires a commensurate and ongoing investment by the ANAO in assessing IT systems and controls supporting the financial statement reporting process. The focus in 2006–07 was on: IT governance; security; system delivery; and Financial Management Information System (FMIS); and Human Resources Management Information System (HRMIS) application systems. The majority of agencies adequately addressed the areas under review, although we continue to identify a range of control-related issues that require ongoing and, in some cases, increased attention by agency management.

Control activities

An agency’s system of internal control includes the activities established to provide reasonable assurance that operational and administrative objectives and goals are achieved. Internal controls over significant operational and accounting processes and financial systems are assessed as part of the audit of an agency’s financial statements. In most agencies, key areas covered in the interim phase of the audit included: appropriations management; revenue and receivables; cash management; purchases and payables; human resource management processes; and asset management. Despite there being room for improvement in most areas, controls over business and accounting processes have been generally effective.

Monitoring of controls

Agencies undertake many types of activities as part of their monitoring of control processes, including: external evaluation reviews; control self assessment processes; post-implementation reviews; and internal audits. The level of our review of different types of activities is dependent on the nature of each entity. However, given the significance of the investment by Australian Government entities in the internal audit function and the requirements of Australian Auditing Standards, we review the internal audit function each year to gain an understanding of how it contributes to the overall monitoring of controls.

We noted that internal audit is generally playing an important role in assessing the adequacy of financial systems that underpin an agency’s financial statements and in the preparation of the statements themselves. However, we also noted there was room for improvement in some areas.

Interim audit findings

The ANAO rates its financial statement audit findings according to a risk scale. Audit findings which pose a significant business or financial risk, or financial reporting risk, to the entity and which must be addressed as a matter of urgency, are rated as ‘A’ findings. Findings that pose a moderate business or financial risk, or financial reporting risk, are rated as ‘B’ findings. These should be addressed within the next 12 months. Findings that are procedural in nature, or reflect relatively minor administrative shortcomings, are rated as ‘C’ findings.

Most agencies had areas of their control environment that required attention, although our interim audits found that there had been an overall improvement in agencies’ financial and related controls. This has resulted in a reduction in the number of ‘A’ and ‘B’ findings compared with 2005–06, as reflected in the following analysis:

• there were three agencies with ‘A’ category audit findings in both 2006–07 and 2005–06;
• the total number of ‘A’ category issues (excluding the Defence and Defence Material Organisation) was two in 2006–07 compared to nine in 2005–06;
• the total number of ‘A’ category findings for Defence decreased from 18 in 2005–06 to 16 in 2006–07, and the number for Defence Material Organisation remained the same at 6;
• the number of agencies with no category ‘A’ or ‘B’ findings is nine in 2006–07, up from seven in 2005–06;
• the total number of ‘B’ category findings across agencies (excluding Defence and Defence Material Organisation) decreased from 67 in 2005–06 to 42 in 2006–07. Defence and Defence Material Organisation showed an increase in the total number from 50 in 2005–06 to 55 in 2006–07; and
• eleven agencies reported a reduction in the number of ‘B’ category findings, six showed an increase, and six agencies remained the same.

Previous

Interim financial statement audit — period ended 30 June 2007

Next

Interim audit conclusions

SECTION 3: REPORTING ON PERFORMANCE

• Performance overview
• Portfolio Budget Statements scorecard 2006–2007
• Business Plan Scorecard 2006–2007
• Output Group 1: Performance Audit Services
• Performance Audits
• Performance audit outcomes by theme
• Inclusion of agency comments in audit reports
• Performance
• Other audit and related products
• Contribution to Outcome 1—improvement in public administration
• Contribution to the Parliament
• Contribution to public sector entities
• Client survey
• Output Group 2: Information Support Services
• Assistance to Parliament
• Better Practice Guides (BPGs)
• Performance
• Increasing awareness of BPGs and related products
• National and international representation
• Client seminars and advice
• Contribution to outcomes
• Output Group 3: Assurance Audit Services
• Financial statement audit reports
• Financial statement audit – period ended 30 June 2006
• Interim financial statement audit – period ended 30 June 2007
• Internal control
• Interim audit conclusions
• Audit methodology
• Client survey
• Performance
• Audit fees
• Other assurance reports
• Contribution to outcome 2—assurance
• Financial statement audit opinions
• Parliamentary interest
• Developments in the auditing profession
• Quality assurance

Related links

• Annual Report 2006-07 Home
• Table of Contents
• PDF Library
• Highlights
• Areas of focus for the coming year

ANAO Home