The Commonwealth Parliament regulates Australian Government entities through the Public Governance, Performance and Accountability Act  — the PGPA Act. The Act establishes a system of governance, performance and accountability for resources managed by entities. This edition of audit insights looks at recent ANAO audit activity reviewing entities implementation of key components of the PGPA: risk management, corporate planning and performance statements.

Video

 

Transcript

Introduction

The Commonwealth Parliament regulates Australian Government entities through the Public Governance, Performance and Accountability Act—the PGPA Act.

The Act establishes a system of governance, performance and accountability for resources managed by entities.

Key objectives of the Act were to improve:

  • the quality of performance information provided to Parliament; and
  • risk management by entities.

Under the Act, an entity must prepare:

  • an annual corporate plan, which sets out its purposes and performance measures; and
  • annual performance statements, which report on achievement of entity purposes against those performance measures.

Corporate plans and performance statements are the bookends of an annual performance cycle, and are intended to improve the line of sight between the use of public resources and the results achieved by entities.

Commonwealth entities must also maintain an appropriate system of risk oversight and management. The aim is to embed risk management as part of an entity’s culture, where the shared understanding of risk leads to well informed decision-making and improved performance.

Audit program

The ANAO has developed a rolling audit program to review entities’ implementation of risk management and the annual performance cycle.

As part of this ongoing program, we’ve reviewed:

  • entities’ implementation of legal and policy requirements;
  • the maturity of internal processes used for planning and risk management;
  • the role played by senior leaders and audit committees;
  • the appropriateness of entities’ corporate plans and performance statements; and
  • the Department of Finance’s role in leading these sector-wide reforms.

The ANAO has also identified areas for improvement for the audited entities, and key learnings for the wider public sector.

Corporate plans

ANAO audits of corporate planning have highlighted …

  • audited entities were at different levels of maturity in their implementation of requirements; and
  • further work was needed to fully embed requirements and position the corporate plan as the entity’s primary planning document.

The ANAO also found differences in the maturity of entity systems and processes used for developing corporate plans and monitoring their implementation.

Entities can learn from the experiences of others, and should consider the benefits of:

  • implementing a documented process and schedule to develop their corporate plan;
  • streamlining their planning processes, especially if they prepare multiple planning documents;
  • aligning the content of their planning documents, so that the corporate plan is the primary planning document;
  • clearly identifying roles, responsibilities and accountabilities for monitoring implementation of the plan;
  • developing arrangements to periodically monitor and report against their corporate plans; and
  • fully engaging senior management in the planning, monitoring and evaluation phases of corporate planning.

Performance statements

The ANAO’s audit of performance statements found that:

  • the audited entities met the minimum requirements for preparation and publication of their first annual performance statements; and
  • those performance statements included reporting against the purposes, activities and performance criteria published in entity corporate plans.

The ANAO reviewed the relevance, reliability and completeness of performance criteria used by the audited entities. Collectively, the performance criteria provided a balanced basis for assessing the audited entities’ progress in fulfilling their purposes.

We also found that:

  • the majority of results reported by entities were supported by complete and accurate records; and
  • entities had established assurance processes to certify that their reported performance information accurately reflected their performance.

As part of maturing their assurance processes, entities should consider the role and function of their audit committees. Audit committees should be able to demonstrate compliance with their obligation to review the appropriateness of performance reporting.

Entities can also learn from the experiences of others, and should consider the benefits of:

  • presenting results alongside established targets, to assist readers in assessing performance;
  • supplementing reported results with contextual information, to enhance the reader’s understanding of the operating environment;
  • clearly identifying and grouping activities, to help readers assess the alignment of performance criteria and entity purposes;
  • ensuring that performance criteria clearly align to the entity’s purpose and activities;
  • ensuring performance criteria are measurable and do not lead to biased results; and
  • ensure that performance criteria provide a balanced perspective on the entity’s effectiveness and efficiency across its business.

Good processes are also important. For example:

  • entity processes should support the complete cycle of performance measurement and reporting; and
  • there is value in clearly documenting and retaining records on the methodology and analysis employed to reach the results which are reported in performance statements.

Risk management

The ANAO’s audit of risk management concluded that:

  • the four audited entities met or mostly met the majority of requirements found in the Commonwealth Risk Management Policy; and
  • further work is required by some entities to fully realise the policy’s goal of embedding risk management as part of organisational culture.

Entities can learn from the experiences of others, and should consider the benefits of:

  • regular management reporting on risk—including the status of risk controls and treatments—to provide assurance on risk management;
  • regular and structured review of risk by governance committees, the executive board and the audit committee;
  • updating guidance and templates to reflect the entity’s risk appetite and tolerance, to support the development of a positive risk culture;
  • providing practical guidance on how staff should manage risk, to help build internal risk management capability;
  • establishing strategies to improve participation in risk-related learning and development programs, to help maintain risk management capability;
  • recording and analysing risk incidents and lessons learned, to provide insights to management and the audit committee on risk management performance and the effectiveness of the risk management framework; and
  • consider mechanisms to measure risk management performance.

Further information

Since 2016-17, the ANAO has published:

  • two audits on corporate planning, involving 14 entities;
  • an audit on performance statements, involving three entities; and
  • an audit on risk management, involving four entities.

In 2017-18, the ANAO will publish:

  • a further corporate planning audit, involving four entities; and
  • a further performance statements audit, involving five entities.

For more information please visit our website.