Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.
Audit Committee Chairs Forum — Friday 9 July 2021
An Audit Committee Chairs Forum was held on Friday, 9 July 2021. It was both an in-person and virtual event.
The text on this page is the communique from the forum.
- The ANAO was provided with an additional $61m over the next 4 years. The funding will allow the number of audits to be restored to the historical number of 48 per year by the end of forward estimates.
- The funding also provides for a Performance Statements audit program to be rolled out in a staged way over coming years. A new group within ANAO was created as of 1 July 2021 to facilitate this. A robust methodology for performance statement auditing has been developed through the pilot undertaken in 2020 and continued this year. Over time, the ANAO’s goal is to have a single engagement with an entity covering both financial statements and performance statements audits.
- Previous performance audits and the pilot performance statement audit program have revealed issues with entities’ performance information, including the lack of a performance measurement framework for indicators, and the need for more upfront planning.
- The ANAO’s has decided to specifically bring all entity A-findings from financial statements audits to the responsible Minister’s attention.
- The ANAO has begun a project to develop a clearer methodology for including ethical/cultural considerations in audits, both for performance audits and financial statements audits.
- The ANAO is continuing to find poor record keeping practices by entities. Timely and complete record keeping is essential for entities to be able to support the decision-making processes they have undertaken. Poor record keeping also impacts evidence collection during audits increasing the cost of audits.
- Cyber security continues to be a significant issue across audits — an area of risk for audit committees to watch.
- In January 2021, the ANAO published an Audit Insights product on Administering Regulation. The ANAO found that often regulatory frameworks were not developed from a risk-based perspective or were not implemented effectively.
- Remote access to entities has increased over the past year and the ANAO is continuing to promote remote access to entities in both performance and financial statements auditing to improve efficiency. The COVID-19 pandemic provided the impetus for this approach.
Financial audit reporting
Interim Report on Key Financial Controls of Major Entities (2020–21)
- The Interim Report on Key Financial Controls of Major Entities was published on 2 June 2021.
- Analysis of the last four financial years has revealed a positive downward trend in aggregate interim audit findings.
- The ANAO found that 53 per cent of findings related to the IT control environment. Other focus areas going forward will be on Compliance and Quality Assurance Frameworks (13 per cent of findings), and accounting and control of non-financial assets (10 per cent). No significant legislative breaches were found. Audit committees will be expected to provide support in these areas.
- The ANAO assessed compliance against Audit Committee disclosure requirements under section 17 of the PGPA Rule (for the 182 of 187 entities subject to the PGPA Rule — five are exempt, including the ANAO). It is important to assess reporting requirements as audit committees play a key role in assisting the accountable authority to fulfil their governance and oversight responsibilities by providing independent assurance and advice. The ANAO found good performance across the sector but also instances of high workload typically around crunch periods, for example at the end of the financial year.
End of Year Report
- Information to be collected for the 2020–21 End of Year Report includes the number and value of audit adjustments and adherence to financial reporting timetable (revisions to annual report tabling deadlines).
- Key focus areas for future audits include: asset valuation under COVID conditions; going concern assessment; judgements and key assumptions. Audit committees will be key to assist in the oversight to ensure appropriate rigour is applied in addressing these issues.
- The ANAO noted key learnings from the financial statements audits of the past year.
- Remote access greatly assisted the prompt finalisation of audits so that the ANAO was able to deliver all mandated audits.
- There may need to be a paradigm shift to consider in-depth analysis of the root cause of repeat findings, including assessing whether solving IT issues with manual solutions is appropriate as a long-term solution.
- Performance KPIs could be developed for IT operations as what is not measured is difficult to improve.
- More clarity of expectations from entities is needed on the preparation and presentation of audit committee papers.
- Increased frequency of line managers’ reporting on the activities and emerging risks in their respective areas is needed to enable the accountable authority to deliver against their responsibilities.
- There needs to be a better relationship between business and IT components of an entity to ensure that IT risks are addressed in a timely and appropriate manner. For example, the single most identified finding related to a process that requires input from business and IT — the timeliness of removing staff who no longer require access to entity systems, especially contractors. Delays in access removal poses a risk to both the business and cyber-security of an entity. Dormant accounts could be used to gain unauthorised access to systems. Management should have a monitoring function to ensure that staff access is appropriate at all times.
- The Protective Security Policy Framework (PSPF) Policy 10 has mandatory requirements to safeguard information from cyber security threats: application control; patching applications; patching operating systems and restricting administrative privileges. The ANAO observed a low level of compliance in these areas. Entity self-assessments were often found to be inaccurate. A key driver of this inaccuracy is a lack of understanding and a lack of evidence supporting the self-assessments. Having a policy or a process is not enough when entities do not validate whether it addresses risks and do not know whether it works as intended. The process may not mitigate risks and may provide a false impression to the accountable authority of the effectiveness of controls.
Performance Audit Update
- 42 performance audits were tabled in the 12 months to 30 June 2021.
- With respect to the budget funding and subsequent increase in the number of performance audits planned, the ANAO is targeting to return to tabling 48 performance audits each year by 2024–25 and retain the average length of a performance audit at 10 months.
- To account for the impact of the COVID-19 pandemic on the risk environment faced by the Australian public sector, the ANAO developed a COVID-19 multi-year audit strategy outlining our approach to auditing COVID-19 related measures. The strategy is being delivered in three key phases.
- Phase 1: Management and response to risks related to rapid development and implementation of COVID-19 measures.
- Phase 2: Program delivery — policy design; implementation; and performance assessment, evaluation and dissemination of lessons learnt.
- Phase 3: Review of the outcomes of the government’s COVID-19 response.
- Five phase 1 audits of frontline entities implementing COVID-19 policy measures were tabled between December 2020 and May 2021 (phase 1).
- In May 2021 the Auditor-General published an audit insights on Emergency Management — Insights from the Australian Government’s COVID-19 Response summarising key messages for all Australian Government entities from the five phase 1 audits. This Insights product identified the following six key learning areas: crisis preparedness; governance arrangements in an emergency; identifying and managing implementation risk; mobilising resources and planning for rapid implementation; managing emergency procurements; and reviewing outcomes and lessons learnt. This Insights publication builds on the messages outlined in the April 2020 edition on Rapid Implementation of Australian Government Initiatives.
The Annual Audit Work Program
- 2021–22 Annual Audit Work Plan (AAWP) was published on 6 July 2021.
- The AAWP is designed to reflect ANAO’s audit strategy and planned audit coverage. The AAWP is designed to anticipate and respond to current and emerging risks and challenges, and complement the ANAO’s 2021–22 Corporate Plan which was also published on 6 July 2021.
- Development of the AAWP is guided by the following four objectives:
- the priorities and interests of the Parliament;
- providing a balanced program of activity that is informed by risk and promotes accountability, transparency and improvements to public administration;
- follow up on past recommendations and identify trends for improvement, or declines in performance across government; and
- apply all of the Auditor-General’s mandate.
- The ANAO also takes into consideration entities’ audit loads, and how recently entities have been audited.
- A draft of the AAWP is provided to the Parliament for consultation through the Joint Committee of Public Accounts and Audit (JCPAA), accountable authorities of Australian Government entities, members of the public via the ANAO’s website, the Commonwealth Ombudsman, the Inspector-General of Taxation, the Inspector-General of Intelligence and Security and the Office of the Australian Information Commissioner.
- Governance and service delivery continue to be the dominant activities we plan to audit. Similarly, effectiveness continues to be the dominant objective we plan to audit but the focus on ethics is likely to increase in the future.
2020–21 Financial Reporting
- Audit cleared accounts are due to be submitted to the Department of Finance by 16 August 2021 for material entities and 31 August 2021 for small entities. These submissions support the preparation of the Australian Government’s Final Budget Outcome and Consolidated Financial Statements (CFS).
- The supplementary reporting pack (SRP) is due to the Department of Finance by 18 August 2021 for material entities and 31 August 2021 for small entities.
- In the 2021–22 financial year, the Department of Finance will work with entity Chief Financial Officers with a particular focus on Information Technology controls and planning ahead of 2021–22 financial reporting.
Australian Public Service Accounting and Finance Profession Working Group
- The ability to attract and retain suitably qualified accounting and finance staff is noted as a key risk by most if not all entities in their financial management processes.
- The Australian Public Service (APS) Accounting and Finance Profession Working Group has been established by the Department of Finance in collaboration with a number of entity Chief Financial Officers to establish and implement a strong foundation for the ongoing collaboration, support and development of accounting and finance professionals within the APS.
- The priorities of the Working Group aim to grow capacity and capability, support diversity and nurture development, and align with the APS Workforce Strategy 2025.
- Following the recent Budget announcement, Services Australia will now lead the work to build and deliver the GovERP technological platform, including the central Technology Hub.
- The Department of Finance will continue to provide program oversight, and also assist the Service Delivery Office to implement GovERP and on-board the first 15 agencies.
- The GovERP program aims to streamline and standardise the processes behind corporate service delivery in the APS. Shared services will be achieved through a combination of modernised and contestable technology platforms, and consolidation and standardisation of in-scope services.