The Audit Committee Chairs Forum is a joint initiative of the Department of Finance and the ANAO and includes the general government and non-general government sector Audit Committee Chairs. This communique covers the outcomes of the discussion at the forum on 7 June 2017 including updates from the Auditor-General and the ANAO, and from the Department of Finance.

Updates from the Auditor-General

  • The Auditor-General summarised the financial audit results and other matters reported in ANAO Report No.33 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016. Observations and commentary was provided on the governance arrangements for the audit committees of a sample of twenty material entities (refer to paragraphs 10–11 and 2.20–2.39), and disclosure of key management personnel remuneration (refer to paragraphs 3.8–3.12).
  • The public sector shift to principle-based regulation, and the reduction in mandatory compliance-based frameworks, has resulted in the ANAO focusing audit testing on the remaining mandatory requirements and highlighting if any systemic non-compliance was found. ANAO Report No.42 2016–17 Cybersecurity Follow-up Audit examined entities compliance with the ‘Top Four’ mandatory strategies in the Australian Government Information Security Manual (ISM) and found that not all requirements had been met. Mandatory requirements are something audit committees can focus on to acquit their responsibility in providing independent advice and assurance to the accountable authority. Mandatory requirements in relation to grants and procurement are also of relevance.
  • The tabling of ANAO Report No.58 2016–17 Implementation of the Annual Performance Statements was foreshadowed. This performance audit forms part of a suite of audits being conducted across the key requirements of the Public Governance, Performance and Accountability Act 2013 (PGPA Act) that includes Corporate Planning and Management of Risk. The audit report includes a summary of key learnings that may be considered in preparing annual performance statements (refer to paragraph 34 and box 1). The report also includes observations about the role of audit committees in relation to entity performance reporting under section 17 of the PGPA Rule and the provision of assurance to the accountable authority in relation to performance information.
  • The forum was advised that from 1 July the ANAO will be removing a number of Better Practice Guides from the website. More information is available online.
  • The 2017 Annual Audit Work Program is being finalised. Consultation has occurred with Parliament, entities and for the first time the draft program was made available on the ANAO website to seek responses from the public. As a companion product to the ANAO Corporate Plan, broadening consultation with external stakeholders informs the development of the organisational strategic planning framework.
  • The ANAO is conducting an assurance review that will provide a limited level of assurance, with the review report including a negative form of expression of the conclusion. The assurance review has been initiated in response to requests from a parliamentarian. Subsequent to the forum date, on 30 June 2017 the first report under these arrangements was tabled, Malabar Headland: 2016 Lease between the Commonwealth of Australia and the New South Wales Rifle Association
  • Potential models for external review of the ANAO quality assurance framework are under consideration, including engaging ASIC to review our quality framework or files. This forms part of broader processes to drive greater transparency in our operations. Additional activities include: briefings to Parliamentarians are now posted on the website; disclosure of Auditor-General expenses; and greater engagement with audited entities and Parliament.

Other updates from the ANAO

Forthcoming interim phase (‘controls’) report - issues and themes

  • Each year two reports are tabled in Parliament relating to the ANAO financial statements audit coverage. These reports provide Parliament with an independent examination of the financial accounting and reporting of public sector entities. Information presented in the reports can provide audit committees with information regarding: sector-specific issues and findings; areas of change in reporting and auditing requirements; areas of special interest that compare/contrast reporting approaches to particular elements of the financial reporting framework.
  • The anticipated tabling of ANAO Report No.60 2016–17 Interim Report on Key Financial Controls of Major Entities was discussed and a summary of the interim results of a selection of significant entities was provided. The report details the interim phase results of 25 entities. This represents an increase compared to previous years that were focused on entities most significant to the general government sector.
  • The report found an increase in total number of findings this year. The two areas relating to IT General Controls (refer to paragraphs 1.66-1.90) and Compliance and Quality Assurance Frameworks (refer to paragraphs 1.103-1.106) continue to be where most of the moderate and significant issues relate (ranging from 65 to 70% over the last two or three years). These findings highlight that these areas tend to pose more challenges for entities and can be a useful benchmark.
  • Related issues reported include:
    • Audit committee arrangements (refer to paragraphs 11-12 and 1.22-1.33, and Chapter 1 Summary Conclusion), extending on the analysis in ANAO Report No.33 2016–17. All reviewed entities had adjusted their Committee membership to include a majority of independent members in line with the PGPA Act requirements. Sub-committee structures that are put in place to support the role of the audit committee, such as for financial statement reporting, also need to consider their impact on independence requirements of the audit committee, particularly in relation to providing assurance on financial reporting.
    • Reporting relating to compliance with finance law (refer to paragraphs 13-14, 1.46-1.55, and Chapter 1 Summary Conclusion). Compliance reporting associated with s19 of the PGPA Act was streamlined from the 2015–16 reporting period, with entities now only required to report significant breaches. All entities reviewed as part of the Controls Report had adapted to the changed requirements through: maintaining processes that monitor and capture instances of non-compliance; adopting a definition of a significant breach based on the guidance; and by giving due consideration to the nature and volume of breaches when assessing significance. Further approaches employed by some entities include: use of quantitative factors in their formal definition of a significant breach that assists in raising matters with the audit committee that may otherwise; and reporting breaches in annual reports.
  • Other matters reported include an overview of Cyber resilience (refer to paragraphs 1.96-1.102). Analysis of entities 2015-16 reporting of compliance with the Protective Security Policy Framework indicated that Infosec 4 requirements continue to be the highest area for entity non or partial compliance.

Performance audit themes

  • The selection of performance audit topics for inclusion in the ANAO Annual Audit Work Program (AAWP) is informed by: day-to-day audit coverage of portfolios; an assessment of risks across portfolios; stakeholder views and priorities (parliamentary, entity and public); and insights from performance audit and financial statements audit coverage over prior years.
  • Insights obtained from recent performance audit coverage are presented in the AAWP under common ‘themes’ (in the July 2016 AAWP there were five themes). The program of performance audits tabled in the 2016–17 period, have emerging key themes that will be considered in finalising the 2017 AAWP, and include the importance of:
    • applying resources against commitments to government;
    • implementing mandatory requirements; and
    • actively managing responsibilities, including in relation regulatory activities, probity arrangements and cybersecurity controls.
  • In addition to helping shape the 2017 AAWP, these emerging themes from the ANAO’s audit coverage signal to entities where attention should be focused.

Key audit matters

  • New Auditors Report on Financial Statements for 30 June 2017. Mandatory changes include: changes to the order, with the opinion now presented first; an expanded description of auditors responsibilities; going concern statement in Accountable Authority responsibility section (ANAO wording made relevant to public sector after Audit Committee feedback); inclusion of other information section.
  • Key Audit Matters (KAM) are only mandatory for listed companies, however the Auditor-General considers KAM reporting to be better practice as it provides greater transparency about how the audit was performed. The communication of KAM helps users to better understand matters of most significance in the audit. There is a close correlation between areas of high/significant risk and KAMs, notwithstanding other KAMs that may arise during conduct of audit.
  • The ANAO conducted a pilot for selected entities for the 2016 financial year. The KAM was not in auditor’s reports tabled in Parliament but contained in separate reports provided to audit committees for consideration. For 30 June 2017, KAM will be reported in auditor’s reports included in Financial Statements tabled in Parliament for 25 entities covered by our Controls Report.
  • For the ANAO, early and continuous communication is critical. Therefore we communicate expected KAMs to audit committees early in planning the audit and whilst performing the audit. Important to note: KAM does not introduce new information – in most cases, KAM will refer to notes to the Financial Statements; KAM describes why matter is a KAM and how audit addressed it; there is no conclusion on individual KAM (conclusion is on financial statements as a whole).

Updates from the Department of Finance

Accounting update

Tiered reporting

  • Tiered reporting will be applied for the 2016-17 financial statements. All, except for 12 entities, will be able to apply Tier 2 level reporting – the PGPA (Financial Reporting) Rule 2015 (FRR) sets out the reporting requirements:

Executive remuneration reporting

  • AASB124 specifies the minimum level of reporting regarding executive remuneration in the financial statements.
  • The FRR outlines how the amounts are to be disclosed by category.

Related party disclosures

Other accounting updates

Consolidated financial statements

  • Audit-cleared financial statements and Chief Financial Officer-assured Supplementary Reporting Packs (SRP) due to Finance by:
    • Material entities: Tuesday, 15 August 2017
    • Small entities: Wednesday, 30 August 2017.
  • Chief Financial Officers are required to certify that a management assurance process equivalent to the entity’s financial statements is applied to the SRP, which is needed for the preparation of the Consolidated Financial Statements.
  • Each Audit Committee is expected to determine the appropriate assurance on a risk-based approach.

Review of PGPA Act

  • Independent review currently being completed of the PGPA Act (s112 of the PGPA Act refers).

Role of audit committees – Annual Performance Statements and non-financial performance information

Executive Remuneration

  • Executive remuneration is a matter for the accountable authority and/or the company’s board.
  • Portfolio departments and Government Business Enterprises have been asked to publish information on their executive management’s remuneration on their websites by 31 July each year.

APS Transformation Initiatives – Shared Services, Grants and Records

  • The Australian Government is transforming the way services are delivered and how government operates to create a smaller, smarter and more productive public sector in the context of a fiscally constrained environment.
  • The Government has announced a number of Whole of Government initiatives that will support transformation of the APS and its traditional operating models through the provision of common services in centres of excellence (Hubs) and the transition of agencies into these Hubs.
  • Examples of such initiatives include the: Shared Services Program; Streamlining Government Grants Administration Program; and the Records Management Program.
  • The Preface to the 2017-18 Budget Paper No. 4 contains further information on APS Transformation
  • Finance will be issuing Guidance Material on a number of key areas to enable these arrangements including, but not limited to, Shared Funding, Assurance; and Negotiation of ASL.

Next Audit Committee Chairs Forum scheduled Thursday, 14 December 2017, 9am-12pm