This report outlines the ANAO’s assessment of the internal controls of major agencies, including governance arrangements, information systems and control procedures. The findings summarised in this report are the results of the interim phase of the financial statement audits of 24 major General Government Sector agencies that represent some 95 per cent of total General Government Sector revenues and expenses.



1. The Auditor-General Act 1997 establishes the mandate for the Auditor‑General to undertake financial statement audits of all Australian Government entities including those of Government agencies, statutory authorities and Government business enterprises.

2. The preparation of audited financial statements in compliance with the Finance Minister’s Orders1 is a key element of the financial management and accountability regime applicable to Australian Government entities. It is generally accepted in both the private and public sectors that a good indicator of the effectiveness of an entity’s financial management is the timely finalisation of its annual financial statements, accompanied by an unmodified audit opinion. Australian Government entities, in cooperation with the Australian National Audit Office (ANAO), devote considerable effort to achieving such an outcome.

3. Financial statement audits are an independent examination of the financial accounting and reporting of public sector entities. The results of the examination are presented in an auditor’s report, which expresses the auditor’s opinion on whether the financial statements as a whole and the information contained therein fairly present each entity’s financial position and the results of its operations and cash flows. The accounting treatments and disclosures reflected in the financial statements by the entity are assessed against relevant accounting standards and legislative reporting requirements.

4. Under section 57 of the Financial Management and Accountability Act 1997 (FMA Act), the Auditor-General is required to report each year to the relevant Minister on whether the financial statements of agencies2 have been prepared in accordance with the Finance Minister’s Orders (FMOs) and whether they give a true and fair view of the matters required by those Orders.

5. To assist agencies to manage their responsibilities, the ANAO periodically publishes better practice guides on a range of aspects of public administration. During 2012–13, the ANAO published three Better Practice Guides: Public Sector Internal Audit;Preparation of Financial Statements by Public Sector Entities;and Human Resource Management Information Systems: Risks and Controls. Better Practice Guides are well received by agencies and contribute to agencies maintaining the maturity of their internal control systems and enhancing their performance.

6. The interim phase of the audit of agencies encompasses a review of governance arrangements related to agencies’ financial reporting responsibilities, and an examination of relevant internal controls, including information technology system controls. The ANAO’s examination of these areas is designed to assess the reliance that can be placed on agencies’ internal controls to produce complete and accurate information for financial reporting purposes.

7. The audit findings in this report have been reported to the management of each agency and to the responsible Minister(s).

Developments in financial reporting and auditing frameworks

8. The Australian Accounting Standards Board (AASB) has continued to work towards improved financial reporting by adding to or modifying Australian Accounting Standards. In 2012–13, the AASB issued guidance on accounting for carbon tax, a new standard requiring government entities to report their performance against budget, and proposals to require public sector entities to disclose in their financial statements executive remuneration and other related party transactions, in line with existing standards for the private sector.

9. The International Public Sector Accounting Standards Board is developing a conceptual framework that will shape the future of its accounting standards for the public sector. Other significant international projects are also well underway, potentially changing reporting requirements in important areas such as financial instruments, revenue and leases. In the future, many changes to Australian Accounting Standards will be driven by developments internationally.

10. During 2012–13 the Australian Auditing and Assurance Standards Board released a guidance statement to assist in the application of standards to greenhouse and energy schemes and programs and issued an exposure draft of a proposed standard Assurance Engagements on General Purpose Water Accounting Reports designed to improve the quality of water accounting reports. The Board also released a policy on the harmonisation of Australian and New Zealand auditing standards.

11. Internationally, a top priority of the International Auditing and Assurance Standards Board is a project on auditor reporting that aims to enhance the relevance and usefulness of auditor’s reports to stakeholders.

Summary of audit results

Internal control in agencies3

12. A central element of the ANAO’s financial statement audit methodology, and the focus of the interim phase of ANAO audits, is a sound understanding of an agency’s responsibilities and internal controls to inform our audit approach including the reliance we may place on agency systems to produce financial statements that are free from material misstatement. To do this, the ANAO uses the framework contained in the ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment. The key elements of internal control, as discussed in ASA 315, are the control environment; the risk assessment process; the information system, including the related business processes relevant to financial reporting and communication; control activities; and monitoring of controls.

Control environment

13. The ANAO assesses whether an agency’s control environment includes measures that contribute positively to sound corporate governance in the context of the preparation of an agency’s financial statements. These measures should be designed to mitigate identified risks of material misstatement in the financial statements, and reflect the specific governance requirements of each agency.

14. The ANAO observed that agencies have in place key elements of a financial control environment designed to provide a sound basis for the effective preparation of the agency’s financial statements. Audit committees, in particular, continue to have a positive influence on the effectiveness of agencies’ control environments particularly in the areas of risk assessment, legislative compliance and financial system controls.

Risk assessment process

15. An understanding of an agency’s risk assessment processes is an essential element of the ANAO’s financial statement audits. Agencies are expected to manage the key risks specific to their environment and the interim audit phase includes a review of controls relating to risks that may have a material impact on agencies’ financial statements. Generally, the ANAO found that agencies have established formal risk assessment processes, overseen by audit committees or other committees with specific risk management responsibilities.

16. An important element of the risk assessment process common to all agencies is fraud control management. Most agencies have fraud control plans prepared in accordance with the Commonwealth Fraud Control Guidelines and have formal processes for updating these plans.

Information system

17. Information technology facilitates the way in which Australian Government agencies operate, and supports the business processes that deliver services to the Australian community.

18. Consistent with past practice, during the 2012–13 interim audits, the ANAO assessed the design and operation of key IT controls to determine the effectiveness of these controls and their impact on reducing risks affecting the integrity of financial information presented in agencies’ financial statements.

19. Following a general improvement in IT controls in 2011–11 and 2011–12, in 2012–13 there was an increase in the number of agencies where improvements were warranted in a number of IT controls. These included management of FMIS and HRMIS privileged user access, change management policy and governance, FMIS and HRMIS business continuity management, and aspects of IT security management.

Control activities

20. The results of the 2012–13 interim audit phase indicated that, overall, control activities relating to financial and accounting processes have continued to be maintained at an effective level. The total number of significant and moderate audit findings has decreased, continuing the trend over recent years. Control issues identified by the audits related to areas such as: IT general and application controls, particularly the management of user access to key financial business systems and accounting for non-financial assets, including the capitalisation and disposal of assets. A total of 124 category A, B, C and L1 findings4 were identified in the 2012–13 interim audit phase, with the majority of these findings posing a low business or financial management risk, a reduction compared with the 146 findings identified in 2011–12.

Monitoring of controls

21. Many activities undertaken by agencies contribute to their regime of monitoring controls. These include quality assurance arrangements, internal and external reviews, control self-assessment processes, and internal audit. In particular, all agencies have in place arrangements to enable Chief Executives to provide an annual Certificate of Compliance5.

22. The ANAO continues to include an assessment of compliance in relation to annual appropriations, special appropriations, special accounts and the investment of public moneys in its financial statement audits as a result of interest shown by the Joint Committee of Public Accounts and Audit in past years. The 2012–13 interim phase audits continued to identify a high level of compliance in these areas, although actual or potential breaches of section 83 of the Constitution6 continue to be identified by a number of agencies. The incidence of these actual or potential breaches has reduced significantly mainly as a result of legislative amendments to relevant legislation in late 2011–12 and during 2012–13. This matter is discussed at paragraphs 3.26 to 3.29 of chapter 3 of this report.

Agency audit findings

23. The results of the 2012–13 interim audits reflect a continuation of the reduction over recent years in the number of significant (category A) and moderate (category B) audit findings. This reflects the general stability and maturity of the control regimes in the majority of agencies and actions taken by agencies to address prior year audit findings.

24. However, as noted above, audits continue to identify control weaknesses in a number of areas such as: IT general and application controls, particularly the management of user access to key financial business systems and accounting for non-financial assets, including the capitalisation and disposal of assets.

25. Generally, agencies have been positive and timely in their response to ANAO audit findings.

26. The following is a summary of the trend in category A, B and L1 audit findings between 2011–12 and 2012–13 reported at the completion of the interim audit phase. There were:

  • no category A findings reported in 2012–13. This was a reduction from one reported in 2011–12;
  • twenty-three category B audit findings across agencies in 2012–13. This is an improvement from 31 findings reported in 2011–12;
  • increases in the number of category B audit findings in three agencies; five showed a decrease; three remained constant; and 13 agencies had no category B findings in either 2011–12 or 2012–13; and
  • eleven category L1 findings reported in 2012–13 compared to one in 2011–12.

27. A summary of category A, B and L1 audit findings by agency is provided in table 5.1 in chapter 5.

Future audit coverage

28. In completing the audits of agencies’ 2012–13 financial statements, the ANAO will complete its assessment of the effectiveness of internal controls and areas of audit focus in each agency. The summary results of this work will be reported by the ANAO in December 2013.


[1] The Finance Minister’s Orders (FMOs) made by the Minister for Finance and Deregulation set out the requirements for the preparation of financial statements of all reporting entities covered by the Financial Management and Accountability Act 1997 and the Commonwealth Authorities and Companies Act 1997.

[2] The term ‘agencies’ refers to all organisations subject to the Financial Management and Accountability Act 1997 (FMA Act). As the organisations covered by this report are ‘agencies’, this term is used predominantly in the report.

[3] The term ‘agencies’ refers to the 24 major General Government Sector agencies referred to in this report. These are listed at appendix 1.

[4] The ANAO rates its audit findings according to a risk scale. Audit findings that pose a significant business or financial management risk to the entity are rated as ‘A’. Findings that pose a moderate business or financial management risk are rated as ‘B’. Findings that pose a low business or financial management risk are rated as ‘C’. Category L1 findings are instances of potential non-compliance with the Constitution or non-compliance with key legislative requirements.

[5] Agency Chief Executives are required to certify on an annual basis their agency’s compliance with components of the Government’s financial management framework. Further details of this process are outlined at paragraphs 3.23 and 3.24 of chapter 3 of this report.

[6] Section 83 of the Constitution provides that expenditure by the Commonwealth must be in accordance with appropriations made by the Parliament.