This report is the first in the series of reports for the 2020–21 financial year and focuses on the results of the interim audits, including an assessment of entities’ key internal controls, supporting the 2020–21 financial statements audits. This report examines 25 entities, including all departments of state and a number of major Australian government entities. The entities included in the report are selected on the basis of their contribution to the income, expenses, assets and liabilities of the 2019–20 Consolidated Financial Statements.

Executive summary

1. The ANAO prepares two reports annually that provide insights at a point in time to the financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities, drawing on information collected during our audits. These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entity’s capacity to transparently discharge its duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during ANAO audits, posing a significant or moderate risk to entities’ ability to prepare financial statements free from material misstatements, are reported.

2. This report is the first in the series of reports and focuses on the results of the interim audits, including an assessment of entities’ key internal controls, supporting the 2020–21 financial statements audits. This report examines 25 entities, including all departments of state and a number of major Australian government entities. The entities included in the report are selected on the basis of their contribution to the income, expenses, assets and liabilities of the 2019–20 Consolidated Financial Statements (CFS). At the completion of interim audits for the 25 entities included in this report the ANAO noted that key elements of internal control were operating effectively for 20 entities. For five entities1, except for particular finding/s outlined in Chapter 3, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement.

Interim results and other matters

Audit committee disclosure reporting

3. The Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) sets out reporting requirements for entities in relation to their audit committees. The PGPA Rule was amended on 27 February 2020 to include changes that affect the reporting of audit committee information in a Commonwealth entity’s annual report for reporting periods beginning on or after 1 July 2019. The ANAO assessed compliance against the disclosure requirements for 182 entities subject to the PGPA Rule. This included the reporting of: a direct link to the audit committee charter; audit committee membership, knowledge and skills; meeting attendance; and member remuneration.

4. Forty five entities did not include a direct link to the audit committee charter; four entities did not report on audit committee membership; 11 entities did not report on the qualifications and skills of audit committee members; 10 entities did not report on audit committee attendance; and 41 entities did not report details of audit committee member remuneration.

Safeguarding financial information from cyber threats

5. The Protective Security Policy Framework (PSPF) contains the Essential Eight mitigation strategies including mandatory and recommended controls intended to strengthen cyber resilience and the capacity of government to mitigate cyber threats. Review of entities’ implementation and compliance with these strategies found that there continues to be limited improvement in the level of compliance with the controls since being first mandated in 2013.

Summary of audit findings

6. A total of 60 findings were reported to the entities included in this report as a result of interim audits, comprising nine moderate and 51 minor findings. This is an overall decrease in the number of findings, but an increase in moderate findings, compared to the 2019–20 interim audit results.

7. Fifty three per cent of all findings and fifty six per cent of moderate findings relate to the management of IT controls, particularly the management of privileged user access. The continued level of findings indicates that the IT control environment warrants further attention by entity management.

Reporting and auditing frameworks

Summary of developments

8. The ANAO will continue to monitor the ongoing impact of the COVID-19 pandemic on entities’ risks to assess their ability to provide sufficient and appropriate evidence for audits. ANAO’s financial auditing will continue to utilise remote access to entities’ financial systems where appropriate to complete audit procedures.

9. There are no significant changes in accounting standards applicable to Commonwealth entities for 2020–21, however Australian Auditing Standard ASA 540 Auditing Accounting Estimates and Related Disclosures was revised and re-issued with effect for the 2020–21 financial year.

10. The Auditing and Assurance Standards Boards (AUASB) has issued three revised Australian Quality Management Standards that become effective on 15 December 2022. The ANAO will review the revised standards, consider the impacts on the Quality Assurance Framework and make enhancements to the framework to ensure that it responds to the quality risks that arise in audits of public sector entities.

Cost of this report

11. The cost to the ANAO of producing this report is approximately $320,000.

1. Interim audit results and other matters

Chapter coverage

This chapter provides:

  • an overview of the ANAO’s audit approach to financial statements audits;
  • a summary of observations regarding the internal control environments of the entities included in this report;
  • observations relating to audit committee reporting against the Public Governance, Performance and Accountability Rule 2014 (PGPA Rule) requirements and the safeguarding of financial information from cyber threats; and
  • a summary of audit findings identified at the conclusion of the interim audit.
Conclusion

Key to the audit process is the ANAO’s assessment of entities’ internal control frameworks as they apply to financial reporting. An effective internal control framework provides the ANAO with a level of assurance that entities are able to prepare financial statements that are free from material misstatement. At the completion of interim audits for the 25 entities included in this report the ANAO noted that key elements of internal control were operating effectively for 20 entities. For five entities2, except for particular finding/s outlined in Chapter 3, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement.

Analysis of 182 annual reports identified a number of entities did not comply with the PGPA Rule disclosure requirements for audit committees. Forty five entities did not include a direct link to the audit committee charter; four entities did not report on audit committee membership; 11 entities did not report on the qualifications and skills of audit committee members; 10 entities did not report on audit committee attendance; and 41 entities did not report details of audit committee member remuneration.

The Protective Security Policy Framework (PSPF) contains the Essential Eight mitigation strategies including mandatory and recommended controls intended to strengthen cyber resilience and the capacity of government to mitigate cyber threats. The risk of compromise to information relevant to the preparation of financial statements continues while compliance with PSPF cyber security requirements remains low.

A total of 60 findings were reported to the entities included in this report as a result of interim audits, comprising nil significant, nine moderate and 51 minor findings. This is an overall decrease in the total number of findings but an increase in the number of moderate findings compared to the 2019–20 interim audit results, which reported eight moderate and 65 minor findings.

Fifty six per cent of moderate findings continue to be in the areas of; management of IT controls, particularly the management of privileged users, and compliance and quality assurance frameworks supporting program payments. These areas warrant further attention by entity management.

Introduction

1.1 The ANAO publishes an Annual Audit Work Program (AAWP) each financial year. The purpose of the AAWP is to inform the Parliament, the public and government sector entities of the ANAO’s planned audit coverage for Australian Government entities by way of financial statements audits, performance audits and other assurance activities.

1.2 The financial statements audit coverage, as outlined in the AAWP, includes presenting two reports to the Parliament addressing the outcomes of the financial statements audits of Australian Government entities and the Consolidated Financial Statements (CFS) of the Australian Government. These reports provide Parliament with an independent examination of the financial accounting and reporting of Commonwealth public sector entities.

1.3 This report focuses on the results of the interim audits of 25 entities including an assessment of key internal controls supporting the 2020–21 financial statements. The assessment includes a review of the governance arrangements related to entities’ financial reporting responsibilities and the design and implementation of key internal controls relating to significant business processes. Where the auditor plans to rely upon key controls for assurance that financial statements are free from material misstatement, the controls are tested for operating effectiveness. Testing of controls during the interim audit phase allows the ANAO to form a conclusion on the operating effectiveness of those controls for the period up to the date of testing. During the final phase of the 2020–21 financial statements audit, the ANAO completes testing over the operating effectiveness of those controls intended to be relied upon, and also controls not assessed at interim. The second report presents the final results of the financial statements audits of the CFS and all Australian Government entities.

1.4 The entities included in this report are those entities that contribute significantly to the three sectors of the CFS: the General Government Sector (GGS), Public Non-Financial Corporation (PFNC) sector and Public Financial Corporation (PFC) sector. A listing of these entities is provided in Appendix 1.

1.5 The ANAO conducts its financial statements audits in four phases: planning, interim, final and completion. Figure 1.1 outlines the key elements of each phase.

Figure 1.1: ANAO financial statements audit process

Figure 1.1 outlines the ANAO financial statements audit process.  The four phases and the purpose of each phase is as follows: Planning – understanding the entity and design an audit approach. Interim - Initial assessment of controls. Final - final assessment of controls, material balances and disclosures. Completion - issue the Auditor’s report.  Throughout all four phases of the financial statements audit the ANAO also considers observations and recommendations arising from performance audits.  At the Completion of the audit phases, the relevant Minister tables a copy of the annual report, incorporating the Auditor’s report, in Parliament, as well as the Minister releasing the Consolidated Financial Statements including the Auditor’s Report.

Source: ANAO data.

1.6 A central element of the ANAO’s financial statements audit methodology, and the focus of the planning phase of ANAO audits, is a sound understanding of an entity’s environment and internal controls relevant to assessing the risk of material misstatement in the financial statements. This understanding informs the ANAO’s audit approach, including the reliance that may be placed on entity systems to produce financial statements that are free from material misstatement.

1.7 In accordance with generally accepted auditing practice, the ANAO accepts a low level of risk that an audit will fail to detect the financial statements are materially misstated. This low level of risk is accepted because it is too costly to perform an audit that is predicated on no level of risk. An understanding of the entity, its environment and its controls, helps the ANAO design the required work and respond to risks that bear on financial reporting. The key areas of financial statements risks identified through this planning approach are discussed in Chapter 3 for each entity included in this report.

1.8 A key component of understanding the entity and its environment is to understand the governance arrangements established by its accountable authority.3 Accountable authorities of all Commonwealth entities and companies subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act) are required to govern their entity in a way that promotes the proper use and management of public resources, the achievement of the purposes of the entity and the entity’s financial sustainability.

1.9 The development and implementation of effective corporate governance arrangements and internal controls should be designed to meet the individual circumstances of each entity. These processes also assist in the orderly and efficient conduct of the entity’s business and compliance with applicable legislative requirements, including the preparation of annual financial statements that present fairly the entity’s financial position, financial performance and cash flows.

Understanding the entity

1.10 The ANAO uses the framework in the Australian Auditing Standards (ASA) 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment to consider the impact of different elements of an entity’s internal controls that support the preparation of financial statements. This approach provides a basis for designing and implementing the audit work program that reflects the ANAO’s assessment of the risk of material misstatement. Deficiencies in the internal control framework increase the requirement of the ANAO to perform additional audit work in the final audit phase. Figure 1.2 outlines these elements.

Figure 1.2: Elements of entity internal controls

Figure 1.2 outlines the 5 elements of an entities internal control framework consisting of: Control Environment; Risk Assessment; Monitoring; Information Systems; and Control Activities, as per ASA 315.

Source: ASA 315 Identifying and assessing the risk of material misstatement through understanding the entity and its environment, paragraph A59.

1.11 This chapter discusses each of these elements and outlines observations based on the ANAO’s review of aspects of each entity’s internal controls, relevant to the risk of material misstatement to the financial statements, including the detailed results of the interim audits.

1.12 At the completion of the interim audits for the 25 entities included in this report, the ANAO noted that key elements of internal control were operating effectively for 20 entities. For the remaining five4 entities, except for particular finding/s outlined in Chapter 3, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement.

1.13 The key elements of internal control for the full financial year will be assessed in conjunction with additional audit testing during the 2020–21 final audits.

Control environment

1.14 The PGPA Act sets out the requirements to establish and maintain systems relating to risk and control. Section 16 of the PGPA Act states that:

The accountable authority of a Commonwealth entity must establish and maintain:

a) an appropriate system of risk oversight and management for the entity; and

b) an appropriate system of internal control for the entity.

including by implementing measures directed at ensuring officials5 of the entity comply with finance law.6

1.15 An effective control environment is underpinned by a fit-for-purpose governance structure. Indicators of an effective governance structure include whether management has established frameworks and processes that promote positive attitudes, awareness and actions concerning the entity’s internal controls and their importance in the entity. The main elements reviewed included: governance structures relevant to the preparation of the financial statements; audit committee and assurance arrangements; systems of authorisation; and processes for recording financial transactions.

1.16 All entities included in this report have established audit committees consisting of a majority of members which were assessed by the entity to be independent. All entities have an audit committee charter that is consistent with their obligations under subsection 17(2) of the PGPA Rule. Each entity has appointed an independent audit committee chair.

1.17 All entities have established executive management committees and/or sub-committees that meet at least monthly, which support financial decision making at the strategic and operational levels.7 Consideration of financial reporting was included on the agendas of all 25 entities’ executive and audit committees. The financial information provided to the entities’ executives was supplemented by non-financial operational information.

1.18 Clear lines of accountability and reporting are important in establishing a strong internal control environment for the purposes of preparing the financial statements. The involvement of those charged with governance is an important element of these structures. Just as important is ensuring that staff at all levels understand their own role in the control framework. This can be achieved through the issuance of accountable authority instructions and delegation instruments. All entities have established accountable authority instructions and delegations reflecting current business arrangements.

Audit committee reporting requirements

1.19 The PGPA Act requires audit committees to be established for all Commonwealth entities and Commonwealth companies.8 An independent audit committee is a fundamental principle of good governance9 and provides independent advice and assurance to the entity’s accountable authority. The audit committee plays a key role in assisting the accountable authority to fulfil its governance, risk management and oversight responsibilities through the provision of independent assurance and advice.

1.20 Section 17 of the PGPA Rule sets out the minimum requirements relating to the audit committee of a Commonwealth entity. The key requirements of the PGPA Rule include:

  • a written charter, set by the accountable authority, determining the functions of the audit committee for the entity;
  • the functions must include reviewing the appropriateness of the accountable authority’s financial reporting, performance reporting, system of risk oversight and management and system of internal control for the entity;
  • the membership of the committee10 to include at least three persons with appropriate qualifications, knowledge, skills or experience to assist the committee to perform its functions; and
  • persons that must not be a member of the audit committee are: the accountable authority or, if the accountable authority has more than one member, the head of the accountable authority; the Chief Financial Officer; and the Chief Executive Officer.

1.21 The PGPA Rule was amended on 27 February 2020 to include changes that affect the reporting of audit committee information in a Commonwealth entity’s annual report.11 The reporting requirements applied to annual reports for reporting periods beginning on or after 1 July 2019 and include the following information:

  • a direct electronic address of the charter determining the functions of the audit committee;
  • the name of each member of the audit committee during the period;
  • the qualifications, knowledge, skills or experience of those members;
  • information about each of those members’ attendance at meetings of the audit committee during the period; and
  • the remuneration of each of those members.

1.22 The ANAO reviewed the 2019–20 annual reports of 182 of the 187 Commonwealth entities subject to the reporting requirements of the PGPA Rule.12 In undertaking the analysis of reporting requirements, the ANAO has considered the annual report published on an entity’s website and the annual report on the transparency portal where the entity has included a link from its website.

Disclosure of audit committee charters

1.23 The PGPA Rule requires entities to provide a direct electronic address of the charter determining the functions of the audit committee in the annual report. Finance guidance notes that the address needs to allow the entity’s charter to be publicly available.13 For the purposes of this analysis, the ANAO has considered a direct link to be where it opens either the audit committee charter or the webpage where the charter is found on the entity website.

1.24 Table 1.1 provides details on the number of entities that included a working direct electronic address of the audit committee charter.

Table 1.1: Direct electronic link to audit committee charter

Type of entity

Reported

Not reported

Non-corporate Commonwealth entities

80

14

Corporate Commonwealth entities

49

21

Commonwealth companies

8

10

Total

137

45

     

Source: ANAO analysis of 2019–20 annual reports and websites of Commonwealth entities and companies as at 30 April 2021.

1.25 Five of the 14 non-corporate Commonwealth entities that did not include a direct link to the audit committee charter, were material to the 2019–20 Consolidated Financial Statements (CFS) of the Australian Government. These entities were the Australian Securities and Investments Commission, Department of Social Services, Department of the Treasury, National Blood Authority and National Indigenous Australians Agency. The Department of Social Services included a link to the audit committee charter in the version of the annual report on the transparency portal, but the annual report on the transparency portal was not linked from the entity website.

1.26 Three of the 21 corporate Commonwealth entities that did not include a direct link to the audit committee charter were material to the CFS and included: Australian Postal Corporation; Indigenous Land and Sea Corporation; and National Gallery of Australia.

1.27 Four of the 10 Commonwealth companies, that did not include a direct link to the audit committee charter, were material to the CFS. The entities were ASC Pty Ltd; Australian Rail Track Corporation Limited; NBN Co Limited (NBN Co) and Western Sydney Airport Co Ltd. The ASC Pty Ltd included a working link to the audit committee charter in the version of the annual report on the transparency portal, but the annual report on the transparency portal was not linked from the entity website.

1.28 Where entities did not include a direct link to the audit committee charter the ANAO searched the relevant entities’ websites to identify if the audit committee charter had been published. Two non-corporate Commonwealth entities14, five corporate Commonwealth entities15 and one Commonwealth company16 did not have an audit committee charter available on their website. The ANAO has confirmed as part of the financial statements audit that all entities have an audit committee charter which meets the requirements of the PGPA Rule.

Disclosure of audit committee membership

1.29 The PGPA Rule requires entities to disclose the name of each member of the audit committee during the reporting period. Where an entity was subject to machinery of government changes within the reporting period, all members from both the abolished and newly established entities are required to be reported. 17

1.30 Table 1.2 summarises the number of entities that included the name of each audit committee member in the entity annual report.

Table 1.2: Audit committee membership disclosures

Type of entity

Reported

Not reported

Non-corporate Commonwealth entities

92

2

Corporate Commonwealth entities

70

-

Commonwealth companies

16

2

Total

178

4

     

Source: ANAO analysis of 2019–20 annual reports of Commonwealth entities and companies.

1.31 The non-corporate Commonwealth entities18 and Commonwealth companies19 that did not report the name of each member of the audit committee were not material to the CFS.

1.32 A number of independent audit committee members provided their skills and experience to multiple Commonwealth audit committees during the 2019–20 financial year. A single individual was a member on audit committees for 18 entities20, with another individual a member on audit committees for 12 entities21. A further two individuals were members on audit committees for 11 entities respectively.

Disclosure of qualifications, knowledge, skills or experience of each audit committee member

1.33 Entities are required to provide information on the qualifications, knowledge, skills and experience of each member of the audit committee. The PGPA rule does not include details of the specific disclosure required, however this disclosure provides the opportunity for entities to demonstrate that the audit committee has the appropriate qualifications, knowledge, skills and experience to fulfil the legal requirements of the audit committee.22 Table 1.3 details the number of entities that have reported audit committee members qualifications, knowledge, skills and/or experience.

Table 1.3: Qualifications, knowledge, skills or experience of each member

Type of entity

Reported

Not reported

Non-corporate Commonwealth entities

92

2

Corporate Commonwealth entities

65

5

Commonwealth companies

14

4

Total

171

11

     

Source: ANAO analysis of 2019–20 annual reports of Commonwealth entities and companies.

1.34 The non-corporate Commonwealth entities23 and corporate Commonwealth entities24 that did not report the qualifications, skills or experience of members in line with the PGPA Rule were not material to the CFS. Of the four Commonwealth companies that did not report on each audit committee members’ skills and experience, NBN Co was material to the CFS.25

Disclosure of attendance at audit committee meetings

1.35 Entities are required to report information relating to each member’s attendance at audit committee meetings during the reporting period. Table 1.4 summarises the number of entities that reported this information.

Table 1.4: Details of member attendance at audit committee meetings

Type of entity

Reported

Not reported

Non-corporate Commonwealth entities

90

4

Corporate Commonwealth entities

68

2

Commonwealth companies

14

4

Total

172

10

     

Source: ANAO analysis of 2019–20 annual reports of Commonwealth entities and companies.

1.36 The National Archives of Australia was the only material entity of the four non-corporate Commonwealth entities that did not report audit committee meeting attendance for each member of the committee.26 Two non-material corporate Commonwealth entities27 and four non-material Commonwealth companies did not report member audit committee meeting attendance.28

1.37 For non-corporate Commonwealth entities, on average there were 4.3 audit committee meetings during the year. For corporate Commonwealth entities, the average number of audit committee meetings held during the year was 4.0 and Commonwealth companies held an average of 4.0 audit committee meetings for the year.

Disclosure of remuneration of audit committee members

1.38 The remuneration of each member of the audit committee must be disclosed in the annual report. Only the remuneration that members receive for being on the audit committee during the reporting period should be reported. The Department of Finance (Finance) provided further guidance that entities should not report the total amount received by the member for all duties performed and where members are not remunerated, a nil figure should be disclosed.29

1.39 Corporate Commonwealth entities and Commonwealth companies usually have audit committee members that are directors of the Board. The remuneration of the board members is required to be disclosed in annual reports. The ANAO noted that most corporate Commonwealth entities and Commonwealth companies separately disclosed audit committee remuneration. For the purposes of this analysis, where there was no specific disclosure relating to the audit committee remuneration, the entity has been assessed as not reporting against the PGPA Rule. Table 1.5 outlines the reporting on audit committee member remuneration.

Table 1.5: Audit committee member remuneration

Type of entity

Reported

Not reported

Non-corporate Commonwealth entities

89

5

Corporate Commonwealth entities

44

26

Commonwealth companies

8

10

Total

141

41

     

Source: ANAO analysis of 2019–20 annual reports of Commonwealth entities and companies.

1.40 Of the five non-corporate Commonwealth entities that did not report audit committee remuneration, the Future Fund Management Agency was material to the CFS.30 There were 26 corporate Commonwealth entities that did not disclose specific member remuneration for one or more of their members and five were material to the CFS: Airservices Australia; Australian Hearing Services; Australian Nuclear Science Technology Organisation; Clean Energy Finance Corporation and Defence Housing Australia.31

1.41 The Australian Naval Infrastructure Pty Limited, Australian Rail Track Corporation, Moorebank Intermodal Company Limited and NBN Co Limited were the material Commonwealth companies that did not report on remuneration specific to the audit committee.32

1.42 Analysis was performed over the remuneration information disclosed to determine the average remuneration and average number of members per audit committee. Table 1.6 shows the average remuneration for an audit committee33 and the average number of members for an audit committee.34

Table 1.6: Average audit committee remuneration for entities that reported remuneration

Type of entity

Average audit committee remuneration

Average number of members

Non-corporate Commonwealth entities

$44,876

5.0

Corporate Commonwealth entities

$29,941

4.3

Commonwealth companies

$24,612

3.6

     

Source: ANAO analysis of 2019–20 annual reports of Commonwealth entities and companies.

1.43 The lower average audit committee remuneration for corporate Commonwealth entities and Commonwealth companies is consistent with audit committee membership including directors of these entities.

1.44 The non-corporate Commonwealth entity with the highest total audit committee remuneration was Services Australia at $283,982. Eight non-corporate Commonwealth entities did not have audit committee remuneration costs.35 The corporate Commonwealth entity with the highest total audit committee remuneration was Australian Digital Health Agency at $103,842 and the lowest was the National Museum of Australia at $1,254. The Commonwealth company with the highest total audit committee remuneration was the Australia Business Arts Foundation Ltd at $54,060.

1.45 The average remuneration paid for an audit committee was $44,876 for the 89 non-corporate Commonwealth entities that reported remuneration. For the 44 corporate Commonwealth entities that reported remuneration, the average remuneration paid for an audit committee was $29,941. For the eight Commonwealth companies that reported remuneration, the average remuneration paid for an audit committee was $24,612.

1.46 Non-corporate Commonwealth entities had an average of 5.0 members per audit committee with corporate Commonwealth entities having an average of 4.3 members per committee. Commonwealth companies had an average of 3.6 members per audit committee.

1.47 Table 1.7 shows the highest remuneration paid for a single audit committee chair and a single member that held a position during the year. The table also shows the average remuneration paid to audit committee chairs and to audit committee members.

Table 1.7: Highest and average remuneration paid for entities that reported remuneration36

Type of entity

Highest chair remuneration

Highest member remuneration

Average chair remuneration

Average member remuneration

Non-corporate Commonwealth entities

$109,254

$61,479

$20,930

$7,688

Corporate Commonwealth entities

$40,425

$41,633

$9,927

$5,029

Commonwealth companies

$22,430

$18,020

$10,956

$5,009

         

Source: ANAO analysis of 2019–20 annual reports of Commonwealth entities and companies.

1.48 For non-corporate Commonwealth entities the highest remuneration paid to an audit committee chair was $109,254 for Services Australia and there were fifteen entities that reported nil remuneration paid to the audit committee chair. The average remuneration for a non-corporate Commonwealth entity audit committee chair was $20,930 and for a member was $7,688.

1.49 For corporate Commonwealth entities the highest remuneration paid to an audit committee chair was $40,425 for the Australian Commission on Safety and Quality in Health Care and there were seventeen entities that reported nil remuneration paid to the audit committee chair. The average remuneration for a corporate Commonwealth entity audit committee chair was $9,927 and for a member was $5,029.

1.50 For Commonwealth companies the highest remuneration paid to an audit committee chair was $22,430 for Snowy Hydro Limited and there were two entities that reported nil remuneration paid to the audit committee chair. The average remuneration for a Commonwealth company audit committee chair was $10,956 and for a member was $5,009.

Controls report entity audit committee analysis37

1.51 Further detailed analysis was undertaken on the membership and remuneration results of the audit committees of the 25 entities included in this report. This analysis highlighted that the number of audit committee members varied between entities - ranging from 12 members on the Department of Education, Skills and Employment to three members on the Snowy Hydro Limited audit committee.38

1.52 Amendments made to the PGPA Rule in 2020 also included changes to the member composition of an audit committee. The new members’ composition requirements for all Commonwealth entities will apply on or after 1 July 2021 and include:

  • for a non-corporate Commonwealth entity, all of the members of the audit committee must be persons who are not officials of the entity; and a majority of the members must be persons who are not officials of any Commonwealth entity; and
  • for a corporate Commonwealth entity, all of the members of the audit committee must be persons who are not employees of the entity.39

1.53 Figure 1.3 shows the total number of audit committee members by entity, including whether the member was independent or a management representative. The analysis also demonstrates that there are a varying number of management members on audit committees with a total of 49 management members across the entities included in this report.

Figure 1.3: Number of audit committee member positions during the year by entity – independent and management

Figure 1.3 shows the number of audit committee member positions during the year by entity – independent versus management.

Source: ANAO analysis of 2019–20 annual reports.

1.54 Entities are required to report all audit committee members for the 2019–20 year. Where an entity underwent a machinery of government change during the year, all audit committee members are required to be reported. This includes all members from abolished entities. During the 2019–20 year the Department of Agriculture, Water and the Environment reported the audit committee members of the former Department of Agriculture and the former Department of the Environment and Energy. The Department of Education, Skills and Employment reported the audit committee members of the former Department of Education and the former Department of Employment, Skills, Small and Family Business. The Department of Infrastructure, Transport, Regional Developments and Communications reported the audit committee members of the former Department of Communications and the Arts and the former Department of Infrastructure, Transport, Cities and Regional Development.

1.55 Six of the 25 audit committees consisted entirely of independent members. The remaining 19 entities had a combination of management and independent members for the 2019–20 financial year.

1.56 The total remuneration paid for an audit committees as well as the remuneration paid to a chair also varies significantly between the entities. Figure 1.4 shows the total remuneration paid for each audit committee along with the remuneration paid to the chair.

Figure 1.4: Audit committee chair remuneration as a component of total member remuneration for an entity audit committee

Figure 1.4 shows audit committee remuneration as a component of total member remuneration for an entity audit committee.

Note a: The Departments of: Agriculture, Water and the Environment; Education, Skills and Employment; and Infrastructure, Transport, Regional Development and Communications were subject to machinery of government changes during the 2019–20 financial year. These entities reported all members that served on the audit committee during the year.

Note b: The chair remuneration reported by the Department of Home Affairs includes the total remuneration paid to the two members that held the role of chair during the year including for the part of the year where they were not the chair. The remuneration for each role held during the year is not separately disclosed.

Source: ANAO analysis of 2019–20 annual reports.

1.57 The highest total remuneration of $283,982 is paid to the Services Australia audit committee with the lowest total remuneration of $23,170 paid to the Department of Parliamentary Services audit committee.40 The highest paid audit committee chair was on the Services Australia audit committee and received $109,254. The lowest paid chair was on the Department of Parliamentary Services and received $12,200.

1.58 Of the 23 entities that paid remuneration, the Department of Health audit committee chair was the highest remunerated as a percentage of the total audit committee remuneration at 67%. The Department of Infrastructure, Transport, Regional Development and Communications audit committee chair was paid the lowest as a percentage of the total audit committee remuneration at 26%.

Risk assessment processes

1.59 Section 16 of the PGPA Act sets out an accountable authority’s responsibilities in regard to the establishment of appropriate risk oversight and management in an entity. An understanding of an entity’s process to identify and manage risk is essential to an effective and efficient financial statements audit. A review of this process is done to assist the ANAO to understand how entities identify and manage risks relating to financial statements and assess the risk of material misstatement to an entity’s financial statements.

1.60 All entities included in this report have a process to develop and update risk management plans at the organisational and strategic risk levels. In addition, each entity has developed processes for the identification and notification of risks relevant to financial statements preparation either as part of the overall risk management plan, or through a targeted risk identification exercise. The monitoring of risks, and the entities’ implementation of risk management strategies was typically assigned to either an executive committee and/or the audit committee.

Monitoring of controls

1.61 Entities undertake many types of activities as part of their monitoring of control processes, including external reviews, self-assessment processes, post-implementation reviews and internal audits. The level of review of these activities by the ANAO is determined through a risk assessment approach that takes into consideration the nature, extent and timing of each activity and the activities application to the preparation of the financial statements.

Internal Audit

1.62 As part of the financial statements audit coverage, internal audit is reviewed to gain an understanding of its role and activities in the entity. Where an internal audit function has been established it can play an important role in providing assurance to the accountable authority that the internal control framework is operating effectively. Entities are encouraged to identify opportunities to leverage internal audit coverage as a means of providing increased assurance to accountable authorities to support their opinion on the entity’s financial statements.

1.63 The extent to which the work of internal audit may be able to be used, in a constructive and complementary manner, varies between entities and is more likely to occur where internal audit work is focused on financial controls and legislative compliance. The ANAO is expecting to rely upon the work of internal audit for a number of entities.41 If the ANAO is anticipating to use the work of internal audit, in accordance with ASA 610 Using the Work of Internal Auditors, the ANAO is required to assess whether the internal audit function has: appropriate organisational status; relevant policies and procedures to support its objectivity; an appropriate level of competence; and whether the internal audit function applies a systematic and disciplined approach in the execution of their work including quality control.

1.64 When it is determined that the work of internal audit can be used to support an effective audit approach, additional work is performed to confirm its adequacy to support the external audit. This will include confirmation that the scope of the work is appropriate, that there is sufficient evidence to support the conclusions drawn and selected re-performance of internal audit’s testing.

1.65 For the entities included in this report, it was observed that internal audit coverage is based on an internal audit plan that is aligned with entities’ risk management plans and includes combinations of audits that address assurance, compliance, performance improvements and IT systems reviews.42 In addition, suggested topics from management, audit committees and external sources, such as the ANAO’s planned performance and financial statement coverage, are factors considered in the development of internal audit work plans.

Safeguarding financial information from cyber threats

1.66 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to consider and implement the Australian Signals Directorate’s (ASD) Essential Eight mitigation strategies (Essential Eight).43 The initial requirements were defined in 2013 and are now specified in PSPF Policy 10, “Safeguarding information from cyber threats” (Policy 10).44 The Essential Eight is considered the baseline for cyber resilience within the Australian Government and provides advice on measures that entities can implement to mitigate cyber threats.45

1.67 Policy 10 requires each non-corporate Commonwealth entity to:

  1. implement the following Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents:46
    • application control;47
    • patching applications;48
    • restricting administrative privileges;49 and
    • patching operating systems.
  2. consider which of the remaining mitigation Strategies from the Strategies to Mitigate Cyber Security Incidents50 need to be implemented to protect the entity.51

    1.68 Since 2013, the ANAO has conducted a series of performance audits focussed on assessing entities’ implementation of the PSPF cyber security requirements. These performance audits continue to identify low levels of compliance with mandatory PSPF cyber security requirements and concerns in annual self-assessments by entities. The ANAO has reported its concern that there was no evidence through the series of audits that the regulatory framework had driven sufficient improvement in entities mitigating their cyber security risks since 2013.

    1.69 The Australian Cyber Security Centre (ACSC) was provided funding through the 2019 ‘Cyber Uplift’ budget measure52, to strengthen the cyber security of Australian Government networks through enhanced technical guidance, improved verification, and increased transparency and accountability. The Cyber Uplift measure included a ‘sprint’ program which was focussed on assessing and baselining the maturity of 25 Commonwealth entities’ implementation of the Essential Eight. The sprint program also resulted in ACSC identifying additional measures for entities to strengthen their cyber security posture as a result of the program.

    1.70 In 2020–21, the ANAO performed a review of the 2019–20 Policy 10 annual self-assessment as part of its assurance audit program of financial statements. This review focussed on the protection of information relevant to the preparation of financial statements, specifically the Financial Management Information System (FMIS) and Human Resource Management Information Systems (HRMIS). The review was performed on 18 of the 2053 entities included in this report, which are required to report annually against the Policy 10 requirements.54 The review was undertaken to review the evidence supporting the self-assessment and reporting, and to identify cyber security risks that may impact on the preparation of financial statements. The review consisted of analysis of policy and procedural documentation, testing of some Essential Eight mitigation strategies specific to the FMIS and HRMIS, review of results of sprint assessments and interviews with entity personnel.

    1.71 The ANAO noted improvements in reported maturity levels since the 2019–20 assessment, particularly with ‘Patching Operating Systems’, ‘User Application Hardening’, ‘Macro controls’ and ‘Daily Backups’. Figure 1.5 shows the maturity levels for each Essential Eight mitigation strategy in 2018–19 and 2019–20.

    Figure 1.5: Compliance with the PSPF Policy 10 Requirements

    Figure 1.5 shows compliance with the PSPF Policy 10 requirements against the essential eight mitigation strategies.

    Source: ANAO data

    1.72 Three entities had significantly improved the maturity levels of the majority of Essential Eight mitigation strategies. These three entities had established regular maturity assessments of Essential Eight mitigation strategies and prioritised the implementation of PSPF Policy 10 requirements, including the implementation of other mitigation strategies.

    1.73 One entity significantly lowered its maturity since last year’s assessment. The lower maturity resulted from poor monitoring of security controls, specifically controls that are managed by another party.

    1.74 Although reported improvements were observed, the ANAO found the reported maturity levels for most entities were still significantly below the Policy 10 requirements. Of the 18 entities assessed, only five had self-assessed as achieving a Managing maturity level. ANAO found that only one of these entities had appropriate evidence to support the self-assessment. In each of the other cases, entities were not able to demonstrate evidence to support their self-assessments as required by the PSPF, or ANAO testing did not support the assessment that the mandatory Policy 10 requirements were fully implemented. Further, the ANAO considered some entities to have met the Policy 10 requirements, however, entities had reported as not fully implementing the mitigation strategy. The entities attributed the differences in the assessments to the interpretation of the scope and intent of the requirements. This is consistent with previous ANAO performance audit findings and indicates that measures taken to address this are not yet fully effective.

    1.75 The lowest level of compliance continues to be with the Patching Applications, Multi-Factor Authentication and User Application Hardening55 controls. Reported compliance with Macro controls has improved since last year’s assessment.

    1.76 Although most entities had plans to improve Patching Applications and User Application Hardening controls by July 2020, entities are still not achieving a Managing maturity level. The number of applications in entities’ systems and identifying all applicable hardening controls for specific applications continues to be the key issue with implementing this mitigation strategy. Some entities have also stated that the Patching Applications requirements are not achievable and have chosen to implement other mitigation strategies to address the related cyber threats.

    1.77 Restricting macros56 was reported to be difficult as users continue to rely heavily on macros to perform business activities. Entities continue to differ in their maturity of addressing the risks associated, with some entities reporting difficulties with monitoring the use of macros in their environments. The improvements in this year’s assessment have been attributed to some entities completing their cyber security implementations of Macro controls.

    1.78 For Multi-Factor Authentication57 to be assessed at the Managing maturity level, multi-factor authentication needed to be used to authenticate all users when accessing sensitive data. Entities continue to find the process of organising/distributing multi-factor authentication tokens for all users to be an onerous process, and most have accepted the risk and focused on achieving the Developing maturity level. Entities continue to prioritise multi-factor controls for remote access and privileged users, rather than all users.

    1.79 Most entities conducted their self-assessment at a system or environment level, and did not specifically assess the controls required to minimise cyber risks to their FMIS or HRMIS applications. Entities viewed the risk to its financial information as equivalent to the risks to its overall environment. The entities prioritised the protection of the environment which hosts the FMIS and HRMIS applications.

    1.80 The ANAO found that the number of assessed entities that reported an Ad-hoc or Developing maturity level had not changed since last year’s assessment. Only one of the entities reviewed is meeting the required Policy 10 maturity level.

    1.81 The PSPF cyber security requirements have been in place since 2013. Entities’ inability to meet these requirements indicates a weakness in implementing and maintaining strong cyber security controls over time.

    1.82 Previous audits of cyber security by the ANAO to assess the entities’ implementation of PSPF cyber security requirements have not found an improvement in the level of compliance with the controls over time. The work undertaken as part of this review indicates that this pattern continues, with limited improvements.

    1.83 The Joint Committee of Public Accounts and Audit (JCPAA) Report 485 Cyber Resilience (2020)58, Auditor-General Report No.53 (2017–18) Cyber Resilience59 and Auditor-General Report No.32 Cyber Security Strategies of Non-Corporate Commonwealth Entities (2020–21)60 recommended strengthening of arrangements for verifying self-assessment results and accountability for the implementation of mandatory cyber security requirements.

    1.84 While entities’ compliance with PSPF cyber security requirements remains low, there continues to be the risk of compromise to information relevant to the preparation of financial statements.

    Interim audit results

    1.85 Audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Often these risks arise from deficiencies within an entity’s internal control processes or frameworks. Weaknesses in internal controls increase the possibility that a material misstatement of an entity’s financial statements will not be prevented or detected in a timely manner. The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The rating scale is presented in Table 1.8.

    Table 1.8: Findings rating scale

    Rating

    Description

    Significant (A)

    Issues that pose a significant business or financial management risk to the entity. These include issues that could result in a material misstatement of the entity’s financial statements.

    Moderate (B)

    Issues that pose a moderate business or financial management risk to the entity. These may include prior year issues that have not been satisfactorily addressed.

    Minor (C)

    Issues that pose a low business or financial management risk to the entity. These may include accounting issues that, if not addressed, could pose a moderate risk in the future.

       

    1.86 A summary of all significant, moderate and minor audit findings reported at the conclusion of the interim audit phase across the past four financial years is presented in Figure 1.6 below.

    Figure 1.6: Trend in aggregate interim audit findings 2017–18 to 2020–21

    Figure 1.6 shows the trend in aggregate interim audit findings from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data.

    1.87 The findings have been classified into to broad categories as follows:

    • IT control environment;
    • compliance and quality assurance frameworks;
    • accounting and control of non-financial assets;
    • revenue, receivables and cash management processes;
    • human resources financial processes;
    • purchases and payables management; and
    • other audit findings.

    Table 1.9: Audit findings by category for the 2020–21 interim period

    Category

    Significant

    Moderate

    Minor

    Main areas of weakness

    IT control environment

    5

    27

    • security management, particularly management of user access and monitoring of privileged users.

    Compliance and quality assurance frameworks

    2

    6

    • appropriate quality assurance frameworks supporting financial reporting; and
    • compliance frameworks for program payments.

    Accounting and control of non-financial assets

    1

    5

    • processes supporting the valuation and impairment of assets; and
    • completeness and accuracy of fixed asset registers.

    Revenue, receivables and cash management

    • prior year weakness related to timeliness and accuracy of reconciliations.

    Human resources financial processes

    5

    • monitoring of controls over payroll processing and reporting; and
    • review processes supporting employee commencements and terminations.

    Purchases and payables management

    1

    3

    • timeliness and completeness of reconciliations;
    • authorisation of expenditure; and
    • credit card acquittals.

    Other audit findings

    5

    • monitoring of clearing accounts and journal approvals;
    • risk assessments; and
    • completeness and accuracy of information used for financial reporting purposes.

    Total

    9

    51

    60

             

    Source: Compilation of ANAO interim audit findings.

    Information Technology Control Environment

    1.88 The review of information systems and related controls is an integral part of an entity’s control environment. This section summarises the results from interim tests of the operating effectiveness of general IT controls for each of the entities included in this report.

    1.89 Figure 1.7 demonstrates the trends in interim audit findings related to entities’ overall IT control environments from 2017–18 to 2020–21. At the time of this report, testing of the operating effectiveness of IT controls had not been completed for eight entities and therefore the results reported here may not include all IT control environment findings for 2020–21. 61

    Figure 1.7: IT control environment interim audit findings 2017–18 to 2020–21

    Figure 1.7 details the number of IT control environment findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data.

    1.90 Findings related to entities’ IT control environments represent 53 per cent of total findings identified during the 2020–21 interim period. IT control environment findings continue to represent the highest proportion of all findings. Three new moderate finding were reported in 2020–21, which is an increase of two from the previous year. Further detail regarding the new findings is detailed in chapter 3 for the Department of Social Services and the National Disability Insurance Scheme Launch Transition Agency (NDIA). Two moderate findings were carried over from the previous year.62

    1.91 The information systems control environment findings reported at the conclusion of the 2019–20 interim audits for entities included in this report have been grouped as follows:

    • IT security;
    • IT change management; and
    • disaster recovery arrangements.
    IT security

    1.92 IT security is concerned with protecting an entity’s information assets from internal and external threats. It includes controls to prevent or detect unauthorised access to systems, programs and data. In the context of the financial statements audit, the focus is on the financially significant systems and data only.

    1.93 The key controls areas that address risks relating to IT security and that are assessed as part of the interim audit are:

    • IT security governance;
    • general and privileged user access; and
    • monitoring and reporting.

    1.94 Figure 1.8 illustrates the trends in findings observed in entities’ IT security arrangements between 2017–18 and 2020–21.

    Figure 1.8: IT security interim audit findings 2017–18 to 2020–21

    Figure 1.8 details the number of IT security findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Note: The comparative numbers in this figure have been updated to include findings previously categorised as IT application controls which related to IT security.

    Source: ANAO data.

    1.95 The IT security findings represent 81 per cent of all IT-related findings reported in 2020–21. Five moderate findings were reported in the current year (2019–20: three). Further details of the moderate findings are detailed in chapter 3.63 Findings related to:

    • logging and monitoring of privileged user activity;
    • user access management, including approving new user access and performing regular user access reviews;
    • removal of user access when it is no longer required;
    • password configuration; and
    • the overall governance and assurance framework to support the above activities.

    1.96 Users with administrative access privileges, commonly referred to as privileged users, are able to make significant changes to IT systems’ configuration and operation, bypass critical security settings and access sensitive information. As part of reviewing IT security arrangements, different groups of privileged users were examined, including:

    • application administrators, sometimes referred to as super users;
    • database administrators;
    • system administrators; and
    • network or domain administrators.

    1.97 To reduce the risks associated with this access, the Australian Government Information Security Manual (ISM) recommends that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored. Seven minor findings relate to entities that have not implemented adequate logging and monitoring procedures over privileged user accounts. The risk of inappropriate changes to financially significant systems and data arising from these findings is partially mitigated through alternate controls.

    1.98 All users with access to financial systems may have the ability to change financial information, and therefore access should only be granted where it is required for the performance of the role; and should be reviewed whenever the role changes. Seven minor findings relate to issues with user access management.

    1.99 Entities must remove or suspend user access on the same day that a user no longer has a legitimate business requirement for its use.64 Terminating a user account when the user no longer has a requirement to access it, such as upon departure from an entity, can prevent unauthorised use. Two minor findings in paragraph 1.95 also related to issues where access was not removed on a timely basis, and there were a further three moderate and three minor findings in this area. For further detail regarding the moderate finding in this category, refer to the detailed results in Chapter 3 for the Departments of: Health and Social Services and the NDIA.

    1.100 The ISM provides guidance on the password requirements for Australian Government systems. In October 2019 the ACSC updated this guidance to identify that, where multi-factor authentication65 was not able to be implemented, passphrases used for single-factor authentication should be set to a minimum of 14 characters with complexity, ideally as 4 random words66. The ANAO observed that most entities were in the process of transitioning to the new requirement, and assessed password configuration settings against the earlier requirement. One minor finding in paragraph 1.95 also related to password configuration not meeting the earlier requirement, and there were a further three minor findings in this area. Inadequate password controls increase the likelihood of unauthorised access to systems and data.

    1.101 Two moderate and one minor finding relate to the governance and monitoring processes that support the overall information security framework. For further detail on the moderate findings, refer to the detailed results in chapter 3 for the Department of Social Services and Services Australia.

    1.102 The findings within this category increase the risk of unauthorised changes being made to systems and data, or unauthorised data leakage. Entities should review their management of these areas in light of the recommendations of the ISM and the risks to their operational environment.

    IT change management

    1.103 IT change management provides a disciplined approach to making changes to the IT environment. It includes controls to prevent unauthorised changes being introduced, and to reduce the likelihood that normal business operations are interrupted with the implementation of authorised changes.

    1.104 Figure 1.9 illustrates the trends in findings identified in entities’ IT change management controls between 2017–18 and 2020–21.

    Figure 1.9: IT change management interim audit findings 2017–18 to 2020–21

    Figure 1.9 details the number of IT change management findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data.

    1.105 Changes to entities’ IT environments were managed using standardised processes, usually based on the ITIL Framework.67 Six minor findings were identified in this area, related to weaknesses in the operation of the change management processes.

    1.106 While still low when compared to IT security, the number of findings in this area has remained consistent over the last four years. Almost one third of the entities included in this report have advised that they are undertaking new systems implementations and/or data migration activities in 2020–21. Weaknesses in change management elevate the risk of unauthorised or untested changes to systems during these activities, and may affect the availability or reliability of the overall IT environment. Entities should monitor the operating effectiveness of their IT control environments to mitigate risks.

    Disaster recovery arrangements

    1.107 Disaster recovery is concerned with the resumption of the IT environment including systems and data following an interruption to services. It relies on:

    • effective back-up and recovery arrangements, to allow data to be recovered from current versions of key IT systems; and
    • disaster recovery planning, including the development, maintenance and testing of a disaster recovery plan to enable IT systems to be recovered in line with defined business requirements.

    1.108 The ANAO assesses entities’ disaster recovery arrangements in view of the potential for a disruptive event to impact on financial reporting. Figure 1.10 illustrates the trend for findings identified in entities’ disaster recover arrangements between 2017–18 and 2020–21.

    Figure 1.10: Disaster recovery interim audit findings 2017–18 to 2020–21

    Figure 1.10 details the number of IT disaster recovery findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data

    1.109 In all cases where general IT controls testing has been completed, ANAO found that entities undertook regular backups of financially significant data and had disaster recovery plans in place which were regularly tested. While there were no findings raised, ANAO observed that in three entities recent changes in the IT environment were not yet reflected in the plan. This increases the risk that, in the event of a significant disruption, systems and data will not be recovered within an acceptable timeframe.

    1.110 Overall, the majority of IT controls continued to provide reasonable assurance about the operation of controls relied on to support the preparation of financial statements that are free from material misstatement. Consistent with observations in previous years, IT Security, particularly with regard to management of user access, continues to be an area requiring improvement to address the risk of inappropriate access to systems and data.

    Compliance and quality assurance frameworks

    1.111 Entities place reliance on internal and external systems, parties and information in decision-making processes. The implementation of effective compliance and quality frameworks and processes, provides assurance over the completeness and accuracy of information and is integral to the preparation of financial statements that are free from material misstatement.

    Figure 1.11: Compliance and quality assurance framework interim findings 2017–18 to 2020–21

    Figure 1.11 details the number of compliance and quality assurance framework findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO analysis of data provided by entities.

    1.112 As per Figure 1.11 there are two moderate audit findings, at the conclusion of the 2020–21 interim audit, related to weaknesses in quality assurance processes designed to mitigate key financial or business risks. The moderate finding reported to NDIA, relating to Business Assurance Plan Approval, was first reported in 2019–20 and remains unresolved. The moderate finding reported to the Department of Defence, relating to governance of ADF Health Services was first reported during interim phase in 2020–21.68

    1.113 The number of minor audit findings reported in 2020–21 has remained consistent compared with the prior year. There remains a need for entities to focus attention on:

    • maintaining effective governance over third party or joint service delivery arrangements;
    • implementing quality assurance processes over data integrity; and
    • developing and implementing risk management frameworks that support the effective management of risk in the delivery of programs.

    Accounting and control of non-financial assets

    1.114 Entities control a diverse range of non-financial assets on behalf of the Commonwealth, including land and buildings, specialist military equipment, leasehold improvements, infrastructure, plant and equipment, inventories and internally-developed software.

    Figure 1.12: Accounting and control of non-financial assets interim audit findings 2017–18 to 2020–21

    Figure 1.12 details the number of accounting and control of non-financial assets audit findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data.

    1.115 The moderate finding which was first reported to the Department of Health during the 2019–20 final audit phase remains unresolved. The finding relates to the recording and management of the National Medical Stockpile.69

    1.116 Two of the minor audit findings remain unresolved from 2018–19 and 2019–20 final audits and relate to timely approval and recording of asset disposals. Three minor findings were raised during the 2020–21 interim audit phase and relate to the identification, disposal and impairment of assets and the timely reporting of work in progress assets.

    Revenue, receivables and cash management

    1.117 Revenue and receivables consists of parliamentary appropriations, taxation revenue, customs and excise duties and administered levies. Revenue is also generated by entities from the sale of goods and services and a range of other sources. Cash management involves the collection and receipt of public monies and the management of official bank accounts.

    Figure 1.13: Revenue, receivables and cash management interim audit findings 2017–18 to 2020–21

    Figure 1.13 details the number of revenue, receivables and cash management audit findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data.

    1.118 Since 2017–18, no significant or moderate audit findings have been identified that relate to revenue, receivables and cash management. The minor finding reported in 2019–20 related to weaknesses in the timely and accurate completion of bank reconciliations.

    Human resource financial processes

    1.119 Human resources encompass the day-to-day management and administration of employee entitlements and payroll functions. Employee benefits expenditure represents a significant departmental expenditure item for most entities. Employee entitlement liabilities involve estimates and judgements in inputs. It is important for entities to establish robust controls in these areas to support complete and accurate payment and recording of transactions.

    Figure 1.14: Human resources financial processes interim audit findings 2017–18 to 2020–21

    Figure 1.14 details the number of human resources financial process audit findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant moderate or minor.

    Source: ANAO data.

    1.120 Since 2017–18 there have been no significant or moderate audit findings relating to human resource processes raised during the interim audit phase. At the conclusion of the final audit phase for 2019–20, there was an unresolved moderate finding raised over the management of staff leave at the Department of Home Affairs. During the 2020–21 interim audit phase, this finding was downgraded to a minor finding.

    1.121 There has been a decrease in minor audit findings from the prior year. The five minor findings reported relate to weaknesses identified over monitoring of controls for payroll processing and reporting, management of staff leave and leave requests, and related party disclosures.

    Purchases and payables management

    1.122 Purchases and payables management covers controls and processes that provide management assurance that payments processed by the entity are complete and accurate. This may include the implementation of appropriate systems of approval or controls designed to ensure that payments processed through the financial management information system are appropriate.

    Figure 1.15: Purchases and payables management interim audit findings 2017–18 to 2020–21

    Figure 1.15 details the number of purchases and payables management audit findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant moderate or minor.

    Source: ANAO data.

    1.123 The moderate audit finding reported to the Department of Defence relates to weaknesses over segregation of duties within the purchases and payables function.70 The minor audit findings relate to weaknesses in reconciliation processes, duplicate creditor records and the timely acquittal of credit cards. Two of the minor findings were first raised in the 2019–20 final audit phase, and the third is a new finding in 2020–21.

    Other audit findings

    1.124 Other audit findings typically include items relating to the: management and implementation of service level agreements or memoranda of understanding; updating or maintaining key governance documentation; and presentation and disclosure in the financial statements.

    Figure 1.16: Other interim audit findings 2017–18 to 2020–21

    Figure 1.16 details the number of other audit findings over the four financial years from 2017–18 to 2020–21. These are presented by category significant, moderate or minor.

    Source: ANAO data.

    1.125 Consistent with the prior year, there were no significant or moderate findings raised. The weaknesses resulting in the minor findings in this category related to:

    • discrepancies between source data and information used to account for leases;
    • monitoring of balances in general ledger clearing accounts;
    • insufficient evidence to support manual journal approvals;
    • weaknesses relating to risk assessments over external provided information; and
    • fraud risk assessments and reporting of fraud to those charged with governance.

    2. Reporting and auditing frameworks

    Chapter coverage

    This chapter outlines recent and future changes to the public sector reporting framework and the Australian auditing framework relating to the auditor’s report on financial statements.

    Summary of developments

    The ANAO recognises that the risk environment for Commonwealth entities may have changed as a result of the COVID-19 pandemic. The ANAO will continue to monitor the ongoing impact of the pandemic on entities’ risks to assess their ability to provide sufficient and appropriate evidence for audits. In 2019–20, as necessary, the ANAO adjusted audit plans in response to the pandemic and these adjustments may continue in the current audit cycle while ensuring that compliance with auditing standards is not compromised. ANAO’s financial auditing will continue to utilise remote access to agencies’ financial systems where appropriate to complete audit procedures.

    Following on from the successful adoption of three new or revised accounting standards for revenue and leases in 2019–20, there are no significant changes in accounting standards applicable to Commonwealth entities for 2020–21.

    Australian Auditing Standard ASA 540 Auditing Accounting Estimates and Related Disclosures was revised and re-issued with effect for the 2020–21 financial year. The revised standard places increased emphasis on the need for auditors to consider management’s assessment of estimation uncertainty and use of judgement.

    This chapter includes a summary of the ANAO’s quality assurance framework. The quality assurance framework is designed to provide the Auditor-General with reasonable assurance that the ANAO complies with its policies and procedures, applicable legal and regulatory requirements, and that reports issued by the ANAO are appropriate in the circumstances. The quality assurance framework emphasises that quality audits are reliant on the strength of the ANAO’s independence and quality control processes.

    Introduction

    2.1 The Australian Government’s financial reporting framework is based, in large part, on standards made by the Australian Accounting Standards Board (AASB). The framework is designed to support decision-making by, and accountability to, the Parliament.

    2.2 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board. As IFRS are designed primarily for use by private sector and for-profit organisations, the AASB amends the IFRS to reflect significant transactions and events that are particularly prevalent in the public sector and not-for-profit private sector. In doing so, it takes into account standards issued by the International Public Sector Accounting Standards Board.

    2.3 The Finance Minister prescribes additional financial reporting requirements for Commonwealth entities. These are contained in the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (the FRR). The FRR is made under the Public Governance, Performance and Accountability Act 2013 (the PGPA Act).

    2.4 The audits of the financial statements of Australian Government entities are conducted in accordance with the ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997. The ANAO Auditing Standards for financial statement audits incorporate, by reference, the auditing standards made by the Australian Auditing and Assurance Standards Board (AUASB). The AUASB bases its standards on those made by the International Auditing and Assurance Standards Board, an independent standard setting board of the International Federation of Accountants.

    2.5 The financial reporting and auditing frameworks that applied in 2020–21 are illustrated in Appendix 2 and Appendix 3 of this report.

    Changes to the Australian public sector reporting framework

    Changes in the financial framework

    COVID 19

    2.6 The ANAO’s experience with 2019–20 financial statements audits identified particular challenges for entities when dealing with material uncertainties arising in asset valuations and in performing physical compliance activities such as inventory stocktakes. Due to travel restrictions and lock downs, ANAO staff were restricted in their ability to physically access entities’ premises leading to the increased use of remote access to entity financial management and relevant operational systems. Remote access allowed audit teams to undertake their audit work without the need to be onsite. It is expected that the use of remote access will continue in the 2020–21 audit.

    Changes to auditing standards

    2.7 In December 2018 the Auditing and Assurance Standards Board (AUASB) issued the revised ASA 540 Auditing Accounting Estimates and Related Disclosures (ASA 540) which prescribes the auditor’s responsibilities with respect to accounting estimates and their related disclosures, such as valuations of financial and non-financial assets and measurement of provisions and other liabilities. ASA 540 is the Australian adoption of the revised international auditing standard ISA 540 of the same name. The new standard will apply to ANAO audits of financial statements for the year ended 30 June 2021 and later years.

    2.8 The revisions to the standard are intended to address two major threats to the quality of financial statement audits:

    1. increasing complex business and accounting environment with respect to estimates, leading to the increased prevalence in financial statements of complex, higher-risk accounting estimates such as expected credit losses, insurance contracts, revenue recognition and lease recognition; and
    2. recurring audit inspection findings with respect to audit quality over accounting estimates.

      2.9 The standard emphasises and strengthens requirements for risk assessment, introducing new risk concepts of complexity, subjectivity and estimation uncertainty to assist auditors to identify the most important areas of audit effort and prescribing enhanced procedures with respect to understanding the entity, its environment and its internal control environment affecting estimation.

      2.10 The standard also aims to drive audit quality by prescribing objective-based audit procedures, emphasising the importance of professional scepticism and enhancing the audit requirements for management disclosures.

      2.11 The revised ASA 540 places emphasis on the need for auditors to understand and assess the risk that estimation uncertainty along with the use of management judgement may result in material misstatement in the financial statements. Entities should therefore expect that auditors are likely to seek evidence that management has identified and assessed significant estimation uncertainty risks. Where significant estimation uncertainty is identified auditors will want to review documentation supporting the methods, significant assumptions and data used by management to arrive at an estimate.

      2.12 While audit committees are already expected to consider accounting estimates with significant judgement, closer attention by auditors in accordance with the revised ASA 540 may require management to provide additional information to audit committees around these areas. Audit committees are likely to continue to see significant coverage of accounting estimates in closing letters and other communication from the ANAO.

      Changes to accounting standards

      2.13 There are no new accounting standards expected to have a significant impact on Commonwealth entities’ financial statements for 2020–21.

      Quality Assurance Framework and Reporting

      ANAO Quality Assurance Framework

      2.14 The quality of ANAO audit work is reliant on the strength of its independence and quality control processes. The ANAO defines audit quality as the provision of timely, accurate and relevant audits, performed independently in accordance with the Auditor-General Act 1997, ANAO auditing standards and methodologies, which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

      2.15 The ANAO Quality Assurance Framework and Plan 2020–21 is published on the ANAO website and articulates the system of quality control that the ANAO has established to support the delivery of high-quality audit work and enables the Auditor-General to have confidence in the opinions and conclusions in the reports prepared for the Parliament. The Framework is supported by the Audit Quality Report 2019–20 which reports on our achievement against the Framework for the 2019—20 financial year, including the results of internal and external review activities.

      2.16 The ANAO quality assurance framework complies with the requirements of Auditing Standard ASQC 1 – Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements. The AUASB has issued three revised Australian Quality Management Standards that become effective on 15 December 2022:

      • ASQM 1 – Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements;
      • ASQM 2 – Engagement Quality Reviews; and
      • ASA 220 – Quality Management for an Audit of a Financial Report and Other Historical Information.

      2.17 The revised standards introduce a quality management approach that is focused on proactively identifying and responding to risks of quality. The standards include enhanced requirements and focus on governance and leadership, monitoring and remediation. The ANAO will review the revised standards, consider the impacts on the Quality Assurance Framework and make enhancements to the framework to ensure that it responds to the quality risks that arise in audits of public sector entities.

      Ethics, independence and integrity

      2.18 Ethical requirements, with a focus on independence are core to the quality framework. The fundamental principles of professional ethics as set out in APES 110 Code of Ethics for Professional Accountants are integrity; objectivity; professional competence and due care; confidentiality; and professional behaviour. The ANAO maintains a continued focus on independence through the application of the ANAO Independence Policy that manages threats to independence in the conduct of the ANAO’s work. The ANAO Integrity Framework sets out the ANAO’s integrity control system, supporting our organisation’s integrity. The framework encompasses the ANAO Integrity Statement, which describes five key principles of integrity that staff at the ANAO uphold — independence, honesty, accountability, openness and courage.

      Quality control and consultation processes

      2.19 In the conduct of their work ANAO auditors apply a robust methodology to drive consistent quality and compliance with the ANAO Auditing Standards. The ANAO audit methodology incorporates policies regarding direction, supervision and review, consultation on significant technical and ethical issues, engagement quality control review of high risk audits and documentation of audit evidence and work performed.

      3. Results of the interim audit phase by entity

      Chapter coverage

      This chapter summarises the results of the interim audits for the 2020–21 financial statements of the 25 entities included in this report. The entities included in this report are all departments of state, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the income, expenses, assets and liabilities within the 2019–20 Consolidated Financial Statements (CFS) of the Australian Government and are presented in Figure 3.0.1 and Figure 3.0.2.

      Audit results

      There were no significant and nine moderate findings reported to the entities covered by this report at the completion of the 2020–21 interim phase compared with no significant and eight moderate findings reported at the interim phase in 2019–20.

      The interim audit phase includes an assessment of the effectiveness of each entity’s internal controls as they relate to the risk of misstatement in the financial statements. At the completion of interim audits for the 25 entities included in this report, the key elements of internal control were assessed as operating effectively for 20 entities. For the remaining five entities, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement.

      Introduction

      3.0.1 The ANAO’s assessment of the overall risk of material misstatement of the financial statements is based on professional judgement relating to the entity’s particular circumstances. The financial statements audit planning process involves joint procedures with performance audit and takes into account each entity’s environment and governance arrangements, its system of internal control, and prior year financial and performance audit findings. These planning processes inform the identification of areas of key risk that have the potential to impact on the integrity of the financial statements.

      3.0.2 The interim phase of the audit focuses on the steps taken by entities to manage these risks, including their systems of internal control. This chapter reflects portfolio and funding arrangements existing at 30 April 2021 and outlines the following information for each of the reported entities71:

      • the entity’s primary role as reflected in its Portfolio Budget Statements;
      • 2020–21 appropriation funding and key financial statements items;
      • the ANAO’s assessment of the overall risk of material misstatement of the financial statements, which informs the audit processes to be undertaken;
      • key areas of financial statements risk including where the ANAO has identified Key Audit Matters (KAM); and
      • the status of significant and moderate audit findings at the completion of the interim audit, and the conclusion relating to audit coverage to date.

      3.0.3 The entities included in this report include all departments of state, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the revenues, expenses, assets and liabilities within the 2019–20 CFS.

      3.0.4 Where a performance audit was tabled during 2020–21 that was relevant to the financial management or administration of an entity, consideration is given to the impact of observations on the audit approach. Further details are included under the entity headings.72

      Analysis of Entities Contribution to 2019–20 CFS

      3.0.5 An analysis of the percentage contribution of entities in this report, to 2019–20 CFS is presented below. Figure 3.0.1 presents the results of nine entities that contribute greater than 10 per cent of either the income, expenses, assets or liabilities of the CFS. The remaining entities are presented in Figure 3.0.2 and contribute less than 10 per cent of all categories.

      Figure 3.0.1: Entities contributing greater than 10 per cent to the Australian Government’s 2019–20 Consolidated Financial Statements

      Figure 3.0.1 details the contribution to the Consolidated Financial Statements, for Income, Expenses, Assets and Liabilities, for entities who contribute more than ten percent to the 2019–20 Consolidated Financial Statements.

      Source: ANAO analysis of CFS and entities’ financial statements for the year ended 30 June 2020.

      Figure 3.0.2: Entities contributing less than 10 per cent to the Australian Government’s 2019–20 Consolidated Financial Statements

      Figure 3.0.2 details the contribution to the Consolidated Financial Statements, for Income, Expenses, Assets and Liabilities, for entities who contribute less than ten per cent to the 2019–20 Consolidated Financial Statements.

      Source: ANAO analysis of CFS and entities’ financial statements for the year ended 30 June 2020.

      Ongoing impact of the COVID-19 pandemic

      3.0.6 The COVID-19 pandemic and the Australian Government’s response to it significantly impacts on the risk environment faced by the Australian public sector. This change in risk environment directly impacts on the work to be undertaken by the ANAO across its financial statement audits.

      3.0.7 A variety of funding and delivery mechanisms are being employed by the government to address the health and economic needs arising from the pandemic. These include income support payments, grants, procurements, loans and tax relief. Rapid policy design and implementation can present new and increased risks to sound public administration and the proper use of public resources. These potential risks may require audit teams to change their audit approach.

      3.0.8 The Advance to the Minister for Finance (AFM) is a provision in the annual Appropriation Acts which enables the Minister for Finance (Finance Minister) to provide additional urgently needed appropriation to agencies for expenditure in the current year. The Finance Minister may only agree to issue an AFM if satisfied that there is an urgent need for expenditure that is either not provided for or has been insufficiently provided for in the existing appropriations of the agency. In response to COVID-19, additional AFMs were enacted and subsequently passed by Parliament for the 2020–21 financial year.

      3.0.9 The ANAO conducted monthly assurance reviews of the AFM from April 2020 to October 2020, which were tabled in Parliament. The reviews were conducted in accordance with section 19A of the Auditor-General Act 1997. They provided timely assurance to the Parliament about the AFM, which has significantly increased to support Australian Government activities during the COVID-19 pandemic.

      3.0.10 The limited assurance reviews undertaken concluded that the Department of Finance has effective processes in place to provide assurance over information provided by agencies to access AFM. The September 2020 AFM monthly report – Auditor-General Report No.13 2020–21, recommended that the Department of Finance should formalise the process to consolidate relevant entities’ reporting to maintain effective oversight over entities’ management of AFM. The recommendation has been implemented by the Department of Finance.73

      Results of financial statements audits

      3.0.11 Table 3.0.1 presents a summary of new and unresolved significant and moderate findings74 at the conclusion of the 2020–21 interim75 audits and the 2019–20 interim and final audits.

      Table 3.0.1: Significant and moderate findings by entity

      Entity

      Interim 2019–20

      Final 2019–20

      Interim 2020–21

      New

      findingsa

      Unresolved

      findings

      New

      findingsa

      Unresolved

      findings

      New

      findingsa

      Unresolved

      findings

      Department of Agriculture, Water and the Environment

      1

      Attorney-General’s Department

      Department of Defence

      2

      1

      2

      1

      1

      Department of Education, Skills and Employment

      1

      Department of Finance

      1

      Department of Health

      2

      2

      Department of Home Affairs

      1

      1

      1

      Department of Infrastructure, Transport, Regional Development and Communications

      1

      Department of Social Services

      2

      Services Australia

      1

      1

      1

      1

      National Disability Insurance Scheme Launch Transition Agency (NDIA)

      1

      1

      1

      1

      Total

      1

      7

      10

      3

      4

      5

                   

      Note a: Minor findings identified previously but upgraded to a moderate or significant finding are considered new for the purposes of this table.

      Source: 2019–20 and 2020–21 ANAO audit correspondence.

      3.1 Department of Agriculture, Water and the Environment

      Overview

      3.1.1 The Department of Agriculture, Water and the Environment (DAWE) is responsible for developing and implementing policies and programs to promote more sustainable, productive, internationally competitive and profitable Australian agricultural, food and fibre industries; safeguarding Australia’s animal and plant health; managing the conservation, protection and sustainability of Australia’s natural resources, biodiversity, ecosystems, environment and heritage; advancing Australia’s interests in the Antarctic; and improving the health of rivers and freshwater ecosystems and water use efficiency.

      3.1.2 Figure 3.1.1 and Figure 3.1.2 show the 2020–21 departmental and administered financial statements items reported by DAWE and the key areas of financial statements risk.

      Figure 3.1.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.1.1 shows DAWE’s departmental estimated actuals for the year ended 30 June 2021 as per DAWE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements categorised by financial statement classification of own source income, expenses, assets and liabilities. This reflects DAWE’s structure and outcomes and includes key areas of financial statements risk as per Table 3.1.3.

      Source: ANAO analysis and DAWE revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.1.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.1.2 shows the DAWE’s administered estimated actuals for the year ended 30 June 2021 as per DAWE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements categorised by financial statement classification of income, expenses, assets and liabilities. This reflects DAWE’s structure and outcomes and includes key areas of financial statements risk as per Table 3.1.3.

      Source: ANAO analysis and DAWE revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.1.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DAWE financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DAWE environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key aras of risk and the ANAO’s understanding of the operations of DAWE, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.1.4 Annual appropriation funding of $1,108.4 million (departmental) and $3,396.2 million (administered) was provided to DAWE in 2020–21 to support the achievement of the entity’s outcomes.76 DAWE was also budgeted to receive special appropriation funding of $1,024.9 million.77

      3.1.5 Table 3.1.1 and Table 3.1.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.1.1: Key expenses and total own-sourced income

      Expenses and own-sourced income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      1,484.0

      3,070.8

      Employee benefits

      741.7

      Suppliers

      542.0

      242.4

      Depreciation and amortisation

      168.2

      7.7

      Personal benefits

      200.7

      Write-down and impairment of assets

      0.9

      5.7

      Finance costs

      6.8

      Grants

      7.0

      1,898.8

      Borrowing costs and other

      17.4

      715.5

      Total own-source income

      398.7

      715.3

      Sale of goods and rendering of services

      372.6

      10.8

      Other taxes

      479.4

      Interest

      0.1

      101.7

      Gains

      1.6

      Other

      24.4

      123.4

      Net (cost of)/contribution to services

      (1,085.3)

      (2,355.5)

           

      Source: DAWE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.1.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      1,869.0

      11,006.8

      Cash

      25.7

      1,911.7

      Trade and other receivables

      198.4

      3,088.0

      Water assets

      4,165.7

      Land and buildings

      634.3

      0.5

      Property, plant and equipment

      667.0

      532.9

      Intangibles

      231.5

      Heritage and cultural

      72.3

      Inventories

      10.0

      11.1

      Investments

      15.5

      1,227.4

      Other

      14.3

      69.5

      Total liabilities

      1,493.2

      286.6

      Grants

      130.6

      Suppliers payable

      45.5

      58.0

      Other payables

      23.7

      2.7

      Interest bearing liabilities

      406.5

      Employee provisions

      245.5

      Other provisions

      772.0

      95.3

      Net assets/(liabilities)

      375.8

      10,720.2

           

      Note: DAWE’s estimated average staffing level for 2020–21 is 6,079.

      Source: DAWE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.1.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.1.3.

      Table 3.1.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Departmental

      revenue from contracts with customers

      $372.6 million

      Accuracy and completeness of own- source revenue relating to import and export functions

      KAM

      Higher

      • large range of revenue streams, collected across the country through multiple systems; and
      • complex cost recovery arrangements.

      Administered

      levies and charges

      $479.4 million

      Accuracy and completeness of primary industry levies and charges revenue

      KAM

      Higher

      • self-assessment nature of collections; and
      • complexities involved in estimating the level of agricultural production on which revenue is based.

      Departmental

      other provisions

      $772.0 million

      Valuation of the Antarctic restoration provision

      KAM

      Higher

      • the balance is subject to judgement and estimation, particularly relating to discount rates, escalation factors, asset replacement costs and useful lives.

      Administered

      loans

      (a component of trade, taxation and other receivables)

      $3.1 billion

      Valuation of loans to the State and Territory Governments and farm businesses

      KAM

      Higher

      • variation in loan terms across jurisdictions;
      • complexity in the accounting treatment for loans deemed concessional in nature;
      • level of estimation involved in determining any potential impairment of loans; and
      • subsequent management of loans to farm businesses is undertaken by a third party (the State or Territory Government, or the Regional Investment Corporation), under a service level agreement with DAWE. The third party is responsible for entering into loan agreements with eligible farm businesses, the approval of recipients, and the ongoing monitoring and maintenance of the loans.

      Administered

      water entitlements

      $4.2 billion

      Valuation of water entitlement assets

      KAM

      Moderate

      • the balance and impairment process is subject to estimation and judgement, and impacted by factors including the maturity and assessment of the water market; and
      • information to support the valuation is provided by third parties.
             

      Source: ANAO 2020–21 risk assessment, and DAWE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.1.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of DAWE:

      • Auditor-General Report No.2 Procurement of Strategic Water Entitlements.

      3.1.8 Auditor-General Report No.2 of 2020–21 included observations relevant to the ‘Valuation of water entitlement assets’ risk outlined in Table 3.1.3. Four recommendations were made aimed at improving procurement guidance; developing assurance mechanisms for procurement processes; updating conflict of interest management arrangements; and developing a clear evaluation framework. The observations were considered in designing audit procedures for 2020–21. There were no changes made to the planned audit approach.

      Audit results

      3.1.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to revenue from contracts with customers and administered levies. In addition, interim coverage of IT general controls, appropriations and special accounts, supplier expenses and employee benefits expenses has been performed.

      3.1.10 Audit procedures relating to other provisions, water entitlements and administered loans will be undertaken as part of the planned 2020–21 final audit. The ANAO will continue to assess the integration of DAWE’s entity level risk assessment, control frameworks and IT systems, following the machinery of government changes that occurred during 2019–20, throughout the audit. DAWE is finalising timeframes for the system integration. Any significant changes prior to 30 June 2021 will require revision to the planned audit approach.

      3.1.11 To date, our audit coverage has not identified any new significant or moderate audit findings. There were no unresolved significant or moderate audit findings at the conclusion of the 2019–20 audit.

      Conclusion

      3.1.12 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that DAWE will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.2 Attorney-General’s Department

      Overview

      3.2.1 The Attorney-General’s Department (AGD) supports the Attorney-General and Minister for Industrial Relations and the Assistant Minister to the Attorney-General. The roles of the department are to contribute towards a just and secure society through the maintenance and improvement of Australia’s law, justice, security and integrity frameworks and to facilitate jobs growth through policies and programs that promote fair, productive and safe workplaces.

      3.2.2 AGD has a shared services arrangement with the Department of Social Services for the provision of grant administration services. AGD remains accountable for compliance with all accounting, legal and administrative requirements.

      3.2.3 Figure 3.2.1 and Figure 3.2.2 show the 2020–21 departmental and administered financial statement items reported by AGD and the key areas of financial statements risk.

      Figure 3.2.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.2.1 shows AGD’s departmental estimated actuals for the year ended 30 June 2021 as per AGD’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.2.3.

      Source: ANAO analysis and AGD’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.2.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.2.2 shows AGD’s administered estimated actuals for the year ended 30 June 2021 as per AGD’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.2.3

      Source: ANAO analysis and AGD’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.2.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on AGD’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of AGD’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of AGD, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.2.5 Annual appropriation funding of $254.3 million (departmental) and $449.7 million (administered) was provided to AGD in 2020–21 to support the achievement of the entity’s outcomes.78 AGD was also budgeted to receive special appropriation funding of $688.3 million.79

      3.2.6 Table 3.2.1 and Table 3.2.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.2.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      391.2

      1,181.0

      Employee benefits

      227.2

      18.4

      Suppliers

      104.7

      205.7

      Subsidies

      159.3

      Personal benefits

      475.2

      Depreciation and amortisation

      48.9

      9.2

      Grants

      290.5

      Payment to corporate entities

      22.4

      Other

      10.4

      0.3

      Total own-source income

      140.2

      221.2

      Levies

      155.8

      Sale of goods and rendering of services

      139.7

      2.8

      Other

      0.5

      62.6

      Net (cost of)/contribution to services

      (251.0)

      (959.8)

           

      Source: AGD’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.2.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      566.6

      637.3

      Cash and cash equivalents

      25.3

      21.4

      Trade and other receivables

      150.0

      20.9

      Other investments

      569.6

      Land and buildings

      324.7

      14.4

      Property, plant and equipment

      28.5

      0.5

      Intangibles

      26.5

      0.5

      Other

      11.6

      10.0

      Total liabilities

      438.5

      2,075.1

      Suppliers

      15.6

      8.9

      Subsidiaries

      13.1

      Personal Benefits

      0.2

      Other payables

      33.7

      2,038.0

      Leases

      309.0

      10.1

      Employee provisions

      79.6

      4.8

      Other provisions

      0.6

      Net assets/(liabilities)

      128.1

      (1,437.8)

           

      Note: AGD’s estimated average staffing level for 2020–21 is 1,701.

      Source: AGD’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.2.7 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.2.3.

      Table 3.2.3: Key areas of financial statements risk

      Relevant financial statement line item

      Key area

      Audit risk rating

      Factors contributing to risk assessment

      Administered

      Fair Entitlements Guarantee (FEG) Scheme

      (a component of Personal benefits expenses

      $ 475.2 million)

      FEG liabilities are a (component of personal benefits liabilities

      $0.2 million)

      Accuracy and occurrence of administered personal benefits expenses

       

      Moderate

       

      • risks relating to claims eligibility, calculation of benefit amounts and subsequent payments; and
      • the value of debts and liabilities that are recognised relating to the FEG Scheme.

      Departmental

      rendering of services

      $139.7 million

      goods and services receivables (a component of trade and other receivables

      $149.9 million)

      Accuracy of revenue, and the accuracy and completeness of trade receivables, from rendering of services

      Moderate

      • Australian Government Solicitor (AGS) revenue from rendering of services is a significant component of the AGD’s revenue; and
      • the value and timing of revenue recognition is determined with reference to time recorded on various AGS matters, the completion and recovery of matters and the valuation of work-in-progress at year end is subject to management judgement.

      Administered

      grant expenses

      $290.6 million

       

      Accuracy and occurrence of administered grant expenses

      Low

      • a significant component of the department’s financial statements; and
      • grant programs are managed by the DSS Community Grants Hub.
             

      Source: ANAO 2020–21 risk assessment, and AGD’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Audit results

      3.2.8 The ANAO has substantially completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: departmental revenue, FEG Scheme expenses, management of appropriations and special accounts and cash management activities. Testing related to IT general and application controls is in progress and will be completed prior to the final audit phase.

      3.2.9 Audit procedures relating to: the valuation of non-financial assets, including administered investments; and financial statements close processes including the consolidation of the AGS will be undertaken as part of the planned 2020–21 final audit.

      3.2.10 To date, our audit coverage has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.2.11 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that AGD will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2020–21 final audit.

      3.3 Department of Defence

      Overview

      3.3.1 The Department of Defence (Defence) is responsible for protecting and advancing Australia’s strategic interests through the: promotion of security and stability; the provision of military capabilities to defend Australia and its national interests; and the provision of support for the Australian community and civilian authorities as directed by the Government.

      3.3.2 Figure 3.3.1 and Figure 3.3.2 show the 2020–21 departmental and administered financial statement items reported by Defence and the key areas of financial statements risk.

      Figure 3.3.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.3.1 shows Defence’s departmental estimated actuals for the year ended 30 June 2021 as per Defence’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.3.3.

      Source: ANAO analysis and Defence’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.3.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.3.2 shows Defence’s administered estimated actuals for the year ended 30 June 2021 as per Defence’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.3.3.

      Source: ANAO analysis and Defence’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.3.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Defence’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Defence’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Defence, the ANAO has assessed the risk of a material misstatement as high.

      Key financial statements items

      3.3.4 Annual appropriation funding of $41.9 billion (departmental) was provided to Defence in 2020–21 to support the achievement of the entity’s outcomes.80 Defence was also budgeted to receive special appropriation funding of $2.9 billion predominantly for military superannuation provisions.81

      3.3.5 Table 3.3.1 and Table 3.3.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.3.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total expenses

      36,224.2

      9,684.0

      Employee benefits

      12,444.5

      Suppliers

      16,187.7

      Depreciation and amortisation

      6,317.3

      Write-down and impairment of assets

      1,086.7

      Military superannuation benefits

      9,486.5

      Other

      188.0

      197.5

      Total own-source income

      1,361.9

      1,325.0

      Sale of goods and rendering of services

      542.3

      Other revenue

      56.0

      Reversals of previous asset write-downs

      572.8

      Military superannuation contributions

      1,245.9

      Other

      190.8

      79.1

      Net (cost of)/contribution to services

      (34,862.3)

      (8,359.0)

           

      Source: Defence’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.3.2: Key assets and liabilities

      Assets and liabilities

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total assets

      118,829.5

      3,218.3

      Cash and cash equivalents

      334.9

      180.4

      Trade and other receivables

      60.6

      39.8

      Tax assets

      229.9

      Appropriation receivable

      522.0

      Other receivables

      307.9

      Investments accounted for using the equity method

      2,778.5

      Specialist military equipment

      76,692.5

      Intangibles

      1,102.7

      Land and buildings

      20,940.6

      Infrastructure, plant and equipment

      8,245.2

      Heritage and cultural

      449.3

      Inventories

      7,579.4

      Prepayments

      2,148.7

      219.6

      Other

      215.8

      Total liabilities

      11,462.1

      97,035.0

      Suppliers

      2,916.6

      Other payable

      632.4

      196.0

      Leases

      2,647.8

      Employee provisions

      3,518.7

      96,839.0

      Other

      1,746.6

      Net assets/(liabilities)

      107,367.4

      (93,816.7)

           

      Note: Defence’s estimated average staffing level for 2020–21 is 77,139.

      Source: Defence’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.3.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.3.3.

      Table 3.3.3: Key areas of financial statements risk

      Relevant financial statement item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Departmental

      specialist military equipment (SME)

      $76.7 billion

      Accuracy and valuation of the SME balance which includes platform assets in use and under construction and spare parts for these assets

      KAM (valuation)

      Higher

      • high degree of judgement due to the highly specialised nature of these assets and the management estimates required to determine appropriate useful lives and assess the financial impact of indicators of impairment;
      • subjectivity in the valuation assessment due to the difficulty in obtaining the replacement costs of assets with a similar capability in the absence of an active market;
      • the annual impairment and revision of useful lives are subject to a high degree of judgement and subjectivity;
      • management of assets under construction is dispersed across numerous projects that have complex multi-year contractual arrangements and project management requirements; and
      • large prepayments are often made in relation to the acquisition and sustainment of SME.

      Administered

      employee provisions

      $96.8 billion

      Accuracy, valuation and disclosure of administered employee provisions

      KAM (valuation)

      Higher

      • complexity of the calculation and significant judgements applied in the selection of long- term assumptions including rates for salary growth, pension indexation, pension take-up and invalidity retirements; and
      • detailed disclosure requirements for the presentation and disclosure of defined benefit plans.

      Departmental

      inventory

      $7.6 billion

      including explosive ordnance (EO), fuel and general stores inventory (GSI)

      Existence and completeness of inventory balances

      KAM (existence and completeness)

      Moderate

      • the variety and number of inventory items which are managed across a large number of geographically dispersed locations and through a number of IT systems; and
      • complexity and management expertise required to assess and identify obsolete stock.

      Departmental

      general assets

      $31.0 billion

      Comprising land and buildings, infrastructure, plant and equipment, heritage and cultural and intangibles assets

      Accuracy and valuation of general assets

      KAM (valuation)

      Moderate

      • high degree of management judgement required in respect of classifying project costs as capital or expense; and
      • assumptions applied to determine appropriate useful lives and in the selection of valuation techniques to measure fair value and assess the financial impact of indicators of impairment.

      Departmental and Administered

      all financial statements items

      Accuracy and completeness of information processed by complex IT systems which are critical to key elements of financial statements

      Moderate

      • a number of complex IT systems which hold and generate information critical to financial statements;
      • IT systems which are bespoke or heavily customised for Defence; and
      • ongoing major IT reform projects which include Enterprise Resource Planning increasing Defence’s IT risk profile.
             

      Source: ANAO 2020–21 risk assessment, and Defence’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.3.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2020–21 relevant to the financial management or administration of Defence:

      • Auditor-General Report No. 6 Design and Implementation of the Defence Export Strategy;
      • Auditor-General Report No. 12 Defence’s Procurement of Offshore Patrol Vessels — SEA 1180 Phase 1;
      • Auditor-General Report No. 18 Defence’s Procurement of Combat Reconnaissance Vehicles (LAND 400 Phase 2);
      • Auditor-General Report No. 19 Major Projects Report; and
      • Auditor-General Report No. 21 Delivery of Security Vetting Services Follow-up.

      3.3.8 The above reports included observations relevant to impairment of assets under construction and IT systems as outlined in Table 3.3.3. The observations from these reports were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement.

      Audit results

      3.3.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to asset management processes and the controls implemented to determine the value of inventory at year-end. Interim audit coverage also included assessing IT general and application-specific controls for systems that support the preparation of Defence’s financial statements, in addition to assessing the operation of key non-IT controls in areas including appropriation and cash management, suppliers and employee expenses. Additionally, the ANAO has assessed Defence’s progress on addressing the moderate audit findings discussed below.

      3.3.10 Audit procedures relating to 30 June 2021 balances for employee provisions, decontamination and decommissioning provisions, inventory, SME and other fixed assets, and the military superannuation provision will be undertaken during the 2020–21 final audit. The ANAO will test Defence’s systems and processes supporting the complete and accurate disclosure of commitments, litigation and compensation schemes as part of the final audit. Additionally the ANAO will assess Defence’s progress in addressing audit findings up to and during the final audit.

      3.3.11 To date, our audit coverage has not identified any new significant audit findings. There was one new moderate finding identified.

      3.3.12 The following table summarises the status of audit findings reported by the ANAO in 2020–21.

      Table 3.3.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      3

      1

      2

      2

      Total

      3

      1

      2

      2

               
      New moderate audit finding
      Governance of ADF health services

      3.3.13 The provision of health services to ADF members is managed under a contract with an external service provider. The contract commenced on 1 July 2019 and includes two broad categories of charges covering off-base and on-base services. Defence undertakes a review of the fees and charges associated with off-base services to provide assurance that the invoiced amounts are accurate and valid.

      3.3.14 The ANAO’s testing identified issues with the processes Defence has implemented to check the accuracy and validity of the service provider’s monthly invoice. Defence has completed three reviews of off-base service charges. All three reviews concluded a “low confidence level – significant issues identified requiring major rectification”. Two of the three reviews were conducted months after the period under review and were not finalised in a timely manner.

      3.3.15 The reviews highlighted a number of issues including:

      • a significant percentage of the provider’s invoices did not include sufficient information for Defence to confirm that an authorised service had been provided to an ADF member;
      • instances of duplicate invoicing relating to multiple charges for a single service; and
      • tiered pricing structures had not been correctly applied and instances where full price or higher fees were incorrectly charged.

      3.3.16 The ANAO was unable to evidence that these issues had been escalated to senior management, and Defence continued to pay the invoices despite the high incidence of errors.

      3.3.17 The ANAO recommends Defence examine and strengthen the design of processes to provide assurance over the accuracy and validity of the health service payments. Given the issues noted in the review of off-base health services, the ANAO recommends that the assurance activities be extended to include on-base service charges. The assurance processes should be completed in a timely manner and issues arising escalated to an appropriate level of management to ensure that issues can be dealt with promptly and recoveries initiated where required.

      Resolved moderate audit findings
      Management and monitoring of SME balances in ROMAN and MILIS

      3.3.18 In 2017–18 the ANAO reported a number of issues with the substantiation of SME transactions in the Military Integrated Logistics Information System (MILIS) and the corresponding accounts in the financial management information system (ROMAN). Defence uses these systems to manage the acquisition and sustainment of SME assets. In 2019–20 Defence continued the remediation of this issue, by:

      • matching a significant number of ROMAN and MILIS transactions and validating price differences between the two systems;
      • undertaking a comprehensive review and remediation of a portion of the aged unreconciled balances between ROMAN and MILIS;
      • implementing a number of controls for the ongoing monitoring of unvalidated transactions between ROMAN and MILIS; and
      • improving the governance arrangements and monitoring over ROMAN and MILIS.

      3.3.19 In 2020–21 Defence completed its investigations into the residual unreconciled balance between ROMAN and MILIS of $322.9 million. This balance was made up of aged transactions that have been adjusted against the asset revaluation reserve. The ANAO has reviewed the accounting treatment of the adjustment for the unreconciled balance and considers this finding to be resolved.

      Monitoring and management of accounts with privileged access

      3.3.20 During the 2018–19 audit, the ANAO’s review of privileged user access identified several issues with the monitoring and management of accounts within financially significant applications. In 2019–20, Defence provided evidence to the ANAO showing that weaknesses in a number of its IT systems had been remediated. The ANAO noted that remediation for three key financial processing systems remained outstanding.

      3.3.21 As part of the 2020–21 interim audit, the ANAO assessed the remediation action completed by Defence which included testing the effectiveness of Defence’s logging and monitoring controls in the three key financial processing systems. Based on testing performed, sufficient evidence of the operating effectiveness of the monitoring processes was obtained to confirm that the previous issues had been resolved.

      Unresolved moderate audit finding
      Segregation of duties’ deficiencies within the purchase and payables function

      3.3.22 During 2019–20, the ANAO identified a lack of segregation between the critical procurement functions involving the creation/modification of vendor data, the raising and approval of a purchase order, the goods receipting function, and the payment authorisation process. The segregation of duties weaknesses related to procurements which were not subject to panel arrangements. The lack of segregation of duties’ increases the risk of fraud and/or financial loss.

      3.3.23 As part of the 2020–21 interim audit, the ANAO assessed the progress made by Defence to address the finding. Defence has commenced the roll-out of automated and manual controls to prevent officers from performing incompatible procurement functions. At the conclusion of the interim audit, the controls had been rolled out to approximately 20 per cent of all procurements.

      3.3.24 The ANAO has assessed the design of the controls and considers the controls to be designed effectively to address the risk identified. The ANAO will continue to monitor the roll-out of the controls to Defence’s remaining procurement processes as part of the 2020–21 final audit.

      Conclusion

      3.3.25 At the completion of the interim audit, and except for the findings outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Defence will be able to prepare financial statements that are free from material misstatement. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2020–21 final audit.

      3.4 Department of Veterans’ Affairs

      Overview

      3.4.1 The Department of Veterans’ Affairs (DVA) is responsible for developing and implementing programs to assist the veteran and ex-service communities. This includes: granting pensions, allowances and other benefits, and providing treatment under the Veterans’ Entitlements Act 1986; the administration of benefits and arrangements under the Military Rehabilitation and Compensation and the Safety, Rehabilitation and Compensation (Defence-related Claims) legislation; administering the Defence Service Homes Act 1918 and the War Graves Act 1980; and conducting commemorative programs to acknowledge the service and sacrifice of Australian servicemen and women.

      3.4.2 Figure 3.4.1 and Figure 3.4.2 show the 2020–21 departmental and administered financial statement items reported by DVA and the key areas of financial statements risk.

      Figure 3.4.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.4.1 shows DVA’s departmental estimated actuals for the year ended 30 June 2021 as per DVA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.4.3.

      Source: ANAO analysis and DVA’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.4.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.4.2 shows DVA’s administered estimated actuals for the year ended 30 June 2021 as per DVA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.4.3.

      Source: ANAO analysis and DVA’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.4.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DVA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DVA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of DVA, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.4.4 Annual appropriation funding of $404.6 million (departmental) and $113.6 million (administered) was provided to DVA in 2020–21 to support the achievement of the entity’s outcomes.82 DVA was also budgeted to receive special appropriation funding of $11.4 billion.83

      3.4.5 Table 3.4.1 and Table 3.4.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.4.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      456.6

      13,796.8

      Employee benefits

      202.30

      10.5

      Grants

      20.4

      Suppliers

      175.6

      Depreciation and amortisation

      42.4

      Personal benefits

      7,664.2

      Healthcare payments

      6,019.9

      Payments to corporate entities

      44.2

      Other

      36.3

      37.6

      Total own-source income

      49.9

      20.6

      Net premium revenue

      37.7

      Rendering of services

      6.6

      Other

      5.7

      20.6

      Net (cost of)/contribution to services

      (406.6)

      (13,776.3)

           

      Source: DVA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.4.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      349.2

      1,718.3

      Cash and cash equivalents

      6.6

      50.6

      Investments

      58.7

      1,533.7

      Appropriation receivables

      39.6

      Trade and other receivables

      36.7

      62.1

      Intangibles

      68.7

      Land and buildings

      135.4

      Other

      3.5

      71.9

      Total liabilities

      294.3

      35,749.9

      Suppliers and other payables

      54.4

      Personal benefits

      60.8

      Other payables

      29.9

      84.3

      Leases

      101.2

      Employee provisions

      69.6

      2.8

      Personal benefits provisions

      20,428.4

      Healthcare and other provisions

      15,173.6

      Other provision

      39.2

      Net assets/(liabilities)

      54.9

      (34,031.6)

           

      Note: DVA’s estimated average staffing level for 2020–21 is 1,615.

      Source: DVA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.4.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.4.3.

      Table 3.4.3: Key areas of financial statements risk

      Relevant financial statements line item

      Key area

      Audit risk rating

      Factors contributing to risk assessment

      Administered

      personal benefit and healthcare provisions

      $35.6 billion

      Valuation of military compensation provision

      KAM

      Higher

       

      • judgements involved in determining the assumptions and calculations underpinning
      • the actuarial assessment of the military compensation provision, including assumptions relating to future trends in medical costs, permanent incapacity, and inflation rates;
      • increasing value of the provision as an unfunded liability; and
      • completeness of data used to derive the valuation.

      Administered

      personal benefits expense

      $7.7 billion

      health care expenses

      $6.0 billion

      Accuracy of personal benefits and health care payments

      Higher

       

      • complexity of overseeing and maintaining a large number of IT business systems which are supported by the shared services provider, Services Australia;
      • complexity of legislation applicable to individual claims;
      • reliance on accurate and complete veteran provided information; and
      • reliance on a risk-based quality assurance program to identify errors and initiate debt recovery arrangements in individual claims.
             

      Source: ANAO 2020–21 risk assessment, and DVA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.4.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of DVA:

      • Auditor-General Report No. 30 Effectiveness of the Planning and Management of Veteran Centric Reforms.

      3.4.8 The observations of this report were considered in designing the financial statements audit procedures. There were no material changes to the planned audit approach.

      Audit results

      3.4.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of manual controls relating to: cash; asset management; supplier expenses; and employee benefits.

      3.4.10 Audit procedures relating to: testing of IT general and application controls; accuracy of administered personal benefit and health care payments and review of the personal benefits and health care provision valuation will be undertaken as part of the planned 2020–21 final audit.

      3.4.11 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.4.12 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that DVA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.5 Department of Education, Skills and Employment

      Overview

      3.5.1 The Department of Education, Skills and Employment (DESE) is responsible for ensuring Australians can experience the social wellbeing and economic benefits that quality education, training and employment provide.

      3.5.2 DESE continues to support the formulation and delivery of initiatives including the ongoing response to the COVID-19 pandemic. The department is delivering key elements of the Government’s five-year JobMaker Plan, including supporting Australians back into jobs by investing in skills and higher education and helping job seekers reconnect with employment. The department also continues to support the provision of essential services on which Australians rely including child care, schooling, training, higher education, and employment services.

      3.5.3 The Administered Arrangement Order (AAO) of 18 March 2021, transferred responsibility for the coordination of youth affairs function from the Health portfolio to the Education Skills and Employment portfolio.

      3.5.4 Figure 3.5.1 and Figure 3.5.2 show the 2020–21 departmental and administered financial statements items reported by DESE and the key areas of financial statements risk.

      Figure 3.5.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.5.1 shows DESE’s departmental estimated actuals for the year ended 30 June 2021 as per DESE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of own source income, expenses, assets and liabilities.

      Source: ANAO analysis and DESE’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.5.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.5.2 shows DESE’s administered estimated actuals for the year ended 30 June 2021 as per DESE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.5.3.

      Source: ANAO analysis and DESE’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.5.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DESE’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DESE’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of DESE, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.5.6 Annual appropriation funding of $1,055.7 million (departmental) and $7,139.8 million (administered) was provided to DESE in 2020–21 to support the achievement of the entity’s outcomes.84 DESE was also budgeted to receive special appropriation funding of $50.4 billion.85

      3.5.7 Table 3.5.1 and Table 3.5.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.5.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      966.6

      51,537.6

      Employee benefits

      423.7

      Suppliers

      399.4

      2,788.0

      Subsidies

      3,214.7

      Personal benefits

      9,262.4

      Grants

      34,956.5

      Write-downs and impairments of assets

      1,230.2

      Depreciation and amortisation

      137.1

      Finance costs

      6.4

      85.7

      Total own-source income

      63.4

      1,167.9

      Sale of goods and rendering of services

      36.0

      Other taxes

      10.6

      Interest

      1,076.2

      Gains

      Other

      27.4

      81.1

      Net (cost of)/contribution to services

      (903.2)

      (50,369.7)

           

      Source: DESE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.5.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      1,058.7

      56,860.5

      Cash and cash equivalents

      9.2

      91.4

      Trade and other receivables

      232.4

      53,171.4

      Other investments

      775.1

      Other financial assets

      1.8

      2,796.5

      Land and buildings

      448.0

      Property, plant and equipment

      34.6

      Intangibles

      318.2

      Other

      14.5

      26.1

      Total liabilities

      602.6

      8,078.4

      Suppliers

      41.8

      138.8

      Other payables

      14.6

      64.3

      Leases

      390.3

      1.3

      Personal benefits

      267.4

      Grants

      9.2

      Personal benefits provision

      747.1

      Provision for grants

      6,850.3

      Employee provisions

      155.9

      Other

      Net assets/(liabilities)

      456.1

      48,782.1

           

      Note: DESE’s estimated average staffing level for 2020–21 is 3,542.

      Source: DESE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.5.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.5.3.

      Table 3.5.3: Key areas of financial statements risk

      Relevant financial statement item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      Other financial assets: Higher Education Loan Program (HELP) receivable (a component of other financial assets balance of $56.8 billion)

      write–down and impairment of assets

      (a component of write-down and impairment of assets balance of $1.2 billion)

      HELP loans fair value losses

      (a component of write-down and impairment of assets balance of $1.2 billion)

      The valuation of the outstanding HELP loan receivable

      KAM

      Higher

      • the balances of outstanding loans and impairment are derived from complex actuarial estimates and the estimate contains a degree of estimation uncertainty;
      • the complexity involved in estimating future income of individuals that need to repay HELP debts, the timing of expected repayments and the amount of the loan not expected to be recovered; and
      • payment data is reliant on sources external to DESE such as: the Australian Taxation Office; universities; and other third parties.

      Administered

      other receivables – Higher Education Superannuation Program (HESP)

      (a component of other financial assets balance of $56.8 billion)

      The valuation of the HESP provision and receivable

      KAM

       

      Higher

      • the valuation of the HESP liability is subject to an actuarial estimation process and is highly sensitive to movements in discount factors and bond rates; and
      • the valuation is complex and depends on the accurate provision of source data by universities.

      Administered

      other financial assets: personal benefits receivable

      (a component of other financial assets balance of $56.8 billion)

      personal benefits payable $267.5 million

      personal benefits provision $747.1 million

      quantifiable contingent assets ($155.3m) and liabilities ($315.3m)

      Accuracy and valuation of assistance to families relating to childcare personal benefits payments for children

      KAM

      Higher

      • complex legislation and administration arrangements that apply to child care personal benefits;
      • accounting and disclosure of year- end balances which are contingent on the lodgement of recipient’s income tax returns;
      • payments are reliant on self- assessed information provided by child care service providers and claimants; and
      • the IT environment is highly dependent on external information systems which are administered by the Department of Social Services and Services Australia.

      Administered

      all financial

      statement items

       

      Completeness and accuracy of financial statement balances impacted by the complexity and range of IT systems used to

      maintain information and process payments

      Moderate

      • large and complex IT environment with business applications processing a high volume of transactions;
      • many IT systems are bespoke or heavily customised to DESE; and
      • reliance on customised reports to prepare financial statements balances.
             

      Source: ANAO 2020–21 risk assessment, and DESE’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.5.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2020–21 relevant to the financial management or administration of DESE:

      • Auditor-General Report No.23 Services Australia COVID-19 Measures and Enterprise Risk Management; and
      • Auditor-General Report No.32 Cyber Security Strategies of Non-Corporate Commonwealth Entities.

      3.5.10 The observations of these reports were considered in designing audit procedures. There were no material changes to the planned audit approach compared to prior year as a result of the performance audits conducted.

      Audit results

      3.5.11 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: cash and appropriations, revenue and receivables, and transactional processing of special accounts; the National Partnership Program payments relating to Jobtrainer and Universal Access to Early Childhood Education; and reconciliations between administered business systems and the financial information systems for grants payments. This includes systems that process the Commonwealth Grant Payments scheme, Higher Education Support Act Block grant payments, Higher Education Superannuation Program, and Australian Education Act School funding (recurrent funding).

      3.5.12 Further audit procedures relating to the following areas will be undertaken as part of the planned 2020–21 final audit phase: HELP; Vocational Student Loans; Trade Support Loans; HESP; child care subsidy payments; Jobactive and childcare compliance programs; administered grant payments to schools and universities; and departmental and administered supplier expenses.

      3.5.13 Testing of the IT controls relating to services provided to DESE by the Department of Finance’s Service Delivery Office, including monitoring controls in place at DESE over these processes is progressing.

      3.5.14 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings.

      Conclusion

      3.5.15 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that DESE will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.6 Department of Finance

      Overview

      3.6.1 The Department of Finance (Finance) is responsible for supporting the Government’s Budget process and oversight of public sector resource management, governance and accountability frameworks. In addition, the department is responsible for the preparation of the annual Consolidated Financial Statements (CFS), which includes the whole-of-government and the general government sector financial statements and the Australian Government’s financial outcome.

      3.6.2 The Service Delivery Office (SDO) is a business unit within Finance and is one of the providers of shared services for Australian Government entities. The SDO provides corporate transactional and technical services including; payroll administration, accounts payable, accounts receivable and credit cards.

      3.6.3 Figure 3.6.1 and Figure 3.6.2 show the 2020–21 departmental and administered financial statement items reported by Finance and the key areas of financial statements risk.

      Figure 3.6.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.6.1 shows Finance’s departmental estimated actuals for the year ended 30 June 2021 as per Finance’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.6.3.

      Source: ANAO analysis and Finance’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.6.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.6.2 shows Finance’s administered estimated actuals for the year ended 30 June 2021 as per Finance’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.6.3.

      Source: ANAO analysis and Finance’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.6.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Finance’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Finance’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Finance, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.6.5 Annual appropriation funding of $718.5 million (departmental) and $661.1 million (administered) was provided to Finance in 2020–21 to support the achievement of the entity’s outcomes.86 Finance was also budgeted to receive special appropriation funding of $8.2 billion.87

      3.6.6 Table 3.6.1 and Table 3.6.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.6.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      1,090.6

      11,493.3

      Employee benefits

      164.1

      346.3

      Suppliers

      195.7

      125.2

      Depreciation and amortisation

      69.7

      63.8

      Insurance Claims

      624.7

      Superannuation

      7,690.8

      Distributions from investment funds

      3,115.6

      Other

      36.4

      151.6

      Total own-source income

      348.4

      2,641.8

      Sale of goods and rendering of services

      82.4

      1.3

      Insurance premiums

      165.1

      Superannuation contributions

      1,068.0

      Interest and dividends

      1,407.3

      Gains on sale of investments

      152.1

      Rental Income

      76.8

      Other

      24.1

      13.1

      Net (cost of)/contribution to services

      (742.2)

      (8,851.4)

           

      Source: Finance’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.6.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      3,615.3

      49,433.9

      Cash and cash equivalents

      911.6

      Trade and other receivables

      121.8

      112.1

      Land and buildings (including investment properties)

      2,407.5

      278.0

      Property, plant and equipment

      67.2

      91.5

      Intangibles

      95.6

      0.3

      Investments

      48,491.0

      Other

      11.6

      461.0

      Total liabilities

      1,299.6

      142,505.9

      Suppliers

      45.5

      14.8

      Outstanding insurance claims

      641.1

      Employee provisions

      66.0

      317.4

      Return of equity

      57.1

      Superannuation provisions

      139,645.0

      Leases

      455.6

      262.9

      Other

      34.3

      2,265.8

      Net assets/(liabilities)

      2,315.6

      (93,071.9)

           

      Note: Finance’s estimated average staffing level for 2020–21 is 1,262.

      Source: Finance’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.6.7 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.6.3.

      Table 3.6.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      superannuation provision

      $139.6 billion

      Valuation of the non-Defence superannuation provision

      KAM

      Higher

      • complex calculation of each superannuation fund’s liability and sensitivity of each fund to demographic factors and other movements, such as salary growth and bond rates; and
      • reliance on the Commonwealth Superannuation Corporation for the processing of superannuation benefit payments and the provision of complete and accurate data to Finance’s actuary.

      Departmental

      insurance provision

      $641.1 million

      Valuation of the outstanding claims liability under the Australian Government’s

      self-managed general insurance fund

      KAM

      Higher

      • complex calculation based on assumptions that require significant judgement; and
      • reliance on the control environment of an external service provider for the effective management of the claims process.

      Departmental

      land and buildings (including investment properties)

      $2.4 billion

      Valuation of properties KAM

      Moderate

      • use of different valuation methods that require significant judgement on the selection of assumptions within the valuation models across a large portfolio of properties.
             

      Source: ANAO 2020–21 risk assessment, and Finance’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Audit results

      3.6.8 The ANAO has substantially completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: cash, appropriations, IT general controls, financial management and human resources.

      3.6.9 Audit procedures relating to the assessment of the valuations of the: superannuation provision; the insurance provision; and properties will be undertaken as part of the planned 2020–21 final audit.

      3.6.10 To date, our audit coverage has not identified any new significant or moderate audit findings.

      3.6.11 The following table summarises the status of audit findings reported by the ANAO in 2019–20 and 2020–21.

      Table 3.6.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      1

      1

      Total

      1

      1

               
      Resolved moderate audit finding
      Privileged user logging and monitoring

      3.6.12 Privileged user accounts (managed by the SDO) include powerful access to IT applications and networks for server administrators and database administrators. These accounts include access to applications and supporting databases which can be used to bypass security controls and make changes, either to system settings or directly to data. These accounts should be restricted to appropriate personnel, attributable to a single person, and activities should be logged and monitored.

      3.6.13 In 2019–20, the ANAO identified a number of weaknesses in the effectiveness of the SDO’s management of privileged users, including:

      • not all privileged users were subject to logging and monitoring controls; and
      • the post-activity review of privileged user activity was not always undertaken on a timely basis.

      3.6.14 The ANAO noted that the SDO has reviewed the appropriateness of each privileged account type and confirmed that all privileged accounts are logged and monitored in a timely manner. The SDO also performs routine checks on monitoring controls to gain its own assurance that these controls are operating effectively. Based on these observations, the finding has been resolved.

      Conclusion

      3.6.15 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Finance will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.7 Future Fund Management Agency

      Overview

      3.7.1 The Future Fund Board of Guardians supported by the Future Fund Management Agency (together the Future Fund) is responsible for investing the assets of the Future Fund under the Future Fund Act 2006. The Future Fund is also responsible for managing other investments funds on behalf of the Department of Finance, under the DisabilityCare Australia Fund Act 2013, the Medical Research Future Fund Act 2015, the Aboriginal and Torres Strait Islander Land and Sea Future Fund Act 2018, the Emergency Response Fund Act 2019, and the Future Drought Fund Act 2019, for the benefit of future generations of Australians.

      3.7.2 Figure 3.7.1 and Figure 3.7.2 show the 2020–21 departmental and administered financial statements items reported by Future Fund and the key areas of financial statements risk.

      Figure 3.7.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.7.1 shows Future Fund’s departmental estimated actuals for the year ended 30 June 2021 as per the 2020-21 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.7.3.

      Source: ANAO analysis and Future Fund’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Figure 3.7.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.7.2 shows Future Fund’s administered estimated actuals for the year ended 30 June 2021 as per the 2020-21 Portfolio Budget Statements, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.7.3.

      Source: ANAO analysis and Future Fund’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      3.7.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Future Fund’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Future Fund’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Future Fund, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.7.4 Future Fund does not have any appropriations and no appropriations are expected to be made by Parliament during the 2020–21 financial year. The Future Fund is self-funded, and does not rely on appropriations for the continuance of its operations.

      3.7.5 Table 3.7.1 and Table 3.7.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.7.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total expenses

      140.6

      440.1

      Employee benefits

      59.0

      0.9

      Suppliers

      69.4

      439.2

      Depreciation and amortisation

      11.0

      Other expenses

      1.2

      Total own-source income

      140.5

      11,530.9

      Interest and dividends

      4,198.3

      Other gains

      0.0

      7,332.6

      Other

      140.5

      Net (cost of)/contribution to services

      (0.1)

      11,090.8

           

      Source: Future Fund’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Table 3.7.2: Key assets and liabilities

      Assets and liabilities

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total assets

      94.2

      172,737.4

      Cash and cash equivalents

      0.0

      0.0

      Trade and other receivables

      28.8

      1,314.1

      Non-financial assets

      65.4

      Investments

      171,423.3

      Total liabilities

      94.3

      600.5

      Employee provisions

      11.1

      Suppliers payable

      9.4

      160.1

      Leases

      50.9

      Other

      22.9

      440.4

      Net assets/(liabilities)

      (0.1)

      172,136.9

           

      Note: Future Fund’s estimated average staffing level for 2020–21 is 198.

      Source: Future Fund’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Key areas of financial statements risk

      3.7.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.7.3.

      Table 3.7.3: Key areas of financial statements risk

      Relevant financial statement item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      Investments – Collective Investments

      (included in other investments $171.4 billion)

      Valuation of private market investments

      KAM

      Higher

      • The size of the investments and the inherent subjectivity and significant judgements and estimates required where market data is not available to determine the fair value of these investments.

      Administered

      Investments

      (included in other investments $171.4 billion)

      Valuation of public market investments

      Moderate

      • The size of the investments and the reliance on the valuation undertaken by the custodian.
             

      Source: ANAO 2020–21 risk assessment for the Future Fund and the Future Fund’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      3.7.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of the Future Fund:

      • Auditor-General Report No.32 Cyber Security Strategies of Non-Corporate Commonwealth Entities.

      3.7.8 The observations of this report were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement. As such, this performance audit did not have a significant impact on the audit approach to the financial statements.

      Audit results

      3.7.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to the management of investments; monitoring of service providers; and operational expenses incurred by the Future Fund.

      3.7.10 The valuation of investments, including the assessment of controls that reside within the outsourced custodian, will be completed as part of the 2020–21 final audit.

      3.7.11 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.7.12 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Future Fund will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.8 Department of Foreign Affairs and Trade

      Overview

      3.8.1 The Department of Foreign Affairs and Trade (DFAT) supports Australia’s foreign, trade and investment, development and international security policy priorities. DFAT is the lead agency managing Australia’s international presence and will lead efforts to maximise Australia’s security and prosperity through implementation of the Foreign Policy White Paper.88

      3.8.2 Figure 3.8.1 and Figure 3.8.2 show the 2020–21 departmental and administered financial statement items reported by DFAT and the key areas of financial statements risk.

      Figure 3.8.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.8.1 shows DFAT’s departmental estimated actuals for the year ended 30 June 2021 as per DFAT’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.8.3.

      Source: ANAO analysis and DFAT’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.8.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.8.2 shows DFAT’s administered estimated actuals for the year ended 30 June 2021 as per DFAT’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.8.3.

      Source: ANAO analysis and DFAT’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.8.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DFAT’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DFAT’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of DFAT, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.8.4 Annual appropriation funding of $1,888.3 million (departmental) and $4,362.1 million (administered) was provided to DFAT in 2020–21 to support the achievement of the entity’s outcomes.89 DFAT was also budgeted to receive special appropriation funding of $305.2 million.90

      3.8.5 Table 3.8.1 and Table 3.8.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.8.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      2,018.7

      4,671.9

      Employee benefits

      944.9

      Suppliers

      739.5

      Depreciation and amortisation

      319.6

      0.5

      International Development Assistance (IDA)

      3,397.6

      Multilateral replenishments

      446.5

      Other Contributions

      676.8

      Other

      14.7

      150.5

      Total own-source income

      169.5

      388.9

      Sale of goods and rendering of services

      121.7

      Fees and charges

      295.3

      Other

      47.8

      93.6

      Net (cost of)/contribution to services

      (1,849.2)

      (4,283.0)

           

      Source: DFAT’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.8.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      6,225.1

      3,381.3

      Cash and cash equivalents

      326.2

      8.2

      Trade and other receivables

      357.2

      42.6

      Multilateral Investments

      2,556.4

      Land and buildings

      4,852.0

      Property, plant and equipment

      411.2

      Other

      278.5

      774.2

      Total liabilities

      1,650.0

      2,104.1

      Suppliers payable

      91.2

      Multilateral replenishments payable

      1,866.0

      Other payables

      81.6

      144.4

      Leases

      1,183.0

      Employee provisions

      264.7

      93.7

      Other provisions

      29.5

      Net assets/(liabilities)

      4,575.1

      1,277.2

           

      Note: DFAT’s estimated average staffing level for 2020–21 is 5,881.

      Source: DFAT’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.8.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.8.3.

      Table 3.8.3: Table 3.8.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Departmental

      Land and buildings

      $4.9 billion

      Valuation of the department’s overseas property portfolio

      KAM

      Higher

      • subject to complex estimation and judgements affected by market conditions at overseas locations and foreign exchange adjustments;
      • variety of valuation methodologies applied; and
      • the management of overseas property is undertaken by a third party through contract arrangements.

      Departmental

      Revenue from sale of goods and rendering of services

      $121.7 million

      Accuracy of revenue for rental accommodation and other services provided to other Government entities at overseas posts

      Higher

      • multiple sources of revenue;
      • multiple memorandums of understanding with the respective departments, each of which may contain unique clauses; and
      • revenue is assessed based on attached agencies’ staffing profiles at post, agreed floor space and other factors, creating a degree of complexity in determining the correct revenue figure.

      Administered and departmental

      All financial statement line items

      Completeness and accuracy of financial information associated with overseas posts

      KAM

      Moderate

      • financial information is collected through decentralised operations at over 100 locations; and
      • locally engaged staff payments are subject to various employee conditions and benefits based on local laws and regulations.
             

      Source: ANAO 2020–21 risk assessment, and DFAT’s revised budget as reported in the 2020–21 Portfolio Additional Estimate Statements.

      3.8.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of DFAT:

      • Auditor-General Report No. 42 Fraud Control Arrangements in the Department of Foreign Affairs and Trade.

      3.8.8 The observations of this report were considered in designing audit procedures to address areas assessed as posing a lower risk of material misstatement. The audit team considered the findings of this report in evaluating the entity’s identification and management of fraud risks. There were no material changes to the planned audit approach compared to prior year as a result of the performance audit conducted.

      Audit results

      3.8.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: payroll processing and IT general controls in the Financial Management Information System; the Human Resource Management Information System; and the two International Aid Information Systems.

      3.8.10 Audit procedures relating to: valuation of land and buildings; departmental revenue; supplier expenses; and employee benefits (including financial information processed through international post locations) will be undertaken as part of the planned 2020–21 final audit.

      3.8.11 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.8.12 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that DFAT will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.9 Department of Health

      Overview

      3.9.1 The Department of Health (Health) is responsible for achieving the Australian Government’s health outcomes in the areas of: health system policy, design and Innovation; health access and support services; sport and recreation; individual health benefits; regulation, safety and protection; and ageing and aged care. This includes administering programs and services, such as Medicare and the Pharmaceutical Benefits Scheme, and forming partnerships with the states and territories as well as other stakeholders.

      3.9.2 Services Australia delivers approximately $61.9 billion of health related payments on behalf of Health. These payments primarily relate to Medicare Benefits Schedule, the Pharmaceutical Benefits Scheme, the Private Health Insurance Rebate and services funded under the Aged Care Act 1997.

      3.9.3 Figure 3.9.1 and Figure 3.9.2 show the 2020–21 departmental and administered financial statements items reported by Health and the key areas of financial statements risk.

      Figure 3.9.1: Key departmental financial statements items and areas of financial statements risk

      Figure 3.9.1 shows Health’s departmental estimated actuals for the year ended 30 June 2021 as per Health’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.9.3.

      Source: ANAO analysis and Health’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.9.2: Key administered financial statements items and areas of financial statements risk

      Figure 3.9.2 shows Health’s administered estimated actuals for the year ended 30 June 2021 as per Health’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.9.3.

      Source: ANAO analysis and Health’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.9.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Health’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Health’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Health, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.9.5 Annual appropriation funding of $914.0 million (departmental) and $14,655.8 million (administered) was provided to Health in 2020–21 to support the achievement of the entity’s outcomes.91 Health was also budgeted to receive special appropriation funding of $26.1 billion.92

      3.9.6 Table 3.9.1 and Table 3.9.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.9.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      1,045.3

      84,226.9

      Employee benefits

      512.9

      Suppliers

      410.2

      4,283.4

      Subsidies

      14,089.8

      Depreciation and amortisation

      115.7

      Personal benefits

      53,640.8

      Grants

      11,636.6

      Payments to corporate Commonwealth entities

      566.9

      Interest on right of use assets

      4.0

      Other

      2.5

      9.4

      Total own-source income

      214.9

      45,701.7

      Sale of goods and rendering of services

      210.3

      Other revenue & gains

      3.7

      407.1

      Recoveries

      3,462.9

      Interest

      14.8

      Other taxes

      24.8

      Special account transfers

      41,792.1

      Other

      0.9

      Net (cost of)/contribution to services

      (830.4)

      (38,525.2)

           

      Source: Health’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.9.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      1,070.3

      6,003.3

      Receivables

      99.6

      1,052.0

      Cash and cash equivalents

      119.2

      1,495.5

      Investments

      564.7

      Inventories

      2,891.1

      Land and buildings

      602.9

      Property, plant and equipment

      8.5

      Intangibles

      223.9

      Other

      16.2

      Prepayments

      Total liabilities

      884.0

      3,415.7

      Personal benefits payable

      1,503.0

      Subsidies payable

      79.1

      Suppliers payable

      72.2

      50.8

      Grants payable

      352.4

      Other payables

      30.9

      Personal benefits provision

      972.3

      Subsidies provision

      458.0

      Leases-Interest bearing

      586.5

      Employee payable

      13.8

      Employee provisions

      172.8

      Other

      7.9

      Net assets/(liabilities)

      186.3

      2,587.7

           

      Note: Health’s estimated average staffing level for 2020–21 is 3,954.

      Source: Health’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.9.7 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.9.3.

      Table 3.9.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      subsidies

      $14.1 billion

      Accuracy of Residential Care subsidies

      KAM

      Higher

      • payment of aged care subsidies to nursing home providers are based on Aged Care Funding Instrument assessments prepared by the same providers and involve judgements regarding the level of patient care.

      Administered

      personal benefits

      $53.6 billion

      Accuracy of personal benefit payments including medical benefits and pharmaceutical benefit payments

      KAM

      Higher

      • volume and complexity of health care payments with varying eligibility requirements; and
      • processed by Services Australia on complex IT systems.

      Administered

      recoveries

      $3.5 billion

      Completeness and accuracy of Pharmaceutical Benefits Scheme recovery revenue

      Moderate

      • manual calculation of complex information in spreadsheets; and
      • reliance on data sourced from the Services Australia and complex arrangements in place with pharmaceutical companies for recovery of expenditure.

      Administered

      personal benefits provisions

      $972.3 million subsidies provision

      $458.0 million

      Valuation of the Medical Indemnity and Medicare and Pharmaceuticals Outstanding Claims provisions

      KAM

      Higher

      • judgements over future claims and economic assumptions including discount rate and future claims that underpin the estimation indemnity provisions and rely on the quality of underlying data.

      Administered grants expense

      $11.64 billion

      Accuracy and occurrence of grant payments.

      Moderate

      • significant number of grant programs are administered by Health with different eligibility criteria.

      Administered Inventory and Prepayments

      $2.89 billion

      Accuracy, existence and completeness of inventory balances

      KAM

      Higher

      • significant increase in the purchasing activity of personal protective equipment and vaccines inventory resulting in the balance being material to the financial statements
      • higher number and wider variety of inventory items being managed raising the risk over accurate recording of the balance
      • complexity and management expertise required to assess and identify impaired or obsolete items.

      Departmental

      Revenue from contracts with customers

      $210.3 million

      Estimation of Revenue related to the Therapeutic Goods Administration

      Moderate

      • the estimation of revenue under the Therapeutic Goods Act (TGA) 1989 involves judgements and assumptions related to the assessment of registration and conformity fees.
             

      Source: ANAO 2020–21 risk assessment, and Health’s budgeted financial statements for the year ended 30 June 2021.

      3.9.8 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of Health:

      • Auditor-General Report No.32 Cyber Security Strategies of Non Corporate Commonwealth Entities.

      3.9.9 The results of the above report were considered in designing our audit procedures. No significant changes were made to the designed audit procedures for the financial statements audit.

      Audit results

      3.9.10 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: IT security and change management in the financial management information system and human resource management information system; cash and appropriations management; supplier expenses; assets; payroll processing; Therapeutic Goods Administration revenue; personal benefits; subsidies; and grant payments.

      3.9.11 Other areas of audit focus, including the compliance processing of Aged Care subsidies and Medicare payments, and an assessment of the valuation methodologies used to estimate the medical indemnity program and Medicare outstanding claims liability provisions, will be performed as part of 2020–21 final audit.

      3.9.12 To date, our audit coverage has not identified any new significant or moderate audit findings.

      3.9.13 The following table summarises the status of audit findings reported by the ANAO in 2019–20 and 2020–21.

      Table 3.9.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      2

      2

      Total

      2

               
      Unresolved moderate findings
      User Access Controls – Terminated Users

      3.9.14 During 2019–20 audit, the ANAO’s testing identified weaknesses in the Health’s security controls relating to terminated users where a number of users who retained access to Health’s financial management information system post termination and a small number of these had accessed the system to print, email and access Human Resources self-service post termination.

      3.9.15 During 2020–21 interim audit phase, the ANAO identified exceptions where user accounts remained active post termination, some of which appeared to have been logged on post termination dates. These exceptions are being investigated by Health and the finding remains unresolved during the 2020–21 interim audit phase.

      National Medical Stockpile – recording and management

      3.9.16 During the 2019–20 audit, the ANAO’s testing identified weaknesses in Health’s recording and management of the National Medical Stockpile (NMS). These included: the inventory management system supporting the NMS not being fit for purpose; absence of reconciliations between the Health FMIS and inventory records and financial reporting by product and location for the last quarter of the financial year; a number of errors in the manually entered excel inventory register; and lack of frequency in stock taking processes, delays in provisions of stock take methodology and timely resolution of stock take variation.

      3.9.17 Health is in process of developing a solution incorporating reconciliations between Health’s FMIS and warehouse vendor records and on a rolling program for stock take that best suits the nature of the stock pile.

      Conclusion

      3.9.18 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Health’s will be able to prepare financial statements that are free from material misstatement. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2020–21 final audit.

      3.10 Department of Home Affairs

      Overview

      3.10.1 The Department of Home Affairs (Home Affairs) coordinates policy and operations for Australia’s national and transport security, federal law enforcement, criminal justice, cyber security, border, immigration, multicultural affairs, emergency management and trade related functions.

      3.10.2 Figure 3.10.1 and Figure 3.10.2 show the 2020–21 departmental and administered financial statements items reported by Home Affairs and the key areas of financial statements risk.

      Figure 3.10.1: Key departmental financial statements items and areas of financial statements risk

      Home Affairs’ departmental estimated actuals for the year ended 30 June 2021 as per Home Affair’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.10.3.

      Source: ANAO analysis and Home Affairs’ revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.10.2: Key administered financial statements items and areas of financial statements risk

      Home Affairs’ administered estimated actuals for the year ended 30 June 2021 as per Home Affair’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.10.3.

      Source: ANAO analysis and Home Affairs’ revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.10.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Home Affairs’ financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Home Affairs’ environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Home Affairs, the ANAO has assessed the risk of a material misstatement as high.

      Key financial statements items

      3.10.4 Annual appropriation funding of $3,030.1 million (departmental) and $2,463.3 million (administered) was provided to Home Affairs in 2020–21 to support the achievement of the entity’s outcomes.93 Home Affairs was also budgeted to receive special appropriation funding of $512.6 million.94

      3.10.5 Table 3.10.1 and Table 3.10.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.10.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      3,307.4

      2,547.8

      Employee benefits

      1,554.5

      Suppliers

      1,136.3

      2,047.9

      Depreciation and amortisation

      588.8

      109.2

      Personal benefits

      184.1

      Other

      27.8

      206.6

      Total own-source income

      256.3

      20,976.8

      Sale of goods and rendering of services

      243.1

      83.2

      Customs duty

      18,804.5

      Other taxes

      2,053.2

      Other

      13.2

      35.9

      Net (cost of)/contribution to services

      (3,051.1)

      18,429.0

           

      Source: Home Affairs’ 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.10.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      3,940.3

      1,196.1

      Cash and cash equivalents

      7.5

      146.8

      Trade and other receivables

      464.7

      89.3

      Taxation receivables

      177.2

      Land and buildings

      2,074.0

      582.5

      Property, plant and equipment

      767.6

      192.5

      Intangibles

      517.7

      0.5

      Other

      108.8

      7.3

      Total liabilities

      2,798.6

      438.4

      Employee provisions

      516.4

      Payables

      257.6

      416.4

      Leases

      1,974.8

      9.8

      Other

      49.8

      12.2

      Net assets/(liabilities)

      1,141.7

      757.7

           

      Note: Home Affairs’ estimated average staffing level for 2020–21 is 14,632.

      Source: Home Affairs’ 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.10.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.10.3.

      Table 3.10.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      customs duty revenue

      $18.8 billion

      customs duty (a component of taxation receivable

      $177.2 million)

      Completeness and accuracy of customs duty collections and refunds

      KAM

      Higher

      • the significant value of customs duty revenue;
      • the self-assessment nature of the import declaration process;
      • reliance on compliance risk management processes over the completeness of revenue; and
      • the complexity of the information technology (IT) environment used to manage customs duty.

      Administered

      visa application charges (a component of other taxes)

      $2.1 billion

      Completeness and accuracy of the collection of visa revenue

      KAM

      Higher

      • the significant value of visa application charges;
      • the decentralised approach to the collection of visa revenue which occurs in a number of locations domestically and internationally, using a number of payment mechanisms; and
      • the complexity of the IT environment used to collect and process visa application charges.

      Administered

      services rendered – detention (component of supplier expenses)

      $2.0 billion

      Accuracy of detention and regional processing centres expenses

      KAM

      Higher

      • the significance of expenses and complexity of contracts associated with managing the detention and regional processing centres; and
      • the variability of the costs associated with administering the detention and regional processing network, as the level of expenses is dependent on the rate of arrival and detention of these people.

      Administered

      SRSS personal benefits expenses (a component of personal benefits expenses)

      $184.1 million

      Completeness and accuracy of payments of personal benefits under the Status Resolution Support Services (SRSS) program

      Moderate

      • complex eligibility criteria for the categories of allowable personal benefits;
      • payments are made under
      • third-party arrangements with Services Australia and other providers; and
      • the self-assessment nature of the personal benefits process.

      Administered

      non-financial assets relating to detention and regional processing centres (i.e. excluding computer software and prepayments)

      $774.9 million

      Valuation of detention and regional processing centres

      Moderate

      • the complexity of performing valuations in a range of markets given the geographically dispersed land, buildings and equipment including assets located overseas; and
      • the financial implications of the closure of regional processing centres.

      Departmental

      employee benefits expense

      $1.6 billion

      employee provisions

      $516.4 million

      Completeness and accuracy of employee entitlements

      Moderate

      • selected Home Affairs staff are entitled to a range of allowances, subject to a number of conditions; and
      • staff are located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations.

      Administered and Departmental

      Multiple financial statement line items

      Completeness and accuracy of financial information associated with overseas posts

      Moderate

      • decentralised nature of operations and controls; and
      • managed under third party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission (Austrade).
             

      Source: ANAO 2020–21 risk assessment, and Home Affairs’ revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Audit results

      3.10.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: collection of customs duty revenue and visa application revenue; the management of the onshore immigration detention centres and overseas regional processing centres; and accounting for employee entitlements.

      3.10.8 Interim audit coverage has also included an assessment of IT general controls, including security and change management processes relevant to the financial management information system and human resources management information system.

      3.10.9 Audit procedures relating to: payment of personal benefits; reporting of overseas transactions; IT application controls; and testing the processes identified above for the remainder of the financial year will be undertaken as part of the 2020–21 final audit.

      3.10.10 To date, our audit coverage has not identified any new significant or moderate audit findings.

      3.10.11 The following table summarises the status of audit findings reported by the ANAO in 2020–21.

      Table 3.10.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      2

      2a

      Total

      2

      2

               

      Note a: The moderate audit issues relating to Management of Staff Leave and Visa and Citizenship Quality Management have been downgraded to minor audit findings.

      Resolved moderate audit findings
      Management of staff leave

      3.10.12 During 2019–20, the ANAO undertook targeted assurance activities over the management of staff leave within Home Affairs. The activities were performed to facilitate an assessment of compliance of the management of leave accruals, and balances with human resource policies and requirements.

      3.10.13 The 2019–20 audit identified Home Affairs leave policy had not been updated to include current leave information or the requirements and conditions under the 8 February 2019 Department of Home Affairs Workplace Determination 2019. Further, the audit identified a number of instances of non-compliance with, and inconsistencies in the application of, Home Affairs’ staff leave policies and procedures. The ANAO concluded that the control weaknesses posed potential moderate business and financial reporting risks.

      3.10.14 At the conclusion of the 2020–21 interim audit, the ANAO has confirmed that Home Affairs has: updated leave polices to include current leave information or the requirements and conditions under the 8 February 2019 Department of Home Affairs Workplace Determination 2019; enhanced its Policy and Procedural Control Register; communicated to staff and supervisors the importance of compliance with policies; and strengthened monitoring and reporting controls, including the enhancement of Executive Dashboard reporting.

      3.10.15 While Home Affairs is continuing to implement strategies to increase compliance by employees and mature its monitoring and reporting controls to facilitate targeted responses for non-compliance, the ANAO has concluded that this no longer poses a moderate business and financial reporting risk to Home Affairs. The audit issue has been downgraded to a minor audit issue.

      Visa and Citizenship Quality Management

      3.10.16 Home Affairs established a Secretary Instruction and Quality Management Policy to mandate regular quality assurance reviews to improve consistency in decision making and ensure the effective identification and management of emerging business risks relating to the assessment and issuance of visas and citizenship. Consistent with this Instruction and Policy, a Visa and Citizenship Quality Management Framework was established in 2014.

      3.10.17 The 2018–19 audit identified certain content in the existing framework document was out of date, there was significant non-compliance with the required quality assurance sample rates, reporting relating to the outcome of quality assurance management was suspended between January and June 2019 and Home Affairs was not able to demonstrate sufficient reporting of the matter to either the Executive or Audit Committee. The ANAO concluded that the control weaknesses posed potential significant business risks but did not impact the calculation and recognition of visa revenue in the financial statements.

      3.10.18 At the conclusion of the 2020–21 interim audit, the ANAO has confirmed Home Affairs has continued to address the recommendations. In particular Home Affairs has:

      • implemented a revised assurance framework and an assurance activity procedural instruction and progressed the development of a program management policy statement and program management plans;
      • mapped program level controls and assessed the maturity of controls to facilitate targeted strengthening of controls;
      • established compliance with required sample rates across programs and a significant proportion of locations;
      • completed system enhancements and undertaken a post implementation review; and
      • established regular reporting and monitoring controls, including reporting to the Executive and Audit and Risk Committee.

      3.10.19 While Home Affairs finalises particular initiatives and matures others, the ANAO has concluded that this audit issue no longer poses a moderate business risk. The audit issue has been downgraded to a minor audit issue.

      Conclusion

      3.10.20 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Home Affairs will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.11 Department of Industry, Science, Energy and Resources

      Overview

      3.11.1 The Department of Industry, Science, Energy and Resources (Industry) is responsible for supporting science and commercialisation; growing business investment and improving business capability; developing northern Australia; streamlining regulation; developing and implementing a national response to climate change; improving Australia’s energy supply, efficiency, quality, performance and productivity; and facilitating the growth of small and family business.

      3.11.2 Industry offers a grants hub and shared service centre which provides other Commonwealth entities with administrative support including grants administration and payments processing, human resources and financial transactions processing and the provision of management information systems supporting these processes.

      3.11.3 Figure 3.11.1 and Figure 3.11.2 show the 2020–21 departmental and administered financial statement items reported by Industry and the key areas of financial statements risk.

      Figure 3.11.1: Key departmental financial statements items and areas of financial statements risk

      Industry’s departmental estimated actuals for the year ended 30 June 2021 as per as Industry’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.11.3.

      Source: ANAO analysis and Industry’s revised budget as reported in the 2020-–21 Portfolio Additional Estimates Statements.

      Figure 3.11.2: Key administered financial statements items and areas of financial statements risk

      Industry’s administered estimated actuals for the year ended 30 June 2021 as per as Industry’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.11.3.

      Source: ANAO analysis and Industry’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.11.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Industry’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Industry’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Industry, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.11.5 Annual appropriation funding of $651.3 million (departmental) and $2,018.4 million (administered) was provided to Industry in 2020–21 to support the achievement of the entity’s outcomes.95 Industry was also budgeted to receive special appropriation funding of $533.2 million.96

      3.11.6 Table 3.11.1 and Table 3.11.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.11.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      743.0

      3,021.3

      Employee benefits

      370.9

      7.7

      Suppliers

      294.4

      305.0

      Depreciation and amortisation

      67.0

      2.7

      Write-down and impairment of assets

      Subsidies

      20.2

      Grants

      6.9

      839.6

      Payments to corporate Commonwealth entities

      1,687.1

      Finance costs

      3.7

      159.0

      Other

      0.1

      0.0

      Total own-source income

      88.9

      639.1

      Royalties

      419.8

      Sale of goods and rendering of services

      75.9

      Other

      13.0

      219.3

      Net (cost of)/contribution to services

      (654.1)

      (2,382.2)

           

      Source: Industry’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.11.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      673.9

      26,299.8

      Cash and cash equivalents

      28.4

      6,015.9

      Investments

      19,692.1

      Trade and other receivables

      125.1

      448.1

      Land and buildings

      384.0

      3.2

      Property, plant and equipment

      52.0

      0.2

      Other

      84.4

      140.3

      Total liabilities

      474.6

      131.5

      Leases

      286.5

      1.4

      Suppliers

      46.6

      23.5

      Employee provisions

      128.7

      2.1

      Grants payable

      0.6

      30.1

      Other

      12.2

      74.4

      Net assets/(liabilities)

      199.3

      26,168.3

           

      Note: Industry’s estimated average staffing level for 2020–21 is 3,096.

      Source: Industry’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.11.7 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.11.3.

      Table 3.11.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      royalties revenue

      $419.8 million

      accrued revenue

      Completeness and accuracy of offshore petroleum and uranium royalties

      KAM

      Higher

      • reliance on data reporting and administrative functions performed by third parties, including state and foreign governments and other federal government agencies; and
      • calculations are dependent on information provided by taxpayers in a self-assessment regime.

      Departmental

      own-source income

      $88.9 million

      Completeness and accuracy of Industry’s other revenue streams

      Higher

      • diversity of revenue streams;
      • reliance on manual calculations to quantify some revenue amounts; and
      • cash based transactions.

      Administered

      investments

      (a component of other investments)

      $10.3 billion

      Valuation of the Australian Government’s investment in Snowy Hydro Ltd

      KAM

      Higher

      • a unique asset that is not readily traded in the open market, subject to complex estimation and significant judgement relating to forecasts of future cash flows.

      Administered

      grants expense

      $839.6 million

      grants payable $30.1 million

      Accuracy, occurrence and completeness of grant payments

      Moderate

      • significant number of individual grant programs which operate under separate grant agreements and are subject to different eligibility criteria; and
      • reliance on third party acquittals to confirm validity of grant payments.

      Ranger Rehabilitation Security Funds

      (Special Account)

      $530.8 million

      Valuation of the Ranger Rehabilitation Security and accuracy of cost of rehabilitation works

      Moderate

      • complexity of the valuation;
      • judgement involved in the valuation; and
      • reliance on data provided by third parties.
             

      Source: ANAO 2020–21 risk assessment, and Industry’s budgeted financial statements for the year ended 30 June 2021.

      Audit results

      3.11.8 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to employee and supplier expenditure; appropriations and special accounts; and asset and cash management. As part of the interim audit coverage, the ANAO has also assessed controls relating to selected departmental and administered revenue streams, grant and subsidy payments and IT general and applications controls for key financial systems.

      3.11.9 Audit procedures relating to the completeness and accuracy of royalties; and valuation of the administered investment (including Snowy Hydro Limited) and Ranger Rehabilitation Security Funds will be undertaken as part of the planned 2020–21 final audit.

      3.11.10 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.11.11 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Industry will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.12 Snowy Hydro Limited

      Overview

      3.12.1 Snowy Hydro Limited (Snowy Hydro) is a government business enterprise. The primary business includes energy generation activities to supply the National Electricity Market (NEM) and operating as a retail energy provider to over 1.1 million customers through the Red Energy and Lumo Energy brands. Snowy Hydro’s energy generation capacity of 5,500 megawatts supplies New South Wales, Victoria and South Australia, primarily through the generating capacity of the Snowy Mountains hydroelectric scheme. Snowy Hydro is currently progressing Snowy 2.0, a pumped hydro project that will add 2,000 megawatts of on-demand generation and 175 hours of large-scale storage capability to the existing Snowy scheme.

      3.12.2 Figure 3.12.1 shows the 2019–20 financial statements items reported by Snowy Hydro and the key areas of financial statements risk.

      Figure 3.12.1: Key financial statements items and areas of financial statements risk

      Snowy Hydro’s financial statements for the year ended 30 June 2020, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.12.3.

      Source: ANAO analysis and Snowy Hydro’s financial statements for the year ended 30 June 2020.

      3.12.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Snowy Hydro’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Snowy Hydro’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Snowy Hydro, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.12.4 Snowy Hydro does not receive any annual appropriation funding. The operational functions of Snowy Hydro are primarily funded through own source income. The primary income sources for Snowy Hydro are retail revenue which arises from the supply of electricity and gas to customers through the Red and Lumo energy brands and wholesale revenue arising from the generation and supply of electricity to the NEM. Snowy Hydro is accessing a mix of private debt funding and equity injections from the Australian Government to fund the construction and delivery of the Snowy 2.0 project.

      3.12.5 Table 3.12.1 and Table 3.12.2 provide a summary of the key 2019–20 audited financial statements items.

      Table 3.12.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Actual

      ($m) 2019–20

      Total expenses

      2,593.8

      Direct costs of revenue

      1,767.7

      Changes in the fair value of financial instruments

      204.4

      Depreciation and amortisation

      150.7

      Employee benefits

      210.1

      Impairment loss on trade receivables

      30.1

      Net finance costs

      43.5

      Other

      187.3

      Total income

      2,709.8

      Revenue

      2,697.3

      Other income

      12.5

      Profit/loss before income tax

      116.0

      Income tax expense

      34.8

      Profit/loss before after income tax

      81.2

         

      Source: Snowy Hydro’s 2019–20 audited financial statements.

      Table 3.12.2: Key assets and liabilities

      Assets and liabilities

      Actual

      ($m) 2019–20

      Total assets

      4,912.9

      Cash and cash equivalents

      100.8

      Trade and other receivables

      395.6

      Other financial assets

      266.1

      Deferred tax assets

      308.3

      Property, plant and equipment

      2,974.0

      Goodwill and other intangible assets

      561.3

      Other

      306.8

      Total liabilities

      3,162.9

      Trade and other payables

      341.6

      Interest bearing liabilities

      1,898.7

      Other financial liabilities

      781.1

      Other

      141.5

      Net assets/(liabilities)

      1,750.0

         

      Note: Snowy Hydro’s staffing level at 30 June 2020 was 1,782 (including non-ongoing contractors).

      Source: Snowy Hydro’s 2019–20 audited financial statements.

      Key areas of financial statements risk

      3.12.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.12.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

      Table 3.12.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Other financial assets

      $266.1 million

      other financial liabilities

      $781.1 million

      decrease in the fair value of financial instruments

      $204.4 million

      decrease in other comprehensive income

      $201.3 million

      Valuation of financial instruments

      KAM

      Higher

      • increased level of management judgement required to determine fair value of derivative contracts which are underpinned by complex data models to calculate financial instrument values;
      • valuation process requires the use of observable and unobservable inputs to calculate fair value. The nature and uniqueness of some energy market derivatives recognised by Snowy Hydro requires an increased level of judgement to determine unobservable valuation model inputs; and
      • the valuation of financial instruments is sensitive to inputs such as electricity prices, electricity supply volumes and market data such as interest and exchange rates. Some of the inputs continue to be impacted by the economic effects of the COVID-19 pandemic.

      Property, Plant and Equipment

      (a component of $1.1 billion construction in progress)

       

      Capitalisation of work in progress for Snowy 2.0

      KAM

      Higher

      • Snowy 2.0 is a complex infrastructure project delivered over a number of financial periods; and
      • judgement applied by Snowy Hydro in determining which costs associated with project establishment and delivery meet the relevant technical requirements for capitalisation.

      Trade and other receivables

      $433.5 million

      Allowance for doubtful debts

      $40.4 million

      Completeness and accuracy of the impairment of retail debtors

      KAM

      Higher

      • level of judgement applied by management in determining the estimate of expected life time credit loss on trade and other receivables. The estimation of credit losses continues to be impacted by the economic impact of the COVID-19 which contributed to increased estimation uncertainty.

      Unbilled revenue receivable

      $247.0 million

      Valuation and existence of unbilled retail revenue

       

      Higher

      • estimation required due to services supplied but not yet billed arising from timing of electricity meter reads for customers and the date of preparing the financial statements; and
      • estimation process involves increased management judgement underpinned by a complex data model with a number of inputs, significant number of customers and data sources.

      Capitalised customer acquisition costs

      $110.2 million

      amortisation

      $40.8 million

      Valuation of customer acquisition costs

      Moderate

      • level of management judgement applied in determining which costs outlaid to acquire retail customers meet relevant technical requirements for capitalisation; and
      • complexity of estimation process and judgement applied to determine an appropriate amortisation rate reflective of the expected time a customer will continue to procure services from Snowy Hydro.

      Environmental certificate assets

      $70.5 million

      Valuation of renewable energy certificates

      Higher

      • increased level of judgement applied by Snowy Hydro in determining the appropriate accounting treatment for renewable energy certificates and the valuation at balance date.

      Intangible assets – goodwill

      $383.2 million

      Valuation and impairment of non-financial assets

      Moderate

      • the impairment estimation process is complex due to the nature of the judgements made in the impairment model which requires assumptions to be made related to future cash flows for Snowy Hydro’s two cash generating units (retail and generation activities) and discount rates applied.
             

      Source: ANAO 2020–21 risk assessment, and Snowy Hydro’s audited financial statements for the year ended 30 June 2020.

      Audit results

      3.12.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: retail and generation billing revenue and receivables, purchases to pay, treasury, renewable energy certificates, financial reporting and payroll.

      3.12.8 Audit procedures relating to: IT General and Application controls (where appropriate), assessment of controls relating to non-financial assets and substantive testing on all material financial statements line items will be undertaken as part of the planned 2020–21 final audit. This will include audit procedures to test material accounting estimates made by Snowy Hydro (and relating to the key areas of financial statements risk) including accuracy of the valuation of financial instruments, capitalised customer acquisition costs, unbilled electricity revenue receivable, renewable energy certificates, goodwill and impairment of trade and other receivables.

      3.12.9 Snowy Hydro has identified potential investments in gas fired electricity generation to supply the NEM and is undertaking detailed business case analysis and planning. Any decision to proceed with this project prior to 30 June 2021 will require revision to the planned audit approach.

      3.12.10 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.12.11 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Snowy Hydro will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.13 Department of Infrastructure, Transport, Regional Development and Communications

      Overview

      3.13.1 The Department of Infrastructure, Transport, Regional Development and Communications (Infrastructure) is responsible for improving infrastructure across Australia through funding coordination of transport and other infrastructure; providing an efficient, sustainable, competitive and safe transport system for all transport users; strengthening the sustainability, capacity and diversity of regional economies providing advice on population policy; implementing the national policy on cities; promoting an innovative and competitive communications sector; participation in and access to Australia’s arts and culture through developing and supporting cultural expression; and supporting governance arrangements in the Australian territories.

      3.13.2 Infrastructure continues to provide support to the aviation, creative arts and regional communities impacted by the economic impact of COVID-19. This support is through the provision of direct financial assistance in the form of subsidy and grant payments.

      3.13.3 Figure 3.13.1 and Figure 3.13.2 show the 2020–21 departmental and administered financial statements items reported by Infrastructure and the key areas of financial statements risk.

      Figure 3.13.1: Key departmental financial statements items and areas of financial statements risk

      Infrastructure’s departmental estimated actuals for the year ended 30 June 2021 as per Infrastructure’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.13.3.

      Source: ANAO analysis and Infrastructure’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.13.2: Key administered financial statements items and areas of financial statements risk

      Infrastructure’s administered estimated actuals for the year ended 30 June 2021 as per Infrastructure’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.13.3.

      Source: ANAO analysis and Infrastructure’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.13.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Infrastructure’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Infrastructure’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Infrastructure, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.13.5 Annual appropriation funding of $397.1 million (departmental) and $6,901.2 million (administered) was provided to Infrastructure in 2020–21 to support the achievement of the entity’s outcomes.97 Infrastructure was also budgeted to receive special appropriation funding of $1,746.7 million.98

      3.13.6 Infrastructure also administer the assessment and oversight functions for national partnership payments on behalf of the Department of the Treasury relating to road, rail and water infrastructure investment projects. Whilst these payments to State and Territory Governments are recorded in the Treasury financial statements, the project approval, advice to Government, milestone assessment, project monitoring and analysis processes are undertaken by Infrastructure. Expenses for these projects are estimated to be $9,016.2 million in 2020–21.99

      3.13.7 Table 3.13.1 and Table 3.13.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.13.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      402.5

      9,716.1

      Employee benefits

      236.3

      17.2

      Suppliers

      118.4

      732.2

      Depreciation and amortisation

      36.5

      57.9

      Grants

      8.4

      5,217.0

      Subsides

      1,616.5

      Payments to corporate Commonwealth entities

      2,060.4

      Other

      2.9

      14.8

      Total own-source income

      12.7

      1,222.5

      Sale of goods and rendering of services

      3.6

      21.1

      Fees and fines

      152.7

      Interest

      821.2

      Other

      9.1

      227.5

      Net (cost of)/contribution to services

      (389.8)

      (8,493.6)

           

      Source: Infrastructure’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.13.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      387.6

      52,506.2

      Cash and cash equivalents

      11.6

      27.1

      Trade and other receivables

      129.2

      18,507.0

      Financial assets

      1.0

      77.4

      Other investments

      33,008.8

      Land and buildings

      139.5

      238.3

      Property, plant and equipment

      25.7

      458.8

      Other

      80.6

      188.8

      Total liabilities

      230.0

      715.2

      Suppliers

      31.5

      468.3

      Subsidies

      113.8

      Grants

      43.6

      Interest Bearing Liabilities (Leases)

      116.7

      Employee provisions

      73.6

      4.0

      Other

      8.2

      85.5

      Net assets/(liabilities)

      157.6

      51,791.0

           

      Note: Infrastructure’s estimated average staffing level for 2020–21 is 1,598.

      Source: Infrastructure’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.13.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.13.3.

      Table 3.13.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      investments – NBN Co Limited

      (a component of $33.0 billion other investments)

       

      Valuation of the Australian Government’s investment in NBN Co Limited

      KAM

      Higher

      • valuations are subject to a complex and specialised estimation process using a discounted cash flow model which was implemented for the first time at 30 June 2020. Governance arrangements supporting the valuation are maturing;
      • the valuation model is characterised by increased complexity and application of management judgement. The use of this model requires Infrastructure to make significant judgements in the selection of assumptions and inputs, such as projected future cash flows, revenue and expenditure growth, technological developments, future consumer behaviour and market competition, weighted average cost of capital, terminal values and discount rates that are based on primarily unobservable data. The resultant outcome is that the valuation is sensitive to incremental changes in these assumptions and results in a larger valuation range; and
      • the significance of the balance of the investment in NBN Co Limited to the Australian Government’s financial statements.

      Administered

      investments – Australian Postal Corporation, Australian Rail Track Corporation and Airservices Australia

      (component of $33.0 billion other investments)

       

      Valuation of the Australian Government’s investment in the Australian Postal Corporation, Australian Rail Track Corporation and Airservices Australia

      KAM

      Higher

      • valuations are subject to complex estimation processes using a discounted cash flow valuation model. The use of this model requires Infrastructure to make significant judgements in the selection of assumptions and inputs, such as estimated future cash flows, weighted average cost of capital, terminal values and discount rates that are based on primarily unobservable data. Small changes in some key inputs can have a material impact on the valuation outcome;
      • level of estimation uncertainty created in the estimation of future cash flows, as noted above, due to the economic impacts of the COVID-19 situation, particularly on the revenue generating activities of each entity, specifically Airservices Australia given the exposure of revenues to international travel and Australia Post due to the exposure to increased parcel volumes and e-commerce activity; and
      • judgement applied in determining the appropriate valuation approach for the Australian Rail Track Corporation due to the construction and delivery of the significant Inland Rail project being undertaken by the company.

      Administered advances and loans

      (component of $18.5 billion receivables)

      loan interest revenue

      $821.2 million

      Recognition and measurement of loans and advances

      KAM

      Moderate

      • the significance of the balance of the loans administered by Infrastructure, mainly the
      • $19.5 billion facility available to NBN Co Limited, and the $2.0 billion facility available to the proponents of the Westconnex Motorway project;
      • level of management judgement involved in calculating expected credit losses including the recoverability of the loans at balance date (particularly determining whether any deterioration in credit quality of loan recipients has occurred); and
      • complexity of the valuation and required calculations for loan balances which have concessional terms, including the level of estimation required to determine the appropriate market rate for the concessional component of new loans.

      Administered

      grants expense

      $5.2 billion

      grants payable $43.6 million

      Occurrence of grant expenses

      Moderate

      • complex, significant and diverse range of grant programs that include a number of different administrative and legislative arrangements and conditions which impact payments; and
      • level of subjectivity and judgement applied in determining whether a recipient meets eligibility and funding milestone requirements.

      National Partnership Payments

      ($9.0 billion as reported as grants expenses by the Department of the Treasury)

      Occurrence of National Partnership Payment expenses

      Moderate

      • complex and financially significant programs subject to detailed legislative conditions; and
      • level of subjectivity and judgement applied in determining whether a recipient meets eligibility and funding milestone requirements.

      All financial statement line items

      Accuracy, completeness and validity of data transferred from the former Department of Communications and Arts (Communications) Financial Management Information System (FMIS) and Human Resources Management Information System (HRMIS) on 1 July 2020

      Moderate

      • process to transfer complete and accurate data to the Infrastructure FMIS for non-financial assets, accounts payable and accounts receivable increases the complexity of the financial statements preparation process; and
      • complexity of the process to transfer employee payroll, service and leave entitlement data to the Infrastructure HRMIS in order to record complete and accurate employee benefits expenses and leave provisions.
             

      Source: ANAO 2020–21 risk assessment and Infrastructure’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.13.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of Infrastructure:

      • Auditor-General Report No. 9 Purchase of the Leppington Triangle for the Future Development of the Western Sydney Airport.

      3.13.10 The findings made in this report have been considered in the ANAO’s overall assessment of the risk of material misstatement in the 2020–21 financial statements audit, particularly in relation to revising audit procedures to be performed on the acquisition and disposal of non-financial assets.

      Audit results

      3.13.11 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: cash and cash equivalents; accounting for non-financial assets; appropriations and special accounts; grant expenses; loans and advances; subsidies (including aviation COVID-19 support programs); supplier expenses; administered revenue; and employee payroll. Interim coverage also included procedures to address the risks identified in Table 3.13.3 in relation to the completeness and accuracy of the transfer of data from the former Communications HRMIS and FMIS to the Infrastructure FMIS and HRMIS on 1 July 2020. Interim audit coverage has also included an assessment of IT general controls (including security and change management processes relevant to the financial management information systems and human resources management information system).

      3.13.12 Audit procedures relating to: the valuation of administered investments; accuracy of subsidy claims for the Tasmanian Freight Equalisation Scheme and Regional Broadband Scheme; valuation of other assets including non-financial assets; and loans and advances will be undertaken as part of the planned 2020–21 final audit.

      3.13.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2020–21 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.13.14 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Infrastructure will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.14 Australian Postal Corporation

      Overview

      3.14.1 The Australian Postal Corporation (Australia Post) is a government business enterprise responsible for supplying postal services to Australia including the distribution of letters and parcels in Australia and internationally.

      3.14.2 Figure 3.14.1 shows the 2019–20 financial statements items reported by Australia Post and the key areas of financial statements risk.

      Figure 3.14.1: Key financial statements items and areas of financial statements risk

      Australia Post’s financial statements for the year ended 30 June 2020, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.14.3.

      Source: ANAO analysis and Australia Post’s financial statements for year ended 30 June 2020

      3.14.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Australia Post’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items, Australia Post’s environment and governance arrangements, together with its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Australia Post, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.14.4 Australia Post does not receive annual appropriation funding. The operational functions of Australia Post are funded from the following revenue sources: parcel services; mail services; retail; agency and other services. Australia Post pays a dividend to the Commonwealth from its profit after income tax.

      3.14.5 Table 3.14.1 and Table 3.14.2 provide a summary of the key 2019–20 audited financial statements items.

      Table 3.14.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Actual

      ($m) 2019–20

      Total expenses

      7,456.3

      Employee benefits

      3,297.7

      Suppliers

      3,508.2

      Depreciation and amortisation

      466.5

      Other

      173.2

      Total own-source income

      7,499.2

      Goods and services

      7,389.6

      Other

      109.6

      Profit before income tax

      53.6

      Income tax (expense)/benefit

      (10.7)

      Profit after income tax

      42.9

         

      Source: Australia Post’s audited financial statements for the year ended 30 June 2020.

      Table 3.14.2: Key assets and liabilities

      Assets and liabilities

      Actual

      ($m) 2019–20

      Total assets

      6785.3

      Cash and cash equivalents

      775.3

      Trade and other receivables

      786.9

      Property, plant and equipment

      1,784.2

      Intangible assets

      708.5

      Investment property

      161.8

      Net superannuation

      626.9

      Deferred tax assets

      653.1

      Right of use assets

      1,032.2

      Other

      256.4

      Total liabilities

      4,582.2

      Trade and other payables

      1,055.0

      Employee provisions

      1,032.5

      Interest bearing liabilities

      717.3

      Deferred tax liabilities

      579.2

      Lease Liabilities

      1,130.9

      Other

      67.3

      Net assets/(liabilities)

      2,203.1

         

      Note: Australia Post’s 2019–20 staffing level was is 34,998.

      Source: Australia Post’s Annual Report 2020 and audited financial statements for the year ended 30 June 2020.

      Key areas of financial statements risk

      3.14.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.14.3.

      Table 3.14.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Goods and services income

      $7.4 billion

      Unearned postage revenue

      $92.2 million

      (a component of $1.1 billion trade and other payables)

      Recognition of Revenue

      Cut off and accuracy of goods and services revenue and the valuation of unearned postage revenue

      KAM

      Higher

      • the judgement and assumptions used to estimate the amount of revenue to be deferred for stamps sold but not yet used;
      • the judgement required in the selection and application of accounting policies for new and diverse revenue streams; and
      • the complexity of contracts and arrangements entered into where they include multiple performance obligations and volume targets which affects the contracted price

      Intangible assets goodwill

      $507.7 million

      (a component of $708.5 intangible assets)

      Valuation and impairment of goodwill and indefinite life intangible assets

      KAM

      Moderate

      • the estimation process is complex and judgemental and includes assumptions related to future cash flows and discount rates.

      Net superannuation asset

      $626.9 million

      Valuation of the Australia Post Superannuation Scheme KAM

      Moderate

      • the complexity of the valuation including the sensitivity of the economic and demographic assumptions supporting the calculation.
             

      Source: ANAO 2019–20 audit results, and Australia Post’s audited financial statements for the year ended 30 June 2020.

      Audit results

      3.14.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: cash and cash equivalents; trade receivables; and property, plant and equipment. Interim coverage also included an assessment of the IT general controls and IT application controls of key systems supporting the financial statements. In addition, an assessment of the effectiveness of non-system controls relating to sales revenue, employee expenses and trade and other payables has also been completed.

      3.14.8 Audit procedures relating to all key areas of audit focus, including the valuation of the Australia Post Superannuation Scheme and the valuation of intangible assets, will be undertaken as part of the 2020–21 final audit.

      3.14.9 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings.

      Conclusion

      3.14.10 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Australia Post will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.15 NBN Co Limited

      Overview

      3.15.1 The primary objective of NBN Co Limited (NBN Co) is to provide wholesale services to internet service providers. NBN Co is a government business enterprise incorporated under the Corporations Act 2001.

      3.15.2 Figure 3.15.1 shows the 2019–20 financial statement items reported by NBN Co and the key areas of financial statements risk.

      Figure 3.15.1: Key financial statements items and areas of financial statements risk

      NBN’s financial statements for the year ended 30 June 2020, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.15.3.

      Source: ANAO analysis and NBN Co’s financial statements for the year ended 30 June 2020.

      3.15.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on NBN Co’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of NBN Co’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of NBN Co, the ANAO has assessed the risk of a material misstatement as high.

      Key financial statements items

      3.15.4 The operational functions of NBN Co are funded from the committed equity funding of $29.5 billion from the Australian Government as well as a loan agreement between the Australian Government and NBN Co of up to $19.5 billion, which matures in June 2024. NBN Co Limited continues to focus on raising private debt. In addition to the $6.1 billion facilities secured in 2019–20, NBN Co Limited has raised additional facilities of $4.0 billion to 31 December 2020, including $1.6 billion in Australian Medium Term Notes.

      3.15.5 Table 3.15.1 and Table 3.15.2 provide a summary of the key 2019–20 audited financial statements items.

      Table 3.15.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Actual

      ($m) 2019–20

      Total expenses

      9,099.0

      Subscriber costs

      2,414.0

      Depreciation and amortisation

      3,154.0

      Employee benefits

      877.0

      Direct network costs

      641.0

      Net finance costs

      1,460.0

      Other

      553.0

      Total own-source income

      3,861.0

      Revenue

      3,837.0

      Other income

      24.0

      Profit/loss before income tax

      (5,238.0)

      Income tax expense

      (1.0)

      Other comprehensive gain/(loss)

      2.0

      Profit/loss after income tax

      (5,237.0)

         

      Source: NBN Co’s 2019–20 audited financial statements.

      Table 3.15.2: Key assets and liabilities

      Assets and liabilities

      Actual

      ($m) 2019–20

      Total assets

      36,850.0

      Cash and cash equivalents

      344.0

      Trade and other receivables

      512.0

      Property, plant and equipment

      33,738.0

      Intangible assets

      2,093.0

      Other

      163.0

      Total liabilities

      34,750.0

      Trade and other payables

      2,290.0

      Other financial liabilities

      1,000.0

      Borrowing

      19,458.0

      Other

      1,142.0

      Lease liabilities

      10,860.0

      Net assets/(liabilities)

      2,100.0

         

      Note: NBN Co’s staffing level as at 30 June 2020 was 6,263.

      Source: NBN Co’s 2019–20 audited financial statements.

      Key areas of financial statements risk

      3.15.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.15.3.

      Table 3.15.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Property, plant and equipment

      $33.7 billion Intangibles

      $2.1 billion

      Valuation of network assets

      KAM (Valuation of property, plant and equipment and intangible assets – impairment)

      KAM (Accuracy and completeness of depreciation and amortisation expense)

      Higher

      • accounting for the valuation of network assets is subject to a high degree of judgement and complexity arising in the estimation of the significant costs of network construction and software development.

      Construction liabilities

      $0.9 billion

      Valuation of construction liabilities estimates

      KAM

      Higher

      • involvement of multiple delivery partners and the capitalisation of associated network assets based on the respective stage of completion at reporting date.

      Network assets

      $33.4 billion

      Lease liabilities

      $10.9 billion

      Accounting treatment of rights and obligations under significant contractual arrangements.

      KAM

      Higher

      • the agreements include arrangements for the lease of infrastructure; and
      • these contracts are significant and complex in nature and represent a significant portion of the associated financial statements items.

      Derivative financial asset

      $5 million

      Valuation and disclosure of financial instruments

      Higher

      • the level of external debt is expected to increase, with a portion to be hedged through derivative instruments;
      • increased level of management judgement required to determine fair value of derivative contracts; and
      • complex financial statement disclosure requirements.

      Telecommunications revenue

      $3.6 billion

      Accounting for, and reporting of, telecommunications revenue

      Higher

      • revenue has increased significantly as the network continues to roll out with IT systems and controls continuing to evolve with scale.
             

      Source: ANAO 2020–21 risk assessment for NBN Co and NBN Co’s 2019–20 audited financial statements.

      Audit results

      3.15.7 The ANAO has substantially completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: revenue and receivables; purchase and payables; payroll; inventory; treasury; fixed assets including lease management; and fair value reporting and accounting for the Telstra and Optus agreements.

      3.15.8 Audit procedures relating to key processes and financial statements line items, including IT general and application controls, where appropriate, will be performed as part of the planned 2020–21 final audit. In addition, we will perform audit procedures to assess the valuation of network assets.

      3.15.9 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.15.10 Based on our interim audit coverage to date, key elements of internal control were designed, and where applicable, operating effectively to provide reasonable assurance that NBN Co will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2020–21 final audit.

      3.16 Department of Parliamentary Services

      Overview

      3.16.1 The Department of Parliamentary Services (DPS) is responsible for supporting the Parliament through the provision of a range of services, including library, Hansard, broadcasting, telecommunications, building security and maintenance.

      3.16.2 Figure 3.16.1 and Figure 3.16.2 show the 2020–21 departmental and administered financial statements items reported by DPS and the key areas of financial statements risk.

      Figure 3.16.1: Key departmental financial statements items and areas of financial statements risk

      DPS’ departmental estimated actuals for the year ended 30 June 2021 as per the 2020-21 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.16.3.

      Source: ANAO analysis and DPS’ budget as reported in the 2020–21 Portfolio Budget Statements.

      Figure 3.16.2: Key administered financial statements items and areas of financial statements risk

      DPS’ administered estimated actuals for the year ended 30 June 2021 as per the 2020-21 Portfolio Budget Statements, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.16.3.

      Source: ANAO analysis and DPS’ budget as reported in the 2020–21 Portfolio Budget Statements.

      3.16.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DPS financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of the DPS environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of DPS, the ANAO has assessed the risk of a material misstatement as low.

      Key financial statements items

      3.16.4 Annual appropriation funding of $173.0 million (departmental) and $59.3 million (administered) was provided to DPS in 2020–21 to support the achievement of the entity’s outcomes.100

      3.16.5 Table 3.16.1 and Table 3.16.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.16.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      185.5

      47.9

      Employee benefits

      107.5

      Suppliers

      57.4

      8.8

      Depreciation and amortisation

      20.6

      39.1

      Total own-source income

      14.7

      Sale of goods and rendering of services

      13.8

      Other

      0.9

      Net (cost of)/contribution to services

      170.8

      (47.9)

           

      Source: DPS’ 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Table 3.16.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      125.2

      2,678.7

      Cash and cash equivalents

      1.1

      Trade and other receivables

      26.0

      1.6

      Land and buildings

      0.7

      2,508.9

      Property, plant and equipment

      44.4

      40.7

      Other

      53

      127..5

      Total liabilities

      36.8

      10.8

      Employee provisions

      28.5

      Other

      8.3

      10.8

      Net assets/(liabilities)

      88.4

      2,667.9

           

      Note: DPS’ estimated average staffing level for 2020–21 is 939.

      Source: DPS’ 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Key areas of financial statements risk

      3.16.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.16.3.

      Table 3.16.3: Key areas of financial statements risk

      Relevant financial statements line item

      Key area

      Audit risk rating

      Factors contributing to risk assessment

      Administered

      non-financial assets (excluding intangibles)

      $2.5 billion

      Valuation of non-financial assets KAM

      Higher

      • the unique nature of the Parliament House, its contents and the purpose of the land, increases the judgement applied and complexity in establishing a fair value.
             

      Source: ANAO 2020–21 risk assessment, and DPS’ budgeted financial statements for the year ended 30 June 2021.

      Audit results

      3.16.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: cash and asset management; and payroll processing. In addition, the ANAO has undertaken testing of IT general controls over the financial management and human resource management information systems.

      3.16.8 Audit procedures relating to all material financial statement line items, including the valuation of non-financial assets will be undertaken as part of the planned 2020–21 final audit.

      3.16.9 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2020–21 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.16.10 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that DPS will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.17 Department of the Prime Minister and Cabinet

      Overview

      3.17.1 The Department of the Prime Minister and Cabinet (PM&C) is responsible for supporting the Prime Minister as the head of the Australian Government and the Cabinet; providing advice on major domestic policy and international national security matters; and improving the lives of Aboriginal and Torres Strait Islander peoples.

      3.17.2 Figure 3.17.1 and Figure 3.17.2 show the 2020–21 departmental and administered financial statement items reported by PM&C and the key areas of financial statements risk.

      Figure 3.17.1: Key departmental financial statements items and areas of financial statements risk

      PM&C’s departmental estimated actuals for the year ended 30 June 2021 as per PMC’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.17.3.

      Source: ANAO analysis and PM&C’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.17.2: Key administered financial statements items and areas of financial statements risk

      PM&C’s administered estimated actuals for the year ended 30 June 2021 as per PMC’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.17.3.

      Source: ANAO analysis and PM&C revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.17.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on PM&C’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of PM&C’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of PM&C, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.17.4 Annual appropriation funding of $206.0 million (departmental) and $53.9 million (administered) was provided to PM&C in 2020–21 to support the achievement of the entity’s outcomes.101 PM&C was also budgeted to receive special appropriation funding of $15.5 million.102

      3.17.5 Table 3.17.1 and Table 3.17.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.17.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      254.6

      193.8

      Employee benefits

      141.8

      1.7

      Suppliers

      93.0

      7.4

      Depreciation and amortisation

      17.3

      0.6

      Grants

      0.0

      57.7

      Payments to corporate entities

      126.3

      Other

      2.5

      0.1

      Total own-source income

      45.2

      Sale of goods and rendering of services

      43.4

      Interest

      Other

      1.8

      Net (cost of)/contribution to services

      (209.4)

      (193.8)

           

      Source: PM&C’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.17.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      227.4

      2,784.7

      Cash and cash equivalents

      2.0

      0.0

      Trade and other receivables

      37.2

      0.1

      Land and buildings

      145.4

      53.6

      Property, plant and equipment

      8.2

      0.7

      Administered investments in other Commonwealth entities

      2,728.8

      Other

      34.6

      0.2

      Total liabilities

      169.3

      18.9

      Suppliers

      8.6

      0.1

      Leases

      114.2

      1.0

      Employee provisions

      42.9

      0.5

      Other

      3.6

      17.3

      Net assets/(liabilities)

      58.1

      2,765.7

           

      Note: PM&C’s estimated average staffing level for 2020–21 is 1,067.

      Source: PM&C’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.17.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.17.3.

      Table 3.17.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Departmental

      revenue from goods and services

      $43.4m

      Accuracy of Revenue

      Moderate

      • PM&C provides shared services to a number of Commonwealth entities. The revenue from these services is a significant component of departmental revenue.
      • revenue recognition requires judgements under AASB 15 on when services are provided and the timing and amount of revenue recognition.
             

      Source: ANAO 2020–21 risk assessment, and PM&C’s budgeted financial statements for the year ended 30 June 2021.

      3.17.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of PM&C:

      • Auditor-General Report No.32 Cyber Security Strategies of Non Corporate Commonwealth Entities.

      3.17.8 The results of the above report was considered in designing our audit procedures. No significant changes were made to the designed audit procedures for the financial statements audit.

      Audit results

      3.17.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to testing of IT general controls and testing of controls over: bank accounts; payments to suppliers; asset additions; depreciation expense and payroll.

      3.17.10 Audit procedures relating to: stocktakes, leave processing and credit cards will be undertaken as part of the planned 2020–21 final audit.

      3.17.11 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.17.12 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that PM&C will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.18 National Indigenous Australians Agency

      Overview

      3.18.1 The primary functions of the National Indigenous Australians Agency (NIAA), are to:

      • lead and coordinate Commonwealth policy development, program design and implementation and service delivery for Aboriginal and Torres Strait Islander peoples;
      • provide advice to the Prime Minister and the Minister for Indigenous Australians on whole-of-government priorities for Aboriginal and Torres Strait Islander peoples;
      • lead and coordinate the development and implementation of Australia’s Closing the Gap targets in partnership with Indigenous Australians; and
      • lead Commonwealth activities to promote reconciliation.

      3.18.2 Figure 3.18.1 and Figure 3.18.2 show the 2020–21 departmental and administered financial statement items reported by NIAA and the key areas of financial statements risk.

      Figure 3.18.1: Key departmental financial statements items and areas of financial statements risk

      NIAA’s departmental estimated actuals for the year ended 30 June 2021 as per NIAA’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.18.3.

      Source: ANAO analysis and NIAA’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.18.2: Key administered financial statements items and areas of financial statements risk

      NIAA’s administered estimated actuals for the year ended 30 June 2021 as per NIAA’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.18.3.

      Source: ANAO analysis and NIAA revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.18.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on NIAA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of NIAA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of NIAA, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.18.4 Annual appropriation funding of $268.2 million (departmental) and $1,347.8 million (administered) was provided to NIAA in 2020–21 to support the achievement of the entity’s outcomes.103 NIAA was also budgeted to receive special appropriation funding of $460.0 million.104

      3.18.5 Table 3.18.1 and Table 3.18.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.18.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      274.8

      1,794.8

      Employee benefits

      155.3

      0.1

      Suppliers

      91.9

      65.2

      Depreciation and amortisation

      25.8

      0.3

      Grants

      1,456.9

      Payments associated with Land Councils

      200.2

      Other

      1.8

      72.1

      Total own-source income

      9.3

      84.9

      Sale of goods and rendering of services

      6.9

      Interest revenue

      12.2

      Other

      2.4

      72.7

      Net (cost of)/contribution to services

      (265.5)

      (1,709.9)

           

      Source: NIAA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.18.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      275.7

      1,384.0

      Cash and cash equivalents

      19.2

      Trade and other receivables

      68.5

      23.1

      Land and buildings (including investment properties)

      Property, plant and equipment

      186.0

      11.5

      Intangibles

      21.2

      Prepayments

      0.7

      Term deposits

      1,329.5

      Total liabilities

      191.2

      24.9

      Suppliers

      8.5

      1.4

      Employee provisions

      57.8

      0.0

      Lease liabilities

      116.2

      0.4

      Grants payable

      21.4

      Other

      8.7

      1.7

      Net assets/(liabilities)

      84.5

      1,359.1

           

      Note: NIAA’s estimated average staffing level for 2020–21 is 1,210.

      Source: NIAA’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.18.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.18.3.

      Table 3.18.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      grants expense

      $1,456.9 million

      Performance of grantees in meeting grant conditions

      KAM

      Higher

      • High risk primarily due to the decentralised operations with programs delivered in remote areas and payments rely on several different IT systems operated by different Government departments.

      Departmental

      non-financial assets

      $207.2 million

      Valuation of non- financial assets

      Moderate

      • Moderate risk primarily due to substantial holdings of land, buildings, infrastructure and plant and equipment, which are dispersed around Australia.
             

      Source: ANAO 2020–21 risk assessment, and NIAA’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Audit results

      3.18.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: IT general controls; bank accounts; payments to suppliers, leases, asset additions, depreciation and payments under the Community Development Program.

      3.18.8 Audit procedures relating to: other grant programs, asset revaluations, stocktakes and employee leave provisions will be undertaken as part of the planned 2020–21 final audit.

      Conclusion

      3.18.9 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that NIAA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.19 Department of Social Services

      Overview

      3.19.1 The Department of Social Services (DSS) is responsible for social security, families and communities, disability and carers and housing. DSS works in partnership with other government and non-government organisations, on a range of policies, programs and services focused on improving the wellbeing of people and families in Australia. 105

      3.19.2 DSS has two shared services arrangements. DSS receives Information and Technology services from Services Australia and provides services to other entities through the Community Grants Hub. In addition, the Department of Education, Skills and Employment manage the IT systems supporting DSS’ delivery of the Disability Employment Services.

      3.19.3 DSS continues to provide support to individuals and families affected by coronavirus through a range of measures. In November 2020 changes were announced by the Government to its social safety net for people impacted by the coronavirus pandemic with an extension up to 31 March 2021.

      3.19.4 The changes for extension of income support relate to the fortnightly Coronavirus Supplement rates, temporary changes to the JobSeeker Payment and Youth Allowance income tests including varying eligibility and qualification for payments. These changes may impact: DSS’ internal control environment; and the ANAO’s assessment of whether appropriate controls have been implemented and are operating effectively to manage the increased risk of material misstatement to the DSS financial statements. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2020–21 audit.

      3.19.5 Figure 3.19.1 and Figure 3.19.2 show the 2020–21 departmental and administered financial statements items reported by DSS and the key areas of financial statements risk.

      Figure 3.19.1: Key departmental financial statements items and areas of financial statements risk

      DSS’ departmental estimated actuals for the year ended 30 June 2021 as per DSS’ 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.19.3.

      Source: ANAO analysis and DSS’ revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.19.2: Key administered financial statements items and areas of financial statements risk

      DSS’ administered estimated actuals for the year ended 30 June 2021 as per DSS’ 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.19.3.

      Source: ANAO analysis and DSS’ revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.19.6 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DSS’ financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of the DSS environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of DSS, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.19.7 Annual appropriation funding of $389.6 million (departmental) and $13.8 billion (administered) was provided to DSS in 2020–21 to support the achievement of the entity’s outcomes.106 DSS was also budgeted to receive special appropriation funding of $150.1 billion.107

      3.19.8 Table 3.19.1 and Table 3.19.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.19.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      434.4

      169,243.7

      Employee benefits

      242.8

      Suppliers

      141.3

      430.9

      Depreciation and amortisation

      42.1

      Personal benefits

      153,372.8

      Grants

      2,802.3

      Subsidies

      113.4

      Payments in corporate entities

      12,372.0

      Other

      8.2

      152.3

      Total own-source income

      29.5

      470.8

      Sale of goods and rendering of services

      25.3

      344.4

      Other

      4.2

      126.4

      Net (cost of)/contribution to services

      (404.9)

      (168,772.9)

           

      Source: DSS’ 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.19.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      632.5

      4,796.6

      Cash and cash equivalents

      5.3

      11.7

      Trade and other receivables

      78.7

      3,906.1

      Land and buildings

      544.2

      Property, plant and equipment

      3.3

      Investments

      878.8

      Other

      1.0

      Total liabilities

      642.5

      7,521.9

      Employee provisions

      91.6

      Suppliers

      15.7

      98.7

      Personal benefits payable

      2,514.5

      Personal benefits provision

      4,761.7

      Subsidies

      87.8

      Leases

      527.7

      Grants

      53.2

      Other

      7.5

      6.0

      Net assets/(liabilities)

      (10.0)

      (2,725.3)

           

      Note: DSS’ estimated average staffing level for 2020–21 is 1,887.

      Source: DSS’ 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.19.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.19.3.

      Table 3.19.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      personal benefits expenses

      $153.4 billion

      Accuracy and occurrence of personal benefits expenses

      KAM

      Higher

      • reliance on the correct self- disclosure of personal circumstances by a large number of diverse recipients;
      • reliance on Services Australia’s complex information technology system for the processing of a high volume of payments across numerous personal benefit types with varying conditions for determining payment amount; and
      • rapid changes in implementation of stimulus measures (including Coronavirus Supplement, JobSeeker payment and a range of related initiatives) in response to the COVID-19 pandemic where a range of payment eligibility and qualification controls have been varied.

      Administered

      personal benefits provisions

      $4.8 billion

      personal benefits receivables (component of receivables)

      $3.9 billion

      Valuation of personal benefits provisions and personal benefits receivables

      KAM

      Higher

      • provisions and receivables involve estimation models which require significant judgements and assumptions, and are dependent on a number of factors. These factors include, but are not limited to, new budget measures affecting benefit programs, timing of payments, personal circumstances of recipients and the economic environment;
      • the accuracy and completeness of the source data used by the actuary in developing the estimation of the provisions and receivables is a key component of the valuation process;
      • uncertainty associated with the estimation of the COVID-19 pandemic impact on current and future cash flow estimates used in the valuation models; and
      • cessation of the debt pause and uncertainty over reliable estimation and disclosures for additional debt repayments arising from pre July 2015 arrangements.

      Administered

      grants expenses

      $2.8 billion

      Accuracy and occurrence of grant expenses

      KAM

      Moderate

      • a large number of grants programs with differing legislative and policy requirements which make the management of grant processes complex and this has the potential to impact the validity of grant expenses.
             

      Source: ANAO 2020–21 risk assessment for DSS and DSS’ revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Audit results

      3.19.10 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: financial management, human resources information, grant management systems, compliance and assurance processes relating to personal benefits and disability services. Audit procedures have also been completed for the processes relating to: grants, cash, appropriations, special accounts, asset management, payroll processing, supplier expenses, departmental revenue and payments made on behalf of other entities.

      3.19.11 Audit procedures relating to the assessment of the valuation of personal benefits asset and liability balances will be undertaken as part of the planned 2020–21 final audit.

      3.19.12 The following table summarises the status of audit findings reported by the ANAO in 2019–20 and 2020–21.

      Table 3.19.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      2

      2

      Total

      2

      2

               
      New moderate audit findings
      IT Shared Services Governance

      3.19.13 In February 2020 DSS’ IT services transferred to Services Australia through a Machinery of Government change. A Statement of Intent detailing expectations of DSS and Services Australia was signed on 23 December 2020. As at 7 April 2021, there is no signed Memorandum of Understanding (MoU) in place between DSS and Services Australia, formally assigning roles, responsibilities and duties that Services Australia must perform. The MoU provides a framework for DSS to prioritise deliverables with Services Australia and to clarify the tolerances for ICT related risks.

      3.19.14 The Australian Government Information Security Manual (ISM) sets out responsibilities for addressing cyber security, cyber security risks and ensuring the alignment of cyber security and business objectives within their organisation. The ISM recommends a Chief Information Security Officer (CISO) is appointed to undertake this role. DSS has not designated a key accountable officer within DSS to undertake the responsibilities outlined in the ISM.

      3.19.15 The ANAO recommends that DSS finalise the MoU and arrangements to appoint a key accountable officer to undertake responsibilities outlined in the ISM.

      Terminated User Access

      3.19.16 The ANAO’s interim testing of user access found weaknesses in user access terminations processes. User accounts should be removed upon termination date as they no longer have a legitimate requirement to access DSS’ network. The ANAO identified an instance where a user continued to access systems following separation from DSS.

      3.19.17 The ANAO has recommended that DSS implement processes to ensure user access is terminated on a timely basis and undertake a detailed review of all logs related to unauthorised access confirming that no inappropriate transactions or data has been accessed. The ANAO will review DSS’ progress in addressing this issue during the final audit phase.

      Conclusion

      3.19.18 At the completion of the interim audit, and except for the findings outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DSS will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2020–21 final audit.

      3.20 Services Australia

      Overview

      3.20.1 Services Australia has responsibility for delivering a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include income support payments and services, aged care payments, Medicare payments and services, and child support services. Social and health-related payments and services delivered by Services Australia on behalf of other entities are recognised within each of the individual policy agencies’ financial statements.

      3.20.2 Services Australia implemented a range of measures in 2019–20 that continue to be applied in 2020–21, aimed at supporting members of the Australian public who were impacted by the COVID-19 pandemic. These measures included the new jobseeker and social security and welfare payments, which includes both Economic and Coronavirus supplement payments, and expansion of the Telehealth function of the Medicare Benefits Scheme.

      3.20.3 Figure 3.20.1 and Figure 3.20.2 show the 2020–21 departmental and administered financial statement items reported by Services Australia and the key areas of financial statements risk.

      Figure 3.20.1: Key departmental financial statement items and areas of financial statements risk

      Services Australia’s departmental estimated actuals for the year ended 30 June 2021 as per Services Australia’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.20.3.

      Source: ANAO analysis and Services Australia’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.20.2: Key administered financial statement items and areas of financial statements risk

      Services Australia’s administered estimated actuals for the year ended 30 June 2021 as per Services Australia’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.20.3.

      Source: ANAO analysis and Services Australia’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.20.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Services Australia’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Services Australia’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Services Australia, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.20.5 Annual appropriation funding of $5.5 billion (departmental) and $1.7 million (administered) was provided to Services Australia in 2020–21 to support the achievement of the entity’s outcomes.108 Services Australia was also budgeted to receive special appropriation funding of $0.6 million109 relating to refunds under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

      3.20.6 Table 3.20.1 and Table 3.20.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.20.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      5,747.3

      1,781.1

      Employee benefits

      2,828.2

      Suppliers

      2,021.3

      Depreciation and amortisation

      764.1

      Child support maintenance

      1,695.2

      Write-down and impairment of assets

      85.9

      Other

      133.7

      Total own-source income

      261.9

      1,841.4

      Rendering of services

      226.7

      Rental Income

      14.6

      Child support maintenance revenue

      1,770.3

      Other

      20.6

      71.1

      Net (cost of)/contribution to services

      (5,485.4)

      60.3

           

      Source: Services Australia’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.20.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      5,027.1

      1,456.4

      Cash

      20.8

      159.9

      Trade and other receivables

      1,450.5

      16.7

      Land and buildings

      2,268.6

      Property, plant and equipment

      466.6

      Software

      695.0

      Prepayments

      125.6

      Child support receivables

      1,279.8

      Total liabilities

      3,293.9

      1,433.8

      Suppliers

      246.6

      Lease

      2,093.2

      Other payables and provisions

      49.5

      8.0

      Child support and other payables

      34.3

      Employee payables and provisions

      904.6

      Recovery of compensation

      90.6

      Child support payments received in advance

      22.6

      Child support provisions

      1,278.3

      Net assets/(liabilities)

      1,733.2

      22.6

           

      Note: Services Australia’s estimated average staffing level for 2020–21 is 27,650.

      Source: Services Australia’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.20.7 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Service Australia’s financial statements. Services Australia has a highly complex IT environment made up of numerous systems hosted across different IT platforms. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.20.3.

      Table 3.20.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      child support maintenance receivables

      $1.28 billion

      Valuation of child support receivables that are yet to be paid by non-custodial parents at the end of the financial year.

      KAM

      Moderate

      • significant judgements and assumptions around the collection rates of child support obligations are applied in determining the valuation of child support receivables, and require the involvement of an actuary. These judgements rely on the quality of the underlying data used in the estimation process; and
      • a large volume of child support financial transactions are processed using bespoke IT application under the complex Child Support Act 1988. This complexity increases the judgements and estimates associated with the child support receivable valuation.

      Departmental

      intangible assets

      $695.02 million

      Valuation of intangible assets

      KAM

      Moderate

      • significant judgements involved in considering the indicators of impairment to estimate the value of intangible assets; and
      • judgements involved in estimating the capitalisation of the staff and other costs attributed to developing the software applications.

      Departmental

      right-of-use assets

      (a component of $2.27 billion land and buildings)

      lease liabilities

      $2.10 billion

       

      Valuation of right-of-use lease assets and liabilities

       

      Moderate

      • judgements associated with right-of-use valuations, particularly the treatment of lease options as well as the assurance processes for identifying and recognising changes in individual lease contacts, particularly modifications, new or terminated leases; and
      • completeness of leases as not all leases managed by the agency are captured and recognised under the requirements of AASB 16: Leases.
             

      Source: ANAO 2020–21 risk assessment, and Services Australia’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.20.8 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of Services Australia:

      • Auditor-General Report No. 23 Services Australia COVID-19 Measures and Enterprise Risk Management.

      3.20.9 The observations of this report were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement. As such, this performance audit did not have a significant impact on the audit approach to the financial statements.

      Audit results

      3.20.10 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to areas of audit focus and IT controls over security and change management of the financial management and human resource management information system.

      3.20.11 Audit procedures relating to: controls over social services and health related payments made by Services Australia on behalf of other Commonwealth entities, including associated compliance and quality assurance activities will be undertaken as part of the planned 2020–21 final audit. In addition, the ANAO’s final audit coverage will include the valuation of child support debts and non-financial assets, particularly intangibles.

      3.20.12 The following table summarises the status of audit findings reported by the ANAO in 2019–20 and 2020–21.

      Table 3.20.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      2

      1

      1

      Total

      2

      1

      1

               
      Resolved moderate audit findings
      Welfare Payments System Access Management

      3.20.13 The Commonwealth Government announced a number of financial stimulus initiatives aimed at supporting members of the Australian public who were likely to be impacted by the COVID- 19 pandemic. To support the COVID-19 initiatives, Services Australia made changes to its IT general control environment including the granting of additional system access for staff assisting with the processing of claims.

      3.20.14 As part of the 2019–20 audit, the ANAO noted weaknesses in Services Australia’s risk management processes, including assessing and capturing the risks of provisioning IT access changes; updating or reassessing risks post the initial COVID-19 period relating to provisioning IT access; and documenting key decisions, including authorisation and approvals of the system access changes in accordance with Service Australia’s operational policy.

      3.20.15 The ANAO recommended that Services Australia strengthen risk management processes for identifying and approving significant IT system changes, including for system access, extensions and removal, and include this as part of the business continuity process so that during an emergency or a rapid implementation environment there are clear lines of approval and associated assessment of risks is undertaken. During the interim audit phase, the ANAO confirmed that these processes had been implemented and as a result the issue has been resolved.

      Unresolved moderate audit findings
      IT Security Governance

      3.20.16 Services Australia has a complex IT environment made up of a suite of systems hosted across different IT platforms such as mid-range and mainframe to support business objectives. The overall effectiveness of the IT control environment forms a significant component of the overall integrity and reliability of financial transactions, which links closely with Services Australia’s strategic risks. In the 2019–20 audit, the ANAO identified weaknesses in the implementation and operation of the governance and monitoring processes that support Services Australia’s information security framework.

      3.20.17 The ANAO recommended that governance and monitoring processes are strengthened to include the review and reporting of adherence to Services Australia’s Cyber Security Information Security Manual. The ANAO’s view is that broader governance and management processes that support Services Australia’s IT general control framework highlight an ongoing risk to the agency in maintaining security governance. At the conclusion of the 2020–21 interim audit phase Services Australia’s response to this recommendation remains outstanding, with the ANAO to review and assess Services Australia’s progress against their plan during the final audit phase. This will include consideration of the current rating of the finding should insufficient progress be made.

      Conclusion

      3.20.18 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Services Australia will be able to prepare financial statements that are free from material misstatement. The effective operation of these controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed in conjunction with additional audit testing during the 2020–21 final audit.

      3.21 National Disability Insurance Scheme Launch Transition Agency

      Overview

      3.21.1 The National Disability Insurance Scheme Launch Transition Agency (NDIA), which commenced operations on 1 July 2013, was established under the National Disability Insurance Scheme Act 2013. The NDIA is responsible for delivering the National Disability Insurance Scheme (NDIS). The NDIS is designed to provide individual control and choice in the delivery of reasonable and necessary care and support; to improve the independence, social and economic participation of eligible people with disability, their families and carers; and to provide associated referral services and activities.

      3.21.2 Figure 3.21.1 shows the 2020–21 financial statement items reported by NDIA and the key areas of financial statements risk.

      Figure 3.21.1: Key financial statements items and areas of financial statements risk

      NDIA’s estimated actuals for the year ended 30 June 2021 as per NDIA’s 2020-21 budget as reported in the 2020–21 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.21.3.

      Source: ANAO analysis and NDIA’s budget as reported in the 2020–21 Portfolio Budget Statements.

      3.21.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on NDIA financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of NDIA environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of NDIA, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.21.4 Annual funding of $23.0 billion is estimated to be provided to NDIA in 2020–21 to support the achievement of NDIA’s outcomes. The funding comprises $1.2 billion110 appropriations from the Commonwealth government for operating costs, $20.3 billion from Commonwealth, state and territory governments for participant costs, and $1.5 billion services provided in-kind to participants from state and territory governments.

      3.21.5 Table 3.21.1 and Table 3.21.2 provide a summary of the key 2020–21 estimated financial statements items.

      Table 3.21.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Budget

      ($m) 2020–21

      Total expenses

      23,374.5

      Employee benefits

      412.8

      Suppliers

      1,041.4

      Depreciation and amortisation

      64.5

      Grants

      132.8

      Participant plan expenses

      21,720.0

      Other

      3.0

      Total own-source income

      21,866.3

      Sale of goods and rendering of services

      20,311.9

      Other

      1,554.4

      Net (cost of)/contribution to services

      (1,508.2)

         

      Source: NDIA’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Table 3.21.2: Key assets and liabilities

      Assets and liabilities

      Budget

      ($m) 2020–21

      Total assets

      3,657.8

      Cash and cash equivalents

      2,814.7

      Trade and other receivables

      399.2

      Non-financial assets

      303.9

      Other financial assets

      140.0

      Total liabilities

      2,787.9

      Suppliers

      131.9

      Other payables

      791.6

      Leases

      202.0

      Grants

      1,575.0

      Employee provisions

      80.0

      Other

      7.4

      Net assets/(liabilities)

      869.9

         

      Note: NDIA’s estimated average staffing level for 2020–21 is 4,000.

      Source: NDIA’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Key areas of financial statements risk

      3.21.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.21.3.

      Table 3.21.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Participant plan expenses

      $21.7 billion

      Accuracy and occurrence of participant plan expenses KAM

      Higher

      • ongoing growth in the Scheme participant numbers and the need to cater for a diverse group of participants with varying and changing needs;
      • reliance on third parties to provide information to support payments, making these payments more susceptible to fraud; and
      • no supporting documentation required as part of the claiming process.

      Participant plan provision

      $1.6 billion

      Valuation of participant plan provisions KAM

      Higher

      • reliance on accounting estimates based on relatively immature longitudinal data given the maturity of the Scheme; and
      • complexity of calculations due to the significant number of participant plans and the diverse nature of goods and services provided.

      Other gains – contributions in- kind from state and territory governments revenue

      $1.5 billion

      In kind expenses

      (a component of participant expenses

      $21.7 billion)

      Completeness, occurrence and accuracy of contributions of in- kind services from state and territory governments

      KAM

      Higher

      • reliance on state and territory governments reporting services provided directly to participants;
      • complexities related to the valuation and accounting for in-kind contributions provided by state and territory governments.
      • Prior to the commencement of the NDIS, state and territory governments had committed to provide (directly or by engaging service providers) items such as disability services, health, family support, education, employment, transport and/or housing to people with a disability. The on-going provision of these agreed services on behalf of the NDIA is regarded as an in- kind contribution.
             

      Source: ANAO 2020–21 risk assessment, and NDIA’s budgeted financial statements for the year ended 30 June 2021.

      3.21.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. Auditor-General Report No. 14 2020–21 Decision-making Controls for NDIS Participant Plans included observations relevant to participant plan expenses and provisions outlined in Table 3.21.3.

      3.21.8 The report observed that NDIA did not yet have appropriate controls or oversight mechanisms to ensure supports in participant plans are ‘reasonable and necessary’. The results were considered in developing the financial statements audit approach with consistent observations raised in the unresolved moderate audit finding outlined at paragraph 3.21.15.

      Audit results

      3.21.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to the NDIA’s IT general controls over security and change management; processes relating to cash; payroll processing; suppliers expenses; grants expenses; and participant expenses.

      3.21.10 Audit coverage of the application controls in the financial management and human resource management information systems and the Customer Relationship Management (CRM) system will be completed prior to the final phase of the 2020–21 audit.

      3.21.11 Audit procedures relating to the valuation of the participant provision, the completeness and accuracy of in-kind revenue and our review of the NDIA’s quality assurance framework supporting participant expenses will be undertaken as part of the planned 2020–21 final audit.

      3.21.12 The following table summarises the status of audit findings reported by the ANAO in 2019–20 and 2020–21.

      Table 3.21.4: Status of audit findings raised by the ANAO

      Category

      Closing position (2019–20)

      New findings (2020–21)

      Resolved findings (2020–21)

      Closing position (2020–21)

      B

      1

      1

      2

      Total

      1

      1

      2

               
      New moderate audit finding
      Timeliness of user access terminations

      3.21.13 The ANAO’s interim testing of user access found weaknesses in user access terminations processes. User accounts should be removed upon termination date as they no longer have a legitimate requirement to access NDIA’s network. The ANAO identified a number of instances where users continued to have access to systems following separation from NDIA.

      3.21.14 The ANAO has recommended that NDIA implement processes to ensure user access is terminated on a timely basis and undertake a detailed review of all logs related to unauthorised access confirming that no inappropriate transactions or data has been accessed. The ANAO will review NDIA’s progress in addressing this issue during the final audit phase.

      Unresolved moderate audit finding
      Business Assurance Plan Approvals

      3.21.15 During 2019–20, the ANAO reviewed NDIA’s business assurance program relating to participant plans. The assurance program consistently reported high levels of non-conformance with a critical test, in excess of NDIA’s nominal conformance target of 80 per cent. The critical test for the plan approvals, sought to confirm that plans approved with supports greater than 10 per cent of the typical support package are justified and evidenced.

      3.21.16 NDIA’s continuous improvement register and action plans did not provide evidence of a detailed root cause analysis performed consistently across all states and territories with an aim of understanding the drivers for the exceptions identified. Furthermore, the ANAO had not been able to obtain evidence that NDIA performed further analysis to determine whether the instances of non-conformance resulted in participants having access to a level of supports inconsistent with the supports considered to meet the legislated requirement of reasonable and necessary. Consequently, participants may have access to supports in excess of what would be deemed to be reasonable and necessary increasing the cost of the scheme and its long term financial sustainability.

      3.21.17 The NDIA has redesigned the assurance framework relating to participant plans with progressive changes implemented from November 2020. The revised framework includes testing and reporting against each criteria outlined in the NDIA Act and associated NDIS Rules, a prioritisation matrix to assist in assessing the risk and impact of non-compliance to the business and revised the continuous improvement registers. The redesigned program provides greater granularity on the source of the non-compliance with requirements when establishing plans.

      3.21.18 In addition the NDIA has developed a root cause analysis guide released in March 2021. The guide provides an overview of the methodology and approach applied when analysing quality review results to inform recommendations that allow business areas to operationalise improvements. The ANAO will monitor the implementation of revised framework throughout the financial year.

      Conclusion

      3.21.19 At the completion of the interim audit, and except for the findings outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that NDIA will be able to prepare financial statements that are free from material misstatement. The effective operation of these controls for the full financial year will be assessed in conjunction with additional audit testing during the 2020–21 final audit.

      3.22 Department of the Treasury

      Overview

      3.22.1 The Department of the Treasury (Treasury) is responsible for the development, delivery and implementation of economic analysis and authoritative policy advice issues such as: the economy; budget; taxation; financial; foreign investment; structural policy; superannuation; small business; housing affordability and international economic policy. The Treasury also works with State and Territory governments on key policy areas, as well as managing federal financial relations.

      3.22.2 Figure 3.22.1 and Figure 3.22.2 show the 2020–21 departmental and administered financial statements items reported by Treasury and the key areas of financial statements risk.

      Figure 3.22.1: Key departmental financial statements items and areas of financial statements risk

      Treasury’s departmental estimated actuals for the year ended 30 June 2021 as per the Treasury’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.22.3.

      Source: ANAO analysis and Treasury’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Figure 3.22.2: Key administered financial statements items and areas of financial statements risk

      Treasury’s administered estimated actuals for the year ended 30 June 2021 as per the Treasury’s 2020-21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.22.3.

      Source: ANAO analysis and Treasury’s revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      3.22.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Treasury’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Treasury’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of Treasury, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.22.4 Annual appropriation funding of $261.0 million (departmental) and $298.7 million (administered) was provided to Treasury in 2020–21 to support the achievement of the entity’s outcomes.111 Treasury was also budgeted to receive special appropriation funding of $84.3 billion.112

      3.22.5 Table 3.22.1 and Table 3.22.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.22.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total expenses

      273.1

      152,081.4

      Employee benefits

      174.6

      Suppliers

      81.9

      70.4

      Grants

      1.0

      109,601.6

      Depreciation and amortisation

      13.7

      Payments to the Medicare Guarantee Fund

      41,219.5

      Interest

      7.2

      Foreign Exchange loses

      420.6

      Other

      1.9

      762.1

      Total own-source income

      15.2

      7,035.7

      Sale of goods and services

      10.3

      623.8

      Interest

      59.4

      Dividends

      3,689.0

      COAG revenue from government entities

      2,426.1

      Foreign Exchange gains

      142.5

      Other

      4.9

      94.9

      Net (cost of)/contribution to services

      (257.9)

      (145,045.7)

           

      Source: Treasury’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Table 3.22.2: Key assets and liabilities

      Assets and liabilities

      Departmental revised budget

      ($m) 2020–21

      Administered revised budget

      ($m) 2020–21

      Total assets

      246.3

      53,265.1

      Cash and cash equivalents

      0.7

      684.9

      Advances and loans

      2,715.8

      Trade and other receivables

      80.3

      3,683.2

      Land and buildings

      132.4

      Property, plant and equipment

      11.2

      Intangibles

      16.4

      Investments

      46,181.2

      Other

      5.3

      Total liabilities

      199.0

      17,413.6

      Suppliers

      10.8

      Other payables

      2.9

      6,065.6

      Leases

      117.7

      Employee provisions

      63.4

      Grants payable

      25.5

      Loans

      10,261.3

      Other provisions

      4.2

      1,061.2

      Net assets/(liabilities)

      47.3

      35,851.5

           

      Note: Treasury’s estimated average staffing level for 2020–21 is 1,092.

      Source: Treasury’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Key areas of financial statements risk

      3.22.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.22.3.

      Table 3.22.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      other provisions

      $0.9 billion

      Completeness and valuation of the Disaster Recovery Funding Arrangements (DRFA) and the Natural Disaster Relief and Recovery Arrangements Provision (NDRRA)

      KAM

      Higher

      • reliance on information provided by state and territory governments to estimate the provision; and
      • complexity in judgements relating to the timing of future payments and the estimation of future costs to restore infrastructure to its condition at the time of the natural disaster.

      Administered

      grants expense $109.6 billion

      grants payable $25.5 million

      Accuracy and occurrence of payments to states and territories under the Federal Financial Relations Act 2009

      KAM

      Moderate

      • the significance of the value of grants paid and the complex eligibility criteria for a number of grants; and
      • reliance on other government entities to provide information to support payments and confirm the eligibility criteria have been met.
             

      Source: ANAO 2020–21 risk assessment, and Treasury’s 2020–21 revised budget as reported in the 2020–21 Portfolio Additional Estimates Statements.

      Audit results

      3.22.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: payroll processing, grant payments and supplier expenses. Audit coverage also included an assessment of the IT general controls over the Financial Management Information System and the Human Resources Information System.

      3.22.8 The ANAO has completed interim audit coverage over program management and eligibility managed by other entities and the Treasury’s internal payment processes for National Partnership Payments made under the Federal Financial Relations Act 2009 and other grant expenses. Further procedures will also be undertaken over the assurance processes for payments made under the Federal Financial Relations Act 2009, including those payments yet to have occurred.

      3.22.9 Audit procedures relating to the valuation of provisions will be undertaken as part of the planned 2020–21 final audit.

      3.22.10 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.22.11 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that Treasury will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.23 Australian Office of Financial Management

      Overview

      3.23.1 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets and the issuing of Treasury bonds, Treasury indexed bonds and Treasury notes into the financial markets.

      3.23.2 Figure 3.23.1 and Figure 3.23.2 show the 2020–21 departmental and administered financial statements items reported by AOFM and the key areas of financial statements risk.

      Figure 3.23.1: Key departmental financial statements items and areas of financial statements risk

      AOFM’s departmental estimated actuals for the year ended 30 June 2021 as per AOFM’s 2020-21 budget as reported in the 2020–21 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.23.3.

      Source: ANAO analysis and AOFM’s budget as reported in the 2020–21 Portfolio Budget Statements.

      Figure 3.23.2: Key administered financial statements items and areas of financial statements risk

      AOFM’s administered estimated actuals for the year ended 30 June 2021 as per 2020-21 budget as reported in the 2020–21 Portfolio Budget Statements, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.23.3.

      Source: ANAO analysis and AOFM’s budget as reported in the 2020–21 Portfolio Budget Statements.

      3.23.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on AOFM’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of AOFM’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of AOFM, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.23.4 Annual appropriation funding of $16.9 million (departmental) was provided to AOFM in 2020–21 to support the achievement of the entity’s outcomes.113 AOFM was also budgeted to receive special appropriation funding of $1,573.8 billion.114

      3.23.5 Table 3.23.1 and Table 3.23.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.23.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total expenses

      17.8

      16,855.6

      Employee benefits

      8.4

      Suppliers

      8.5

      Depreciation and amortisation

      0.8

      Finance costs

      0.1

      16,723.7

      Write-down and impairment of assets

      51.9

      Other

      80.0

      Total own-source income

      0.7

      6,080.5

      Sale of goods and rendering of services

      0.4

      Interest revenue

      265.6

      Net market revaluation gain/(losses)

      5,814.9

      Other

      0.3

      Net (cost of)/contribution to services

      (17.1)

      (10,755.1)

           

      Source: AOFM’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Table 3.23.2: Key assets and liabilities

      Assets and liabilities

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total assets

      34.3

      44,517.8

      Cash and cash equivalents

      0.1

      0.6

      Trade and other receivables

      27.5

      Loans to state and territory governments

      1,414.0

      Term deposits with RBA

      35,707.5

      Structure finance securities

      7,395.7

      Non-financial assets

      6.7

      Total liabilities

      7.7

      978,404.8

      Suppliers

      0.2

      Personal benefits

      0.1

      Employee provisions

      2.6

      Leases

      4.3

      Australian Government securities

      978,277.2

      Other

      0.5

      127.6

      Net assets/(liabilities)

      26.6

      (933,887.0)

           

      Note: AOFM’s estimated average staffing level for 2020–21 is 50.

      Source: AOFM’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Key areas of financial statements risk

      3.23.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.23.3.

      Table 3.23.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      Australian Government Securities

      $978.3 billion

      Valuation of liabilities

      Moderate

      • significant value of the liability and significant volume of instruments issued;
      • fair value movements have a material impact on the financial statements and are impacted by price changes in money and capital markets; and
      • complex financial statement disclosure requirements for financial assets and liabilities measured at fair value through profit and loss.

      Administered

      Structured Finance Support Fund

      $6.95 billion (a component of $7.4 billion structured finance securities balance)

      Valuation of financial assets

      Moderate

      • introduced in 2020 as a new type of asset holding for the entity, arising from the Government’s response to the COVID-19 pandemic.
      • the level of judgement required over the initial recognition of assets at fair value, and the ongoing judgements to be applied over the subsequent measurement of expected credit losses; and
      • complexity over financial disclosure requirements for the assets (measured at amortised cost).
             

      Source: ANAO 2020–21 risk assessment, and AOFM’s budgeted financial statements for the year ended 30 June 2021.

      Audit results

      3.23.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: cash and cash equivalents; supplier expenses; issuance and management of Australian Government Securities; and investments from the Structured Finance Support Fund.

      3.23.8 Audit procedures relating to the valuation of Australian Government securities and investments from the Australian Business Securitisation Fund and the Structured Finance Support Fund will be undertaken as part of the planned 2020–21 final audit.

      3.23.9 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.23.10 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that AOFM’s will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.24 Australian Taxation Office

      Overview

      3.24.1 The Australian Taxation Office’s (ATO’s) core areas of responsibility are managing and shaping tax, excise and superannuation systems that fund services for Australians, together with the provision of support to the Tax Practitioners Board, the Australian Business Register and the Australian Charities and Not-for-profits Commission.

      3.24.2 Figure 3.24.1 and Figure 3.24.2 show the 2020–21 departmental and administered financial statement items reported by ATO and the key areas of financial statements risk.

      Figure 3.24.1: Key departmental financial statement items and areas of financial statements risk

      ATO’s departmental estimated actuals for the year ended 30 June 2021 as per the ATO’s 2020-21 budget as reported in the 2020–21 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.24.3.

      Source: ANAO analysis and ATO’s budget as reported in the 2020–21 Portfolio Budget Statements.

      Figure 3.24.2: Key administered financial statement items and areas of financial statements risk

      ATO’s administered estimated actuals for the year ended 30 June 2021 as per the ATO’s 2020-21 budget as reported in the 2020–21 Portfolio Budget Statements, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.24.3

      Source: ANAO analysis and ATO’s revised budget as reported in the 2020–21 Portfolio Budget Statements.

      3.24.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on ATO’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of ATO’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of ATO, the ANAO has assessed the risk of a material misstatement as high.

      Key financial statements items

      3.24.4 Annual appropriation funding of $4.1 billion (departmental) and $7.9 million (administered) was provided to ATO in 2020–21 to support the achievement of the entity’s outcomes.115 ATO was also budgeted to receive special appropriation funding of $235.1 billion.116

      3.24.5 Table 3.24.1 and Table 3.24.2 provide a summary of the key 2020–21 departmental and administered estimated financial statements items.

      Table 3.24.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total expenses

      4,228.2

      101,807.9

      Employee benefits

      2,109.6

      Suppliers

      1,690.1

      Depreciation and amortisation

      415.8

      Subsidies

      93,518.0

      Personal benefits

      1,095.0

      Penalty and Interest charge remission

      1,480.0

      Write-down and impairment of assets

      5,175.0

      Interest

      80.0

      Other

      12.7

      7.9

      Superannuation guarantee charge

      428.0

      Unclaimed superannuation monies interest

      24.0

      Total own-source income

      136.5

      412,044.2

      Sale of goods and rendering of services

      105.8

      Income tax

      321,289.4

      Indirect tax

      87,330.0

      Other taxes

      2,783.4

      Unclaimed superannuation Monies

      625.0

      Rental income

      18.3

      Other

      12.4

      16.4

      Net (cost of)/contribution to services

      (4,091.7)

      310,236.3

           

      Source: ATO’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Table 3.24.2: Key assets and liabilities

      Assets and liabilities

      Departmental budget

      ($m) 2020–21

      Administered budget

      ($m) 2020–21

      Total assets

      2,262.6

      51,286.9

      Cash and cash equivalents

      36.1

      546.1

      Trade and other receivables

      468.5

      Non-financial assets

      1,758.0

      Taxation receivables

      36,755.9

      Accrued revenues

      13,743.2

      Other

      241.7

      Total liabilities

      2,036.1

      10,298.5

      Suppliers

      241.3

      Employees

      Other payables

      3.4

      16.8

      Employee provisions

      727.9

      Subsidies payable & provision

      4,438.4

      Taxation refunds due

      1,216.3

      Superannuation guarantee charge

      43.3

      Superannuation holding account

      78.5

      Personal benefits payable & provision

      40.0

      1,175.3

      Income taxation and indirect taxation refund provision

      1,901.8

      Others

      9.4

      1,428.1

      Leases

      1,014.1

      Net assets/(liabilities)

      226.5

      40,988.4

           

      Note: ATO’s estimated average staffing level for 2020–21 is 18,368.

      Source: ATO’s 2020–21 budget as reported in the 2020–21 Portfolio Budget Statements.

      Key areas of financial statements risk

      3.24.6 The ANAO undertakes appropriate audit procedures on all material items and focusses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.24.3.

      Table 3.24.3: Key areas of financial statements risk

      Relevant financial statement item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Administered

      taxation revenue

      $411.4billion

      expenses

      $101.8billion

      Accuracy of administered income and expenses

      KAM

      Higher

      • complex estimation processes, involving significant judgement and specialist knowledge;
      • completeness, relevance and accuracy of source data; and
      • volatility in economic conditions, such as wage growth, gross domestic product and historical information increases the uncertainty of factors underpinning the estimates.

      Administered

      taxation revenue $411.4billion

      expenses

      $101.8billion

      provisions for credit amendments and impairment allowance (component of the taxation receivable balance $36.8 billion)

       

      Valuation of taxation receivables including processes for estimating taxation debt provisions, accounting for settlements of outstanding taxation liabilities and other adjustments to taxpayer client accounts KAM

       

      Higher

      • significant value of transactions subject to complex estimation processes drawing on specialist knowledge of debt provisions, including allowance for credit amendment and impairment losses associated with taxation receivable balances;
      • completeness, relevance and accuracy of source data;
      • complexity associated with negotiations and dispute resolutions;
      • application of significant judgement for settlement resulting from differing deeds and terms; and
      • quality assurance processes for key judgements relating to debt provisions including credit amendments; impairment losses; and accounting for settlements of outstanding taxation liabilities and other adjustments to client accounts.

      Administered

      taxation revenue

      $411.4billion

      Accuracy of taxation revenue and the ATO’s compliance risk management relating to the collection of taxation revenue.

      KAM

      Higher

      • the significant value of revenue transactions that rely on information provided by taxpayers in a self- assessment and voluntary compliance regime;
      • the effectiveness of the design and implementation of the compliance risk management regime that reduces the risk that inappropriate taxation returns may not be detected and corrected by the ATO, which makes the deterrence of tax evasion more effective; and
      • judgements associated with the risk management approach to compliance activities.

      Administered

      Expenses

      Subsidy payments in connection with JobKeeper ($69.7 billion), Cash Flow Boost payment for employers ($11.9 billion) and JobMaker Hiring Credit ($850 million) The stimulus measure payments comprise part of the Subsidies expense of $93.5 billion

      Eligibility assessments and completeness of reported subsidy payments in connection with JobKeeper, Cash Flow Boost and JobMaker Hiring Credit measures.

      Higher

      (JobMaker Hiring Credit)

      Moderate

      (JobKeeper,Cash Flow Boost)

      • significant value of the expenses and the speed of implementation of these stimulus measures; and
      • the eligibility requirements and conditions to be met for amounts to be paid to employers are set by the Coronavirus Economic Response Package (JobKeeper payments & JobMaker hiring credit payment) Act 2020; and the Boosting Cash Flow For Employers Act 2020.

      Administered

      all financial statement items

      Completeness and accuracy relating to financial reporting due to complex manual compilation of data processes required for financial reporting purposes.

      Moderate

      • manual calculation of complex information in spreadsheets increases the risk of miscalculation due to data linkages and human error.

      Administered

      all financial statement items

      Accuracy and completeness of balances due to ATO’s IT business systems and associated processing of taxpayer returns and statements

      Higher

      • large and complex IT environment with several hundred business applications processing a high volume of transactions;
      • many IT systems are bespoke or heavily customised to the ATO; and
      • reliance on specialised reports to prepare financial statements balances.
             

      Source: ANAO 2020–21 risk assessment, and ATO’s budgeted financial statements for the year ended 30 June 2021.

      3.24.7 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit report was tabled during 2020–21 relevant to the financial management or administration of ATO:

      • Auditor-General Report No.24 The Australian Taxation Office’s Management of Risks Related to the Rapid Implementation of COVID-19 Economic Response Measures.

      3.24.8 The report included observations relevant to the eligibility assessments and completeness of reported subsidy payments in connection with JobKeeper stimulus measure. The ATO has been effective in managing risks related to the rapid implementation of COVID-19 economic response measures. The ATO undertook appropriate planning to support the rapid implementation of the six economic response measures — predominantly using its existing systems and processes to support governance, resourcing, and consultation.

      Audit results

      3.24.9 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to the ATO’s business operations which incorporated ATO’s key financial administration systems and its key revenue collection processes.

      3.24.10 Audit procedures relating to the ANAO’s interim audit coverage included an assessment of ATO’s IT general controls. The assessment included: logical security, change and release management and controls in the ATO’s financial management information system, human resource management information system; and other key administered and departmental financial systems. Audit coverage is currently in progress on the processes relating to: cash; appropriations; special accounts; asset management; payroll processing and supplier’s expenses.

      3.24.11 The ANAO will finalise the assessment of the complex manual processes for financial reporting and coverage over the ATO’s external compliance program as part of the 2020–21 final audit. The ANAO will also conduct further testing on the effective operation of the ATO’s IT application controls during the 2021–21 final audit.

      3.24.12 To date, our audit coverage has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.24.13 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that ATO will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      3.25 Reserve Bank of Australia

      Overview

      3.25.1 The objectives of the Reserve Bank of Australia (RBA) are to determine and implement monetary policy, work to maintain a strong financial system and efficient payments system, and issue the nation’s banknotes. As well as being a policymaking body, the RBA provides selected banking services to a range of Australian Government entities and to a number of overseas central banks and official institutions. The RBA is also responsible for the management of Australia’s gold and foreign exchange reserves.

      3.25.2 Figure 3.25.1 shows the 2019–20 financial statement items reported by RBA and the key areas of financial statements risk.

      Figure 3.25.1: Key financial statements items and areas of financial statements risk

      RBA’s financial statements for the year ended 30 June 2020, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.25.3.

      Source: ANAO analysis and RBA’s financial statements for the year ended 30 June 2020.

      3.25.3 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on RBA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of RBA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk and the ANAO’s understanding of the operations of RBA, the ANAO has assessed the risk of a material misstatement as moderate.

      Key financial statements items

      3.25.4 RBA does not receive any annual appropriation funding. The operational functions of RBA are funded from the following sources: net interest income earnings, net gains on securities and foreign exchange and fees and commission income.

      3.25.5 Table 3.25.1 and Table 3.25.2 provide a summary of the key 2019–20 audited financial statements items.

      Table 3.25.1: Key expenses and total own-sourced income

      Expenses and own-source income

      Actual

      ($m) 2019–20

      Total expenses

      664.0

      General administrative

      474.0

      Other

      190.0

      Total own-source income

      3,152.0

      Net gains on securities and foreign exchange

      1,089.0

      Net interest income

      1,498.0

      Fees and commission

      521.0

      Other

      44.0

      Net profit/(loss)

      2,488.0

         

      Source: RBA’s 2019–20 audited financial statements.

      Table 3.25.2: Key assets and liabilities

      Assets and liabilities

      Actual

      ($m) 2019–20

      Total assets

      278,671.0

      Cash and cash equivalents

      516.0

      Australian dollar investments

      211,914.0

      Foreign currency investments

      58,200.0

      Gold

      6,615.0

      Property, plant and equipment

      729.0

      Other

      697.0

      Total liabilities

      248,339.0

      Deposits

      153,541.0

      Distribution payable to the Commonwealth

      2,567.0

      Australian banknotes on issue

      90,102.0

      Other

      2,129.0

      Net assets/(liabilities)

      30,332.0

         

      Note: RBA’s staffing level as at 30 June 2020 was 1,384

      Source: RBA’s 2019–20 audited financial statements.

      Key areas of financial statements risk

      3.25.6 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2020–21 are provided in Table 3.25.3, including areas that were considered Key Audit Matters (KAM) by the ANAO.

      Table 3.25.3: Key areas of financial statements risk

      Relevant financial statements item

      Key area of risk

      Audit risk rating

      Factors contributing to the risk assessment

      Australian dollar investments

      $211.9 billion

      foreign currency investments

      $58.2 billion

      net gain on security and foreign exchange

      $1.1 billion

      Valuation of Australian dollar securities and foreign currency investments

      KAM

      Higher

      • complexity in determining the fair value of a range of investments and securities; and
      • potential for a significant financial impact from fluctuations in the value of the Australian dollar and yield movements.

      Australian banknotes on issue

      $90.1 billion

      Accuracy of the liability for the Australian banknotes

      KAM

      Higher

      • the accuracy of the liability for Australian banknotes on issue is dependent on the assumption that legal tender status is retained by all Australian notes on issue; and
      • high volume of note production and the supply and security of banknotes is structurally significant to the economy.
             

      Source: ANAO 2020–21 risk assessment for RBA, and RBA’s 2019–20 audited financial statements.

      Audit results

      3.25.7 The ANAO has completed its 2020–21 interim audit coverage, including an assessment of the controls relating to: the initiation, authorisation, settlement and recording of Australian dollar investments; the return and issuance of Australian banknotes on issue; and the processing of deposits.

      3.25.8 Audit procedures relating to the effectiveness of key controls for the remaining areas of audit focus will be undertaken as part of the planned 2020–21 final audit.

      3.25.9 In addition, detailed testing procedures relating to: the accuracy of net gains on security and foreign exchange; the valuation of foreign currency and Australian dollar investments and deposits; and accuracy of Australian banknotes on issue will be performed as part of the 2020–21 final audit.

      3.25.10 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2019–20 audit also did not identify any significant or moderate audit findings.

      Conclusion

      3.25.11 Based on our audit coverage to date, key elements of internal control were operating effectively to provide reasonable assurance that RBA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2020–21 final audit.

      Appendices

      Appendix 1 Listing of entities by Portfolio

      1. The following entities have been considered in this report, selected on the basis of their cumulative contribution to the income, expenses, assets and liabilities within the consolidated financial statements. The entities are presented in order of portfolio.

      • Department of Agriculture, Water and the Environment
      • Attorney-General’s Department
      • Department of Defence
        • Department of Veterans’ Affairs
      • Department of Education, Skills and Employment
      • Department of Finance
        • Future Fund Management Agency
      • Department of Foreign Affairs and Trade
      • Department of Health
      • Department of Home Affairs
      • Department of Industry, Science, Energy and Resources
        • Snowy Hydro Limited
      • Department of Infrastructure, Transport, Regional Development and Communications
        • Australian Postal Corporation
        • NBN Co Limited
      • Department of Parliamentary Services
      • Department of the Prime Minister and Cabinet
        • National Indigenous Australians Agency
      • Department of Social Services
        • Services Australia
        • National Disability Insurance Scheme Launch Transition Agency
      • Department of the Treasury
        • Australian Office of Financial Management
        • Australian Taxation Office
        • Reserve Bank of Australia

      Appendix 2 The financial reporting and auditing standards frameworks for 2020−21

      1. The figure below depicts the standard setting framework for financial reporting and auditing, in the Australian Government context.

      Figure A.1: Australian Government standard setting framework

      Figure A.1 depicts the standard setting framework for financial reporting and auditing, in the Australian Government context.

      Source: ANAO compilation.

      Appendix 3 The financial reporting and auditing framework for 2020–21 financial statements

      1. Key elements of the Australian Government’s financial reporting framework are outlined in the diagram below. An overview of the financial reporting requirements for the various types of Australian Government entities covered by the framework and the audit approach for the financial statements of these entities is also described below.

      Figure A.2: Australian Government financial reporting framework

      The financial reporting and auditing framework for 2020–21 financial statements. Key elements of the Australian Government’s financial reporting framework are outlined in the diagram below. An overview of the financial reporting requirements for the various types of Australian Government entities covered by the framework and the audit approach for the financial statements of these entities are also described in this figure.

      Source: ANAO compilation.

      Australian Government reporting entities

      Commonwealth Government of Australia

      2. Section 48 of the PGPA Act requires the Finance Minister to prepare annual consolidated financial statements for the Commonwealth Government of Australia. These financial statements are general purpose financial statements consolidating the financial activities and financial position of Commonwealth entities and other entities controlled by the Commonwealth Government.

      3. The PGPA Act prescribes the Australian Accounting Standards (AASs), and any other requirements prescribed by the rules, as the applicable financial reporting framework for the consolidated financial statements.

      Commonwealth entities

      4. Section 10 of the PGPA Act defines a Commonwealth entity as a department of state, a Parliamentary department, a listed entity or a body corporate of the Commonwealth other than a Commonwealth company. Section 11 of the PGPA Act determines that there are two types of Commonwealth entities: a non-corporate Commonwealth entity, which is a Commonwealth entity that is not a body corporate117; and a corporate Commonwealth entity, which is a Commonwealth entity that is a body corporate and legally separate from the Commonwealth.

      5. Section 42 of the PGPA Act requires the accountable authority of a Commonwealth entity to prepare annual financial statements that comply with the AASs and any other requirements prescribed by the rules.

      6. Resource Management Guide 125: The Commonwealth Entities Financial Statements Guide applies to all Commonwealth reporting entities responsible for preparing financial statements under the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015. The guide includes definitions of terms that have been used in this report.

      Non-corporate Commonwealth entities

      7. Non-corporate Commonwealth entities, comprising departments of state, Parliamentary departments and listed entities, are subject to the provisions of the PGPA Act. In some cases they also operate under their own enabling legislation.

      8. The PGPA Act prescribes the AASs and PGPA Financial Reporting Rule (FRR) as the applicable financial reporting framework for non-corporate Commonwealth entities.

      Corporate Commonwealth entities and subsidiaries

      9. Corporate Commonwealth entities are bodies corporate that hold money on their own account and have been created to perform specific functions. Corporate Commonwealth entities operate under their own enabling legislation and also must comply with the relevant provisions of the PGPA Act.

      10. The PGPA Act prescribes the AASs and FRR as the applicable financial reporting framework for corporate Commonwealth entities. The financial reporting framework applicable to subsidiaries of corporate Commonwealth entities depends on the nature of the subsidiary.

      Commonwealth companies and subsidiaries

      11. Commonwealth companies are companies that are controlled by the Australian Government through majority share holdings or voting rights, or via control over the composition of the company’s board. Commonwealth companies operate and prepare financial statements under the Corporations Act 2001 (Corporations Act).

      12. The applicable financial reporting framework for Commonwealth companies is the Corporations Act, including the AASs and the Corporations Regulations.

      13. The financial reporting framework applicable to subsidiaries of Commonwealth companies depends on the nature of the subsidiary.

      Other bodies

      14. The ANAO also audits the financial statements of other bodies under Commonwealth legislation other than the PGPA Act, including the ‘by arrangement’ provisions in section 20 of the Auditor-General Act 1997. Examples of these other bodies include statutory bodies not established as Commonwealth entities and trusts. The financial reporting framework applicable to these other bodies depends on legislation or other rules that govern that entity.

      Audit of Australian Government entity financial statements

      Audit scope

      15. The accountable authority of a Commonwealth entity is responsible for the preparation and fair presentation of the financial statements and for maintaining records, internal controls, procedures and processes that support the preparation of those statements.

      16. The Directors of a Commonwealth company, or a company that is a subsidiary of either a Commonwealth entity or a Commonwealth company, are responsible for the preparation of financial statements that give a true and fair view and for maintaining records, internal controls, procedures and processes that support the preparation of that report.

      17. The ANAO’s independent audits of financial statements are undertaken to form an opinion whether they are free from material misstatement and present fairly in accordance with applicable accounting standards and legislation. These audits are conducted in accordance with the ANAO Auditing Standards, which incorporate the Australian Auditing Standards and provide reasonable assurance.

      18. Audit procedures include an examination of the entity’s records and its internal control, information systems, control procedures and statutory disclosure requirements. Evidence supporting the amounts and other information in the statements is examined on a test basis, and accounting policies and significant accounting estimates are evaluated.

      19. The entity’s internal control relevant to the entity’s preparation and fair presentation of the financial statements or reports is considered in order to design audit procedures that are appropriate in the circumstances. In some audits, audit procedures concentrate primarily on substantiating the amounts appearing in the financial statements and do not include detailed testing of systems and internal controls.

      20. The primary responsibility for the prevention and detection of fraud and error rests with both those charged with the governance and the management of an entity. The auditor is not responsible for the prevention or detection of fraud and error.

      The auditor’s report on financial statements

      21. The ANAO auditor’s report on the financial statements includes a statement of the auditor’s opinion as to whether the financial statements present fairly the entity’s financial position, the results of its operations and its cash flows in accordance with the applicable financial reporting framework.

      22. If the auditor is not of that opinion, the auditor’s opinion is modified, with the reasons being indicated.

      23. The auditor’s report on the financial statements may also include an ‘emphasis of matter,’ ‘other matter’ or ‘material uncertainty related to going concern’ paragraph. A report on other legal and regulatory requirements may accompany the auditor’s report on the financial statements. The inclusion of these paragraphs does not modify the auditor’s opinion.

      Form of auditor’s opinion

      24. An auditor’s opinion is described as ‘unmodified’ when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework.

      25. An auditor’s opinion may be ‘modified’ in one of three ways.

      • A ‘qualified opinion’ is expressed when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in aggregate, are material but not pervasive to the financial statements. A ‘qualified opinion’ is also expressed when the auditor, having been unable to obtain sufficient appropriate audit evidence, concludes that the possible effects on the financial statements of undetected misstatements could be material but not pervasive.
      • A ‘disclaimer of opinion’ is expressed when the auditor, having been unable to obtain sufficient appropriate audit evidence on which to base the opinion, concludes that the possible effects on the financial statements of undetected misstatements could be both material and pervasive. A ‘disclaimer of opinion’ is also expressed when the auditor, having been able to obtain sufficient appropriate audit evidence regarding individual uncertainties, concludes that the potential interaction of the uncertainties and their possible cumulative effect on the financial report cannot be determined.
      • An ‘adverse opinion’ is expressed when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements individually or in aggregate, are both material and pervasive to the financial statements.
      Emphasis of matter

      26. An ‘emphasis of matter’ paragraph is included in the auditor’s report when the auditor considers it necessary to draw to users’ attention a matter presented in the financial statements that, in the auditor’s judgement, is of such importance that it is fundamental to the users’ understanding of the financial statements. The circumstances in which an emphasis of matter is used include:

      • when financial statements and the auditor’s report have been issued and a fact is discovered that leads to revised financial statements and a new auditor’s report being prepared; and
      • when financial statements have been prepared in accordance with a special purpose framework, and as a result the financial statements may not be suitable for another purpose.
      Other matter

      27. The auditor’s report on the financial statements may also include a reference to an ‘other matter’. This allows the auditor to communicate a matter other than a matter that is presented or disclosed in the financial statements that, in the auditor’s judgement, is relevant to users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report.

      Material uncertainty related to going concern

      28. The auditor’s report on the financial statements will also include a reference to a ‘material uncertainty related to going concern’ when there are possible or actual events or conditions that may cast significant doubt on an entity’s ability to continue as a going concern and the financial statements include adequate disclosure about the uncertainty and management’s plans to deal with the uncertainty.

      Report on other legal and regulatory requirements

      29. The auditor’s report on the financial statements may also include a report on other legal and regulatory requirements. This report covers matters that the Auditor-General is required by law to report on in conjunction with the financial statements audit.

      Footnotes

      1 The five entities are the Departments of: Defence; Health; Social Services; National Disability Insurance Scheme Launch Transition Agency and Services Australia.

      2 The five entities are the: Departments of: Defence; Health; Social Services; National Disability Insurance Scheme Launch Transition Agency (NDIA) and Services Australia.

      3 There is a range of different governance structures within Commonwealth entities depending on particular legal status or enabling legislation. The term ‘accountable authority’, as defined in the PGPA Act, is used in this report to describe the person or body responsible for an entity’s governance.

      4 The departments of: Defence; Health; Social Services; NDIA and Services Australia.

      5 Section 13 (PGPA Act) defines officials of Commonwealth entities.

      6 In accordance with section 8 of the PGPA Act finance law means the PGPA Act or PGPA Rules, any instrument made under the PGPA Act or Appropriation Acts.

      7 The ANAO has not audited the effectiveness of the executive management structures.

      8 Sections 45 and 92 of the Public Governance, Performance and Accountability Act 2013.

      9 ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, 3rd edition, available from https://www.asx.com.au/documents/asx-compliance/cgc-principles-and-recommendations- 3rd-edn.pdf [accessed 3rd of April 2020].

      10 An amendment to the PGPA Rule applicable from 1 July 2021, requires that the audit committee members for non-corporate Commonwealth entities are not officials of the entity; furthermore a majority of members must not be officials of any Commonwealth entity. For corporate Commonwealth entities and Commonwealth companies, all members of the audit committee must be persons who are not employed by the entity. For more information please refer to paragraph 1.52.

      11 Public Governance, Performance and Accountability Amendment (2020 Measures No. 1) Rules 2020 (legislation.gov.au).

      12 The five entities excluded were the Australian National Audit Office as it is not reported on in the financial statements-related audit reports presented to Parliament; Australian Secret Intelligence Service, Australian Security Intelligence Organisation, and the Office of National Intelligence, as they have exemptions under section 105D of the PGPA Act and the Australian National University which had not tabled its 2020 annual report as at 30 April 2021.

      14 The two non-corporate Commonwealth entities that did not have an audit committee charter available on their website were National Blood Authority and the National Health Funding Body.

      15 The five corporate Commonwealth entities that did not have an audit committee charter available on their website were the Army and Air Force Canteen Service, Cotton Research and Development Corporation, Grains Research and Development Corporation, National Offshore Petroleum Safety and Environmental Management Authority and the Royal Australian Air Force Veterans Residences Trust.

      16 The Commonwealth company that did not have an audit committee charter available on its website was National Australia Day Council.

      17 The newly established/merged agency has an obligation to report the audit committee disclosure requirements and is responsible for obtaining information from the merged/abolished agency. https://www.finance.gov.au/audit-committee-disclosure-requirements-annua... (Accessed: 23 April 2021).

      18 The entities that did not report audit committee membership detail were the Australian Institute of Criminology and North Queensland Water Infrastructure Authority.

      19 The two non-material companies that did not report audit committee membership detail were the Army Amenities Fund (AAF) Company and the Royal Australian Air Force Welfare Recreational Company. Both entities only named two members of the audit committee. The Army Amenities Fund (AAF) Company reported the third position on the audit committee as ‘Independent’. The Royal Australian Air Force Welfare Recreational Company reported the third position on the audit committee as vacant. The PGPA Act requires a minimum of three members for an audit committee.

      20 One audit committee covered three entities. These entities were the Department of Agriculture, Water and the Environment; Director of National Parks and the Sydney Harbour Federation Trust.

      21 One audit committee covered three entities. These entities were the Department of Agriculture, Water and the Environment; Director of National Parks and the Sydney Harbour Federation Trust.

      23 The entities were the Australian Institute of Criminology and North Queensland Water Infrastructure Authority.

      24 The non-material corporate Commonwealth entities were the Australian Film Television and Radio School, Australian Institute of Health and Welfare, Food Standards Australia and New Zealand, Royal Australian Air Force Veterans Residences Trust Fund, and Royal Australian Navy Central Canteens Board.

      25 The non-material companies that did not report the qualifications, skills or experience of each member were: Army Amenities Fund (AAF) Company; Australian Strategic Policy Institute Ltd; and Royal Australian Air Force Welfare Recreational Company. The Royal Australian Air Force Welfare Recreational Company had a vacant position on the audit committee therefore has been assessed as not meeting the requirement.

      26 The non-material entities were Australian Institute of Criminology, National Competition Council and North Queensland Water Infrastructure Authority.

      27 The non-material corporate Commonwealth entities were Royal Australian Air Force Veterans Residences Trust Fund and Royal Australian Navy Central Canteens Board.

      28 The non-material Commonwealth companies were Army Amenities Fund (AAF) Company, Australian Strategic Policy Institute, Bundanon Trust and Royal Australian Air Force Welfare Recreational Company. The Royal Australian Air Force Welfare Recreational Company had a vacant position on the audit committee therefore has been assessed as not meeting the requirement.

      30 The non-material non-corporate Commonwealth entities were Australian Fisheries Management Authority, Australian Institute of Criminology, National Health Funding Body and North Queensland Water Infrastructure Authority. The National Health Funding Body reported remuneration for three of the four members. The Australian Fisheries Management Authority, did not report remuneration in the annual report available on the entity website but did report remuneration in the version of the annual report published on transparency.gov.au.

      31 The non-material corporate Commonwealth entities that did not include specific member remuneration were Anindilyakwa Land Council, Army and Air Force Canteen Service, Australian Curriculum Assessment and Reporting Authority, Australian National Maritime Museum, Australian Sports Commission, Australian War Memorial, Civil Aviation Safety Authority, Commonwealth Superannuation Corporation, Cotton Research and Development Corporation, Fisheries Research and Development Corporation, Food Standards Australian and New Zealand, Grains Research and Development Corporation, Infrastructure Australia, National Film and Sound Archive, National Museum of Australia, National Portrait Gallery of Australia, Royal Australian Air Force Veterans Residences Trust Fund, Royal Australian Navy Central Canteens Board, Special Broadcasting Service Corporation, Tourism Australia and Wine Australia. The Australian War Memorial reported a value for remuneration for the members of the audit committee. This amount was the total director remuneration and not the remuneration for the role on the audit committee. As such, this has been classified as not reported.

      32 The non-material companies that did not disclose specific information relating to audit committee remuneration included: Army Amenities Fund (AAF) Company; Australian Strategic Policy Institute Ltd; Financial Adviser Standards and Ethics Authority Ltd; National Australia Day Council; and Royal Australian Air Force Welfare Recreational Company. The Australian Institute for Teaching and School Leadership Ltd, reported the remuneration paid to one of the four audit committee members. The three members that did not have specific audit committee remuneration disclosed were directors of the entity. The Royal Australian Air Force Welfare Recreational Company had a vacant position on the audit committee therefore has been assessed as not meeting the requirement.

      33 The average remuneration for an audit committee is based on the total remuneration of all members of audit committees that reported remuneration divided by the number of entities that reported remuneration.

      34 The average number of members for an audit committee is calculated based on the total number of audit committee members for entities that reported remuneration divided by the number of entities that reported remuneration.

      35 The entities were: Asbestos Safety and Eradication Agency; Australian Commission for Law Enforcement Integrity; Australian Skills Quality Authority; Commonwealth Grants Commission; Geoscience Australia; Office of the Australian Information Commissioner; Office of the Inspector-General of Intelligence and Security; and Workplace Gender Equality Agency.

      36 The averages have been calculated using the reported information from entities identified in Table 1.5.

      37 Controls report entities are those 25 entities that are separately reported in Chapter 3 of this report.

      38 The Department Education, Skills and Employment was subject to a machinery of government change during the 2019–20 financial year. This resulted in changes to members on the audit committee. The department reported all members that served at any time during the year.

      39 PGPA Rule subsection 174(4).

      40 The Future Fund Management Agency and NBN Co Limited did not report specific detail relating to audit committee remuneration.

      41 The entities are: Australian Office of Financial Management; Future Fund Management Agency; NBN Co; and Reserve Bank of Australia.

      42 The Department of Agriculture, Water and the Environment is delivering an annual work plan for 2020–21 but does not have a strategic forward internal audit program.

      43 Entities are recommended by the Australian Cyber Security Centre to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

      44 Attorney-General's Department, 10 Safeguarding information from cyber threats [Internet], Attorney-General's Department, AU, 2021, available from https://www.protectivesecurity.gov.au/ [accessed 20 April 2021].

      45 The mandatory Essential Eight strategies are application control, patching applications, restricting administrative privileges, and patching operating systems. The non-mandatory Essential Eight strategies are configuring Microsoft Office macros, user application hardening, multi-factor authentication, and daily backups of systems and data.

      46 ASD, Strategies to Mitigate Cyber Security Incidents, AU, 2017, available from https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-m... [accessed 23 April 2021].

      47 The purpose of application control is to protect systems and networks from security vulnerabilities in existing applications, and prevent unauthorised applications from running on ICT systems.

      48 To protect ICT systems from known vulnerabilities, the patching applications and operating system strategies require entities to deploy security patches as soon as possible after being identified by vendors, independent third parties, system managers or users.

      49 Misuse of privileged access can lead to significant security compromises, such as the unauthorised disclosure of information, systems or processes becoming unavailable, or financial impropriety. The restricting administrative privileges strategy includes a requirement for administrative privileges to be regularly reviewed, and restricted only to users who need them and are duly authorised.

      50 ASD (n 46).

      51 The remaining mitigation strategies includes the following Essential Eight strategies: user application hardening, configure Microsoft Office macro settings, multi-factor authentication and daily backups.

      52 Department of Finance, Budget Measures, Budget Papers No. 2, 2019-20, p66, available from https://parlinfo.aph.gov.au/, [accessed on 11 May 2021].

      53 Due to the timing of the interim audit work, two entities were excluded from the analysis. These entities were: Future Fund Management Agency and the Australian Office of Financial Management.

      54 Four entities in this report are corporate Commonwealth entities or Commonwealth companies, and are not required to report on compliance with the PSPF. These entities are: Australian Postal Corporation; NDIA; NBN Co; and the Reserve Bank of Australia.

      55 When applications are frequently updated and appropriate security settings applied, it is more difficult for adversaries to exploit any security vulnerabilities they may discover. Disabling unneeded features in Microsoft Office and configuring web browsers to block Flash, Internet advertisements and Java further reduces the risk of malicious content being introduced to entities’ ICT environments.

      56 Effectively configured Microsoft Office macro settings address adversaries’ attempts to create macros that can deny users’ access to sensitive or classified information.

      57 Multi-factor authentication requires users to provide at least two independent methods to gain access to an ICT system. These may include:

      • something a user knows, such as a password;
      • something a user has, such a physical token or software-based certificate; and
      • something unique to the user, such as their fingerprint.

      58 Joint Committee of Public Accounts and Audit, Report 485, Cyber Resilience, available from https://parlinfo.aph.gov.au/parlInfo/download/committees/reportjnt/024465/toc_pdf/Report485CyberResilience.pdf;fileType=application%2Fpdf [accessed on 12 April 2021].

      59 Australian National Audit Office, Reports No.53, Cyber Resilience, available from https://www.anao.gov.au/work/performance-audit/cyber-resilience-2017-18 [accessed on 6 May 2021]

      60 Australian National Audit Office, Report No.32, Cyber Security Strategies of Non-Corporate Commonwealth Entities, available from https://www.anao.gov.au/work/performance-audit/cyber-security-strategies-non-corporate-commonwealth-entities [accessed 20 April 2021].

      61 At time of compilation, assessments of the control environments of the Departments of: Finance; Social Services; and Veterans Affairs; NDIA; NBN Co; Reserve Bank of Australia; Services Australia and Snowy Hydro Limited were still in progress. Findings raised in the course of the audit have been reflected in this report.

      62 Further details regarding the moderate findings carried over from the previous year are detailed in chapter 3 for the Department of Health and Services Australia.

      63 Further details regarding the moderate findings can be found in chapter 3 for the Departments of: Health and Social Services; NDIA and Services Australia.

      64 ISM control 0430.

      65 Multi-factor authentication uses two or more authentication factors to confirm a user’s identity. This may include: something a user knows, such as a password; something a user has, such as a Universal 2nd factor security key, physical one-time password token or smartcard and something a user is, such as a fingerprint or their facial geometry

      66 ISM control 0421. The previous requirement had been for a minimum of 10 characters with complexity.

      67 ITIL is a framework for designing, implementing, delivering and managing IT services. It was originally developed in the 1990s with the support of the UK Government, and has been widely adopted by public and private sector entities world-wide.

      68 Further details of the audit findings can be found in the Department of Defence and NDIA sections in Chapter 3.

      69 Further details of the audit finding can be found in the Department of Health section in Chapter 3.

      70 Further details of the audit finding can be found in the Department of Defence section in Chapter 3.

      71 As at 12 May 2021 the following appropriation bills had passed both Houses of Parliament but had not yet received Royal Assent: Appropriation Bill (No.3) 2020–2021 and Appropriation Bill (No.4) 2020–2021.

      72 Performance audits have been included in this report where they have tabled prior to 30 April 2021.

      73 Auditor-General Report No. 13 2020–21, available from https://www.anao.gov.au/work/assurance-review/advances-to-the-finance-mi...

      74 The ANAO’s rating scale for findings can be found in Chapter 1 at Table 1.8.

      75 As at 30 April 2021.

      76Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021; Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      77 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      78Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021; Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      79 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      80Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      81 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      82Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      83 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      84Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      85 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      86Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      87 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      88 Australian Government, 2017 Foreign Policy White Paper [Internet], Department of Foreign Affairs and Trade, 2017, available from: https://www.dfat.gov.au/publications/minisite/2017-foreign-policy-white-paper/fpwhitepaper/index.html [accessed 18 May 2021].

      89Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      90 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      91Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      92 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020-21.

      93Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      94 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      95Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      96 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      97Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      98 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      99 Table 2.2, Department of the Treasury Portfolio Budget Statements 2020–21.

      100Supply (Parliamentary Departments) Act (No.1) 2020–2021 and Appropriation (Parliamentary Departments) Act (No.1) 2020–2021.

      101Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      102 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      103Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      104 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      105 Particularly Services Australia, which is responsible for processing significant volumes of complex benefit payments on behalf of DSS.

      106Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, and Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      107 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 202021.

      108Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021, Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      109 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020-21.

      110Supply Act (No.1) 2020–21

      111Supply Act (No.1) 2020–2021; Supply Act (No.2) 2020–2021; Appropriation Act (No.1) 2020–2021 and Appropriation Act (No. 2) 2020–2021; Appropriation Bill (No.3) 2020–2021; and Appropriation Bill (No.4) 2020–2021.

      112 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      113Supply Act (No.1) 2020–2021 and Appropriation Act (No.1) 2020–2021.

      114 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020–21.

      115 This is provided through Supply Act (No. 1) 2020-2021, Supply Act (No. 2) 2020-2021, Appropriation Act (No.1) 2020-2021 and Appropriation Act (No. 2) 2020-2021.

      116 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2020-21.

      117 Three entities have a body corporate status but are prescribed as non-corporate Commonwealth entities. These are the Australian Competition and Consumer Commission; the Australian Prudential Regulation Authority; and the Australian Securities and Investments Commission.