The Australian National Audit Office (ANAO) publishes two reports annually addressing the outcomes of the financial statement audits of Australian government entities and the Consolidated Financial Statements (CFS) of the Australian Government to provide Parliament an independent examination of the financial accounting and reporting of public sector entities. This report focuses on the results of the interim audit phase, including an assessment of entities’ key internal controls, of the 2016–17 financial statements audits of 25 entities including all departments of state and a number of major Australian government entities.

Executive summary

1. The primary purpose of financial statements is to provide relevant, reliable information to users about a reporting entity’s financial position. In the public sector, the users of financial statements include Parliament, Ministers and the community. The preparation of timely and accurate audited financial statements is also an important indicator of the effectiveness of an entity’s financial management, which fosters confidence in an entity on the part of users.

2. The Australian National Audit Office (ANAO) publishes two reports annually addressing the outcomes of the financial statement audits of Australian government entities1 and the Consolidated Financial Statements (CFS) of the Australian Government to provide Parliament an independent examination of the financial accounting and reporting of public sector entities.

3. This report focuses on the results of the interim audit phase, including an assessment of entities’ key internal controls, of the 2016–17 financial statements audits of 25 entities, including all departments of state and a number of major Australian government entities. The entities included in the 2016–17 report are selected on the basis of their contribution to the revenues, expenses, assets and liabilities of the 2015–16 CFS. Significant and moderate audit findings are reported to the responsible Minister(s), and all findings are reported to those charged with governance of each entity.

4. The second report provides the results of the 2016–17 final audits of the financial statements of all Australian Government controlled entities and the CFS.

Summary of audit findings and related issues

Entity internal controls

5. A central element of the ANAO’s financial statements audit methodology and the focus of the planning phase of ANAO audits is a sound understanding of an entity’s environment and internal controls. This understanding informs our audit approach, including the reliance placed on entity systems to produce financial statements that are free from material misstatement. To do this, the ANAO uses the framework contained in the Australian Auditing Standard 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment (ASA 315).

6. At the completion of the interim audits, the ANAO reported that:

  • Eighteen entities had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
  • Four entities, that except for particular finding/s outlined in chapter 3, had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
  • The findings outlined in chapter 3 for three entities reduced the level of confidence that can be placed on key elements of internal control that support the preparation of financial statements that are free from material misstatement for these entities.

7. The key elements of internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

Summary of audit findings

8. A total of 110 findings were reported to the entities included in this report as a result of interim audits. These comprised one significant, 20 moderate and 89 minor findings. The number of significant findings is consistent with the 2015–16 results. The level of moderate and minor audit findings increased when compared with the interim results of 2015–16 where 17 moderate and 71 minor findings were reported.

9. Sixty seven per cent of significant and moderate findings continue to be in the areas of: compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting; and management of IT controls, particularly the management of privileged users. These areas warrant further attention by entity management.

10. Entities have an ongoing responsibility to monitor the effectiveness of their systems and related controls to be confident of the integrity of the financial information reported to management and in the annual financial statements.

Audit Committees

11. An independent audit committee is a fundamental principle of good governance. The audit committee plays a key role in assisting the accountable authority to fulfil its governance, risk management and oversight responsibilities through the provision of independent assurance and advice.

12. The entities considered in this report have met the minimum requirements set out in the Public Governance Performance and Accountability Rule 2014 (the PGPA Rule) for the establishment of audit committees in relation to financial reporting. The ANAO’s observations indicate there is an opportunity for entities to build on the core requirements of the PGPA Rule and to consider how the effectiveness of audit committees could be further enhanced.

Reporting relating to compliance with finance law

13. From 2015–16, the Department of Finance changed the compliance reporting process to require entities to report significant non-compliance with finance law2 to both the Minister for Finance and the responsible Minister.

14. The ANAO’s review noted that entities had continued to undertake the processes for monitoring and reporting all instances of non-compliance that were applied under the previous certificate of compliance requirements. Entities reported a summary of all instances of non-compliance identified during the 2015–16 reporting period to the accountable authority and audit committee along with a recommendation as to whether any non-compliance was considered to be significant.

Reporting and auditing frameworks

Disclosure of Related Party Transactions

15. From 1 July 2016 all Australian Government controlled entities are required to disclose material transactions with related parties in the notes to their financial statements in accordance with AASB 124 Related Party Disclosures (AASB 124). Related parties may include CEOs, board members and Ministers, as well as close family members and controlled entities of these parties.

Enhancing performance reporting

16. The PGPA Act requires each Commonwealth entity to produce a four-year corporate plan at least once each financial year and provide it to the responsible Minister and the Minister for Finance. Each entity is also required to include annual performance statements in its annual report. The ANAO has continued audit work in this area in 2016–17.

Reduced Disclosure Requirements

17. Australian Accounting Standards include a Reduced Disclosure Regime (RDR) option that allows for some specified disclosures to be omitted from the general purpose financial statements of certain entities. The Minister for Finance has determined that, with some exceptions, Australian Government entities may apply the RDR from 2016–17.

Auditor’s report on the financial statements

18. In December 2015, the Australian Auditing and Assurance Standards Board issued a suite of new and revised standards dealing with auditor reporting. A number of revisions were made in the standards with the aim of increasing the transparency and value of auditor reporting.

19. These changes are now effective for the ANAO and users will see significant changes to the auditor’s reports issued by the ANAO for financial years ended 30 June 2017. Auditor’s reports on financial statements will be longer than before with key information given appropriate prominence. For entities included in this report, the ANAO will also include key audit matters in the 2016–17 auditor’s reports.

Other developments

20. The Minister for Finance and the Secretary of the Department of the Prime Minister and Cabinet have requested respectively government business enterprises and government entities to provide additional information relating to senior management personnel remuneration on their websites.

Cost of this report

21. The cost to the ANAO of producing this report is approximately $435 000.

1. Summary of audit findings and related issues

Chapter coverage

This chapter provides:

  • an overview of the ANAO’s audit approach to financial statements audits;
  • a summary of observations regarding the internal controls of those entities included in this report;
  • a summary of audit findings identified at the conclusion of the interim audit; and
  • observations relating to the establishment of audit committees and reporting relating to compliance with finance law.
Conclusion

At the completion of the interim audits, the ANAO reported that:

  • Eighteen entities had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
  • Four entities, that except for particular finding/s outlined in chapter 3, had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
  • The findings outlined in chapter 3 for three entities reduce the level of confidence that can be placed on key elements of internal control that support the preparation of financial statements that are free from material misstatement for these entities.

A total of 110 findings were reported to the entities included in this report as a result of interim audits. These comprised 1 significant, 20 moderate and 89 minor findings. This is an increase on the interim results of 2015–16 with a total of 89 findings reported comprising 1 significant, 17 moderate and 71 minor findings.

Sixty-seven per cent of significant and moderate findings continue to be in the areas of: compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting; and management of IT controls, particularly the management of privileged users. These areas warrant further attention by entity management.

The entities considered in this report have met the minimum requirements set out in the Public Governance Performance and Accountability Rule 2014 (the PGPA Rule) for the establishment of audit committees in relation to financial reporting. The ANAO’s observations indicate there is an opportunity for entities to build on the core requirements of the PGPA Rule and to consider how the effectiveness of audit committees could be further enhanced.

The ANAO observed that entities had continued to undertake the processes for monitoring and reporting instances of non-compliance that were applied under the previous certificate of compliance requirements. Entities reported a summary of all instances of non-compliance identified during the 2015–16 reporting period to the accountable authority and audit committee along with a recommendation as to whether any non-compliance was considered to be significant.

Entities have an ongoing responsibility to monitor the effectiveness of systems and related controls to be confident of the integrity of the financial information reported to management and through annual financial statements.

Introduction

1.1 The ANAO publishes an Annual Audit Work Program (AAWP) which reflects the ANAO’s strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public and government sector entities of the planned audit coverage for the Australian Government sector by way of financial statements audits, performance audits and other assurance activities.

1.2 The financial statements audit coverage as outlined in the AAWP includes presenting two reports to the Parliament addressing the outcomes of the financial statements audits of Australian Government entities and the Consolidated Financial Statements of the Australian Government (CFS). These reports provide Parliament an independent examination of the financial accounting and reporting of public sector entities.

1.3 This report focuses on the interim results of the audits of 25 entities. This includes a review of the governance arrangements related to entities’ financial reporting responsibilities and an examination of the relevant internal controls, including information technology system controls, that support the preparation of financial statements that are free from material misstatement.

1.4 The second report presents the final results of the financial statements audits of the CFS and all Australian Government entities.

1.5 The entities included in this report are those entities that contribute significantly to the three sectors of the CFS: the General Government Sector (GGS), Public Non-Financial Corporation (PFNC) sector and Public Financial Corporation (PFC) sector.3 A listing of these entities is provided in Appendix 1.

1.6 The ANAO conducts its financial statements audits in four phases: planning, interim, final and completion. Figure 1.1 outlines the key elements of each phase.

Figure 1.1: ANAO financial statements audit process

1.7 Accountable authorities4 of all Commonwealth entities and companies subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act) are required to govern the entity in a way that promotes the proper use and management of public resources, the achievement of the purposes of the entity and the entity’s financial sustainability.5 This requires the development and implementation of effective corporate governance arrangements and internal controls designed to meet the individual circumstances of each entity. These processes also assist in the orderly and efficient conduct of the entity’s business, and compliance with applicable legislative requirements, including the preparation of annual financial statements that present fairly the entity’s financial position, financial performance and cash flows.

1.8 A central element of the ANAO’s financial statements audit methodology, and the focus of the planning phase of the ANAO audits, is a sound understanding of an entity’s environment and internal controls relevant to assessing the risk of material misstatement in the financial statements. This understanding informs the ANAO’s audit approach, including the reliance that may be placed on entity systems to produce financials statements that are free from material misstatement. The interim phase of the audit assesses the operating effectiveness of controls. In the final audit phase the ANAO completes its assessment of the effectiveness of controls for the full year, substantively tests material balances and disclosures in the financial statements, and finalises its audit opinion on entities’ financial statements.

1.9 The auditor’s understanding of the entity, its environment and its controls, helps the auditor design the work needed and respond to significant risks that bear on financial reporting. The key areas of financial statements risks determined as a result of this planning approach are discussed in chapter 3 for each entity included in this report.

1.10 In accordance with generally accepted auditing practice, the ANAO accepts a low level of risk that the audit procedures will fail to detect that the financial statements are materially misstated. This low level of risk is accepted because it is too costly to perform an audit that is predicated on no level of risk. Specific audit procedures are performed to ensure that the risk accepted is low. These procedures include: obtaining knowledge of the entity and its environment, reviewing the operation of internal controls, undertaking analytical reviews, testing a sample of transactions and account balances, and confirming significant year end balances with third parties.

1.11 This chapter outlines observations made by the ANAO through obtaining this understanding, and the summarised results of testing of entities’ underlying control activities.

Understanding entities and their environments

1.12 The ANAO uses the framework in ASA 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment to consider the impact of different elements of an entity’s internal controls supporting the preparation of financial statements. This approach provides a basis for designing and implementing responses to the assessed risk of material misstatement. Figure 1.2 outlines these elements.

Figure 1.2: Elements of entity internal controls

Source: ASA 315 Identifying and assessing the risk of material misstatement through understanding the entity and its environment, paragraph A58.

1.13 This chapter discusses each of these elements and outlines observations based on the ANAO’s review of aspects of each entity’s internal control, relevant to the risk of material misstatement to the financial statements, including the detailed results of the interim audits.

Control environment

1.14 The PGPA Act sets out the requirements to establish and maintain systems relating to risk and control. Division 2, section 16 of the PGPA Act states that:

The accountable authority of a Commonwealth entity must establish and maintain:

(a) an appropriate system of risk oversight and management for the entity; and

(b) an appropriate system of internal control for the entity;

including by implementing measures directed at ensuring officials of the entity comply with finance law.6

1.15 In assessing an entity’s control environment that supports the preparation of financial statements that are free from material misstatement, the ANAO reviews aspects of the governance structures. The ANAO considers whether management has established frameworks and processes that promote positive attitudes, awareness and actions concerning the entity’s internal controls and their importance in the entity. The main elements reviewed include: governance structures relevant to the preparation of the financial statements; audit committee and assurance arrangements; and systems of authorisation, recording and procedures.

1.16 All entities included in this report had established executive management structures that met at least monthly, in the form of Executive Committees and sub-committees, supporting financial decision making at the strategic and operational levels.

1.17 Consistent with previous years, consideration of financial reporting including accrual information was included on the agendas of all 25 entities’ executive and audit committees. The financial information provided to the entities’ executives was supplemented by non-financial operational information.

1.18 Clear accountability structures are important in establishing a strong internal control environment for the purposes of preparing the financial statements. The involvement of those charged with governance is an important element of these structures. Just as important is ensuring that staff at all levels understand their own role in the control framework. This can be achieved through the issuance of accountable authority instructions7, and delegation instruments. All entities reviewed had established accountable authority instructions and delegations reflecting current business arrangements.

1.19 At the completion of the interim audits, the ANAO reported that:

  • Key elements of internal control were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.8
  • Except for particular finding/s outlined in chapter 3, key elements of internal control were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.9
  • The findings outlined in chapter 3 reduce the level of confidence that can be placed on key elements of internal control that support the preparation of financial statements that are free from material misstatement.10

1.20 The key elements of internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audits.

Audit committees

1.21 ANAO Report No.33 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016 examined the arrangements of audit committees for a sample of twenty entities. As part of the 2016–17 interim audits, the ANAO extended this assessment to all entities included in this report.

1.22 Section 45 of the PGPA Act requires accountable authorities of Commonwealth entities to establish an audit committee. Commonwealth companies are required to establish an audit committee under section 92 of the PGPA Act.

1.23 An independent audit committee is a fundamental principle of good governance.11 The audit committee plays a key role in assisting the accountable authority to fulfil its governance, risk management and oversight responsibilities through the provision of independent assurance and advice.

1.24 Section 17 of the Public Governance Performance and Accountability Rule 2014 (PGPA Rule) sets out the minimum requirements relating to the audit committee of a Commonwealth entity. Key requirements of the PGPA Rule include:

  • A written charter, set by the accountable authority, determining the functions of the audit committee for the entity. These functions must include reviewing the appropriateness of the accountable authority’s:
    • financial reporting;
    • performance reporting;
    • system of risk oversight and management; and
    • system of internal control.
  • Membership of the committee to include at least three persons with appropriate qualifications, skills or experience to assist the committee to perform its functions and a majority of committee members must be independent of the entity.
  • Persons that must not be a member of the audit committee: the accountable authority or, if the accountable authority has more than one member, the head; the Chief Financial Officer; and the Chief Executive Officer.

1.25 All entities included in this report had established an audit committee and had developed and endorsed an audit committee charter which set out the responsibilities required by the PGPA Rule.

1.26 To assist the audit committee in discharging its responsibilities the entities developed a formal work plan detailing which meetings these responsibilities would be considered during the financial year.

1.27 The PGPA Rule requires that audit committees have a majority of independent members.12Audit Committees A Guide to Good Practice, released jointly by the Auditing and Assurance Standards Board, the Australian Institute of Company Directors and the Institute of Internal- Auditors Australia, notes that independent audit committee members are those:

… free from any management, business or other relationship that could reasonably be perceived to materially interfere with their ability to act in the best interests of the entity. Independence is arguably a state of mind, and cannot necessarily be assessed by a person’s relationship with the entity. It is commonplace to examine an audit committee members’ past and current relationships with the entity as indicators of independence, or otherwise.

1.28 The ANAO observed that all entities had established audit committees consisting of a majority of members which were assessed by the entity to be independent. Twenty-one entities had appointed an independent audit committee chair.13

1.29 Seventeen14 entities had established a sub-committee to support the audit committee in discharging its responsibility in regard to advising the accountable authority on the appropriateness of the entity’s financial reporting. Of these, 16 entities’ sub-committees comprised internal staff members and were chaired by an independent member of the audit committee. One sub-committee was chaired by a non-independent audit committee member.15 Nine financial statements sub-committees included the Chief Financial Officer as a member.16

1.30 The ANAO observed that the responsibilities of financial statements sub-committees varied among entities and included: oversight of accounting policy decisions; review of key management judgements and estimates; and oversight of the financial statements preparation process. The sub-committees reported to the audit committee through either a standing agenda item at each meeting or at year-end.

1.31 In setting up such sub-committees, audit committee members should ensure that they are not delegating their responsibilities or diluting the independence requirements of the PGPA rule.

1.32 The entities considered in this report have met the minimum requirements set out in the PGPA rule for the establishment of audit committees in relation to financial reporting. The ANAO’s observations indicate there is an opportunity for entities to build on the core requirements of the PGPA Rule and to consider how the effectiveness of audit committees could be further enhanced.

Risk assessment processes

1.33 Section 16 of the PGPA Act sets out an accountable authority’s responsibilities in regard to the establishment of appropriate risk oversight and management in an entity. An understanding of an entity’s risk assessment process is essential to an effective and efficient financial statements audit. The ANAO reviews how entities identify risks relating to financial statements, how these risks are managed and considers the risk of material misstatement of an entity’s financial statements.

1.34 All entities reviewed had a risk management process to develop and update risk management plans at the organisational and work area levels. In addition, each had developed processes for the identification and notification of risks relevant to financial statements preparation either as part of the overall risk management plan, or through a targeted risk identification exercise. The monitoring of risks, and the entities’ implementation of risk management strategies, was typically assigned to either an executive committee and/or the audit committee.

Fraud control management

1.35 The Commonwealth Fraud Control Framework (the Framework) outlines the principles for fraud control within the Australian Government and sets minimum standards to assist entities in carrying out their responsibilities to combat fraud against government programs. As with risk management plans, fraud control plans need to be reviewed regularly and updated when significant changes to roles or functions occur, so that they reflect an entity’s current fraud risk and control environment. There are benefits in entities assessing fraud risks as part of risk management processes.

1.36 The importance of entities establishing effective fraud control arrangements is recognised in section 10 of the PGPA Rule, which specifies that accountable authorities must develop and implement a fraud control plan for the entity. The Framework requires entities to conduct fraud risk assessments regularly and when there is a substantial change in the structure, functions or activities of the entity.17

1.37 In assessing the risks of material misstatement of an entity’s financial statements, the Auditor-General considers misstatements arising from both fraud and error. In respect of fraud, two types of intentional misstatements are relevant – misstatements arising from fraudulent financial reporting and misstatements resulting from the misappropriation of assets. ASA 240 The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report contains requirements for identifying the risks of material misstatement due to fraud, and designing audit procedures to detect such misstatement.

1.38 As part of the ANAO’s 2016–17 interim audits, the ANAO identified that 24 of the entities included in this report had established a fraud control plan that had been reviewed within the last two years. At the time of the ANAO’s interim audit, the Department of the Treasury was in the process of updating its risk assessment.18

1.39 Entities had also assigned responsibility for the oversight and monitoring of fraud control strategies and initiatives to specified fraud and governance roles or dedicated branches and the audit committee.

Monitoring of controls

1.40 Entities undertake many types of activities as part of their monitoring of control processes, including external reviews, self-assessment processes, post-implementation reviews and internal audits. The level of review of these activities by the ANAO is determined through a risk assessment approach that takes into consideration the nature, extent and timing of each activity and the activities application to the preparation of the financial statements.

Internal Audit

1.41 As part of its financial statements audit coverage, the ANAO reviews the activities of internal audit in accordance with ASA 610 Using the Work of Internal Auditors. The ANAO approach takes into account the work completed by internal audit, and, where appropriate, reliance is placed on it to ensure an effective audit approach.

1.42 Internal audit is a key source of independent and objective assurance advice on an entity’s risk framework and internal control. Depending on the role and mandate of an entity’s internal audit function, it can play an important role in assessing the adequacy of both the financial systems that underpin an entity’s financial statements, and the preparation process.

1.43 The ANAO observed that internal audit coverage in the entities included in this report is based on an internal audit plan that is aligned with entities’ risk management plans and includes a combination of audits that address assurance, compliance, performance improvements and IT systems reviews. In addition, recommendations from management, audit committees and external influences, such as the AAWP, are factors considered in the development of internal audit work plans.

1.44 The extent of the ANAO’s reliance on internal audit coverage varies between entities, and greater reliance is placed on internal audit where the work is focused on financial controls and legislative compliance. The ANAO encourages entities to identify opportunities for internal audit coverage of key financial systems and controls as a means of providing increased assurance to accountable authorities to support the opinion expressed on the entity’s financial statements.

Reporting relating to compliance with finance law

1.45 The PGPA Act sections 19 and 91 require accountable authorities of Commonwealth entities, to give the responsible Minister, reasonable notice, of any significant issue that may affect the entity. Prior to 2015–16, general government sector entities were required to submit an annual Certificate of Compliance to the Minister for Finance and the responsible Minister summarising all non-compliance with the PGPA Framework. From 2015–16, the Department of Finance changed the compliance reporting process to require entities to report significant non-compliance with finance law to both the Minister for Finance and the responsible Minister.

1.46 To support the change in requirements, the Department of Finance issued guidance in relation to reporting of significant non-compliance through the Resource Management Guide 214 Notification of significant non-compliance with finance law (PGPA Act, section 19) (RMG 214). The guide outlines factors which may be considered when determining whether significant non-compliance occurred including:

  • failure to comply with the duties of accountable authorities (sections 15 to 19 of the PGPA Act);
  • serious breaches of the general duties of officials (sections 25 to 29 of the PGPA Act) including any fraudulent activity by officials;
  • systemic issues reflecting internal control failings or high volume instances of non-compliance; and
  • non-compliance issues that are likely to impact on the entity’s financial sustainability.

1.47 RMG 214 notes that the accountable authority should consider their entities’ environment when determining whether instances of non-compliance are significant. As part of the interim audits the ANAO considered entities’ application of RMG 214.19

1.48 Entities advised consideration was applied to the nature and volume of breaches when assessing significance.20 The ANAO observed that two entities included quantitative factors in their formal definition. The assessment of whether breaches constitute a significant non-compliance is reliant on professional judgement. All entities reported a summary of instances of non-compliance identified during the 2015–16 reporting period to the accountable authority and audit committee along with a recommendation as to whether any non-compliance was considered to be significant.

1.49 In addition to notifying the relevant Minister of any significant issues which occur, the entity must also report any significant non-compliance in its annual report in line with the PGPA Rule section 17AG.

1.50 There were three entities which reported on compliance with the finance law in their 2015–16 annual report as outlined below.

  • The Department of Defence reported 58 instances of significant non-compliance in relation to matters proven as fraud committed by an official and addressed by Defence authorities through criminal, disciplinary or administrative action.21
  • The Department of Employment reported a number of instances where contracts were executed by officials outside of their financial delegations. The department noted that ‘While the non-compliance does not clearly align to the guidance on what would be considered ‘significant’ under the Department of Finance’s Resource Management Guide 214 – Notification of significant non-compliance with the finance law, the Secretary has determined that on balance and in the interests of transparent administration, the breaches should be disclosed’.22
  • The Department of Education and Training reported one instance, comprising 57 individual breaches, of systemic significant non-compliance. This relates to the Commonwealth Procurement Rule 7.16 which requires agencies to publish on AusTender the information on individual contracts and amendments within 42 days of entering into (or amending) a contract if they are valued at or above the reporting threshold.23

1.51 The ANAO’s review noted that entities had continued to undertake the processes for monitoring and reporting instances of non-compliance that were applied under the previous certificate of compliance requirements.

1.52 Through these processes, in 2015–16 the entities included in this report identified a total of 3 963 instances of non-compliance. Two entities reported no non-compliance24, three entities reported 47% of the non-compliance25 and the remaining 20 entities reported between one and seven per cent of the non-compliance.

1.53 Figure 1.3 provides the ANAO analysis of instances of non-compliance by category as identified by entities in 2015–16.

Figure 1.3: Non-compliance identified during 2015–16 by entities

Source: ANAO analysis of non-compliance identified by entities.

1.54 Further details of the areas of non-compliance reported in 2015–16 are detailed below.

  • Of the non-compliance with Commonwealth Procurement rules, 98% of the breaches related to rule 7.16 which requires entities to report contracts entered into or amended over $10 000 on AusTender within 42 days. The following three entities identified the highest levels of non-compliance in this area: the Department of Immigration and Border Protection identified 739 instances; the Department of Health identified 407 instances; and the Department of Industry, Innovation and Science identified 223 instances.
  • Section 23 of the PGPA Act provides the powers for accountable authorities of non-corporate entities to enter into or vary contracts, agreements or deeds of understanding relating to the affairs of the entity and approve commitment of funds. Of the instances of non-compliance in 2015–16, 448 were identified by the Department of Defence; 159 by the Department of Foreign Affairs and Trade; and 104 by the Department of Immigration and Border Protection.
  • The instances of non-compliance of the PGPA Act excluding section 23 related to the misuse of corporate credit cards and the commitment of expenditure.
  • The non-compliance with the PGPA rule relates to failure to document the approvals to enter into arrangements under section 23 of the PGPA Act and banking monies within 5 days from receipt.
  • Non-compliance with the Commonwealth Grant Rules and Guidelines resulted from entities not meeting the requirement to publish grants on the website within 14 days.

Information systems

1.55 An entity’s information system is used extensively for the processing of financial information that is used to prepare its financial statements. As a consequence, the review of each entity’s information system and its related controls forms a significant part of the ANAO audit examination of internal controls. Information system controls include entity-wide general controls that establish an entity’s IT infrastructures, policies and procedures, together with specific application controls that validate, authorise, monitor and report financial and human resource transactions.

1.56 Table 1.1 outlines the areas of focus used by the ANAO in assessing entities’ information system controls, including common controls tested to determine the effectiveness of those systems in supporting complete and accurate financial statements reporting.

Table 1.1: Information system controls – areas of focus

Area of focus

Control element

Control subject to ANAO assessment

IT General controls

IT security

  • IT security governance;
  • general and privileged user access; and
  • monitoring and reporting of security events.

IT change management

  • governance;
  • approvals;
  • testing;
  • implementation; and
  • emergency changes.

Application controls

Financial management information systems (FMIS)

Human resources management information systems (HRMIS)

  • change management;
  • masterfile maintenance;
  • payment processing;
  • privileged user access management; and
  • general user access management.

Business continuity arrangements

Significant systems supporting financial reporting (including FMIS & HRMIS)

  • backup and recovery;
  • business continuity planning;
  • business continuity testing;
  • disaster recovery planning; and
  • disaster recovery testing.
     

Source: ANAO compilation.

1.57 Observations from the ANAO’s interim audit phase relating to entities’ information system controls are provided under the IT Control environment section included in Control activities below. Refer to paragraphs 1.66 to 1.102

Control activities

1.58 As part of the interim audit phase, the ANAO assesses the effectiveness of key controls identified during the planning stages. This assessment is made at a point in time and provides the Parliament and entities an insight into weaknesses which have the potential to impact the financial statements at year end. The broad categories of control activities assessed by the ANAO include entities’:

  • IT control environment;
  • compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting;
  • accounting and control of non-financial assets;
  • revenue, receivables and cash management processes;
  • human resources financial processes;
  • purchases and payables management; and
  • other control matters relevant to the financial statements.

1.59 Figure 1.4 presents the percentage of total audit findings by category, reported for the 25 entities considered in this report during the 2016–17 interim audits.

Figure 1.4: 2016–17 interim audit findings – by category

Source: ANAO compilation of interim findings.

1.60 The following section provides a summary of interim audit findings identified in these categories across the past four financial years, as well as making observations regarding common weaknesses identified in the 2016–17 interim audits across the different finding categories outlined above.

Interim audit findings

1.61 The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The rating scale is presented in Table 1.2.

Table 1.2: Findings rating scale

Rating

Description

Significant (A)

Issues that pose a significant business or financial management risk to the entity. These include issues that could result in a material misstatement of the entity’s financial statements.

Moderate (B)

Issues that pose a moderate business or financial management risk to the entity. These may include prior year issues that have not been satisfactorily addressed.

Minor (C)

Issues that pose a low business or financial management risk to the entity. These may include accounting issues that, if not addressed, could pose a moderate risk in the future.

1.62 A summary of all significant, moderate and minor audit findings identified at the conclusion of the interim audit phase across the past four financial years is presented in Figure 1.5 below.26

Figure 1.5: Aggregate audit findings

1.63 The ANAO has observed an increase of approximately 24 per cent in total audit findings in 2016–17 when compared with the 2015–16 interim period. Sixty-seven per cent of significant and moderate findings are in the areas of: compliance and quality assurance frameworks supporting program payments, revenue collection and financial reporting and management of IT controls, particularly the management of privileged users.

1.64 Table 1.3 summarises the number of significant, moderate and minor findings per category in 2016–17 and common weaknesses noted in each area.

Table 1.3: Significant, moderate and minor audit findings by category

Category

Significant

Moderate

Minor

Main areas of weakness

IT control environment

2

34

  • Security management, particularly management of user access and monitoring of privileged users.

Compliance and quality assurance frameworks

1

11

14

  • Compliance frameworks for program and revenue collection.
  • Appropriate quality assurance frameworks supporting financial reporting.

Accounting and control of non-financial assets

3

15

  • Processes supporting the valuation and impairment of assets.
  • Completeness and accuracy of fixed asset registers.

Revenue, receivables and cash management

1

8

  • Timeliness and completeness of reconciliations.
  • Completeness and accuracy of revenue reported.

Human resources financial processes

1

8

  • Monitoring of controls over payroll processing and reporting.
  • Review processes supporting employee commencements and terminations.

Purchases and payables management

6

  • Authorisation of expenditure.
  • Maintenance of vendor data.

Other control matters

2

4

  • Maintenance of appropriate documentation to support decision making.
  • Incomplete policies and procedures.

Total

1

20

89

110

         

Source: ANAO compilation of interim findings.

Information Technology control environment

1.65 As described in paragraph 1.56, the review of information systems and related controls is an integral part of an entity’s control environment. Figure 1.6 demonstrates the trends in interim audit findings related to entities’ overall IT control environments from 2013–14 to 2016–17.

Figure 1.6: IT control environment findings

Source: ANAO analysis

1.66 Findings related to entities’ IT control environments represented 33 per cent of total findings identified during the 2016–17 interim period. IT control environment findings continue to represent the highest proportion of all findings categories, as observed in previous years.

1.67 Three moderate findings were reported at interim 2015–16 and have now been resolved. Two new moderate findings were identified during the 2016–17 interim audit phase relating to IT security and change management.27

1.68 An overview of the findings identified during the 2016–17 interim audits for the entities included in this report is provided below, relating to each of the information system control elements:

  • IT security;
  • IT change management;
  • IT application controls; and
  • business continuity management.
IT security

1.69 IT security is concerned with protecting an entity’s information assets from internal and external threats. It includes controls to prevent or detect unauthorised access to systems, programs and data.

1.70 As discussed at paragraph 1.13, ASA 315 provides guidance on identifying and assessing the risks of material misstatement of financial statements, including risks associated with an entity’s IT environment. Many of the risks identified in ASA 315 can be mitigated through effective implementation of IT security controls. The extent of controls implemented in an entity may vary depending on their particular business and operational circumstances.

1.71 The key control areas that address risks relating to IT security and that are assessed by the ANAO as part of the interim audit are:

  • IT security governance;
  • general and privileged user access; and
  • monitoring and reporting.

1.72 The ANAO observed that entities continue to effectively manage IT security governance and processes for the monitoring and reporting of IT security events. The ANAO also observed that IT security is considered by entities’ senior management committees above and outside the IT function. The ANAO continues to identify findings related to general and privileged user access.28

1.73 Figure 1.7 illustrates the trends in findings observed by the ANAO in entities’ IT security arrangements between 2013–14 and 2016–17.

Figure 1.7: IT security findings

1.74 22 findings related to IT security were identified in 2016–17, including one moderate audit finding. The findings related to:

  • removal of user access when it is no longer required;
  • logging and monitoring of privileged user activity; and
  • blocking privileged users from accessing the Internet.

1.75 Terminating an account when a user no longer has a requirement to access it, such as upon departure from an entity, can prevent unauthorised use. Entities must remove or suspend user access on the same day a user no longer has a legitimate business requirement for its use.29 Of the findings raised in this category seven related to entities not removing user access in a timely manner.

1.76 Users with administrative privileges, commonly referred to as privileged user access, are able to make significant changes to IT systems configuration and operation, bypass critical security settings and access sensitive information. As part of reviewing IT security arrangements, the ANAO examined different groups of privileged users, including:

  • application administrators, sometimes referred to as super users;
  • database administrators;
  • system administrators; and
  • network or domain administrators.

1.77 To reduce the risks associated with this access, the ISM requires that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored. The ANAO reported one moderate30 and four minor findings related to entities that had not implemented adequate logging and monitoring procedures over privileged users.

1.78 Restricting privileged accounts from accessing email and the Internet minimises opportunities for these accounts to be compromised. Entities must prevent privileged accounts from accessing email and the Internet.31 The ANAO reported five minor findings relating to entities that had not blocked privileged accounts from accessing the Internet.

1.79 These issues increase the risk of unauthorised changes being made to systems and data, or unauthorised data leakage. Entities should review their management of these areas in light of the recommendations of the ISM and the risks to their operational environment.

1.80 The remaining five minor findings were raised in relation to other IT security matters such as user access authentication and currency of IT security policies.

IT change management

1.81 IT change management provides a disciplined approach to making changes to the IT environment. It includes controls to prevent unauthorised changes being introduced, and to ensure that the implementation of authorised changes does not disrupt normal business operations.

1.82 Figure 1.8 illustrates the trends in findings identified by the ANAO in entities’ IT change management controls between 2013–14 and 2016–17.

Figure 1.8: IT change management findings

1.83 The ANAO observed that changes to entities’ IT environments were managed using a standardised process, usually based on the ITIL Framework.32 This process was well understood and well managed. The moderate audit finding reported in 2016–17 relates to approved release of changes in the Department of Defence (this finding also relates to weaknesses in privileged user access). Further detail regarding the unresolved moderate audit finding, can be found in chapter 3 at paragraph 3.6.14. The minor audit finding related to tracking of changes.

1.84 The number of findings in relation to IT change management has remained very low over the past four years. This demonstrates the maturity of the IT change management process in most entities. The following factors contribute to this maturity:

  • existence of an internationally accepted framework for change management (ITIL), with associated training and a professional qualification; and
  • availability of standard software tools with built-in workflow controls, to support the implementation of this framework.
IT application controls

1.85 Australian Government entities rely on two key financial reporting systems in the preparation of financial information. These are the financial management information system (FMIS) and the human resource management information system (HRMIS).

1.86 The ANAO assesses entities’ key FMIS and HRMIS controls in view of their importance for financial reporting. Areas of focus include:

  • changes to the systems or data that are not assessed through the entity’s IT change management system. These are changes that only affect the users of the FMIS or the HRMIS and are therefore often out of scope for the main change management process;
  • changes to master data, including banking details;
  • controls over invoice payment and payroll processing; and
  • management of general and privileged user access to the FMIS and HRMIS.

1.87 Figure 1.9 illustrates the trend in findings observed by the ANAO in relation to entities’ application controls between 2013–14 and 2016–17.

Figure 1.9: IT application control findings

1.88 Controls over payment processing support the accurate processing of payments to vendors and employees. Additionally, payment processing is an area that is particularly susceptible to fraud. One minor finding relating to securing of payment files from unauthorised modification was raised during the interim phase of the 2016–17 audits.

1.89 Privileged user access in the FMIS or HRMIS includes the ability to bypass normal application controls or make changes to system settings and data. This access is often necessary to fully administer applications, and should be restricted and monitored to reduce the risk of errors or unauthorised activity. Seven findings were identified in relation to entities’ management of application privileged user access.

Business Continuity Management

1.90 Business Continuity is defined as the capability of an entity to continue delivery of products or services at acceptable predefined levels following a disruptive incident.33 It includes three key elements:

  • effective back-up and recovery arrangements, to ensure that current versions of key IT systems and data are available to be recovered;
  • business continuity planning, including the development, maintenance and testing of a business continuity plan for each key business area to ensure that the entity can continue operations while waiting for systems and data to be restored; and
  • disaster recovery planning, including the development, maintenance and testing of a disaster recovery plan to ensure that IT systems can be recovered in line with defined business requirements.

1.91 The ANAO assesses entities’ business continuity arrangements in view of the potential for a disruptive event to impact on financial reporting.

1.92 Figure 1.10 illustrates the trend for findings identified by the ANAO in entities’ business continuity arrangements between 2013–14 and 2016–17.

Figure 1.10: Business continuity findings

1.93 All entities had business continuity and disaster recovery plans in place. Four entities received minor audit findings relating to not undertaking testing of their business continuity or disaster recovery plans.

1.94 Overall, the majority of IT controls continued to be effective in most entities included in this report during 2016–17. Consistent with observations in previous years, IT Security, particularly with regard to management of user access, continues to be an area requiring improvement to address the risk of inappropriate access to systems and data.

Cyber resilience

1.95 In addition to work performed as part of the financial statements audit, the ANAO also reviews information systems and related controls as part of its program of performance audits. Since 2013–14, the ANAO has conducted three performance audits to assess the cyber resilience of eleven different government entities.34 These audits assessed both IT general controls and the entities’ implementation of the mandatory Strategies to Mitigate Targeted Cyber Intrusions (the mandatory strategies) in the Australian Government Information Security Manual (ISM)35, which are required by the Protective Security Policy Framework (PSPF). This year, the ANAO reviewed the self-assessment of compliance with the mandatory strategies by entities included in this report.

1.96 All non-corporate Commonwealth entities are required to undertake an annual self-assessment against the requirements of the PSPF. These requirements are divided into four categories:

  • Governance (GOV), to implement and manage protective security protocols;
  • Personnel Security (PERSEC), to ensure the suitability of personnel to access Australian Government resources;
  • Information Security (INFOSEC), to ensure the confidentiality, availability and integrity of all official information; and
  • Physical Security (PHYSEC), to ensure a safe working environment for employees, contractors, clients and the public, and to provide a secure environment for official assets.

1.97 Entities are required to report the results of the self-assessment to the relevant Portfolio Minister, with a copy to be sent to the Secretary of the Attorney-General’s Department and to the Auditor-General.

1.98 The mandatory strategies form part of INFOSEC 436, one of the mandatory requirements of the PSPF under Information Security. According to the Attorney-General’s Department Protective Security Policy Framework 2014–15 Compliance Report, INFOSEC 4 had the highest rate of self-assessed non-compliance or partial compliance. This was consistent with the outcomes of the three ANAO performance audits, which found that eight of the eleven entities assessed were not fully compliant with INFOSEC 4.

1.99 Figure 1.11 shows the proportion of entities included in this report that were compliant, not fully compliant or not required to report in 2016. Three entities in this report are corporate Commonwealth entities and are not required to report on their compliance to the Attorney-General’s Department.37 Eight entities reported that they were compliant and fourteen that they were not fully compliant with INFOSEC 4.

Figure 1.11: Entity 2016 compliance with INFOSEC 4

Source: ANAO analysis.

1.100 Figure 1.12 summarises the 2016 PSPF compliance reporting by the entities included in this report that are required to report.38 INFOSEC 4 continues to be the area of lowest compliance.

Figure 1.12: PSPF compliance comparison by mandatory category

Source: ANAO analysis.

1.101 Not implementing the mandatory strategies reduces an entity’s ability to continue providing services while deterring and responding to cyber intrusions. It also increases the likelihood of a successful cyber intrusion. The recent ANAO reports in relation to cyber security include a number of recommendations to assist with this, which entities should review and implement where applicable.39

Compliance and quality assurance frameworks

1.102 The business of government requires, in many circumstances, placing reliance on internal and external systems, parties and information in decision making processes. For this reason, the implementation of effective compliance frameworks, and processes that provide assurance regarding the completeness and accuracy of information, are integral to an entity’s internal control. Figure 1.13 demonstrates the trends in interim audit findings related to entities’ compliance and quality assurance frameworks from 2013–14 to 2016–17.

Figure 1.13: Compliance and quality assurance frameworks

1.103 The significant audit finding relates to weaknesses in the child care compliance program administered by the Department of Education and Training. This was first reported to the Department of Education and Training in 2013–14 and remains unresolved.40

1.104 There has been an increase in the number of moderate audit findings in this category over the last four years.41 These findings mainly related to weaknesses in entities processes to obtain assurance over information sourced from third parties, compliance frameworks supporting revenue collection, and completeness and accuracy of consolidation of divisional or disparate information supporting financial reporting.42

1.105 The number of significant and moderate audit findings reported indicates a need for these entities to focus greater attention on:

  • maintaining effective governance over third party or joint service delivery arrangements;
  • the risk management arrangements that support the effective engagement with risk in the delivery of programs; and
  • implementing effective quality assurance processes over key financial statements inputs particularly those subject to professional judgement and uncertainty.

Accounting and control of non-financial assets

1.106 Entities control a diverse range of non-financial assets on behalf of the Commonwealth, with the main asset classes being land and buildings, specialist military equipment, leasehold improvements, infrastructure, plant and equipment, inventories and internally‐developed software.

1.107 The number of audit findings related to entities’ controls in this area over the last four years is presented in Figure 1.14 below.

Figure 1.14: Accounting and control of non-financial assets audit findings

 

1.108 The moderate audit findings reported during the 2016–17 interim period related to the Department of Defence. Two of the moderate findings were first reported to the Department of Defence during the 2015–16 final audit phase and relate to the data integrity of the Specialist Military Equipment fixed asset register and the valuation of General Assets. One new moderate audit finding was reported to the Department of Defence during the 2016–17 interim audit phase in relation to the financial and logistical management of explosive ordnance. Further detail regarding these findings can be found at paragraphs 3.6.17 to 3.6.21.

 

1.109 The number of minor audit findings reported in 2016–17 has increased compared with 2015–16. The 15 minor audit findings reported in 2016–17 relate to entities’ asset valuation and stocktaking procedures. Of these unresolved audit findings three minor audit findings remain unresolved from 2013–14.

Revenue, receivables and cash management

1.110 The key financial statements items related to revenue and receivables consist of Parliamentary appropriations, taxation revenue, recoveries, customs and excise duties and administered levies. Other revenue is also generated by entities from the sale of goods and services and a range of other sources including interest earned from cash funds on deposit. Cash management involves the collection and receipt of public monies and the management of official bank accounts.

1.111 Figure 1.15 outlines trends in findings related to revenue, receivables and cash management identified during interim phases between 2013–14 and 2016–17.

Figure 1.15: Revenue, receivables and cash management audit findings

1.112 Over the past four years, one moderate audit finding has been reported each year. The ANAO noted that each year the finding related to a new weakness and once identified, the entity had resolved the issue within 12 months. The 2016–17 unresolved moderate audit finding relates to the Department of Health’s recoveries of expenditure related to the pharmaceutical benefits scheme. Further information regarding the moderate audit finding can be found in chapter 3, paragraph 3.6.14.

1.113 During the 2016–17 interim audit phase, the ANAO observed weaknesses in entities’ reconciliation processes and controls supporting the completeness and accuracy of revenue reported.

Human resource financial processes

1.114 Human resources encompass the day-to-day management and administration of employee entitlements and payroll functions. Expenditure associated with employee benefits represents the largest departmental expenditure item for most entities and employee entitlement liabilities are typically the largest liability. It is therefore important for entities to establish robust controls in these areas to support complete and accurate payment and recording of transactions.

1.115 The number of audit findings reported in this category over the past four financial years is presented in Figure 1.16.

Figure 1.16: Human resources financial processes audit findings

1.116 The moderate audit finding reported in 2016–17 relates to weaknesses in the Department of Immigration and Border Protection’s human resource management process. Further detail regarding the unresolved moderate audit finding, can be found in chapter 3, at paragraph 3.15.20.

1.117 Minor audit findings have increased in 2016–17 and relate to weaknesses identified in relation to commencements and terminations of employees and the monitoring of controls over payroll processing and reporting. Of these findings identified, one minor audit finding was first reported in 2012–13, four findings were identified as part of the 2015–16 financial statements audit and three were identified as part of the 2016–17 interim audits.

Purchases and payables management

1.118 The main financial statements components of purchases and payables are payments to, or due to, suppliers including contractor and consultancy expenses, lease payments and general administrative and utility payments. These payments typically comprise the other significant departmental expenditure item of entities following employee entitlements. The number of audit findings identified in this category over the past four financial years is presented in Figure 1.17.

Figure 1.17: Purchases and payables management audit findings

1.119 The figure above demonstrates the controls in this area for entities included in this report are typically strong, with one moderate finding and no significant audit findings identified in the past four years. Of the minor findings, the most common areas requiring attention are:

  • processes supporting the authorisation of expenditure, including maintaining proper segregation of duties;
  • maintenance of vendor records; and
  • processes supporting the accurate recording of accrual information.

Other control matters

1.120 Other control matters include items regarding maintenance of appropriate documentation to support decision making, general reconciliation processes, and incomplete policies and procedures affecting the administration of government programs, including grants. The number of audit findings identified in this category over the past four financial years is presented in Figure 1.18.

1.121 Further details regarding the two moderate audit findings can be found in the Australian Taxation Office and the Department of Immigration and Border Protection sections in chapter 3.

Figure 1.18: Other control matters audit findings

2. Reporting and auditing frameworks

Chapter coverage

This chapter outlines recent and future changes to the public sector reporting framework and the Australian auditing framework relating to the auditor’s report on financial statements.

Summary of developments

From 1 July 2016 all Australian Government controlled entities are required to disclose material transactions with related parties in the notes to their financial statements in accordance with AASB 124 Related Party Disclosures (AASB 124). Related parties may include CEOs, board members and Ministers, as well as close family members and controlled entities of these parties.

Commonwealth entities are required to include annual performance statements in their annual reports. The ANAO has continued audit work in this area in 2016–17.

Australian Accounting Standards include a Reduced Disclosure Regime (RDR) option that allows for some specified disclosures to be omitted from the general purpose financial statements of certain entities. The Minister for Finance has determined that, with some exceptions, government entities may apply the RDR from 2016–17.

Changes have been made to accounting standards relating to leasing and revenue transactions that apply to annual reporting periods beginning on or after 1 January 2019.

The suite of new and revised standards dealing with auditor reporting issued by the Australian Auditing and Assurance Standards Board in December 2015 has now become effective. These revisions provide greater transparency about the audit that was performed, including the reporting of key audit matters. The ANAO will report on key audit matters in the 2016–17 financial statements audit reports for the entities included in this report.

The Minister for Finance and the Secretary of the Department of the Prime Minister and Cabinet have requested respectively government business enterprises and government entities to provide additional information relating to senior management personnel remuneration on their websites.

Introduction

2.1 The Australian Government’s financial reporting framework is based, in large part, on standards made independently by the Australian Accounting Standards Board (AASB). The framework is designed to support decision-making by, and accountability to, the Parliament.

2.2 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board (IASB). Because IFRS are designed primarily for use by private sector and for-profit organisations, the AASB amends the IFRS to reflect significant transactions and events that are particularly prevalent in the public and not-for-profit private sectors. In doing so, it takes into account standards issued by the International Public Sector Accounting Standards Board (IPSASB).

2.3 The Finance Minister prescribes additional reporting requirements for Australian Government entities. These are contained in the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (the FRRs). The Rule is made under the Public Governance, Performance and Accountability Act 2013 (the PGPA Act). The PGPA Act also includes requirements for entity corporate plans and performance reports.

2.4 The audits of the financial statements of Australian Government entities are conducted in accordance with the ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997. The ANAO Auditing Standards incorporate, by reference, the auditing standards made by the Australian Auditing and Assurance Standards Board (AUASB). The AUASB bases its standards on those made by the International Auditing and Assurance Standards Board (IAASB), an independent standard setting board of the International Federation of Accountants.

2.5 The financial reporting and auditing frameworks that apply in 2016–17 are illustrated in appendices 2 and 3 of this report.

Changes to the Australian public sector reporting framework

Disclosure of Related Party Transactions

2.6 From 1 July 2016 all Australian Government controlled entities will be required to disclose material transactions with related parties in the notes to their financial statements in accordance with AASB 124 Related Party Disclosures (AASB 124). Related parties may include CEOs, board members and Ministers, as well as close family members and controlled entities of these parties.

2.7 AASB 124 also requires disclosure of key management personnel remuneration, in aggregate, by major category of remuneration. The FRRs for 2016–17 are consistent with AASB 124 in respect of remuneration disclosures with the additional requirement to disclose the number of key management personnel in the entity. The 2015–16 FRRs required reporting of remuneration of the usually broader category of all senior management personnel. For further discussion of this refer to paragraphs 2.25 to 2.28.

Enhanced performance reporting

2.8 The PGPA Act requires each Commonwealth entity to produce a four-year corporate plan at least once each financial year and provide it to the responsible Minister and the Finance Minister. Each entity is also required to include annual performance statements in its annual report.

2.9 Performance statements assess the extent to which entities have achieved their purposes as outlined in their corporate plans. The accountable authority of each entity must attest to the accuracy of its performance statements. The audit committee must review the appropriateness of the entity’s performance reporting.

2.10 The Auditor-General’s responsibilities, as set out in the Auditor-General Act 1997, include auditing the annual performance statements of entities in accordance with the PGPA Act. The PGPA Act does not require the Auditor-General to conduct annual audits of performance statements unless requested by either the Minister for Finance or the responsible minister. This means that the Parliament does not receive assurance, as a matter of course, on performance statements included in annual reports as it does over financial statements, where an independent audit is mandatory.

2.11 In August 2016, the ANAO released a performance audit report on nine entities’ implementation of the corporate planning requirements.43 The report noted that Finance had provided effective support and the majority of these entities had sound processes for developing their first corporate plan. It also noted that these entities’ arrangements for monitoring implementation of corporate plans were less mature, which could be expected in the early stages of the framework.

2.12 In June 2017 the ANAO released the results of a further performance audit report into entities’ corporate plans.44 The objective of this audit was to assess the selected entities’ progress in implementing the corporate planning requirements under the PGPA Act and the PGPA Rule. The audit found the entities involved in the audit were at different levels of maturity in their implementation of the corporate plan requirements, with further work required in all entities to fully embed the requirements into future plans.

2.13 In 2016–17, the ANAO conducted a performance audit of the implementation of the annual performance statements requirements by two entities.45 The ANAO reviewed one purpose in the 2015–16 performance statements of the Australian Federal Police and the Department of Agriculture and Water Resources, including the supporting systems and processes. The ANAO concluded that these entities met the minimum requirements for the preparation and publication of the first annual performance statements under the PGPA Act and the PGPA Rule. The audit highlighted opportunities for both entities to improve the appropriateness of the performance criteria, and processes to support performance measurement and reporting, including the development, collection and assurance of performance information and supporting records. The report also included key learnings that may be considered by other Commonwealth entities in preparing annual performance statements.

Reduced Disclosure Regime

2.14 Australian Accounting Standards include a Reduced Disclosure Regime (RDR) option that allows for some specified disclosures to be omitted from the general purpose financial statements of certain entities. The Minister for Finance has determined that, with some exceptions, Australian Government entities may apply the RDR from 2016–17.

2.15 The AASB has been consulting users of RDR financial statements to find a better balance between the benefits to users and the costs of preparing those statements. The AASB has issued a draft accounting standard46proposing to focus the minimum RDR disclosures on two key disclosure areas: current liquidity and solvency of the entity; and transactions and other events that are significant or material to an understanding of the entity’s operations as represented by the financial statements. It does not propose to change the entities permitted to use the RDR nor the requirements for recognising and measuring assets, liabilities, income and expenses.

Revenue and Leases

2.16 The AASB has issued a new accounting standard47 to change the timing of not-for-profit entities recognising income from non-commercial transactions such as grants and appropriations. Currently, entities recognise income from these transactions when they receive, or are eligible to receive, funds. Under the new standard, entities would recognise income as they meet the obligations attached to funding. The new standard aims to more closely reflect the economic reality of non-commercial transactions entered into by not-for-profit entities.

2.17 The AASB has also issued a new accounting standard to change the accounting for lease transactions.48 Currently, lessees do not report leased assets on their balance sheets, unless the lease is effectively a financing transaction. The new standard would require lessees to report almost all their leasehold rights as an asset, with a corresponding liability for payments over the term of the lease. Many Australian Government entities are lessees, and some will have significant increases in their reported assets and liabilities as a result.

2.18 The new standards apply to annual reporting periods beginning on or after 1 January 2019. Entities should be analysing the impacts of these standards now to ensure they are in a position to comply with the new requirements of the standards and the transitional requirements on initial application.

Changes to the Australian auditing framework

Auditor’s report on financial statements

2.19 In December 2015, the Australian Auditing and Assurance Standards Board issued a suite of new and revised standards dealing with auditor reporting.49 A number of revisions were made in the standards with the aim of increasing the transparency and value of auditor reporting.

2.20 These changes are now effective for the ANAO and users will see significant changes to the auditor’s reports issued by the ANAO and included in the financial reports tabled in Parliament for financial years ended 30 June 2017. Auditor’s reports on financial statements will be longer than before with key information given appropriate prominence.

2.21 More broadly, the revised auditor’s report provides further information to users on key aspects of the conduct of an audit and the responsibilities of the preparers of financial statements, particularly around the ability of the entity to continue operating.

2.22 The auditor reporting suite also includes a new auditing standard ASA 701 Communicating Key Audit Matters in the Independent Auditor’s Report. The purpose of communicating key audit matters is to provide greater transparency about the audit that was performed. Communicating key audit matters helps users of financial statements better understand those matters that, in the auditor’s professional judgment, were of most significance in the audit of the financial statements. Key audit matters may relate to, for example, the highest risks of material misstatement, highly uncertain accounting estimates or significant events or transactions during the reporting period. Communicating key audit matters may also assist users to understand the entity and the areas of significant management judgment in the financial statements.

2.23 The ANAO has assessed that communicating key audit matters (KAM) will help users of financial statements to better understand those matters that, in its professional judgment, were of most significance in the audit of the financial statements. This will enable the Parliament to have insight into the views of the Auditor-General.

2.24 While the auditor reporting standards only require KAM reporting for listed entities, the Auditor-General considers KAM reporting to be better practice in the financial statements auditing profession and consistent with the ANAO’s outcome of improving public sector performance and accountability through independent reporting on Australian Government administration to the Parliament, the Executive and the public. Consequently the Auditor-General has decided to adopt KAM reporting in 2016–17 for entities covered by this report.

Other developments

2.25 As described in ANAO Report No.33 of 2016–1750, the key management personnel remuneration disclosures of Australian Government entities are consistent with the requirements for private sector entities that are not listed companies. Listed companies provide more detailed disclosures about key management personnel in their remuneration reports under the Corporations Act 2001. The public sector remuneration disclosure requirements are consistent with those of private sector unlisted entities for the period ending 30 June 2017.

2.26 In February 2017 the Minister for Finance wrote to the Boards of government business enterprises to request that all relevant information relating to the remuneration packages of all individuals who constitute the executive management for the 2015–16 reporting period be made public by 28 February 2017. The Minister for Finance asked that the entities consider the practice of nbn co limited, which disaggregates reporting of executive remuneration in its annual report, in a manner consistent with the requirements for Australian Securities Exchange listed companies. All six entities subsequently placed information regarding executive remuneration packages for the 2015–16 reporting period on the entity’s website.

2.27 In May 2017, the Secretary of the Department of the Prime Minister and Cabinet wrote to portfolio secretaries inviting them to publish relevant information relating to the remuneration of all executives and other highly paid staff of their Department on its website by 31 July each financial year starting from the 2016–17 reporting period. The suggested disclosure relates to remuneration at an aggregate level, within dollar ranges (or bands) and the number of employees within each band. The Secretary also requested the assistance of portfolio secretaries in requesting the same reporting by all other entities and companies within their portfolio.

2.28 Remuneration disclosures on entities’ websites do not form part of the financial statements. The disclosures provide additional information on matters not required in financial statements, where an independent audit is mandatory.

3. Results of the interim audit phase by entity

Chapter Coverage

This chapter summarises the results of the interim audits of the 2016–17 financial statements of 25 entities covered by this report. The entities included in this report are all Departments of State, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the revenues, expenses, assets and liabilities within the 2015–16 Consolidated Financial Statements (CFS) and are presented in Table 3.0.1.

Audit results

Twenty-one significant and moderate findings were reported to the entities covered by this report at the completion of the 2016–17 interim phase compared with 18 in 2015–16.

At the completion of the interim audits, the ANAO reported that:

  • Eighteen entities had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
  • Four entities, that except for particular finding/s outlined in chapter 3, had key elements of internal control that were operating effectively to provide reasonable assurance that the entities will be able to prepare financial statements that are free from material misstatement.
  • The findings outlined in chapter 3 for the Australian Taxation Office and the Departments of Defence and Immigration and Border Protection reduced the level of confidence that can be placed on key elements of internal control that support the preparation of financial statements that are free from material misstatement for these entities.

Introduction

3.0.1 The ANAO’s assessment of the overall risk of material misstatement of the financial statements is based on professional judgement relating to the entity’s particular circumstances. The financial statements audit planning process involves joint procedures with performance audit and takes into account each entity’s environment and governance arrangements, its system of internal control, and prior year financial and performance audit findings. These planning processes inform the identification of areas of key risk that have the potential to impact on the integrity of the financial statements.

3.0.2 The ANAO’s interim phase of the audit focuses on the steps taken by entities to manage these risks, including their systems of internal control.

3.0.3 This chapter reflects portfolio arrangements existing at 16 June 201751 and outlines the following information for each of the reported entities:

  • the entity’s primary role as reflected in its Portfolio Budget Statements;
  • the entity’s contribution to the Australian Government’s Consolidated Financial Statements (CFS);
  • 2016–17 appropriation funding and key financial statements items;
  • key areas of financial statements risk;
  • the ANAO’s assessment of the overall risk of material misstatement of the financial statements, which informs the audit processes to be undertaken; and
  • the status of significant and moderate audit findings at the completion of the interim audit, and the conclusion relating to audit coverage to date.

3.0.4 AASB 124 Related Party Disclosures (AASB 124) applies for the first time in respect of the 2016–17 financial statements of each of these entities. All Australian Government controlled entities will be required to disclose material transactions with related parties in the notes to their financial statements.52

3.0.5 The entities included in this report include all Departments of State, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the revenues, expenses, assets and liabilities within the 2015–16 CFS.

3.0.6 Figure 3.0.1 provides an analysis of each of these entities’ 2015–16 results as a per cent of the 2015–16 CFS.

Figure 3.0.1: Entities contribution to the Australian Government’s 2015–16 Consolidated Financial Statements53

Source: ANAO analysis of CFS and entities’ financial statements for the year ended 30 June 2016.

Results of financial statements audits

3.0.7 Table 3.0.1 presents a summary of new and unresolved significant and moderate findings54 at the conclusion of our 2016–17, 2015–16 interim audits and the 2015–16 final audit.

Table 3.0.1: Significant and moderate findings by entity

Entity

Interim 2016–17

Final 2015–16

 Interim 2015–16 

 

New findingsa

Unresolved findingsb

New findingsa

Unresolved findingsb

New findingsa

Unresolved findingsb

Department of Agriculture and Water Resources

0

0

0

0

0

0

Attorney-General’s Department

0

1

0

1

1

1

Department of Communications and the Arts

0

0

0

0

0

0

Australian Postal Corporation

0

0

0

0

0

0

nbn co limited

0

0

0

0

0

0

Department of Defence

2

4

2

2

2

7

Department of Veterans’ Affairs

0

0

0

0

0

0

Department of Education and Training

0

2

2

1

0

1

Department of Employment

0

1

1

0

0

0

Department of the Environment and Energy

0

0

0

0

0

0

Department of Finance

1

0

0

0

0

0

Future Fund Management Agency and the Board of Guardians

0

0

0

0

0

0

Department of Foreign Affairs and Trade

0

0

0

0

0

0

Department of Health

0

1

1

0

0

0

Department of Immigration and Border Protection

1

3

1

2

1

2

Department of Industry, Innovation and Science

0

1

1

0

0

0

Department of Infrastructure and Regional Development

0

0

0

0

0

0

Department of Parliamentary Services

0

0

0

0

0

0

Department of the Prime Minister and Cabinet

0

0

0

0

0

1

Department of Social Services

0

0

0

0

0

0

Department of Human Services

0

0

0

0

0

1

Department of the Treasury

0

0

0

0

0

0

Australian Office of Financial Management

0

0

0

0

0

0

Australian Taxation Office

0

4

3

1

1

0

Reserve Bank of Australia

0

0

0

0

0

0

TOTAL

4

17

11

7

5

13

             

Note a: Minor findings identified previously but upgraded to a moderate or significant finding are considered new for the purposes of this table.

Note b: Findings transferred to another entity as a result of Machinery of Government changes, which remain unresolved, are treated as repeat findings for the purposes of this table.

Source: 2015–16 and 2016–17 ANAO audit correspondence.

3.0.8 Details of the findings summarised above can be found in the relevant entity’s ‘Audit results’ section.

3.1 Department of Agriculture and Water Resources

Overview

3.1.1 The Department of Agriculture and Water Resources (Agriculture) is responsible for developing and implementing policies and programs that: advance the prosperity of Australia's agricultural, fisheries, food and forestry industries; safeguard Australia against animal and plant pests and diseases; and improve water use efficiency and the health of rivers, communities, environmental assets and production systems.

3.1.2 Figure 3.1.1 shows Agriculture's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.1.1: Agriculture's contribution to the Australian Government's revenue, expenses, assets and liabilities55

Source: ANAO analysis of CFS and Agriculture's financial statements for the year ended 30 June 2016.

 

3.1.3 Figure 3.1.2 and Figure 3.1.3 show the 2015–16 departmental and administered financial statement items reported by Agriculture and the 2016–17 key areas of financial statements risk.

Figure 3.1.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Agriculture's financial statements for the year ended 30 June 2016.

Figure 3.1.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Agriculture's financial statements for the year ended 30 June 2016.

3.1.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Agriculture's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Agriculture's environment and governance arrangements, including its financial reporting regime and system of internal control. The recommendations of any performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Agriculture are also considered as part of the ANAO's 2016–17 financial statements audit risk identification processes.

3.1.5 In light of the key areas of risk detailed in Table 3.1.3 and the ANAO's understanding of the operations of Agriculture, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items56

3.1.6 Annual appropriation funding of $398.3 million (departmental) and $958.0 million (administered) was provided to Agriculture in 2016–17 to support the achievement of Agriculture's outcomes.57 Agriculture was also budgeted to receive special appropriation funding of $992.3 million.58

3.1.7 Table 3.1.1 and Table 3.1.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.1.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

812.1

1 831.4

Employee benefits

505.9

Suppliers

264.3

45.1

Depreciation and amortisation

27.2

7.8

Personal benefits

0.0

78.4

Grants

4.1

1 294.1

Other

10.6

0.7

Assets transferred to related entities

405.3

Total own-source income

420.6

776.4

Sale of goods and rendering of services

388.2

3.0

Other taxes

0.0

531.7

Interest

0.5

16.9

Gains

12.7

221.1

Other

19.2

3.7

Net cost of services

391.5

1 055.0

     

Table 3.1.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

322.4

1 855.2

Trade and other receivables

110.8

786.2

Intangibles

104.3

138.1

Land and buildings

40.5

1.5

Property, plant and equipment

35.2

516.2

Other

31.6

87.3

Investments

325.9

Total liabilities

239.8

143.2

Grants

140.2

Suppliers payable

24.6

2.0

Other payables

50.3

1.0

Employee provisions

156.4

Other provisions

8.5

Net assets

82.6

1 712.0

     

Note a: Agriculture's estimated average staffing level for 2016–17 is 4 531.

Key areas of financial statements risk

3.1.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Agriculture's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.1.3.

Table 3.1.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Departmental

Sale of goods and rendering of services

Completeness of export and quarantine revenue and receivables.

Higher

  • large range of revenue streams, collected across the country through multiple systems;
  • complex cost recovery arrangements;
  • collection of a significant portion of biosecurity revenues by the Department of Immigration and Border Protection;
  • estimation involved in the calculation of the provision for doubtful debts; and
  • complex disclosure requirements for cost recovery arrangements.

Administered

Other taxes

Completeness of primary industry levies and charges revenue

Moderate

  • self-assessment nature of collections; and
  • complexities involved with estimating agricultural production on which the revenue is based.

Administered

Levy disbursements and Commonwealth contributions (included in grants)

Accuracy of levy disbursements and Commonwealth contributions

Moderate

  • payments are made in accordance with a range of legislation, with some payments required to meet eligibility criteria;
  • complexities in payment calculations; and
  • significant dollar value of payments made, both individually and in aggregate.

Administered

Farm finance, drought and dairy assistance loans

(included in grants)

Valuation of drought assistance loans

Moderate

  • variation in loan terms across jurisdictions;
  • potential changes in the accounting treatment for loans should they be deemed concessional in nature;
  • the level of estimation involved in determining any potential impairment of loans, with the likelihood increasing as the loans age; and
  • Commonwealth loans with jurisdictions are managed by the Department. Subsequent management of loans to farm businesses is undertaken by a third party (the jurisdiction), who is responsible for the approval of recipients, and the ongoing monitoring and maintenance of loans.

Administered

Personal benefits payments

Eligibility of personal benefits payments

Moderate

  • susceptibility to fraudulent benefit claims; and
  • eligibility for personal benefits paid by the Department of Human Services under the Farm Household Allowance scheme is subject to the applicants meeting a number of complex legislative conditions.

Administered

Grants expenses

Accuracy and occurrence of grants and funding assistance payments which is managed under a shared services arrangement with the Department of Social Services for all grant payments with the exception of water entitlement related grants

Moderate

  • the level of subjectivity in assessing eligibility requirements for particular grants;
  • the risk of non-compliance with grant agreements by recipients;
  • payment functions for most grants is undertaken by the Department of Social Services; and
  • complexities arising from the valuation and accounting for water entitlement assets that are funded by grants payments made by Agriculture.
       

Source: ANAO 2016–17 risk assessment for Agriculture.

3.1.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.34 Implementation of the Biosecurity Legislative Framework was tabled during 2016–17. The audit assessed the effectiveness of Agriculture's implementation of the biosecurity legislation which came into effect 1 July 2016. The report did not include recommendations that impacted the financial statements audit approach.

Audit results

3.1.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to the key areas of financial statements risk disclosed in Table 3.1.3. In addition, interim coverage of IT general controls and supplier and employee benefits expenses has been completed.

3.1.11 Audit coverage of all material financial statements items will be completed as part of the 2016–17 final audit.

3.1.12 No significant or moderate audit findings have been reported by the ANAO as a result of audit coverage to date. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.1.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Agriculture will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.2 Attorney-General's Department

Overview

3.2.1 The Attorney-General's Department (AGD) is responsible for providing advice and services on a range of law and justice matters, national security, emergency management, and disaster recovery assistance to portfolio ministers and to government.

3.2.2 Figure 3.2.1 shows AGD's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.2.1: AGD's contribution to the Australian Government's revenue, expenses, assets and liabilities59

Source: ANAO analysis of CFS and AGD's financial statements for the year ended 30 June 2016.

3.2.3 Figure 3.2.2 and Figure 3.2.3 show the 2015–16 departmental and administered financial statement items reported by AGD and the 2016–17 key areas of financial statements risk.

Figure 3.2.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and AGD's financial statements for the year ended 30 June 2016.

Figure 3.2.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and AGD's financial statements for the year ended 30 June 2016.

3.2.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on AGD's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of AGD's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of AGD also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.2.5 In light of the key areas of risk detailed in Table 3.2.3 and the ANAO's understanding of the operations of AGD the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items60

3.2.6 Annual appropriation funding of $221.1 million (departmental) and $637.1 million (administered) was provided to AGD in 2016–17 to support the achievement of AGD's outcomes.61 AGD was also budgeted to receive special appropriation funding of $94.3 million.62

3.2.7 Table 3.2.1 and Table 3.2.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.2.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

393.3

728.1

Employee benefits

217.9

35.1

Suppliers

143.5

130.6

Personal benefits

95.2

Grants

448.3

Other

31.9

18.9

Total own-source income

186.9

69.5

Sale of goods and rendering of services

184.5

2.4

Interest

0.2

8.0

Other

2.2

59.1

Net cost of services

206.4

658.6

     

Table 3.2.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

238.5

480.2

Trade and other receivables

96.9

124.6

Other investments

348.9

Land and buildings

48.6

0.3

Property, plant and equipment

25.4

3.7

Intangibles

22.5

0.7

Other

45.1

2.0

Total liabilities

108.6

39.7

Employee provisions

57.3

7.8

Suppliers payable

34.4

22.1

Other

16.9

9.8

Net assets

129.9

440.5

     

Note a: AGD's estimated average staffing level for 2016–17 is 1 836.

Key areas of financial statements risk

3.2.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of AGD's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.2.3.

Table 3.2.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Grants expenses

Personal benefits payments

Grants management and personal benefits payments

Moderate

  • AGD has a decentralised grants management system which encompasses multiple and varied practices;
  • a significant component of the grants expense is managed by the Department of Social Services; and
  • personal benefits payments are managed by the Department of Human Services.

Departmental

Sale of goods and rendering of services

Revenue recognition and classification

Moderate

  • Australian Government Solicitor (AGS) revenue is derived from time recorded on matters and as a result revenue recognition and recovery is subject to management judgement.

All financial statement line items

Financial statement preparation, quality assurance and support processes

Moderate

  • financial statements information for AGS is sourced from a separate information system.
       

Source: ANAO 2016–17 risk assessment for AGD.

3.2.9 AGD manages the Natural Disaster Relief and Recovery Arrangements (NDRRA) on behalf of the Department of the Treasury (the Treasury). AGD provides information to the Treasury to facilitate payments for disaster relief and recovery to the states and territories. These payments and the estimate for the Australian Government liability are reported in the Treasury's financial statements.

3.2.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.12 2016–17 The Design of, and Award of Funding Under, the Living Safe Together Grants Program was tabled during 2016–17. ANAO Report No.12 assessed the effectiveness of the design, and awarding of funding under, the Living Safe Together grants program.

3.2.11 ANAO Report No.12 included observations relevant to the key areas of financial statements risk outlined in Table 3.2.3, in particular grants management, and have been considered in the development of the 2016–17 financial statements audit approach.

Audit results

3.2.12 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: administered grants and personal benefits, departmental revenue, and appropriation and special account management. IT general and application controls and key controls over payroll and cash management have also been assessed.

3.2.13 Audit procedures relating to the valuation of non-financial assets, including administered investments and the integration of AGS information will be undertaken as part of the 2016–17 final audit.

3.2.14 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.2.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

1

0

0

1

Total

1

0

0

1

         
Unresolved moderate audit finding
Administration of the Natural Disaster Relief and Recovery Arrangements

3.2.15 As discussed at paragraph 3.2.9, AGD manages the NDRRA on behalf of the Department of the Treasury. As at 30 June 2016, the Treasury's financial statements reported a provision of $1 730 million for future payments as at 30 June 2016. During 2016–17 a payment of $978 million has been made to the Queensland Government relating to outstanding claims.63

3.2.16 Previous audit coverage of the NDRRA had highlighted a range of weaknesses in relation to the estimate of the NDRRA liability and subsequent payments. The main issues, which represent a key risk to the AGD, were:

  • the need to strengthen the validation of information provided by the states and territories used to support estimates of future costs; and
  • weaknesses identified in the payment framework, including limited analysis and verification by the department concerning the eligibility of claims.

3.2.17 The department has made progress in addressing these matters by undertaking a collaborative audit program of the states and territories, designed to validate the NDRRA claims and estimates by obtaining appropriate documentary evidence.

3.2.18 During 2016–17 the department has issued its final reports for the collaborative audits conducted on the Queensland, New South Wales, Victoria and Western Australia NDRRA claims. These states represent the significant part of the outstanding claims with the Commonwealth Government. AGD is undertaking an assessment of the claims. The department has also addressed the identified weaknesses in the payment framework. The ANAO will review the collaborative audits and the work undertaken by AGD as part of the 2016–17 final audit.

Conclusion

3.2.19 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that AGD will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.3 Department of Communications and the Arts

Overview

3.3.1 The Department of Communications and the Arts' (Communications) responsibilities include the promotion of an innovative and competitive communication sector, through policy development, advice and program delivery, to achieve the full potential of digital technologies and communications services. Communications' role includes support for participation in, and access to, Australia's arts and culture through developing and supporting cultural expression.

3.3.2 Figure 3.3.1 shows Communications' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.3.1: Communications contribution to the Australian Government's revenue, expenses, assets and liabilities64

Source: ANAO analysis of CFS and Communications financial statements for the year ended 30 June 2016.

3.3.3 Figure 3.3.2 and Figure 3.3.3 show the 2015–16 departmental and administered financial statement items reported by Communications and the 2016–17 key areas of financial statements risk.

Figure 3.3.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Communications financial statements for the year ended 30 June 2016.

Figure 3.3.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Communications financial statements for the year ended 30 June 2016.

3.3.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Communications' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Communications' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Communications also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.3.5 In light of the key areas of risk detailed in Table 3.3.3 and the ANAO's understanding of the operations of Communications, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items65

3.3.6 Annual appropriation funding of $112.4 million (departmental) and $8 784.0 million (administered) was provided to Communications in 2016–17 to support the achievement of Communications' outcomes.66

3.3.7 Table 3.3.1 and Table 3.3.2 provide a summary of the key 2016–17 departmental and administered financial statements items.

Table 3.3.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

119.8

2 430.0

Employee benefits

69.9

Suppliers

44.3

386.0

Depreciation and amortisation

5.5

9.6

Grants

290.9

Payments to corporate entities

1 735.8

Other

0.1

7.7

Total own-source income

5.5

88.4

Sales of goods and rendering services

0.1

Dividends

80.2

Interest

2.8

Other

5.4

5.4

Net cost of services

114.3

2 341.6

     

Table 3.3.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

80.6

34 045.0

Trade and other receivables

26.2

129.5

Land and buildings

4.2

58.3

Property, plant and equipment

4.1

157.6

Intangibles

7.5

Heritage and cultural assets

35.9

Other investments

33 695.2

Other

2.7

4.4

Total liabilities

39.2

351.7

Employee provisions

23.8

Suppliers payable

6.0

316.5

Other provisions

4.9

Other

4.5

35.2

Net assets

41.4

33 693.3

     

Note a: Communications' estimated average staffing level for 2016–17 is 418.

Key areas of financial statements risk

3.3.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Communications' financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.3.3.

Table 3.3.3: Key areas of financial statements risk

Relevant financial statement line item

Key area

Audit risk rating

Factors contributing to risk assessment

Administered

Other investments

Valuation of the Australian Government's investment in the nbn co limited and Australian Postal Corporation

Higher

  • complexity of the valuation process in light of estimates and judgements required.

Administered

Property, plant and equipment

Regional Backbone Blackspots Program (RBBP) assets

Valuation of network infrastructure – RBBP

Moderate

  • comprised of complex infrastructure assets requiring significant judgement.
       

Source: ANAO 2016–17 risk assessment for Communications.

3.3.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.10 2016–17 Award of Funding under the Mobile Black Spot Programme was tabled during 2016–17 and was relevant to the administration of Communications. The report focused on the effectiveness of Communications' assessment and selection of base stations for funding under the first round of the Mobile Black Spot Programme.

3.3.10 The observations of this report were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement. The observations have been used to inform the assessment of controls related to the grants management processes.

Audit results

3.3.11 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: administered grants expenses, cash and asset management, payroll processing, supplier expenses. Audit coverage also included an assessment of Communications' IT general controls and selected applications.

3.3.12 As part of the 2016–17 final audit, audit coverage of the valuation of administered investments and assets associated with the RBBP will be completed.

3.3.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.3.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Communications will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.4 Australian Postal Corporation

Overview

3.4.1 The Australian Postal Corporation (Australia Post) is a government business enterprise that operates post offices and distributes mail and parcels in Australia and internationally.

3.4.2 Figure 3.4.1 shows Australia Post's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.4.1: Australia Post's contribution to the Australian Government's revenue, expenses, assets and liabilities67

Source: ANAO analysis of CFS and Australia Post's financial statements for the year ended 30 June 2016.

3.4.3 Figure 3.4.2 shows the 2015–16 financial statement items reported by Australia Post and the 2016–17 key areas of financial statements risk.

Figure 3.4.2: Key financial statement items and areas of financial statements risk

Source: ANAO analysis and Australia Post's financial statements for the year ended 30 June 2016.

3.4.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Australia Post's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Australia Post's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Australia Post also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.4.5 In light of the key areas of risk detailed in Table 3.4.3 and the ANAO's understanding of the operations of Australia Post, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items68

3.4.6 The operational functions of Australia Post are largely funded from internal sources, specifically revenue from Parcel Services, Mail Services and Retail and Agency Services. Australia Post also continues to raise capital through the issue of bonds.

3.4.7 Australia Post is not required to prepare budgeted financial statements as part of the Commonwealth budget process. Table 3.4.1 and Table 3.4.2 provide a summary of the key financial statements items reported in the audited 2015–16 financial statements.

Table 3.4.1: Key expenses and total income

Expenses and own-source income

Actual
2015–16
($m)

Total expenses

6 521.2

Employees

2 908.7

Suppliers

3 116.3

Depreciation and amortisation

330.3

Other

165.9

Total income

6 562.2

Goods and services

6 451.6

Other

110.6

Profit before income tax

41.0

Income tax expense

4.6

Profit after income tax

36.4

Table 3.4.2: Key assets and liabilities

Assets and liabilities

 

Actual
2015–16
($m)

Total assets

5 043.2

Cash and cash equivalents

547.6

Trade and other receivables

544.3

Accrued revenues

154.0

Property, plant and equipment

1 525.8

Intangible assets

950.2

Investment property

213.2

Net superannuation asset

403.6

Deferred tax assets

387.1

Other

317.4

Total liabilities

3 204.3

Trade and other payables

1 023.8

Employee provisions

1 037.8

Interest-bearing liabilities

708.5

Deferred tax liabilities

249.6

Other

184.6

Net assets

1 838.9

Note a: Australia Post's staffing level at 30 June 2016 was 34 929.

Key areas of financial statements risk

3.4.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Australia Post's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.4.3.

Table 3.4.3: Key areas of financial statements risk

Relevant financial statement line item

Key area

Audit risk rating

Factors contributing to risk assessment

Investments in associates

Share of net profits of equity accounted investees and joint ventures

Property, plant and equipment

Intangible assets

Gain on sale of controlled entities

Accounting and reporting of complex business combinations

Higher

  • judgement is required in the selection and application of accounting policies to complex transactions entered into; and
  • judgements and estimates are required in assigning the useful life and measuring fair value of non-financial assets.

Goods and services revenue

Recognition of revenue

Higher

  • judgement is required in the selection and application of accounting policies for new and diverse revenue streams; and
  • the complexity of contracts and arrangements entered into, where they include multiple performance obligations and volume targets which affects the contracted price.

Net superannuation asset

Valuation of the Australia Post Superannuation Scheme

Moderate

  • complexity of the valuation including the sensitivity of the economic and demographic assumptions supporting the calculation.

Property, plant and equipment

Intangibles

Investment property

Valuation of non-current assets.

Moderate

  • significant judgement is required in the selection of assumptions for the valuation of non-current assets.
       

Source: ANAO 2016–17 risk assessment for Australia Post.

4.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.4.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash and cash equivalents, trade receivables and property, plant and equipment. An assessment of the IT general controls and IT application controls and controls relating to sales revenue, employee expenses and trade and other payables has also been completed.

3.4.11 As part of the 2016–17 final audit, audit procedures over all key areas will be completed including the valuation of the Australia Post Superannuation Scheme and the valuation of intangible assets.

3.4.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.4.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Australia Post will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.5 nbn co limited

Overview

3.5.1 The primary objective of nbn co limited (nbn) is to provide wholesale services to internet service providers. nbn is a government business enterprise incorporated under the Corporations Act 2001.

3.5.2 Figure 3.5.1 shows nbn's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.5.1: nbn's contribution to the Australian Government's revenue, expenses, assets and liabilities69

3.5.3 Figure 3.5.2 shows the 2015–16 financial statement items reported by nbn and the 2016–17 key areas of financial statements risk.

Figure 3.5.2: Key financial statement items and areas of financial statements risk

Source: ANAO analysis and nbn's financial statements for the year ended 30 June 2016.

3.5.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on nbn's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of nbn's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of nbn also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.5.5 In light of the key areas of risk detailed in Table 3.5.3 and the ANAO's understanding of the operations of nbn, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items70

3.5.6 The operational functions of nbn are funded from the committed equity funding of $29.5 billion from the Commonwealth Government. nbn's 2016–17 Corporate Plan estimates peak funding required of $49.0 billion including $29.5 billion provided through equity. The Commonwealth Government has signed a loan agreement with nbn to cover the remaining funding requirement.

3.5.7 As a Commonwealth Company, nbn is not required to prepare budgeted financial statements as part of the Commonwealth budget process. Table 3.5.1 and Table 3.5.2 provide a summary of the key financial statements items reported in the 2015–16 financial statements.

Table 3.5.1: Key expenses and income items

Key financial statements items

Actual
2015–16
($m)

Total expenses

3 199.0

Depreciation and amortisation expense

884.0

Employee benefits expenses

609.0

Subscriber costs

582.0

Direct network costs

399.0

Finance charges – leased assets

322.0

Other

403.0

Total income

460.0

Telecommunications revenue

403.0

Other revenue

57.0

Loss before income tax

2 739.0

Income tax expense

11.0

Loss after income tax

2 750.0

Table 3.5.2: Key assets and liabilities

Key financial statements items

Actual
2015–16
($m)

Total assets

18 552.0

Property, plant and equipment

15 223.0

Intangible assets

1 334.0

Other

1 995.0

Total liabilities

6 529.0

Trade and other payables

1 569.0

Other financial liabilities

4 412.0

Other

548.0

Net assets

12 023.0

Note a: nbn's staffing level at 30 June 2016 was 4 913.

Key areas of financial statements risk

3.5.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of nbn's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.5.3.

Table 3.5.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Property, plant and equipment

Intangibles

Valuation of network assets

Higher

  • accounting for the valuation of network assets is subject to a high degree of judgment and complexities arising in estimating the significant costs on network construction and software development.

Construction Liabilities

Valuation of construction liabilities

Higher

  • involvement of multiple delivery partners and the capitalisation of associated network assets based on their respective stage of completion at reporting date.

Subscriber costs

Network Assets

Other financial liabilities

Accounting for significant agreements with Telstra and Optus

Higher

  • these contracts are significant and complex in nature and represent a significant portion of the associated financial statements items.

Telecommunications Revenue

Accounting for and reporting telecommunications revenue

Moderate

  • revenue has increased significantly as the network continues to roll out with systems and controls continuing to evolve with scale.
       

Source: ANAO 2016–17 risk assessment for nbn.

3.5.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17.

Audit results

3.5.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls design relating to: supplier expenses, employee benefits, inventory, fixed assets, revenue and receivables and accounting for the Telstra and Optus agreements. This includes an assessment of non-system controls for purchase and payables and payroll. This audit coverage to date does not include an assessment of IT controls for these accounting processes.

3.5.11 Audit procedures relating to the effectiveness of key processes, where appropriate, will be undertaken as part of the 2016–17 final audit. This includes an assessment of IT controls. In addition, we will perform audit procedures to assess the valuation of network assets.

3.5.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.5.13 At the completion of the interim audit, the ANAO identified that the key elements of non-IT internal control were operating effectively to provide reasonable assurance that nbn will be able to prepare financial statements that are free from material misstatement. The effective operation of these controls for the full financial year will be assessed in conjunction with additional detailed audit testing during the 2016–17 final audit.

3.6 Department of Defence

Overview

3.6.1 The Department of Defence and the Australian Defence Force (ADF), collectively known as Defence, are responsible for protecting and advancing Australia's strategic interests through the provision of a regionally superior ADF with the highest levels of military capability and scientific and technological sophistication. To achieve this, Defence prepares for and conducts military operations and other tasks as directed by the Government.

3.6.2 Figure 3.6.1 shows Defence's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.6.1: Defence's contribution to the Australian Government's revenue, expenses, assets and liabilities71

Source: ANAO analysis of CFS and Defence's financial statements for the year ended 30 June 2016.

3.6.3 Figure 3.6.2 and Figure 3.6.3 show the 2015–16 departmental and administered financial statement items reported by Defence and the 2016–17 key areas of financial statements risk.

Figure 3.6.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Defence's financial statements for the year ended 30 June 2016.

Figure 3.6.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Defence's financial statements for the year ended 30 June 2016.

3.6.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Defence's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Defence's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Defence also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.6.5 In light of the key areas of risk detailed in Table 3.6.3 and the ANAO's understanding of the operations of Defence, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items72

3.6.6 Annual appropriation funding of $33 148.2 million (departmental) was provided to Defence in 2016–17 to support the achievement of the entity's outcomes.73 Defence was also budgeted to receive special appropriation funding of $7 826.0 million.74

3.6.7 Table 3.6.1 and Table 3.6.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.6.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

31 590.4

7 826.0

Employee benefits

11 520.1

Suppliers

12 410.8

Depreciation and amortisation

6 855.0

Write-down and impairment of assets

500.8

Military superannuation benefits

7 640.5

Other

303.7

185.5

Total own-source income

774.5

1 537.5

Sales of goods and rendering of services

437.2

Reversals of previous asset write-downs

269.5

Military superannuation contributions

1 416.3

Other

67.8

121.2

Net cost of services

30 815.9

6 288.5

     

Table 3.6.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

94 553.3

3 342.9

Financial assets

1 413.3

3 071.4

Specialist military equipment

56 693.9

General assets:

 

 

Land and buildings

17 132.9

Infrastructure, plant and equipment

8 444.7

Intangibles

772.3

Heritage and cultural

593.9

Inventories

6 564.1

Prepayments

2 874.7

Other

63.5

271.5

Total liabilities

8 285.8

64 200.7

Suppliers

2 409.6

Leases

1 502.0

Employee provisions

2 759.7

Restoration, decontamination and decommissioning

1 354.6

Military superannuation

64 192.5

Other

259.9

8.2

Net assets/(liabilities)

86 267.5

(60 857.8)

     

Note a: Defence's estimated average civilian employees staffing level for 2016–17 is 17 350 and Australian Defence Force (ADF) permanent force level is 58 876.

Key areas of financial statements risk

3.6.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Defence's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.6.3.

Table 3.6.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Departmental

Specialist military equipment (SME)

Prepayments

The accounting for, and valuation of SME, which includes Defence Weapons Platforms (DWPs), Military Support Items (MSI), Assets under Construction (AUC) and associated prepayments

Higher

  • complexity in measuring assets at fair value;
  • annual impairment and revision of useful lives are subject to a high degree of judgement and subjectivity;
  • management of AUC is dispersed across numerous projects that have complex multi-year contractual arrangements and project management requirements; and
  • large prepayments are often made in relation to the acquisition and sustainment of SME.

Departmental

Inventory

Management and valuation of inventory

Higher

  • decentralised holdings and management by multiple parties; and
  • identification of, and accounting for, obsolete stock.

Administered

Military superannuation liabilities

Valuation of military superannuation liabilities

Higher

  • complexity of the calculation and the nature of the economic and demographic assumptions involved.

Departmental

General assets

Management and valuation of general assets

Moderate

  • high volume of capital works and associated purchases managed across numerous locations;
  • completeness and accuracy of the fixed assets register; and
  • accuracy of calculations of depreciation or impairment adjustments.

Departmental

Contingent liabilities

Determining the financial obligations and disclosures for financial reporting of contingent liabilities

Moderate

  • uncertainties relating to the identification of any potential financial obligations and financial statements disclosures that result from potential litigation or compensation associated with Defence's activities.
       

Source: ANAO 2016–17 risk assessment for Defence.

3.6.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports tabled during 2016–17 were relevant to the financial management or administration of Defence:

  • ANAO Report No.11 2016–17 TigerArmy's Armed Reconnaissance Helicopter;
  • ANAO Report No.21 2016–17 Reforming the Disposal of Specialist Military Equipment;
  • ANAO Report No.29 2016–17 Design and Implementation of Defence's Base Services Contracts;
  • ANAO Report No.44 2016–17 Army's Workforce Management;
  • ANAO Report No.46 2016–17 Conduct of OneSKY Tender; and
  • ANAO Report No.48 2016–17 Future Submarine — Competitive Evaluation Process.

3.6.10 ANAO Reports No.11 and No.21 2016–17 included observations relevant to the accounting for and valuation of Specialist Military Equipment outlined in Table 3.6.3. The observations of ANAO Reports No.29 and No.44 2016–17 were considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement.

Audit results

3.6.11 The ANAO has substantially completed its interim audit coverage which included assessing asset management processes and the analysis of data used to calculate the value of the inventory balance at year end. Interim audit coverage also included assessing IT general and application controls for systems that support the preparation of Defence's financial statements, in addition to assessing the operation of key non-IT controls in areas including appropriation management and supplier expenses. The ANAO has also assessed Defence's progress in addressing audit issues.

3.6.12 Audit procedures relating to the 30 June 2017 balances for employee provisions, inventory, SME and other fixed assets, and the military superannuation provision will be undertaken during the final phase of the audit process. In addition, the ANAO will assess legislative compliance, particularly in respect of appropriations and special accounts.

3.6.13 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.6.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

4

0

2

6

Total

4

0

2

6

         
New moderate audit findings
Monitoring of the Privileged Activities Performed by Service Providers

3.6.14 Defence has engaged an external organisation to manage and maintain Defence's IT Infrastructure that host business applications. Under a services contract, this organisation is required to maintain a reliable and secure ICT environment; perform authorised changes to IT Infrastructure; and support Defence in meeting its performance, monitoring and compliance requirements under the Protective Security Policy Framework (PSPF) and Australian Government Information Security Manual (ISM). This organisation is also responsible for the management and maintenance of hosting infrastructure that supports the enterprise resource planning systems, including the management information domains of the Human Resources and Financial Management Information Systems and the logistics management system.

3.6.15 The ANAO's review of users with privileged access to Defence's supporting systems by the service provider staff identified weaknesses in the operation of the controls supporting both the granting of access for new users and terminating access procedures when the privileged access was no longer required. In addition, the sample of changes tested identified both changes which had been abandoned without sufficient documentation, indicating potential inappropriate closure, and changes which had been withdrawn as no longer required after receiving change board approval, indicating authorised changes were not being made. Defence was not able to explain the circumstances surrounding these exceptions identified by the ANAO. Defence had not received the self-reporting required from the provider under the contract during the financial year or conducted its own independent monitoring to identify these exceptions.

3.6.16 Similar findings related to the monitoring of this service provider were raised during the interim phase of the 2015–16 audit. Controls were implemented to address these weaknesses, resulting in closure at 2015–16 year end. These controls have not been sustained, resulting in this moderate finding being raised again.

Accounting for Explosive Ordnance at repair and maintenance facilities

3.6.17 Defence hold complex Explosive Ordnance (EO) items which are subject to routine repairs and maintenance. During the repairs and maintenance process, the items are dis-assembled into key components. As the process occurs over a substantial period of time, the key components should be recognised in the logistics management system and accounted for as separate items; concurrently the assembled item should be de-recognised.

3.6.18 Through the conduct of our stock taking activities at a Defence repair and maintenance facility, the following issues were noted:

  • the ANAO was unable to verify the existence of all EO recorded as stock-on-hand in the logistics management system; and
  • where EO were in various states of disassembly, the ANAO was unable to verify the existence of all key components.

3.6.19 Investigation into these issues identified that the process used at the facility for recording the disassembly of complex EO did not result in their de-recognition in the logistics information system. Additionally, some components were not recognised as separate items in the logistics management system.

3.6.20 These issues result in the misstatement of the EO balance:

  • as each complex EO item retains its assembled status and value in the logistics management system;
  • when dis-assembled only some of the key components are separately recognised and assigned values; and
  • there is an insufficient number of key components to support the number of assembled items recorded as stock on hand.

3.6.21 Defence is developing a plan to address these issues by 30 June 2017.

Unresolved moderate audit findings
Data integrity of the specialist military equipment fixed asset register

3.6.22 In 2015–16 a number of data integrity issues were identified within the specialist military equipment (SME) fixed asset register (FAR). In particular the ANAO noted: insufficient records were maintained to support the calculation of the decommissioning provision; incorrect application of useful lives; and the duplication of inspection costs. Further, Defence's ability to track and value some component assets was hindered by the use of high level descriptions within the SME FAR. These weaknesses may result in the misstatement of the SME balance and depreciation expense.

3.6.23 Defence agreed to review its SME business processes to address the ANAO's findings. This is expected to include more stringent requirements on asset owners to assess SME for decommissioning, inspection costs, componentisation, impairment and existence. Asset owners will be required to provide relevant and reliable supporting documentation to the Defence CFO Group for assessment and validation as part of an enhanced quality assurance process.

3.6.24 In 2015–16 Defence valued SME at fair value for the first time to meet the requirements of the revised financial reporting rule. Defence valued SME using three valuation techniques (engagement of an independent valuer, use of comparator assets and application of indices) which resulted in a revaluation increment of $9.4 billion across all SME. Given the magnitude and timing of the exercise most SME fair value adjustments were processed outside of the FAR through clearing accounts at 30 June 2016. Defence is in the process of adjusting the FAR for the 2015–16 valuation and reversing the adjustments processed through the clearing accounts.

3.6.25 There is an increased risk of misstating SME balances arising from the use of clearing accounts to record SME fair value adjustments. The ANAO will undertake detailed testing of the data integrity of the FAR and the clearing accounts in the 2016–17 final audit, which will focus on whether the SME fair value and impairment adjustments are properly accounted for in the FAR, and that depreciation expense is being calculated correctly.

Revaluation and impairment of general assets

3.6.26 On an annual basis, Defence completes a comprehensive valuation and impairment program for general assets. The asset valuation is performed by independent valuation specialists. During 2015–16 the ANAO identified limitations in the scope of the valuer's work relating to access to buildings and difficulties in inspecting infrastructure buried underground. Further issues were noted in relation to significant delays in recognising assets in the FAR.

3.6.27 During 2016–17 Defence has taken steps to strengthen the collaboration between the valuers and the asset management team. Estate appraisal reports are being provided to the valuers with details of each asset subject to valuation. These reports are expected to be used by the valuers to make a better assessment of the depth of inspection required. Defence has also made changes to the valuation instructions to include details of internal inspections in their valuation certificates. In addition details of assets under construction will be provided to the valuers for inclusion in the revaluation assessment.

3.6.28 Further, during 2015–16 the ANAO noted that contrary to Defence's asset management policy, many heritage and cultural assets had not been revalued in the past five years. In response, Defence is co-ordinating the valuation of the artefact and memorabilia assets across the service groups and will also value heritage and cultural assets in the Army and Naval service groups.

3.6.29 The ANAO also noted that where a partial impairment was recognised for an asset, the accounting treatment applied by Defence was inconsistent with the requirements of the Australian Accounting Standards. A directive in relation to the accounting treatment for partially impaired assets is expected to be issued by Defence. The ANAO will test the application of the directive during the final audit.

3.6.30 The observations noted above may result in the misstatement of general assets.

Estimation of Military Support Items (MSI) impairment

3.6.31 In 2014–15, Defence implemented an assurance process in consultation with an independent statistician, to calculate an adjustment to the MSI impairment value by testing a statistical sample of these assets. The ANAO's observations of this process up to 30 June 2016 identified the following limitations in the methodology:

  • the level of confidence of the sample would continue to be limited where evidence supporting the condition or serviceability of the MSI is not provided; and
  • the volume of evidence required from the groups was not sustainable in an environment of constantly moving MSI holdings, and with an increasingly large sample size was becoming burdensome to operations.

3.6.32 For 2016–17 Defence has revised their methodology, factoring in the ANAO's recommendations to align the selection of MSI for the impairment sample with the locations selected for National Asset and Inventory Sample (NAIS). Following a review of the revised methodology, the ANAO considers that it has been designed appropriately to fulfil the objectives of the assurance sample.

3.6.33 The sample commenced in February 2017 and will be undertaken for the period ending 30 June 2017. Defence will determine whether the information gathered through the execution of the sample has identified indicators of impairment requiring an adjustment to the MSI balance. The ANAO will assess these judgements during the 2016–17 final audit.

Estimation of Defence Weapon Platforms (DWPs) (including assets under construction) impairment

3.6.34 The ANAO raised a moderate audit finding in 2014–15 in respect of Defence's estimation of SME impairment. Although an assurance program was implemented in 2015–16, the process had not been embedded with the appropriate level of follow-up. A number of significant adjustments to the impairment of SME assets were processed as a result of queries raised by the ANAO and through discussions with the three service groups.

3.6.35 Defence has advised that plans are underway to refine their impairment assurance program including the improvement of quality assurance checks over impairment calculations and their allocation to platforms and components. Defence has also agreed to issue impairment guidance and to provide additional training and support to asset owners that manage DWPs at a higher risk of impairment.

3.6.36 In 2016–17 the ANAO will be undertaking a detailed review of Defence's impairment methodology and asset owner assessment as well as the collation, quality assurance and accounting for DWP impairment.

Conclusion

3.6.37 At the completion of the interim audit, the ANAO has reported a number of areas where improvements are required. The audit findings outlined above reduce the level of confidence that can be placed on the key elements of internal control that support the preparation of the financial statements that are free from material misstatement. During the 2016–17 final audit the ANAO will undertake further procedures and assess action taken by Defence to address the weaknesses identified.

3.7 Department of Veterans' Affairs

Overview

3.7.1 The Department of Veterans' Affairs (DVA) is the primary service delivery entity responsible for implementing programs to assist the veteran and defence force communities.

3.7.2 Figure 3.7.1 shows DVA's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.7.1: DVA's contribution to the Australian Government's revenue, expenses, assets and liabilities75

Source: ANAO analysis of CFS and DVA's financial statements for the year ended 30 June 2016.

3.7.3 Figure 3.7.2 and Figure 3.7.3 show the 2015–16 departmental and administered financial statement items reported by DVA and the 2016–17 key areas of financial statements risk.

Figure 3.7.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and DVA's financial statements for the year ended 30 June 2016.

Figure 3.7.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and DVA's financial statements for the year ended 30 June 2016.

3.7.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DVA's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DVA's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DVA also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.7.5 In light of the key areas of risk detailed in Table 3.7.3 and the ANAO's understanding of the operations of DVA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items76

3.7.6 Annual appropriation funding of $339.3 million (departmental) and $108.6 million (administered) was provided to DVA in 2016–17 to support the achievement of DVA's outcomes.77 DVA was also budgeted to receive special appropriation funding of $ 10 631.5 million.78

3.7.7 Figure 3.7.1 and Table 3.7.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.7.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

379.8

11 100.3

Employee benefits

193.1

9.6

Suppliers

128.3

Depreciation and amortisation

27.1

Personal benefits

6 165.0

Health care benefits

4 872.7

Other

31.3

53.0

Total own-source income

47.5

31.1

Sale of goods and rendering of services

42.4

Other

5.1

31.1

Net cost of services

332.3

11 069.2

     

Table 3.7.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

208.5

1 479.2

Investments

61.7

1 316.4

Appropriation receivables

18.0

Trade and other receivables

14.7

120.0

Intangibles

73.4

Land and buildings

28.3

Other

12.5

42.8

Total liabilities

136.2

10 726.4

Supplier and other payables

46.5

38.0

Employee provisions

68.2

2.0

Personal benefits

7 159.5

Healthcare provisions

3 526.9

Other

21.5

Net assets

72.3

9 247.2

     

Note a: DVA's estimated average staffing level for 2016–17 is 1 896.

Key areas of financial statements risk

3.7.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DVA's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.7.3.

Table 3.7.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Personal benefits and healthcare provisions

Valuation of military compensation provision

Higher

  • judgements involved in the assumptions and calculations underpinning the actuarial assessment of the military compensation provision;
  • increasing value of the provision as an unfunded liability; and
  • availability, quality and completeness of data used to derive the valuation.

Administered

Personal benefits and healthcare expenses

Accuracy of personal benefits and healthcare payments

Higher

  • complex legislation applicable to individual claims;
  • ageing IT infrastructure that supports the personal benefit and healthcare payments;
  • dependence on veteran-provided information; and
  • reliance on shared service providers.

Departmental

Intangibles

Attribution of capital costs for internally developed software and assets under construction

Moderate

  • complexity of the valuation process; and
  • judgements applied to the capitalisation of costs associated with internally developed software.

All expense items

Legislative compliance on claim processing, assessment and payment arrangements

Moderate

  • conditions legislated by Parliament must be met before payments are made; and
  • potential section 83 breaches are reported in the financial statements.

All financial statement line items

IT control environment

Moderate

  • large number of ageing IT systems involved in the capturing and processing of financial data required to produce the financial statements.
       

Source: ANAO 2016–17 risk assessment for DVA.

3.7.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.7.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the department's methodology to estimate the military compensation provision; and an assessment of the controls supporting personal benefits and healthcare payments.

3.7.11 Audit coverage also included an assessment of: IT general controls and application controls in the Financial Management Information System (FMIS) and Human Resources Management Information System (HRMIS); manual controls relating to cash and asset management, non‐financial assets, supplier expenses and employee benefits.

3.7.12 As part of the 2016–17 final audit, additional work will be performed to complete the evaluation of the above mentioned areas. This will include testing to substantiate the year‐end balances in respect of the military compensation provision and personal benefits and healthcare payments, review the work of the valuation experts and disclosures relating to legislative compliance.

3.7.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.7.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DVA will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.8 Department of Education and Training

Overview

3.8.1 The Department of Education and Training (Education) works with state and territory governments, other government entities and a range of service providers to deliver education and training related policy, advice and services for the benefit of Australians.

3.8.2 Figure 3.8.1 shows Education's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.8.1: Education's contribution to the Australian Government's revenue, expenses, assets and liabilities79

Source: ANAO analysis of CFS and Education's financial statements for the year ended 30 June 2016.

3.8.3 Figure 3.8.2 and Figure 3.8.3 show the 2015–16 departmental and administered financial statement items reported by Education and the 2016–17 key areas of financial statements risk.

Figure 3.8.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Education's financial statements for the year ended 30 June 2016.

Figure 3.8.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Education's financial statements for the year ended 30 June 2016.

3.8.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Education's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Education's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Education also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.8.5 In light of the key areas of risk detailed in Table 3.8.3 and the ANAO's understanding of the operations of Education, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items80

3.8.6 Annual appropriation funding of $362.8 million (departmental) and $1 922.7 million (administered) was provided to Education in 2016–17 to support the achievement of Education's outcomes.81 Education was also budgeted to receive special appropriation funding of $42 728.9 million.82

3.8.7 Table 3.8.1 and Table 3.8.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.8.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

386.2

38 159.7

Employee benefits

212.4

Suppliers

147.1

651.4

Subsidies

398.3

Personal benefits

7 301.8

Grants

27 107.8

Write-down and impairment of assets

572.8

Depreciation and amortisation

26.7

Personal benefits

Other

2 127.6

Total own-source income

25.9

4 217.5

Sale of goods and rendering of services

17.4

Other taxes

10.4

Interest

558.9

Loan discount

778.8

Other

8.5

2 869.4

Net cost of services

360.3

33 942.3

     

Table 3.8.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

225.8

48 010.2

Trade and other receivables

70.5

823.3

Other investments

2 118.9

Other financial assets

8.1

45 068.0

Land and buildings

36.7

Property, plant and equipment

10.7

Intangibles

89.7

Other

10.1

Total liabilities

124.6

8 020.0

Supplier

17.3

59.7

Other payables

32.3

Personal benefits

99.9

Grants

20.7

Loans

32.8

Personal benefits provision

954.2

Provision for grants

6 844.6

Employee provisions

73.3

Other

1.7

8.1

Net assets

101.2

39 990.2

     

Note a: Education's estimated average staffing level for 2016–17 is 1 870.

Key areas of financial statements risk

3.8.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Education's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.8.3.

Table 3.8.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Supplier payments and personal benefits

The valuation of the child care accrual and the receivable balance and accuracy of payments processed in accordance with the child care program.

Higher

  • the complex legislation and administration of child care benefits;
  • payments are reliant on self-assessed information provided by child care service providers and claimants;
  • the IT environment is highly dependent on external information systems which are administered by the Department of Social Services (Social Services) and the Department of Human Services; and
  • a significant audit finding raised in 2013–14 concerning Education's compliance program and estimated error rates in the child care claims remains outstanding.

Administered

Concessional loans

The valuation of the outstanding loan receivable under the Higher Education Loan Program (HELP)

Higher

  • the balances of outstanding loans and impairment are derived from complex actuarial estimates and the estimate contains a degree of estimation uncertainty;
  • the estimates also involve significant management judgements and assumptions;
  • payment data is reliant on sources external to Education such as: the Australian Taxation Office; universities; and other third parties; and
  • a number of audit issues were identified in 2015–16 concerning the administration of the student loans scheme which forms part of HELP.

Administered

Provision for grants and grants payments

The valuation of the Higher Education Superannuation Program (HESP receivable and provision)

Higher

  • the valuation of the HESP liability is subject to an actuarial estimation process and is highly sensitive to movements in discount factors and bond rates; and
  • the valuation is complex and depends on accurate source data which is provided by third parties external to Education.

Administered

Supplier expenses

Receivables

Implementation of a new vocational education training (VET) student loans scheme

Higher

  • changes to the key IT systems to support the implementation of the new scheme; and
  • the new scheme has a range of new features including the eligibility of providers and students.

Departmental

Multiple financial statement line items

Transition of the key business responsibilities performed by the Shared Services Centre (SSC), primarily to the Department of Financea

Higher

  • complexities involved in managing a shared services arrangement;
  • transitional and other restructure arrangements required; and
  • issues noted in the prior year relating to the control environment and governance arrangements over the SSC.

Administered

Grants payments

The administration of multiple and diverse grant programs

Moderate

  • grants programs are decentralised and are managed across a number of different systems that rely on input of information from third parties; and
  • the payments process relies on third party assessment of eligibility to receive a nominated grant.

All financial statement line items

Financial statements preparation process

Moderate

  • the complexities arising from data managed by a number of areas, both internal and external to Education; and
  • a moderate audit issue was reported in 2015–16 concerning weaknesses in Education's financial statement preparation process.
       

Source: ANAO 2016–17 risk assessment for Education.

Note a: As part of further machinery of government changes which was announced in September 2016 and effective from 1 December 2016, core transactional services provided by the SSC transferred to the Department of Finance from Education and the Department of Employment effective from 1 December 2016.

3.8.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports tabled during 2016–17 and were relevant to the financial management or administration of Education:

  • ANAO Report No.25 2016–17 The Shared Services Centre;
  • ANAO Report No.31 2016–17 Administration of the VET FEE-HELP Scheme; and
  • ANAO Report No.49 2016–17 Apprenticeship Training – alternative delivery pilots.

3.8.10 ANAO Report No.25 2016–17 included observations relevant to the Shared Service Centre transition to the Department of Finance outlined in Table 3.8.3. The report identified that the SSC formalised agreements with clients through a memorandum of understanding (MoU) and these agreements did not contain sufficient detail of the responsibilities between the SSC and its clients.

3.8.11 The financial statements audit approach includes a detailed review of the governance and control framework over transactions processed for all users of the shared services.

3.8.12 Report No.31 2016–17 Administration of the VET FEE-HELP Scheme identified that there were weaknesses in Education's administration of the program. These included issues relating to approvals of providers, compliance activities and the management of payments and information.

3.8.13 The financial statements audit approach has been designed to obtain appropriate and sufficient assurance over the approvals and payments relating to the VET FEE-HELP scheme and the new VET student loans program which commenced on 1 January 2017.

3.8.14 Report No.49 Apprenticeship Training – alternative delivery pilots did not include recommendations which impacted the financial statements audit approach.

Audit results

3.8.15 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: VET FEE-HELP and VET student loans; personal benefits payments systems; administered grants payments; and IT application controls.

3.8.16 Audit procedures relating to: child care compliance, the transition of the SSC to the Department of Finance, including substantive testing of departmental balances, payment of grants expenses, and accounting for the HELP and HESP provisions at year end will be completed as part of the 2016–17 final audit.

3.8.17 To date, audit coverage has not identified any new significant or moderate audit findings.

3.8.18 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.8.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

1

0

0

1

Moderate (B)

2

(1) a

0

1

Total

3

(1)

0

2

         

Note a: The moderate audit issue relating to the governance and control arrangements for shared services has been downgraded to a minor audit finding.

Resolved moderate audit finding
Governance and control arrangements for shared services

3.8.19 As part of the Australian Government's shared and common services strategy, Education and the Department of Employment (Employment) were jointly responsible for the effective operation of the Shared Services Centre (SSC). The SSC delivered a variety of services such as payroll and financial processing, banking, and information technology support to the users of the shared services (clients).

3.8.20 During the 2015–16 final audit, the ANAO identified weaknesses in the design and operational effectiveness of the SSC's controls relating to the Financial Management Information System (FMIS). These included a large number of users with edit access to payment files, lack of appropriate security features over payment files prior to bank processing, and insufficient documentation of key aspects of the governance framework.

3.8.21 From 1 December 2016, core transactional services such as accounts payable, accounts receivable, credit card management, payroll and some elements of travel management, transferred from the SSC to the Department of Finance. The majority of the remaining shared service responsibilities were retained by Employment, with Education providing some non-financial shared services to existing clients.

3.8.22 Although key components of governance are outstanding, Education now has a reduced role in the provision of the shared services and as a result this finding has been down graded to a minor finding.

Unresolved significant and moderate audit findings
Child care compliance – estimated incorrect payments

3.8.23 In 2013–14, the ANAO identified significant weaknesses in the Child Care compliance program implemented by the former Department of Education and noted that the department estimated significant incorrect payments being made to child care service providers. At that time, the department indicated that improvements to its child care compliance framework had been implemented including: establishing a taskforce focused on serious non-compliance matters; increasing the level of other monitoring activities, including risk based data interrogation and analysis; and further improvements were planned.

3.8.24 In 2014–15, responsibility for the Child Care program transferred to Social Services. The ANAO noted at that time that the compliance program included parent confirmation of their child's attendance. This activity seeks to independently verify claims made by service providers, and collects data that is used to determine a statistical estimate of incorrect payments. Social Services identified that the statistical estimate of incorrect payments made to child care service providers due to non‐compliance during 2014–15 was $693 million. Social Services made progress in the implementation of measures designed to protect and improve the integrity of the child care fee assistance payments and entitlements.

3.8.25 In 2015–16, responsibility for the Child Care program transferred from Social Services back to Education. Education has continued the child care compliance program and has directed more resources towards the prevention and detection of serious non-compliance, increasing stakeholder engagement and education, and increasing the level of other monitoring activities.

3.8.26 Education provided the ANAO with a paper outlining a range of improvements to the compliance framework and recent legislative changes. Education has advised that it expects the estimated incorrect payments for 2016–17 to be substantially reduced as a result of this work.

3.8.27 The ANAO will assess the effectiveness of these improvements and test the statistical estimate of incorrect payments as part of the 2016–17 final audit.

Financial Statements Preparation

3.8.28 Balances and disclosures within Education's financial statements are underpinned by multiple complex business information systems, data provided by third-parties, and significant accounting judgements and estimates. This increases the risk of potential misstatements, particularly in the absence of adequate financial statement preparation and quality review processes.

3.8.29 During 2015–16, the ANAO noted weaknesses in Education's financial statements preparation processes, including:

  • management had not performed sufficient analysis of information supporting the fair value measurement of administered investments. This balance represents a significant portion of the administered assets balance in the financial statements; and
  • the omission of a significant disclosure related to judgements and estimates used to calculate the HELP receivable balance.

3.8.30 These weaknesses highlighted the need for Education to improve the underlying business processes required for financial statements preparation and quality review, including the development of a detailed risk based financial statements preparation plan that includes appropriate detail and analysis relating to key balances.

3.8.31 During the 2016–17 interim audit Education provided the ANAO with a comprehensive financial statement preparation plan. The plan was underpinned by detailed risk assessments and a quality assurance plan.

3.8.32 The ANAO will review the implementation of these enhancements during the 2016–17 final audit.

Conclusion

3.8.33 At the completion of the interim audit, except for the findings outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Education will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.9 Department of Employment

Overview

3.9.1 The Department of Employment's (Employment) role is to provide national policies and programs that help Australians find and keep employment, work in safe, fair and productive workplaces, and improve the employment-related performance of enterprises in Australia.

3.9.2 Figure 3.9.1 shows Employment's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.9.1: Employment's contribution to the Australian Government's revenue, expenses, assets and liabilities83

Source: ANAO analysis of CFS and Employment's financial statements for the year ended 30 June 2016.

3.9.3 Figure 3.9.2 and Figure 3.9.3 show the 2015–16 departmental and administered financial statement items reported by Employment and the 2016–17 key areas of financial statements risk.

Figure 3.9.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Employment's financial statements for the year ended 30 June 2016.

Figure 3.9.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Employment's financial statements for the year ended 30 June 2016.

3.9.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Employment's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Employment's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audits tabled since 1 July 2016 and relevant to the financial management or administration of Employment also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.9.5 In light of the key areas of risk detailed in Table 3.9.3 and the ANAO's understanding of the operations of Employment, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items84

3.9.6 Annual appropriation funding of $321.0 million (departmental) and $1 671.0 million (administered) was provided to Employment in 2016–17 to support the achievement of the Employment's outcomes.85 Employment was also budgeted to receive $432.9 million special appropriation funding.86

3.9.7 Table 3.9.1 and Table 3.9.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.9.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

352.3

1 951.7

Employee benefits

213.7

Suppliers

107.3

1 246.1

Subsidies

304.2

Grants

96.4

Depreciation and amortisation

31.3

Personal benefits

298.3

Other

6.7

Total own-source income

34.9

200.8

Sale of goods and rendering of services

34.5

Other taxes

154.6

Recoveries

39.4

Other

0.4

6.8

Net cost of services

317.4

1 750.9

     

Table 3.9.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

275.0

290.7

Other Investments

240.9

Trade and other receivables

124.7

31.9

Leasehold improvements

25.4

Intangibles

92.1

Property, plant and equipment

19.4

Other

13.4

17.9

Total liabilities

117.6

2 860.5

Employee provisions

67.1

Supplier payables

18.7

61.0

Other payables

28.4

2772.0

Subsidies

24.1

Other

3.4

3.4

Net assets/(liabilities)

157.4

(2 569.8)

     

Note a: Employment's estimated average staffing level for 2016–17 is 1 877.

Key areas of financial statements risk

3.9.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Employment's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.9.3.

Table 3.9.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Departmental

Multiple financial statement line items

Transition of the key business responsibilities performed by the Shared Services Centre, primarily to the Department of Financea

Higher

  • complexities involved in managing a shared services arrangement;
  • transitional and other restructure arrangements required; and
  • issues noted in the prior year relating to the control environment and governance arrangements over the Shared Service Centre (SSC).

Administered

Personal benefits, suppliers and subsidies

The effectiveness of the design and implementation of the jobactive compliance program

Moderate

  • payments are reliant on assessments made by third party service providers; and
  • the success of the department's compliance activities are also crucial to the integrity of the jobactive program.
       

Note a: As part of further machinery of government changes announced in September 2016 and effective from 1 December 2016, core transactional services provided by the SSC moved to the Department of Finance from the Department of Education and Training and Employment.

Source: ANAO 2016–17 risk assessment for Employment.

3.9.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.25 The Shared Services Centre was tabled during 2016–17 and was relevant to the financial management and administration of Employment. ANAO Report No.25 assessed the effectiveness of Employment's and the Department of Education and Training's (Education) administration of the Shared Services Centre (SSC) to achieve efficiencies and to deliver value to its customers.

3.9.10 ANAO Report No.25 2016–17 included observations relevant to the key financial statement risk outlined in Table 3.9.3, specifically the governance arrangements over the SSC. The observations in this report are consistent with the finding raised in the previous financial statements audit of Employment. Paragraph 3.9.15 to 3.9.20 detail an unresolved moderate audit finding related to Employment's governance arrangements over the former SSC.

3.9.11 The financial statements audit approach includes a detailed review of the governance and control framework over transactions processed in respect of all users of the shared services.

Audit results

3.9.12 The ANAO has completed its 2016–17 interim audit coverage including an assessment of the controls relating to: administered supplier expenses, personal benefits and subsidy payments and grants expenditure. Interim audit coverage also included an assessment of the IT general controls, the transition of the SSC to the Department of Finance, and the design and implementation of the jobactive compliance program has also been completed.

3.9.13 As part of the 2016–17 final audit, the ANAO will perform procedures over all material items and detailed testing over the design and implementation of the jobactive compliance program.

3.9.14 To date, our audit coverage has not identified any new significant or moderate audit findings.

3.9.15 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.9.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

1

0

0

1

Total

1

0

0

1

         
Unresolved moderate audit finding
Governance and control arrangements for shared services

3.9.16 As part of the Australian Government's shared and common services strategy, Employment and Education were jointly responsible for the effective operation of the SSC. The SSC delivered a variety of services such as payroll and financial processing, banking, and information technology support to the users of the shared services (clients).

3.9.17 During the 2015–16 final audit, the ANAO identified weaknesses in the design and operational effectiveness of the SSC's controls related to the FMIS. These issues included:

  • insufficient documentation in the Memoranda of Understanding (MoU) between the SSC and each of its clients regarding the allocation of roles and responsibilities in relation to financial reporting, governance and accountability;
  • an inappropriate number of users had access to payment files prior to processing by the Reserve Bank of Australia (RBA). This level of access allowed users to access, edit or delete payment information; and
  • security features that identify changes to financial information prior to processing by the RBA had not been activated by the SSC, and as a result, reconciliation processes did not effectively detect any inappropriate changes made to financial information arising from these identified weaknesses.

3.9.18 At the conclusion of the 2015–16 audit, Employment and Education agreed to implement controls to secure the payment file and activate appropriate security features over financial information. In addition, the department agreed to implement a quality control program over shared services provided by and used by the department.

3.9.19 From 1 December 2016, core transactional services such as accounts payable, accounts receivable, credit card management, and some elements of travel management and payroll, transferred from the SSC to the Department of Finance (Finance). Most of the remaining shared services were retained by Employment.

3.9.20 Employment reduced the number of users with access to payment files in July 2016 and has advised that enhanced security features for banking and payment processes were implemented in early February 2017. The ANAO reviewed the application of these features during the interim audit phase and agreed that the enhancements will improve controls over payments from the time of implementation. The ANAO is working with Employment and Finance to gain the required assurance over payments made during the first seven months of the financial year.

3.9.21 Given the complexities of the changes relating to the transfer of the shared services, the finalisation of MoUs and underlying service agreements is still in progress.

Conclusion

3.9.22 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Employment will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.10 Department of the Environment and Energy

Overview

3.10.1 The Department of the Environment and Energy (Environment) advises on and implements, environment and energy policy to support the Australian Government achieving a healthy environment, strong economy and thriving community now and into the future. The Department is also responsible for managing the conservation, protection and sustainability of Australia's natural resources, biodiversity, ecosystems, environment and heritage requirements, and contributes to the national response to climate change. Additional areas of departmental responsibility include advancing Australia's interests in the Antarctic, managing the environmental water use and resources; and supporting the reliable, sustainable and secure operations of energy markets

3.10.2 Figure 3.10.1 shows Environment's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.10.1: Environment's contribution to the Australian Government's revenue, expenses, assets and liabilities87

Source: ANAO analysis of CFS and Environment's financial statements for the year ended 30 June 2016.

3.10.3 Figure 3.10.2 and Figure 3.10.3 show the 2015–16 departmental and administered financial statement items reported by Environment and the 2016–17 key areas of financial statements risk.

Figure 3.10.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Environment's financial statements for the year ended 30 June 2016.

Figure 3.10.3: Key administered financial statement items and areas of financial statements risk

3.

Source: ANAO analysis and Environment's financial statements for the year ended 30 June 2016.

3.10.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Environment's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of the Department's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Environment also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.10.5 In light of the key areas of risk detailed in Table 3.10.3 and the ANAO's understanding of the operations of Environment, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items88

3.10.6 Annual appropriation funding of $552.1 million (departmental) and $458.1 million (administered) was provided to Environment in 2016–17 to support the achievement of the entity's outcomes.89 Environment was also budgeted to receive $2 189.2 million special appropriation funding.90

3.10.7 Table 3.10.1 and Table 3.10.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.10.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

534.0

797.2

Employee benefits

215.9

Suppliers

205.8

190.4

Depreciation and amortisation

47.2

Finance costs

17.1

Grants

4.1

306.0

Payments to Commonwealth entities

42.8

299.4

Other

1.1

1.4

Total own-source income

43.1

448.2

Sale of goods and rendering of services

38.3

Dividends

19.5

Fees and fines

19.2

Other

4.8

409.5

Net cost of services

490.9

349.0

     

Table 3.10.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

673.2

6 687.3

Trade and other receivables

136.6

5.5

Buildings

244.6

Investments

3 350.8

Intangibles

16.8

Property, plant and equipment

260.5

Water assets

3 316.7

Other

14.7

14.3

Total liabilities

670.1

13.4

Suppliers

14.2

11.0

Employee provisions

70.2

Antarctic make good provisions

570.4

Other

15.3

2.4

Net assets/(liabilities)

3.1

6 673.9

     

Note a: Environment's estimated average staffing level for 2016–17 is 1 947.

Key areas of financial statements risk

3.10.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Environment's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.10.3.

Table 3.10.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Water assets

Valuation of the Government's water entitlement assets

Higher

  • the balance is subject to complex estimation and judgement; and
  • information to support the valuation is provided by third parties.

Administered

Investments

Valuation of the Australian Government's investment in Snowy Hydro Limited

Higher

  • subject to complex estimation and significant judgement relating to forecasts of future performance; and
  • the valuation is subject to significant judgement as the asset is not readily traded in an open market.

Departmental

Antarctic make good provisions

Valuation of obligations to restore the Antarctic bases

Moderate

  • the balance is subject to judgement and estimation, particularly relating to discount rates, escalation factors, asset replacement costs and useful lives.

Administered

Grant expenses and payables

Administration of grant programs

Moderate

  • the department administers a wide variety of grant programs which constitute a significant expense reported in the financial statements.
       

Source: ANAO 2016–17 risk assessment for Environment.

3.10.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.10.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: administered grant payments, payroll processing and supplier expenses. As part of the interim audit coverage, a review of Environment's key controls underpinning the preparation of financial statements and Environment's key IT general and application controls has been undertaken.

3.10.11 Audit procedures relating to the valuations of water assets and Snowy Hydro Limited; and the assessment of the estimated restoration costs for Antarctic bases will be undertaken as part of the 2016–17 final audit.

3.10.12 To date, audit coverage of the above areas has not identified any significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.10.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Environment will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.11 Department of Finance

Overview

3.11.1 The Department of Finance (Finance) is responsible for supporting the Government's Budget process and oversight of public sector resource management, governance and accountability frameworks. In addition, Finance is responsible for the preparation of the annual Australian Government Consolidated Financial Statements (CFS), which includes the Whole-of-Government, the General Government Sector financial statements, and the Australian Government's financial outcome.

3.11.2 Figure 3.11.1 shows Finance's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.11.1: Finance's contribution to the Australian Government's revenue, expenses, assets and liabilities91

Source: ANAO analysis of CFS and Finance's financial statements for the year ended 30 June 2016.

3.11.3 Figure 3.11.2 and Figure 3.11.3 show the 2015–16 departmental and administered financial statement items reported by Finance and the 2016–17 key areas of financial statements risk.

Figure 3.11.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Finance's financial statements for the year ended 30 June 2016.

Figure 3.11.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Finance's financial statements for the year ended 30 June 2016.

3.11.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Finance's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Finance's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Finance also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.11.5 In light of the key areas of risk detailed in Table 3.11.3 and the ANAO's understanding of the operations of Finance, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items92

3.11.6 Annual appropriation funding of $353.8 million (departmental) and $311.2 million (administered) was provided to Finance in 2016–17 to support the achievement of the Finance's outcomes.93 Finance was also budgeted to receive special appropriation funding of $11 226.5 million.94

3.11.7 Table 3.11.1 and Table 3.11.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.11.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

605.7

9 903.3

Employee benefits

175.1

253.4

Suppliers

301.4

230.6

Depreciation and amortisation

24.1

20.7

Insurance claims

94.0

Superannuation

8 967.6

Distribution from investment funds

423.7

Other

11.1

7.3

Total own-source income

436.5

1 826.2

Rendering of services

197.7

3.8

Insurance premiums

141.1

Superannuation contributions

1 258.8

Interest and dividends

408.1

Rental income

71.5

Sale of investments

133.5

Other

26.2

22.0

Net cost of services

169.2

8 077.1

     

Table 3.11.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

2 954.5

19 854.0

Trade and other receivables

925.7

141.0

Land and buildings (including investment properties)

1 791.8

16.5

Property, plant and equipment

82.6

71.8

Intangibles

104.3

1.5

Investments

19 606.7

Other

50.1

16.4

Total liabilities

702.8

111 014.3

Suppliers

99.7

11.7

Employee provisions

65.3

312.5

Unearned revenue

85.9

Return of equity

65.3

Superannuation provision

110 665.1

Insurance provisions

352.6

Other

34.0

25.0

Net assets/(liabilities)

2 251.7

(91 160.3)

     

Note a: Finance's estimated average staffing level for 2016–17 is 1 318.

Key areas of financial statements risk

3.11.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Finance's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.11.3.

Table 3.11.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Superannuation liability

Valuation of unfunded public sector superannuation

Higher

  • complex calculation of each superannuation fund's liability and sensitivity of each fund to demographic factors and other movements, such as salary growth and bond rates; and
  • reliance on the Commonwealth Superannuation Corporation for the processing of superannuation benefit payments and the provision of complete and accurate data to Finance's actuary.

Departmental

Outstanding insurance provision

Valuation of the outstanding claims liability under the Australian Government's self-managed general insurance fund

Higher

  • complex calculation based on assumptions that require significant judgement; and
  • reliance on the control environment of an external service provider for the effective management of the claims process.

Departmental

Land and buildings

Investment property

Valuation of the Government's non-defence domestic property portfolio

Moderate

  • use of different valuation methods that require significant judgement on the selection of assumptions within the valuation models across a large portfolio of properties.

Departmental

Multiple financial statement line items

Transition of the key business responsibilities performed by the Shared Services Centre (SSC)a to Finance and transfer of responsibilities to Independent Parliamentary Expenses Authority and Digital Transformation Agency

Moderate

  • complexities involved in managing a shared services arrangement;
  • transitional and other restructure arrangements required; and
  • issues noted in the prior year relating to the control environment and governance arrangements over the SSC.
       

Note a: As part of further machinery of government changes announced in September 2016 and effective from 1 December 2016, core transactional services provided by the SSC moved to the Department of Finance from the Departments of Education and Training; and Employment.

Source: ANAO 2016–17 risk assessment for Finance.

3.11.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.25 The Shared Services Centre was tabled during 2016–17 and is relevant to the financial management and administration of Finance. ANAO Report No.25 assessed the effectiveness of the Departments' of Employment (Employment) and Education and Training (Education) administration of the Shared Services Centre (SSC) to achieve efficiencies and to deliver value to its customers.

3.11.10 ANAO Report No.25 2016–17 included observations relevant to the key financial statement risk outlined in Table 3.11.3, specifically the governance arrangements over the SSC. The observations in this report are consistent with the finding that was previously reported by the Education and Employment. Paragraph 3.11.15 to 3.11.20 detail an unresolved moderate audit finding related to governance arrangements over the former SSC.

3.11.11 The financial statements audit approach includes a detailed review of the governance and control framework over transactions processed in respect of all users of the shared services.

Audit results

3.11.12 The ANAO's 2016−17 interim audit coverage has been completed and included assessing key controls over employee entitlements, asset management and supplier expenditure. As part of the interim coverage, the ANAO has also substantially assessed controls relating to the payment of entitlements to Parliamentarians and their staff.

3.11.13 Audit coverage relating to the valuations of the unfunded superannuation liability, general insurance liability and Finance's non-defence domestic property portfolio will be completed as part of the 2016–17 final audit.

3.11.14 The following table summarises the status of audit finding reported by the ANAO in 2015–16 and 2016–17.

Table 3.11.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

0

0

1a

1

Total

0

0

1

1

         

Note a: Following the transfer of the SSC from Education and Employment to Finance, the responsibility for addressing the unresolved moderate audit finding transferred to Finance. Details regarding this finding were reported to Parliament in ANAO Report No.33 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016.

Unresolved moderate audit finding
Governance and control arrangements for shared services

3.11.15 As part of the Australian Government's shared and common services strategy, Employment and Education were jointly responsible for the effective operation of a service organisation known as the SSC. The SSC delivered a variety of services such as payroll and financial processing, banking, and information technology support to the users of the shared services (clients).

3.11.16 During the 2015–16 final audit, the ANAO identified weaknesses in the design and operational effectiveness of the SSC's controls related to the financial management information system. These key issues included:

  • insufficient documentation in the Memoranda of Understanding (MoU) between the SSC and each of its clients regarding the allocation of roles and responsibilities in relation to financial reporting, governance and accountability;
  • an inappropriate number of users with access to payment files prior to processing by the Reserve Bank of Australia (RBA). This level of access allowed users to access, edit or delete payment information; and
  • security features that identify changes to financial information prior to processing by the RBA had not been activated by the SSC, and as a result, reconciliation processes did not effectively detect any inappropriate changes made to financial information arising from these identified weaknesses.

3.11.17 At the conclusion of the 2015–16 audit, Employment agreed to implement controls to secure the payment file and activate appropriate security features over financial information and agreed to implement a quality control program over shared services.

3.11.18 From 1 December 2016, core transactional services such as payroll, accounts payable, accounts receivable, credit card management, and some elements of travel management, transferred from the SSC to Finance. The remaining shared services were retained by Employment.

3.11.19 Given the complexities of the changes relating to the transfer of the shared services, the finalisation of the MoUs and associated service agreements are still in progress.

3.11.20 Employment has actioned the items for payment files and security features by reducing the number of users with access to payment files in July 2016 and has advised that enhanced security features for banking and payment processes were implemented in early February 2017. The ANAO reviewed the application of these features during the interim audit phase and agreed that the enhancements will improve controls over payments from the time of implementation. The ANAO is working with Employment and Finance to gain the required assurance over payments made during the first seven months of the financial year.

Conclusion

3.11.21 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Finance will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.12 Future Fund Management Agency and the Board of Guardians

Overview

3.12.1 The Future Fund Board of Guardians, supported by the Future Fund Management Agency, (together the Future Fund) has responsibility for investment of the assets of the Future Fund under the Future Fund Act 2006 and other investment funds under the Nation-building Funds Act 2008, the Disability Care Australia Fund Act 2013, and the Medical Research Future Fund Act 2015, for the benefit of future generations of Australians.

3.12.2 Figure 3.12.1 shows the Future Fund's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.12.1: Future Fund's contribution to the Australian Government's revenue, expenses, assets and liabilities95

Source: ANAO analysis of CFS and the Future Fund's financial statements for the year ended 30 June 2016.

3.12.3 Figure 3.12.2 shows the 2015–16 departmental financial statement items reported by the Future Fund and the 2016–17 key areas of financial statements risk.

Figure 3.12.2: Key Future Fund financial statement items and areas of financial statements risk

 

Source: ANAO analysis and the Future Fund's financial statements for the year ended 30 June 2016.

 

3.12.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on the Future Fund's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of the Future Fund's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Future Fund's also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.12.5 In light of the key areas of risk detailed in Table 3.12.3 and the ANAO's understanding of the operations of the Future Fund's, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items96

3.12.6 Between May 2006 and June 2008, the Government made cash contributions to the Future Fund totalling $51.3 billion. The Future Fund also received Telstra shares to the value of $9.2 billion. No further Government contributions have been made since this time. As a result, the operational functions of the Future Fund are funded through payments from the administered Future Fund special account and the other Australian Government Investment Funds. In 2016–17, these payments are estimated to total $59.0 million.

3.12.7 Table 3.12.1 and Table 3.12.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.12.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

59.2

374.1

Employee benefits

39.8

0.9

Suppliers

16.9

373.2

Depreciation and amortisation

2.5

Total own-source income

59.2

7 810.0

Payments from the Future Fund special accounta

57.0

Payments from the Australia Government Investment Funds

2.1

Interest and dividends

3 327.7

Investment gains

4 482.3

Other

0.1

 

Net contribution to services

7 435.9

     

Note a: As noted in paragraph 3.12.6 amounts are transferred from the Future Fund administered special account to offset the operational expenses incurred by the Future Fund Management Agency in managing the Future Fund.

Table 3.12.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

25.5

131 720.8

Receivables

16.8

2 392.2

Non-financial assets

7.3

Investments

129 326.9

Other

1.4

1.6

Total liabilities

25.5

1 549.2

Employee provisions

22.6

0.1

Suppliers payable

105.6

Other payables

2.9

1 443.6

Net assets

130 171.6

     

Note a: The Future Fund's estimated average staffing level for 2016–17 is 138.

Key areas of financial statements risk

3.12.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Future Fund's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.12.3.

Table 3.12.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Investments

Investment strategy, management and valuation

Higher

  • the inherent subjectivity of valuations and illiquid market conditions for certain investments.

Investment Management Fees

Accuracy of fees paid to investment managers

Moderate

  • calculation of performance fees due to their nature, multiple input variables and can require management estimation.

Investments

Effectiveness of governance processes, including monitoring external service providers and the custodian

Moderate

  • reliance on information from the custodian (including asset valuation, rights, obligations and existence of assets); and
  • potential for financial loss where custodian or subcustodian fails to meet their obligations in accordance with the agreed terms.
       

Source: ANAO 2016–17 risk assessment for the Future Fund.

3.12.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.12.10 The audit coverage completed to date has included an assessment of the compliance functions and controls relating to management of investments and liquidity requirements, including monitoring of its services providers.

3.12.11 The valuation of investments, including the assessment of controls that reside within the outsourced custodian, will be completed as part of the final audit.

3.12.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.12.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that the Future Fund will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.13 Department of Foreign Affairs and Trade

Overview

3.13.1 The Department of Foreign Affairs and Trade (DFAT) is responsible for providing foreign, trade and development policy advice and for leading the Australian Government's international efforts to shape the regional and international environment.

3.13.2 Figure 3.13.1 shows DFAT's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.13.1: DFAT's contribution to the Australian Government's revenue, expenses, assets and liabilities97

Source: ANAO analysis of CFS and DFAT's financial statements for the year ended 30 June 2016.

3.13.3 Figure 3.13.2 and Figure 3.13.3 show the 2015–16 departmental and administered financial statement items reported by DFAT and the 2016–17 key areas of financial statements risk.

Figure 3.13.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and DFAT's financial statements for the year ended 30 June 2016.

Figure 3.13.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and DFAT's financial statements for the year ended 30 June 2016.

3.13.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DFAT's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DFAT's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DFAT also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.13.5 In light of the key areas of risk detailed in Table 3.13.3 and the ANAO's understanding of the operations of DFAT, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items98

3.13.6 Annual appropriation funding of $1 559.8 million (departmental) and $5 209.5 million (administered) was provided to DFAT in 2016–17 to support the achievement of DFAT's outcomes.99 DFAT was also budgeted to receive special appropriation funding of $1.0 million.100

3.13.7 Table 3.13.1 and Table 3.13.2 provide a summary of the key 2016–17 departmental and administered estimated financial statement items.

Table 3.13.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

1 639.6

4 759.1

Employee benefits

769.7

Suppliers

705.7

Grants

4.9

Depreciation and amortisation

159.3

0.0

International Development Assistance (IDA)

2 919.8

New multilateral replenishments

781.5

Other contributions

492.1

Other

565.7

Total own-source income

134.3

583.6

Sale of goods and rendering of services

122.4

Fees and charges

506.0

Other

11.9

77.6

Net cost of services

1 505.3

4 175.5

     

Table 3.13.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

4 533.6

2 663.4

Investments IDA and Asian Development Fund (ADF)

2 046.7

Land and buildings

3 184.6

Other

1 349.0

616.7

Total liabilities

428.9

2 741.0

Suppliers and other payables

173.7

20.2

IDA and ADF grants component

1 215.1

IDA and ADF concessional component

817.8

Aid program payable

598.1

Employee provisions

236.3

89.7

Other provisions

18.9

Net assets/(liabilities)

4 104.7

(77.6)

     

Note a: DFAT's estimated average staffing level for 2016–17 is 5 723.

Key areas of financial statements risk

3.13.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DFAT's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.13.3.

Table 3.13.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Fees and charges

Completeness and accuracy of revenue generated from passport operations

Higher

  • a significant proportion of revenue is collected under contractual arrangements by a third party on behalf of the department; and
  • a significant component of the passport inventory balance is held and managed by a third party on behalf of the department.

Departmental

Sale of goods and rendering of services

Accuracy of revenue for rental accommodation and other services provided to other Government entities at overseas posts

Higher

  • multiple sources of revenue; and
  • revenue is assessed based on attached agencies staffing profiles at post, agreed floor space and other factors.

Departmental

Land and buildings

Valuation of the department's overseas property portfolio

Moderate

  • subject to complex estimation and judgement; and
  • the management of overseas property is undertaken by a third party through contract arrangements.

Administered

IDA and ADF assets

IDA and ADF liabilities

Valuation of IDA and ADF investments and associated liabilities

Moderate

  • subject to estimation and judgement; and
  • complex measurement, classification and disclosure requirements.

Administered

IDA expenses

Aid program liabilities

Accuracy of the acquittal and reporting of administered aid program payments

Moderate

  • there is significant geographical spread of aid programs recipients and a diverse range of aid program payments.

Departmental

Suppliers expense

Suppliers payables

Employee benefits

expenses

Financial information associated with overseas posts

Moderate

  • financial information is collected through decentralised operations; and
  • locally engaged staff payments are subject to various employee conditions and benefits based on local laws and regulations.
       

Source: ANAO 2016–17 risk assessment for DFAT.

3.13.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.13.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: departmental revenue for rental accommodation and services provide to other entities at overseas posts; administered passport revenue; and the operations of overseas posts.

3.13.11 Interim audit coverage has also been completed over the department's processes relating to cash and asset management, employee and supplier expenditure, IT general controls and application controls in the Financial Management Information System (FMIS) and Human Resource Management Information System (HRMIS).

3.13.12 Audit procedures relating to financial statement balances subject to valuation and IDA and ADF grants will be undertaken as part of the 2016–17 final audit.

3.13.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify and significant or moderate audit findings.

Conclusion

3.13.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DFAT will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.14 Department of Health

Overview

3.14.1 The Department of Health (Health) is responsible for achieving the Australian Government's health priorities through evidence-based policy, program administration, research, regulatory activities and partnerships with other government entities, consumers and stakeholders.

3.14.2 Figure 3.14.1 shows Health's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.14.1: Health's contribution to the Australian Government's revenue, expenses, assets and liabilities

Source: ANAO analysis of CFS and Health's financial statements for the year ended 30 June 2016.

3.14.3 Figure 3.14.2 and Figure 3.14.3 show the 2015–16 departmental and administered financial statement items reported by Health and the 2016–17 key areas of financial statements risk.

Figure 3.14.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Health's financial statements for the year ended 30 June 2016.

Figure 3.14.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Health's financial statements for the year ended 30 June 2016.

3.14.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Health's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Health's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Health also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.14.5 In light of the key areas of risk detailed in Table 3.14.3 and the ANAO's understanding of the operations of Health, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items101

3.14.6 Annual appropriation funding of $682.8 million (departmental) and $8 726.9 million (administered) was provided to Health in 2016–17 to support the achievement of Health's outcomes.102 Health was also budgeted to receive special appropriation funding of $54 366.7 million.103

3.14.7 Table 3.14.1 and Table 3.14.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.14.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

890.3

63 253.6

Employee benefits

557.9

Suppliers

292.9

638.7

Subsidies

12 536.4

Depreciation and amortisation

27.6

Personal benefits

42 072.2

Grants

7 546.6

Payments to corporate Commonwealth entities

405.1

Other

11.9

54.7

Total own-source income

176.0

2 901.6

Sale of goods and rendering of services

173.8

Other revenue

2.2

7.1

Recoveries

2 817.9

Other taxes

15.7

Medical Research Future Fund

60.9

Net cost of services

714.3

60 352.0

     

Table 3.14.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

348.3

2 577.3

Receivables

71.1

1 606.3

Cash and cash equivalents

78.6

171.6

Investments

684.1

Inventories

115.3

Land and buildings

49.5

Intangibles

117.5

Other

31.6

Total liabilities

275.3

3 448.8

Personal benefits payable

1 354.1

Subsidies payable

13.7

Suppliers payable

41.6

9.8

Grants payable

349.5

Other payables

38.2

Personal benefits provision

1 280.0

Subsidies provision

441.8

Employee provisions

166.8

Other provisions

28.7

Net assets/(liabilities)

73.0

(871.5)

     

Note a: Health's estimated average staffing level for 2016–17 is 4 642.

3.14.8 The Department of Human Services (Human Services) delivers a range of health related payments on behalf of Health. These payments primarily relate to the Medicare Benefits Schedule, the Pharmaceutical Benefits Scheme, the Private Health Insurance Rebate and services funded under the Aged Care Act 1997.

Key areas of financial statements risk

3.14.9 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Health's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.14.3.

Table 3.14.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Subsidy expenses

Accuracy of Aged Care subsidies paid by Human Services on behalf of Health

Higher

  • payment of aged care subsidies to nursing home providers are based on Aged Care Funding Instrument assessments prepared by the same providers and involve judgements regarding the level of care.

Administered

Recoveries

Accuracy of Pharmaceutical Benefits Scheme recovery revenue

Higher

  • moderate audit issue identified in prior year;
  • manual calculation of complex information in spreadsheets; and
  • Health's reliance on data sourced from Human Services and complex arrangements in place with pharmaceutical companies for recovery of expenditure.

Departmental

Sale of goods and rendering of services revenue

Completeness and accuracy of Therapeutic Goods Administration revenue

Higher

  • the estimation of revenue under the Therapeutic Goods Act (TGA) 1989 involves judgements and assumptions related to the assessment of applications and applicable exemptions.

Administered

Personal benefits expenses and payables

Accuracy of personal benefits paid by Human Services on behalf of Health:

Medicare Benefits Schedule

Pharmaceutical Benefits Scheme

Private Health Insurance Rebate

Moderate

  • volume and complexity of health care payments with varying eligibility requirements; and
  • personal benefits payments are processed by Human Services on ageing IT systems.

Administered

Personal benefits and subsidies provisions

Valuation of the Medical Indemnity and Medicare Outstanding Claims provisions

Moderate

  • significant judgements and assumptions underlying the estimation of personal benefits and subsidies provisions.

Administered

Grants expenses and payables

Accuracy and validity of grant program payments.

Moderate

  • a significant number of grant programs are administered by Health with different eligibility criteria.

Administered and Departmental

Appropriation note disclosures

Completeness and accuracy of appropriation disclosures.

Moderate

  • Health has a complex array of appropriations, including multiple special appropriations, special accounts and ordinary appropriations.
       

Source: ANAO 2016–17 risk assessment for Health.

3.14.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of Health:

  • ANAO Report No.3 2016–17 Machinery of Government Changes;
  • ANAO Report No.6 2016–17 Corporate Planning in the Australian Public Sector;
  • ANAO Report No.9 2016–17 Community Pharmacy Agreement: Follow-on Audit;
  • ANAO Report No.18 2016–17 Confidentiality in Government Contracts: Senate Order for Entity Contracts (Calendar Year 2015 Compliance);
  • ANAO Report No.20 2016–17 The Management, Administration and Monitoring of the Indemnity Insurance Fund; and
  • ANAO Report No.53 2016–17 Indigenous Aged Care.

3.14.11 ANAO Report No.20 2016–17 included observations relevant to the valuation of medical indemnity provisions outlined in Table 3.14.3. The report assessed Health's and Human Services' administration, including oversight and monitoring arrangements, for the Indemnity Insurance Fund. The report recommended that Health establish suitable governance and stakeholder engagement arrangements, including risk management plans, to support its and other shared responsibilities for the administration of the Indemnity Insurance Fund and related schemes. The observations from this report were considered in identifying risks relevant to the financial statements audit.

3.14.12 The other audit reports mentioned above were also considered in designing the audit procedures. Given the nature of the audit objectives, the observations from these audits had a limited impact on the design of the audit approach for the financial statements audit.

Audit results

3.14.13 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: IT security and change management in the FMIS and HRMIS; cash and appropriations management; supplier expenses; payroll processing; Therapeutic Goods Administration revenue; and grant payments. In addition, the testing of the accuracy of Pharmaceutical Benefits Scheme recovery revenue and aged care and health care payments made by Human Services on behalf of Health was also undertaken.

3.14.14 Other areas of audit focus including the compliance processes for Aged Care subsidies and Medicare payments and an assessment of the valuation methodologies used to estimate the medical indemnity program and Medicare outstanding claims liability provisions will be performed as part of the 2016–17 final audit.

3.14.15 To date, our audit coverage has not identified any new significant or moderate audit findings.

3.14.16 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.14.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

1

0

0

1

Total

1

0

0

1

         
Unresolved moderate audit finding
High Cost Drug Recoveries – Pharmaceutical Benefits Scheme

3.14.17 Health's financial statements include administered revenue for recoveries of Pharmaceutical Benefits Scheme expenditure under risk sharing agreements negotiated between Health and pharmaceutical companies. In 2015–16, $1.6 billion of recoveries revenue was recognised, representing some 14.5 per cent of the overall Pharmaceutical Benefits Scheme expenditure for the same period.

3.14.18 During the 2015–16 audit, the ANAO identified that revenue from these recoveries was incomplete and some revenue was not recognised due to the weaknesses in the policies and procedures related to capturing and reporting the recoveries. As a result an adjustment of $332 million was made to the 2015–16 financial statements.

3.14.19 Health has commenced remediation action to address these weaknesses including updating its accounting policies and procedures focussing on the development of an accrual reporting methodology related to the recognition of the recoveries. The ANAO will assess the accounting processes and other remediation actions being implemented by Health as part of the 2016–17 final audit.

Conclusion

3.14.20 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Health will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.15 Department of Immigration and Border Protection

Overview

3.15.1 The Department of Immigration and Border Protection (DIBP) is responsible for: managing the stay and departure of non-citizens; implementing visa, citizenship and refugee and humanitarian assistance programs; facilitating international trade; and collecting border revenue. The Australian Border Force is the operational arm of the department, and has statutory responsibilities to enforce the customs and migration laws and the protection of Australia's border.

3.15.2 Figure 3.15.1 shows DIBP's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.15.1: DIBP's contribution to the Australian Government's revenue, expenses, assets and liabilities104

Source: ANAO analysis of CFS and DIBP's financial statements for the year ended 30 June 2016.

3.15.3 Figure 3.15.2 and Figure 3.15.3 show the 2015–16 departmental and administered financial statement items reported by DIBP and the 2016–17 key areas of financial statements risk.

Figure 3.15.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and DIBP's financial statements for the year ended 30 June 2016.

Figure 3.15.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and DIBP's financial statements for the year ended 30 June 2016.

3.15.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DIBP's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DIBP's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DIBP also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.15.5 In light of the key areas of risk detailed in Table 3.15.3 and the ANAO's understanding of the operations of DIBP, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items105

3.15.6 Annual appropriation funding of $2 730.2 million (departmental) and $2 394.1 million (administered) was provided to DIBP in 2016–17 to support the achievement of the DIBP's outcomes.106 DIBP was also budgeted to receive special appropriation funding of $420.0 million.107

3.15.7 Table 3.15.1 and Table 3.15.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.15.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

2 906.3

2 249.4

Employee benefits

1 434.1

Suppliers

1 198.8

1 702.9

Depreciation and amortisation

273.4

122.9

Personal benefits

381.8

Other

41.8

Total own-source income

184.1

17 636.0

Sale of goods and rendering of services

133.6

Customs duty

14 089.2

Other taxes

3 475.8

Fees and fines

55.8

Other

50.5

15.2

Net (cost of)/contribution to services

(2 722.1)

15 386.6

     

Table 3.15.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

1 913.13

2 015.3

Trade and other receivables

529.3

21.5

Taxation receivables

327.7

Land and buildings

176.2

1 408.5

Property, plant and equipment

634.9

170.0

Intangibles

491.6

Other

81.1

87.7

Total liabilities

737.4

348.0

Employee provisions

418.0

Other payables

216.1

234.1

Other

103.3

113.8

Net assets

1 175.7

1 667.3

     

Note a: DIBP's estimated average staffing level for 2016–17 is 14 000.

Key areas of financial statements risk

3.15.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DIBP's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.15.3.

Table 3.15.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Customs duty revenue

Completeness and accuracy of customs duty collections and refunds

Higher

  • the self-assessment nature of the import declaration process;
  • complexity of the legislation underpinning the import process;
  • complexity of the related IT infrastructure that supports the collection of revenue; and
  • an unresolved moderate audit finding relating to weaknesses in the governance and management oversight of the department's compliance program.

Administered

Other taxes

Completeness and accuracy of the collection of visa revenue

Higher

  • decentralised collection of revenue including by both domestic and international offices, and by third parties under service level arrangements; and
  • complexity of the related IT infrastructure that supports the collection of revenue.

Administered

Land and buildings

Property, plant and equipment

Supplier expenses

 

Management of the onshore immigration detention centres and overseas regional processing centres, including management of assets and control over supplier expenditure

Higher

  • complex project and contract management processes associated with third party providers for health services, detention centre management and construction of detention centre assets;
  • ANAO Report No.32 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Contract Management of Garrison Support and Welfare Services indicated that controls for the approval of expenditure for garrison support at regional processing centres did not operate effectively;
  • judgements applied to estimate the value of the detention centre asset portfolio; and
  • financial implications and reporting for the Australian Government announcement that some centres may be subject to closure.

Administered

Personal benefits

 

Payment of personal benefits under the Status Resolution Support Services (SRSS) program

Moderate

  • complex eligibility criteria for the categories of allowable personal benefits;
  • payments are processed by the Department of Human Services; and
  • the self-assessment nature of the personal benefits process; and
  • complexity in the underlying IT infrastructure that is used to assess eligibility and make payments to recipients.

Departmental

Employee benefits expense

Employee provisions

 

Completeness and accuracy of employee entitlements

Moderate

  • selected DIBP staff are entitled to a range of allowances, subject to a number of conditions under different enterprise agreements;
  • unresolved moderate audit finding related to weaknesses in DIBP's management of employee payroll processes;
  • the calculation of employee leave provisions is based on multiple assumptions involving judgement; and
  • staff are located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations.

Administered and Departmental

Multiple financial statement line items

Management of overseas posts particularly relating to the management of departmental resources and collection of visa application revenue

Moderate

  • decentralised nature of operations and controls, including monitoring procedures; and
  • managed under third party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission.
       

Source: ANAO 2016–17 risk assessment for DIBP.

3.15.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of DIBP:

  • ANAO Report No.8 2016–17 Controls over Credit Card Use;
  • ANAO Report No.13 2016–17 Delivery of Health Services in Onshore Immigration Detention;
  • ANAO Report No.16 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Procurement of Garrison Support and Welfare Services;
  • ANAO Report No.32 2016–17 Offshore Processing Centres in Nauru and Papua New Guinea: Contract Management of Garrison Support and Welfare Services; and
  • ANAO Report No.42 2016–17 Cybersecurity Follow-up Audit.

3.15.10 ANAO Reports No.16 and No.32 2016–17 included observations relevant to the risks outlined in Table 3.15.3 relating to the management of the overseas regional processing centres. The audits noted that DIBP did not have:

  • an effective risk based contract management plan commensurate with the value, complexity and risks associated with the garrison welfare and support contracts;
  • a robust process for ensuring that contract expenses had been appropriately authorised prior to payment, including confirming whether goods or services had been received and the retention of relevant documentation; and
  • a robust process to ensure that contract expenditure for future periods had appropriate approval from Government before committing the funds.

3.15.11 DIBP agreed with all recommendations relating to these audits. For the purpose of the financial statements audit, the approach for this area includes procedures designed to obtain assurance over the processes for the oversight of contract management expenses, application of relevant instructions and procedures, and obtaining records relevant to confirming that goods and services have been received. The ANAO will undertake further testing on this area as part of the final audit.

3.15.12 The observations of the remaining reports have been considered in designing audit procedures to address areas considered to pose a lower risk of material misstatement.

Audit results

3.15.13 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: collection of customs duty revenue and visa application revenue; management of the detention network and estate; specific elements of accounting for employee entitlements; the reporting of overseas transactions and IT application controls.

3.15.14 Audit procedures relating to: the management of the detention network and estate; collection of customs duty revenue; payment of personal benefits under the SRSS programme; and the remaining elements of accounting for employee entitlements at year end will be undertaken as part of the 2016–17 final audit.

3.15.15 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.15.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

3

0

1

4

Total

3

0

1

4

         
Unresolved moderate audit findings
Customs duty compliance program

3.15.16 An effective compliance program is a key management control in confirming that all customs duty revenue that should be collected by DIBP has been. During the 2014–15 audit of the former Australian Customs and Border Protection Service (ACBPS), the ANAO completed testing of the customs duty compliance program and identified weaknesses in the governance and management oversight arrangements for the program. In particular, the ANAO identified a lack of regular oversight and monitoring; inconsistent policies and procedures related to planning, managing and executing compliance activities; no end-to-end risk assessment process, register or plan for compliance activities; and no documented rationale for the sample size and selection methodology that is consistent with the level of assurance that the ACBPS aimed to achieve from the compliance program.

3.15.17 DIBP has made substantial progress in addressing the audit finding. At the time of the 2016–17 interim audit, DIBP had continued remediation action to address the weaknesses identified including the:

  • establishment of the Customs Compliance Branch with primary responsibility for assessing risks of non-compliance with the relevant customs regulations and coordinating risk treatments and management plans within DIBP;
  • development of key governance arrangements and plans, such as risk identification, treatment and management policies, including development of a risk register;
  • appointment of risk leads within the Customs Compliance Branch with responsibilities to: coordinate and establish an appropriate risk register and treatment plan; and determine operational priorities for identified risks of non-compliance; and
  • implementation of revised reporting structures for compliance outcomes, including formal reporting to key governance committees charged with the oversight of the compliance function.

3.15.18 During the 2016–17 financial year DIBP has advised it will continue to develop the revised policies and procedures in relation to the compliance program. Additional remediation action relating to documenting a rationale for the sample size and selection methodology used within the compliance program is scheduled to be finalised in 2017–18.

3.15.19 The ANAO will continue to review remediation action implemented by DIBP as part of the 2016–17 final audit.

Human resources management

3.15.20 During the 2015–16 audit, the ANAO identified weaknesses associated with the employee commencement and cessation processes, particularly relating to the timely finalisation of processes associated with these activities and the retention of documentation on employee files to support processing undertaken. The ANAO also identified weaknesses in relation to the payment of allowances to eligible employees, including inadequate controls to identify and process changes in eligibility for receipt of these allowances.

3.15.21 DIBP has recently implemented a wide range initiatives to address the identified weaknesses, including:

  • identifying and documenting key controls and policies and procedures to support the human resources process;
  • a quarterly quality assurance process to examine the validity and accuracy of transactions for commencements, terminations, superannuation and allowances;
  • automated processes to support timely processing of employee cessations; and
  • completed reviews of leave balances, termination payments and allowances.

3.15.22 DIBP has also made progress in the development of a control framework for all employee allowances and the development of HRMIS system enhancements to automate payments for particular allowances.

3.15.23 The ANAO will review the progress against this issue during the 2016–17 final audit.

Record keeping

3.15.24 Section 41 of the PGPA Act requires that the accountable authority of DIBP must cause records to be kept that properly record and explain transactions and DIBP's financial position. DIBP has developed internal financial management and other policies in relation to proper records to be retained relating to the preparation of the financial statements.

3.15.25 In undertaking the 2015–16 audit, the ANAO identified weaknesses in record keeping relating to the following processes supporting the preparation of the financial statements:

  • working papers and reports supporting the transfer of employee leave balances and other information from the former ACBPS' payroll system to the DIBP payroll system;
  • missing transactional documentation relating to the processing of visa application fees and contract performance management;
  • delays in the provision of supporting documentation for material processes and balances, such as accounting for operating leases and impairment of trade debtors; and
  • inadequate information maintained on DIBP's asset register to support the stocktake of assets related to information technology and infrastructure.

3.15.26 DIBP has recently established a financial recordkeeping financial management guideline. This will be complemented by progress being made in revising guidelines for the management of information contained within the asset register and documentation requirements for financial reporting processes.

3.15.27 A monthly assurance process has also recently been established to assess compliance with the standard minimum documentation requirements to support manual and adjusting accrual journals.

3.15.28 The ANAO will continue to review DIBP's progress in addressing these weaknesses in the 2016–17 final audit.

New moderate audit finding
Management of privileged security users in the IT networks

3.15.29 The ANAO's review of users with privileged access to DIBP's networks identified weaknesses in the operation of the controls relating to granting and terminating privileged user access and the use of these accounts. The weaknesses related to:

  • the use of personal administrator accounts rather than a designated account for the running of scripted jobs;
  • scripts to deactivate users for inactivity were not fully operational as there were instances identified with accounts active at the time of our audit despite greater than 90 days of inactivity; and
  • domain administrator accounts with internet access. In protecting the related networks, DIBP's position is that this should not occur.

3.15.30 The above control weaknesses increase the risk of susceptibility of the networks being compromised and interruption to DIBP's operations.

3.15.31 DIBP has advised it will strengthen controls to address the above issues. The ANAO will review and assess this process during the 2016–17 final audit.

Conclusion

3.15.32 At the completion of the interim audit, the ANAO has reported a number of areas where improvements are required. The audit findings outlined above reduce the level of confidence that can be placed on the key elements of internal control that support the preparation of the financial statements that are free from material misstatement. During the 2016–17 final audit the ANAO will undertake further procedures and assess action taken by DIBP to address the weaknesses identified.

3.16 Department of Industry, Innovation and Science

Overview

3.16.1 The Department of Industry, Innovation and Science (Industry) is responsible for supporting science and commercialisation, growing business investment and improving business capability, developing Northern Australia and streamlining regulation.

3.16.2 Figure 3.16.1 shows Industry's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.16.1: Industry's contribution to the Australian Government's revenue, expenses, assets and liabilities108

Source: ANAO analysis of CFS and Industry's financial statements for the year ended 30 June 2016.

3.16.3 Figure 3.16.2 and Figure 3.16.3 show the 2015–16 departmental and administered financial statement items reported by Industry and the 2016–17 key areas of financial statements risk.

Figure 3.16.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Industry's financial statements for the year ended 30 June 2016.

Figure 3.16.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Industry's financial statements for the year ended 30 June 2016.

3.16.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Industry's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Industry's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Industry also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.16.5 In light of the key areas of risk detailed in Table 3.16.3 and the ANAO's understanding of the operations of Industry, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items109

3.16.6 Annual appropriation funding of $426.0 million (departmental) and $601.1 million (administered) was provided to Industry in 2016–17 to support the achievement of Industry's outcomes.110 Industry was also budgeted to receive special appropriation funding of $213.0 million.111

3.16.7 Table 3.16.1 and Table 3.16.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.16.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

506.0

1 838.2

Employee benefits

306.1

6.8

Suppliers

153.6

82.2

Depreciation and amortisation

43.5

1.0

Subsidies

174.6

Grants

1.4

553.3

Other

1.4

1 020.3

Total own-source income

87.3

1 034.8

Royalties

931.1

Other

87.3

103.7

Net cost of services

418.7

803.4

     

Table 3.16.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

396.2

3 914.6

Investments

3 632.5

Other financial assets

136.7

276.4

Land and buildings

129.0

0.3

Property, plant and equipment

68.6

0.3

Other

61.9

5.1

Total liabilities

186.6

89.6

Employee provisions

88.0

1.5

Grants payable

1.2

37.6

Other

97.4

50.5

Net assets

209.5

3 825.0

     

Note a: Industry's estimated average staffing level for 2016–17 is 2 450.

Key areas of financial statements risk

3.16.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Industry's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.16.3.

Table 3.16.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Royalties

Completeness and accuracy of Industry's offshore petroleum and uranium royalties

Higher

  • reliance on external third party information, increases the risk of recording incomplete or inaccurate revenue.

Departmental

Other own-source income

Completeness and accuracy of Industry's other revenue streamsa

Higher

  • diversity of revenue streams;
  • reliance on manual calculations to quantify some revenue amounts; and
  • the large volume of cash-based transactions.

Administered

Advances and loans

Valuation of concessional loans made under the Northern Australia Infrastructure program

Moderate

  • subject to significant judgment relating to the determination of the market interest rate and loan terms for use in valuation; and
  • complexity and variety of concessions provided increasing the risk of determining an inaccurate value.

Administered

Grants expense

Grants payable

Grants management

Moderate

  • a significant number of individual grant programs operate under separate grant agreements and are subject to different eligibility criteria; and
  • susceptibility of grant funding to fraud.
       

Source: ANAO 2016–17 risk assessment for Industry.

Note a: Includes revenue from sources such as services delivered by the National Measurement Institute, Questacon entry fees and sales of merchandise through shopfronts.

3.16.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.28 2016–17 Collection of North West Shelf Royalty Revenue was tabled during 2016–17 and is relevant to the financial management and administration of Industry.

3.16.10 ANAO Report No.28 2016–17 included observations relevant to the completeness and accuracy of Industry's offshore petroleum and uranium royalties outlined in Table 3.16.3. In response to the higher risk of material misstatement of royalty revenue arising from these observations the ANAO will:

  • assess the effectiveness of key assurance activities undertaken by Industry to address the risks of incomplete and/or inaccurate royalty returns for royalty revenue streams; and
  • where possible, agree data used by Industry in assurance activities to information obtained independently from external sources.

Audit results

3.16.11 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to employee and supplier expenditure, appropriations and special accounts; and asset and cash management. As part of the interim audit coverage, the ANAO has also assessed controls relating to selected departmental and administered revenue streams, grant and subsidy payments and IT general and application controls for key financial systems.

3.16.12 Audit procedures relating to the: completeness and accuracy of royalties; and valuation of the administered advances and loans, investments and non-financial assets will be undertaken as part of the 2016–17 final audit.

3.16.13 To date, audit coverage has not identified any new significant or moderate audit findings.

3.16.14 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.16.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

1

0

0

1

Total

1

0

0

1

         
Unresolved moderate audit findings
Administration of North West Shelf royalties

3.16.15 Industry is responsible for the collection of royalties levied on offshore petroleum operations from the North West Shelf. Day-to-day administration of the North West Shelf, including liaison with Joint Venture participants, royalty calculation and obtaining assurance of the accuracy of royalty payments, is undertaken by the Western Australian Department of Mines and Petroleum (DMP) as set out in the Offshore Petroleum and Greenhouse Gas Storage Act 2006 and Offshore Petroleum (Royalty) Act 2006.

3.16.16 During the 2015–16 final audit, the ANAO identified that the roles and responsibilities of Industry and the DMP had not been adequately documented and that administrative arrangements provided insufficient assurance that production values and deductions are adequately assessed. At the completion of the 2015–16 final audit, the ANAO recommended that Industry formalise arrangements with the DMP to establish each entity's roles and responsibilities regarding the administration of North West Shelf royalties, including arrangements for effective assurance processes that focus on the validation of the completeness and accuracy of information provided by Joint Venture partners supporting royalties paid to the Commonwealth.

3.16.17 At the time of the 2016–17 interim audit Industry had drafted an assurance framework and advised that the assurance framework will form the basis for a revised memorandum of understanding between Industry and the DMP that will establish the roles and responsibilities of each entity. The revised memorandum of understanding is expected to be effective by 1 July 2017.

3.16.18 The ANAO will review Industry's progress in formalising these arrangements and improving internal assurance processes as part of the 2016–17 final audit.

Conclusion

3.16.19 At the completion of the interim audit, and except for the finding outlined above, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Industry will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.17 Department of Infrastructure and Regional Development

Overview

3.17.1 The Department of Infrastructure and Regional Development (Infrastructure) is responsible for: improving infrastructure across Australia, through funding coordination of transport and other infrastructure; providing an efficient, sustainable, competitive, safe and secure transport system for all transport users; strengthening the sustainability, capacity and diversity of regional economies; and supporting governance arrangements in the Australian territories.

3.17.2 Figure 3.17.1 shows Infrastructure's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.17.1: Infrastructure's contribution to the Australian Government's revenue, expenses, assets and liabilities112

Source: ANAO analysis of CFS and Infrastructure's financial statements for the year ended 30 June 2016.

3.17.3 Figure 3.17.2 and Figure 3.17.3 show the 2015–16 departmental and administered financial statement items reported by Infrastructure and the 2016–17 key areas of financial statements risk.

Figure 3.17.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Infrastructure's financial statements for the year ended 30 June 2016.

Figure 3.17.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Infrastructure's financial statements for the year ended 30 June 2016.

3.17.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Infrastructure's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Infrastructure's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Infrastructure also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.17.5 In light of the key areas of risk detailed in Table 3.17.3 and the ANAO's understanding of the operations of Infrastructure, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items113

3.17.6 Annual appropriation funding of $277.3 million (departmental) and $2 152.5 million (administered) was provided to Infrastructure in 2016–17 to support the achievement of the entity's outcomes.114 Infrastructure was also budgeted to receive special appropriation funding of $3 786.4 million.115

3.17.7 Table 3.17.1 and Table 3.17.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.17.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

268.6

6 094.7

Employee benefits

139.5

17.9

Suppliers

119.4

151.9

Depreciation and amortisation

9.5

54.0

Grants

5 036.1

Other

0.2

834.8

Total own-source income

5.6

415.8

Sale of goods and rendering of services

3.6

Other taxes

40.4

Fees and fines

212.9

Other

2.0

162.5

Net (cost of)/contribution to services

263.0

5 678.9

     

Table 3.17.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

173.4

6 873.6

Financial assets

130.8

6 027.1

Land and buildings

18.2

367.8

Property, plant and equipment

10.0

353.1

Other

14.4

125.6

Total liabilities

67.5

51.3

Subsidies

13.3

Grants

20.2

Employee provisions

47.9

4.0

Other

19.6

13.8

Net assets/(liabilities)

106.0

6 822.3

     

Note a: Infrastructure's estimated average staffing level for 2016–17 is 1 130.

Key areas of financial statements risk

3.17.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Infrastructure's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.17.3.

Table 3.17.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Investments

Valuation of the Australian Government's investment in the Australian Rail Track Corporation and Airservices Australia

Higher

  • valuations are subject to complex estimation and require significant judgement in the selection of assumptions and inputs.

Administered Advances and loans

Valuation of concessional loans

Moderate

  • complexity of the loans and the level of estimation required to determine the appropriate market rate for the concessional component of loans.

Administered

Grants expense

Management of grant payments

Moderate

  • complex and diverse range of programs that include a number of different arrangements.
       

Source: ANAO 2016–17 risk assessment for Infrastructure.

3.17.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports tabled during 2016–17 were relevant to the financial management or administration of Infrastructure:

  • ANAO Report No.38 2016–17 The Approval and Administration of Commonwealth Funding for the WestConnex Project; and
  • ANAO Report No.30 2016–17 Design and Implementation of Round Two of the National Stronger Regions Fund.

3.17.10 ANAO Report No.38 2016–17 included observations relevant to the valuation of the concessional loans outlined in Table 3.17.3. Audit procedures have been developed in response to the observations raised in the report in relation to the selection of the market rates used to determine the fair value of the loan.

3.17.11 ANAO Report No.30 2016–17 included observations relevant to the management of grant payments outlined in Table 3.17.3. The observations in the report in respect of effective application and milestone acquittal assessment processes informed the development of substantive testing criteria for grant payments.

Audit results

3.17.12 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash, appropriations and special accounts, supplier expenditure and payroll. Interim audit coverage has also included an assessment of the controls relating to: grant and subsidy payments, administered revenue and receivables and IT general and application controls for key financial systems.

3.17.13 Audit procedures relating to valuation of administered investments, concessional loans and non-financial assets will be undertaken as part of the 2016–17 final audit.

3.17.14 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.17.15 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Infrastructure will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.18 Department of Parliamentary Services

Overview

3.18.1 The Department of Parliamentary Services (DPS) supports the functions of the Australian Parliament and the work of parliamentarians through the provision of a range of corporate and retail products and services. These include library and research, Hansard and broadcasting, communications, security, building maintenance and grounds management and visitor services.

3.18.2 Figure 3.18.1 shows DPS' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.18.1: DPS' contribution to the Australian Government's revenue, expenses, assets and liabilities116

Source: ANAO analysis of CFS and DPS' financial statements for the year ended 30 June 2016.

3.18.3 Figure 3.18.2 and Figure 3.18.3 show the 2015–16 departmental and administered financial statement items reported by DPS and the 2016–17 key areas of financial statements risk.

Figure 3.18.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and DPS' financial statements for the year ended 30 June 2016.

Figure 3.18.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and DPS' financial statements for the year ended 30 June 2016.

3.18.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on DPS' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of DPS' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of DPS also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.18.5 In light of the key areas of risk detailed in Table 3.18.3 and the ANAO's understanding of the operations of DPS, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items117

3.18.6 Annual appropriation funding of $141.1 million (departmental) and $47.1 million (administered) was provided to DPS in 2016–17 to support the achievement of DPS' outcomes.118

3.18.7 Table 3.18.1 and Table 3.18.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.18.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

153.7

40.4

Employee benefits

85.6

0.8

Suppliers

45.1

6.2

Depreciation and amortisation

23.0

33.4

Total own-source income

11.9

0.2

Sales of goods and rendering of services

9.4

Rental income

2.1

Other

0.5

0.2

Net cost of services

141.8

40.2

     

Table 3.18.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

128.6

2 240.4

Financial assets

25.8

0.3

Land and buildings

2 147.7

Property, plant and equipment

67.5

92.4

Intangibles

28.4

Other

6.9

Total liabilities

28.4

0.6

Employee provisions

22.5

Other

5.9

0.6

Net assets

100.2

2 239.8

     

Note a: DPS' estimated average staffing level for 2016–17 is 820.

Key areas of financial statements risk

3.18.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of DPS's financial statements. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.18.3.

Table 3.18.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Land and buildings and property plant and equipment

Departmental

Property, plant and equipment

Valuation of non-financial assets

Higher

  • the unique nature of Parliament House, its contents and the purpose of the land, increases the judgement applied and complexity in establishing a fair value.

Departmental

Sale of goods and rendering of services

Completeness of catering revenue

Moderate

  • the development and implementation of new policies, procedures, governance arrangements and internal controls, to identify and safeguard assets and revenue arising from new business operations.

Departmental

Employee provisions

Valuation of employee provisions

Moderate

  • significant judgement and assumptions are applied to determine the value of employee leave provisions.
       

Source: ANAO 2016–17 risk assessment for DPS.

3.18.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.18.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash and asset management; payroll processing; and supplier expenses.

3.18.11 As part of the 2016–17 final audit, audit procedures over all key areas will be completed, including the valuation of non-financial assets and employee provisions, revenue generated by catering services and IT general and application controls.

3.18.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.18.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that DPS will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.19 Department of the Prime Minister and Cabinet

Overview

3.19.1 The Department of the Prime Minister and Cabinet (PM&C) is responsible for coordinating policy development across government in economic, domestic and international affairs, Aboriginal and Torres Strait Islander advancement and public service stewardship.

3.19.2 Figure 3.19.1 shows PM&C's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.19.1: PM&C's contribution to the Australian Government's revenue, expenses, assets and liabilities119

Source: ANAO analysis of CFS and PM&C's financial statements for the year ended 30 June 2016.

3.19.3 Figure 3.19.2 and Figure 3.19.3 show the 2015–16 departmental and administered financial statement items reported by PM&C and the 2016–17 key areas of financial statements risk.

Figure 3.19.2: Key departmental financial statement items and areas of financial statements risk

 

Source: ANAO analysis and PM&C's financial statements for the year ended 30 June 2016.

 

Figure 3.19.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and PM&C's financial statements for the year ended 30 June 2016.

3.19.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on PM&C's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of PM&C's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 relevant to the financial management or administration of PM&C also inform the ANAO's 2016–17 financial statements audit risk identification processes.

3.19.5 In light of the key areas of risk detailed in Table 3.19.3 and the ANAO's understanding of the operations of PM&C, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items120

3.19.6 Annual appropriation funding of $424.8 million (departmental) and $1 416.9 million (administered) was provided to PM&C in 2016–17 to support the achievement of PM&C's outcomes.121 PM&C was also budgeted to receive special appropriation funding of $240.3 million.122

3.19.7 Table 3.19.1 and Table 3.19.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.19.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

434.8

1 698.7

Employee benefits

253.1

0.9

Suppliers

155.7

85.0

Depreciation and amortisation

15.6

0.1

Grants

0.4

1 358.1

Payments to corporate entities

92.8

Other

10.0

161.8

Total own-source income

12.8

87.0

Sale of goods and rendering of services

10.7

Interest

84.6

Other

2.1

2.4

Net cost of services

422.0

1 611.7

     

Table 3.19.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

251.6

4 806.8

Trade and other receivables

106.4

114.9

Land and buildings

78.4

Property, plant and equipment

19.5

1.2

Intangibles

25.3

Investments

4 660.5

Other

21.8

30.2

Total liabilities

120.8

43.6

Employee provisions

77.1

0.4

Suppliers

25.0

0.4

Grants

19.6

Other

18.7

23.3

Net assets

130.8

4 763.2

     

Note a: PM&C's estimated average staffing level for 2016–17 is 2 075.

Key areas of financial statements risk

3.19.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of PM&C's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.19.3.

Table 3.19.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Grants expenses

Effectiveness of internal control activities and financial reporting arrangements for administered grant programs

Higher

  • the magnitude and diversity of grant programs that are subject to a decentralised eligibility assessment process; and
  • prior year issues noted in relation to the Indigenous Advancement Strategy grant approvals and acquittals; and program compliance for the Community Development Programme.

All financial statement line items

Effective operation and management of shared service arrangements

Moderate

  • interactions with a service provider can create complexities in the authorisation, recognition and allocation of transactions and balances; and
  • changes to shared services arrangements or their implementation may have implications on the IT general control environment and key governance arrangements.

Departmental

Land and buildings

Valuation of land and building assets

Moderate

  • subject to judgement and estimation;
  • recognition and reporting of capital asset under construction balances is in accordance with PM&C's policies and relevant accounting standards; and
  • the physical disbursement of these assets across regional Australia.

Departmental Employee provisions

Valuation of employee provisions

Moderate

  • the complexity of assumptions and calculations underlying the actuarial assessment of employee provisions.

Administered Investments

Valuation and consolidation of investments

Moderate

  • underlying assumptions, calculations and valuation techniques may not be reasonable and/or valid due to complexity and judgement involved; and
  • complex requirements for the consolidation of the Aboriginals Benefit Account and the Aboriginal and Torres Strait Islander Land Account investment balances into the administered financial statements.
       

Source: ANAO 2016–17 risk assessment for PM&C.

3.19.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. ANAO Report No.35 2016–17 Indigenous Advancement Strategy was relevant to the financial management or administration of PM&C.

3.19.10 ANAO Report No.35 2016–17 included observations relevant to PM&C's administration of grants and the Administered Grants Expense line item outlined in Table 3.19.3. This includes ensuring grant approvals are in place for all Indigenous Advancement expenditure.

Audit results

3.19.11 The ANAO has completed its interim audit coverage, including an assessment of the controls relating to selected administered grant programs and IT general and application controls for key financial systems, including those provided through shared service arrangements with other entities.

3.19.12 Audit coverage of the following areas will also be completed as part of the 2016–17 final audit:

  • an assessment of PM&C's implementation of the Indigenous Advancement Strategy program model, including internal controls and governance processes;
  • the department's management and oversight of shared service arrangements; and
  • the valuation of PM&C's non-financial assets and administered investments.

3.19.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.19.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that PM&C will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed during the 2016–17 final audit.

3.20 Department of Social Services

Overview

3.20.1 The Department of Social Services (Social Services) has four core areas of responsibility: social security, families and communities, disability and carers, and housing. Social Services works in partnership with other government and non-government organisations, particularly with the Department of Human Services (Human Services), to develop, manage and deliver a range of policies, programs and services focused on improving the wellbeing of people and families in Australia.

3.20.2 Figure 3.20.1 shows Social Services' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.20.1: Social Services' contribution to the Australian Government's revenue, expenses, assets and liabilities123

Source: ANAO analysis of CFS and Social Services' financial statements for the year ended 30 June 2016.

3.20.3 Figure 3.20.2 and Figure 3.20.3 show the 2015–16 departmental and administered financial statement items reported by Social Services and the 2016–17 key areas of financial statements risk.

Figure 3.20.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Social Services' financial statements for the year ended 30 June 2016.

Figure 3.20.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Social Services' financial statements for the year ended 30 June 2016.

3.20.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Social Services' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Social Services' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Social Services also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.20.5 In light of the key areas of risk detailed in Table 3.20.3 and the ANAO's understanding of the operations of Social Services, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items124

3.20.6 Annual appropriation funding of $456.9 million (departmental) and $2 513.5 million (administered) was provided to Social Services in 2016–17 to support the achievement of the Social Services' outcomes.125 Social Services was also budgeted to receive special appropriation funding of $110 527.1 million.126

3.20.7 Table 3.20.1 and Table 3.20.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

3.20.8 Human Services delivers a range of social security payments (personal benefits) for services and programs that support individuals. These payments relate largely to the Family Tax Benefit, income support for seniors, carers, people with disability and working age payments.

Table 3.20.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

536.9

114 811.9

Employee benefits

272.1

Suppliers

196.3

1 039.5

Depreciation and amortisation

64.2

Personal benefits

110 125.4

Grants

3 053.4

Subsidies

85.2

Other

4.3

508.4

Total own-source income

103.3

42.8

Sale of goods and rendering of services

97.3

Other

6.0

42.8

Net cost of services

433.6

114 769.1

     

Table 3.20.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

363.6

4 609.7

Property, plant and equipment

31.9

Intangibles

162.1

Receivables

96.3

3 710.9

Other

73.3

898.8

Total liabilities

140.3

6 078.1

Employee provisions

64.7

Personal benefits payable

1 662.6

Personal benefits provision

4 171.8

Other

75.6

243.7

Net assets/(liabilities)

223.3

(1 468.4)

     

Note a: Social Services' estimated average staffing level for 2016–17 is 1 984.

Key areas of financial statements risk

3.20.9 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Social Services' financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.20.3.

Table 3.20.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Personal benefits expenses

Accuracy of personal benefits payments

Higher

 

  • reliance on the correct disclosure of personal circumstances by a large number of recipients across diverse social economic groups; and
  • the complexity and high volume of various personal benefits payment programs processed by Human Services on bespoke IT systems.

Administered

Personal benefits provisions

Administered Personal benefits receivables

Valuation and completeness of personal benefits estimates

Higher

  • accuracy and completeness of source data used by the Australian Government Actuary as it is critical in developing the estimation models; and
  • the significant judgements and assumptions used in the estimation models are dependent on a number of factors including but not limited to the new budget measures affecting the benefits programs, timing of payments, personal circumstances of recipients and the economic environment.

Administered

Grants expenses

Grants management

Moderate

  • a large number and value of grants programs with different legislative and policy requirements; and
  • inherent information technology challenges relating to the expansion of the existing grant management infrastructure to use as a shared service operation for other entities.
       

Source: ANAO 2016–17 risk assessment for Social Services.

3.20.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of Social Services:

  • ANAO Report No.3 2016–17 Machinery of Government (a cross entity audit);
  • ANAO Report No.23 2016–17 National Rental Affordability Scheme - Administration of Allocations and Incentives;
  • ANAO Report No.41 2016–17 Management of Selected Fraud Prevention and Compliance Budget Measures (a cross entity audit);
  • ANAO Report No.51 2016–17 Administration of Youth Allowance (Student) and ABSTUDY (a cross entity audit); and
  • ANAO Report No.52 2016–17 Managing Underperformance in the Australian Public Service (a cross entity audit).

3.20.11 These reports did not include recommendations that impacted the financial statements audit approach.

Audit results

3.20.12 The ANAO has completed its interim audit coverage including: an assessment of the department's IT general controls over security and change management; and compliance activities and assurance processes relating to personal benefits, disability services and grants.

3.20.13 Audit coverage of the department's processes relating to cash, asset management, payroll processing, suppliers expenses, IT general controls, and application controls in financial management and human resource management information systems has also been completed.

3.20.14 As part of the 2016–17 final audit, assessment of the valuation of personal benefits related asset and liability balances will be completed. The testing of application controls for the IT systems that process payments related to personal benefits, disability services and grants will also be finalised.

3.20.15 No significant or moderate audit findings have been raised by the ANAO as a result of the audit coverage to date. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.20.16 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Social Services will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year and the controls not evaluated during the interim audit, will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.21 Department of Human Services

Overview

3.21.1 The Department of Human Services (Human Services) is part of the wider Social Services Portfolio, and is responsible for delivering a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include: income support payments and services; aged care payments; Medicare payments and services; and child support services.

3.21.2 The range of social and health related payments and services delivered by Human Services on behalf of other entities are budgeted at $172 611.4 million127 in 2016–17 and include:

  • Centrelink payments and services for retirees, the unemployed, families, carers, parents, students, people with disabilities, Indigenous Australians, farmers, people from diverse cultural and linguistic backgrounds, people living overseas, and provision of services at times of major change, including disaster recovery payments;
  • services and programs that support the health of Australians such as Medicare, the Pharmaceutical Benefits Scheme, the Private Health Insurance Rebate, and the Australian Childhood Immunisation Register; and
  • Aged Care payments to services funded under the Aged Care Act 1997, including residential care, home care, and flexible care services.

3.21.3 Human Services also delivers other services and payments, including veterans' entitlements and the Tasmanian Freight and Bass Strait passenger equalisation schemes.

3.21.4 Figure 3.21.1 shows Human Services' revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.21.1: Human Services' contribution to the Australian Government's revenue, expenses, assets and liabilities128

Source: ANAO analysis of CFS and Human Services' financial statements for the year ended 30 June 2016.

3.21.5 Figure 3.21.2 and Figure 3.21.3 show the 2015–16 departmental and administered financial statement items reported by Human Service and the 2016–17 key areas of financial statements risk.

Figure 3.21.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Human Services' financial statements for the year ended 30 June 2016.

Figure 3.21.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Human Services' financial statements for the year ended 30 June 2016.

3.21.6 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Human Services' financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Human Services' environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Human Services also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.21.7 In light of the key areas of risk detailed in Table 3.21.3 and the ANAO's understanding of the operations of Human Services, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items129

3.21.8 Annual appropriation funding of $4 561.8 million (departmental) and $1.6 million (administered) was provided to Human Services' in 2016–17 to support the achievement of Human Services' outcomes.130 Human Services was also budgeted to receive special appropriation funding of $57.2 million.131

3.21.9 Table 3.21.1 and Table 3.21.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.21.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

4 761.6

1 537.4

Employee benefits

2 757.5

Supplier expenses

1 733.2

Depreciation and amortisation

249.3

Child support maintenance expenses

1 464.7

Write-down and impairment of assets

17.6

72.7

Other

4.0

Total own-source income

224.4

1 575.5

Rendering of services

211.8

Rental income

9.2

Child support maintenance revenue

1 536.3

Dividends

15.5

Other

3.4

23.7

Net (cost of)/contribution by services

(4 537.2)

38.1

     

Table 3.21.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

2 065.3

910.3

Cash

20.0

0.7

Trade and other receivables

962.1

8.7

Land and buildings

308.1

Plant and equipment

183.2

Software

499.8

Prepayments

92.0

Child Support receivables

843.1

Investment – Australian Hearing

57.9

Total liabilities

1 313.7

886.3

Suppliers

348.7

Lease incentives

40.3

Other payables and provisions

31.6

Employee payables and provisions

893.0

Child Support and other payables

27.6

Child Support payments received in advance

18.0

Child Support provisions

840.8

Net assets

751.6

24.0

     

Note a: Human Services' estimated average staffing level for 2016–17 is 29 835.

Key areas of financial statements risk

3.21.10 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Human Services' financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.21.3.

Table 3.21.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Child support receivables

Valuation of child support receivables that are yet to be paid by non-custodial parents at the end of the financial year

Moderate

  • a large volume of child support financial transactions are processed under the complex Child Support Act 1988;
  • valuation involves an actuarial estimation process and requires significant judgement and assumptions; and
  • the underlying data is maintained in spreadsheets and requires manual processing increasing the likelihood of data integrity issues.

Departmental

Land and buildings

Plant and equipment

Software

Valuation of non-financial assets

Moderate

  • the complexities in capturing the actual costs involved in the development of various internally-developed software and their accounting treatment in accordance with the relevant accounting standards;
  • property, plant and equipment is geographically dispersed; and
  • valuations of land and buildings and property, plant and equipment are subject to judgements and assumptions.
       

Source: ANAO 2016–17 risk assessment for Human Services.

3.21.11 As referred at paragraph 3.21.2 above, Human Services delivers payments on behalf of the Departments of Social Services, Health and a number of other Commonwealth entities. These payments are reported in the respective entities' financial statements and are budgeted to be approximately $172 611.4 million in 2016–17. The areas highlighted for specific audit coverage in relation to these payments132 for 2016–17 are outlined in this report against the relevant responsible entity.

3.21.12 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2016–17 relevant to the financial management or administration of Human Services:

  • ANAO Report No.20 2016–17 The Management, Administration and Monitoring of the Indemnity Insurance Fund;
  • ANAO Report No.41 2016–17 Management of Selected Fraud Prevention and Compliance Budget Measures;
  • ANAO Report No.42 2016–17 Cybersecurity Follow-up Audit;
  • ANAO Report No.50 2016–17 Child Support Collection Arrangements between the Australian Taxation Office and the Department of Human Services; and
  • ANAO report No.51 2016–17 Administration of Youth Allowance (Student) and ABSTUDY.

3.21.13 While these reports did not include recommendations regarding risks to Human Services' financial administration as it relates to the financial statements, the observations of these reports were considered in designing audit procedures.

Audit results

3.21.14 The ANAO has completed its 2016–17 interim audit coverage including an assessment of controls in relation to areas of audit focus and IT controls over security and change management of the FMIS and HRMIS systems.

3.21.15 As part of the 2016–17 final audit, the ANAO will also assess the controls over social and health related payments made by Human Services on behalf of other Commonwealth entities, including associated compliance and quality assurance activities. In addition, the ANAO's final audit coverage will include the valuation of child support debts and non-financial assets, particularly intangibles.

3.21.16 No significant or moderate audit findings have been raised by the ANAO as a result of the audit coverage to date. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.21.17 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Human Services will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year and the controls not evaluated during the interim audit, will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.22 Department of the Treasury

Overview

3.22.1 The Department of the Treasury (Treasury) is responsible for the development, delivery and implementation of economic policy and advice. This includes advice on: taxation; the Budget and the economy; financial and foreign investment, competition and broader structural policy; small business; and international economic policy.

3.22.2 Figure 3.22.1 shows Treasury's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.22.1: Treasury's contribution to the Australian Government's revenue, expenses, assets and liabilities133

Source: ANAO analysis of CFS and Treasury's financial statements for the year ended 30 June 2016.

3.22.3 Figure 3.22.2 and Figure 3.22.3 show the 2015–16 departmental and administered financial statement items reported by Treasury and the 2016–17 key areas of financial statements risk.

Figure 3.22.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and Treasury's financial statements for the year ended 30 June 2016.

Figure 3.22.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and Treasury's financial statements for the year ended 30 June 2016.

3.22.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on Treasury's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of Treasury's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of Treasury also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.22.5 In light of the key areas of risk detailed in Table 3.22.3 and the ANAO's understanding of the operations of Treasury, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items134

3.22.6 Annual appropriation funding of $171.6 million (departmental) and $104.7 million (administered) was provided to Treasury in 2016–17 to support the achievement of the Treasury's outcomes.135 Treasury was also budgeted to receive special appropriation funding of $81 549.4 million.136

3.22.7 Table 3.22.1 and Table 3.22.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.22.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

192.1

94 441.4

Employee benefits

127.5

Suppliers

57.4

13.5

Grants

2.0

94 413.0

Other

5.3

14.7

Total own-source income

16.3

2 726.2

Sales of goods and services

11.4

786.3

Dividends

1 123.5

COAG revenue from government entities

596.0

Foreign exchange gains

157.2

Other

4.9

63.2

Net cost of services

175.8

91 715.2

     

Table 3.22.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

93.4

39 247.5

Trade and other receivables

53.6

1 110.4

Land and buildings

14.3

Property, plant and equipment

9.6

Intangibles

10.0

Investments

37 366.5

Other

5.9

770.6

Total liabilities

57.0

15 694.3

Employee provisions

47.9

Grants payable

52.4

Unearned income

28.5

Loans

9 534.2

Provision for grants

511.5

Other payables and provisions

9.1

5 567.7

Net assets

36.4

23 553.2

     

Note a: The Treasury's estimated average staffing level for 2016–17 is 815.

Key areas of financial statements risk

3.22.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of Treasury's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.22.3.

Table 3.22.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Grant expenses

Grants payable

Provision for grants

Payment to states and territories under the Federal Financial Relations Act 2009

Higher

  • reliance on a number of government entities which are responsible for administering the program, assessing eligibility and advising the Treasury of the amount to be paid.

Administered

Other payables and provisions

Valuation of the Natural Disaster Relief and Recovery Arrangements (NDRRA) provision

Higher

  • complexities in calculating the provision due to the devolved nature and high level of judgement relating to the estimation process and compliance requirement; and
  • reliance on the estimates provided by states and territory governments in determining the provision.
       

Source: ANAO 2016–17 risk assessment for Treasury.

3.22.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.22.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to: cash and asset management; payroll processing; supplier expenses; and appropriations. Audit coverage also included an assessment of the IT general controls.

3.22.11 Interim audit coverage has also been completed over the Treasury's risk assessment and payments processes for National Partnership Payments made under the Federal Financial Relations Act 2009.

3.22.12 Audit procedures relating to: the Natural Disaster Relief and Recovery Arrangements; administered investments; and revenue and receivables will be undertaken as part of the 2016–17 final audit. As part of the 2016–17 final audit, procedures will be undertaken over the assurance processes for payments made under the Federal Financial Relations Act 2009.

3.22.13 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.22.14 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that Treasury will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.23 Australian Office of Financial Management

Overview

3.23.1 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets. AOFM is responsible for issuing treasury bonds, treasury indexed bonds and treasury notes, managing the Australian Government's cash balances, and investing in financial assets.

3.23.2 Figure 3.23.1 shows AOFM's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.23.1: AOFM's contribution to the Australian Government's revenue, expenses, assets and liabilities137

Source: ANAO analysis of CFS and AOFM's financial statements for the year ended 30 June 2016.

3.23.3 Figure 3.23.2 and Figure 3.23.3 show the 2015–16 departmental and administered financial statement items reported by AOFM and the 2016–17 key areas of financial statements risk.

Figure 3.23.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and AOFM's financial statements for the year ended 30 June 2016.

Figure 3.23.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and AOFM's financial statements for the year ended 30 June 2016.

3.23.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on AOFM's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of AOFM's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of AOFM also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.23.5 In light of the key areas of risk detailed in Table 3.23.3 and the ANAO's understanding of the operations of AOFM, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items138

3.23.6 Annual appropriation funding of $11.9 million (departmental) and $0.01 million (administered) was provided to AOFM in 2016–17 to support the achievement of the AOFM's outcomes.139 AOFM was also budgeted to receive special appropriation funding of $538 204.7 million.140

3.23.7 Table 3.23.1 and Table 3.23.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.23.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

11.3

16 027.6

Employee benefits

6.3

Suppliers

4.8

Depreciation and amortisation

0.3

Interest costs

15 977.5

Other

50.0

Total own-source income

0.7

311.1

Sales of goods and rendering of services

0.4

Resources received free of charge

0.3

Interest revenue

716.7

Net gain/(loss)on debt repurchase

(405.6)

Net (cost of)/contribution to services

(10.6)

3 888.9a

     

Note a: This amount reflects estimated net re-measurements and gains/losses of $19 605.4 million.

Table 3.23.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

34.6

58 034.3

Cash and cash equivalents

0.1

0.6

Trade and other receivables

30.5

1 871.8

Investments

56 161.9

Non-financial assets

4.0

Total liabilities

2.5

546 914.9

Employee provisions

2.2

Australian Government securities

546 914.9

Other

0.3

Net assets/(liabilities)

32.1

(488 880.6)

     

Note a: The AOFM's estimated average staffing level for 2016–17 is 36.

Key areas of financial statements risk

3.23.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of AOFM's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.23.3.

Table 3.23.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered

Australian Government securities

Valuation and disclosure of Australian Government Securities

Higher

  • significant liability and significant increases in volume in prior and current period;
  • fair value movements have a material impact on the financial statements and are impacted by external factors; and
  • significant financial statement disclosure requirements.

Administered

Residential Mortgage-Backed Securities (RMBS)

Valuation and disclosure of RMBS

Moderate

  • significant asset class;
  • subjectivity and complexity involved in applying valuation methods, using external inputs that are subject to variation; and
  • significant financial statement disclosure requirements.
       

Source: ANAO 2016–17 risk assessment for AOFM.

3.23.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.23.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the controls relating to the issuance of debt instruments. Audit coverage of: cash and other financial assets; accounts payable and receivable; payroll processing; IT general controls, and application controls in the FMIS and HRMIS, has also been completed.

3.23.11 The other key areas of risk, including the assessment of the measurement and disclosure of financial assets and liability securities, will be completed as part of the 2016–17 final audit.

3.23.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.23.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that AOFM will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

3.24 Australian Taxation Office

Overview

3.24.1 The Australian Taxation Office (ATO) is the Australian Government's principal revenue collection entity. Its role is to manage and shape tax, excise and superannuation systems that fund services for Australians. The ATO has a single outcome delivered through: four departmental programs, including the Tax Practitioners Board, the Australian Business Register and the Australian Charities and Not-for‐profits Commission; and 14 administered programs.

3.24.2 Figure 3.24.1 shows the ATO's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.24.1: ATO's contribution to the Australian Government's revenue, expenses, assets and liabilities141

Source: ANAO analysis of CFS and ATO's financial statements for the year ended 30 June 2016.

3.24.3 Figure 3.24.2 and Figure 3.24.3 show the 2015–16 departmental and administered financial statement items reported by the ATO and the 2016–17 key areas of financial statements risk.

Figure 3.24.2: Key departmental financial statement items and areas of financial statements risk

Source: ANAO analysis and the ATO's financial statements for the year ended 30 June 2016.

Figure 3.24.3: Key administered financial statement items and areas of financial statements risk

Source: ANAO analysis and ATO's financial statements for the year ended 30 June 2016.

3.24.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on the ATO's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of the ATO's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of the ATO also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.24.5 In light of the key areas of risk detailed in Table 3.24.3 and the ANAO's understanding of the operations of ATO, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items142

3.24.6 Annual appropriation funding of $3 364.2 million (departmental) and $5.3 million (administered) was provided to the ATO in 2016–17 to support the achievement of the ATO's outcomes.143 The ATO was also budgeted to receive special appropriation funding of $11 495.0 million.144

3.24.7 Table 3.24.1 and Table 3.24.2 provide a summary of the key 2016–17 departmental and administered estimated financial statements items.

Table 3.24.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total expenses

3 494.8

18 251.7

Employee benefits

1 839.3

Suppliers

1 484.8

1.0

Depreciation and amortisation

170.7

Subsidies

9 689.1

Personal benefits

1 209.9

Write-down and impairment of assets

6 855.7

Interest

165.0

Other

331.0

Total own-source income

126.3

367 431.9

Sale of goods and rendering of services

122.6

Income tax

280 751.8

Indirect tax

85 310.0

Other taxes

879.1

Other

3.7

491.0

Net (cost of)/contribution to services

(3 368.5)

349 180.2

     

Table 3.24.2: Key assets and liabilities

Assets and liabilities

Departmental estimated actual ($m) 2016–17

Administered estimated actual ($m) 2016–17

Total assets

1 376.1

34 470.4

Trade and other receivables

406.5

Non-financial assets

906.0

Taxation receivables

19 993.8

Accrued revenues

14 176.2

Other

63.6

300.4

Total liabilities

1 100.0

10 186.8

Suppliers

332.5

Employee provisions

612.4

Subsidies

4 300.3

Taxation refunds provided

2 279.6

Other provisions

27.2

1 433.4

Personal benefits

1 311.4

Other

127.9

862.1

Net assets

276.1

24 283.6

     

Note a: The ATO's estimated average staffing level for 2016–17 is 17 901.

Key areas of financial statements risk

3.24.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of the ATO's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.24.3.

Table 3.24.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Administered revenue

Impairment taxation receivables

Taxation receivables

Estimation and allocation processes associated with reporting of taxation revenue

Higher

  • complex estimation processes, involving significant judgement and specialist knowledge;
  • completeness, relevance and accuracy of source data;
  • moderate audit finding identified related to estimation and allocation processes for revenue and expenses; and
  • volatility in economic conditions increases the uncertainty of factors underpinning the estimates.

Administered revenue

Administered impairment expenses

Provisions for credit amendments, impairment allowance and provisions for refunds

Processes for estimating taxation debt provisions

Higher

  • complex estimation processes for debt provisions, including allowance for credit amendment and impairment losses associated with taxation receivable balances, involving significant judgement and specialist knowledge;
  • completeness, relevance and accuracy of source data; and
  • moderate audit finding identified related to debt provision assessments.

Administered revenue

Administered expenses

Accounting for settlements of outstanding taxation liabilities and other adjustments to taxpayer client accounts

Higher

  • complexity associated with negotiations and dispute resolutions; and
  • application of significant judgement resulting from differing terms and conditions.

All administered items

ATO compliance risk management relating to the collection of taxation revenue

Higher

  • self-assessment and voluntary compliance regime; and
  • judgements associated with the risk management approach to compliance activities.

Administered income tax revenue, indirect tax revenue, other tax revenue,

Penalty and interest charge remission expenses

Taxation receivable

Application of various types of penalties and interest charges

Moderate

  • significant manual process surrounding imposition and remission of penalties;
  • application of various types of penalties and interest charges imposed by legislative requirements;
  • moderate audit finding identified related to the administration of penalties and interest; and
  • application of judgement surrounding cancellation or remission of penalties and interest charges on unpaid or amended taxation liabilities.

All administered items

Complex manual processes required for financial reporting

Moderate

  • manual calculation of complex information in spreadsheets increases the risk of miscalculation due to data linkages and human errors; and
  • moderate audit finding identified related to support and quality assurance over manual inputs to the financial statements.

All administered items

IT business systems and associated processing of taxpayer returns and statements

Moderate

  • large and complex IT environment with several hundred business applications processing a high volume of transactions;
  • many IT systems are bespoke or heavily customised to the ATO; and
  • reliance on specialised reports to prepare financial statements balances.
       

Source: ANAO 2016–17 risk assessment for ATO.

3.24.9 As mentioned above, the ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2015–16 relevant to the financial management or administration of the ATO:

3.24.10 These reports included observations supporting the ANAO's assessment of financial statements risk outlined in Table 3.24.3, in particular the ATO's compliance risk management and IT business systems, which is identified as a high and moderate risks.

Audit results

3.24.11 The ANAO has substantially completed its 2016–17 interim audit coverage, including an assessment of the controls relating to the ATO's business operations including key financial administration systems and its key revenue collection processes.

3.24.12 The ANAO's interim audit coverage included an assessment of the ATO's IT general controls and departmental application controls. The assessment included logical security, change and release management and controls in the ATO's FMIS, HRMIS and other key administered financial systems.

3.24.13 As part of the 2016−17 final audit, audit coverage in relation to the estimation and allocation processes associated with reporting of taxation revenue; processes for estimating taxation debt provisions; application of various types of penalties and interest charges; and accounting transactions for settlements of outstanding taxation liabilities including adjustments to taxpayer client accounts, will be finalised. The ANAO will also finalise the assessment of the complex manual processes for financial reporting and coverage over the ATO's external compliance program as part of the 2016–17 final audit.

3.24.14 In December 2016 and February 2017 the ATO experienced major outages of its key business systems including the tax agent portal, business portal and its FMIS system. In response, the ATO engaged an independent expert to review and determine the nature and the cause of these major outages with results expected to be finalised in June 2017. The ANAO will assess the impact of these outages on the ATO's financial statements and continue to assess the effective operation of the ATO's IT general and application controls during the 2016–17 final audit.

3.24.15 The interim audit coverage has not identified any new significant or moderate audit findings.

3.24.16 The following table summarises the status of audit findings reported by the ANAO in 2015–16 and 2016–17.

Table 3.24.4: Status of audit findings raised by the ANAO

Category

Closing position (at the end of the 2015–16 final audit)

Resolved findings (at the time of the 2016–17 interim audit)

New findings (during the 2016–17 interim audit)

Closing position (at the end of the 2016–17 interim audit)

Significant (A)

0

0

0

0

Moderate (B)

4

0

0

4

Total

4

0

0

4

         
Unresolved moderate audit findings
Administration of penalties and interest

3.24.17 The ATO applies interest to unpaid taxation liabilities and amended taxation liabilities where the amendment results in an additional amount of taxation payable to the ATO. Penalties may be imposed when a taxpayer has not taken reasonable care in meeting their tax obligations. In addition to the authority to impose interest and penalties, the ATO also has the authority to remit, partially or in full, any of these charges in certain circumstances.

3.24.18 During the 2015–16 interim audit phase, the ANAO reviewed the imposition and remission of interest and penalties and identified the following weaknesses:

  • a number of instances where the officer approving the remission of a charge did not have the appropriate authority; and
  • a lack of documentation sufficiently detailing the decision process relating to the remission of charges.

3.24.19 These weaknesses increase the risk that the remission of taxation liability charges is incorrectly administered. Following the 2015–16 audit the ATO agreed to:

  • review education, training and guidance to staff calculating and approving interest and penalty remissions;
  • where necessary, make changes to improve staff awareness of relevant delegations and authorisations and documentation requirements; and
  • review the quality control framework for the remission of penalties and interest.

3.24.20 During the 2016–17 interim audit the activities were still in progress and yet to be fully implemented. The ANAO will review the ATO's progress in addressing this finding during the 2016–17 final audit.

Estimation and allocation processes for revenue and expenses

3.24.21 The ATO's administered income and expense balances incorporate a number of significant estimates and allocation processes that involve high degrees of complexity, sensitivity and uncertainty. These estimates can also involve uncertainty as to future conditions and may have limited availability of information from which to base the estimation.

3.24.22 To manage this risk the ATO has instituted an estimation process. During the 2015–16 final audit, the ANAO identified several weaknesses in the ATO's revenue and expenses estimation processes, including:

  • the absence of testing of the validity of selected inputs, including externally provided information, and the reasonableness of methodologies and assumptions adopted over time;
  • the need for greater consultation within the ATO of alternate assumptions, in particular to support the reasonableness of significant assumptions; and
  • limited documentation to support consideration of the impact of changes to methodologies and data inputs on the ATO's financial statements.

3.24.23 These weaknesses increase the risk that taxation revenue and expense estimates may be unreliable or materially misstated in the ATO's financial statements. The ATO advised it would review the methodologies and processes used in the calculation of revenue and expense estimates and the documentation of changes made to methodologies adopted. At the time of 2016–17 interim audit this was still in progress. The ANAO will review the action taken by the ATO during the 2016–17 final audit.

Debt provision assessments

3.24.24 Taxpayers are entitled to dispute amounts assessed by the ATO. For financial reporting purposes, the ATO estimates the probable outcome from these disputes and this may result in a reduction in the amount of tax owed by a taxpayer. There are two mechanisms to recognise the reduction: an allowance for credit amendment if the disputed debt is unpaid; or a provision for refund if the disputed debt has been paid. In addition, the ATO makes an assessment of the collectability of administered receivables. This estimation process is inherently complex and reliant on a significant degree of specialised knowledge and judgement.

3.24.25 During the 2015–16 final audit the ANAO examined the approach adopted by the ATO to determine the estimate and identified:

  • instances of limited documentation to support key judgements made by ATO officers relating to large or complex cases, or revision made to assessments;
  • the need for a more robust quality assurance process over the extraction of data used in the development of actuarial and other models; and
  • an error in an estimate of interest charges applied.

3.24.26 These weaknesses increase the risk that key judgements may be inconsistently applied by ATO officers or not based on sufficient and appropriate evidence; data extracted from the ATO's key business systems for the development of key estimates for financial reporting may not be complete or accurate; or reported balances may be misstated.

3.24.27 The ATO agreed to undertake a review of its: policies and procedures; training provided to staff; and the documentation requirements supporting provision estimates. At the time of the 2016–17 interim audit this was still in progress. The ANAO will review the action taken by the ATO during the 2016–17 final audit.

Support and quality assurance over manual inputs to the financial statements

3.24.28 In 2015–16 the ATO implemented a project plan to assist in the timely preparation of its financial statements. While the 2015–16 financial statements were delivered on time, the ANAO identified a number of errors, including:

  • a number of clerical and calculation errors in data used for financial reporting that resulted in adjustments that were material to the ATO's financial statements and several errors in key financial statement disclosures;
  • an inconsistency between estimated balances and underlying business system data; and
  • an inconsistency between a documented procedure and established business practice.

3.24.29 These weaknesses highlighted the need for the ATO to develop more robust quality assurance and support processes to enhance the quality of its financial reporting. A lack of robust quality assurance and support processes increases the risk of error and the potential for material misstatement to the ATO's financial statements.

3.24.30 The ATO advised it will review its quality assurance practices and assurance processes of data used in the preparation of its financial statements. At the time of the 2016–17 interim audit the reviews were still in progress. The ANAO will review the action taken by the ATO during the 2016–17 final audit.

Conclusion

3.24.31 At the completion of the interim audit, the ANAO has reported a number of areas where improvements are required. The audit findings outlined above reduce the level of confidence that can be placed on the key elements of internal control that support the preparation of the financial statements that are free from material misstatement. During the 2016–17 final audit the ANAO will undertake further procedures and assess action taken by the ATO to address the weaknesses identified.

3.25 Reserve Bank of Australia

Overview

3.25.1 The objective of the Reserve Bank of Australia (RBA) is to conduct monetary policy, work to maintain a strong financial system and issue the nation's currency. As well as being a policy-making body, the RBA provides selected banking services to a range of Australian Government entities and to a number of overseas central banks and official institutions. It also manages Australia's gold and foreign exchange reserves.

3.25.2 Figure 3.25.1 shows RBA's revenue, expenses, assets and liabilities as a percentage of the Australian Government Consolidated Financial Statements (CFS).

Figure 3.25.1: RBA's contribution to the Australian Government's revenue, expenses, assets and liabilities145

Source: ANAO analysis of CFS and RBA's financial statements for the year ended 30 June 2016.

3.25.3 Figure 3.25.2 shows the 2015–16 financial statement items reported by RBA and the 2016–17 key areas of financial statements risk.

Figure 3.25.2: Key financial statement items and areas of financial statements risk

3.25.4 The ANAO's audit approach identifies key areas of risk that have the potential to impact on RBA's financial statements. The ANAO's risk assessment process considers the nature of the financial statements items and an understanding of RBA's environment and governance arrangements, including its financial reporting regime and system of internal control. The observations of performance audit reports tabled since 1 July 2016 and relevant to the financial management or administration of RBA also informs the ANAO's 2016–17 financial statements audit risk identification processes.

3.25.5 In light of the key areas of risk detailed in Table 3.25.3 and the ANAO's understanding of the operations of RBA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items146

3.25.6 The operational functions of RBA are funded from interest income, gains on securities and foreign exchange and fees and commissions income.

3.25.7 RBA is not required to prepare budgeted financial statements as part of the Commonwealth budget process. Table 3.25.1 and Table 3.25.2 provide a summary of the key financial statements items reported in the audited 2015–16 financial statements.

Table 3.25.1: Key expenses and own-sourced income

Expenses and own-source income

Actual
2015–16
($m)

Total expenses

544.0

General administrative expenses

405.0

Other expenses

139.0

Total own-sourced income

3 427.0

Net interest income

1 193.0

Net gains/(losses) on securities and foreign exchange

1 660.0

Fees and commission income

508.0

Other income

66.0

Net profit

2 883.0

Table 3.25.2: Key assets and liabilities

Assets and liabilities

 Actual
2015–16
($m)

Total assets

167 489.0

Cash and cash equivalents

367.0

Australian dollar investments

88 500.0

Foreign currency investments

72 879.0

Gold

4 567.0

Property, plant and equipment

640.0

Other

536.0

Total liabilities

143 577.0

Deposits

61 210.0

Distribution payable to the Commonwealth

3 222.0

Australian banknotes on issue

70 209.0

Other

8 936.0

Net assets

23 912.0

Note a: RBA's average staffing level for 2015–16 was 1 308.

Key areas of financial statements risk

3.25.8 The ANAO undertakes appropriate audit procedures on all material items. The ANAO also assesses the IT general and application controls for key systems that support the preparation of RBA's financial statements. The ANAO focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2016–17 are provided in Table 3.25.3.

Table 3.25.3: Key areas of financial statements risk

Relevant financial statement line item

Key area of risk

Audit risk rating

Factors contributing to risk assessment

Australian dollar and foreign currency investments

Net gains/(losses) on securities and foreign exchange

Valuation of foreign investments

Higher

  • complex portfolio across broad range of investments and currencies; and
  • potential for significant impact by fluctuations in the value of the Australian dollar and changes in interest rates.

Recognition of revenue associated with these investments

Valuation of Australian dollar securities

Australian banknotes on issue

Production and destruction of Australian banknotes including the issue of Next Generation banknotes

Higher

  • high volume of note production and structurally significant to the economy; and
  • security around production, storage and destruction of banknotes.

All financial statement line items

IT controls over key financial systems

Higher

  • reliant on multiple IT systems to generate financial information for the annual financial statements.
       

Source: ANAO 2016–17 risk assessment for RBA.

3.25.9 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. No performance audit reports were tabled in 2016–17 which impacted the financial statements audit approach.

Audit results

3.25.10 The ANAO has completed its 2016–17 interim audit coverage, including an assessment of the design of controls relating to: domestic and international market operations, Australian bank notes on issue, payments and settlements and banking. Interim audit coverage also included an assessment of the IT general and application controls. The design of the RBA's controls relating to overseas operations, financial administration and risk management and compliance have also been assessed.

3.25.11 Audit procedures relating to the net gains on foreign exchange and securities and the valuation of foreign and domestic investments and deposits will be performed as part of the 2016–17 final audit.

3.25.12 To date, audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2015–16 audit also did not identify any significant or moderate audit findings.

Conclusion

3.25.13 At the completion of the interim audit, the ANAO identified that key elements of internal control were operating effectively to provide reasonable assurance that RBA will be able to prepare financial statements that are free from material misstatement. The effective operation of these internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2016–17 final audit.

Appendices

Appendix 1 Listing of entities by Portfolio

1. The following entities have been considered in this report, selected on the basis of their contribution to the revenues, expenses, assets and liabilities within the consolidated financial statements. The entities are presented in order of portfolio.

  • Department of Agriculture and Water Resources
  • Attorney-General’s Department
  • Department of Communications and the Arts
    • Australian Postal Corporation
    • nbn co limited
  • Department of Defence
    • Department of Veterans’ Affairs
  • Department of Education and Training
  • Department of Employment
  • Department of the Environment and Energy
  • Department of Finance
    • Future Fund Management Agency and the Board of Guardians
  • Department of Foreign Affairs and Trade
  • Department of Health
  • Department of Immigration and Border Protection
  • Department of Industry, Innovation and Science
  • Department of Infrastructure and Regional Development
  • Department of Parliamentary Services
  • Department of the Prime Minister and Cabinet
  • Department of Social Services
    • Department of Human Services
  • Department of the Treasury
    • Australian Office of Financial Management
    • Australian Taxation Office
    • Reserve Bank of Australia

Appendix 2 The financial reporting and auditing standards frameworks for 2016−17

1. The figure below depicts the standard setting framework for financial reporting and auditing, in the Australian Government context.

Figure A.1: Australian Government standard setting framework

Source: ANAO compilation.

Appendix 3 The financial reporting and auditing framework for 2016–17 financial statements

1. Key elements of the Australian Government’s financial reporting framework are outlined in the diagram below. An overview of the financial reporting requirements for the various types of Australian Government entities covered by the framework and the audit approach for the financial statements of these entities is also described below.

Figure A.2: Australian Government financial reporting framework

Source: ANAO compilation.

Australian Government reporting entities

Commonwealth Government of Australia

2. Section 48 of the PGPA Act requires the Finance Minister to prepare annual consolidated financial statements for the Commonwealth Government of Australia. These financial statements are general purpose financial statements consolidating the financial activities and financial position of Commonwealth entities and other entities controlled by the Commonwealth Government.

3. The PGPA Act prescribes the Australian Accounting Standards (AASs), and any other requirements prescribed by the rules, as the applicable financial reporting framework for the consolidated financial statements.

Commonwealth entities

4. A Commonwealth entity is a department of state, a Parliamentary department, a listed entity or a body corporate established by a law of the Commonwealth. There are two types of Commonwealth entities: a non-corporate Commonwealth entity, which is a Commonwealth entity that is not a body corporate147; and a corporate Commonwealth entity, which is a Commonwealth entity that is a body corporate and legally separate from the Commonwealth.

5. Section 42 of the PGPA Act requires the accountable authority of a Commonwealth entity to prepare annual financial statements that comply with the AASs and any other requirements prescribed by the rules.

Non-corporate Commonwealth entities

6. Non-corporate Commonwealth entities, comprising departments of state, Parliamentary departments and listed entities, are subject to the provisions of the PGPA Act.

7. The PGPA Act prescribes the AASs and Financial Reporting Rule (FRR) as the applicable financial reporting framework for non-corporate Commonwealth entities.

Corporate Commonwealth entities and subsidiaries

8. Corporate Commonwealth entities are bodies corporate that hold money on their own account and have been created to perform specific functions. Corporate Commonwealth entities operate under their own enabling legislation and also must comply with the relevant provisions of the PGPA Act.

9. The PGPA Act prescribes the AASs and FRR as the applicable financial reporting framework for corporate Commonwealth entities. The financial reporting framework applicable to subsidiaries of corporate Commonwealth entities depends on the nature of the subsidiary.

Commonwealth companies and subsidiaries

10. Commonwealth companies are companies that are controlled by the Australian Government through majority share holdings or voting rights, or via control over the composition of the company’s board. Commonwealth companies operate and prepare financial statements under the Corporations Act.

11. The applicable financial reporting framework for Commonwealth companies is the Corporations Act 2001 (Corporations Act), including the AASs and the Corporations Regulations.

12. The financial reporting framework applicable to subsidiaries of Commonwealth companies depends on the nature of the subsidiary.

Other bodies

13. The ANAO also audits the financial statements of other bodies under ‘by arrangement’ provisions in section 20 of the Auditor-General Act 1997. Examples of these bodies are trusts or joint ventures entered into by Commonwealth entities.

Audit of Australian Government entity financial statements

Audit scope

14. The accountable authority of a Commonwealth entity is responsible for the preparation and fair presentation of the financial statements and for maintaining records, internal controls, procedures and processes that support the preparation of those statements.

15. The Directors of a Commonwealth company, or a company that is a subsidiary of either a Commonwealth entity or a Commonwealth company, are responsible for the preparation of financial statements that give a true and fair view and for maintaining records, internal controls, procedures and processes that support the preparation of that report.

16. The ANAO’s independent audits of financial statements are undertaken to form an opinion whether they are free from material misstatement and present fairly in accordance with applicable accounting standards and legislation. These audits are conducted in accordance with the ANAO Auditing Standards, which incorporate the Australian Auditing Standards and provide reasonable assurance.

17. Audit procedures include an examination of the entity’s records and its internal control, information systems, control procedures and statutory disclosure requirements. Evidence supporting the amounts and other information in the statements is examined on a test basis, and accounting policies and significant accounting estimates are evaluated.

18. The entity’s internal control relevant to the entity’s preparation and fair presentation of the financial statements or reports is considered in order to design audit procedures that are appropriate in the circumstances. In some audits, audit procedures concentrate primarily on substantiating the amounts appearing in the financial statements and do not include detailed testing of systems and internal controls.

19. The primary responsibility for the prevention and detection of fraud and error rests with both those charged with the governance and the management of an entity. The auditor is not responsible for the prevention of fraud and error.

The auditor’s report on financial statements

20. The ANAO auditor’s report on the financial statements includes a statement of the auditor’s opinion as to whether the financial statements present fairly the entity’s financial position, the results of its financial operations and its cash flows in accordance with the applicable financial reporting framework.

21. If the auditor is not of that opinion, the auditor’s opinion is modified, with the reasons being indicated.

22. The auditor’s report on the financial statements may also include an ‘emphasis of matter,’ ‘other matter’ or ‘material uncertainty related to going concern’ paragraph. A report on other legal and regulatory requirements may accompany the auditor’s report on the financial statements. The inclusion of these paragraphs does not modify the auditor’s opinion.

Form of auditor’s opinion

23. An auditor’s opinion is described as ‘unmodified’ when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework.

24. An auditor’s opinion may be ‘modified’ in one of three ways.

  • A ‘qualified opinion’ is expressed when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in aggregate, are material but not pervasive to the financial statements. A ‘qualified opinion’ is also expressed when the auditor, having been unable to obtain sufficient appropriate audit evidence, concludes that the possible effects on the financial statements of undetected misstatements could be material but not pervasive.
  • A ‘disclaimer of opinion’ is expressed when the auditor, having been unable to obtain sufficient appropriate audit evidence on which to base the opinion, concludes that the possible effects on the financial statements of undetected misstatements could be both material and pervasive.
  • An ‘adverse opinion’ is expressed when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements individually or in aggregate, are both material and pervasive to the financial statements.
Emphasis of matter

25. An ‘emphasis of matter’ paragraph is included in the auditor’s report when the auditor considers it necessary to draw to users’ attention a matter presented in the financial statements that, in the auditor’s judgement, is of such importance that it is fundamental to the users’ understanding of the financial statements. The circumstances in which an emphasis of matter is used include:

  • when financial statements and the auditor’s report have been issued and a fact is discovered that leads to revised financial statements and a new auditor’s report being prepared; and
  • when financial statements have been prepared in accordance with a special purpose framework, and as a result the financial statements may not be suitable for another purpose.
Other matter

26. The auditor’s report on the financial statements may also include a reference to an ‘other matter’. This allows the auditor to communicate a matter other than a matter that is presented or disclosed in the financial statements that, in the auditor’s judgement, is relevant to users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report.

Material uncertainty related to going concern

27. The auditor’s report on the financial statements will also include a reference to a ‘material uncertainty related to going concern’ when there are possible or actual events or conditions that may cast significant doubt on an entity’s ability to continue as a going concern and the financial statements include adequate disclosure about the uncertainty.

Report on other legal and regulatory requirements

28. The auditor’s report on the financial statements may also include a report on other legal and regulatory requirements. This report covers matters that the Auditor-General is required by law to report on in conjunction with the financial statements audit that do not affect the truth and fairness of the financial statements.

29. A report on other legal and regulatory requirements may also be used to draw attention to other legislative findings, such as issues relating to the entity’s compliance with section 83 of the Constitution.

Appendix 4 Glossary of commonly used accounting terms

Administered:

Those items that an entity does not control but over which it has management responsibility on behalf of the Government and which are subject to prescriptive rules or conditions established by legislation, or Australian Government policy, in order to achieve Australian Government outcomes.

Appropriation:

An authority under any Act or law to draw money from the Consolidated Revenue Fund.

Departmental:

Those items that the entity controls that are applied to the production of the entity’s own purposes.

Fair value:

The amount for which an asset could be exchanged or a liability settled, between knowledgeable, willing parties in an arm’s length transaction.

Impairment loss:

The amount by which the carrying amount of an asset exceeds its recoverable amount.

Material entity:

Government entities are classified based on the extent to which their financial information has a material impact on the Whole of Government financial statements. The breakdown is determined by aggregating the total income, expenses, assets and liabilities of all entities. Entities whose total income, expenses, assets and liabilities in aggregate are within the top 99 per cent of the aggregate of these balances for all General Government Sector entities are classified as material entities.

Departments of state and entities in the Public Financial Corporation and Public Non-Financial Corporation sectors are also considered to be material entities by nature.

Materiality:

Omissions or misstatements of items are material if they could, individually or collectively; influence the economic decisions that users make on the basis of the financial statements. Materiality depends on the size and nature of the omission or misstatement judged in the surrounding circumstances. The size or nature of an item, or combination of both, could be the determining factor.

Net cost of services:

Calculated as total expenses (excluding income tax expense, where applicable) less total own source income.

Own source income:

Consists of all income except:

  1. annual appropriations;
  2. special appropriations; and
  3. amounts appropriated to the relevant portfolio entity for payment to the corporate entity (corporate entity item).

It includes PGPA Act section 74 receipts of amounts by non-corporate Commonwealth entities, and is adjusted for any repayments by the Commonwealth made under PGPA Act section 77.

Footnotes

1 The term ‘entity’ applies to all organisations subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

2 Resource Management Guide 214 Notification of significant non-compliance with finance law paragraph 5 defines finance law to include the PGPA Act, the PGPA rule, instruments made under the PGPA Act (including accountable authority instructions) and Appropriation Acts.

3 ANAO Report No.7 2016–17 Interim Phase of the Audits of the Financial Statements of Major General Government Sector Entities for the year ending 30 June 2016 reported on 21 major general government sector entities. In 2016–17, the ANAO expanded the entities to include: the Department of Parliamentary Services as the lead entity of the Parliamentary Departments; and the Australia Postal Corporation, nbn co limited, and the Reserve Bank of Australia as major entities of the PNFC and PFC Sectors. The analyses in this report, including prior year findings, have been adjusted to reflect the inclusion of these entities.

4 There is a range of different governance structures within the Commonwealth depending on an entity’s particular legal status or its enabling legislation. The term ‘accountable authority’ as defined in the PGPA Act is used in this report to describe the person or body responsible for an entity’s governance.

5 Section 15 of the Public Governance, Performance and Accountability Act 2013.

6 Resource Management Guide 214 Notification of significant non-compliance with finance law (PGPA Act, section 19) paragraph 5 defines finance law to include the PGPA Act, the PGPA rule, instruments made under the PGPA Act (including accountable authority Instructions) and Appropriation Acts.

7 Section 20A of the Public Governance, Performance and Accountability Act 2013 authorises accountable authorities to give instructions to officials in their entities on any matter necessary or convenient for carrying out or giving effect to the Act or the rules.

8 The Attorney-General’s Department; The Australian Office of Financial Management; the Australian Postal Corporation; the Departments of: Agriculture and Water; Communications and the Arts; Environment and Energy; Finance; Foreign Affairs and Trade; Human Services; Infrastructure and Regional Development; Parliamentary Services; the Prime Minister and Cabinet; Social Services; Treasury; and Veterans’ Affairs; Future Fund Management Agency and the Board of Guardians; nbn co limited; and the Reserve Bank of Australia.

9 The Departments of: Education and Training; Employment; Health; and Industry, Innovation and Science.

10 The Departments of: Defence; Immigration and Border Protection; and the Australian Taxation Office.

11 Principle 4: Safeguard integrity in corporate reporting, Recommendation 4.1, Corporate Governance Principles and Recommendations, 3rd edition, ASX Corporate Governance Council. S&P/ASX 300 entities are required to comply with these recommendations regarding the structure of audit committees.

12 Sections 17 and 28 of the PGPA Rule.

13 The Australian Taxation Office; and the Departments of: Employment; Foreign Affairs and Trade; and Social Services did not have an independent audit committee chair.

14 The following entities have established subcommittees. The Departments of: Agriculture and Water Resources; Communications and the Arts; Education and Training; Employment; the Environment and Energy; Finance; Foreign Affairs and Trade; Health; Human Services; Industry, Innovation and Science; Infrastructure and Regional Development; Immigration and Border Protection; the Prime Minister and Cabinet; Social Services; Veterans’ Affairs; Treasury; and the Australian Taxation Office.

15 The Australian Taxation Office.

16 The Departments of: Agriculture and Water Resources; Education and Training; Employment; Finance; Foreign Affairs and Trade; Immigration and Border Protection; Infrastructure and Regional Development; Social Services; and the Treasury.

17 The Commonwealth Fraud Control Framework has three components the fraud rule and policy, which are binding for non-corporate entities and the guidance which is considered to be best practice. Part 6.1 of the fraud guidance notes that risk assessments should be conducted at least every two years.

18 The transmittal letter included in the Department of the Treasury’s annual report for 2015–16 confirmed that the accountable authority was satisfied that the department had appropriate fraud control mechanisms that meet the department’s needs and complied with the guidance applying in 2015–16.

19 RMG 214 does not apply to nbn co limited (nbn). nbn is required to report significant issues to the Minister in accordance with the PGPA Act and other matters as required under the Corporations Act 2001. In 2015–16, nbn identified no matters that required reporting.

20 The ANAO did not undertake audit procedures to make an assessment of, or conclude on, judgements made by an accountable authority to determine whether non-compliance was significant.

21 Department of Defence 2015–16 Annual Report page 71.

22 Department of Employment 2015–16 Annual Report page 174.

23 Department of Education and Training 2015–16 Annual Report page 101.

24 The two entities were the Australian Postal Corporation and the Reserve Bank of Australia.

25 The three entities were the Departments of: Defence; Health; and Immigration and Border Protection.

26 The number of prior year findings have been adjusted to reflect the new entities included in this report as discussed at paragraph 1.6.

27 For further detail regarding the moderate findings in this category, refer to the Department of Defence and the Department of Immigration and Border Protection detailed results in chapter 3.

28 Users with administrative privileges, commonly referred to as privileged user access, are able to make significant changes to IT systems configuration and operation, bypass critical security settings and access sensitive information. Source: Australian Government Information Security Manual.

29 Information Security Manual (ISM) control 0430.

30 Further detail regarding the moderate finding relating to the Department of Immigration and Border Protection can be found at paragraph 3.15.29. One moderate finding reported to the Department of Defence relates to weaknesses in both privileged user access and change management and has been included in Figure 1.8. Refer to paragraph 1.84.

31 ISM control 1175.

32 ITIL (formerly Information Technology Infrastructure Library) is a framework for designing, implementing, delivering and managing IT services. It was originally developed in the 1990s with the support of the British government, and has been widely adopted by public and private sector entities world-wide.

33 International Organization for Standardization ISO 22301:2012.

34 ANAO Report No. 50 2013–14, Cyber Attacks: Securing Agencies’ ICT System; ANAO Report No. 37 2015–16 Cyber Resilience; and ANAO Report No. 42 2016–17 Cybersecurity Follow-up Audit.

35 The strategies are application whitelisting, patching applications, patching operating systems and minimising administrative privileges.

36 The following entities are not required to undertake an annual self-assessment and are not included in Figure 1.12: the Australian Postal Corporation; nbn co limited; and the Reserve Bank of Australia.

37 INFOSEC 4 requires that entities must document and implement operational procedures and measures to ensure information, ICT systems and network tasks are managed securely and consistently, in accordance with the level of required security. This includes implementing the mandatory Strategies to Mitigate Targeted Cyber Intrusions as detailed in the Australian Government Information Security Manual.

38 Three entities in this report are corporate Commonwealth entities and Commonwealth companies, and not required to report on their compliance to the PSPF.

39 Op. cit. (see footnote 33 on page 29).

40 Further details regarding the significant audit finding relating to the Department of Education and Training can be found in chapter 3, paragraph 3.8.23.

41 There were three audit findings which were re categorised in 2016–17 resulting in an adjustment to the 2015–16 comparative. One moderate audit issue relating to the Australian Taxation Office was categorised to other control matters and two moderate audit findings relating to the Department of Defence now reported under compliance and quality assurance frameworks were previously reported in the accounting and control of non-financial assets category in ANAO Report No.7 2016–17 Interim Phase of the Audits of the Financial Statements of Major General Government Sector Entities for the year ending 30 June 2016.

42 Further details regarding the significant and moderate findings can be found in the following entities’ detailed in chapter 3 the Attorney-General’s Department; the Australian Taxation Office and the Departments of: Defence; Education and Training; Employment; Finance; Immigration and Border Protection; and Industry, Innovation and Science.

43 ANAO Report No.6 2016–17 Corporate Planning in the Australian Public Sector.

44 ANAO Report No.54 2016–17 Corporate Planning in the Australian Public Sector.

45 ANAO Report No.58 2016–17 Implementation of the Annual Performance Statements Requirements.

46 ED 277 Reduced Disclosure Requirement for Tier 2 Entities, January 2017.

47 AASB 1058 Income of Not-for-Profit Entities, December 2016.

48 AASB 16 Leases, February 2016.

49 These included: ASA 700 Forming an Opinion and Reporting on a Financial Report; ASA 570 Going Concern; and ASA 720 The Auditor’s Responsibilities Relating to Other Information.

50 ANAO Report No.33 2016–17 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2016.

51 These arrangements were established by the Administrative Arrangements Order of 1 September 2016 incorporating amendments up to the 26 April 2017.

52 For further details refer to paragraph 2.6

53 Entities’ contributions have not been adjusted to eliminate inter-governmental transactions.

54 The ANAO’s rating scale for findings can be found at Table 1.2 on page 24.

55 Agriculture’s contribution to the CFS in Figure 3.1.1 has not been adjusted to eliminate inter-governmental transactions.

56 Figures in Table 3.1.1 and Table 3.1.2 have been sourced from Agriculture’s Portfolio Budget Statements 2017–18 and the entity.

57Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

58 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

59 AGD’s contribution to the CFS in Figure 3.2.1 has not been adjusted to eliminate inter-governmental transactions.

60 Figures in Table 3.2.1 and Table 3.2.2 have been sourced from AGD’s Portfolio Budget Statements 2017–18 and the entity.

61Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

62 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

63 While this issue does not directly affect AGD’s financial statements, AGD is responsible for managing the NDRRA and providing the required information for inclusion in Treasury’s financial statements.

64 Communications’ contribution to the CFS in Figure 3.3.1 has not been adjusted to eliminate inter-governmental transactions.

65 Figures in Table 3.3.1 and Table 3.3.2 have been sourced from Communications’ Portfolio Budget Statements 2017–18 and the entity.

66Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017 and Appropriation Act (No.3) 2016–2017.

67 Australia Post’s contribution to the CFS in Figure 3.4.1 has not been adjusted to eliminate inter-governmental transactions.

68 Figures in Table 3.4.1 and Table 3.4.2 have been sourced from Australia Post’s financial statements for the year ended 30 June 2016 and the entity.

69 nbn’s contribution to the CFS in Figure 3.5.1 has not been adjusted to eliminate inter-governmental transactions.

70 Figures in Table 3.5.1 and Table 3.5.2 have been sourced from nbn’s financial statements for the year ended 30 June 2016 and the entity.

71 Defence’s contribution to the CFS in Figure 3.6.1 has not been adjusted to eliminate inter-governmental transactions.

72 Figures in Table 3.6.1 and Table 3.6.2 have been sourced from Defence’s Portfolio Budget Statements 2017–18 and the entity.

73Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017 and Appropriation Act (No.3).

74 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

75 DVA’s contribution to the CFS in Figure 3.7.1 has not been adjusted to eliminate inter-governmental transactions.

76 Figures in Table 3.7.1 and Table 3.7.2 have been sourced from DVA’s Portfolio Budget Statements 2017–18 and the entity.

77Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

78 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

79 Education’s contribution to the CFS in Figure 3.8.1 has not been adjusted to eliminate inter-governmental transactions.

80 Figures in Table 3.8.1 and Figure 3.8. have been sourced from Education’s Portfolio Budget Statements 2017–18 and the entity.

81Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

82 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

83 Employment’s contribution to the CFS in Figure 3.9.1 has not been adjusted to eliminate inter-governmental transactions.

84 Figures in Table 3.9.1 and Table 3.9.2 have been sourced from Employment’s Portfolio Budget Statements 2017–18 and the entity.

85Supply Act (No.1) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

86 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

87 Environment’s contribution to the CFS in Figure 3.10.1 has not been adjusted to eliminate inter-governmental transactions.

88 Figures in Table 3.10.1 and Table 3.10.2 have been sourced from Environment’s Portfolio Budget Statements 2017–18 and the entity.

89Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

90 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

91 Finance’s contribution to the CFS in Figure 3.11.1 has not been adjusted to eliminate inter-governmental transactions.

92 Figures in Table 3.11.1 and Table 3.11.2 have been sourced from Finance’s Portfolio Budget Statements 2017–18 and the entity.

93Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017), Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

94 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

95 The Future Fund’s contribution to the CFS in Figure 3.12.1 has not been adjusted to eliminate inter-governmental transactions.

96 Figures in Table 3.12.1 and Table 3.12.2 have been sourced from the Future Fund’s Portfolio Budget Statements 2017–18 and the entity.

97 DFAT’s contribution to the CFS in Figure 3.13.1 has not been adjusted to eliminate inter-governmental transactions.

98 Figures in Table 3.13.1 and Table 3.13.2 have been sourced from DFAT’s Portfolio Budget Statements 2017–18 and the entity.

99Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017 and Appropriation Act (No.3) 2016–2017.

100 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

101 Figures in Table 3.14.1 and Table 3.14.2 have been sourced from Health’s Portfolio Statements 2017–18 and the entity.

102Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

103 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

104 DIBP’s contribution to the CFS in Figure 3.15.1 has not been adjusted to eliminate inter-governmental transactions.

105 Figures in Table 3.15.1 and Table 3.15.2 have been sourced from DIBP’s Portfolio Budget Statements 2017–18 and the entity.

106Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

107 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

108 Industry’s contribution to the CFS in Figure 3.16.1 has not been adjusted to eliminate inter-governmental transactions.

109 Figures in Table 3.16.1 and Table 3.16.2 have been sourced from Industry’s Portfolio Budget Statements 2017–18 and the entity.

110Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

111 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

112 Infrastructure’s contribution to the CFS in Figure 3.17.1 has not been adjusted to eliminate inter-governmental transactions.

113 Figures in Table 3.17.1 and Table 3.17.2 have been sourced from Infrastructure’s Portfolio Budget Statements 2017–18 and the entity.

114Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

115 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

116 DPS’ contribution to the CFS in Figure 3.18.1 has not been adjusted to eliminate inter-governmental transactions.

117 Figures in Table 3.18.1 and Table 3.18.2 have been sourced from DPS’ Portfolio Budget Statements 2017–18 and the entity.

118Supply (Parliamentary Departments) Act (No.1) 2016–2017 and Appropriation (Parliamentary Departments) Act (No.1) 2016–2017.

119 PM&C’s contribution to the CFS in Figure 3.19.1 has not been adjusted to eliminate inter-governmental transactions.

120 Figures in Table 3.19.1 and Table 3.19.2 have been sourced from PM&C’s Portfolio Budget Statements 2017–18 and the entity.

121Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017 and Appropriation Act (No.3) 2016–2017.

122 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

123 Social Services’ contribution to the CFS in Figure 3.20.1 has not been adjusted to eliminate inter-governmental transactions.

124 Figures in Table 3.20.1 and Table 3.20.2 have been sourced from Social Services’ Portfolio Budget Statements 2017–18 and the entity.

125Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

126 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

127 The expenses associated with the payments made by Human Services are reported in the responsible entities’ financial statements.

128 Human Services’ contribution to the CFS in Figure 3.21.1 has not been adjusted to eliminate inter-governmental transactions.

129 Figures in Table 3.21.1 and Table 3.21.2 have been sourced from Human Services’ Portfolio Budget Statements 2017–18 and the entity.

130Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

131 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

132 The ANAO has identified an additional four risks in relation to the services provided by DHS for other Commonwealth entities.

133 Treasury’s contribution to the CFS in Figure 3.22.1 has not been adjusted to eliminate inter-governmental transactions.

134 Figures in Table 3.22.1 and Table 3.22.2 have been sourced from Treasury’s Portfolio Budget Statements 2017–18 and the entity.

135Supply Act (No.1) 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017 and Appropriation Act (No.3) 2016–2017.

136 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

137 AOFM’s contribution to the CFS in Figure 3.23.1 has not been adjusted to eliminate inter-governmental transactions.

138 Figures in Table 3.23.1 and Table 3.23.2 have been sourced from AOFM’s Portfolio Budget Statements 2017–18 and the entity.

139Supply Act (No.1) 2016–2017, Appropriation Act (No.1) 2016–2017 and Appropriation Act (No.2) 2016–2017.

140 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

141 ATO’s contribution to the CFS in Figure 3.24.1 has not been adjusted to eliminate inter-governmental transactions.

142 Figures in Table 3.24.1 and Table 3.24.2 have been sourced from ATO’s Portfolio Budget Statements 2017–18 and the entity.

143Supply Act (No.1 2016–2017, Supply Act (No.2) 2016–2017, Appropriation Act (No.1) 2016–2017, Appropriation Act (No.2) 2016–2017, Appropriation Act (No.3) 2016–2017 and Appropriation Act (No.4) 2016–2017.

144 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No.4, 2017–18.

145 RBA’s contribution to the CFS in Figure 3.25.1 has not been adjusted to eliminate inter-governmental transactions.

146 Figures in Table 3.25.1 and Table 3.25.2 have been sourced from RBA’s 2015–16 financial statements and the entity.

147 Three entities have a body corporate status but are prescribed as non-corporate Commonwealth entities. These are the Australian Competition and Consumer Commission; the Australian Prudential Regulation Authority; and the Australian Securities and Investments Commission.