This report focuses on the results of the interim financial statements audits, including an assessment of entities’ key internal controls, supporting the 2019–20 financial statements audits. This report examines 24 entities, including all departments of state and a number of major Australian government entities. The entities included in the report are selected on the basis of their contribution to the income, expenses, assets and liabilities of the 2018–19 Consolidated Financial Statements (CFS). Significant and moderate findings arising from the interim audits are reported to the responsible Minister(s), and all findings are reported to those charged with governance of each entity.

Executive summary

1. The ANAO prepares two reports annually that provide insights at a point in time to the financial statements risks, governance arrangements and internal control frameworks of Commonwealth entities, drawing on information collected during audits. These reports explain how entities’ internal control frameworks are critical to executing an efficient and effective audit and underpin an entities capacity to transparently discharge their duties and obligations under the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Deficiencies identified during audits that pose a significant or moderate risk to the entities ability to prepare financial statements free from material misstatements, are reported.

2. This report is the first in the series of reports and focuses on the results of the interim audits, including an assessment of entities’ key internal controls, supporting the 2019–20 financial statements audits. This report examines 24 entities, including all departments of state and a number of major Australian government entities. The entities included in the report are selected on the basis of their contribution to the income, expenses, assets and liabilities of the 2018–19 Consolidated Financial Statements (CFS). Significant and moderate findings arising from the interim audits are reported to the responsible Minister(s), and all findings are reported to those charged with governance of each entity.

Impact of COVID-19

3. The potential impact of the COVID-19 pandemic, and the Australian Government’s and global responses to the situation, on auditing frameworks, audit risks and audit opinions are covered throughout this report. However, it is important to acknowledge that the audit findings compiled in this report, were at a time largely before the COVID-19 pandemic. It is the ANAO’s intention to work co-operatively with audited entities to resolve any issues resulting from the COVID-19 pandemic, and audit teams will continue to assess the situation for each entity and revise audit approaches accordingly during what remains of the financial statements audit cycle.

4. The ANAO Auditing Standards require audit opinions to be modified where sufficient appropriate audit evidence is unable to be gathered and the possible effects of undetected misstatements arising from the lack of evidence are material. As a consequence of the COVID-19 pandemic, there may be a higher likelihood of disclaimers of opinions for entities’ 2019–20 financial statements. Where this occurs, it will be reported to Parliament in the second report of this series.

Summary of audit findings and related issues

Summary of audit findings

5. A total of 72 findings were reported to the entities included in this report as a result of interim audits, comprising of eight moderate and 64 minor findings. This is an overall increase in the number of findings but a decrease in both the significant and the moderate finding categories compared to the 2018–19 interim audit results. One significant legislative breach was also reported.

6. Fifty per cent of findings relate to the management of IT controls, particularly the management of privileged user access. The continued level of findings indicates that the IT control environment warrants further attention by entity management.

Policies reviews for compliance with finance law, gifts and benefit disclosures and cyber resilience

7. The ANAO observed that entities had processes in place for monitoring and reporting instances of non-compliance with finance law. Following changes in mandatory external reporting of non-compliance, there has been a trend towards entities reducing the level of internal reporting of non-compliance captured and reported to audit committees and accountable authorities.

8. The Australian Public Service Commissioner issued guidance requiring Commonwealth entities to publish quarterly, a register of all gifts and benefits valued at greater than $100, received by the agency head. It was observed that entities have largely made good progress in implementing these recommendations.

9. The Protective Security Policy Framework (PSPF) contains the Essential Eight mitigation strategies and recommended controls intended to strengthen cyber resilience and capacity of Government to mitigate cyber threats. Review of entities’ implementation and compliance with these strategies found that there continues to be limited improvement in the level of compliance with the controls, since being first mandated in 2013.

Entity internal controls

10. The interim audit phase includes an assessment of the effectiveness of each entity’s internal controls as they relate to the risk of misstatement in the financial statements. At the completion of interim audits for the 24 entities included in this report, the key elements of internal control were assessed as operating effectively for 17 entities. For the remaining seven entities, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement, except for particular finding/s outlined in chapter 4.1

Management of staff leave

Summary of developments

11. The increase in audit findings relating to human resource management and administration, and the significance of these as a proportion of all financial statements audit findings, has prompted the ANAO to undertake targeted assurance activities over the management of staff leave. The activities have been performed to facilitate an assessment of compliance of the management of leave accruals, and balances with human resource policies and requirements, and to further inform assurance activities for future audits. The entities selected were the Departments of: Home Affairs; the Prime Minister and Cabinet; and the Treasury.

12. The analysis performed to date has identified weaknesses in processes relating to staff leave and associated monitoring controls. In particular, improvements can be made in the timeliness of submission and approval of leave requests and the application of requirements including minimum and maximum entitlements. The ANAO has also identified that the Department of Home Affairs’ leave policy does not contain current information or requirements following the February 2019 Workplace Determination.

13. These observations potentially impact entities’ operations and financial reporting. Taking leave prior to approval being given may impact the ability of entities to effectively manage resources and deliverables, while also potentially overstating the related employee liability balances in the financial statements.

14. The ANAO will continue to progress the assessment of the above criteria and will report the results in Auditor-General report: Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2020 and in a separate report to Parliament.

Reporting and auditing frameworks

Summary of developments

15. As a consequence of the COVID-19 pandemic and revised accounting standards for revenue and leases, Commonwealth entities will need to review and update the information, systems, processes and controls relied on in the preparation of their 2019–20 financial statements. The ANAO will revise its risk assessments and modify planned audit procedures in response to the changes made by Commonwealth entities.

Cost of this report

16. The cost to the ANAO of producing this report is approximately $480,000.

1. Interim audit results and other matters

Chapter coverage

This chapter provides:

  • an overview of the ANAO's audit approach to financial statements audits;
  • a summary of observations regarding the internal control environments of the entities included in this report;
  • a summary of audit findings identified at the conclusion of the interim audit; and
  • observations relating to: machinery of government changes, board governance, reporting relating to compliance with finance law; application of the Australian Public Service Commissioner's guidance for reporting gifts and benefits; and the maturity of entity's processes for safeguarding financial information from cyber threats.
Conclusion

Key to ANAO audit process is assessment of entities' internal control frameworks as they apply to financial reporting. An effective internal control framework provides the ANAO with a level of assurance that entities are able to prepare financial statements that are free from material misstatement. At the completion of interim audits for the 24 entities included in this report the ANAO noted that key elements of internal control were operating effectively for 17 entities. For seven entitiesa, except for particular finding/s outlined in chapter 4, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement.

A total of 72 findings were reported to the entities included in this report as a result of interim audits, comprising of nil significant, 8 moderate and 64 minor findings. This is an overall increase in the number of findings but a decrease in both the significant and the moderate findings compared to the 2018–19 interim audit results, which reported one significant, 12 moderate and 57 minor findings. One significant legislative breach was also reported.

Eighty-seven per cent of moderate findings continue to be in the areas of: management of IT controls, particularly the management of privileged users and compliance and quality assurance frameworks supporting program payments. These areas warrant further attention by entity management.

The Australian Public Service Commissioner issued guidance requiring Commonwealth entities to publish quarterly, a register of all gifts and benefits valued at greater than $100, received by the agency head. It was observed that entities have largely made good progress in implementing these recommendations

The ANAO observed that entities had processes in place for monitoring and reporting instances of non-compliance with finance law. Following changes to the mandatory external reporting of non-compliance in 2015–16, there has been a trend towards entities reducing the level of internal reporting of non-compliance captured and reported to audit committees and accountable authorities.

The Protective Security Policy Framework (PSPF) contains the Essential Eight mitigation strategies and recommends controls intended to strengthen cyber resilience and the capacity of Government to mitigate cyber threats. Review of entities' implementation and compliance with these strategies found that there continues to be limited improvement in the level of compliance with the controls since being mandated in 2013.

Note a: The seven entities are the: Departments of: Agriculture, Water and the Environment; Defence; Education, Skills and Employment; Home Affairs; Infrastructure, Transport, Regional Development and Communications; National Disability Insurance Scheme Launch Transition Agency and Services Australia.

Introduction

1.1 The ANAO publishes an Annual Audit Work Program (AAWP) which reflects the ANAO's strategy and deliverables for the forward year. The purpose of the AAWP is to inform the Parliament, the public and government sector entities of the ANAO's planned audit coverage for Australian Government entities by way of financial statements audits, performance audits and other assurance activities.

1.2 The financial statements audit coverage, as outlined in the AAWP, includes presenting two reports to the Parliament addressing the outcomes of the financial statements audits of Australian Government entities and the Consolidated Financial Statements of the Australian Government (CFS). These reports provide Parliament with an independent examination of the financial accounting and reporting of Commonwealth public sector entities.

1.3 This report focuses on the results of the interim audits of 24 entities2 including an assessment of key internal controls supporting the 2019–20 financial statements. The assessment includes a review of the governance arrangements related to entities' financial reporting responsibilities and the design and implementation of key internal controls relating to significant business processes. Where the auditor plans to rely upon key controls for assurance that financial statements are free from material misstatement, the controls are tested for operating effectiveness. Testing of controls during the interim audit phase allows the ANAO to form a conclusion on the operating effectiveness of those controls for the period up to the date of testing. During the final phase of the 2019–20 financial statements audit, the ANAO completes testing over the operating effectiveness of those controls upon which the ANAO intends to rely, and also controls not assessed at interim. The second report presents the final results of the financial statements audits of the CFS and all Australian Government entities.

1.4 The Government's response to the COVID-19 pandemic has included significant new measures and expenditure to enhance the capacity of Commonwealth entities to provide support to individuals and businesses impacted by the reduced economic activity and downturn originating from the containment strategies. Much of the interim controls testing was undertaken before major decisions on the implementation of the COVID-19 response measures. As such, entities should consider whether appropriate controls have been established for COVID-19 activities. Further detail on how the developing COVID-19 situation may result in additional financial statements preparation and audit risks for entities is included in chapter 4 of this report.

1.5 The entities included in this report are those entities that contribute significantly to the three sectors of the CFS: the General Government Sector (GGS), Public Non-Financial Corporation (PFNC) sector and Public Financial Corporation (PFC) sector. A listing of these entities is provided in Appendix 1.

1.6 The ANAO conducts its financial statements audits in four phases: planning, interim, final and completion. Figure 1.1 outlines the key elements of each phase.

Figure 1.1: ANAO financial statements audit process

Figure 1.1 outlines the ANAO financial statements audit process.  The four phases and the purpose of each phase is as follows: Planning – understanding the entity and design an audit approach. Interim - Initial assessment of controls. Final - final assessment of controls, material balances and disclosures. Completion - issue the Auditor’s report.  Throughout all four phases of the financial statements audit the ANAO also considers observations and recommendations arising from performance audits.  At the Completion of the audit phases, the relevant Ministers tables a copy of the annual report incorporating the Auditor’s report in Parliament, as well as the Minister releasing the Consolidated Financial Statements including Auditor’s Report.

Source: ANAO data.

1.7 A central element of the ANAO's financial statements audit methodology, and the focus of the planning phase of ANAO audits, is a sound understanding of an entity's environment and internal controls relevant to assessing the risk of material misstatement in the financial statements. This understanding informs the ANAO's audit approach, including the reliance that may be placed on entity systems to produce financial statements that are free from material misstatement.

1.8 In accordance with generally accepted auditing practice, the ANAO accepts a low level of risk that an audit will fail to detect the financial statements are materially misstated. This low level of risk is accepted because it is too costly to perform an audit that is predicated on no level of risk. An understanding of the entity, its environment and its controls helps the ANAO design the required work and respond to risks that bear on financial reporting. The key areas of financial statements risks identified through this planning approach are discussed in chapter 4 for each entity included in this report.

1.9 A key component of understanding the entity and its environment is to understand the governance arrangements established by its accountable authority.3 Accountable authorities of all Commonwealth entities and companies subject to the Public Governance, Performance and Accountability Act 2013 (PGPA Act) are required to govern their entity in a way that promotes the proper use and management of public resources, the achievement of the purposes of the entity and the entity's financial sustainability.

1.10 The development and implementation of effective corporate governance arrangements and internal controls should be designed to meet the individual circumstances of each entity. These processes also assist in the orderly and efficient conduct of the entity's business and compliance with applicable legislative requirements, including the preparation of annual financial statements that present fairly the entity's financial position, financial performance and cash flows.

Understanding the entity

1.11 The ANAO uses the framework in the Australian Auditing Standards (ASA) 315 Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and its Environment to consider the impact of different elements of an entity's internal controls that support the preparation of financial statements. This approach provides a basis for designing and implementing the audit work program that reflects the ANAO's assessment of the risk of material misstatement. Deficiencies in the internal control framework increase the requirement of the ANAO to perform additional audit work in the final phase. Figure 1.2 outlines these elements.

Figure 1.2: Elements of entity internal controls

Figure 1.2 outlines the 5 elements of an entities intern control framework consisting of: Control Environment; Risk Assessment; Monitoring; Information Systems; and Control Activities, as per ASA 315

Source: ASA 315 Identifying and assessing the risk of material misstatement through understanding the entity and its environment, paragraph A59.

1.12 This chapter discusses each of these elements and outlines observations based on the ANAO's review of aspects of each entity's internal controls, relevant to the risk of material misstatement to the financial statements, including the detailed results of the interim audits.

1.13 At the completion of the interim audits for the 24 entities included in this report, the ANAO noted that key elements of internal control were operating effectively for 17 entities. For the remaining seven4 entities, except for particular finding/s outlined in chapter 4, the key elements of internal control were operating effectively to support the preparation of financial statements that are free from material misstatement.

1.14 The key elements of internal controls for the full financial year will be assessed in conjunction with additional audit testing during the 2019–20 final audits. The impact of changes to the control environment arising from the COVID-19 situation and the required audit response will also be considered at this time.

Control environment

1.15 The PGPA Act sets out the requirements to establish and maintain systems relating to risk and control. Division 2, section 16 of the PGPA Act states that:

The accountable authority of a Commonwealth entity must establish and maintain:

a) an appropriate system of risk oversight and management for the entity; and

b) an appropriate system of internal control for the entity.

including by implementing measures directed at ensuring officials5 of the entity comply with finance law.6

1.16 An effective control environment is underpinned by a fit-for-purpose governance structure. Indicators of an effective governance structure include whether management has established frameworks and processes that promote positive attitudes, awareness and actions concerning the entity's internal controls and their importance in the entity. The main elements reviewed included: governance structures relevant to the preparation of the financial statements; audit committee and assurance arrangements; systems of authorisation; and processes for recording financial transactions.

1.17 All entities included in this report have established executive management committees and/or sub-committees that meet at least monthly, which support financial decision making at strategic and operational levels.7 Consistent with previous years, consideration of financial reporting was included on the agendas of all 24 entities' executive and audit committees. The financial information provided to the entities' executives was supplemented by non-financial operational information.

1.18 Clear lines of accountability and reporting are important in establishing a strong internal control environment for the purposes of preparing financial statements. The involvement of those charged with governance is an important element of these structures. Just as important is ensuring that staff at all levels understand their own role in the control framework. This can be achieved through the issuance of accountable authority instructions, and delegation instruments. All entities have established accountable authority instructions and delegations reflecting current business arrangements.

1.19 A number of entities included in this report, were impacted by Machinery of Government changes during 2019–20 which are discussed further below.

Machinery of Government

1.20 Machinery of Government (MoG) changes as a result of a new Administrative Arrangements Order involve change management processes on the part of the entities involved. A MoG change occurs when the Government decides to change the way Commonwealth responsibilities are managed. It can involve the movement of functions, resources and people from one agency to another. Successful implementation of MoG changes requires effective communication between all the parties affected by the changes, the full cooperation and commitment of both central and line agencies and sound project management arrangements to be developed and implemented in a timely manner.

Scale of the MoGs

1.21 The MoGs implemented in 2019–20 and considered as part of the interim audit were extensive. In all, six portfolio departments merged to become three8, an existing department was established as an Executive Agency9 and a new agency was established.10 As a result a large number of functions and programs were transferred between departments and four departments were renamed.

1.22 The most significant changes were:

  • transfer of responsibility for functions relating to employment and skills to the newly named Department of Education, Skills and Employment. The vocational education and training, and apprenticeships functions had previously been transferred from the Education portfolio to the former Employment portfolio as part of the 29 May 2019 MoG and were subsequently transferred back as a result of the 5 December 2019 MoG.
  • transfer of the communications and arts functions to the renamed Department of Infrastructure, Transport, Regional Development and Communications;
  • transfer of agriculture functions to the renamed Department of Agriculture, Water and the Environment;
  • establishment of Services Australia (formerly known as the Department of Human Services) as a new Executive Agency, within the Social Services Portfolio;
  • establishment of the National Indigenous Australians Agency which assumed responsibility for functions relating to Indigenous Australians from the Department of the Prime Minister and Cabinet;
  • transfer of small business, energy and climate change functions (excluding climate science and adaptation) to the renamed Department of Industry, Science, Energy and Resources;
  • transfer of responsibility for industrial relations from the former Employment portfolio to the Attorney-General's portfolio;
  • transfer of responsibility for whole-of-government service delivery from the Prime Minister and Cabinet portfolio to Services Australia;
  • transfer of migrant adult education functions from the Education portfolio to the Home Affairs portfolio;
  • transfer of settlement services for refugees and humanitarian migrants from the Social Services portfolio to the Home Affairs portfolio;
  • transfer of the information technology group functions from the Department of Social Services to Services Australia; and
  • transfer of the National Redress Scheme Branch and the administered investment for Hearing Services Australia from Services Australia to the Department of Social Services.

1.23 Where MoG changes affect areas such as governance arrangements, appropriations, IT systems, internal controls and financial reporting, the ANAO takes these into account in developing its audit approach as part of the annual financial statement audits of Australian Government entities.

1.24 The ANAO 2019–20 interim audit has identified that MoG changes resulted in over 10 000 staff transferring between entities effected through determinations under section 72 of the Public Service Act 1999. Appropriations totalling approximately $1.2 billion were transferred between entities through determinations under section 75 of the Public Governance, Performance and Accountability Act 2013.

Implementing MoG changes

1.25 Implementing MoG changes can be resource-intensive and involve complexity in managing a range of issues. These include: reaching agreement on the staff and appropriations to be transferred; establishing communication mechanisms with both 'gaining' and 'losing' staff; connecting gaining staff to existing IT networks and disconnecting transferred staff from IT systems; arranging accommodation requirements for staff being transferred; and negotiating the most effective way to maintain the delivery of services in both the short and longer term, particularly arrangements for the processing of employee entitlements and program payments.

1.26 The Machinery of Government changes A Guide for Agencies — April 2019 (the Guide), jointly issued by the Australian Public Service Commission (APSC) and the Department of Finance (Finance), outlines a set of principles to assist entities in implementing changes resulting from a MoG. The principles are:

  • taking a whole-of-government approach;
  • constructive and open communication with staff; and
  • accountability and compliance with legislation and policy.

1.27 Implementation of MoG changes requires entities to work co-operatively and openly in a timely manner. Entities are expected to implement changes as quickly as possible, with a focus on achieving the best outcomes for the Australian community across the whole of government.11 As the changes arise from an executive order of government, entities affected will have little or no notice of the specific changes that have been determined.

1.28 The Guide also outlines that where a completion date is not specified in relation to a MoG, entities are expected to complete changes within thirteen weeks from the date of effect of the MoG change. Agency heads are responsible for meeting this deadline and for implementing MoG changes in accordance with the principles set out in paragraph 1.26 above.

1.29 In order to achieve the best outcome, agencies are encouraged to:

  • appoint an independent advisor to manage the MoG process, facilitate negotiations and to help resolve any contested issues (paragraph 6);
  • establish a cross-agency steering committee that includes representatives from all affected agencies, has clear lines of responsibility and reporting (paragraph 12);
  • complete a thorough due diligence exercise of all aspects of functions being transferred including statutory requirements, delegations, and related appropriations (paragraph 7); and
  • develop a communications strategy to keep affected staff informed of the progress of changes relating to the timetable and impacts to conditions, hours and pay (Summary, page 11).
Observations

1.30 As part of the 2019–20 interim audit, the ANAO considered the application of the Guide by the entities subject to MoG changes in the current year. Ten entities included in this report, were impacted by MoG changes in 2019–20. The changes to entities varied in complexity and size, with a number of significant MoGs merging functions of entire entities. Although there was a range of complexities involved, the Attorney–General's Department was the only entity that appointed an independent arbitrator. The appointment was made in conjunction with the former Department of Employment, Skills, Small and Family Business and related to the transfer of industrial relations functions.

1.31 Nine12 of the ten entities impacted established a steering or implementation committee to manage the MoG process. These committees were comprised of senior staff members who were assigned responsibility for settling implementation issues. All committees included representatives from both the gaining and losing entities. Of the entities that established a steering or implementation committee, only the committee from the Department of Industry, Science, Energy and Resources reported to the Audit Committee. Services Australia managed the process through its existing governance and executive committees.

1.32 As outlined in the Guide, as soon as it is apparent that a MoG change will occur, losing agencies are expected to undertake an immediate and thorough due diligence assessment over the transferred function. The due diligence exercise requires a detailed examination of all aspects of the function being transferred.13 Of the ten entities impacted by the MoGs, six14 lost functions. These six entities used a variety of approaches to undertake their due diligence.

  • The Department of Education, Skills and Employment and Services Australia undertook a detailed assessment or review in relation to the MoG.
  • The Department of Social Services undertook an initial due diligence assessment in relation to the MoG. As at 30 April 2020, the ANAO has not been provided with documentation in respect of the due diligence process.
  • The Department of Agriculture, Water and the Environment undertook due diligence processes in relation to functions transferred out as a result of the MoG.
  • The Department of Infrastructure, Transport, Regional Development and Communications received all functions of the former Department of Communications and the Arts. The priority of the project team was to work on organisational integration and having appropriate systems and procedures in place from day one to facilitate both entities continuing their delivery. As such, the due diligence exercise was undertaken as part of the integration process.
  • The Department of the Prime Minister and Cabinet did not undertake a separate due diligence process relating to the functions being transferred to the National Indigenous Australians Agency. The due diligence was undertaken concurrently with the risk management processes.

1.33 Four entities that gained functions as a result of the changes also performed a due diligence assessment. The Attorney–General's Department and the Department of Industry, Science, Energy and Resources performed assessments to obtain essential information relating to the functions they were receiving and included details relating to human resources and financial information.

1.34 The Department of Social Services performed due diligence over the functions gained from Services Australia. The Department of Agriculture, Water and the Environment undertook due diligence processes for functions received from the former Department of Agriculture, but not to the extent of those undertaken for functions that were transferred out.

1.35 The Guide outlines that a risk management approach15 relating to the impact of the MoG on an entity, is required to avoid delays in negotiations. Entities used a variety of approaches to manage the risks associated with the MoGs as detailed below.

  • The Departments of: Agriculture, Water and the Environment; Industry, Science, Energy and Resources; Education, Skills and Employment; Home Affairs; and Social Services16 undertook a formalised risk assessment process in relation to the impact of the MoG. The Attorney–General's Department established and maintained a detailed issues and risk register relating to the MoG changes. A number of high risks were identified across these entities.
  • The Department of the Prime Minister and Cabinet and the National Indigenous Australians Agency did not undertake a full risk analysis due to the limited time-frame to implement the changes. Risk was managed via agile project methodology using daily stand up meetings where challenges and risks to objectives were identified and mitigated on a daily basis.
  • Services Australia did not perform an overall risk assessment relating to the MoG. Risks were captured and managed through the individual business and program areas. The Chief Financial Officer's group tracked the financial implications of these risks through briefing papers to the Financial Statements Sub Committee and Audit Committee.
  • The Department of Infrastructure, Transport, Regional Development and Communications has identified that it intends to prepare a position paper17 relating to the impact of MoG changes on the 2019–20 financial statements.

1.36 In addition to the overall risk assessments outlined above, seven of the ten entities undertook a financial statements risk analysis. The Department of Social Services has undertaken an initial assessment as the transfer of functions between the department and Services Australia is still in progress.

1.37 The National Indigenous Australians Agency is a newly established entity. It initially adopted a number of risk and mitigation approaches from the Department of the Prime Minister and Cabinet. During 2019–20 it has been refining its governance and practices, including risk assessments for financial statements preparation.

1.38 The Department of Home Affairs did not perform a separate financial statements risk assessment, but did review and update the Financial Statements Assurance Framework and noted nil financial statements risk resulting from the MoG.

Conclusion

1.39 The additional guidance provided by the Guide provides entities with a set of principles to follow when they are subject to MoG changes. Best practice would include all entities applying the principles of the Guide regardless of whether they are the losing agency or the gaining agency and regardless of the scale of the MoG. Performing a due diligence review and undertaking detailed risk assessments from an operational and financial statements perspective, assists entities to identify any new risks that could impact on the timely preparation of complete and accurate financial statements.

1.40 The principles of the Guide provide entities with valuable insights that can assist in ensuring the focus remains on completing the MoG processes quickly and achieving the best outcomes for the Australian community across the whole-of-government.

Audit Committees

1.41 The PGPA Act requires audit committees to be established for Commonwealth entities and Commonwealth companies.18 An independent audit committee is a fundamental principle of good governance.19 The audit committee plays a key role in assisting the accountable authority to fulfil its governance, risk management and oversight responsibilities through the provision of independent assurance and advice.

1.42 Section 17 of the Public Governance Performance and Accountability Rule 2014 (PGPA Rule) sets out the minimum requirements relating to the audit committee of a Commonwealth entity. The key requirements of the PGPA Rule are outlined below.

  • A written charter, set by the accountable authority, determining the functions of the audit committee for the entity. These functions must include reviewing the appropriateness of the accountable authority's financial reporting; performance reporting; system of risk oversight and management; and system of internal control for the entity.
  • Membership of the committee20 to include at least three persons with appropriate qualifications, knowledge, skills or experience to assist the committee to perform its functions and a majority of committee members and the committee chair must be independent of the entity.
  • Persons that must not be a member of the audit committee: the accountable authority or, if the accountable authority has more than one member, the head; the Chief Financial Officer; and the Chief Executive Officer.

1.43 All entities have established audit committees consisting of a majority of members assessed by the entity to be independent. All entities have an audit committee charter that is consistent with their obligations under subsection 17(2) of the PGPA Rule. Each entity has appointed an independent audit committee chair.

Board Governance Arrangements

1.44 The ANAO audit program has included topics on the implementation of the PGPA Act and the PGPA Rule. Under the PGPA Act, the accountable authority is responsible for leading, governing and setting the strategic direction for the entity. For corporate Commonwealth entities the governing body of the entity is the board, unless otherwise prescribed by the rules.21 In 2018–19, a series of performance audits reviewed whether corporate Commonwealth entities had established effective arrangements to comply with legislative and policy requirements, and adopted practices that support effective governance.22

1.45 The board plays a key role in the effective governance of an entity. Corporate governance involves two dimensions, performance and conformance. In this report the ANAO has analysed the following entities governed by boards: Australian Postal Corporation, the Future Fund Management Agency and the Board of Guardians23, NBN Co Limited (NBN Co) and the National Disability Insurance Scheme Launch Transition Agency (NDIA). The ANAO has also analysed the Reserve Bank of Australia's (RBA) Reserve Bank Board, noting that the RBA Governor is the accountable authority.

1.46 The interplay of the 'hard attributes' of governance (such as board composition, appointment processes and independence) and the 'soft attributes' of governance (such as the chair/CEO relationship, board behaviours and board culture) are critical to good governance and organisational performance.24 The design of the board structures for the entities listed above is consistent with legislative and policy requirements. The entities have actively engaged with the portfolio department and minister in relation to the skills requirements for prospective board appointments, and provided advice to the decision-maker accordingly. Upon appointment to the board, all entities had appropriate induction processes that included details of the board's role and responsibilities as the accountable authority.

1.47 Establishing a charter can assist board members by providing a single reference point that clearly sets out the functions, powers and membership of the board, as well as roles, responsibilities and accountabilities. For the five entities considered, a charter was in place and reviewed on a regular basis. The boards of all the entities meet on average at least every six weeks. Sufficient and appropriate documentation and the recording of decisions and actions is kept by the entities, as well as the declaration of conflicts of interests by members, including the managing director, or equivalent.

1.48 The boards maintain a strategic focus on risk within the entity with regular briefings from the relevant audit and/or risk committee. Other items discussed by the boards include approval of key policies and frameworks, assurance from management regarding internal controls and compliance with legislation, and reporting on progress against the corporate plan. All entities undertake regular reviews to evaluate board performance, with external assessments complemented by more frequent internal reviews. Periodically evaluating board performance can enable a board to reflect on its operations and assess whether it has effectively met its purpose, objectives and obligations.

Risk assessment processes

1.49 Section 16 of the PGPA Act sets out an accountable authority's responsibilities in regard to the establishment of appropriate risk oversight and management in an entity. An understanding of an entity's process to identify and manage risk is essential to an effective and efficient financial statements audit. A review of this process is done to assist the ANAO to understand how entities identify and manage risks relating to financial statements and assess the risk of material misstatement to an entity's financial statements.

1.50 For the 2019–20 interim audit phase the ANAO's review of entities' risk assessment processes was undertaken prior to the emergence of the COVID-19 pandemic. In order to minimise the impact on their financial statements, entities should review their current risk assessments. This is discussed further in paragraphs 2.6 to 2.8 of chapter 2.

1.51 All entities included in this report have a process to develop and update risk management plans at the organisational and strategic risk levels. In addition, each entity has developed processes for the identification and notification of risks relevant to financial statements preparation either as part of the overall risk management plan, or through a targeted risk identification exercise. The monitoring of risks and the entity's implementation of risk management strategies was typically assigned to either an executive committee and/or the audit committee.

1.52 Entities affected by machinery of government changes, including the Departments of: Agriculture, Water and the Environment; Education, Skills and Employment; and Infrastructure, Transport, Regional Development and Communications are currently applying risk management plans established at the former entities. The National Indigenous Australians Agency (NIAA) is adopting the risks assessed by the Department of the Prime Minister and Cabinet and will consider changes to risks for the new entity at a future date.

Monitoring of controls

1.53 Entities undertake many types of activities as part of their monitoring of control processes, including external reviews, self-assessment processes, post-implementation reviews and internal audits. The level of review of these activities by the ANAO is determined through a risk assessment approach that takes into consideration the nature, extent and timing of each activity and the activities application to the preparation of the financial statements.

Internal Audit

1.54 As part of the financial statements audit coverage, internal audit is reviewed to gain an understanding of its role and activities in the entity. Where an internal audit function has been established it can play an important role in providing assurance to the accountable authority that the internal control framework is operating effectively. Entities are encouraged to identify opportunities to leverage internal audit coverage as a means of providing increased assurance to accountable authorities to support their opinion on the entity's financial statements.

1.55 The extent to which the work of internal audit may be able to be used, in a constructive and complementary manner, varies between entities and is more likely to occur where internal audit work is focused on financial controls and legislative compliance. The ANAO is expecting to rely upon the work of internal audit for a number of entities.25 When it is anticipated that the work of internal audit will be used, in accordance with ASA 610 Using the Work of Internal Auditors, an assessment is required of whether the internal audit function has: appropriate organisational status; relevant policies and procedures to support their objectivity; an appropriate level of competence; and whether they apply a systematic and disciplined approach in the execution of their work including quality control.

1.56 When it is determined that the work of internal audit can be used to support an effective audit approach, additional work is performed to confirm its adequacy to support the external audit. This will include confirmation that the scope of the work is appropriate, that there is sufficient evidence to support the conclusions drawn and selected re-performance of internal audit's testing.

1.57 For the entities included in this report, it was observed that internal audit coverage is based on an internal audit plan that is aligned with entities' risk management plans and includes combinations of audits that address assurance, compliance, performance improvements and IT systems reviews. In addition, suggested topics from management, audit committees and external influences such as the ANAO's planned performance and financial statement coverage, are factors considered in the development of internal audit work plans.

Reporting relating to compliance with finance law

1.58 The introduction of the PGPA Act resulted in a move from a compliance-based approach to a principle-based financial framework for Commonwealth entities. To promote the safe custody and proper use of public resources whilst reducing red tape, a greater emphasis is placed on the robustness of an entity's self-assessment processes, strong governance structures and internal control frameworks to identify risks. A practical example of this is an entity's requirement to report on compliance with finance law.26

1.59 From 2015–16, the compliance reporting changed to require entities to report only significant non-compliance with finance law to both the Finance Minister and the responsible Minister. Prior to this, general government sector entities were required to submit an annual Certificate of Compliance to the Minister for Finance and the responsible Minister summarising all non-compliance with the PGPA Framework. To support the change in requirements, the Department of Finance issued guidance in relation to reporting of significant non-compliance through the Resource Management Guide 214 Notification of significant non-compliance with the finance law (RMG 214). The guide outlines factors which may be considered when determining whether significant non-compliance occurred including:

  • failure to comply with the duties of accountable authorities (PGPA Act sections 15 to 19);
  • serious breaches of the general duties of officials (PGPA Act sections 25 to 29) including any fraudulent activity by officials;
  • systemic issues reflecting internal control failings or high volume instances of non-compliance; and
  • non-compliance issues that are likely to impact on the entity's financial sustainability.

1.60 RMG 214 notes that the accountable authority should consider the entity's environment when determining whether instances of non-compliance are significant. In May 2019, the RMG was updated with additional guidance in the form of case studies. The case studies highlight the need for entities to consider the number of non-compliance issues in the context of the number of times the function had occurred within the entity. For example comparing the number of breaches relating to incorrect reporting of contracts on AusTender compared to the number of contracts executed in that year. As part of the interim audits the ANAO considered entities' application of RMG 214.27

1.61 Entities advised that professional judgement is applied and consideration given, to the nature and volume of breaches when assessing significance.28 Six entities29 provided further guidance within their definition of significant non-compliance, specifying a financial threshold above which non-compliance would be considered significant. The financial thresholds include a percentage of either departmental budget amounts, entity determined materiality thresholds; or a set dollar figure. The dollar range of thresholds varies from $50,000 to $20 million.

1.62 As part of an audit committee's governance role, it usually has oversight of the process for collating instances of non-compliance and the subsequent assessment regarding their significance. Changes to mandatory external compliance reporting process in 2015–16 removed the requirement for all instances of non-compliance to be centrally reported to the Department of Finance. As a consequence, the Department of Foreign Affairs and Trade, the NDIA and Services Australia reduced their level of reporting, requiring only significant non-compliance to be reported to their audit committee and accountable authorities. In addition, as a register of all non-compliance is not maintained, these entities are not able to perform analysis consistent with additional guidance provided in the May 2019 update to RMG 214. While the Australian Office of Financial Management does periodically report all instances of non-compliance to the audit committee, it also does not maintain a register of non-compliance.

1.63 In the absence of a register, capturing all instances of non-compliance, these entities have been excluded from the analysis of non-compliance summarised in Figure 1.3. Similarly as the National Indigenous Australians Agency was established from 1 July 2019 it is also excluded.

1.64 In addition to notifying the relevant Minister of any significant issues which occur, entities must also report any significant non-compliance in their annual reports in line with the PGPA Rule subsection 17AG. The following two entities reported significant non-compliance in their 2018–19 annual reports:

  • Department of Veterans' Affairs reported one significant non-compliance30 relating to departmental transactions totalling $4.1 million found to be incorrectly recorded as administered items. They were subsequently transferred to departmental operations.
  • Department of Defence reported 53 instances of significant non-compliance.31 Where these instances were proven as fraud committed by an official, Defence authorities addressed these instances through criminal or disciplinary prosecution action.

1.65 Entities undertake a range of activities to identify instances of non-compliance and support their assessment of whether identified breaches meet the definition of significant. These activities include self-reporting, internal assurance activities, and questionnaires completed by officers holding delegations. Through these processes, in 2018–19 entities included in this report identified a total of 4,203 instances of non-compliance.32 Two entities reported no non-compliance33, three entities account for more than 10 per cent of the total breaches34 and the remaining 13 entities each reported between one and nine per cent of the non-compliance. Figure 1.3 provides the ANAO analysis of instances of non-compliance by category as identified by entities in 2018–19.

Figure 1.3: Reported incidences of non-compliance 2018–19

Figure 1.3 shows the number of instances non-compliance identified during 2018–19 by entities, per category of finance law.  The breakdown is as follows: 2,126 instances of non-compliance with Commonwealth procurement rules; 852 instances of non-compliance with PGPA section 23; 480 instances of non-compliance with Commonwealth Grant Rules and Guidelines; 705 instances of non-compliance with sections of the PGPA excluding section 23; and 40 instances of non-compliance with the PGPA Rule.

Source: ANAO analysis of data provided by entities.

1.66 Further details of the areas of non-compliance depicted in Figure 1.3 are detailed below.

  • The following three entities identified the highest number of instances of non-compliance with the Commonwealth Procurement Rules: Department of Home Affairs (775 instances); Department of the Prime Minister and Cabinet (302 instances); and Department of Veterans' Affairs (237 instances). Of the non-compliance with Commonwealth Procurement Rules, 61 per cent of breaches related to rule 7.16, which requires entities to report contracts entered into or amended over $10,000 on AusTender within 42 days.
  • Breaches of section 23 of the PGPA Act include failure to obtain appropriate delegate approval prior to entering into contracts and exceeding a delegate's approval. The following three entities identified the highest number of instances of non-compliance in this area; Department of Defence (450 instances); Department of the Treasury (123 instances); and Department of Agriculture, Water and the Environment (86 instances).
  • Non-compliance with the Commonwealth Grant Rules and Guidelines predominately resulted from entities not meeting the requirement to publish grants on GrantConnect35 within 21 days.
  • Forty-one per cent of instances of non-compliance with the PGPA Act, excluding section 23, related to breaches of governing in a way that is not inconsistent with the policies of the Australian Government under section 21, specifically section 83 of the Australian Constitution where by no money shall be drawn from the Treasury of the Commonwealth except under appropriation made by law.
  • The non-compliance with the PGPA Rule relates to failure to document the approvals to enter into arrangements under section 23 of the PGPA Act and banking monies within five days from receipt.

1.67 The additional guidance provided within the RMG 214 indicates that consideration should be given to the number of breaches in light of the entity's environment. The collation and reporting of non-compliance allows audit committees and accountable authorities to assess emerging risks and determine training requirements or changes to procedures required to address trends. Through its interim reports to Parliament, the ANAO has undertaken a detailed analysis of reporting of non-compliance, over the last three financial years, and observed both divergent practices between entities in identifying and assessing the significance of non-compliance, and a reduction in detailed reporting provided to audit committees and accountable authorities.

Gifts and Benefits

1.68 Auditor-General Report No. 47 2017–18: Interim Report on Key Financial Controls of Major Entities, provided analysis of the gifts and benefits policies of those entities included in the report. The report concluded that there would be merit in the development of a whole-of-government gifts and benefits policy approach across Commonwealth entities.36

1.69 In accordance with the Public Governance, Performance and Accountability Act 2013 and the Australian Public Service (APS) Code of Conduct, on 18 October 2019 the Australian Public Service Commissioner (the Commissioner) announced new guidance for reporting of gifts and benefits. The policy sets out a number of requirements for agency heads (including departmental secretaries)37 and provides guidance on areas of better practice.

1.70 The Commissioner stated that agency heads must:

  • not accept gifts and benefits which might reasonably be seen to compromise their integrity (paragraph 26);
  • create and keep a register of gifts and benefits accepted (paragraph 15);
  • update the register of all gifts and benefits accepted with a value of more than AUD$100.00 (excluding GST), within 28 days of receiving the gift or benefit (paragraph 16);
  • publish on their agency's website the register of gifts and benefits accepted where the value of the gift or benefit exceeds AUD$100.00 (excluding GST) on a quarterly basis (paragraph 17); and
  • publish the first register by 31 January 2020, the second register by 31 March 2020 and quarterly thereafter. (paragraphs 12 and 13).38

1.71 The ANAO has reviewed the implementation of the policy across entities included in this report.39 Table 1.1 below provides a snapshot of the recommendations that have been implemented.

Table 1.1: Implementation of public reporting of gifts and benefits received by agency heads

APSC Guidance Recommendations

Implemented

Not implemented

Establish a gifts and benefits register

24

0

Record all gifts and benefits received by the agency head over $100

23

1a

Publish all gifts and benefits received by agency heads valued at or more than $100 on the entity's website as at 31 January 2020.

20

4

Publish all gifts and benefits received by agency heads valued at or more than $100 on the entity's website as at 31 March 2020.

19

5

     

Note a: NBN Co as a Commonwealth company is strongly encouraged though not required to comply with the policy released by the Commissioner. NBN Co has not published a gifts and benefits register for the agency head and has set a minimum reporting threshold of $200.

Source: ANAO analysis.

1.72 As outlined in Table 1.1 four entities40 had not published any registers for their agency heads or equivalent by the 31 January 2020 deadline. As at 30 April 2020 the Australian Office of Financial Management and NBN Co had not published any gifts and benefits received by agency heads on their websites. The NBN Co as a corporate Commonwealth company is strongly encouraged, though not required to comply with the requirements issued by the Commissioner. The Department of Veterans' Affairs advised that it published the register on its website on 17 February 2020. The Future Fund Management Agency and the Board of Guardians has published a gifts and benefits register for the quarter ended 31 March 2020.

1.73 The ANAO has been advised that the Commissioner acknowledged in an email to portfolio secretaries on 20 March 2020, that reporting of gifts and benefits for the March 2020 quarter deadline may not be feasible given the COVID-19 pandemic. Publication was however encouraged and as indicated in Table 1.1 above, 19 entities had published this information by 30 April 2020.

1.74 To increase transparency and consistency across the Government and as a matter of best practice the Commissioner stated that:

  • Departmental Secretaries should circulate the guidance to all statutory office holders and heads of Commonwealth entities and companies within their portfolios;
  • Commonwealth statutory office holders and heads of Commonwealth entities and companies are strongly encouraged to adopt this guidance and mirror these arrangements; and
  • there is strong expectation that registers including gifts and benefits received by all staff valued over $100 are published on the entity's website.

1.75 The Departmental Secretaries for 1141 of the 14 portfolio departments confirmed they had circulated guidance to entities within their portfolio.

1.76 In line with best practice, 16 entities included gifts and benefits received by all staff in the register published on entity websites applying the $100 reporting threshold. The Departments of: Agriculture, Water and the Environment and Parliamentary Services publish gifts and benefits received by the agency head only. The Department of Foreign Affairs and Trade, the Department of Veterans' Affairs; and the Future Fund Management Agency and the Board of Guardians have extended the disclosures to include staff in key management positions. The Reserve Bank of Australia publishes gifts and benefits received by the Governor and Deputy Governor.

1.77 As noted in paragraph 1.72, the Australian Office of Financial Management and NBN Co have not published a gifts and benefits register on their websites, however, both entities maintain internal registers to record the gifts and benefits received by all staff. The Australian Office of Financial Management requires staff to report all gifts and benefits received and NBN Co requires staff to report gifts and benefits received over a threshold of $200.

1.78 An important element of a gifts and benefits policy is that it provides a process for monitoring and managing the gifts and benefits offered and/or accepted by officers within the entity. The maintenance of a register enables an assessment of the effectiveness of implementation of an entity's policies; the types and frequency of gifts and benefits received by an entity; and the identification of potential conflict of interest risks. Best practice would include the public disclosure of gifts and benefits received by all staff.

Safeguarding financial information from cyber threats

1.79 The Protective Security Policy Framework (PSPF) requires non-corporate Commonwealth entities to consider and implement the Australian Signal Directorate's (ASD) Essential Eight mitigation strategies (Essential Eight).42 The initial requirements were defined in 2013 and are now specified in PSPF Policy 10, "Safeguarding information from cyber threats" (Policy 10).43 The Essential Eight is considered the baseline for cyber resilience within the Australian Government and provides advice on measures that entities can implement to mitigate cyber threats.44

1.80 Policy 10 requires each entity to:

  1. implement the following Australian Signals Directorate (ASD) Strategies to Mitigate Cyber Security Incidents (Top Four):
    • application whitelisting45;
    • patching applications46;
    • restricting administrative privileges47; and
    • patching operating systems.43
  2. consider which of the remaining Top Four Strategies need to be implemented to protect the entity.48

1.81 The PSPF and Essential Eight have defined maturity levels to help entities determine the maturity of their implementation of Policy 10 and Essential Eight requirements, respectively. Policy 10 states entities must achieve the maturity level 'Managing', which is equivalent to the Essential Eight 'Maturity Level Three'. The PSPF requires non-corporate Commonwealth entities to annually assess and report their performance against the PSPF information security requirements.

1.82 Since 2013, the ANAO has conducted a series of performance audits focused on assessing the progress of implementation against Policy 10 requirements. These performance audits continued to identify low levels of compliance with mandatory Policy 10 requirements and concerns relating to the accuracy of annual self-assessments. There was no evidence that the regulatory framework had driven sufficient improvement in entities mitigating their cyber security risks since 2013.

1.83 The Australian Cyber Security Centre (ACSC) was provided funding through the 'Cyber Uplift' budget measure, to strengthen the cyber security of Australian Government networks through enhanced technical guidance, improved verification, and increased transparency and accountability. The Cyber Uplift included a 'sprint' program which was focused on assessing and baselining the maturity of 25 Commonwealth entities' implementation of the Essential Eight. The sprint program also resulted in ACSC identifying additional measures for entities to strengthen their cyber security posture as a result of the program.

1.84 In 2019–20, the ANAO performed a review of the Policy 10 annual self-assessment as part of its assurance audit program of financial statements. This review focused on the protection of information relevant to the preparation of financial statements, specifically the Financial Management Information System (FMIS) and Human Resource Management Information System (HRMIS). The review was performed on 18 of the 2049 government entities included in this report, which are required to report annually against the Policy 10 requirements.50 The review was undertaken to confirm the accuracy of reporting and identify cyber security risks that may impact on the preparation of financial statements. The review consisted of analysis of policy and procedural documentation, testing of mitigation strategies specific to the FMIS and HRMIS, results of sprint assessments and interviews with entity personnel. Similarly to previous performance audits of non-corporate Commonwealth entities, the ANAO found maturity levels for most entities were significantly below the Policy 10 requirements. Of the 18 entities assessed, only one was rated as achieving a Managing maturity level across all eight controls. This is illustrated in Figure 1.4 below.

Figure 1.4: Compliance with the PSPF Policy 10 Requirements

Figure 1.4 summarises compliance against the PSPF Policy 10 requirements by the 22 entities included in this report. Patching operating systems and applications, Macro Controls and Application Hardening are the mitigation strategies that have the greatest number of non-compliance.

Source: ANAO data.

1.85 The lowest levels of compliance were reported in the 'Application Hardening and Macro controls' and 'Multi-Factor Authentication' controls.

1.86 Achieving a Managing level for Application Hardening51 was viewed by entities to be difficult due to the number of applications in the entities' systems and the difficulty in identifying all applicable hardening controls. Entities have implementation plans focused on reducing the number of applications in their environments, with an aim to lowering their attack surface and minimising risk. Implementation of these plans is currently being actioned by the majority of entities, with most plans scheduled for completion by July 2020.

1.87 Restricting macros52 was reported to be difficult due to users relying heavily on macros to perform business activities. Entities differed in their maturity of addressing the associated risks, with some working with users to restrict macros in their environments and securely authorising business critical macros, while other entities accepted the risk of macros and relied on additional mitigations for protection.

1.88 For Multi-Factor Authentication53 to be assessed at the Managing maturity level, multi-factor authentication needed to be used to authenticate all users when accessing important data. Entities found the process of organising/distributing multi-factor authentication tokens for all users to be an onerous one, and most have accepted the risk and focused on achieving the Developing maturity level. Entities prioritised multi-factor controls for remote access and privileged users, rather than all users.

1.89 Most entities conducted their self-assessment at a system or environment level, and did not specifically assess the controls required to minimise cyber risks to their FMIS or HRMIS applications. The entities prioritised the protection of the environment which hosts the FMIS and HRMIS applications.

1.90 Four entities were found to be incorrect in their self-assessments. The entities attributed the inaccuracies in their assessments to their interpretation of the scope of the requirement and indicated that they found it challenging to determine whether they had met the intention of the mitigation strategies.

1.91 In a report to Parliament on April 201954, ACSC noted that "While all of the Commonwealth entities assessed through the Cyber Uplift sprints were found to be taking positive and proactive steps to improve their cyber security, the ACSC assessed that they had not yet achieved the recommended maturity level for the Essential Eight. As a result, these entities are vulnerable to current cyber threats targeting the Australian Government". This aligns with the observations of the ANAO, which identified significant progress was still required for entities to meet the required Policy 10 maturity level of Managing.

1.92 ANAO found that 76 per cent of controls were at an Ad-hoc or Developing maturity level. This is in line with ACSC findings, which noted '73 per cent of non-corporate Commonwealth entities reporting ad hoc or developing levels of maturity'.55 The majority of the entities reviewed are not meeting the required Policy 10 maturity level. The regulatory framework and self-assessments to date have not driven the achievement of the standard of cyber security required by Government policy.

1.93 The Policy 10 requirements, that non-corporate Commonwealth entities implement the Australian Signals Directorate (ASD) Mandatory Strategies to Mitigate Cyber Security Incidents (Top Four), have been in place since 2013. Entities' inability to meet these requirements indicates a weakness in implementing and maintaining strong security controls over time.

1.94 Previous audits of cyber security by the ANAO to assess the progress of implementation against Policy 10 requirements have not found an improvement in the level of compliance with the controls over time. The work undertaken as part of this review indicates that this pattern continues, with limited improvements.

1.95 The response to the COVID-19 pandemic has required the majority of entities to adapt IT systems to support remote working arrangements for their workforces. This change in business and control environment has brought additional security risk, with ACSC noting in its April 2020 Threat Report that 'Cybercrime actors are pivoting their online criminal methods to take advantage of the COVID-19 pandemic'.56 Threats noted by ACSC include COVID-19 themed phishing attacks57, exploitation of remote access weaknesses, as well as an increase in fraud based attacks.58

1.96 ACSC has released guidance on preparing for COVID-19 threats59, including reviewing business continuity plans and procedures, implementation of multi-factor authentication, hardening of systems60 and restriction of macros to reduce the impact of any phishing based attacks. Strong security controls introduced by entities would minimise the risks emerging due to COVID-19 and remote working practices.

1.97 While entities' compliance with Essential Eight remains low, there continues to be the risk of compromise to information relevant to the preparation of financial statements.

Interim audit results

1.98 Audit findings are raised in response to the identification of a potential business or financial risk posed to an entity. Often these risks arise from deficiencies within an entity's internal control processes or frameworks. Weaknesses in internal controls increase the possibility that a material misstatement of an entity's financial statements will not be prevented or detected in a timely manner. The ANAO rates audit findings according to the potential business or financial management risk posed to the entity. The rating scale is presented in Table 1.2.

Table 1.2: Findings rating scale

Rating

Description

Significant (A)

Issues that pose a significant business or financial management risk to the entity. These include issues that could result in a material misstatement of the entity's financial statements.

Moderate (B)

Issues that pose a moderate business or financial management risk to the entity. These may include prior year issues that have not been satisfactorily addressed.

Minor (C)

Issues that pose a low business or financial management risk to the entity. These may include accounting issues that, if not addressed, could pose a moderate risk in the future.

   

1.99 A summary of all significant, moderate and minor audit findings reported at the conclusion of the interim audit phase across the past four financial years is presented in Figure 1.5: below.

Figure 1.5: Trend in aggregate interim audit findings 2016–17 to 2019–20

Figure 1.5 shows the total number of audit findings reported to entities in this report, classified as significant, moderate or minor over the four financial years from 2016–17 to 2019–20.

Source: ANAO data.

1.100 The findings have been classified into broad categories as follows:

  • IT control environment;
  • compliance and quality assurance frameworks;
  • accounting and control of non-financial assets;
  • revenue, receivables and cash management processes;
  • human resources financial processes; and
  • purchases and payables management.

Table 1.3: Audit findings by category for the 2019–20 interim period

Category

Significant

Moderate

Minor

Main areas of weakness

IT control environment

4

32

  • security management, particularly management of user access and monitoring of privileged users.

Compliance and quality assurance frameworks

3

6

  • appropriate quality assurance frameworks supporting financial reporting; and
  • compliance frameworks for program payments.

Accounting and control of non-financial assets

1

3

  • processes supporting the valuation and impairment of assets; and
  • completeness and accuracy of fixed asset registers.

Revenue, receivables and cash management

1

  • timeliness and completeness of reconciliations; and
  • processes supporting completeness and accuracy of revenue reported.

Human resources financial processes

9

  • monitoring of controls over payroll processing and reporting; and
  • review processes supporting employee commencements and terminations.

Purchases and payables management

6

  • timeliness and completeness of reconciliations;
  • authorisation of expenditure; and
  • credit card acquittals.

Other audit findings

7

  • maintenance of appropriate documentation to support decision making; and
  • incomplete policies and procedures.

Total

8

64

72

         

Source: Compilation of ANAO interim audit findings.

1.101 In addition, to the findings reported in Table 1.3 one new legislative breach was reported during 2019–20. The legislative breach reported that the Department of Education, Skills and Employment made GST payments to non-government schools without the authority of the Australian Education Act 2013. For further details please refer to chapter 4, paragraphs 4.5.24–4.5.27.

Information Technology Control Environment

1.102 The review of information systems and related controls is an integral part of an entity's control environment. This section summarises the results from interim tests of the operating effectiveness of IT general controls for each of the entities included in this report. It should be noted that the majority of this testing was performed in the period September 2019 — February 2020, and does not reflect any changes in the risk and control environment arising from the impact of COVID-19. This will be addressed in the final testing of information systems controls scheduled to be performed in June and July 2020.

1.103 Figure 1.6 show the trends in interim audit findings related to entities' overall IT control environments from 2016–17 to 2019–20. At the time of this report, testing of the operating effectiveness of IT controls had not been completed for four entities61 and therefore those results are not reflected in this summary.

Figure 1.6: IT control environment interim audit findings 2016–17 to 2019–20

Figure 1.6 details the number of IT control environment findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data.

1.104 Findings related to entities' IT control environments represent 50 per cent of total findings identified during the 2019–20 interim period. IT control environment findings continue to represent the highest proportion of all findings. One new moderate finding was reported in 2019–20, which is a decrease of six from the previous year. Further detail regarding the new finding is detailed in chapter 4 for Services Australia. Three moderate findings were carried over from the previous year.62 While there has been a decline in the number of moderate findings reported this year, and in the number of findings overall, the need to focus on processes to monitor IT controls to prevent reoccurrence of issues continues to be of importance. This was a recommendation by the Joint Committee of Public Accounts and Audit (JCPAA).63

1.105 The information systems control environment findings reported at the conclusion of the 2019–20 interim audits for entities included in this report have been grouped as follows:

  • IT security;
  • IT change management; and
  • disaster recovery arrangements.
IT Security

1.106 IT security is concerned with protecting an entity's information assets from internal and external threats. It includes controls to prevent or detect unauthorised access to systems, programs and data. In the context of the financial statements audit, the focus is on the financially significant systems and data only.

1.107 The key controls areas that address risks relating to IT security and that are assessed as part of the interim audit are:

  • IT security governance;
  • general and privileged user access; and
  • monitoring and reporting.

1.108 Figure 1.7 illustrates the trends in findings observed in entities' IT security arrangements between 2016–17 and 2019–20.

Figure 1.7: IT security interim audit findings 2016–17 to 2019–20

Figure 1.7 details the number of IT security findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Note: The comparative numbers in this figure have been updated to include findings previously categorised as IT application controls which related to IT security.

Source: ANAO data.

1.109 The IT security findings represent 77 per cent of all IT related findings reported in 2019–20. Three moderate findings were reported in the current year (2018–19: six). Further details of the moderate findings are detailed in chapter 4.64 Findings related to:

  • logging and monitoring of privileged user activity;
  • user access management, including approving new user access and performing regular user access reviews;
  • removal of user access when it is no longer required;
  • password configuration; and
  • the overall governance and assurance framework to support the above activities.

1.110 Users with administrative access privileges, commonly referred to as privileged users, are able to make significant changes to IT systems' configuration and operation, bypass critical security settings and access sensitive information. As part of reviewing IT security arrangements, different groups of privileged users were examined, including:

  • application administrators, sometimes referred to as super users;
  • database administrators;
  • system administrators; and
  • network or domain administrators.

1.111 To reduce the risks associated with this access, the Australian Government Information Security Manual (ISM) recommends that privileged user access be appropriately restricted and when provided, that the access is logged, regularly reviewed and monitored. Two moderate65 and seven minor findings relate to entities that have not implemented adequate logging and monitoring procedures over privileged user accounts. The risk of inappropriate changes to financially significant systems and data arising from these findings is partially mitigated through alternate controls.

1.112 All users with access to financial systems may have the ability to change financial information, and therefore access should only be granted where it is required for the performance of the role; and should be reviewed whenever the role changes. One moderate and three minor findings in paragraph 1.111 also identified issues with user access management, and there were a further six minor findings in this area.

1.113 Entities must remove or suspend user access on the same day a user no longer has a legitimate business requirement for its use.66 Terminating a user account when the user no longer has a requirement to access it, such as upon departure from an entity, can prevent unauthorised use. Two minor findings in paragraph 1.111 and one minor finding in user access management also related to issues where access was not removed on a timely basis, and there were a further nine minor findings in this area.

1.114 Two minor findings relate to inadequate password controls increasing the likelihood of unauthorised access to systems and data. The ISM provides guidance on the password requirements for Australian Government systems.

1.115 One moderate and one minor finding relates to the governance and monitoring processes that support the overall information security framework. For further details on the moderate finding, refer to the detailed results in chapter 4 for Services Australia.

1.116 The findings within this category increase the risk of unauthorised changes being made to systems and data, or unauthorised data leakage. Entities should review their management of these areas in light of the recommendations of the ISM and the risks to their operational environment.

IT change management

1.117 IT change management provides a disciplined approach to making changes to the IT environment. It includes controls to prevent unauthorised changes being introduced, and to reduce the likelihood that normal business operations are interrupted with the implementation of authorised changes.

1.118 Figure 1.8 illustrates the trends in findings identified in entities' IT change management controls between 2016–17 and 2019–20.

Figure 1.8: IT change management interim audit findings 2016–17 to 2019–20

Figure 1.8 details the number of IT change management findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data.

1.119 Changes to entities' IT environments were managed using standardised processes, usually based on the ITIL Framework.67 One moderate68 and six minor findings were identified in this area. Two of the minor findings related to data migration performed as part of implementing a change. The remaining findings related to weaknesses in the operation of the change management processes and a lack of segregation between the developer and migrator of a change. Two minor findings also included issues related to IT security.

1.120 While low when compared to IT security, the number of findings in this area has increased over the last three years. One third of the entities included in this report have advised that they are undertaking new systems implementations and/or data migration activities in 2019–20. Weaknesses in change management elevate the risk of unauthorised or untested changes to systems during these activities, and may affect the availability or reliability of the overall IT environment. Entities should monitor the operating effectiveness of their IT control environments to mitigate risks.

Disaster recovery arrangements

1.121 Disaster recovery is concerned with the resumption of the IT environment including systems and data. It relies on:

  • effective back-up and recovery arrangements, to allow data to be recovered from current versions of key IT systems; and
  • disaster recovery planning, including the development, maintenance and testing of a disaster recovery plan to enable IT systems to be recovered in line with defined business requirements.

1.122 The ANAO assesses entities' disaster recovery arrangements in view of the potential for a disruptive event to impact on financial reporting. Figure 1.9 illustrates the trend for findings identified in entities' disaster recover arrangements between 2016–17 and 2019–20.

Figure 1.9: Disaster recovery interim audit findings 2016–17 to 2019–20

Figure 1.9 details the number of IT disaster recovery findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data

1.123 All entities undertook regular backups of financially significant data and had disaster recovery plans in place. Three entities received minor audit findings relating to not undertaking testing of their disaster recovery plans; two of these have remained unresolved since 2017–18. Lack of regular testing increases the risk that in the event of a significant disruption, systems and data will not be able to be recovered within an acceptable timeframe.

1.124 Overall, the majority of IT controls continued to be effective in most entities included in this report during 2019–20. Consistent with observations in previous years, IT Security, particularly with regard to management of user access, continues to be an area requiring improvement to address the risk of inappropriate access to systems and data.

1.125 As noted in paragraph 1.95, the introduction of remote working for large parts of the public sector workforce in response to COVID-19 measures has resulted in a change to the IT risk and control environment. This change occurred after the work that underpins this assessment was completed, and it increases the importance of strong IT security and business continuity controls. In addition, IT–dependent manual controls may need to operate differently in a remote working environment. The continued effectiveness of all of these controls to address identified risks in the changed environment will be a focus of ANAO testing at the end of the financial year.

Compliance and quality assurance frameworks

1.126 Entities place reliance on internal and external systems, parties and information in decision-making processes. The implementation of effective compliance and quality frameworks and processes, provides assurance over the completeness and accuracy of information and is integral to the preparation of financial statements that are free from material misstatement.

Figure 1.10: Compliance and quality assurance framework interim findings 2016–17 to 2019–20

Figure 1.10 details the number of compliance and quality assurance framework findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data.

1.127 As per Figure 1.10 there are three moderate audit findings at the conclusion of the 2019–20 interim audit related to weaknesses in quality assurance processes designed to mitigate key financial or business risks or risk management practices relating to loan facilities.69 The moderate finding reported to the Department of Home Affairs, relating to Visa and Citizenship quality management, was reported as a significant finding at the completion of the 2018–19 financial statements audit. The moderate finding, relating to the NDIA: Streamlined Access to Scheme — Defined Programs, was first reported in 2016–17 and remains unresolved.

1.128 The number of minor audit findings reported in 2019–20 has decreased compared with prior years. There remains a need for entities to focus attention on:

  • maintaining effective governance over third party or joint service delivery arrangements;
  • implementing quality assurance processes over data integrity;
  • developing and implementing risk management frameworks that support the effective management of risk in the delivery of programs; and
  • implementing effective quality assurance processes over key financial statements inputs particularly those subject to professional judgement and uncertainty.

Accounting and control of non-financial assets

1.129 Entities control a diverse range of non-financial assets on behalf of the Commonwealth, including land and buildings, specialist military equipment, leasehold improvements, infrastructure, plant and equipment, inventories and internally-developed software.

Figure 1.11: Accounting and control of non-financial assets interim audit findings 2016–17 to 2019–20

Figure 1.11 details the number of accounting and control of non-financial assets audit findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data.

1.130 A significant finding which was first reported to the Department of Defence during the 2017–18 final audit phase has been downgraded to a moderate finding at the conclusion of the interim audit 2019–20.70 The finding relates to the Department of Defence's management and monitoring of specialist military equipment and inventory balances.

1.131 The three minor audit findings were raised as part of the 2018–19 final audit and relate to control weaknesses in asset capitalisation processes, management of inventory and timely approval and recording of asset disposals.

Revenue, receivables and cash management

1.132 Revenue and receivables consists of Parliamentary appropriations, taxation revenue, customs and excise duties and administered levies. Revenue is also generated by entities from the sale of goods and services and a range of other sources. Cash management involves the collection and receipt of public monies and the management of official bank accounts.

Figure 1.12: Revenue, receivables and cash management interim audit findings 2016–17 to 2019–20

Figure 1.12 details the number of revenue, receivables and cash management audit findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data.

1.133 Since 2017–18, no significant or moderate audit findings have been identified that relate to revenue, receivables and cash management. The minor audit finding reported in 2019–20 related to weaknesses in the timely and accurate completion of bank reconciliations.

Human resources financial processes

1.134 Human resources encompass the day-to-day management and administration of employee entitlements and payroll functions. Employee benefits expenditure represents a significant departmental expenditure item for most entities. Employee entitlement liabilities involve estimates and judgements in inputs. It is important for entities to establish robust controls in these areas to support complete and accurate payment and recording of transactions.

Figure 1.13: Human resources financial processes interim audit findings 2016–17 to 2019–20

Figure 1.13 details the number of Human resources financial process audit findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant moderate or minor.

Source: ANAO data.

1.135 Since 2017–18 there have been no significant or moderate audit findings relating to human resource processes. The increase in minor audit findings in 2019–20 related to weaknesses identified regarding commencements and terminations of employees and the monitoring of controls over payroll processing and reporting. The increase in findings has prompted the ANAO to undertake targeted assurance activities over the management of staff leave. The preliminary results are included in chapter 3. The entities selected were the Departments of: the Prime Minister and Cabinet; the Treasury and Home Affairs.

Purchases and payables management

1.136 Purchases and payables management covers controls and processes that provide management assurance that payments processed by the entity are complete and accurate. This may include the implementation of appropriate systems of approval or controls designed to ensure that payments processed through the financial management information system are appropriate.

Figure 1.14: Purchases and payables management interim audit findings 2016–17 to 2019–20

Figure 1.14 details the number of purchases and payables management audit findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant moderate or minor.

Source: ANAO data.

1.137 The minor audit findings relate to weaknesses in reconciliation processes, incorrect delegate approval of payments and the timely acquittal of credit cards. Reconciliation processes are designed to confirm the completeness and accuracy of payments initiated in business systems and processed through financial management information systems. Two of the minor findings were first raised in the 2018–19 final audit phase, the remainder are new findings in 2019–20.

Other audit findings

1.138 Other audit findings typically include items relating to the: management and implementation of service level agreements or memoranda of understanding; updating or maintaining key governance documentation; and presentation and disclosure in the financial statements.

Figure 1.15: Other interim audit findings 2016–17 to 2019–20

Figure 1.15 details the number of other audit findings over the four financial years from 2016–17 to 2019–20. These are presented by category significant, moderate or minor.

Source: ANAO data.

1.139 The NDIA moderate finding was first reported in 2016–17 and was resolved during the final audit phase of 2018–19.71 The weaknesses resulting in the minor findings in this category related to the:

  • segregation of duties between processing and approving of manual journals;
  • weaknesses related to the exercise of delegations;
  • classification of expenditure and the completeness of reconciliations between systems;
  • completeness and accuracy of the calculation of long term provisions; and
  • fraud risk assessments and reporting of fraud to those charged with governance.

2. Reporting and auditing frameworks

Chapter coverage

This chapter outlines recent and future changes to the public sector reporting framework and the Australian auditing framework relating to the auditor’s report on financial statements.

Summary of developments

Major changes in accounting standards are applicable in 2019–20 with the implementation of revised standards for revenue and leases.

Introduction

2.1 The Australian Government’s financial reporting framework is based largely on standards by the Australian Accounting Standards Board (AASB). The framework is designed to support decision-making by, and accountability to, the Parliament.

2.2 The AASB bases its accounting standards on the International Financial Reporting Standards (IFRS) issued by the International Accounting Standards Board. As IFRS are designed primarily for use by private sector and for-profit organisations, the AASB amends the IFRS to reflect significant transactions and events that are particularly prevalent in the public sector and not-for-profit private sector. In doing so, it takes into account standards issued by the International Public Sector Accounting Standards Board.

2.3 The Finance Minister prescribes additional financial reporting requirements for Commonwealth entities. These are contained in the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015 (the FRR). The FRR is made under the Public Governance, Performance and Accountability Act 2013 (the PGPA Act).

2.4 The audits of the financial statements of Australian Government entities are conducted in accordance with the ANAO Auditing Standards, which are made by the Auditor-General under section 24 of the Auditor-General Act 1997. The ANAO Auditing Standards incorporate, by reference, the auditing standards made by the Australian Auditing and Assurance Standards Board (AUASB). The Australian Auditing and Assurance Standards Board bases its standards on those made by the International Auditing and Assurance Standards Board, an independent standard setting board of the International Federation of Accountants.

2.5 The financial reporting and auditing frameworks that applied in 2019–20 are illustrated in Appendix 2 and Appendix 3 of this report.

Changes to the Australian public sector reporting framework

Changes in the financial framework

COVID-19

2.6 Commonwealth entities will need to consider the impact of COVID-19 on their 2019–20 financial statements. In particular, AASB 101 Presentation of Financial Statements requires preparers to disclose judgements made in applying the entity’s accounting policies that are likely to have a significant effect on amounts recognised in financial statements. AASB 101 also requires preparers to disclose sources of estimation uncertainty with a significant risk of resulting in a material change in asset and liability values in the next financial year.

2.7 As a consequence of the COVID-19 pandemic, new transactions and events may have occurred and the information, systems, processes and controls on which the ANAO’s initial risk assessment was determined may have changed requiring the entity and the ANAO to reassess the risks of possible material misstatement in the financial statements. The ANAO will evaluate any impact, revise its risk assessments and modify planned audit procedures accordingly.72

2.8 Commonwealth entities seeking to minimise the impact of COVID-19 on their financial statement preparation and audit may want to consider the following:

  • make an early assessment as to the initial and ongoing impact of COVID-19 on key balances, financial statement preparation and ongoing operating activities of the entity, and engage with their auditor on identifying key risks;
  • monitor and implement advice from the Department of Finance, standard setters and peak bodies; and
  • consider alternative approaches for gaining assurance over material balances where critical controls are no longer possible, for example, physical stocktakes.

2.9 The Finance Minister has agreed that where Commonwealth entities and companies are significantly impacted by COVID-19 and the accountable authority or directors consider that it is not reasonably possible to provide the annual report to the responsible Minister by the PGPA Act deadline, the accountable authority or directors may seek an extension from the responsible Minister. The process for seeking an extension is set out under section 34C of the Acts Interpretation Act 1901. Finance proposes to issue guidance material to support those entities and companies that pursue an extension to the annual report deadline. Entities and companies who are not significantly impacted by COVID-19, or who have the capacity to meet existing annual report deadlines, are expected to adhere to current requirements.

Performance framework

2.10 The PGPA Act provides the basis for the Commonwealth performance framework. Commonwealth entities are required to publish planned financial and non-financial performance information with the aim of providing more transparent and meaningful information to the Parliament and the public.

2.11 The PGPA review recommended the Finance Minister, in consultation with the Joint Committee of Public Accounts and Audit (JCPAA), should request that the Auditor-General pilot assurance audits of annual performance statements to trial an appropriate methodology for these audits.

2.12 On 21 August 2019, the Minister for Finance requested that the Auditor-General conduct a program of pilot assurance audits of annual performance statements of Commonwealth entities subject to the PGPA Act, in consultation with the JCPAA. The Auditor-General responded on 14 November 2019, agreeing to the request and proposing to conduct pilot assurance audits of the 2019–20 performance statements of three entities.73 Since 2016–17, the ANAO has completed three performance audits covering elements of 10 individual entity performance statements.74

Changes to accounting standards

2.13 Public sector entities will need to prepare for a number of new standards for 2019–20. These new standards represent major revisions to existing standards for revenue and leases. The effort and time required to transition to these new standards should not be underestimated with preparers required to write new or revise existing accounting policies, and undertake a review of all the underlying contracts and in some instances consider amending contracts.

Revenue

2.14 The new revenue standard AASB 15 Revenue from Contracts with Customers (AASB 15) is effective for financial years commencing on or after 1 January 2019 for not-for-profit entities, meaning it will impact most Commonwealth entities in the 2019–20 financial year.75 AASB 15 applies to all exchange transactions and provides a consistent approach to revenue recognition. The principle underpinning AASB 15 is that revenue is earned when the customer receives the goods or services that have been promised under the contract. AASB 15 will impact entities where:

  • funding is given to provide goods or services to a third party — the entity will recognise revenue when the goods or services are provided to the third party. Under standards currently in force, revenue is recognised when the money is received from the funding provider;
  • funding agreements do not identify specific goods or services to be delivered over the term of the contract. Entities will recognise revenue up front unless contract completion is a deliverable; and
  • both revenue and the related expense are deferred until the goods or services are delivered, entities with significant non-appropriation revenue are likely to see an impact on their balance sheet and operating result, particularly for long term projects with a significant delay between establishment and initial delivery.

2.15 The Department of Finance has updated the FRR and Resource Management Guide 125 Commonwealth Entities Financial Statements Guide (RMG 125)76, which outlines the Commonwealth’s position on options for the implementation of AASB 1058 Income of Not-for-Profit Entities (AASB 1058), in conjunction with AASB 15. This includes the position that entities are required to adopt a modified retrospective application on transition. As a consequence, AASB 15 is to be applied to all new and uncompleted contracts from the date of initial application and comparative information for the preceding periods is not required to be restated.

Leases

2.16 The revised leasing standard, AASB 16 Leases (AASB 16), is effective for financial years commencing on or after 1 January 2019; this means it will impact entities in the 2019–20 financial year. AASB 16 significantly increases the recognition and disclosure of leases by lessees with the majority of leases currently treated as operating leases recognised on the balance sheet. The net impact on the balance sheet is expected to be limited as the right-of-use asset and liability for future lease payments will be largely offsetting as the value of the right-of-use asset is based on the net present value of the future lease payments. In terms of profit or loss impact, rather than the current annual rent expense over the term of the lease, two expenses will be recognised: interest on the lease liability; and amortisation of the right-of-use asset. The effect of AASB 16 is to ‘front-load’ the recognition of expense, rather than recognising it on a straight-line basis.

2.17 The adoption of AASB 16 is expected to be a time consuming task for those entities with significant numbers of operating leases. Entities will need to review all lease agreements to identify the individual right-of-use assets, unbundle any service arrangements and identify where the lease payments are significantly below market value. Lessees will also need to consider that AASB 16 requires entities to include known contingent rents on initial measurement of the asset and liability and subsequently remeasure the lease asset and liability as subsequent contingent rent events become known.

2.18 The Department of Finance has updated the FRR, RMG 125 and Resource Management Guide 110 — AASB 16 Leases Implementation (RMG 110)77 which outlines the Commonwealth position on the options available for the implementation of AASB 16. This includes mandating the election to not reassess previous lease contracts under the new standard and the modified transition model under which the cumulative effect of application of the new standard is recognised in opening retained earnings.

3. Management of staff leave

Chapter coverage

This chapter outlines the arrangements for three entities in managing staff leave and compliance with their leave policies and procedures.

The chapter details:

  • practices adopted by the three entities to identify and incorporate within employee frameworks, the leave requirements and conditions established within legislation, awards, and workplace agreements and determinations;
  • monitoring and reporting controls that have been established by the three entities regarding compliance with related conditions; and
  • procedures being performed by the ANAO regarding the completeness and accuracy of leave transactions reported by the entities, including initial results.
Conclusion

The increase in findings relating to human resource management and administration across Australian Government entities during the period from 2015–16 to 2018–19, and the significance of these as a proportion of all financial statements audit findings has prompted the ANAO to undertake targeted assurance activities over the management of staff leave in three entities.

The analysis performed to date has identified weaknesses in processes relating to staff leave and associated monitoring controls. In particular, improvements can be made in the timeliness of submission and approval of leave requests and application of requirements including minimum and maximum entitlements.

The ANAO will continue to progress the assessment of the above criteria and will report the results of this in the Auditor-General report Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2020 and a separate report to Parliament.

Introduction

3.1 Human resource financial processes encompass the day-to-day management and administration of employee benefits inclusive of payroll and other entitlements, such as leave.

3.2 Employee benefits (including wages and salaries, superannuation, leave, separation and redundancies) represent the most significant departmental expenditure for most Commonwealth entities, and the inputs and estimates that contribute to the measurement of the associated liability are subject to management judgement. In 2018–19, leave and other entitlements represented $3.9 billion (7.5 per cent) of Australian Government employee benefits expenses ($52.2 billion) and $10.1 billion (2.2 per cent) of Australian Government employee benefits liabilities ($444.1 billion).

3.3 Employee benefit transactions are high volume and involve both automated and manual processing. As a result, any control weaknesses can result in systematic errors increasing the risk of material misstatement.

Previous financial audit findings for human resource financial processes

3.4 During the period from 2015–16 to 2018–19, the open audit findings relating to human resource financial processes reported by the ANAO increased from 2 moderate and 20 minor audit findings in 2015–16 to 3 moderate and 26 minor audit findings in 2018–19.78

3.5 The analysis of open findings by category of financial process at the completion of the ANAO’s 2018–19 audits, shows the human resource financial process was the third highest category for moderate findings and the second highest category for minor findings.

3.6 The findings relating to human resource financial processes and significance of these as a proportion of all financial statements audit findings, has prompted the ANAO to undertake some targeted assurance activities over a significant component — the management of staff leave. The selection of the leave component of employee benefits was due to the relative complexities in the management of this compared to payroll.

Selected entities

3.7 Three financial statements audits were selected for further assessment of compliance of the management of leave accruals and balances with human resource policies and requirements. This will further inform the ANAO’s assurance activities for future audits as it relates to completeness and accuracy of leave accruals and adjustments. The entities selected were the Departments of: Home Affairs; the Prime Minister and Cabinet; and the Treasury.

3.8 Leave and other entitlements represented the following amounts and proportions for the three entities:

  • Department of Home Affairs: $288.7 million expense or 8.8 per cent of departmental total expenses and $470.5 million liability or 51.4 per cent of departmental total liabilities.
  • Department of the Prime Minister and Cabinet: $33.6 million expense or 7.4 per cent of departmental total expenses and $86.2 million liability or 57.9 per cent of departmental total liabilities.
  • Department of the Treasury: $18.6 million expense or 8.8 per cent of departmental total expenses and $53.5 million liability or 77.5 per cent of departmental total liabilities.

3.9 Through this work, the ANAO will assess whether:

  • established framework and policy documents are clearly articulated and consistent with laws, regulations and agreed conditions;
  • the entity has implemented appropriate monitoring controls over the management of staff leave with results reported to appropriate levels of management; and
  • the completeness and accuracy of leave accruals and adjustments are adequately supported.

3.10 The ANAO has utilised its data analytics capability in undertaking this financial statements work.

Frameworks, legislation and policies

3.11 Employees in Australia have entitlements and protection at work under79:

  • fair work laws that establish minimum entitlements for all employees and includes the National Employment Standards;
  • awards that establish minimum pay and conditions for an industry or occupation and cover most employees in Australia;
  • enterprise agreements that establish minimum pay and conditions for a particular workplace and are negotiated and approved through formal process; and
  • employment contracts that provide additional conditions for an individual but cannot reduce or remove minimum entitlements.

3.12 If the bargaining representatives for a proposed enterprise agreement cannot agree, in special cases and after specific requirements are met, the Fair Work Act 2009 allows for a Full Bench of the Fair Work Commission to determine terms and conditions of employment. If the Commission makes such a determination, it is called a workplace determination.80

3.13 Key legislation that establish employee conditions for Australian Public Service employees include:

  • Fair Work Act 2009;
  • Maternity Leave (Commonwealth Employees) Act 1973;
  • Paid Parental Leave Act 2010;
  • Long Service Leave (Commonwealth Employees) Act 1976;
  • Remuneration Tribunal Act 1973;
  • Safety, Rehabilitation and Compensation Act 1988;
  • Public Service Act 1999; and
  • Parliamentary Service Act 1999.

3.14 The financial reporting of employee entitlements in Australian Government entities is established by the:

  • Australian Accounting Standards;
  • Public Governance, Performance and Accountability (Financial Reporting) Rule 2015; and
  • Commonwealth entities financial statements guide — 2019-20 (Resource Management Guide 125).

3.15 The complexity of authority that establishes employee entitlements is best managed by a structured approach that identifies and addresses requirements specific to an entity and its employees. In assessing whether established framework and policies are clearly articulated and consistent with laws, regulations and agreed conditions, the ANAO has considered:

  • practices adopted by entities to identify various requirements and conditions; and
  • employment frameworks established to address requirements and conditions.
Practices adopted by entities to identify various requirements and conditions

3.16 While analysis of the practices adopted by the three entities recognised varying approaches, each was found to be effective in identifying the requirements and conditions for employees. The practices adopted by each entity are detailed below.

Department of Home Affairs

3.17 The Department of Home Affairs has established a Policy and Procedural Control Register that includes all underpinning legislation and requirements, including specific requirements relating to staff leave.

Department of the Prime Minister and Cabinet

3.18 The Department of the Prime Minister and Cabinet has established a Leave Policy to complement the enterprise agreement. Contained within this policy is the identification of the purpose, authority and eligibility for leave including all legislative requirements.

Department of the Treasury

3.19 The Department of the Treasury has developed a Legislative Compliance Policy and Framework to establish arrangements to monitor and record compliance with legislative obligations. This includes the identification of key legislation that relates to leave. Separate leave guidelines provide further detail of specific leave requirements and conditions. This Framework was endorsed by the department’s Executive Committee in 2019.

Employment frameworks established to address requirements and conditions

3.20 Similar to the practices adopted to identify requirements and conditions, the three entities varied in their approach to establishing employment frameworks.

Department of Home Affairs

3.21 In addition to the inclusion of underpinning legislation, the Department of Home Affairs’ Policy and Procedural Control Register provides all leave related policy and procedural instructions, and forms part of the department’s Policy and Procedural Controls Framework. The ANAO has identified that the leave policy has not been updated to include current leave information or the requirements and conditions under the 8 February 2019 Department of Home Affairs Workplace Determination 2019.

3.22 The Department of Home Affairs also has:

  • a Payroll Controls Framework which is accessed through a ‘collaboration space’. This collaboration space provides payroll officers a centralised management system for the development, maintenance and delivery of the procedural and controls framework used to deliver the payroll services function within the department. The department has not yet designed and mapped leave related controls embedded in the Payroll Controls Framework; and
  • a central human resource intranet site ‘MyHR’ as a source of human resource related information for employees. MyHR includes: the Department of Home Affairs Workplace Determination 2019; procedural instructions; policies; and fact sheets.

3.23 Fact sheets and procedural instructions that have been established include those relating to the workplace determination for leave, personal leave and employment change conditions.

Department of the Prime Minister and Cabinet

3.24 In addition to establishing the purpose, authority and eligibility for leave, the Department of the Prime Minister and Cabinet’s Leave Policy also outlines: accrual and use; approval processes; cancellation processes; evidentiary requirements; role of IT systems; and other information specific to particular leave types.

3.25 The Leave Policy is supported by a range of Frequently Asked Questions pages on the department’s intranet website. These include questions relating to:

  • annual leave;
  • compassionate leave;
  • cultural and ceremonial leave;
  • community service leave;
  • defence reserve leave;
  • long service leave;
  • maternity leave;
  • remote leave fares; and
  • war service personal leave.

The department has also established a Standard Operating Procedures — Leave document that defines procedures that are to be applied in processing long service and maternity leave.

Department of the Treasury

3.26 In addition to listing key legislation, the Department of the Treasury’s Legislative Compliance Policy and Framework identifies the following: compliance owners; related policy, procedures and delegations; education and awareness initiatives; assurance activities to evidence compliance; responses to non-compliance; and first line control owners.

3.27 Together with the Remuneration Guideline, a Leave Guideline has been established to provide supplementary information for each category of leave and appropriate key references for non-Senior Executive Staff (SES). SES employee conditions are reflected in individual SES determinations. The Leave Guidance, revised in September 2019, includes information for: guidance; accrual and use; evidence requirements; interaction between leave types; impact on leave entitlements through the use of leave and particular circumstances; and other information specific to particular leave types.

3.28 The Leave Guideline is supported by other key references including:

  • Human Resource Delegations;
  • Flextime and Overtime Guidelines;
  • Time Off In Lieu Guidelines;
  • Parental Leave Guidelines; and
  • Studies Assistance Guidelines.

Monitoring controls and reporting in the management of staff leave

3.29 The establishment of effective monitoring controls and reporting is particularly important in the management of staff leave due to the significance, number and complexity of requirements, conditions and related policy. Establishment of such controls facilitates the validation of rates of compliance and targeted response for non-compliance.

3.30 Monitoring controls that are consistent across the three entities include:

  • the use of a human resource management information system (HRMIS) to record, accrue and monitor leave. The use of the HRMIS facilitates significant reliance on IT dependent controls. Automated controls apply established pre-conditions and all leave transactions require manager approval;
  • localised management of staff, leave and attendance; and
  • HRMIS functionality supports the production of reports to manage staff leave.

3.31 Paragraphs 3.32 to 3.39 detail additional entity specific monitoring controls and reporting.

Department of Home Affairs

3.32 The Department of Home Affairs has developed an Executive Dashboard report as the primary mechanism for informing compliance with leave policy and procedures. This report facilitates the running of human resource related reports by governance bodies and Executive Level 2 officers and above, and includes functionality that enables data filtering for line areas and officers. Results and trends of key metrics within the report include: annual and long service leave; personal and miscellaneous (unscheduled) absences; and staff counts of those on leave, returning from leave and with excessive annual leave balances. The underlying data is automatically updated on a daily and monthly basis.

3.33 The department’s monitoring of the use of the Executive Dashboard report is limited to identifying the number of officers at each level that have used this tool since its implementation. This information was reported to the People and Integrity Steering Committee in February and August 2019. The absence of monitoring and formal reporting of the frequency of individual usage inhibits the ability to assess stakeholder satisfaction with the information provided.

3.34 Key employee leave metrics, including significant leave balances and personal and miscellaneous absences, are presented to the Enterprise Business Committee (formerly Enterprise Operations Committee).

3.35 Specific issues regarding staff leave (including significant leave balances and unscheduled absences) are reported to the People and Integrity Steering Committee as considered appropriate by the First Assistant Secretary of the People Division. There were three instances reported in the period 1 July 2018 to 31 December 2019.

Department of the Prime Minister and Cabinet

3.36 The Department of the Prime Minister and Cabinet has established a toolkit entitled Attendance Management - Manager’s Guide. This toolkit has been developed to assist managers in the management of attendance and unscheduled leave.

3.37 The department has also developed an Operational HR Dashboard that enables all SES managers to view a range of staff statistics for their areas, including information on significant annual leave and flex balances, unscheduled absences and leave requests pending approval.

3.38 The Executive Board is provided with information on compliance with leave policies during periods when monitoring is seen as more critical and when ‘hot topics’ are identified by the Chief Operating Officer. There is no regular reporting of key leave management metrics to the Executive Board.

Department of the Treasury

3.39 The Department of the Treasury has adopted a risk-based approach to its implementation of monitoring controls. This includes:

  • complementing controls contained within the HRMIS with guidelines for managers to fulfil their responsibilities in the management of staff leave;
  • approval of particular leave by the human resources section (for example, personal leave) and second review of compliance with guidelines by this section for particular types of types of leave; and
  • the establishment of a People Dashboard, that assists in the identification of human resource management issues and is provided to the Deputy Secretary, Corporate and Foreign Investment Group by the People, Organisational Strategy and Parliamentary Division. The Division Head, People, Organisational Strategy and Parliamentary has distributed the Dashboard to the Executive Board on a monthly basis and extended this to Division Heads and Chief Advisers from March 2020. Further circulation of the Dashboard, including parts thereof, to others is determined by the Deputy Secretary.

Completeness and accuracy of leave accruals and adjustments

3.40 The ANAO’s audit procedures in each of the three entities in respect of the completeness and accuracy of leave accruals and adjustments are in progress. Analysis to date has identified instances of potential non-compliance in the following areas:

  • timeliness of submission and approval of leave requests. All entities reviewed have a policy that requires certain leave types (including annual, long service, purchased, study, time off in lieu, maternity and parental leave) to be approved in advance of leave commencing and for this be recorded on the HRMIS. Each entity has envisaged there may be occasions where this is not practical including through injury, illness and emergency. For the purpose of the following analysis, the ANAO has determined approval was obtained in advance of leave commencing where approval was obtained by the end of the previous day. The ANAO has identified the following proportions of those leave types where the HRMIS did not evidence approval in advance of that leave commencing: Department of Home Affairs 30 per cent; Department of the Prime Minister and Cabinet 24 per cent; and Department of the Treasury 18 per cent;
  • minimum and maximum days of leave that can be taken for specific leave types including long service, maternity and parental leave;
  • long service leave being broken by other types of leave or non-business days; and
  • accrual of flexible leave (commonly referred to as “flex”) entitlements in excess of maximum allowable credit or debit thresholds, as set by entity policy.

3.41 The ANAO’s analysis has also identified a correlation between the proportions of unscheduled leave (including sick, carer and bereavement leave in addition to other types such as annual, long service, purchased, time off in lieu, maternity, parental and study) and employee levels — the proportion decreases with advancement of employee level.

3.42 The configuration of the Department of Home Affairs’ HRMIS, and the absence of standardised and formal reporting on timeliness of leave submission and approval, has resulted in the ANAO being unable to obtain detailed submission and approval data that reconciles to information used for financial reporting at the time of performing the analysis. For the purpose of determining timeliness of leave approvals, the ANAO has used a system field that identifies the date a leave request or approval was last actioned for comparison against the commencement of leave. To enhance precision of the analysis, the ANAO substituted the last action date with the approval date where the approval date could be established and directly matched to the information used for financial reporting purposes. The ANAO was able to directly match 65.9 per cent of instances and substitute the approval date, with the last action date being applied to the residual 34.1 per cent of transactions. The Department of Home Affairs has advised that the most significant reasons that the last action date may be later than the original date that the leave was approved include:

  • changes to leave transactions associated with the 8 February 2019 workplace determination;
  • retrospective changes to leave dates subsequent to the initial approval. For example, this could relate to a substitution of annual leave for sick leave;
  • system configuration updates including changes in the application of leave without pay policies;
  • movement of staff; and
  • changes in roster patterns originally entered, particularly for the Marine Unit.

3.43 The policies of the three entities provide a clear requirement that leave is submitted and approved before the commencement of leave for the following types of leave: annual; long service leave; purchased; maternity; parental; time off in lieu; and study. The following paragraphs and figures represent analysis of instances where this has not occurred.

3.44 Figure 3.1 provides the proportions of approval before and after the commencement of leave where pre-approval is required, for the period 1 July 2018 to 31 December 2019. The Department of the Treasury had the highest level of demonstrated compliance with 82 per cent, followed by the Department of the Prime Minister and Cabinet (76 per cent) and the Department of Home Affairs (70 per cent).

Figure 3.1: Proportion of leave requiring pre-approval approved in advance of leave commencing

Figure 3.1 outlines the proportion of leave requiring pre-approval that was approved in advance of leave commencing for the three entities selected. The proportions were: Department of Home Affairs 70%; Department of the Prime Minister and Cabinet 76%; and the Treasury 82%.

3.45 Figure 3.2 identifies the 1 July 2018 to 31 December 2019 distribution of delays between the commencement of leave and approval or last action for leave types where pre-approval is generally required for the Department of Home Affairs. The size of the Department of Home Affairs’ workforce (13,769 employees held an annual leave balance as at 30 June 2019) is evident in the concentration of identified instances in this figure. This figure demonstrated the prevalence of substantial delays in timeliness of the approval and finalisation of leave transactions across all leave types. This is particularly evident for annual leave, where a considerable number of instances were identified for each 30 day interval up to 240 days after the leave commenced.

Figure 3.2: Department of Home Affairs’ distribution of approval or last action date of leave transactions that were subsequent to the commencement of leave

Figure 3.2 outlines the Department of Home Affairs’ distribution of approval or last action date of leave transactions that were subsequent to the commencement of leave for the following leave types where pre-approval is required: annual; long service leave; purchased; maternity; time off in lieu; and study.  The approach in determining the timeliness of approvals for the Department of Home Affairs is detailed in paragraph 3.42.

3.46 Figure 3.3 and Figure 3.4 identify, for the period 1 July 2018 to 31 December 2019, distributions of delays between the commencement of leave and submission of leave requests for leave types required to be pre-approved for the Departments of: the Prime Minister and Cabinet and the Treasury.

3.47 As compared to the Department of Home Affairs, it is evident in these figures that delayed approvals are more concentrated within the 1–30 day range for the Departments of: the Prime Minister and Cabinet and the Treasury.

3.48 Similar to the Department of Home Affairs, the Departments of: the Prime Minister and Cabinet and the Treasury, have significant proportions of delayed approvals relating to study leave. The Department of the Prime Minister and Cabinet also has a substantial number of subsequent leave approvals for time off in lieu, which is also observed in Figure 3.2 for the Department of Home Affairs.

Figure 3.3: Department of the Prime Minister and Cabinet’s distribution of leave request submissions subsequent to the commencement of leave

Figure 3.3 outlines the Department of the Prime Minister and Cabinet’s distribution of leave request submissions that were subsequent to the commencement of leave for the following leave types where pre-approval is required: annual; long service leave; purchased; maternity; time off in lieu; and study.

Figure 3.4: Department of the Treasury’s distribution of leave request submissions subsequent to the commencement of leave

igure 3.4 outlines the Department of the Treasury’s distribution of leave request submissions that were subsequent to the commencement of leave for the following leave types where pre-approval is required: annual; long service leave; purchased; maternity; and study.

3.49 Figure 3.5 to Figure 3.7 identify the 1 July 2018 to 31 December 2019 proportion of each type of leave expected to be scheduled in advance of leave commencing that the HRMIS indicates was not scheduled in advance. Analysis of the Department of Home Affairs is again based on the approval or last action date, as detailed in paragraph 3.42.

3.50 Figure 3.5 for the Department of Home Affairs, indicates that the proportion of approval subsequent to leave commencement is considerable across all leave types. In particular, this percentage exceeds 30 per cent for: time off in lieu; study leave; maternity leave; and purchased leave.

Figure 3.5: Department of Home Affairs’ proportion of leave types with approval or last action date subsequent to the commencement of leave

Figure 3.5 outlines the Department of Home Affairs’ proportion of leave types with approval or last action date subsequent to the commencement of leave for the following leave types where pre-approval is required: annual (28%); long service leave (27%); purchased (32%); maternity 39%); time off in lieu (72%); and study (50%).  The approach in determining the timeliness of approvals for the Department of Home Affairs is detailed in paragraph 3.42.

3.51 In Figure 3.6 for the Department of the Prime Minister and Cabinet, while it is evident that the proportion of approval subsequent to leave commencement is high across all leave types, only study and long service leave exceed 30 per cent. The proportion for remaining leave types are relatively consistent.

Figure 3.6: Department of the Prime Minister and Cabinet proportion of leave types with approval subsequent to the commencement of leave

Figure 3.6 outlines the Department of the Prime Minister and Cabinet’s proportion of leave types with approval subsequent to the commencement of leave for the following leave types where pre-approval is required: annual (20%); long service leave (36%); purchased (28%); maternity (28%); time off in lieu (28%); and study (53%).

3.52 Consistent with the observation made in paragraph 3.44 that the Treasury recorded the lowest proportion of delayed approval for the three entities, Figure 3.7 also demonstrates greater levels of pre-approval compliance across leave types compared to the other two entities. Study leave is the only leave type where subsequent approval exceeds 30 per cent.

Figure 3.7: Department of the Treasury proportion of leave types with approval subsequent to the commencement of leave

Figure 3.7 outlines the Department of the Treasury’s proportion of leave types with approval subsequent to the commencement of leave for the following leave types where pre-approval is required: annual (17%); long service leave (27%); purchased (21%); maternity (11%); and study (38%).

3.53 The ANAO continues to perform procedures relating to assessments of the completeness and accuracy of leave accruals and adjustments. The above analysis suggests that entities should implement strategies to increase compliance by employees, strengthen related monitoring and reporting controls, and target identified non-compliance.

3.54 Delays in the submission and approval of leave will impact the reporting of employee entitlements within financial statements where leave is taken in a financial period prior to the leave request being made. The ANAO is currently assessing the impact upon financial reporting for the years ending 30 June 2019 and 30 June 2020 for the identified instances.

Conclusion

3.55 The increase in findings relating to human resource management and administration, and the significance of these as a proportion of all financial statements audit findings has prompted the ANAO to undertake targeted assurance activities over the management of staff leave. The activities have been performed to facilitate an assessment of compliance of the management of leave accruals and balances with human resource policies and requirements and to further inform assurance activities for future audits. The entities selected were the Departments of: Home Affairs; Prime Minister and Cabinet; and the Treasury.

3.56 The analysis performed to date has identified weaknesses in processes relating to staff leave and associated monitoring controls. In particular, improvements can be made in the timeliness of submission and approval of leave requests and application of requirements including minimum and maximum entitlements. The ANAO has also identified that the Department of Home Affairs’ leave policy does not contain current information or requirements following the February 2019 workplace determination.

3.57 The observations made to date potentially impact entities’ operations and financial reporting. Leave being taken prior to approval being given may impact the ability for entities to effectively manage resources and deliverables, while also potentially overstating the related employee liability in the financial statements.

3.58 The ANAO will continue to progress the assessment of the above criteria and will report the results of this in the Auditor-General report Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2020 and a separate report to Parliament.

4. Results of the interim audit phase by entity

Chapter coverage

This chapter summarises the results of the interim audits for the 2019–20 financial statements of the 24 entities included in this report. The entities included in this report are all Departments of State, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the income, expenses, assets and liabilities within the 2018–19 Consolidated Financial Statements of the Australian Government (CFS) and are presented in Figure 4.0.1 and Figure 4.0.2.

Audit results

There were no significant and eight moderate findings reported to the entities covered by this report at the completion of the 2019–20 interim phase compared with one significant and 12 moderate findings at the interim phase in 2018–19. One significant legislative breach was also reported.

At the completion of the interim audits, the ANAO reported to seven entities that, except for particular finding/s outlined in this chapter, key elements of internal control were operating effectively to provide reasonable assurance that the entities were able to prepare financial statements that are free from material misstatement.

As outlined throughout this chapter the ANAO will be reassessing risk in light of the new operating environment arising from responses to the COVID-19 pandemic and the associated stimulus measures.

Introduction

4.0.1The ANAO’s assessment of the overall risk of material misstatement of the financial statements is based on professional judgement relating to the entity’s particular circumstances. The financial statements audit planning process involves joint procedures with performance audit and takes into account each entity’s environment and governance arrangements, its system of internal control, and prior year financial and performance audit findings. These planning processes inform the identification of areas of key risk that have the potential to impact on the integrity of the financial statements.

4.0.2 The interim phase of the audit focuses on the steps taken by entities to manage these risks, including their systems of internal control. This chapter reflects portfolio and funding arrangements established by the Administrative Arrangement Order of 5 December 2019 and outlines the following information for each of the reported entities:

  • the entity’s primary role as reflected in its Portfolio Budget Statements;
  • 2019–20 appropriation funding and key financial statements items;
  • key areas of financial statements risk including where the ANAO has identified Key Audit Matters (KAM);
  • the ANAO’s assessment of the overall risk of material misstatement of the financial statements, which informs the audit processes to be undertaken; and
  • the status of significant and moderate audit findings at the completion of the interim audit, and the conclusion relating to audit coverage to date.

4.0.3 The entities included in this report include all Departments of State, the Department of Parliamentary Services and other Commonwealth entities that significantly contribute to the revenues, expenses, assets and liabilities within the 2018–19 CFS.

4.0.4 Where a performance audit was tabled during 2019–20 that was relevant to the financial management or administration of an entity, the impact of those observations on the audit approach are discussed within the relevant portfolio section.

Impact of COVID-19 on Audit Approach

4.0.5 Planning and risk assessment for financial statement audits is an iterative process and auditors revise the risk assessment and audit response for changes in the audited entity and the environment in which it operates. As at 30 April 2020, the developing COVID-19 situation presented potential new key risk areas for the operations and financial statement preparation processes of the entities that ANAO audits.

4.0.6 Given the evolving nature of the COVID-19 response the ANAO will reassess and revise audit plans throughout the remaining financial statements audit cycle. Where teams are aware of new risks at the time of this report, adjustments have been made to the audit plan in response to those risks. Where specific additional audit risks have been identified for entities, details are included in the relevant chapter contribution. Some key areas that may cause a change in the ANAO’s assessment of audit risk and consequential audit approach include:

  • changes to how audited entities’ systems of internal control operate because relevant processes and controls are inconsistent with social distancing principles;
  • entities reprioritising staff and resources to operational areas delivering the Government’s response to COVID-19, thus affecting the skills and capacity available for key financial statement preparation, governance and monitoring processes;
  • significant new areas of estimation uncertainty arising because of the potential impact of the Government’s response to the virus and global market changes on interest rates, property and share markets and other areas, including those discussed in chapter 2;
  • where the financial viability of entities is reliant upon significant non-government cash flows, the ability of those entities to operate as a going concern given the impacts on the national and global economy; and
  • challenges to the ability of the ANAO to comply with requirements of the auditing standards, either because audited entities are unable to take actions that are prerequisites for the completion of audit procedures or because ANAO audit teams are unable to perform appropriate work in the current working environment.

4.0.7 These potential risks may require audit teams to change their audit approach. For example, where an audit team would normally rely on key controls for obtaining audit evidence, it may no longer be efficient and effective to do so and instead an increased proportion of the audit evidence may need to be gathered from detailed testing of transactions. In some cases where the overall level of audit risk has increased due to COVID-19, that may require additional audit effort to obtain the sufficient appropriate audit evidence necessary for forming the audit opinion.

4.0.8 While it is the ANAO’s intention to work co-operatively with audited entities to resolve such issues, the ANAO Auditing Standards require the ANAO to modify an audit opinion where it is unable to gather sufficient appropriate audit evidence and the possible effects of undetected misstatements arising from the lack of evidence are material. Refer to Appendix 3 for a detailed description of the circumstances that may give rise to a modification to our auditor’s reports.

4.0.9 To facilitate the 2019–20 audit process, and minimise the need for attendance at auditee premises, the ANAO has requested, where possible, that entities provide audit staff with remote access into the financial management and relevant operational systems. This will allow the ANAO to directly interrogate and extract the information required to provide the necessary audit evidence to form an opinion over the 2019–20 financial statements. Appendix 6, provides a summary of which entities included in this report have provided remote systems access.

Analysis of entities contribution to 2018–19 CFS

4.0.10 An analysis of the percentage contribution of entities in this report, to 2018–19 CFS is presented below. Figure 4.0.1 presents the results of nine entities that contribute greater than 10 per cent of either the income, expenses, assets or liabilities of the CFS. The remaining entities are presented in Figure 4.0.2 and contribute less than 10 per cent of all categories.

Figure 4.0.1: Entities contributing greater than 10 per cent to the Australian Government’s 2018–19 Consolidated Financial Statements

Figure 4.0.1 details the contribution to the Consolidated Financial Statements, for Income, Expenses, Assets and Liabilities, for entities who contribute more than ten percent to the 2018-19 Consolidated Financial Statements.

Source: ANAO analysis of CFS and entities’ financial statements for the year ended 30 June 2019.

Figure 4.0.2: Entities contributing less than 10 per cent to the Australian Government’s 2018–19 Consolidated Financial Statements

Figure 4.0.2 details the contribution to the Consolidated Financial Statements, for Income, Expenses, Assets and Liabilities, for entities who contribute less than ten per cent to the 2018-19 Consolidated Financial Statements.

Note 1: Balances for entities where functions have been transferred as a result of the 5 December 2019 AAO have been consolidated with the total balances of the entity receiving the functions. The 30 June 2019 balances for the former Department of Employment, Skills, Small and Family Business have been consolidated with the balances for the former Department of Education and are represented in this graph as the Department of Education, Skills and Employment; 30 June 2019 balances for the former Department of Environment and Energy have been consolidated with the balances for the former Department of Agriculture and are represented in this graph as the Department of Agriculture, Water and the Environment; 30 June 2019 balances for the former Department of Communications and the Arts have been consolidated with the balances for the former Department of Infrastructure, Transport and Regional Development and are represented in this graph as the Department of Infrastructure, Transport, Regional Development and Communications.

Note 2: The National Indigenous Australians Agency was created on 1 July 2019. Balances relating to functions transferred to that entity are included in the graph as part of the total balances for the Department of the Prime Minister and Cabinet.

Source: ANAO analysis of CFS and entities’ financial statements for the year ended 30 June 2019.

Additional funding for COVID-19

4.0.11 Under the Government’s economic stimulus measures designed to support the economy as a result of the COVID-19 pandemic, additional multi-year81 funding was announced for entities. Government funding has also been approved in the 2019–20 financial year, through the Coronavirus Economic Response Packages Acts (No. 1 & No. 2)82 and Appropriation Acts. The amounts approved for 2019–20 expenditure are disclosed in the relevant chapter contributions.

4.0.12 The amounts authorised by the aforementioned legislation include $42.975 billion for ‘Advances to the Finance Minister’ (AFM). The AFM is a provision in the annual Appropriation Acts and the Coronavirus Economic Response Packages Acts which enable the Minister for Finance (Finance Minister) to provide additional appropriation to entities throughout the financial year.83 An Advance may only be issued by the Finance Minister if he is satisfied that there is an urgent need for expenditure that is either not provided for or has been insufficiently provided for in the existing appropriations of the entity. The additional appropriation is provided by means of a determination.

4.0.13 Commencing in April 2020, the ANAO will be conducting six, monthly limited assurance reviews under section 19A of the Auditor-General Act 1997 over amounts advanced under the AFM. These reviews will be tabled in Parliament and published on the ANAO website.

Results of financial statements audits

4.0.14 Table 4.0.1 presents a summary of new and unresolved significant and moderate findings84 at the conclusion of the 2019–20 interim audits and the 2018–19 interim and final audits. In addition to the significant and moderate findings, one significant legislative compliance finding was reported.85

Table 4.0.1: Significant and moderate findings by entity

 

Interim 2018–19

Final 2018–19

Interim 2019–20

Entity

New findingsa

Unresolved findingsb

New findingsa

Unresolved findingsb

New findingsa

Unresolved findingsb

Department of Agriculture, Water and the Environment

2

1

1

Attorney-General’s Department

Department of Defence

1

2

1

1

2

Department of Veterans’ Affairs

Department of Education, Skills and Employment

3

3

1

Department of Finance

Future Fund Management Agency and the Board of Guardians

Department of Foreign Affairs and Trade

Department of Health

1

1

Department of Home Affairs

1

1

Department of Industry, Science, Energy and Resources

Department of Infrastructure, Transport, Regional Development and Communications

1

1

1

1

Australian Postal Corporation

NBN Co Limited

Department of Parliamentary Services

Department of the Prime Minister and Cabinet

National Indigenous Australians Agency

N/A

N/A

N/A

N/A

Department of Social Services

Services Australia

1

National Disability Insurance Scheme Launch Transition Agency (NDIA)

3

1

1

Department of the Treasury

Australian Office of Financial Management

Australian Taxation Office

Reserve Bank of Australia

Total

7

6

7

4

1

7

             

Note a: Minor findings identified previously but upgraded to a moderate or significant finding are considered new for the purposes of this table.

Note b: Findings transferred to another entity as a result of Machinery of Government changes, which remain unresolved, are treated as repeat findings for the purposes of this table.

Source: 2018–19 and 2019–20 ANAO audit correspondence.

4.1 Department of Agriculture, Water and the Environment

Overview

4.1.1 The Department of Agriculture, Water and the Environment is responsible for developing and implementing policies and programs to promote more sustainable, productive, internationally competitive and profitable Australian agricultural, food and fibre industries; safeguarding Australia’s animal and plant health; managing the conservation, protection and sustainability of Australia’s natural resources, biodiversity, ecosystems, environment and heritage; advancing Australia’s interests in the Antarctic; and improving the health of rivers and freshwater ecosystems and water use efficiency.

4.1.2 On 1 February 2020 under an Administrative Arrangements Order, the former Department of Agriculture was abolished and its functions were transferred to the former Department of the Environment and Energy, which was renamed the Department of Agriculture, Water and the Environment (DAWE). The energy function of the former Department of the Environment and Energy was transferred to the Department of Industry, Science, Energy and Resources.

4.1.3 Consistent with the Australian Government’s response to the COVID-19 pandemic, DAWE has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: DAWE’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and DAWE’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.1.4 Figure 4.1.1 and Figure 4.1.2 show the 2019–20 departmental and administered financial statements items reported by DAWE and the key areas of financial statements risk.

Figure 4.1.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.1.1 shows DAWE’s departmental estimated actuals for the year ended 30 June 2020 as per DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements categorised by financial statement classification of own source income, expenses, assets and liabilities. This reflects DAWE’s structure and outcomes, post machinery of government changes and includes key areas of financial statements risk as per Table 4.1.3.

Source: ANAO analysis of DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting DAWE’s structure and outcomes, post machinery of government changes).

Figure 4.1.2: Key departmental financial statements items and areas of financial statements risk

Figure 4.1.2 shows the DAWE’s administered estimated actuals for the year ended 30 June 2020 as per DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements categorised by financial statement classification of income, expenses, assets and liabilities. This reflects DAWE’s structure and outcomes, post machinery of government changes and includes key areas of financial statements risk as per Table 4.1.3.

Source: ANAO analysis of DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting DAWE’s structure and outcomes, post machinery of government changes)

4.1.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact DAWE’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DAWE’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.1.3 and the ANAO’s understanding of the operations of DAWE, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.1.6 Annual appropriation funding86 of $1,015.6 million (departmental) and $1,469.0 million (administered) was provided to DAWE in 2019–20 to support the achievement of the entity’s outcomes.87 DAWE was also budgeted to receive special appropriation funding of $933.6 million.88 Special appropriations are used for: payments to industry bodies; funding provided under contractual arrangements for research and development, and marketing; and payments related to the farm household allowance.

4.1.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year89 funding was announced for entities. DAWE was appropriated $15.3 million in 2019–20 to support departmental operations related to COVID-19.

4.1.8 Table 4.1.1 and Table 4.1.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.1.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

1,406.4

2,291.8

Employee benefits

725.3

Suppliers

511.4

246.8

Depreciation and amortisation

139.7

7.8

Personal benefits

103.5

Grants

3.1

1,751.8

Borrowing costs and other

26.9

181.9

Total own-source income

484.4

713.2

Sale of goods and rendering of services

444.4

18.6

Other taxes

521.1

Interest

0.4

37.7

Dividend

108.5

Gains

1.6

Other

38.0

27.3

Net (cost of)/contribution by services

(922.0)

(1,578.6)

     

Source: DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting DAWE’s structure and outcomes, post machinery of government changes).

Table 4.1.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

1,816.2

8,693.1

Cash

40.7

1,654.3

Trade and other receivables

183.6

1,222.1

Intangibles

170.2

4,065.3

Land and buildings

649.8

1.5

Property, plant and equipment

655.1

522.1

Heritage and cultural

72.3

Inventories

10.2

11.1

Investments

17.0

1,131.5

Other

17.3

85.2

Total liabilities

1,405.7

238.0

Grants

170.5

Suppliers payable

47.4

47.1

Other payables

20.0

2.5

Interest bearing liabilities

393.9

Employee provisions

228.2

Other provisions

716.2

17.9

Net assets/(liabilities)

410.5

8,455.1

     

Note: DAWE’s estimated average staffing level for 2019–20 is 6,026.

Source: DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting DAWE’s structure and outcomes, post machinery of government changes).

Key areas of financial statements risk

4.1.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.1.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.1.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.90 As at the interim phase, no additional financial statements risks have been identified for DAWE. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.1.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Departmental

sale of goods and rendering of services revenue

$444.4 million

Accuracy and completeness of own-source revenue

KAM

Higher

  • large range of revenue streams, collected across the country through multiple systems;
  • complex cost recovery arrangements;
  • collection of a significant portion of import revenues is performed by the Department of Home Affairs; and
  • judgement involved in the calculation of the provision for doubtful debts.

Administered

levies fees and charges

$521.1 million

Accuracy and completeness of primary industry levies, fees and charges revenue

KAM

Higher

  • self-assessment nature of collections; and
  • complexities involved in estimating the level of agricultural production on which revenue is based.

Departmental

other provisions

$716.2 million

Valuation of provision for restoration obligations in the Antarctic

KAM

Higher

  • the balance is subject to judgement and estimation, particularly relating to discount rates, escalation factors, asset replacement costs and useful lives.

Administered

water entitlements

$4.1 billion

Valuation of water entitlement assets

KAM

Higher

  • the balance and impairment process is subject to estimation and judgement, and impacted by factors including the maturity and assessment of the water market; and
  • information to support the valuation is provided by third parties.

Administered

loans (component of trade and other receivables $1.2 billion)

Valuation of loans to the State and Territory Governments and farm businesses

KAM

Moderate

  • variation in loan terms across jurisdictions;
  • potential changes in the accounting treatment for loans should they be deemed concessional in nature;
  • the level of estimation involved in determining any potential impairment of loans; and
  • subsequent management of loans to farm businesses is undertaken by a third party (the State or Territory Government, or the Regional Investment Corporation), under a service level agreement with DAWE. The third party is responsible for entering into loan agreements with eligible farm businesses, the approval of recipients, and the ongoing monitoring and maintenance of the loans.
       

Source: ANAO 2019–20 risk assessment for DAWE and DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.1.11 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to sale of goods and rendering of services revenue, administered levies, fees and charges revenue, and administered loans receivable. In addition, interim coverage of IT general controls and supplier and employee benefits expenses has been completed.

4.1.12 Audit procedures relating to other provisions, water entitlements and the impairment assessment of administered loans, in addition to substantive procedures over all material line items will be undertaken as part of the 2019–20 final audit phase.

4.1.13 To date, our audit coverage has not identified any new significant or moderate audit findings. The following table summarises the status of audit findings reported by the ANAO in 2019–20.

Table 4.1.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)a

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

B

1

1

TOTAL

1

1

         

Note a: The moderate finding included in the closing position for 2018–19 has been transferred from the former Department of Agriculture. This finding relates to processes now facilitated by DAWE following machinery of government changes and will be monitored through the 2019–20 audit of DAWE.

Unresolved moderate audit finding
Weaknesses in change management controls

4.1.14 IT change management provides a disciplined approach to making changes to the IT environment. It includes processes around the governance and approval of changes, controls designed to ensure that changes are properly tested before implementation, and processes for the management of emergency changes. The Australian Government Information Security Manual (ISM) outlines the change management requirements that Government entities should adhere to.

4.1.15 During 2018–19, the ANAO identified a number of weaknesses in change management controls, including:

  • instances where there was no documented evidence demonstrating system changes had been tested in the production environment;
  • no evidence of controls around configuration management. Configuration management controls are important as they help ensure that that only approved and tested versions of software are implemented into the production environment;
  • no evidence that a change migrated from the test environment to the production environment was performed by different users; and
  • an increase to the percentage of changes implemented by the department using the emergency change procedures.

4.1.16 Testing as part of the 2019–20 interim audit for the financial year to date, identified that whilst a revised change management policy was implemented in October 2019, there were still instances in our sample where system changes had been tested, but the evidence documenting this was not retained in the change management system. Instances were also identified in our sample, where evidence of controls around configuration management was not available to demonstrate that changes implemented in production were the most recent changes tested and approved, and one instance where a change migrated from the test environment to the production environment was performed by the same user. We noted approximately 25 percent of changes were still being implemented using emergency change procedures.

4.1.17 These weaknesses increase the risk of changes being made to key business and financial systems which are not properly tested, authorised and approved. This in turn may compromise the integrity of information contained within these systems. DAWE’s emergency change procedures are required where an urgent change is identified that is not otherwise foreseen. If these procedures are applied to known and planned changes the key internal controls designed to ensure an appropriate level of governance oversight may be bypassed.

4.1.18 The ANAO recommended that DAWE maintains evidence of the testing and approval of system changes and reduces the number of changes implemented using emergency change processes. The ANAO will continue to review the operational effectiveness of DAWE’s revised change management processes as part of the final audit phase.

Conclusion

4.1.19 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, and except for the finding outlined above, key elements of internal control were operating effectively to provide reasonable assurance that DAWE will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.2 Attorney-General’s Department

Overview

4.2.1 The role of the Attorney-General’s Department (AGD) is to contribute towards a just and secure society through the maintenance and improvement of Australia’s law, justice, security and integrity frameworks. This work helps people to thrive and succeed in a prosperous, fair and cohesive nation. The department supports the Attorney-General as First Law Officer to protect and promote the rule of law, to provide strong oversight and accountability and to act as principal legal advisor to government. AGD also has responsibility for a number of industrial relations and work place safety functions.

4.2.2 AGD has entered into shared service arrangements with the Department of Social Services for the provision of grant management services. AGD remains accountable for compliance with all accounting, legal and administrative requirements. AGD has been impacted by the Machinery of Government (MoG) changes made in May 2019 resulting in the transfer of the Industrial Relations and Work Place Safety functions from the former Department of Employment, Skills, Small and Family Business.

4.2.3 Consistent with the Australian Government’s response to the COVID-19 pandemic, AGD has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: AGD’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and AGD’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.2.4 Figure 4.2.1 and Figure 4.2.2 show the 2019–20 departmental and administered financial statements items reported by AGD and the key areas of financial statements risk.

Figure 4.2.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.2.1 shows AGD’s departmental estimated actuals for the year ended 30 June 2020 as per AGD’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.2.3.

Source: ANAO analysis and AGD’s 2019–20 revised budget as reported in the 2019–2020 Portfolio Additional Estimates Statements.

Figure 4.2.2: Key administered financial statements items and areas of financial statements risk

Figure 4.2.2 shows AGD’s administered estimated actuals for the year ended 30 June 2020 as per AGD’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.2.3

Source: ANAO analysis and AGD’s 2019–20 revised budget as reported in the 2019–2020 Portfolio Additional Estimates Statements.

4.2.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on AGD’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of AGD’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.2.3 and the ANAO’s understanding of the operations of AGD, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.2.6 Annual appropriation funding of $219.1 million (departmental) and $550.8 million (administered) was provided to AGD in 2019–20 to support the achievement of the entity’s outcomes.91 AGD was also budgeted to receive special appropriation funding of $404.6 million.92 The special appropriation funding is largely for industrial relations and workplace safety functions.

4.2.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year93 funding was announced for entities. No funding was appropriated to AGD in 2019-20 for COVID-19.

4.2.8 Table 4.2.1 and Table 4.2.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.2.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

342.2

928.0

Employee benefits

212.3

19.3

Suppliers

81.2

194.7

Subsidies

128.5

Personal benefits

213.4

Depreciation and amortisation

44.3

9.0

Grants

340.5

Payments to corporate entities

22.5

Other

4.4

0.1

Total own-source income

116.8

269.8

Sale of goods and rendering of services

116.3

2.8

Other

0.5

267.0

Net (cost of)/contribution to services

(225.4)

(658.2)

     

Source: AGD’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.2.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

530.1

1,234.4

Trade and other receivables

125.7

43.0

Cash and cash equivalents

6.3

2.1

Other investments

1,158.6

Land and buildings

240.8

7.4

Heritage and cultural assets

3.8

Property, plant and equipment

127.2

2.7

Intangibles

22.6

1.0

Other

3.7

19.6

Total liabilities

436.1

2,191.9

Employee provisions

59.7

6.1

Suppliers payable

24.2

7.7

Leases

333.6

0.3

Other

18.6

2,177.8

Net assets/(liabilities)

94.0

(957.5)

     

Note: AGD’s estimated average staffing level for 2019–20 is 1,650.

Source: AGD’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.2.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.2.3. There were no Key Audit Matters identified for the 2019–20 AGD financial statements audit.

4.2.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.94 As at the interim phase, no additional financial statements risks have been identified for AGD. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.2.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

All financial statement line items

Completeness and accuracy of disclosures relating to the Machinery of Government changes that transferred functions to the department

Moderate

  • risk associated with the accurate calculation and valuation of balances transferred to the department; and
  • required additional financial statement disclosures.

Administered

Fair Entitlements Guarantee (FEG) Scheme

Personal benefits

$ 213.4 million

FEG liabilities are a component of personal benefits liabilities $3.5 million

Accuracy and occurrence of administered personal benefits expenses

Moderate

  • risks relating to claims eligibility, calculation of benefit amounts and subsequent payments; and
  • the value of debts and liabilities that are recognised relating to the FEG Scheme.

Departmental

rendering of services

$116.3 million

goods and services receivables (component of trade and other receivables $125.7 million)

Accuracy of revenue, and the accuracy and completeness of trade receivables, from rendering of services

Moderate

  • Australian Government Solicitor (AGS) revenue from rendering of services is a significant component of the AGD’s revenue; and
  • the value and timing of revenue recognition is determined with reference to time recorded on various AGS matters, the completion and recovery of matters and the valuation of work-in-progress at year end is subject to management judgement.
       

Source: ANAO 2019–20 risk assessment for AGD and AGD’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.2.11 The ANAO has substantially completed its 2019–20 interim audit coverage, including the assessment of the controls relating to: departmental revenue, FEG Scheme expenses and the management of appropriations and special accounts. Testing related to IT general and application controls is in progress.

4.2.12 Audit procedures relating to: the valuation of non-financial assets, including administered investments; and financial statements close processes including the consolidation of the AGS will be undertaken as part of the planned 2019–20 final audit.

4.2.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.2.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that AGD will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.3 Department of Defence

Overview

4.3.1 The Department of Defence (Defence) is responsible for protecting and advancing Australia’s strategic interests through the: promotion of security and stability; the provision of military capabilities to defend Australia and its national interests; and the provision of support for the Australian community and civilian authorities as directed by the Government.

4.3.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, Defence has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may: impact Defence’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Defence’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.3.3 Figure 4.3.1 and Figure 4.3.2 show the 2019–20 departmental and administered financial statements items reported by the Department of Defence (Defence) and the key areas of financials statements risk.

Figure 4.3.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.3.1 shows Defence’s departmental estimated actuals for the year ended 30 June 2020 as per Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.3.3.

Source: ANAO analysis and Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.3.2: Key administered financial statements items and areas of financial statements risk

Figure 4.3.2 shows Defence’s administered estimated actuals for the year ended 30 June 2020 as per Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.3.3.

Source: ANAO analysis and Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.3.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Defence’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Defence’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.3.3 and the ANAO’s understanding of the operations of Defence, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items

4.3.5 Annual appropriation funding of $38.4 billion (departmental) was provided to Defence in 2019–20 to support the achievement of the entity’s outcomes.95 Defence was also budgeted to receive special appropriation funding of $9.9 billion predominantly for military superannuation provisions.96

4.3.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year97 funding was announced for entities. No funding was appropriated to Defence in 2019–20 in response to COVID-19.

4.3.7 Table 4.3.1 and Table 4.3.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.3.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

35,652.9

9,908.1

Employee benefits

12,233.7

Suppliers

15,458.1

Depreciation and amortisation

6,433.3

Write-down and impairment of assets

1,175.1

Military superannuation benefits

9,708.4

Other

352.7

199.7

Total own-source income

1,304.7

1,359.5

Sale of goods and rendering of services

534.5

Reversals of previous asset write-downs

629.9

Military superannuation contributions

1,244.4

Other

140.3

115.1

Net (cost of)/contribution to services

(34,348.2)

(8,548.6)

     

Source: Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.3.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

110,702.4

3,969.8

Financial assets

774.9

3,663.7

Specialist military equipment

69,968.5

Land and building

21,053.6

Infrastructure, plant, and equipment

8,248.3

Intangibles

766.4

Heritage and cultural

449.8

Inventories

6,789.9

Prepayments

2,499.6

306.1

Other

151.4

Total liabilities

10,015.6

93,294.3

Suppliers

2,151.9

Leases

2,889.9

Employee provisions

3,163.1

Restoration, decontamination and decommissioning

1,378.4

Military superannuation

93,128.8

Other

432.3

165.5

Net assets/(liabilities)

100,687.0

(89,324.5)

     

Note: Defence’s estimated average staffing level for 2019–20 is 76,361.

Source: Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.3.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.3.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.3.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.98 As at the interim phase, no additional financial statements risks have been identified for Defence. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.3.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Departmental

specialist military equipment (SME)

$69.9 billion

Accuracy and valuation of the SME balance which includes platform assets in use and under construction and spare parts for these assets

KAM (valuation)

Higher

  • high degree of judgement due to the highly specialised nature of these assets and the management estimates required to determine appropriate useful lives and assess the financial impact of indicators of impairment;
  • subjectivity in the valuation assessment due to the difficulty in obtaining the replacement costs of assets with a similar capability in the absence of an active market;
  • the annual impairment and revision of useful lives are subject to a high degree of judgement and subjectivity;
  • management of assets under construction (AUC) is dispersed across numerous projects that have complex multi-year contractual arrangements and project management requirements; and
  • large prepayments are often made in relation to the acquisition and sustainment of SME.

Administered

employee provisions

$93.1 billion

Accuracy, valuation and disclosure of administered employee provisions

KAM (valuation)

Higher

  • complexity of the calculation and significant judgements applied in the selection of long-term assumptions including rates for salary growth, pension indexation, pension take-up and invalidity retirements; and
  • detailed disclosure requirements for the presentation and disclosure of defined benefit plans.

Departmental

inventory

$6.8 billion

(including explosive ordinance (EO)

fuel

general stores inventory (GSI))

Existence and completeness of inventory balances

KAM (existence and completeness)

Moderate

  • the variety and number of inventory items which are managed across a large number of geographically dispersed locations and through a number of IT systems; and
  • complexity and management expertise required to assess and identify obsolete stock.

Departmental

general assets $30.5 billion

Valuation of general assets

KAM (valuation)

Moderate

  • high degree of management judgement required in respect of classifying project costs as capital or expense; and
  • assumptions applied to determine appropriate useful lives and in the selection of valuation techniques to measure fair value and assess the financial impact of indicators of impairment.

Departmental

leased assets and liabilities

$ 2.9 billion

Accounting for and disclosure of leases in accordance with the amended accounting standard, AASB 16 Leases

Moderate

  • the completeness of management’s identification and assessment of leases for transition to AASB 16 Leases. These are complex and include leasing arrangements for properties and equipment which includes military equipment such as Satellites and Naval Vessels; and
  • the accuracy of the measurement of right-of-use assets and lease liabilities due to the complexity of these agreements.

Departmental and Administered

all financial statements items

Accuracy and completeness of information processed by complex IT systems which are critical to key elements of financial statements.

Moderate

  • a number of complex IT systems which hold and generate information critical to financial statements;
  • IT systems which are bespoke or heavily customised for Defence; and
  • ongoing major IT reform projects which include Enterprise Resource Planning increasing Defence’s IT risk profile.
       

Source: ANAO 2019–20 risk assessment for Defence and Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.3.10 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. The following performance audit reports were tabled during 2019–20 relevant to the financial management or administration of Defence:

  • Auditor-General Report No. 19 Major Projects Report;
  • Auditor-General Report No. 22 Future Submarine Program — Transition to Design; and
  • Auditor-General Report No. 24 Defence’s management of its public communications and media activities.

4.3.11 The above reports included observations relevant to impairment of assets under construction and IT systems as outlined in Table 4.3.3. These reports were considered in designing audit procedures to address areas considered to pose moderate or higher risks of material misstatement.

Audit results

4.3.12 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to asset management processes and the controls implemented to determine the value of inventory at year-end. Interim audit coverage also included assessing IT general and application-specific controls for systems that support the preparation of Defence’s financial statements, in addition to assessing the operation of key non-IT controls in areas including appropriation and cash management, suppliers and employee expenses. Additionally, the ANAO has assessed Defence’s progress on the significant and moderate audit finding discussed below.

4.3.13 Audit procedures relating to the 30 June 2020 balances for employee provisions, decontamination and decommissioning provisions, inventory, SME and other fixed assets, and the military superannuation provision will be undertaken during the 2019–20 final audit. The ANAO will test Defence’s systems and processes supporting the complete and accurate disclosure of commitments, litigation and compensation schemes as part of the final audit. Additionally the ANAO will assess Defence’s progress in addressing audit findings up to and during the final audit.

4.3.14 The following table summarises the status of audit findings reported by the ANAO in 2018–19 and 2019–20.

Table 4.3.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

1

1a

B

1

1a

2

TOTAL

2

1

1

2

         

Note a: The significant audit finding relating to Management and monitoring of SME balances in MILIS and ROMAN has been revised to a moderate audit finding.

New moderate audit finding
Management and monitoring of SME balances in MILIS and ROMAN

4.3.15 In 2017–18 the ANAO reported a number of issues with the substantiation of SME transactions in the Military Integrated Logistics Information System (MILIS) and the corresponding accounts in the financial management information system (ROMAN). Defence uses these systems to manage the acquisition and sustainment of SME assets. The issues identified included:

  • difficulties of identifying ROMAN payments for Military Support assets against the respective asset receipts in MILIS;
  • significant unreconciled balances in asset clearing accounts;
  • delays in validating MILIS transactions and reconciling to balances in the clearing accounts;
  • posting of assets acquisitions in to incorrect general ledger accounts; and
  • delays in transferring Military Support assets from assets under construction to the fixed asset register after confirmation of being in use by business units.

4.3.16 During 2018–19 Defence commenced remediation of this issue, by:

  • matching a significant number of ROMAN and MILIS transactions and validating price differences;
  • undertaking a comprehensive review of aged balances which resulted in the transfer of assets to the fixed asset register; and
  • communicating with business units to address processing issues.

4.3.17 In 2019–20, Defence has continued the remediation activities and:

  • embedded the monthly reconciliation process, including investigation and correction where appropriate of identified variances;
  • made significant progress in transferring assets under construction to the fixed asset register; and
  • implemented a dashboard reporting process for outstanding clearing balances and improved the timeliness and the extent validation of MILIS transactions.

4.3.18 As a result of this progress, the ANAO has revised this finding to a moderate audit issue. The ANAO will continue testing of Defence remediation activities during the 2019–20 final audit phase.

Unresolved moderate audit finding
Monitoring and management of accounts with privileged users

4.3.19 Maintaining and supporting IT systems requires some individuals to have privileged access rights. This level of access can be used to bypass security controls and make changes, either to system settings or directly to system data. Individuals with privileged access must be unique and identifiable, and have their activity regularly monitored to detect any unauthorised use.

4.3.20 During the 2018–19 audit, the ANAO’s review of privileged user access identified several issues with the monitoring and management of accounts within financially significant applications. This included instances of shared privileged accounts, for which Defence was unable to provide evidence of management review over these privileged users’ activities as they were either not logged or not monitored. The ANAO also identified privileged users with inappropriate access that had not been terminated or suspended when the user no longer required it for their role. In addition, password parameters for some applications did not align with the industry standards for password management.

4.3.21 Over the course of the 2019–20 audit, the ANAO acknowledges Defence has made significant progress towards resolving the above weaknesses. The ANAO confirmed that Defence has evaluated the logging and monitoring of high risk activities for financially significant applications and are implementing improvements to gain assurance that staff have been provided uniquely identifiable and appropriate access to systems and data in line with business requirements. Additionally, work is underway to mitigate or accept the weaknesses in password security within affected systems.

4.3.22 Controls for timely termination of user access have still evidenced weakness during the interim testing, with both the ANAO and Defence internal audit identifying instances of users who retained access when it was no longer required for their role, as well as reliance being placed on controls that do not sufficiently address the risk of inappropriate access continuing. The ANAO understands that Defence is continuing to implement activities to address these issues and will provide the ANAO with additional assurance towards the end of the financial year. The ANAO will review the status of these remediation activities as part of the 2019–20 final audit phase.

Conclusion

4.3.23 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, and except for the findings outlined above, key elements of internal control were operating effectively to provide reasonable assurance that Defence will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.4 Department of Veterans’ Affairs

Overview

4.4.1 The Department of Veterans’ Affairs (DVA) is responsible for developing and implementing programs to assist the veteran and ex-service communities. This includes: granting pensions, allowances and other benefits, and providing treatment under the Veterans’ Entitlements Act 1986; the administration of benefits and arrangements under the Military Rehabilitation and Compensation and the Safety, Rehabilitation and Compensation (Defence-related Claims) legislation; administering the Defence Service Homes Act 1918 and the War Graves Act 1980; and conducting commemorative programs to acknowledge the service and sacrifice of Australian servicemen and women.

4.4.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, DVA has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: DVA’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and DVA’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.4.3 Figure 4.4.1 and Figure 4.4.2 show the 2019–20 departmental and administered financial statement items reported by DVA and the key areas of financial statements risk.

Figure 4.4.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.4.1 shows DVA’s departmental estimated actuals for the year ended 30 June 2020 as per DVA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.4.3.

Source: ANAO analysis and DVA’s 2019–20 revised budget as reported in the 2019–2020 Portfolio Additional Estimates Statements.

Figure 4.4.2: Key administered financial statements items and areas of financial statements risk

Figure 4.4.2 shows DVA’s administered estimated actuals for the year ended 30 June 2020 as per DVA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.4.3.

Source: ANAO analysis and DVA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.4.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DVA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DVA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.4.3 and the ANAO’s understanding of the operations of DVA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.4.5 Annual appropriation funding of $382.6 million (departmental) and $135.5 million (administered) was provided to DVA in 2019–20 to support the achievement of the entity’s outcomes.99 DVA was also budgeted to receive special appropriation funding of $10.4 billion100 for income and disability support, community and residential care, and various healthcare and rehabilitation services for war veterans, members of the Australian Defence Force, members of the Australian Federal Police and their dependants.

4.4.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multiyear101 funding was announced for entities. As part of that funding DVA was provided $1.04 million in 2019–20 to support departmental operations.

4.4.7 Table 4.4.1 and Table 4.4.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.4.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

432.6

11,997.4

Employee benefits

184.1

9.6

Suppliers

170.8

Depreciation and amortisation

42.9

Personal benefits

6,844.9

Health care payments

5,030.6

Payments to corporate entities

46.4

Other

34.8

65.9

Total own-source income

50.5

20.9

Net premium revenue

38.5

-

Other

12.0

20.9

Net (cost of)/contribution to services

(382.1)

(11,976.5)

     

Source: DVA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.4.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

420.1

1,694.4

Investments

62.5

1,475.8

Appropriation receivables

58.0

Trade and other receivables

66.9

74.1

Intangibles

70.2

Land and buildings

151.6

Other

10.9

144.5

Total liabilities

307.8

28,415.6

Suppliers and other payables

67.1

307.5

Employee provisions

64.2

2.3

Personal benefits provisions

15,174.6

Healthcare and other provisions

12,931.2

Other

176.5

Net assets/(liabilities)

112.3

(26,721.2)

     

Note: DVA’s estimated average staffing level for 2019–20 is 1,615.

Source: DVA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.4.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.4.3, including the area considered a Key Audit Matter (KAM) by the ANAO.

4.4.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.102 As at the interim phase, no additional financial statements risks have been identified for DVA. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.4.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

personal benefit and healthcare provisions

$23.5 billion

Valuation of military compensation provision

KAM

Higher

  • judgements involved in determining the assumptions and calculations underpinning the actuarial assessment of the military compensation provision, including assumptions relating to future trends in medical costs, permanent incapacity, and inflation rates;
  • increasing value of the provision as an unfunded liability; and
  • completeness of data used to derive the valuation.

Administered

personal benefits expense

$12.4 billion

health care expenses

$8.3 billion

Accuracy of personal benefits and health care payments

Higher

  • complexity of overseeing and maintaining a large number of IT business systems which are supported by the shared services provider, Services Australia;
  • complexity of legislation applicable to individual claims;
  • reliance on accurate and complete veteran-provided information; and
  • reliance on a risk-based quality assurance program to identify errors and initiate debt recovery arrangements in individual claims.
       

Source: ANAO 2019–20 risk assessment for DVA and DVA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.4.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of: IT general controls; manual controls relating to cash; asset management; supplier expenses; and employee benefits.

4.4.11 Audit procedures relating to: testing of application controls in key processing systems, accuracy of administered personal benefit and health care payments and review of the personal benefits and health care provision valuation will be performed during the final audit phase.

4.4.12 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.4.13 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that DVA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.5 Department of Education, Skills and Employment

Overview

4.5.1 The Department of Education, Skills and Employment (DESE) is responsible for ensuring Australians can experience the social wellbeing and economic benefits that quality education, training and employment provide.

4.5.2 The department was formerly known as the Department of Education and largely merges the functions of that entity with the now abolished Department of Employment, Skills, Small and Family Business (Employment).

4.5.3 The Administered Arrangement Order (AAO) of 29 May 2019 renamed the then Department of Jobs and Small Business — to become the Department of Employment, Skills, Small and Family Business and also transferred responsibility for skills, vocational education and training from the then Department of Education. An amending AAO on 8 August 2019 also transferred legislation relating to vocational student loans to Employment. A further AAO on 5 December 2019, effective 1 February 2020, resulted in the cessation of Employment with the employment and skills functions transferred back to DESE). Other functions transferred to the Industry, Attorney-General, and the Prime Minister and Cabinet portfolios.

4.5.4 Consistent with the Australian Government’s response to the COVID-19 pandemic, DESE has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: DESE’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and DESE’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.5.5 Figure 4.5.1 and Figure 4.5.2 show the 2019–20 departmental and administered financial statements items reported by DESE and the key areas of financial statements risk.

Figure 4.5.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.5.1 shows DESE’s departmental estimated actuals for the year ended 30 June 2020 as per DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of own source income, expenses, assets and liabilities.

Source: ANAO analysis and DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.5.2: Key administered financial statements items and areas of financial statements risk

Figure 4.5.2 shows DESE’s administered estimated actuals for the year ended 30 June 2020 as per DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.5.3.

Source: ANAO analysis and DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.5.6 The ANAO’s audit approach identifies key areas of risk that have the potential to impact DESE’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DESE’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.5.3 and the ANAO’s understanding of the operations of DESE, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.5.7 Annual appropriation funding of $775.2 million (departmental) and $3,636.9 million (administered) was provided to DESE in 2019–20 to support the achievement of the entity’s outcomes.103 DESE was also budgeted to receive special appropriation funding of $46.5 billion104 for child care, schools, and higher education, including research grants.

4.5.8 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year105 funding was announced for entities. As part of that funding DESE was provided $277.4 million in 2019–20 to support its skills, training and employment programs.

4.5.9 Table 4.5.1 and Table 4.5.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.5.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

826.3

43,434.3

Employee benefits

421.9

Suppliers

269.9

1,794.4

Subsidies

508.7

Personal benefits

8,525.0

Grants

31,336.2

Write-down and impairment of assets

1,153.2

Depreciation and amortisation

128.3

0.1

Finance costs

6.2

116.7

Total own-source income

87.8

1,770.8

Sale of goods and rendering of services

58.7

Other taxes

5.6

Interest

1,547.7

Gains

0.4

Other

28.7

217.5

Net (cost of)/contribution to services

(738.5)

(41,663.5)

     

Table 4.5.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

876.7

57,872.8

Trade and other receivables

199.9

671.2

Other investments

2,908.6

Other financial assets

1.9

54,209.2

Land and buildings

399.0

Property, plant and equipment

24.7

Intangibles

211.7

Other

39.5

83.8

Total liabilities

569.3

8,140.5

Suppliers

48.6

142.9

Other payables

1.1

22.9

Personal benefits

204.1

Grants

14.0

Personal benefits provision

655.5

Provision for grants

7,062.2

Employee provisions

166.9

Other

352.7

38.9

Net assets/(liabilities)

307.4

49,732.3

     

Note: DESE’s estimated average staffing level for 2019–20 is 3,387.

Source: DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.5.10 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.5.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.5.11 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.106 As at the interim phase, no additional financial statement risks have been identified for DESE. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.5.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

other financial assets: HELP receivable (a component of other financial assets balance of $54.2 billion)

write–down and impairment of assets (a component of write-down and impairment of assets balance of $1.2 billion)

HELP loans fair value losses (a component of write-down and impairment of assets balance of $1.2 billion)

The valuation of the outstanding loan receivable under the Higher Education Loan Program (HELP)

KAM

Higher

  • the balances of outstanding loans and impairment are derived from complex actuarial estimates and the estimate contains a degree of estimation uncertainty;
  • the complexity involved in estimating future income of individuals that need to repay HELP debts, the timing of expected repayments and the amount of the loan not expected to be recovered; and
  • payment data is reliant on sources external to DESE such as: the Australian Taxation Office; universities; and other third parties.

Administered

provision for grants $7.1 billion

other receivables - Higher Education Superannuation Program (HESP) (component of other financial assets balance of $54.2 billion)

The valuation of the HESP provision and receivable

KAM

Higher

  • the valuation of the HESP liability is subject to an actuarial estimation process and is highly sensitive to movements in discount factors and bond rates; and
  • the valuation is complex and depends on accurate source data provided by universities.

Administered

other financial assets: personal benefits receivable (a component of other financial assets balance of $54.2 billion)

liabilities:

personal benefits payable $204.1 million

personal benefits provision $655.5 million

Implementation and management of the Child Care Subsidy Legislation including the valuation of the childcare personal benefit provision and receivable balances and the accuracy and completeness of the child care subsidy expense.

KAM

Higher

  • complex legislation and administration arrangements that apply to child care benefits;
  • complex actuarial assessment supporting the balances;
  • payments are reliant on self-assessed information provided by child care service providers and claimants; and
  • the IT environment is highly dependent on external information systems which are administered by the Departments of: Social Services and Services Australia.

Administered

other financial assets: VSL receivable (a component of other financial assets balance of $54.2 billion)

write–down and impairment of assets (a component of write-down and impairment of assets balance of $1.2 billion)

VSL loans fair value losses (a component of write-down and impairment of assets balance of $1.2 billion)

Valuation of Vocational Student Loan (VSL) receivable

KAM

Higher

  • the balances of outstanding loans and impairment are derived from complex actuarial estimates and the estimate contains a degree of estimation uncertainty; and
  • the complexity involved in estimating future income of individuals that need to repay debts, the timing of expected repayments and the amount of the loan not expected to be recovered.

Administered

other financial assets: TSL receivable (a component of other financial assets balance of $54.2 billion)

write–down and impairment of assets (a component of write-down and impairment of assets balance of $1.2 billion)

TSL loans fair value losses (a component of write-down and impairment of assets balance of $1.2 billion)

Valuation of Trade Support Loan (TSL) receivable

KAM

Higher

  • the balances of outstanding loans and impairment are derived from complex actuarial estimates and the estimate contains a degree of estimation uncertainty; and
  • the complexity involved in estimating future income of individuals that need to repay debts, the timing of expected repayments and the amount of the loan not expected to be recovered.

Administered

all administered items

Completeness and accuracy of financial statement balances impacted by the complexity and range of IT systems used to maintain information and process payments

Moderate

  • large and complex IT environment with business applications processing a high volume of transactions;
  • many IT systems are bespoke or heavily customised to DESE; and
  • reliance on customised reports to prepare financial statements balances.

Administered

suppliers (a component of suppliers $1.8 billion)

subsidies (a component of subsidies $508.7 million)

personal benefits (a component of personal benefits $8.5 billion)

Accuracy and validity of administered supplier and subsidy expense payments related to the jobactive program

KAM

Moderate

  • payments are reliant on assessments made by third party service providers; and
  • the success of the department’s compliance activities is crucial to the integrity of the jobactive program.
       

Source: ANAO 2019–20 risk assessment for DESE and DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.5.12 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. Auditor-General Report No. 10 2019–20 Design and Governance of the Child Care Package did not include recommendations regarding risks to DESE’s financial administration as it relates to the financial statements. However, the observations of this report were considered in designing audit procedures.

Audit results

4.5.13 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: transactional processing of supplier expenses and payables, revenue and receivables, and payroll performed by the Department of Finance’s Service Delivery Office on behalf of DESE and the monitoring controls in place at DESE relating to these processes; reviewed controls relating to administered grants payments; HELP, Vocational Education and Training (VET) FEE-HELP and VET student loans; reconciliations between administered business systems and the financial information systems for grants payments, administered supplier and subsidy payments; personal benefits and subsidy payments; and grants expenditure. Interim audit coverage also included an assessment of IT general controls, IT application controls and the design and implementation of the jobactive compliance program.

4.5.14 Audit procedures relating to: accounting for the HELP, Vocational Education and Training (VET) FEE-HELP and VET student loans, HESP and personal benefits receivables and provisions; payments to providers, schools and universities; and detailed testing over the child care subsidy payments; administered supplier expenses; and review of the department’s monitoring of the jobactive compliance program, will be undertaken as part of the planned 2019–20 final audit.

4.5.15 To date, our audit coverage has not identified any new significant or moderate audit findings.

4.5.16 The following table summarises the status of audit findings reported by the ANAO in 2018–19.

Table 4.5.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

B

3b

1a

1b

L1

1

1

TOTAL

3

1

1

2

         

Note a: The moderate audit issue relating to Unauthorised Network Access has been downgraded to a minor audit finding.

Note b: Following the formation of the new department, the ANAO merged two separate but related findings into one unresolved finding, Monitoring of Database Activity.

Resolved moderate audit finding
Unauthorised Network Access (Education)

4.5.17 During the IT general control testing undertaken for the 2018–19 financial statements audit, the ANAO identified a network account that remained active after the employee had been terminated. This account did not have an ‘expiry date’ making this account fully accessible.

4.5.18 The account remained active as a result of the Exit Advice Notification (EAN) not being finalised when the employee terminated. Further testing identified additional cases where the EAN process was not followed, as well as other instances where network access had not been disabled on cessation of employment

4.5.19 In response to this finding, the Department has implemented a daily automated procedure to identify employees who have ceased employment and ensure that their network account is disabled. During the interim audit phase the ANAO undertook testing over terminations and identified a small number of exceptions where there was a delay between employment cessation and the disabling of the network account. These occurred before the automated procedure had been put in place. The ANAO has downgraded the finding and further testing will be conducted during the final audit phase to close it.

Unresolved moderate audit finding
Monitoring of Database Activity (Education and Employment)

4.5.20 IT databases supporting core departmental applications were managed and maintained at the then Department of Employment, Skills, Small and Family Business for both entities, with each entity maintaining responsibility for their own data. This finding applied to the databases supporting the financially significant applications for both entities in the 2018–19 audit.

4.5.21 The ANAO recommended during the 2018–19 interim audit that a regular and formalised process be put in place that will ensure the actions of privileged users at the database level are logged and monitored for all applications. It was also recommended that standard operating procedures providing support to this process should also be developed and formally approved by senior management.

4.5.22 During the interim audit phase of the 2019–20 audit, the ANAO reviewed the progress that has been made to address this finding. The Department is logging database activity and has implemented a tool to analyse the logs and report exceptions for manual review and follow up. An assessment has also been done across the financially significant systems, to identify the key database tables and fields to be monitored. The Department is now piloting the new process before implementing a wider rollout, with a standard operating procedure document drafted to support the process.

4.5.23 The ANAO has assessed the design of the control detailed above, and considers that it is effective to address the risks identified. Testing of implementation and operating effectiveness will be conducted during the final audit phase.

New L1 legislative compliance finding
S83 Breach — GST on payments to non-government schools

4.5.24 DESE makes payments to non-government schools in accordance with the Australian Education Act 2013 (AE Act). GST has historically been included in the payments since the introduction of GST in 2000. Legal advice obtained by DESE has confirmed that the AE Act did not provide authority for inclusion of GST in the amounts paid to non-government schools. The department has identified GST to the value of $14.6 billion included in the payments made to non-government schools over a period of 20 years.

4.5.25 To address this issue, it is acknowledged that DESE has acted to ensure the appropriate legislative amendments via the Australian Education Amendment (Direct Measure of Income) Act 2020.

4.5.26 The ANAO agrees with the assessment that the lack of a valid appropriation for the inclusion of GST in the payments to non-government schools is a significant legislative breach and recommended that appropriate disclosures be made in DESE’s 2019–20 financial statements including quantification of the amount of the breaches, and disclosure of changes to the relevant legislation and internal processes within the department.

4.5.27 The ANAO also awaits the outcome of DESE’s consultations regarding the recognition/waiver of debt associated with the GST amounts.

Conclusion

4.5.28 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, and except for the finding outlined above, key elements of internal control were operating effectively to provide reasonable assurance that DESE will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.6 Department of Finance

Overview

4.6.1 The Department of Finance (Finance) is responsible for supporting the Government’s Budget process and oversight of public sector resource management, governance and accountability frameworks. In addition, the department is responsible for the preparation of the annual Consolidated Financial Statements (CFS), which includes the whole-of-government and the general government sector financial statements and the Australian Government’s financial outcome.

4.6.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, Finance has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: Finance’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Finance’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.6.3 Figure 4.6.1 and Figure 4.6.2 show the 2019–20 departmental and administered financial statements items reported by Finance and the key areas of financial statements risk.

Figure 4.6.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.6.1 shows Finance’s departmental estimated actuals for the year ended 30 June 2020 as per Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.6.3.

Source: ANAO analysis and Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.6.2: Key administered financial statements items and area of financial statements risk

Figure 4.6.2 shows Finance’s administered estimated actuals for the year ended 30 June 2020 as per Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.6.3.

Source: ANAO analysis and Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.6.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Finance’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Finance’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.6.3 and the ANAO’s understanding of the operations of Finance, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.6.5 Annual appropriation funding of $445.9 million (departmental) and $566.2 million (administered) was provided to Finance in 2019–20 to support the achievement of the entity’s outcomes.107 Finance was also budgeted to receive special appropriation funding of $8,672.8 million.108 The special appropriation funding is largely to settle payments for superannuation liabilities.

4.6.6 Finance is responsible for the payment of superannuation through public sector civilian (non-Defence) superannuation schemes. Finance recognises the unfunded liability on behalf of the Commonwealth and meets the ongoing payments of superannuation liabilities. The majority of the liabilities are managed by the Commonwealth Superannuation Corporation on behalf of the Commonwealth.

4.6.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year109 funding was announced for entities. No funding was appropriated to Finance in 2019–20 for COVID-19.

4.6.8 Table 4.6.1 and Table 4.6.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.6.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

573.9

10,940.0

Employee benefits

160.8

327.3

Suppliers

186.7

224.9

Depreciation and amortisation

62.4

62.1

Insurance claims

136.6

Superannuation

8,283.9

Distributions from investment funds

2,031.1

Other

27.4

10.7

Total own-source income

304.5

2,403.2

Sale of goods and rendering of services

74.0

3.9

Insurance premiums

139.1

Superannuation contributions

1,101.1

Interest and dividends

1,145.8

Gains on sale of investments

138.6

Rental income

74.0

Other

17.4

13.8

Net (cost of)/contribution to services

(269.4)

(8,536.9)

     

Source: Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.6.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

3,443.7

42,721.4

Cash and cash equivalents

698.3

Trade and other receivables

152.5

119.8

Land and buildings (including investment properties)

2,377.3

253.7

Property, plant and equipment

83.6

88.1

Intangibles

111.9

3.8

Investments

42,207.5

Other

20.1

48.5

Total liabilities

1,121.1

138,330.7

Suppliers

42.3

12.7

Employee provisions

67.8

325.7

Return of equity

57.1

Superannuation provision

137,481.9

Insurance provisions

473.7

Leases

438.3

240.6

Other

41.9

269.8

Net assets/(liabilities)

2,322.6

(95,609.3)

     

Note: Finance’s estimated average staffing level for 2019–20 is 1,237.

Source: Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.6.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.6.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.6.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.110 In addition to the risks identified in chapter four, the ANAO has identified additional risk factors for Finance’s financial statements relating to valuation of the superannuation provision and the valuation of properties. The implications of these risks are in the process of being considered by the ANAO and as a result have not been included in Table 4.6.3. The key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.6.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

superannuation provision

$137.5 billion

Valuation of the superannuation provision

KAM

Higher

  • complex calculation of each superannuation fund’s liability and sensitivity of each fund to demographic factors and other movements, such as salary growth and bond rates; and
  • reliance on the Commonwealth Superannuation Corporation for the processing of superannuation benefit payments and the provision of complete and accurate data to Finance’s actuary.

Departmental

insurance provision

$473.7 million

Valuation of the outstanding claims liability under the Australian Government’s self-managed general insurance fund

KAM

Higher

  • complex calculation based on assumptions that require significant judgement; and
  • reliance on the control environment of an external service provider for the effective management of the claims process.

Departmental

land and buildings (including investment properties)

$2,377.3 million

Valuation of properties

KAM

Moderate

  • use of different valuation methods that require significant judgement on the selection of assumptions within the valuation models across a large portfolio of properties.
       

Source: ANAO 2019–20 risk assessment for Finance, and Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.6.11 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: administered investment funds, property management, payroll management and supplier expenditure. As part of the interim coverage, the ANAO has also assessed controls relating to the payment of entitlements to Parliamentarians and their staff.

4.6.12 Audit procedures relating to valuations: of superannuation provisions; insurance provisions and properties will be undertaken as part of the 2019–20 final audit. In addition, we will complete IT general and application controls over the Service Delivery Office and other relevant systems during the final phase of the audit.

4.6.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.6.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that Finance will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.7 Future Fund Management Agency and the Board of Guardians

Overview

4.7.1 The Future Fund Board of Guardians supported by the Future Fund Management Agency (together the Future Fund) is responsible for investing the assets of the Future Fund under the Future Fund Act 2006 and other investment funds, managed on behalf of the Department of Finance, under the DisabilityCare Australia Fund Act 2013, the Medical Research Future Fund Act 2015, the Aboriginal and Torres Strait Islander Land and Sea Future Fund Act 2018, the Emergency Response Fund Act 2019, and the Future Drought Fund Act 2019, for the benefit of future generations of Australians.

4.7.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, the Future Fund has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: the Future Fund’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and the Future Fund’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.7.3 Figure 4.7.1 and Figure 4.7.2 show the 2019–20 departmental and administered financial statement items reported by Future Fund, and the key areas of financial statements risk.

Figure 4.7.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.7.1 shows Future Fund’s departmental estimated actuals for the year ended 30 June 2020 as per the 2019-20 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.7.3.

Source: ANAO analysis and Future Fund’s 2019–20 budget as reported in the 2019–2020 Portfolio Budget Statements.

Figure 4.7.2: Key administered financial statements items and areas of financial statements risk

Figure 4.7.2 shows Future Fund’s administered estimated actuals for the year ended 30 June 2020 as per the 2019-20 Portfolio Budget Statements, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.7.3.

Source: ANAO analysis and Future Fund’s 2019–20 budget as reported in the 2019–2020 Portfolio Budget Statements.

4.7.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact the Future Fund’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of the Future Fund’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.7.3 and the ANAO’s understanding of the operations of Future Fund, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.7.5 From May 2006 to November 2008, the Government made cash contributions to the Future Fund totalling $51.3 billion as well as providing Telstra shares to the value of $9.2 billion. No further Government contributions have been received since this time.

4.7.6 As a result, the operational functions of the Future Fund are funded through payments from the administered Future Fund special account and the other Australian Government Investment Funds. In 2019–20, these payments are estimated to total $92.3 million.

4.7.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year111 funding was announced for entities. No funding was appropriated to the Future Fund in 2019–20 for COVID-19.

4.7.8 Table 4.7.1 and Table 4.7.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.7.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental budget
($m) 2019–20

Administered budget
($m) 2019–20

Total expenses

92.3

452.6

Employee benefits

55.2

0.9

Suppliers

33.2

451.7

Depreciation and amortisation

3.9

Total own-source income

92.3

9,795.9

Payments from the Future Fund special account

86.6

Payments from the Australia Government Investment Funds

5.6

Interest and dividends

5,875.7

Other gains

3,920.2

Other

0.1

Net (cost of)/contribution to services

9,343.3

     

Source: Future Fund’s 2019–20 budget as reported in the 2019–20 Portfolio Budget Statements.

Table 4.7.2: Key assets and liabilities

Assets and liabilities

Departmental budget
($m) 2019–20

Administered budget
($m) 2019–20

Total assets

34.8

163,625.1

Trade and other receivables

26.8

2,132.2

Non-financial assets

8.0

Investments

161,492.9

Total liabilities

34.8

982.0

Employee provisions

11.4

Suppliers payable

3.4

23.5

Investment settlement liabilities

20.0

958.5

Net assets/(liabilities)

162,643.1

     

Note: Future Fund’s estimated average staffing level for 2019–20 is 182.

Source: Future Fund’s 2019–20 budget as reported in the 2019–20 Portfolio Budget Statements.

Key areas of financial statements risk

4.7.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.7.3 including the area considered a Key Audit Matters (KAM) by the ANAO.

4.7.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.112 In addition to the risks identified in chapter four, the ANAO has identified additional risk factors for the Future Fund’s financial statements relating to the valuation of private and public market investments. The implications of these risks are in the process of being considered by the ANAO and as a result have not been included in Table 4.7.3. The key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.7.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

Investments – Collective Investments

$161.5 billion

Valuation of private market investments

KAM

Higher

  • The size of the investments and the inherent subjectivity and significant judgements and estimates required where market data is not available to determine the fair value of these investments.

Administered

Investments

$161.5 billion

Valuation of public market investments

Moderate

  • The size of the investments and the reliance on the valuation undertaken by the custodian.
       

Source: ANAO 2019–20 risk assessment for the Future Fund and the Future Fund’s 2019–20 budget as reported in the 2019–20 Portfolio Budget Statements.

Audit results

4.7.11 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to the management of investments; monitoring of service providers; and operational expenses incurred by the Future Fund.

4.7.12 The valuation of investments, including the assessment of controls that reside within the outsourced custodian, will be completed as part of the 2019–20 final audit.

4.7.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.7.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that the Future Fund will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.8 Department of Foreign Affairs and Trade

Overview

4.8.1 The Department of Foreign Affairs and Trade (DFAT) supports Australia’s foreign, trade and investment, development and international security policy priorities. DFAT is the lead agency managing Australia’s international presence and will lead efforts to maximise Australia’s security and prosperity through implementation of the Foreign Policy White Paper.

4.8.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, DFAT has implemented a range of measures, including enabling staff to work remotely where operational requirements allow and deploying staff to other agencies and taskforces. The measures have also included the repatriation of non-essential Australian staff from overseas posts. These working arrangements may impact: DFAT’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and DFAT’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.8.3 Figure 4.8.1 and Figure 4.8.2 show the 2019–20 departmental and administered financial statement items reported by DFAT and the key areas of financial statements risk.

Figure 4.8.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.8.1 shows DFAT’s departmental estimated actuals for the year ended 30 June 2020 as per DFAT’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.8.3.

Source: ANAO analysis and DFAT’s 2019–20 revised budget as reported in the 2019–2020 Portfolio Additional Estimates Statements.

Figure 4.8.2: Key administered financial statements items and areas of financial statements risk

Figure 4.8.2 shows DFAT’s administered estimated actuals for the year ended 30 June 2020 as per DFAT’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.9.3.

Source: ANAO analysis and DFAT’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.8.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DFAT’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DFAT’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.8.3 and the ANAO’s understanding of the operations of DFAT, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.8.5 Annual appropriation funding of $1,613.7 million (departmental) and $4,576.8 million (administered) was provided to DFAT in 2019–20 to support the achievement of the entity’s outcomes.113

4.8.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year114 funding was announced for entities. As part of that funding DFAT was provided $10.6 million in 2019–20 to support departmental operations.

4.8.7 Table 4.8.1 and Table 4.8.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.8.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

1,796.1

4,426.8

Employee benefits

850.3

Suppliers

608.4

Depreciation and amortisation

319.2

0.5

International Development Assistance (IDA)

3,151.6

Multilateral replenishments

556.7

Other contributions

569.2

Other

18.2

148.8

Total own-source income

165.6

676.0

Sale of goods and rendering of services

153.7

Fees and charges

569.7

Other

11.9

106.3

Net (cost of)/contribution to services

(1,630.5)

(3,750.8)

     

Source: DFAT’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.8.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

5,834.2

3,272.4

Cash and cash equivalents

375.8

29.4

Trade and other receivables

414.2

31.6

Multilateral investments

2,485.9

Land and buildings

4,441.0

Property, plant and equipment

349.5

Other

253.7

725.5

Total liabilities

1,376.5

2,010.3

Suppliers payable

103.7

Multilateral replenishments payable

1,786.8

Other payables

986.9

136.6

Employee provisions

260.4

86.9

Other provisions

25.5

Net assets/(liabilities)

4,457.7

1,262.1

     

Note: DFAT’s estimated average staffing level for 2019–20 is 5,810.

Source: DFAT’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.8.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.8.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.8.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.115 As at the interim phase, no additional financial statements risks have been identified for DFAT. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.8.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Departmental

sale of goods and rendering of services

$153.7 million

Accuracy of revenue for rental accommodation and other services provided to other Government entities at overseas posts

Higher

  • multiple sources of revenue; and
  • revenue is assessed based on partner agencies’ staffing profiles at post, agreed floor space and other factors.

Departmental

land and buildings

$4.4 billion

Valuation of the department’s overseas property portfolio

KAM

Higher

  • variety of valuation methodologies applied;
  • subject to complex estimation and judgements affected by market conditions at overseas locations and foreign exchange adjustments; and
  • the management of overseas property is undertaken by a third party through contract arrangements.

Administered

International Development Association (IDA) and Asian Development Fund (ADF) multilateral investments assets

$2.5 billion

multilateral replenishments payable

$1.8 billion

Valuation of IDA and ADF investments and associated liabilities

Moderate

  • judgements, which involve timing of future cash flows, currency and interest rate risks and selection of appropriate discount rates; and
  • complexity of the membership arrangements determines Australia’s share in the funds.

Administered & Departmental

all financial statement line items

international development assistance expenses

$3.2 billion

Completeness and accuracy of financial information associated with overseas posts

KAM

Moderate

  • financial information is collected through decentralised operations; and
  • locally engaged staff payments are subject to various employee conditions and benefits based on local laws and regulations.

Departmental

a component of land and buildings

$4.4 billion

lease liability

$920.1 million

Valuation and completeness of Right of Use assets and the associated liability

Moderate

  • first time adoption of AASB 16 Leases; and
  • significant number of leases held in multiple countries.
       

Source: ANAO 2019–20 risk assessment for DFAT and DFAT’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.8.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: administered passport revenue, administered aid programs, cash management, Australian Public Service (APS) engaged employees and supplier expenditure.

4.8.11 Interim audit coverage has also been completed over the department’s IT general controls in the Financial Management Information System (FMIS) and Human Resource Management Information System (HRMIS).

4.8.12 Audit procedures relating to: assets, appropriations, overseas based (excluding APS) employees, departmental revenue for rental accommodation and services provided to other entities at overseas posts will be undertaken as part of the planned 2019–20 final audit.

4.8.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.8.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that DFAT will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.9 Department of Health

Overview

4.9.1 The Department of Health (Health) is responsible for achieving the Australian Government’s health outcomes in the areas of: health system policy, design and Innovation; health access and support services; sport and recreation; individual health benefits; regulation, safety and protection; and ageing and aged care. This includes administering programs and services, such as Medicare and the Pharmaceutical Benefits Scheme, and forming partnerships with the states and territories as well as other stakeholders.

4.9.2 Services Australia delivers approximately $59 billion of health related payments on behalf of Health. These payments primarily relate to the Medicare Benefits Schedule, the Pharmaceutical Benefits Scheme, the Private Health Insurance Rebate and services funded under the Aged Care Act 1997.

4.9.3 Consistent with the Australian Government’s response to the COVID-19 pandemic, Health has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: Health’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Health’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.9.4 Figure 4.9.1 and Figure 4.9.2 show the 2019–20 departmental and administered financial statements items reported by Health and the key areas of financial statements risk.

Figure 4.9.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.9.1 shows Health’s departmental estimated actuals for the year ended 30 June 2020 as per Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 3.13.3.

Source: ANAO analysis and Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.9.2: Key administered financial statement items and areas of financial statements risk

Figure 4.9.2 shows Health’s administered estimated actuals for the year ended 30 June 2020 as per Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.9.3.

Source: ANAO analysis and Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.9.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Health’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Health’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.9.3 and the ANAO’s understanding of the operations of Health, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.9.6 Annual appropriation funding of $774.1 million (departmental) and $11.6 billion (administered) was provided to Health in 2019–20 to support the achievement of the entity’s outcomes.116 Health was also budgeted to receive special appropriation funding of $25.0 billion117 for payments and rebates made under legislation including: Aged Care Act 1997 ($16.6 billion); Private Health Insurance Act 2007 ($6.3 billion); and National Health Act 1953 ($1.6 billion).

4.9.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year118 funding was announced for entities. As part of that funding Health was provided $1.3 billion in 2019–20 to provide support across primary care, aged care, hospitals, research and the national medical stockpile.

4.9.8 Table 4.9.1 and Table 4.9.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.9.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

895.9

73,690.0

Employee benefits

489.6

Suppliers

317.0

1,237.6

Subsidies

13,160.8

Depreciation and amortisation and written down impairment

82.9

15.7

Personal benefits

49,244.2

Grants

9,405.7

Payments to corporate Commonwealth entities

618.9

Interest on right of use assets

3.9

Other

2.5

7.1

Total own-source income

201.6

41,210.9

Sale of goods and rendering of services

196.4

Other revenue & gains

5.2

Recoveries

2,820.4

Interest

14.6

Other taxes

23.3

Special account transfers

37,950.7

Other

401.9

Net (cost of)/contribution to services

(694.3)

(32,479.1)

     

Source: Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.9.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

1,017.5

5,125.0

Receivables

119.9

3,607.0

Cash and cash equivalents

102.7

789.2

Investments

602.4

Inventories

126.4

Land and buildings

535.0

Property, plant and equipment

6.9

Intangibles

220.3

Other

32.7

Total liabilities

842.9

3,531.9

Personal benefits provision

1,643.9

Subsidies payable

106.3

Suppliers payable

94.6

28.0

Grants payable

423.8

Other payables

33.4

Personal benefits provision

899.9

Subsidies provision

430.0

Leases –Interest bearing

521.4

Employee provision

162.7

Other

30.8

Net assets/(liabilities)

174.6

1,593.1

     

Note: Health’s estimated average staffing level for 2019–20 is 3,845.

Source: Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.9.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.9.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.9.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.119 As at the interim phase, no additional financial statements risks have been identified for Health. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.9.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

subsidies

$13.2 billion

Accuracy of Residential Care subsidies

KAM

Higher

  • payment of aged care subsidies to nursing home providers are based on Aged Care Funding Instrument assessments prepared by the same providers and involve judgements regarding the level of patient care.

Administered

personal benefits

$49.2 billion

Accuracy of personal benefit payments including medical benefits and pharmaceutical benefit payments

KAM

Higher

  • volume and complexity of health care payments with varying eligibility requirements; and
  • processed by Services Australia on complex IT systems.

Administered

personal benefits provisions

$900.0 million

Valuation of the Medicare and Pharmaceuticals Outstanding Claims provisions

KAM

Higher

  • judgements over future claims and economic assumptions including discount rate and future claims that underpin the estimation indemnity provisions and rely on the quality of underlying data.

Departmental

sale of goods and rendering of service

$196.4 million

Estimation of revenue related to the Therapeutic Goods Administration

Moderate

  • the estimation of revenue under the Therapeutic Goods Act 1989 involves judgements and assumptions related to the assessment of registration and conformity fees.

Administered

recoveries

$2.8 billion

Completeness and accuracy of Pharmaceutical Benefits Scheme recovery revenue

Moderate

  • manual calculation of complex information in spreadsheets;
  • reliance on data sourced from Services Australia; and
  • complex arrangements in place with pharmaceutical companies for the recovery of expenditure.

Administered

subsidies provision

$430.0million

Valuation of the Medical Indemnity provisions

KAM

Moderate

  • judgements over future claims and economic assumptions (including discount rate and future claims) that underpin the estimation indemnity provisions, and reliance on the quality of underlying data.

Administered

grants expense

$9.4 billion

Accuracy and occurrence of grant payments.

Moderate

  • significant number of grant programs are administered by Health with different eligibility criteria.
       

Source: ANAO 2019–20 risk assessment for Health and Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.9.11 The ANAO has undertaken its 2019–20 interim audit coverage, including an assessment of the controls relating to: IT security and change management in the financial management information system and human resource management information system; cash and appropriations management; supplier expenses; assets; payroll processing; Therapeutic Goods Administration revenue; personal benefits; subsidies; and grant payments.

4.9.12 Other areas of audit focus, including the compliance processes for Aged Care subsidies and Medicare payments, and an assessment of the valuation methodologies used to estimate the medical indemnity program and Medicare outstanding claims liability provisions, will be performed as part of the 2019–20 final audit.

4.9.13 To date, our audit coverage has not identified any new significant or moderate audit findings.

4.9.14 The following table summarises the status of audit findings reported by the ANAO in 2019–20.

Table 4.9.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

B

1

1

TOTAL

1

1

         
Resolved moderate audit finding
Monitoring of Privileged User Activity

4.9.15 During the 2018–19 interim audit, the ANAO’s testing identified weaknesses in the monitoring of users with privileged access to IT business systems relevant to the collection of Therapeutic Goods Administration revenue and management of aged care providers. Privileged user access typically allows users to make significant changes to the IT business systems configuration and operations, and bypass critical security and segregation of duties settings. A lack of monitoring of privileged user activity increases the risk of unauthorised changes to business systems and underlying data. Privileged user access, should be appropriately restricted, logged and regularly monitored.

4.9.16 The ANAO tested the new controls implemented by Health and found it to be operating effectively.

Conclusion

4.9.17 Based on our interim audit coverage which was largely conducted in a pre COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that Health will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.10 Department of Home Affairs

Overview

4.10.1 The Department of Home Affairs (Home Affairs) coordinates policy and operations for Australia’s national and transport security, federal law enforcement, criminal justice, cyber security, border, immigration, multicultural affairs, emergency management and trade related functions.

4.10.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, Home Affairs has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: Home Affairs’ internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Home Affairs’ ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.10.3 Figure 4.10.1 and Figure 4.10.2 show the 2019–20 departmental and administered financial statements items reported by Home Affairs and the key areas of financial statements risk.

Figure 4.10.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.10.1 shows Home Affairs’ departmental estimated actuals for the year ended 30 June 2020 as per Home Affair’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.10.3.

Source: ANAO analysis and Home Affairs’ 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.10.2: Key administered financial statements items and areas of financial statements risk

Figure 4.10.2 shows Home Affairs’ administered estimated actuals for the year ended 30 June 2020 as per Home Affair’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.10.3.

Source: ANAO analysis and Home Affairs’ 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.10.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Home Affairs’ financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Home Affairs’ environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.10.3 and the ANAO’s understanding of the operations of Home Affairs, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items

4.10.5 Annual appropriation funding of $2,994.6 million (departmental) and $2,476.1 million (administered) was provided to Home Affairs in 2019–20 to support the achievement of the entity’s outcomes.120 Home Affairs was also budgeted to receive special appropriation funding of $1.0 billion.121 Special appropriation funding is used for payment of refunds of customs duty and visa application charges and for the return of customs duty paid upon export of an item.

4.10.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year122 funding was announced for entities. As part of that funding Home Affairs was provided $18.7 million in 2019–20 to support operations relevant to protecting Australia’s national security, emergency management, law enforcement and managing its border.

4.10.7 Table 4.10.1 and Table 4.10.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.10.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

3,337.7

3,293.8

Employee benefits

1,591.7

Suppliers

1,049.4

2,147.7

Depreciation and amortisation

657.6

101.4

Personal benefits

791.0

Other

39.0

253.7

Total own-source income

289.7

25,151.2

Sale of goods and rendering of services

180.6

Customs duty

20,799.5

Other taxes

4,252.1

Fees and fines

13.3

48.2

Other

95.8

51.4

Net (cost of)/contribution to services

(3,048.0)

21,857.4

     

Source: Home Affairs’ 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.10.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

4,357.7

1,418.3

Trade and other receivables

511.2

88.7

Taxation receivables

288.2

Land and buildings

2,247.5

724.6

Property, plant and equipment

827.6

235.5

Intangibles

625.7

0.9

Other

145.7

80.4

Total liabilities

3,056.4

479.7

Employee provision

474.1

Payables

256.7

428.7

Other

2,325.6

51.0

Net assets/(liabilities)

1,301.3

938.6

     

Note: Home Affairs’ estimated average staffing level for 2019–20 is 14,245.

Source: Home Affairs’ 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.10.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.10.3 including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.10.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.123 As at the interim phase, no additional financial statements risks have been identified for Home Affairs. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.10.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

customs duty revenue

$20.8 billion

customs duty (a component of taxation receivable $288.2 million)

Completeness and accuracy of customs duty collections and refunds

KAM

Higher

  • the significant value of customs duty revenue;
  • the self-assessment nature of the import declaration process;
  • reliance on compliance risk management processes over the completeness of revenue; and
  • the complexity of the information technology (IT) environment used to manage customs duty.

Administered

visa application charges (a component of other taxes $4.3 billion)

Completeness and accuracy of the collection of visa revenue

KAM

Higher

  • the significant value of visa application charges;
  • the decentralised approach to the collection of visa revenue which occurs in a number of locations domestically and internationally, using a number of payment mechanisms; and
  • the complexity of the IT environment used to collect and process visa application charges.

Administered

services rendered - detention (component of suppliers expenses)

$2.1 billion

Accuracy of detention and regional processing centres’ expenses

KAM

Higher

  • the significance of expenses and complexity of contracts associated with managing the detention and regional processing centres; and
  • the variability of the costs associated with administering the detention and regional processing network, as the level of expenses is dependent on the rate of arrival and detention of these people.

Administered

SRSS personal benefits expenses (a component of personal benefits expenses)

$791.1 million

Completeness and accuracy of payments of personal benefits under the Status Resolution Support Services (SRSS) program

Moderate

  • complex eligibility criteria for the categories of allowable personal benefits;
  • payments are made under third-party arrangements with Services Australia and other providers; and
  • the self-assessment nature of the personal benefits process.

Administered

non-financial assets

$965.3 million

Valuation of detention and regional processing centres

Moderate

  • the complexity of performing valuations in a range of markets given the geographically dispersed land, buildings and equipment including assets located overseas; and
  • the financial implications of the closure of regional processing centres.

Departmental

employee benefits expense

$1.6 billion

employee provision

$474.1 million

Completeness and accuracy of employee entitlements

Moderate

  • selected Home Affairs staff are entitled to a range of allowances, subject to a number of conditions; and
  • staff are located both in Australia and overseas, including locally engaged staff who may be entitled to varying employment conditions and benefits based on local laws and regulations.

Administered and Departmental

multiple financial statements line items

Completeness and accuracy of financial information associated with overseas posts

Moderate

  • decentralised nature of operations and controls; and
  • managed under third party arrangements through service level agreements with the Department of Foreign Affairs and Trade, and the Australian Trade and Investment Commission (Austrade).
       

Source: ANAO 2019–20 risk assessment for Home Affairs and Home Affairs’ 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.10.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: collection of customs duty revenue and visa application revenue; the management of the onshore immigration detention centres and overseas regional processing centres; accounting for employee entitlements; and the reporting of overseas transactions.

4.10.11 Interim audit coverage has also included an assessment of IT general controls, including security and change management processes relevant to the financial management information system and human resources management information system.

4.10.12 Audit procedures relating to: payment of personal benefits; IT application controls; and testing on the processes above for the remainder of the financial year will be undertaken as part of the 2019–20 final audit.

4.10.13 The following table summarises the status of audit findings reported by the ANAO in 2019–20.

Table 4.10.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

1

1a

B

1a

1

TOTAL

1

1

1

1

         

Note a: The significant audit finding relating to Visa and Citizenship Quality Management was identified during the 2018–19 audit. This audit finding was downgraded to a moderate audit finding.

Unresolved moderate audit finding
Visa and Citizenship Quality Management

4.10.14 Home Affairs established a Secretary Instruction and Quality Management Policy to mandate regular quality assurance reviews to improve consistency in decision making and ensure the effective identification and management of emerging business risks relating to the assessment and issuance of visas and citizenship. Consistent with this Instruction and Policy, a Visa and Citizenship Quality Management Framework (VCQMF) was established in 2014 with purposes including:

  • identifying existing and emerging risks, including the risk of inappropriate or incorrect visa and citizenship decisions;
  • the development and implementation of effective controls to mitigate identified risks;
  • regularly testing controls using quality management and assurance activities to determine whether all key risks have been identified and are being effectively controlled;
  • ensuring a consistent approach to visa and citizenship decision quality;
  • the development of support tools that capture and measure the level of correctness and accuracy of visa and citizenship decisions; and
  • identifying opportunities for improvement and staff training requirements.

4.10.15 The 2018–19 audit identified:

  • throughout the international posts and visa program areas, there was significant non-compliance with the required quality assurance sample rate;
  • there is no evidence of alternative assurance activities that compensate for the reduced level of assurance due to sample rates not being achieved;
  • required reporting relating to the outcome of quality assurance management was suspended between January and June 2019 while capability of the tool was enhanced. This has significantly reduced oversight of activities being undertaken;
  • Home Affairs was not able to demonstrate sufficient reporting to the Executive and Audit Committee to facilitate their assessment and action including independent advice and assurance by the Audit Committee regarding the appropriateness of the system of risk oversight and management and system of internal control; and
  • certain content in the existing framework document is out of date.

4.10.16 The ANAO concluded that the audit finding did not impact the calculation and recognition of visa revenue in the financial statements. The significant non-adherence to the related requirements undermines:

  • the assurance that was being obtained by management over key controls and the appropriateness of decisions, and the adequacy and validity of reports to the executive for strategic policy decisions;
  • effective risk and resource management, including informed identification, and adjustment to risk mitigation activities; and
  • opportunities for improvement and staff training requirements.

4.10.17 During 2019–20, Home Affairs has:

  • progressed the drafting of revised framework documents and commenced stakeholder consultation;
  • implemented an assurance activity procedural instruction to articulate the roles, responsibilities and expectations for rolling implementation from 1 July 2019. This includes:
  • the requirement that programs develop and implement appropriate quality control and quality assurance activities within their program as defined in their Quality Management Plan. Program sample size expectations are to be communicated within Quality Management Plans; and
  • Executive and centrally managed monitoring and reporting;
  • commenced the development of program Quality Management Plans;
  • significantly enhanced the compliance rate by location of required sample rates;
  • implemented Executive dashboard reporting; commenced regular reporting to the Immigration and Citizenship Steering Group of compliance with expected sample rates and analysis of the results of samples undertaken; and introduced quarterly communication to program managers regarding performance and reinforcing expectations. Regular reporting to the Audit Committee on the performance of quality management has yet to commence. Home Affairs has reported to the Audit Committee on the progress of the remediation of the audit finding;
  • completed system enhancements and commenced a post-implementation review to assess the effectiveness of enhancements made;
  • commenced the development of processes to be applied where control frameworks or key controls are found to be ineffective and necessitate corrective action and alternative assurance or compensating controls being established. This has included mapping and performing maturity assessments of existing controls; and
  • commenced a process to obtain further leverage from results in informing decisions regarding risk assessments at strategic and location levels and the required levels of assurance, including through sampling and other activity.

4.10.18 The ANAO will continue to assess progress made by Home Affairs during the 2019–20 final audit phase.

Conclusion

4.10.19 Based on our interim audit coverage which was largely conducted in a pre COVID-19 environment, and except for the finding outlined above, key elements of internal control were operating effectively to provide reasonable assurance that Home Affairs will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.11 Department of Industry, Science, Energy and Resources

Overview

4.11.1 The Department of Industry, Science, Energy and Resources (Industry) is responsible for supporting science and commercialisation; growing business investment and improving business capability; developing northern Australia; streamlining regulation; developing and implementing a national response to climate change; improving Australia’s energy supply, efficiency, quality, performance and productivity; and facilitating the growth of small and family business.

4.11.2 Industry continues to offer a grants hub and shared service centre which provides other Commonwealth entities with administrative support including grants administration and payments processing; human resources and financial transactions processing and the provision of management information systems supporting these processes.

4.11.3 As a result of the Administrative Arrangement Orders effective 1 February 2020 the Department of Industry, Science, Energy and Resources was created from a merger of: the Department of Industry, Innovation and Science; the energy and climate change functions (excluding climate science and adaptation) from the Department of the Environment and Energy; and small business functions from the Department of Employment, Skills, Small and Family Business.

4.11.4 Consistent with the Australian Government’s response to the COVID-19 pandemic, Industry has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: Industry’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Industry’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.11.5 Figure 4.11.1 and Figure 4.11.2 show the 2019–20 departmental and administered financial statements items reported by Industry and the key areas of financial statements risk.

Figure 4.11.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.11.1 shows Industry’s departmental estimated actuals for the year ended 30 June 2020 as per as Industry’s 2019–20 Portfolio Additional Estimates Statements (reflecting Industry’s structure and outcomes, post machinery of government changes), categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.11.3.

Source: ANAO analysis of Industry’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Industry’s structure and outcomes, post machinery of government changes).

Figure 4.11.2: Key administered financials statement items and areas of financial statements risk

Figure 4.11.2 shows Industry’s administered estimated actuals for the year ended 30 June 2020 as per as per as Industry’s 2019–20 Portfolio Additional Estimates Statements (reflecting Industry’s structure and outcomes, post machinery of government changes), categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.11.3.

Source: ANAO analysis of Industry’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Industry’s structure and outcomes, post machinery of government changes).

4.11.6 The ANAO’s audit approach identifies key areas of risk that have the potential to impact Industry’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Industry’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.11.3 and the ANAO’s understanding of the operations of Industry, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.11.7 Annual appropriation funding124 of $512.9 million (departmental) and $765.1 million (administered) was provided to Industry in 2019–20 to support the achievement of the entity’s outcomes.125 Industry was also budgeted to receive special appropriation funding of $532.1 million126 which includes: loan funding relating to the Northern Australia Infrastructure Facility; funding provided to the National Offshore Petroleum Safety and Environmental Management Authority; and the Automotive Transformation Scheme.

4.11.8 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year127 funding was announced for entities. No funding was appropriated to Industry in 2019–20 for COVID-19.

4.11.9 Table 4.11.1 and Table 4.11.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.11.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

611.7

2,195.7

Employee benefits

334.1

7.4

Suppliers

205.0

125.8

Depreciation and amortisation

61.0

2.8

Write-down and impairment of assets

Subsidies

39.9

Grants

6.1

502.0

Payments to corporate Commonwealth entities

1,377.9

Concessional loan discount

Other

5.5

139.9

Total own-source income

112.8

1,341.1

Royalties

1,131.9

Sale of goods and rendering of services

101.3

Other

11.5

209.2

Net (cost of)/contribution by services

(498.9)

(854.6)

     

Source: Industry’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Industry’s structure and outcomes, post machinery of government changes).

Table 4.11.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

597.1

25,051.1

Investments

19,510.1

Trade and other receivables

106.0

370.5

Other financial assets

21.0

5,163.6

Land and buildings

345.9

1.6

Property, plant and equipment

51.6

0.8

Other

72.6

4.5

Total liabilities

430.3

100.6

Leases

253.2

1.3

Employee provisions

105.3

1.8

Grants payable

0.2

66.3

Other

71.6

31.2

Net assets/(liabilities)

166.8

24,950.5

     

Note: Industry’s estimated average staffing level for 2019–20 is 2,717.

Source: 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Industry’s structure and outcomes, post machinery of government changes).

Key areas of financial statements risk

4.11.10 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.11.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.11.11 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.128 As at the interim phase, no additional financial statements risks have been identified for Industry. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.11.3: Key areas of financial statements risk

Relevant financial statements line item

Key area

Audit risk rating

Factors contributing to risk assessment

Administered

Snowy Hydro Limited

(a component of the investments balance $10.5 billion)

Valuation of the Australian Government’s investment in Snowy Hydro Ltd

KAM

Higher

  • a unique asset that is not readily traded in the open market, subject to complex estimation and significant judgement relating to forecasts of future performance.

Administered

royalties revenue

$1.1 billion

accrued revenue

(a component of the other financial assets balance $98.6 million)

Completeness and accuracy of offshore petroleum and uranium royalties

KAM

Higher

  • reliance on data included in self-assessments provided by uranium and petroleum producers.

Departmental

own-source income

$112.8 million

Completeness and accuracy of Industry’s other revenue streams

Higher

  • diversity of revenue streams;
  • reliance on manual calculations to quantify some revenue amounts; and
  • large volume of cash-based transactions.

Administered

loans (a component of trade and other receivables

$370.5 million)

Valuation of concessional loans made under the Northern Australia Infrastructure Facility program

Moderate

  • subject to significant judgement relating to the determination of the market interest rate and long terms for use in the valuation; and
  • complexity and variety of concessions that are able to be provided increases the risk of determining an inaccurate value.

Administered

grants expense

$502 million

grants payable

$66.3 million

Accuracy, occurrence and completeness of grant payments

Moderate

  • significant number of individual grant programs which operate under separate grant agreements, and are subject to different eligibility criteria.
       

Source: ANAO 2019–20 risk assessment for Industry, and Industry’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.11.12 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to employee and supplier expenditure; appropriations and special accounts; and asset and cash management. As part of the interim audit coverage, the ANAO has also assessed controls relating to selected departmental and administered revenue streams, grant and subsidy payments and IT general and applications controls for key financial systems.

4.11.13 Audit procedures relating to the completeness and accuracy of royalties; and valuation of the administered advances and loans, investments (including Snowy Hydro Limited) and non-financial assets will be undertaken as part of the planned 2019–20 final audit.

4.11.14 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.11.15 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that Industry will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.12 Department of Infrastructure, Transport, Regional Development and Communications

Overview

4.12.1 The Department of Infrastructure, Transport, Regional Development and Communications (Infrastructure) is responsible for improving infrastructure across Australia through funding coordination of transport and other infrastructure; providing an efficient, sustainable, competitive and safe transport system for all transport users; strengthening the sustainability, capacity and diversity of regional economies providing advice on population policy; implementing the national policy on cities; promoting an innovative and competitive communications sector; participation in and access to Australia’s arts and culture through developing and supporting cultural expression; and supporting governance arrangements in the Australian territories.

4.12.2 As a result of a change to the Administrative Arrangements Orders, on 1 February 2020, all functions of the then Department of Communications and the Arts (Communications) were transferred to Infrastructure, and Communications was abolished. Infrastructure assumed responsibility for all outcomes and funding previously administered by Communications. As a result of this change, Infrastructure will prepare financial statements in 2019–20 that encompass the results of both Infrastructure and Communications as consolidated balances for the period 1 July 2019 to 30 June 2020.

4.12.3 Consistent with current Australian Government policy, Infrastructure has some services delivered by shared or common services providers. Employee payroll for the employees of the former Communications is (and continues to be) administered by the Department of Industry, Science, Energy and Resources (Industry). Infrastructure also uses the services of Industry’s business grants hub for the administration of selected grant programs, mainly for programs supporting regional development, including contracting and payment assessment. Both arrangements are governed by memoranda of understanding which detail services provided.

4.12.4 Consistent with the Australian Government’s response to the COVID-19 pandemic, Infrastructure has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: Infrastructure’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Infrastructure’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.12.5 Figure 4.12.1 and Figure 4.12.2 show the 2019–20 departmental and administered financial statements items reported by Infrastructure and the key areas of financial statements risk.

Figure 4.12.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.12.1 shows Infrastructure’s departmental estimated actuals for the year ended 30 June 2020 as per Infrastructure’s 2019–20 Portfolio Additional Estimates Statements (reflecting Infrastructure’s structure and outcomes, post machinery of government changes), categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.12.3.

Source: ANAO analysis of Infrastructure’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Infrastructure’s structure and outcomes, post machinery of government changes).

Figure 4.12.2: Key administered financial statements items and areas of financial statements risk

Figure 4.12.2 shows Infrastructure’s administered estimated actuals for the year ended 30 June 2020 as per Infrastructure’s 2019–20 Portfolio Additional Estimates Statements (reflecting Infrastructure’s structure and outcomes, post machinery of government changes), categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.12.3.

Source: ANAO analysis of Infrastructure’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Infrastructure’s structure and outcomes, post machinery of government changes)

4.12.6 The ANAO’s audit approach identifies key areas of risk that have the potential to impact Infrastructure’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Infrastructure’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.12.3 and the ANAO’s understanding of the operations of Infrastructure, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.12.7 Annual appropriation funding129 of $372.0 million (departmental) and $9,694.3 million (administered) has been provided to Infrastructure in 2019–20 to support the achievement of the entity’s outcomes.130 Infrastructure has also been budgeted to receive special appropriation funding of $1,517.7 million primarily relating to funding for local councils determined in accordance with the Financial Assistance (Local Government) Act 1995.131

4.12.8 Infrastructure also administer the assessment and oversight functions for national partnership payments on behalf of the Department of the Treasury relating to road, rail and water infrastructure investment projects. Whilst these payments to State and Territory Governments are recorded in the Treasury financial statements, the project approval, advice to Government, milestone assessment, project monitoring and analysis processes are undertaken by Infrastructure. Expenses for these projects are estimated to be $6,176.6 million in 2019–20.132

4.12.9 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year133 funding was announced for entities. As part of that funding Infrastructure was provided $422.0 million in 2019–20 mainly to provide assistance to the aviation industry through direct grants to support operations and provision of subsidies to maintain service on regular public transport air routes; and supporting Australia’s regional communities and the arts industry through provision of direct grants and financial assistance.

4.12.10 Table 4.12.1 and Table 4.12.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.12.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

394.5

6,848.4

Employee benefits

198.5

17.6

Suppliers

115.6

683.9

Depreciation and amortisation

33.9

62.1

Grants

43.2

3,857.4

Subsidies

253.3

Payments to corporate Commonwealth entities

1,960.4

Other

3.3

13.7

Total own-source income

13.0

1,176.1

Sale of goods and rendering of services

3.6

17.9

Other taxes

45.0

Fees and fines

151.4

Interest

732.4

Other

9.4

229.4

Net (cost of)/contribution by services

(381.5)

(5,672.3)

     

Source: Infrastructure’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Infrastructure’s structure and outcomes, post machinery of government changes).

Table 4.12.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

390.9

50,435.0

Financial assets

142.6

49,503.1

Land and buildings

151.8

295.1

Property, plant and equipment

21.9

486.2

Other

74.6

150.6

Total liabilities

235.8

537.6

Suppliers

25.2

363.2

Subsidies

11.2

Grants

51.9

Interest Bearing Liabilities (Leases)

130.7

Employee provisions

71.2

4.2

Other

8.7

107.1

Net assets/(liabilities)

155.1

49,897.4

     

Note: Infrastructure’s estimated average staffing level for 2019–20 is 1,473.

Source: Infrastructure’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements (reflecting Infrastructure’s structure and outcomes, post machinery of government changes).

Key areas of financial statements risk

4.12.11 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.12.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.12.12 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.134 In addition to the risks identified in chapter four, the ANAO has identified specific risks for Infrastructure’s financial statements relating to:

  • the valuation of the Australian Government’s investments in Airservices Australia, the Australian Postal Corporation, Australian Rail Track Corporation and NBN Co Limited as the valuation model used to measure the value of these entities includes application of cash flows arising from fee for service arrangements and other broader economic parameters, such as growth in GDP, that may have been impacted by the COVID-19 situation; and
  • the occurrence of grant expenses due to the rapid implementation of grant programs that support economic stimulus measures and significance of the funding committed.

4.12.13 The implications of these risks are in the process of being considered by the ANAO and as a result have not been included in Table 4.12.3. The key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.12.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

Investment - NBN Co

(component of other investments $27.835 billion)

Valuation of the Australian Government’s investment in NBN Co Limited

KAM

Higher

  • the significance of the balance to the Australian Government’s financial statements;
  • significant judgement by management in determining the valuation methodology, particularly the use of income based valuation methodologies which reflect expected future business performance; and
  • the valuation is subject to a high degree of judgement and complexity arising in the estimation of the significant costs of network construction and software development.

Administered investments

(component of other investments $27.835 billion)

Valuation of the Australian Government’s investment in the Australian Postal Corporation, Australian Rail Track Corporation and Airservices Australia

KAM

Higher

  • valuations are subject to complex estimation processes using a discounted cash flow model. The use of this model requires Infrastructure to make significant judgements in the selection of assumptions and inputs, such as projected future cash flows, weighted average cost of capital, terminal values and discount rates; and
  • complexities in selecting the appropriate valuation approach to account for the valuation of the Australian Rail Track Corporation due to the construction and delivery of the $9.1 billion Inland Rail project being undertaken by the company.

Administered advances and loans (component of receivables

$21.661 billion)

concessional loan commitments provision (component of other provisions

$90.975 million)

concessional loans interest revenue

$732.4 million

concessional loans expense

(component of other expenses

$13.7 million)

Recognition and measurement of loans and advances

KAM

Moderate

  • the significance of the balance of the loans administered by Infrastructure, mainly the $19.5 billion facility available to NBN Co Limited, and the $2.0 billion facility available to the proponents of the Westconnex Motorway project;
  • level of management judgement involved in calculating expected credit losses including the recoverability of the loans at balance date. Particularly, for the loan to NBN Co Limited this is based on cash flow forecasts, for which small changes in assumptions can result in material impacts on the estimated cash flows and rate of return;
  • complexity of the valuation and required calculations for loan balances which attract concessional terms, including the level of estimation required to determine the appropriate market rate for the concessional component of new loans.

Administered

grants expense

$3.857 billion

grants payable

$51.9 million

Occurrence of grant expenses

Moderate

  • complex, financially significant and diverse range of programs that include a number of different administrative and legislative arrangements and conditions; and
  • level of subjectivity and judgement applied in determining whether a recipient meets eligibility and funding milestone requirements.

National Partnership Payments

($6.177 billion reported as grants expenses by the Department of the Treasury)

Occurrence of National Partnership Payment expenses

Moderate

  • complex and financially significant programs subject to detailed legislative conditions particularly imposed by the National Land Transport Act 2014 and the ‘Notes on Administration’ which provide guidance to support the programs; and
  • level of subjectivity and judgement applied in determining whether a recipient meets eligibility and funding milestone requirements.

Impacts all financial statement line items

Accuracy, completeness and validity of data in the Financial Management Information System (FMIS) implemented by Communications on 1 July 2019a

Moderate

  • complexity of the process to implement a new FMIS by Communications given the complexity of the accounting processes and balances recorded;
  • Increase in risk of misstatement where internal controls supporting the implementation, such as change management and privileged user access, do not operate effectively.

Impacts all financial statements line items

Machinery of Government changes, particularly the valuation and reporting of assets and liabilities transferred to and from Infrastructure as a result of such changes

Moderate

  • significance of the transfer of assets, liabilities, revenue and expenses from Communications to Infrastructure which will increase the complexity of the financial statements preparation process;
  • timely recognition and alignment of accounting policies for assets, liabilities, revenue and expenses transferred to Infrastructure.
       

Note a: Communications implemented a new Financial Management Information System on 1 July 2019. Notwithstanding the machinery of government changes this system will be used to initiate, process and record transactions arising from former Communications functions for the 2019–20 financial year.

Source: ANAO 2019–20 risk assessment for Infrastructure and Infrastructure’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.12.14 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. Auditor-General Report No. 12 2019–20 Award of funding under the Regional Jobs and Investment Packages included observations relevant to the management of grant payments outlined in Table 4.12.3, particularly relating to the assessment and award of grant funding, which have been considered when designing audit procedures related to grants expenses.

Audit results

4.12.15 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: cash and cash equivalents; accounting for non-financial assets; appropriations and special accounts; grant expenses; concessional loans; supplier expenses; administered revenue; and receivables and employee payroll.

4.12.16 Interim audit coverage has also included an assessment of IT general controls (including security and change management processes relevant to the financial management information systems) and human resources management information systems. The ANAO’s interim audit procedures identified weaknesses in the governance process and framework for the management of changes and privileged users within the FMIS implemented by Communications on 1 July 2019. As a result of these procedures, for transactions processed through this FMIS we have adjusted our audit approach to mainly focus on substantive tests of detail in order to obtain sufficient and appropriate audit evidence in the absence of an effective control framework. The FMIS is expected to be decommissioned by Infrastructure by 30 June 2020 following transfer of accounts information to the existing Infrastructure FMIS.

4.12.17 The final audit phase will include procedures relating to: valuation of administered investments; accuracy of subsidy claims; and valuation of other assets including non-financial assets and concessional loans. This will also include procedures relating to the machinery of government changes, in particular relating to the transfer and valuation of assets and liabilities from Communications to Infrastructure.

4.12.18 The following table summarises the status of audit findings reported by the ANAO in 2018–19 and 2019–20.

Table 4.12.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

B

2a

2

TOTAL

2

2

         

Note a: The two moderate findings included in the closing position for 2018–19 have been transferred from Communications. These findings relate to continuing processes now administered by Infrastructure following machinery of government changes and will be monitored through the 2019–20 audit of Infrastructure.

Resolved moderate audit finding
Risk management practices relating to NBN Co’s loan facility

4.12.19 The Commonwealth’s loan agreement with NBN Co Limited (NBN Co) sets out the terms of the $19.5 billion facility, including the applicable undertakings, restrictions and interest rate and a requirement that the principal amount borrowed is to be fully refinanced by 30 June 2024. The value of the loan drawn down as at 30 June 2019 was $13.1 billion and the loan continues to be drawn down in 2019–20. NBN Co’s operating cash flows are forecast to be positive by 2020–21.

4.12.20 During 2017–18 the ANAO identified that Communications had not established the policies and processes necessary to manage the financial risks associated with the loan facility. Particularly, Communications had not established an overarching framework for ongoing oversight, review and monitoring of NBN Co’s compliance with the lending arrangements, supported by analysis that progressively confirms NBN Co’s capacity to fully repay the loan. The failure to fully establish practices to manage the risks associated with the loan facility significantly increased the Commonwealth’s risk of exposure to loss

4.12.21 During 2018–19 Communications took steps to resolve this finding by developing a risk appetite statement associated with the loan facility which was supported by a detailed risk assessment. The appetite statement and risk assessment are subject to at least an annual review. Additionally, Communications also developed a ‘credit risk management framework’ which outlines key activities, analysis and controls to be performed to monitor the risks associated with the loan facility and provides a framework for determining whether additional actions should be taken to mitigate risks arising. This framework includes analysis of financial forecasts, emerging trends and information received from NBN Co and requires formal reporting on credit risks associated with the loan facility to an operational management committee within Communications (which included senior members of the department’s executive leadership team).

4.12.22 During 2019–20, Communications implemented the framework and commenced the specified monitoring and reporting activities. The ANAO has tested the analysis and reporting to confirm that key activities in the framework have been implemented and that risk analysis is regularly reviewed by the management committee. Whilst acknowledging that key aspects of the framework has been implemented, the documentation and assessment of risk continue to mature and as such remain a minor risk finding that will be subject to further review by the ANAO at the final phase of the 2019–20 audit.

Unresolved moderate audit finding
Documentation of significant estimates and judgements

4.12.23 During 2018–19 the ANAO identified that Communications did not adequately compile documentation to support the accounting position adopted on key material estimates and judgments, relating mainly to the Australian Government’s investment and loan to NBN Co Limited. Several accounting position papers provided by Communications also did not adequately address the application of the relevant accounting standard/s, consideration of alternative assumptions or outcomes, justification for the assumptions used and Communication’s basis for the ranges adopted. The completeness of papers and the untimely delivery by Communications on its documented accounting positions, increased the risk of material misstatements to the financial statements.

4.12.24 Following the machinery of government changes that transferred Communications functions to Infrastructure, Infrastructure has taken steps and planned to resolve this finding, primarily through development of a detailed financial statements preparation plan. The Plan outlines the requirements and key judgements expected to be captured in position papers and working papers to support the 30 June 2020 financial statements.

4.12.25 Given the expected timing of these position papers being prepared by Infrastructure this finding remains unresolved at the conclusion of the interim phase of the audit. The ANAO will review position papers in support of key estimates and judgements in the financial statements as part of the final phase of the 2019–20 audit.

Conclusion

4.12.26 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, and except for the findings outlined above, key elements of internal control were operating effectively to provide reasonable assurance that Infrastructure will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.13 Australian Postal Corporation

Overview

4.13.1 The Australian Postal Corporation (Australia Post) is a government business enterprise responsible for supplying postal services to Australia including the distribution of letters and parcels in Australia and internationally.

4.13.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, Australia Post has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: Australia Post’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Australia Post’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.13.3 Figure 4.13.1 shows the 2019–20 financial statement items reported by Australia Post and the key areas of financial statements risk.

Figure 4.13.1: Key financial statement items and areas of financial statements risk

Figure 4.13.1 shows Australia Post’s financial statements for the year ended 30 June 2019, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.13.3.

Source: ANAO analysis and Australia Post’s financial statements for the year ended 30 June 2019.

4.13.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Australia Post’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Australia Post’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.13.3 and the ANAO’s understanding of the operations of Australia Post, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.13.5 The operational functions of Australia Post are largely funded from external sources, specifically revenue from parcel services, mail services and retail and agency services.

4.13.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year135 funding was announced for entities. Australia Post has not requested nor been provided any supplementation funding due to COVID-19.

4.13.7 Table 4.13.1 and Table 4.13.2 provide a summary of the key 2018–19 audited financial statements items.

Table 4.13.1: Key expenses and total own-sourced income

Expenses and own-source income

Actual
($m) 2018–19

Total expenses

6,948.7

Employee benefits

3,171.9

Suppliers

3,377.8

Depreciation and amortisation

283.3

Other

115.7

Total income

6,989.8

Goods and services

6,878.4

Other

111.4

Profit before income tax

41.1

Income tax (expense)/benefit

(0.5)

Profit after income tax

40.6

Source: Australia Post’s 2018–19 audited financial statements.

Table 4.13.2: Key assets and liabilities

Assets and liabilities

Actual
($m) 2018–19

Total assets

5,535.6

Cash and cash equivalents

628.0

Trade and other receivables

781.5

Property, plant and equipment

1,758.9

Intangibles assets

734.1

Investment property

181.5

Net superannuation

850.3

Deferred tax assets

356.3

Other

245.0

Total liabilities

3,222.5

Trade and other payables

1,009.4

Employee provisions

993.8

Interest-bearing liabilities

713.5

Deferred tax liabilities

357.9

Other

147.9

Net assets/(liabilities)

2,313.1

   

Note: Australia Post’s 2018–19 staffing level was 35,101.

Source: Australia Post Annual Report 2019 and financial statements for the year ended 30 June 2019.

Key areas of financial statements risk

4.13.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.13.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.13.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.136 As at the interim phase, no additional financial statements risks have been identified for Australia Post. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.13.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

goods and services income

unearned postage revenue

$84.2 million

Recognition of Revenue

Cut off and accuracy of goods and services revenue and the valuation of unearned postage revenue

KAM

Higher

  • the judgement and assumptions used to estimate the amount of revenue to be deferred for stamps sold but not yet used;
  • the judgement required in the selection and application of accounting policies for new and diverse revenue streams; and
  • the complexity of contracts and arrangements entered into where they include multiple performance obligations and volume targets which affects the contracted price.

accounting for AASB16 Leases

right of use asset and lease liabilities

Accounting for and disclosure of leases in accordance with the amended accounting standard, AASB 16 Leases

KAM

Higher

  • the judgements required that underpin the assumptions and methodology applied to calculate the balances: including lease tenure, option periods and discount rates, together with the corresponding deferred tax impact;
  • the assessment of complex material supplier contracts to identify the existence of embedded leases; and
  • the judgement applied to management assumptions used to calculate and recognise the adjustment to the opening balance to retained earnings.

intangible assets

goodwill

$518.1 million

Valuation and impairment of goodwill and indefinite life intangible assets

KAM

Moderate

  • the estimation process is complex and judgemental and includes assumptions related to future cash flows and discount rates.

net superannuation asset

$850.3 million

Valuation of the Australia Post Superannuation Scheme

KAM

Moderate

  • the complexity of the valuation including the sensitivity of the economic and demographic assumptions supporting the calculation.
       

Source: ANAO 2019–20 risk assessment for Australia Post and Australia Post’s 2018–19 audited financial statements.

4.13.10 Auditor-General Report No. 1 2019–20 Cyber Resilience of Government Business Enterprises and Corporate Commonwealth Entities was tabled during July 2019 and was relevant to the financial management or administration of Australia Post.

4.13.11 The audit objective was to assess the effectiveness of the management of cyber security risks by Australia Post, ASC Pty Ltd and the Reserve Bank of Australia. Australia Post was found to not effectively manage cyber security risks. The ANAO recommended that Australia Post should continue to implement its cyber security improvement program and key controls across all its critical assets to enable cyber risks to be within its tolerance level. In light of the findings, the ANAO increased scrutiny over the key financial systems that Australia Post relies on to prepare the financial statements.

Audit results

4.13.12 The ANAO has substantially completed its 2019–20 interim audit coverage, including an assessment of the effectiveness of controls relating to: cash and cash equivalents; trade receivables; and property, plant and equipment. Interim coverage also included an assessment of the IT general controls and IT application controls of key systems supporting the financial statements. In addition, an assessment of the effectiveness of non-system controls relating to sales revenue, employee expenses and trade and other payables has also been completed, together with a significant body of substantive work regarding leases.

4.13.13 Audit procedures relating to all key areas of audit focus, including the valuation of the Australia Post Superannuation Scheme and the valuation of intangible assets, will be undertaken as part of the 2019–20 final audit.

4.13.14 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.13.15 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that Australia Post will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.14 NBN Co Limited

Overview

4.14.1 The primary objective of NBN Co Limited (NBN Co) is to provide wholesale services to internet service providers. NBN Co is a government business enterprise incorporated under the Corporations Act 2001.

4.14.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, NBN Co has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: NBN Co’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and NBN Co’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.14.3 Figure 4.14.1 shows the 2019–20 financial statement items reported by NBN Co and the key areas of financial statements risk.

Figure 4.14.1: Key financial statements items and areas of financial statements risk

Figure 4.14.1 shows NBN’s financial statements for the year ended 30 June 2019, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.14.3.

Source: ANAO analysis and NBN Co’s financial statements for the year ended 30 June 2019.

4.14.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on NBN Co’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of NBN Co’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.14.3 and the ANAO’s understanding of the operations of NBN Co’s, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items

4.14.5 The operational functions of NBN Co are funded from the committed equity funding of $29.5 billion from the Australian Government as well as a loan agreement between the Australian Government and NBN Co of up to $19.5 billion, initially for the period from 1 July 2017 to 30 June 2021. The Commonwealth Government has extended the tenor of its loan by three years (from 30 June 2021 to 30 June 2024) and amended the terms of this loan to permit NBN Co to access up to $6.1 billion of private sector debt. NBN Co has since entered into facility agreements with the private sector to secure $6.1 billion of private sector debt for a period of five years.

4.14.6 To support its customers and the community during COVID-19, NBN Co has:

  • established a $150.0 million fund to connect low income households with home schooling needs, support emergency and essential services, and assist small and medium sized business and residential customers facing financial hardship;
  • enabled every Australian internet provider to order increased nbn network capacity of up to 40 per cent for up to five months at no additional cost; and
  • introduced initiatives for up to five months, to support customers in regional and remote communities through increased data download limits for customers on Sky Muster services and for customers on Sky Muster Plus services, increased the range of applications that do not account to monthly data quotas.

4.14.7 Table 4.14.1 and Table 4.14.2 provide a summary of the key 2018–19 audited financial statements items.

Table 4.14.1: Key expenses and total own-sourced income

Expenses and own-source income

Actual
($m) 2018–19

Total expenses

7,727.0

Subscriber costs

1,903.0

Depreciation and amortisation

2,614.0

Employee benefits

867.0

Direct network costs

746.0

Net finance costs

993.0

Other

604.0

Total income

2,848.0

Revenue

2,825.0

Other income

23.0

Profit/loss before income tax

(4,879.0)

Income tax expense

1.0

Profit/loss after income tax

(4,878.0)

Source: NBN Co’s 2018–19 audited financial statements.

Table 4.14.2: Key assets and liabilities

Assets and liabilities

Actual
($m) 2018–19

Total assets

32,757.0

Property, plant and equipment

29,443.0

Intangibles assets

2,144.0

Other

1,170.0

Total liabilities

25,420.0

Trade and other payables

2,756.0

Other financial liabilities

8,553.0

Borrowing

13,053.0

Other

1,058.0

Net assets/(liabilities)

7,337.0

   

Note: NBN Co’s staffing level as at 30 June 2019 was 6,400 inclusive of temporary contractors.

Source: NBN Co’s 2018–19 audited financial statements.

Key areas of financial statements risk

4.14.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.14.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.14.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.137 The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.14.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Property, plant and equipment

$29.4 billion

intangibles

$2.1 billion

Valuation of network assets

KAM (valuation of property, plant and equipment and intangible assets - impairment)

KAM (accuracy and completeness of depreciation and amortisation expense)

Higher

  • accounting for the valuation of network assets is subject to a high degree of judgement and complexity arising in the estimation of the significant costs of network construction and software development; and
  • impairment assessment requires judgement in forecasting financial performance and the recovery of the network spend.

Construction liabilities

$1.1 billion

Valuation of construction liabilities

KAM (valuation of construction liabilities estimates)

Higher

  • involvement of multiple delivery partners and the capitalisation of associated network assets based on the respective stage of completion at reporting date.

Subscriber costs

$1.9 billion

network assets

$29.3 billion

other financial liabilities

$8.6 million

Accounting treatment of rights and obligations under significant contractual arrangements.

KAM (accounting treatment of rights and obligations under significant contractual arrangements)

Higher

  • the agreements include arrangements for the lease of infrastructure as well as the payment of subscriber costs; and
  • these contracts are significant and complex in nature and represent a significant portion of the associated financial statements items.

Telecommunications revenue

$2.6 billion

Accounting for and reporting telecommunications revenue

Higher

  • continuing growth in revenue coupled with new pricing initiatives and the development of new business products and their associated pricing models.
       

Source: ANAO 2019–20 risk assessment for NBN Co and NBN Co’s 2018–19 audited financial statements.

Audit results

4.14.10 The ANAO has substantially completed its 2019–20 interim audit coverage, including an assessment of controls relating to: revenue and receivables; purchase and payables; payroll; inventory; treasury; fixed assets including lease management; and fair value reporting and accounting for the Telstra and Optus agreements.

4.14.11 Audit procedures relating to key processes and financial statement line items, including IT general and application controls, where appropriate, will be performed as a part of the planned 2019–20 final audit. In addition, we will perform audit procedures to assess the valuation of network assets.

4.14.12 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.14.13 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that NBN Co will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.15 Department of Parliamentary Services

Overview

4.15.1 The Department of Parliamentary Services (DPS) is responsible for supporting the Parliament through the provision of a range of services, including library, Hansard, broadcasting, telecommunications, building security and maintenance.

4.15.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, DPS has implemented a range of measures, including enabling staff to work remotely where operational requirements allow and restricting access to Parliament House to essential business, which has included restricting access to some pass holders. These working arrangements may impact: DPS’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and DPS’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.15.3 Figure 4.15.1 and Figure 4.15.2 show the 2019–20 departmental and administered financial statement items reported by DPS and the key area of financial statements risk.

Figure 4.15.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.15.1 shows DPS’ departmental estimated actuals for the year ended 30 June 2020 as per the 2019-20 Portfolio Budget Statements, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.15.3.

Source: ANAO analysis and DPS’s 2019–20 estimated actuals as reported in the 2019–20 Portfolio Budget Statements.

Figure 4.15.2: Key administered financial statements items and area of financial statements risk

Figure 4.15.2 shows DPS’ administered estimated actuals for the year ended 30 June 2020 as per the 2019-20 Portfolio Budget Statements, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.15.3.

Source: ANAO analysis and DPS’s 2019–20 estimated actuals as reported in the 2019–20 Portfolio Budget Statements.

4.15.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DPS’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DPS’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key area of risk identified in Table 4.15.3 and the ANAO’s understanding of the operations of DPS, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.15.5 Annual appropriation funding of $141.7 million (departmental) and $62.2 million (administered) was provided to DPS in 2019–20 to support the achievement of the entity’s outcomes.138

4.15.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year139 funding was announced for entities. No funding was appropriated to DPS in 2019–20 for COVID-19.

4.15.7 Table 4.15.1 and Table 4.15.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.15.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental budget
($m) 2019–20

Administered budget
($m) 2019–20

Total expenses

163.5

44.5

Employee benefits

87.8

1.0

Suppliers

52.6

10.5

Depreciation and amortisation

23.1

33.0

Total own-source income

15.0

Sale of goods and rendering of services

14.3

Other

0.7

Net (cost of)/contribution to services

(148.5)

(44.5)

     

Source: DPS’s 2019–20 budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.15.2: Key assets and liabilities

Assets and liabilities

Departmental budget
($m) 2019–20

Administered budget
($m) 2019–20

Total assets

121.3

2,552.9

Financial assets

28.9

1.5

Land and buildings

2,363.7

Property, plant and equipment

41.7

184.7

Intangibles

45.5

3.0

Other

5.2

Total liabilities

29.4

2.0

Suppliers

4.2

0.5

Employee provisions

24.0

Other payables

1.2

1.5

Net assets/(liabilities)

91.9

2,550.9

     

Note: DPS’s estimated average staffing level for 2019–20 is 900.

Source: DPS’s 2019–20 budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.15.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. The area highlighted for specific audit coverage in 2019–20 is provided in Table 4.15.3, and is considered a Key Audit Matters (KAM) by the ANAO.

4.15.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.140 As at the interim phase, no additional financial statement risks have been identified for DPS. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.15.3: Key area of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

non-financial assets (excluding intangibles)

$2.6 billion

Valuation of non-financial assets

KAM

Higher

  • the unique nature of Parliament House, its contents and the purpose of the land, increases the judgement applied and complexity in establishing a fair value.
       

Source: ANAO 2019–20 risk assessment for DPS and DPS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.15.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: cash and asset management; payroll processing; and supplier expenses. In addition, the ANAO has undertaken testing of IT general controls over the financial management and human resource management information systems.

4.15.11 As part of the 2019–20 final audit, audit procedures will be performed over all material financial statement line items, including the valuation of non-financial assets.

4.15.12 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.15.13 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that DPS will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.16 Department of the Prime Minister and Cabinet

Overview

4.16.1 The Department of the Prime Minister and Cabinet (PM&C) is responsible for supporting the Prime Minister as the head of the Australian Government and the Cabinet; providing advice on major domestic policy and international national security matters; and improving he lives of Aboriginal and Torres Strait Islander peoples.

4.16.2 PM&C underwent a major restructuring on 1 July 2019, when its indigenous advancement functions were transferred to the newly created National Indigenous Australians Agency (NIAA). A significant portion of PM&C’s assets, liabilities, appropriations and staff were transferred to the NIAA. PM&C remains responsible for the Australian Government’s investments in Corporate Commonwealth Entities (CCEs) within the PM&C portfolio.

4.16.3 Consistent with the Australian Government’s response to the COVID-19 pandemic, PM&C has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: PM&C’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and PM&C’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.16.4 Figure 4.16.1 and Figure 4.16.2 show the 2019–20 departmental and administered financial statement items reported by PM&C and the key areas of financial statements risk.

Figure 4.16.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.16.1 shows PM&C’s departmental estimated actuals for the year ended 30 June 2020 as per PMC’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.16.3.

Source: ANAO analysis and PM&C’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.16.2: Key administered financial statements items and areas of financial statements risk

Figure 4.16.2 shows PM&C’s administered estimated actuals for the year ended 30 June 2020 as per PMC’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.16.3.

Source: ANAO analysis and PM&C’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.16.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on PM&C’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of PM&C’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key area of risk identified in Table 4.16.3 and the ANAO’s understanding of the operations of PM&C, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.16.6 Annual appropriation funding of $261.6 million (departmental) and $31.3 million (administered) was provided to PM&C in 2019–20 to support the achievement of the entity’s outcomes.141

4.16.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year142 funding was announced for entities. No funding was appropriated to PM&C in 2019–20 for COVID-19.

4.16.8 Table 4.16.1 and Table 4.16.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.16.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

226.4

175.7

Employee benefits

154.0

1.1

Suppliers

48.2

35.0

Depreciation and amortisation

15.8

0.8

Grants

6.0

19.4

Payments to corporate entities

119.2

Other

2.4

0.2

Total own-source income

50.8

Sale of goods and rendering of services

49.0

Interest

Other

1.8

Net (cost of)/contribution to services

(175.6)

(175.7)

     

Source: PM&C’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.16.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

234.4

2,625.7

Cash and cash equivalents

2.2

1.3

Trade and other receivables

44.0

1.2

Land and buildings

138.5

52.2

Property, plant and equipment

18.5

0.9

Intangibles

22.5

Investments

2,570.1

Other

8.7

Total liabilities

168.8

18.3

Employee provisions

38.9

0.4

Suppliers

16.1

0.3

Leases

110.7

0.5

Other

3.1

17.1

Net assets/(liabilities)

65.6

2,607.4

     

Note: PM&C’s estimated average staffing level for 2019–20 is 926.

Source: PM&C’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.16.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. The area highlighted for specific audit coverage in 2019–20 is provided in Table 4.16.3, and is considered a Key Audit Matters (KAM) by the ANAO.

4.16.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.143 At completion of the interim audit phase, no additional financial statement risks have been identified for PM&C. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.16.3: Key area of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered and Departmental

Assets and Liabilities transferred to the NIAA

Accuracy and completeness of assets and liabilities transferred to the NIAA

KAM

Moderate

  • the transfer of a significant portion of PM&C assets and liabilities to NIAA creates the risks that not all assets or liabilities are correctly identified or are transferred at the wrong amounts.
       

Source: ANAO 2019–20 risk assessment for PM&C, and PM&C’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.16.11 The ANAO has completed its 2019–20 interim audit coverage, including testing of IT general controls and testing of controls over: payments to suppliers; credit card expenditure; grants: work in progress assets; depreciation expense and payroll. ANAO also tested the transfer of non-financial assets and liabilities to the National Indigenous Australians Agency.

4.16.12 Audit procedures relating to the valuation of non-financial assets, the provision for former Governor-General’s cost and investments in Corporate Commonwealth Entities will be undertaken during the final audit phase.

4.16.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.16.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that PM&C will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.17 National Indigenous Australians Agency

Overview

4.17.1 The National Indigenous Australians Agency (NIAA) was established on 29 May 2019 by an executive order of the Governor-General. The primary functions of NIAA, which were previously performed by the Department of the Prime Minister and Cabinet (PM&C), are to:

  • lead and coordinate Commonwealth policy development, program design and implementation and service delivery for Aboriginal and Torres Strait Islander peoples;
  • provide advice to the Prime Minister and the Minister for Indigenous Australians on whole-of-government priorities for Aboriginal and Torres Strait Islander peoples;
  • lead and coordinate the development and implementation of Australia’s Closing the Gap targets in partnership with Indigenous Australians; and
  • lead Commonwealth activities to promote reconciliation.

4.17.2 NIAA relies on several Australian Government agencies for the IT infrastructure to make payments under its programs, and for a range of corporate services. The majority of NIAA’s assets and liabilities were transferred from the Department of the Prime Minister and Cabinet.

4.17.3 Consistent with the Australian Government’s response to the COVID-19 pandemic, NIAA has implemented a range of measures, including encouraging staff to work remotely where operational requirements allow. These working arrangements may impact: NIAA’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and NIAA’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.17.4 Figure 4.17.1 and Figure 4.17.2 show the 2019–20 departmental and administered financial statements items reported by NIAA and the key areas of financial statements risk.

Figure 4.17.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.17.1 shows NIAA’s departmental estimated actuals for the year ended 30 June 2020 as per NIAA’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.17.3.

Source: ANAO analysis and NIAA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.17.2: Key administered financial statements items and areas of financial statements risk

Figure 4.17.2 shows NIAA’s administered estimated actuals for the year ended 30 June 2020 as per NIAA’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.17.3.

Source: ANAO analysis and NIAA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.17.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on NIAA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of NIAA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.17.3 and the ANAO’s understanding of the operations of NIAA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.17.6 Annual appropriation funding of $265.2 million (departmental) and $1,279.0 million (administered) was provided to NIAA in 2019–20 to support the achievement of the entity’s outcomes.144 NIAA was also budgeted to receive special appropriation funding of $522.7 million.145 The special appropriation funding is largely for payments, under the Aboriginal Land Rights (Northern Territory) Act 1976, to traditional landowners.

4.17.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year146 funding was announced for entities. No funding was appropriated to NIAA in 2019–20 for COVID-19.

4.17.8 Table 4.17.1 and Table 4.17.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.17.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

264.7

1,637.8

Employee benefits

156.1

Suppliers

84.3

65.7

Depreciation and amortisation

21.5

0.1

Grants

1,314.0

Other

2.8

258.0

Total own-source income

4.6

103.6

Sale of goods and rendering of services

4.0

Interest revenue

38.7

Other

0.6

64.9

Net (cost of)/contribution to services

(260.1)

(1,534.2)

     

Source: NIAA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.17.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

266.2

1,329.6

Cash and cash equivalents

10.1

Trade and other receivables

45.3

35.3

Land and buildings (including investment properties)

187.1

0.4

Property, plant and equipment

8.9

Intangibles

23.1

 

Investments

1,280.1

Other

1.8

3.7

Total liabilities

174.9

35.5

Suppliers

2.0

8.2

Employee provisions

49.2

Lease liabilities

123.0

0.5

Grants payable

24.0

Other

0.7

2.8

Net assets/(liabilities)

91.3

1,294.1

     

Note: NIAA’s estimated average staffing level for 2019–20 is 1,205.

Source: NIAA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.17.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.17.3 including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.17.10 The introduction to chapter four has outlines a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.147 At completion of the interim audit phase, no additional financial statements risks have been identified for NIAA. The implications of the risks identified in chapter four are currently being considered by the ANAO, the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.17.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

Grants expense

$1,314.0m

Performance of grantees in meeting grant conditions

KAM

Higher

  • significant number and value of grants paid;
  • performance by grantees is delivered around Australia, often in remote areas; and
  • payments rely on several IT systems operated by different Australian Government entities.

Departmental

non-financial assets

$220.2m

Valuation of non-financial assets

Moderate

  • substantial holding of land, buildings, plant and equipment; and
  • assets are dispersed around Australia, often in regional areas where information on fair value is less accessible.

Departmental

assets ($266.2m) and liabilities ($174.9m)

Administered

assets ($1,329.6m) and liabilities ($35.5m)

Accuracy and completeness of assets transferred from the Department of the Prime Minister and Cabinet (PM&C).

KAM

Moderate

  • the majority of NIAA’s assets and liabilities were transferred from PM&C, with the risk that some assets and liabilities were not correctly identified or transferred at the wrong amount
       

Source: ANAO 2019–20 risk assessment for NIAA and NIAA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.17.11 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: supplier payments; commencement and termination of staff; payroll; work in progress; the opening and closing of bank accounts; and IT general controls and application controls relating to key financial systems. The ANAO has also reviewed the transfer of assets and liabilities from PM&C to the NIAA.

4.17.12 Audit procedures relating to the valuation of non-financial assets will be undertaken during the final audit phase. To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings.

Conclusion

4.17.13 Based on our interim audit coverage, which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that NIAA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.18 Department of Social Services

Overview

4.18.1 The Department of Social Services (DSS) is responsible for social security, families and communities, disability and carers and housing. DSS works in partnership with other government148 and non-government organisations, on a range of policies, programs and services focused on improving the wellbeing of people and families in Australia.

4.18.2 DSS provides shared services arrangements to other entities through the Community Grants Hub.

4.18.3 From 1 February 2020, as a result of an Administrative Arrangement Order (AAO), Services Australia (formerly known as the Department of Human Services) was established as a new Executive Agency within the Social Services Portfolio. Effective 6 February 2020: the Information Technology Group functions and staff transferred from DSS to Services Australia; and the National Redress Scheme Branch and the administered investment for Hearing Australia transferred to DSS from Services Australia.

4.18.4 Consistent with the Australian Government’s response to the COVID-19 pandemic, DSS has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: DSS’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and DSS’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.18.5 Figure 4.18.1 and Figure 4.18.2 show the 2019–20 departmental and administered financial statement items reported by DSS and the key areas of financial statements risk.

Figure 4.18.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.18.1 shows DSS’ departmental estimated actuals for the year ended 30 June 2020 as per DSS’ revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.18.3.

Source: ANAO analysis and DSS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.18.2: Key administered financial statements items and areas of financial statements risk

Figure 4.18.2 shows DSS’ administered estimated actuals for the year ended 30 June 2020 as per DSS’ revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.18.3.

Source: ANAO analysis and DSS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.18.6 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on DSS’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of DSS’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.18.3 and the ANAO’s understanding of the operations of DSS, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.18.7 Annual appropriation funding of $461.8 million (departmental) and $9.7 billion (administered) was provided to DSS in 2019–20 to support the achievement of the entity’s outcomes.149 DSS was also budgeted to receive special appropriation funding of $113.7 billion150 which relates to payment of personal benefits under the social security and families and communities outcomes.

4.18.8 DSS administers the assessment and oversight functions for national partnership payments to State and Territory Governments on behalf of the Department of the Treasury relating to: Social Impact Investment, Social and Community Sector, transition to the National Disability Insurance Scheme and National Housing and Homelessness. Whilst these payments are recorded in the Treasury financial statements, the compliance with conditional requirements and payment certificate approval processes are undertaken by DSS.

4.18.9 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year151 funding was announced for entities. No funding was appropriated to DSS in 2019–20 for COVID-19.

4.18.10 Table 4.18.1 and Table 4.18.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.18.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

536.5

125,694.1

Employee benefits

265.6

Suppliers

188.5

385.2

Depreciation and amortisation

73.3

Personal benefits

113,882.3

Grants

2,270.0

Subsidies

119.3

Payments in corporate entities

 

8,393.6

Other

9.1

643.7

Total own-source income

57.2

845.0

Sale of goods and rendering of services

55.7

Other

1.5

845.0

Net (cost of)/contribution by services

(479.3)

(124,849.1)

     

Source: DSS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.18.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

833.9

7,879.6

Leasehold improvements

599.1

Property, plant and equipment

28.8

Intangibles

88.6

Receivables

82.3

4,988.4

Other

35.1

2,891.2

Total liabilities

702.7

6,772.6

Employee provisions

102.4

Personal benefits payable

2,458.2

Personal benefits provision

3,996.2

Leases

564.4

Other

35.9

318.2

Net assets/(liabilities)

131.2

1,107.0

     

Note: DSS’s estimated average staffing level for 2019–20 is 2,035.

Source: DSS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.18.11 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.18.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.18.12 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.152 The ANAO has also identified changes impacting on an existing higher risk for DSS’s financial statements relating to personal benefits expenses. The changes relate to the suspension of the Random Sample Survey compliance process for personal benefits for the period March 2020 to June 2020 (Trimester 3), and stimulus measures that are being administered by DSS (such as the expansion of Job-Seeker payments and relaxing of the eligibility criteria for the payment) including any new manual or automated processes or controls that are implemented by DSS, or Services Australia, to administer the payments. The implications of these changes are in the process of being considered by the ANAO and as a result have not been included in Table 4.18.3. The key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.18.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

personal benefits expenses

$113.9 billion

Accuracy and occurrence of personal benefits expenses

KAM

Higher

  • reliance on the correct self-disclosure of personal circumstances by a large number of diverse recipients; and
  • reliance on the Services Australia’s complex information technology system for the processing of a high volume of payments across numerous personal benefit types with varying conditions for determining payment amount.

Administered

personal benefits provisions

$4.0 billion

personal benefits

receivables

(component of

receivables)

$5.0 billion

Valuation of personal benefits provisions and personal benefits receivables

KAM

Higher

  • provisions and receivables involve estimation models which require significant judgements and assumptions, and are dependent on a number of factors. These factors include, but are not limited to, new budget measures affecting benefit programs, timing of payments, personal circumstances of recipients and the economic environment; and
  • the accuracy and completeness of the source data used by the actuary in developing the estimation of the provisions and receivables is a key component of the valuation process.

Administered

grants expenses

$2.3 billion

Accuracy and occurrence of grant expenses

KAM

Moderate

  • a large number of grants programs with differing legislative and policy requirements which make the management of grant processes complex and this has the potential to impact the validity of grant expenses.
       

Source: ANAO 2019–20 risk assessment for DSS, and DSS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.18.13 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the IT general controls relating to: financial management, human resources information, and grant management systems; and compliance and assurance processes relating to personal benefits and disability services. Audit coverage has also been completed on the processes relating to: grants; cash; appropriations; special accounts; asset management; payroll processing; suppliers’ expenses; departmental revenue; and payments on behalf of other entities.

4.18.14 Audit procedures relating to the assessment of the valuation of personal benefits asset and liability balances will be undertaken as part of the planned 2019–20 audit. This includes the valuation of investments and testing of the application controls for the IT systems that process payments related to personal benefits, disability services and grants.

4.18.15 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.18.16 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that DSS will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.19 Services Australia

Overview

4.19.1 Services Australia has responsibility for delivering a range of payments and services to support individuals, families and communities, as well as providers and businesses. These include income support payments and services, aged care payments, Medicare payments and services, and child support services.

4.19.2 From 1 February 2020, as a result of an Administrative Arrangements Order (AAO), Services Australia (formerly known as Department of Human Services) was established as a new Executive Agency within the Social Services Portfolio. Effective 6 February 2020: the Information Technology Group functions and staff transferred to Services Australia from the Department of Social Services (DSS); and the National Redress Scheme Branch, and the administered investments for Hearing Australia transferred from Services Australia to DSS.

4.19.3 Consistent with the Australian Government’s response to the COVID-19 pandemic, Services Australia has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: Service Australia’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Service Australia’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.19.4 Figure 4.19.1 and Figure 4.19.2 show the 2019–20 departmental and administered financial statements items reported by Services Australia and the key areas of financial statements risk.

Figure 4.19.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.19.1 shows Services Australia’s departmental estimated actuals for the year ended 30 June 2020 as per Services Australia’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.19.3.

Source: ANAO analysis and Services Australia’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.19.2: Key administered financial statements items and areas of financial statements risk

Figure 4.19.2 shows Services Australia’s administered estimated actuals for the year ended 30 June 2020 as per Services Australia’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.19.3.

Source: ANAO analysis and Services Australia’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.19.5 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Services Australia’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Services Australia’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.19.3 and the ANAO’s understanding of the operations of Services Australia, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.19.6 Annual appropriation funding of $5.4 billion153 (departmental) and $1.6 million (administered) was provided to Services Australia in 2019–20 to support the achievement of the entity’s outcomes.154 Services Australia was also budgeted to receive special appropriation funding of $0.3 million155 relating to refunds under the Public Governance, Performance and Accountability Act 2013 (PGPA Act).

4.19.7 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year156 funding was announced for entities. As part of that funding Services Australia was provided $321.0 million in 2019–20 to deliver the Government’s economic stimulus initiatives, which includes the Coronavirus Supplement, the Economic Support Payment and the changes to the Job Seeker program. Services Australia’s current year COVID-19 appropriations has been provided on a no-win, no-loss basis, and any of the unspent funding at 30 June 2020 will be quarantined by the Department of Finance and returned to Government.

4.19.8 Table 4.19.1 and Table 4.19.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.19.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

5,184.9

1 740.7

Employee benefits

2,722.4

Suppliers

1,770.8

Depreciation and amortisation

659.7

Child support maintenance

1,638.1

Write-down and impairment of assets

102.6

Other

32.0

Total own-source income

277.1

1,776.5

Rendering of services

259.6

Rental income

15.4

Child support maintenance revenue

1,720.4

Dividends

12.2

Other

2.1

43.9

Net (cost of)/contribution to services

(4,907.8)

35.8

     

Source: Services Australia’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.19.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

4,803.7

1,197.7

Cash

20.0

120.0

Trade and other receivables

1,267.1

21.1

Land and buildings

2,362.0

Property and equipment

429.8

Software

517.3

Prepayments

207.5

Child Support receivables

977.6

Investment – Australian Hearing

79.0

Total liabilities

3,460.7

1,090.8

Suppliers

435.8

Lease

2,092.5

Other payables and provisions

41.3

Child Support and other payables

34.1

Employee payables and provisions

891.1

Recovery of compensation

57.9

Child Support payments received in advance

23.2

Child Support provisions

975.6

Net assets/(liabilities)

1,343.0

106.9

     

Note: Services Australia’s estimated average staffing level for 2019–20 is 27,325.

Source: Services Australia’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.19.9 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.19.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.19.10 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.157 As at the interim phase, no additional financial statements risks have been identified for Services Australia. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.19.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

Child support maintenance receivables

$977.6 million

Valuation of child support receivables that are yet to be paid by non-custodial parents at the end of the financial year.

KAM

Moderate

  • significant judgements and assumptions around the collection rates of child support obligations are applied in determining the valuation of child support receivables, and require the involvement of an actuary. These judgements rely on the quality of the underlying data used in the estimation process; and
  • a large volume of child support financial transactions are processed using bespoke IT application under the complex Child Support Act 1988. This complexity increases the judgements and estimates associated with the child support receivable valuation.

Departmental

Intangible assets

$517.3 million

Valuation of intangible assets

KAM

Moderate

  • significant judgements involved in considering the indicators of impairment to estimate the value of intangible assets; and
  • judgements involved in estimating the capitalisation of the staff and other costs attributed to developing the software applications.
       

Source: ANAO 2019–20 risk assessment for Services Australia and the 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.19.11 As referenced at paragraph 4.19.1, Services Australia delivers payments on behalf of the Departments of Social Services, Health and a number of other Commonwealth entities. These payments are reported in the respective entities’ financial statements and are budgeted to be approximately $190.0 billion in 2019–20. The areas highlighted for specific audit coverage for these payments for 2019–20 are outlined in this report against the individual responsible entity.

4.19.12 The ANAO also considers the results of recent performance audits in identifying risks and designing an approach for the financial statements audit. Auditor-General Report No. 30 2019–20 Bilateral Agreement Arrangements Between Services Australia and Other Entities did not include recommendations regarding risks to Services Australia’s financial administration as it relates to the financial statements. However, the observations of this report were considered in designing audit procedures.

Audit results

4.19.13 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls in relation to areas of audit focus and IT controls over security and change management of the financial management and human resource management information system.

4.19.14 As part of the 2019–20 final audit, the ANAO will also assess the controls over social services and health related payments made by Services Australia on behalf of other Commonwealth entities, including associated compliance and quality assurance activities. In addition, the ANAO’s final audit coverage will include the valuation of child support debts and non-financial assets, particularly intangibles.

4.19.15 The following table summarises the status of audit findings reported by the ANAO in 2018–19 and 2019–20.

Table 4.19.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

B

1

1

TOTAL

1

1

         
New moderate audit finding
IT Security Governance

4.19.16 Services Australia has a complex IT environment made up of a suite of systems hosted across different IT platforms such as mid-range and mainframe to support business objectives. The overall effectiveness of the IT control environment forms a significant component of the overall integrity and reliability of financial transactions, which links closely with Services Australia’s strategic risks. For the 2019–20 audit, the ANAO identified weaknesses in the implementation and operation of the governance and monitoring processes that support Services Australia’s information security framework.

4.19.17 Weaknesses in Services Australia’s information security framework, could result in broader cyber security, access management, business and financial risks being inadequately managed across the agency. This could lead to inappropriate system access and insufficient monitoring of high risk activities, resulting in the failure to detect inappropriate access or activity that compromise the integrity of payments and financial data.

4.19.18 During the interim audit, the ANAO noted the following issues:

  • within Services Australia’s IT environment, there are gaps in documentation to support the assessment of risk, identification of controls to mitigate assessed risks, and evidence of reporting and monitoring over the implementation of controls for key systems;
  • the status of accreditation or risk assessments for critical financial systems have not been updated in the last two years. This includes the update of System Threat Risk Analysis, System Security Plans, and System Operating Procedures; and
  • security and user access related observations across multiple applications, including in relation to user revalidation and privileged user functions.

4.19.19 Based on the above, the governance and monitoring processes are not operating effectively. The ANAO recommended that governance and monitoring processes are strengthened to include the review and reporting of adherence to Services Australia’s Cyber Security Information Services Manual. Services Australia has acknowledged the recommendation and are in the process of drafting a response. This area will be reviewed during the final phase of the audit.

Conclusion

4.19.20 Based on our interim audit coverage which was largely conducted in a pre COVID-19 environment, and except for the finding outlined above, key elements of internal control were operating effectively to provide reasonable assurance that Services Australia will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.20 National Disability Insurance Scheme Launch Transition Agency

Overview

4.20.1 The National Disability Insurance Scheme Launch Transition Agency (NDIA), which commenced operations on 1 July 2013, was established under the National Disability Insurance Scheme Act 2013. The NDIA is responsible for delivering the National Disability Insurance Scheme (NDIS). The NDIS is designed to provide individual control and choice in the delivery of reasonable and necessary care and support; to improve the independence, social and economic participation of eligible people with disability, their families and carers; and to provide associated referral services and activities.

4.20.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, NDIA has implemented a range of measures, including requesting staff to work remotely where operational requirements allow. These working arrangements may impact: NDIA’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and NDIA’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.20.3 Figure 4.20.1 shows the 2019–20 financial statement items reported by NDIA and the key areas of financial statements risk.

Figure 4.20.1: Key financial statement items and areas of financial statements risk

Figure 4.20.1 shows NDIA’s estimated actuals for the year ended 30 June 2020 as per NDIA’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.20.3.

Source: ANAO analysis and NDIA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.20.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on NDIA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of NDIA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.20.3 and the ANAO’s understanding of the operations of NDIA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.20.5 Annual funding of $17.6 billion is estimated to be provided to NDIA in 2019–20 to support the achievement of NDIA’s outcomes. The funding comprises $1.4 billion158 appropriations from the Commonwealth government for operating costs, $14.3 billion from Commonwealth, state and territory governments for participant costs, and $1.9 billion services provided in-kind to participants from the Commonwealth, state and territory governments.

4.20.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, the NDIA has:

  • made an advance payment to registered providers where supports are provided to Agency managed participants. The advance payment must be repaid by providers, with approximately $587.0 million already paid to just under 5,000 providers;
  • applied a 10 per cent price loading on specified supports. The 10 per cent price increase is expected to cost $510 million over six months, with approximately $300 million impacting in 2019–20; and
  • increased the cancelation payment from 90 per cent to 100 per cent, under specific terms and conditions.

4.20.7 Table 4.20.1 and Table 4.20.2 provide a summary of the key 2019–20 estimated financial statements items.

Table 4.20.1: Key expenses and total own-sourced income

Expenses and own-source income

Revised budget
($m) 2019–20

Total expenses

17,865.9

Employee benefits

319.6

Suppliers

1,084.4

Grants

134.5

Depreciation and amortisation

62.7

Participant plan expenses

16,262.5

Other

2.2

Total own-source income

16,318.7

Sale of goods and rendering of services

14348.8

Other

1,969.9

Net (cost of)/contribution to services

(1,547.2)

   

Source: NDIA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.20.2: Key assets and liabilities

Assets and liabilities

Revised budget
($m) 2019–20

Total assets

4,605.9

Cash and cash equivalents

3,700.3

Trade and other receivables

585.1

Non-financial assets

314.7

Other financial assets

5.8

Total liabilities

2,199.4

Suppliers

111.6

Other payables

433.1

Leases

203.3

Grants

63.2

Employee provisions

1,380.8

Other

7.4

Net assets/(liabilities)

2,406.5

   

Note: NDIA’s estimated average staffing level for 2019–20 is 3,780.

Source: NDIA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.20.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.20.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.20.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.159 As at the interim phase, no additional financial statements risks have been identified for NDIA. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.20.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Participant plan expenses

$16.3 billion

Accuracy and occurrence of participant plan expenses

KAM

Higher

  • ongoing growth in NDIS participant numbers and the need to cater for a diverse group of participants with varying and changing needs;
  • reliance on third parties to provide information to support payments, making these payments more susceptible to fraud; and
  • no supporting documentation required as part of the claiming process.

Participant plan provision

$1.4 billion

Valuation of participant plan provisions

KAM

Higher

  • reliance on accounting estimates based on relatively immature longitudinal data given the maturity of the NDIS; and
  • complexity of calculations due to the significant number of participant plans and the diverse nature of goods and services provided.

Contributions in-kind from Commonwealth, state and territory governments

$1.9 billion

Completeness, occurrence and accuracy of contributions of in-kind services from Commonwealth and state and territory governments

KAM

Higher

  • complexities related to the valuation and accounting for in-kind contributions provided by the Commonwealth, state and territory governments. Prior to the commencement of the NDIS, the Commonwealth, state and territory governments had committed to provide (directly or by engaging service providers) items such as disability services, health, family support, education, employment, transport and/or housing to people with a disability. The on-going provision of these agreed services on behalf of the NDIA is regarded as an in-kind contribution.
       

Source: ANAO 2019–20 risk assessment for NDIA, and NDIA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.20.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: the NDIA’s IT general controls over security and change management; processes relating to cash; payroll processing; suppliers expenses; grants expenses; and participant expenses.

4.20.11 Audit coverage of the application controls in the financial management and human resource management information systems and the Customer Relationship Management (CRM) system will be completed prior to the final phase of the 2019–20 audit.

4.20.12 Audit procedures relating to the valuation of the participant provision, the completeness and accuracy of in-kind revenue and our review of the NDIA’s quality assurance framework supporting participant expenses will be undertaken as part of the planned 2019–20 final audit.

4.20.13 The following table summarises the status of audit findings reported by the ANAO in 2018–19 and 2019–20.

Table 4.20.4: Status of audit findings raised by the ANAO

Category

Closing position
(2018–19)

New findings
(2019–20)

Findings resolved
(2019–20)

Closing position
(2019–20)

A

B

1

1

TOTAL

1

1

         
Unresolved moderate audit finding
Streamlined Access to Scheme — Defined Programs

4.20.14 Streamlined access processes for participants were introduced to facilitate the timely transition of large numbers of people into the NDIS. One of the streamlined pathways is through Defined Programs. Defined Programs are existing Commonwealth, state, and territory disability support programs that have been assessed by the NDIA as having eligibility requirements that align with NDIS access requirements. People currently receiving support from a Defined Program are automatically deemed eligible for the NDIS, as long as they meet the age and residence requirements.

4.20.15 The Commonwealth, state and territory governments provide information to the NDIA on existing disability clients transitioning into the NDIS in accordance with an agreed data standard, including if a potential participant is a participant in a Defined Program.

4.20.16 Due to the reliance on state and territory information and the limited access review processes for participants once they have been accepted as eligible, there is an increased risk of ineligible participants entering the NDIS and not being identified as ineligible in a timely manner. A mitigation strategy had not been implemented to address this risk.

4.20.17 The NDIA has advised that an enhanced eligibility reassessment process was implemented in March 2020 and will form part of all future participant plan reviews. This process is designed to identify participants who may no longer meet eligibility requirements of residency and disability and require a reassessment of their eligibility to the NDIS. As this process is applied to all participants it will include participants who entered the NDIS through a Defined Program. The ANAO will monitor the NDIA’s progress in implementing the enhanced eligibility reassessment processes and review the results of NDIA’s post implementation report as part of the final phase of the 2019–20 financial statements audit.

Conclusion

4.20.18 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, and except for the finding outlined above, key elements of internal control were operating effectively to provide reasonable assurance that NDIA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.21 Department of the Treasury

Overview

4.21.1 The Department of the Treasury (Treasury) is responsible for the development, delivery and implementation of economic analysis and authoritative policy advice issues such as: the economy; budget; taxation; financial; foreign investment; structural policy; superannuation; small business; housing affordability and international economic policy. The Treasury also works with State and Territory governments on key policy areas, as well as managing federal financial relations.

4.21.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, Treasury has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: Treasury’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and Treasury’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.21.3 Figure 4.21.1 and Figure 4.21.2 show the 2019–20 departmental and administered financial statements items reported by Treasury and the key areas of financial statements risk.

Figure 4.21.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.21.1 shows Treasury’s departmental estimated actuals for the year ended 30 June 2020 as per the Treasury’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.21.3.

Source: ANAO analysis and Treasury’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.21.2: Key administered financial statements items and areas of financial statements risk

Figure 4.21.2 shows Treasury’s administered estimated actuals for the year ended 30 June 2020 as per the Treasury’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.21.3.

Source: ANAO analysis and Treasury’s 2019–20 revised budget as reported in the 2019–20 Portfolio Budget Additional Estimates Statements.

4.21.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on Treasury’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of Treasury’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.21.3 and the ANAO’s understanding of the operations of Treasury, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.21.5 Annual appropriation funding of $221.8 million (departmental) and $273.4 million (administered) was provided to Treasury in 2019–20 to support the achievement of the entity’s outcomes.160 Treasury was also budgeted to receive special appropriation funding of $90.4 billion161, the majority of which relates to payments under the Federal Financial Relations Act 2009.

4.21.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year162 funding was announced for entities. No funding has been appropriated to Treasury in 2019–20 for COVID-19, however, funding will be sourced for the National Communications Campaign.

4.21.7 Table 4.21.1 and Table 4.21.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.21.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

231.0

141,336.4

Employee benefits

153.5

Suppliers

61.5

49.5

Grants

1.0

103,224.3

Payments to the Medicare Guarantee Fund

37,564.4

Interest

2.0

110.1

Foreign Exchange losses

326.4

Other

13.0

61.7

Total own-source income

16.6

4,007.8

Sale of goods and services

11.7

649.1

Interest

32.0

Dividends

1,332.6

COAG revenue from government entities

1,665.7

Other

4.9

93.5

Foreign Exchange Gains

234.9

Net (cost of)/contribution to services

(214.6)

(137,328.6)

     

Source: Treasury’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.21.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

202.9

46,821.5

Cash and cash equivalents

2.8

499.7

Advances and loans

356.0

Trade and other receivables

61.8

870.3

Land and buildings

106.4

Property, plant and equipment

14.2

Intangibles

11.9

Investments

45,095.5

Other

5.8

Total liabilities

159.4

17,789.0

Suppliers

8.5

Other payables

3.5

25.9

Employee provisions

52.8

Grants payable

62.4

Loans

16,809.2

Lease liabilities

91.0

Other provisions

3.6

891.5

Net assets/(liabilities)

43.5

29,032.5

     

Note: Treasury’s estimated average staffing level for 2019–20 is 948.

Source: Treasury’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.21.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.21.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.21.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.163 As at the interim phase, no additional financial statements risks have been identified for Treasury. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.21.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

Other provisions

$891.5 million

Completeness and valuation of the Disaster Recovery Funding Arrangements (DRFA) and the Natural Disaster Relief and Recovery Arrangements Provision (NDRRA)

KAM

Higher

  • reliance on information provided by state and territory governments to estimate the provision; and
  • complexities in judgements relating to the estimation of future costs to restore infrastructure to its original condition (at the time of the natural disaster), and the timing of future payments.

Administered

Grants expense

$103.2 billion

Accuracy and completeness of payments to states and territories under the Federal Financial Relations Act 2009

KAM

Moderate

  • the significance of the value of grants paid and the complex eligibility criteria for a number of grants; and
  • reliance on other government entities to provide information to support payments and confirm the eligibility criteria have been met.

Administered

Component of:

Investments

$45.1 billion

Advances and loans

$356.0 million

Accuracy, completeness and valuation of National Housing Finance and Investment Corporation (NHFIC) transactions

Moderate

  • complex legislative arrangements which govern the funding arrangements for NHFIC, and the accurate recording in the financial statements of associated transactions.
       

Source: ANAO 2019–20 risk assessment for Treasury, and Treasury’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.21.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: cash and asset management, payroll processing, revenue and receivables, supplier expenses and appropriations. Audit coverage also included an assessment of the IT general controls.

4.21.11 Interim audit coverage has also been completed over program management and eligibility managed by other entities and the Treasury’s internal payment processes for National Partnership Payments made under the Federal Financial Relations Act 2009.

4.21.12 Audit procedures relating to: the valuation of NDRRA; administered investments and transactions relating to the NHFIC will be undertaken as part of the 2019–20 final audit. Procedures will also be undertaken over the assurance processes for payments made under the Federal Financial Relations Act 2009, including those yet to be completed relating to the National Partnership Payments.

4.21.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings

Conclusion

4.21.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that Treasury will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.22 Australian Office of Financial Management

Overview

4.22.1 The Australian Office of Financial Management (AOFM) is responsible for managing Australian Government debt and financial assets and the issuing of Treasury bonds, Treasury indexed bonds and Treasury notes into the financial markets.

4.22.2 AOFM is also responsible for the recently created Australian Business Securitisation Fund (ABSF), a $2 billion fund with the aim of improving access to, and the cost of finance to small and medium enterprises (SMEs). AOFM will be making investments from the Fund in securitisations of loans made by SME lenders.

4.22.3 A new fund, to be administered by AOFM, was established by Parliament on 24 March 2020. The Structured Finance Support Fund is a $15 billion fund to enable the Government to support continued access to funding markets for small to medium enterprises impacted by the effects of COVID-19. The first transaction of $190 million occurred the week the fund was established.

4.22.4 Consistent with the Australian Government’s response to the COVID-19 pandemic, AOFM has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: AOFM’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and AOFM’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.22.5 Figure 4.22.1 and Figure 4.22.2 show the 2019–20 departmental and administered financial statement items reported by AOFM and the key areas of financial statements risk.

Figure 4.22.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.22.1 shows AOFM’s departmental estimated actuals for the year ended 30 June 2020 as per AOFM’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.22.3.

Source: ANAO analysis and AOFM’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.22.2: Key administered financial statements items and areas of financial statements risk

Figure 4.22.2 shows AOFM’s administered estimated actuals for the year ended 30 June 2020 as per AOFM’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.22.3.

Source: ANAO analysis and AOFM’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.22.6 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on AOFM’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of AOFM’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.22.3 and the ANAO’s understanding of the operations of AOFM, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.22.7 Annual departmental appropriation funding of $14.2 million was provided to AOFM in 2019–20 to support the achievement of the entity’s outcomes.164 AOFM was also budgeted to receive administered special appropriation funding of $442.7 billion165, which provides for the payment of principal and interest on debt managed by AOFM and for the purchase of investments.

4.22.8 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year166 funding was announced for entities. AOFM was provided an administered special appropriation of $15 billion in 2019–20 for the Structured Finance Support Fund.167

4.22.9 Table 4.22.1 and Table 4.22.2 provide a summary of the key 2019–20 departmental and administered estimated financials statements items.

Table 4.22.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

15.1

17,037.0

Employee benefits

7.9

Suppliers

6.7

Depreciation and amortisation

0.5

Interest costs

17,011.6

Other

25.4

Total own-source income

0.7

4,755.9

Sale of goods and rendering of services

0.4

Resources received free of charge

0.3

Interest revenue

498.0

Net loss on debt repurchase and asset sales

(781.7)

Net gain/(losses) on market revaluation

5,039.6

Net (cost of)/contribution to services

(14.4)

(12,281.1)

     

Source: AOFM’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.22.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

26.8

32,319.4

Cash and cash equivalents

0.1

0.6

Trade and other receivables

23.5

1,627.9

Investments

30,690.9

Non-financial assets

3.2

Total liabilities

3.0

619,463.2

Employee provisions

2.2

Australian Government securities

619,463.2

Other

0.8

Net assets/(liabilities)

23.8

(587,143.8)

     

Note: AOFM’s estimated average staffing level for 2019–20 is 47.

Source: AOFM’s 2019–20 budget as reported in the 2019–20 Portfolio Additional Estimates Statements

Key areas of financial statements risk

4.22.10 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.22.3, including the areas which were considered a Key Audit Matter (KAM) by the ANAO.

4.22.11 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.168 As at the interim phase, no additional financial statements risks have been identified for AOFM. The implications of the risks identified in chapter four are currently being considered by the ANAO, and the key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.22.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

Australian Government securities

$619.5 billion

Valuation and disclosure of Australian Government securities

KAM

Moderate

  • significant value of the liability and significant volume of instruments issued;
  • fair value movements have a material impact on the financial statements and are impacted by price changes in money markets and capital markets; and
  • complex financial statement disclosure requirements for financial assets and liabilities measured at fair value through profit and loss.

Administered

Investments

Valuation of debt securities purchased through the Australian Business Securitisation Funda and Structured Finance Support Fundb

Moderate

  • new investment activity; and
  • complex judgements around the valuation of the investments.
       

Note a: $250 million of funding has been allocated by the Government for 2019–20. As at 30 April 2020, no investments have been made.

Note b: $15 billion was appropriated for the Structured Finance Support Fund. As at 30 April 2020, $193 million has been invested.

Source: ANAO 2019–20 risk assessment for the AOFM and the AOFM’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.22.12 The ANAO 2019–20 interim audit coverage is substantially complete, including an assessment of the controls relating to: the authorisations of new tenders, debt coupon payments and redemptions; debt buybacks; and the review of market valuations of debt, appropriations, and payroll processes. Payroll process controls, and IT and general application controls coverage specific to debt management are currently being finalised.

4.22.13 The final stage of the 2019–20 audit will include procedures relating to: the valuation of Australian Government securities, investments from the Australian Business Securitisation Fund and the Structured Finance Support Fund, loans to state and territories and term deposits; appropriations; employee benefits; and supplier expenses.

4.22.14 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.22.15 Based on our interim audit coverage which was largely conducted in a pre COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that AOFM will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.23 Australian Taxation Office

Overview

4.23.1 The Australian Taxation Office’s (ATO’s) core areas of responsibility are managing and shaping tax, excise and superannuation systems that fund services for Australians, together with the provision of support to the Tax Practitioners Board, the Australian Business Register and the Australian Charities and Not-for-profits Commission.

4.23.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, the ATO has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: ATO’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and the ATO’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.23.3 Figure 4.23.1 and Figure 4.23.2 show the 2019–20 departmental and administered financial statements items reported by ATO and the key areas of financial statements risk.

Figure 4.23.1: Key departmental financial statements items and areas of financial statements risk

Figure 4.23.1 shows ATO’s departmental estimated actuals for the year ended 30 June 2020 as per the ATO’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.23.3.

Source: ANAO analysis and ATO’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Figure 4.23.2: Key administered financial statements items and areas of financial statements risk

Figure 4.23.2 shows ATO’s administered estimated actuals for the year ended 30 June 2020 as per the ATO’s revised budget as reported in the 2019–20 Portfolio Additional Estimates Statement, categorised by financial statement classification of, income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.23.3

Source: ANAO analysis and ATO’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

4.23.4 The ANAO’s audit approach identifies key areas of risk that have the potential to materially impact on ATO’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items in the context of the ATO’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.23.3 and the ANAO’s understanding of the operations of ATO, the ANAO has assessed the risk of a material misstatement as high.

Key financial statements items

4.23.5 Annual appropriation funding of $3.7 billion (departmental) and $7.8 million (administered) was provided to ATO in 2019–20 to support the achievement of the entity’s outcomes.169 ATO is also budgeted to receive special appropriation funding of $12.4 billion170 for administered subsidies including: fuel tax credits, research and development tax incentive, and Australian Screen Production Incentive; and estimated tax refunds, items worth $106.8 billion, which includes $290 million collected on behalf of the ATO by the Department of Home Affairs (Home Affairs) for the Tourist Refund Scheme (TRS) under Section 16 of the Tax Administration Act.171

4.23.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, additional multi-year172 funding was announced for entities. While no additional specific funding was appropriated to the ATO in 2019–20 for COVID-19, the special appropriation under Section 16 of the Tax Administration Act 1953 was expanded to include the JobKeeper payment and the Cash Flow Boost Payment.

4.23.7 Table 4.23.1 and Table 4.23.2 provide a summary of the key 2019–20 departmental and administered estimated financial statements items.

Table 4.23.1: Key expenses and total own-sourced income

Expenses and own-source income

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total expenses

3,862.9

19,062.5

Employee benefits

1,983.1

Suppliers

1,432.8

7.8

Depreciation and amortisation

432.4

Subsidies

10,455.7

Personal benefits

1,150.0

Penalty and Interest charge remission

1,260.0

Write-down and impairment of assets

5,529.0

Interest

130.0

Other

14.6

Superannuation guarantee charge

461.0

Unclaimed superannuation monies interest

69.0

Total own-source income

152.6

445,511.5

Sale of goods and rendering of services

118.4

Income tax

348,956.8

Indirect tax

92,910.0

Other taxes

2,832.0

Unclaimed superannuation Monies

808.0

Rental income

23.2

Other

11.0

4.7

Net (cost of)/contribution to services

(3,710.3)

426,449.0

     

Source: ATO’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Table 4.23.2: Key assets and liabilities

Assets and liabilities

Departmental revised budget
($m) 2019–20

Administered revised budget
($m) 2019–20

Total assets

2,428.9

41,638.8

Cash and cash equivalents

45.4

464.6

Trade and other receivables

339.2

Non-financial assets

2,044.3

Taxation receivables

27,460.9

Accrued revenues

13,493.9

Other

219.4

Total liabilities

2,336.9

11,151.3

Suppliers

241.6

Employees

47.0

Other Payables

78.2

Employee provisions

689.5

Subsidies

28.1

Taxation refunds provided

1,165.3

Other provisions

26.9

9,824.4

Superannuation guarantee charge

35.0

Superannuation Holding Account

94.7

Personal benefits

3.7

Other

0.1

Leases

1,253.7

Net assets/(liabilities)

92.0

30,487.5

     

Note: ATO’s estimated average staffing level for 2019–20 is 17,115.

Source: ATO’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Key areas of financial statements risk

4.23.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.23.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.23.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.173 On the 23 and 30 March 2020, in response to the COVID-19 pandemic, major stimulus packages were announced which are to be administered by the ATO. The new systems and processes were under development at the time of our interim audit. The key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.23.3: Key areas of financial statements risk

Relevant financial statement item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Administered

taxation revenue $444.7 billion

expenses

$19.1 billion

Accuracy of administered income and expenses.

KAM

Higher

  • complex estimation processes, involving significant judgement and specialist knowledge;
  • completeness, relevance and accuracy of source data; and
  • volatility in economic conditions, such as wage growth, gross domestic product and historical information increases the uncertainty of factors underpinning the estimates.

Administered

taxation revenue $444.7 billion

expenses $19.1 billion

provisions for credit amendments and impairment allowance (component of the taxation receivable balance $27.5 billion)

provisions for refunds $2.6 billion

Valuation of taxation receivables including processes for estimating taxation debt provisions, accounting for settlements of outstanding taxation liabilities and other adjustments to taxpayer client accounts.

KAM

Higher

  • significant value of transactions subject to complex estimation processes drawing on specialist knowledge of debt provisions, including allowance for credit amendment and impairment losses associated with taxation receivable balances;
  • completeness, relevance and accuracy of source data;
  • complexity associated with negotiations and dispute resolutions;
  • application of significant judgement for settlement resulting from differing deeds and terms; and
  • quality assurance processes for key judgements relating to debt provisions including credit amendments, impairment losses, and accounting for settlements of outstanding taxation liabilities and other adjustments to client accounts.

Administered

taxation revenue $444.7 billion

Completeness and accuracy of taxation revenue and the ATO’s compliance risk management relating to the collection of taxation revenue.

KAM

Higher

  • the significant value of revenue transactions that rely on information provided by taxpayers in a self-assessment and voluntary compliance regime;
  • the effectiveness of the design and implementation of the compliance risk management regime that reduces the risk that inappropriate taxation returns may not be detected and corrected by the ATO, which makes the deterrence of tax evasion more effective; and
  • judgements associated with the risk management approach to compliance activities.

Administered

all financial statement items

Completeness and accuracy relating to financial reporting due to complex manual compilation of data processes required for financial reporting purposes.

Moderate

  • manual calculation of complex information in spreadsheets increases the risk of miscalculation due to data linkages and human error.

Administered

all financial statement items

Accuracy and completeness of balances due to ATO’s IT business systems and associated processing of taxpayer returns and statements.

Moderate

  • large and complex IT environment with several hundred business applications processing a high volume of transactions;
  • many IT systems are bespoke or heavily customised to the ATO; and
  • reliance on specialised reports to prepare financial statements balances.
       

Source: ANAO 2019–20 risk assessment for ATO, and ATO’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

Audit results

4.23.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to the ATO’s business operations which incorporated ATO’s key financial administration systems and its key revenue collection processes.

4.23.11 Audit procedures relating to the ANAO’s interim audit coverage included an assessment of the ATO’s IT general controls and departmental application controls. The assessment included: logical security; change and release management and controls in the ATO’s financial management information system; human resource management information system; and other key administered financial systems.

4.23.12 In late December 2019 the ATO implemented a major project called the Activity Statement Financial Processing (ASFP). The project involved the data migration of the system used to process Activity Statements, including GST, into the Integrated Core Processing (ICP) system that processes Income Tax Returns. During the 2019–20 final audit the ANAO will review and assess the implementation of the system changes.

4.23.13 The ANAO will also finalise the assessment of the complex manual processes for financial reporting and coverage over the ATO’s external compliance program as part of the 2019–20 final audit. The ANAO will also conduct further testing on the effective operation of the ATO’s IT application controls during the 2019–20 final audit.

4.23.14 The interim audit work has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.23.15 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that ATO will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

4.24 Reserve Bank of Australia

Overview

4.24.1 The objective of the Reserve Bank of Australia (RBA) is to determine and implement monetary policy, work to maintain a strong financial system, and issue the nation’s currency. As well as being a policy making body, the RBA provides selected banking services to a range of Australian Government entities and to a number of overseas central banks and official institutions. The RBA is also responsible for the management of Australia’s gold and foreign exchange reserves.

4.24.2 Consistent with the Australian Government’s response to the COVID-19 pandemic, the RBA has implemented a range of measures, including enabling staff to work remotely where operational requirements allow. These working arrangements may impact: the RBA’s internal control environment; the ANAO’s assessment of whether controls have been implemented and are operating effectively for the full year; and the RBA’s ability to produce financial statements that are free from material misstatement. The ANAO will consider any changes to the control environment as part of the remaining audit procedures for the 2019–20 audit.

4.24.3 Figure 4.24.1 shows the 2018–19 financial statement items reported by RBA and the key areas of financial statements risk.

Figure 4.24.1: Key financial statements items and areas of financial statements risk

Figure 4.24.1 shows RBA’s financial statements for the year ended 30 June 2019, categorised by financial statement classification of, own source income, expenses, assets and liabilities, with the key areas of financial statements risk as per Table 4.24.3.

Source: ANAO analysis and RBA’s financial statements for the year ended 30 June 2019.

4.24.4 The ANAO’s audit approach identifies key areas of risk that have the potential to impact on RBA’s financial statements. The ANAO’s risk assessment process considers the nature of the financial statements items and an understanding of RBA’s environment and governance arrangements, including its financial reporting regime and system of internal control. In light of the key areas of risk identified in Table 4.24.3 and the ANAO’s understanding of the operations of RBA, the ANAO has assessed the risk of a material misstatement as moderate.

Key financial statements items

4.24.5 The operational functions of the RBA are funded from: net interest income earnings; net gains on securities and foreign exchange; and fees and commissions income.

4.24.6 Under the Government’s economic stimulus measures designed to support the economy as a result of COVID-19, the RBA:

  • is purchasing Government bonds in the secondary market with a view to targeting a yield on 3-year Australian Government bonds of around 0.25 per cent, to help lower funding costs across the economy; and
  • has provided a term funding facility (TFF), the objective of which is to lower funding costs for the entire banking system so that the cost of credit to households and businesses is low, and to provide an incentive for lenders to support credit to businesses, especially small and medium-sized businesses. Under the TFF, authorised deposit-taking institutions (ADIs) in total have access to at least $90 billion in funding from the RBA. The funding is for three years at a fixed interest rate of 0.25 per cent. ADIs are also able to borrow additional funds from the RBA if they increase credit to business this year.

4.24.7 Table 4.24.1 and Table 4.24.2 provide a summary of the key 2018–19 audited financial statements items.

Table 4.24.1: Key expenses and total own-sourced income

Expenses and own-source income

Actual($m) 2018–19

Total expenses

664.0

General administrative

460.0

Other

204.0

Total own-source income

5,213.0

Net gains on securities and foreign exchange

3,331.0

Net interest income

1,276.0

Fees and commission

518.0

Other

88.0

Net profit/(loss)

4,549.0

   

Source: RBA’s 2018–19 audited financial statements.

Table 4.24.2: Key assets and liabilities

Assets and liabilities

Actual($m) 2018–19

Total assets

181,808.0

Cash and cash equivalents

1,251.0

Australian dollar investments

97,850.0

Foreign currency investments

76,204.0

Gold

5,159.0

Property, plant and equipment

697.0

Other

647.0

Total liabilities

152,896.0

Deposits

68,654.0

Distribution payable to the Commonwealth

1,685.0

Australian banknotes on issue

80,024.0

Other

2,533.0

Net assets/(liabilities)

28,912.0

   

Note: RBA’s estimated average staffing level for 2018–19 is 1,370.

Source: RBA’s 2018–19 audited financial statements.

Key areas of financial statements risk

4.24.8 The ANAO undertakes appropriate audit procedures on all material items and focuses audit effort on those areas that are assessed as having a higher risk of material misstatement. Areas highlighted for specific audit coverage in 2019–20 are provided in Table 4.24.3, including areas which were considered Key Audit Matters (KAM) by the ANAO.

4.24.9 The introduction to chapter four has outlined a number of key financial statements risk areas arising from the COVID-19 situation that may impact the ANAO’s assessment of audit risk and the planned audit approach.174 In addition to the risks identified in chapter four, the ANAO has identified specific risks for the RBA’s financial statements relating to the introduction of the term funding facility and the increase in volume of Australian bond holdings. The implications of these risks are in the process of being considered by the ANAO and as a result have not been included in Table 4.24.3. The key areas of financial statements risk will continue to be assessed throughout the audit cycle and where necessary the audit approach will be revised.

Table 4.24.3: Key areas of financial statements risk

Relevant financial statements item

Key area of risk

Audit risk rating

Factors contributing to the risk assessment

Australian dollar investments

$97.9 billion

foreign currency investments

$76.2 billion

net gain on security and foreign exchange

$3.3 billion

Valuation of Australian dollar securities and foreign currency investments

KAM

Higher

  • complexity in determining the fair value of a range of investments and securities; and
  • potential for a significant financial impact from fluctuations in the value of the Australian dollar.

Australian banknotes on issue

$80.0 billion

Accuracy of the liability for the Australian banknotes

KAM

Higher

  • the accuracy of the liability for Australian banknotes on issue is dependent on the assumption that legal tender status is retained by all Australian notes on issue; and
  • high volume of note production and the supply and security of banknotes is structurally significant to the economy.
       

Source: ANAO 2019–20 risk assessment for RBA, and RBA’s 2018–19 audited financial statements.

Audit results

4.24.10 The ANAO has completed its 2019–20 interim audit coverage, including an assessment of the controls relating to: the initiation and authorisation of Australian dollar and foreign currency investments; the return and issuance of Australian banknotes on issue; the processing of term deposits; and key IT controls over change management.

4.24.11 Audit procedures over the effectiveness of key controls for the remaining areas of audit focus will be undertaken as part of the 2019–20 final audit. This includes an assessment of the effectiveness of controls relating to: payments and settlements including those arising from trading activities in overseas offices; financial administration; user access management on core IT systems, and investment portfolio pricing controls.

4.24.12 In addition, detailed testing procedures relating to: the accuracy of net gains on security and foreign exchange; the valuation of foreign currency and Australian dollar investments and deposits; and accuracy of Australian banknotes on issue will be performed as part of the 2019–20 final audit.

4.24.13 To date, our audit coverage of the above areas has not identified any new significant or moderate audit findings. The 2018–19 audit also did not identify any significant or moderate audit findings.

Conclusion

4.24.14 Based on our interim audit coverage which was largely conducted in a pre-COVID-19 environment, key elements of internal control were operating effectively to provide reasonable assurance that the RBA will be able to prepare financial statements that are free of material misstatement. The effective operation of these internal controls for the full financial year and the impact of any changes in the control environment arising subsequent to the completion of the interim audit, will be assessed during the 2019–20 final audit.

Appendices

Appendix 1 Listing of entities by Portfolio

1. The following entities have been considered in this report, selected on the basis of their contribution to the income, expenses, assets and liabilities within the consolidated financial statements. The entities are presented in order of portfolio.

  • Department of Agriculture, Water and the Environment
  • Attorney-General's Department
  • Department of Defence
    • Department of Veterans' Affairs
  • Department of Education, Skills and Employment
  • Department of Finance
    • Future Fund Management Agency and the Board of Guardians
  • Department of Foreign Affairs and Trade
  • Department of Health
  • Department of Home Affairs
  • Department of Industry, Science, Energy and Resources
  • Department of Infrastructure, Transport, Regional Development and Communications
    • Australian Postal Corporation
    • NBN Co Limited
  • Department of Parliamentary Services
  • Department of the Prime Minister and Cabinet
  • - National Indigenous Australians Agency
  • Department of Social Services
    • Services Australia
    • National Disability Insurance Scheme Launch Transition Agency
  • Department of the Treasury
    • Australian Office of Financial Management
    • Australian Taxation Office
    • Reserve Bank of Australia

Appendix 2 The financial reporting and auditing standards frameworks for 2019−20

1. The figure below depicts the standard setting framework for financial reporting and auditing, in the Australian Government context.

Figure A.1: Australian Government standard setting framework

Figure A.1 depicts the standard setting framework for financial reporting and auditing, in the Australian Government context.

Appendix 3 The financial reporting and auditing framework for 2019–20 financial statements

1. Key elements of the Australian Government's financial reporting framework are outlined in the diagram below. An overview of the financial reporting requirements for the various types of Australian Government entities covered by the framework and the audit approach for the financial statements of these entities is also described below.

Figure A.2: Australian Government financial reporting framework

Figure A.2 shows the financial reporting and auditing framework for 2019–20 financial statements. Key elements of the Australian Government’s financial reporting framework are outlined in the diagram below. An overview of the financial reporting requirements for the various types of Australian Government entities covered by the framework and the audit approach for the financial statements of these entities are also described in this figure.

Source: ANAO compilation.

Australian Government reporting entities

Commonwealth Government of Australia

2. Section 48 of the PGPA Act requires the Finance Minister to prepare annual consolidated financial statements for the Commonwealth Government of Australia. These financial statements are general purpose financial statements consolidating the financial activities and financial position of Commonwealth entities and other entities controlled by the Commonwealth Government.

3. The PGPA Act prescribes the Australian Accounting Standards (AASs), and any other requirements prescribed by the rules, as the applicable financial reporting framework for the consolidated financial statements.

Commonwealth entities

4. Section 10 of the PGPA Act defines a Commonwealth entity as a department of state, a Parliamentary department, a listed entity or a body corporate of the Commonwealth other than a Commonwealth company. Section 11 of the PGPA Act determines that there are two types of Commonwealth entities: a non-corporate Commonwealth entity, which is a Commonwealth entity that is not a body corporate175; and a corporate Commonwealth entity, which is a Commonwealth entity that is a body corporate and legally separate from the Commonwealth.

5. Section 42 of the PGPA Act requires the accountable authority of a Commonwealth entity to prepare annual financial statements that comply with the AASs and any other requirements prescribed by the rules.

6. Resource Management Guide 125: The Commonwealth Entities Financial Statements Guide applies to all Commonwealth reporting entities responsible for preparing financial statements under the Public Governance, Performance and Accountability (Financial Reporting) Rule 2015. The guide includes definitions of terms that have been used in this report.

Non-corporate Commonwealth entities

7. Non-corporate Commonwealth entities, comprising departments of state, Parliamentary departments and listed entities, are subject to the provisions of the PGPA Act. In some cases they are also operate under their own enabling legislation.

8. The PGPA Act prescribes the AASs and PGPA Financial Reporting Rule (FRR) as the applicable financial reporting framework for non-corporate Commonwealth entities.

Corporate Commonwealth entities and subsidiaries

9. Corporate Commonwealth entities are bodies corporate that hold money on their own account and have been created to perform specific functions. Corporate Commonwealth entities operate under their own enabling legislation and also must comply with the relevant provisions of the PGPA Act.

10. The PGPA Act prescribes the AASs and FRR as the applicable financial reporting framework for corporate Commonwealth entities. The financial reporting framework applicable to subsidiaries of corporate Commonwealth entities depends on the nature of the subsidiary.

Commonwealth companies and subsidiaries

11. Commonwealth companies are companies that are controlled by the Australian Government through majority share holdings or voting rights, or via control over the composition of the company's board. Commonwealth companies operate and prepare financial statements under the Corporations Act 2001 (Corporations Act).

12. The applicable financial reporting framework for Commonwealth companies is the Corporations Act, including the AASs and the Corporations Regulations.

13. The financial reporting framework applicable to subsidiaries of Commonwealth companies depends on the nature of the subsidiary.

Other bodies

14. The ANAO also audits the financial statements of other bodies under Commonwealth legislation other than the PGPA Act, including the 'by arrangement' provisions in section 20 of the Auditor-General Act 1997. Examples of these other bodies include statutory bodies not established as Commonwealth entities and trusts. The financial reporting framework applicable to these other bodies depends on legislation or other rules that govern that entity.

Audit of Australian Government entity financial statements

Audit scope

15. The accountable authority of a Commonwealth entity is responsible for the preparation and fair presentation of the financial statements and for maintaining records, internal controls, procedures and processes that support the preparation of those statements.

16. The Directors of a Commonwealth company, or a company that is a subsidiary of either a Commonwealth entity or a Commonwealth company, are responsible for the preparation of financial statements that give a true and fair view and for maintaining records, internal controls, procedures and processes that support the preparation of that report.

17. The ANAO's independent audits of financial statements are undertaken to form an opinion whether they are free from material misstatement and present fairly in accordance with applicable accounting standards and legislation. These audits are conducted in accordance with the ANAO Auditing Standards, which incorporate the Australian Auditing Standards and provide reasonable assurance.

18. Audit procedures include an examination of the entity's records and its internal control, information systems, control procedures and statutory disclosure requirements. Evidence supporting the amounts and other information in the statements is examined on a test basis, and accounting policies and significant accounting estimates are evaluated.

19. The entity's internal control relevant to the entity's preparation and fair presentation of the financial statements or reports is considered in order to design audit procedures that are appropriate in the circumstances. In some audits, audit procedures concentrate primarily on substantiating the amounts appearing in the financial statements and do not include detailed testing of systems and internal controls.

20. The primary responsibility for the prevention and detection of fraud and error rests with both those charged with the governance and the management of an entity. The auditor is not responsible for the prevention or detection of fraud and error.

The auditor's report on financial statements

21. The ANAO auditor's report on the financial statements includes a statement of the auditor's opinion as to whether the financial statements present fairly the entity's financial position, the results of its operations and its cash flows in accordance with the applicable financial reporting framework.

22. If the auditor is not of that opinion, the auditor's opinion is modified, with the reasons being indicated.

23. The auditor's report on the financial statements may also include an 'emphasis of matter,' 'other matter' or 'material uncertainty related to going concern' paragraph. A report on other legal and regulatory requirements may accompany the auditor's report on the financial statements. The inclusion of these paragraphs does not modify the auditor's opinion.

Form of auditor's opinion

24. An auditor's opinion is described as 'unmodified' when the auditor concludes that the financial statements are prepared, in all material respects, in accordance with the applicable financial reporting framework.

25. An auditor's opinion may be 'modified' in one of three ways.

  • A 'qualified opinion' is expressed when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements, individually or in aggregate, are material but not pervasive to the financial statements. A 'qualified opinion' is also expressed when the auditor, having been unable to obtain sufficient appropriate audit evidence, concludes that the possible effects on the financial statements of undetected misstatements could be material but not pervasive.
  • A 'disclaimer of opinion' is expressed when the auditor, having been unable to obtain sufficient appropriate audit evidence on which to base the opinion, concludes that the possible effects on the financial statements of undetected misstatements could be both material and pervasive. A 'disclaimer of opinion' is also expressed when the auditor, having been able to obtain sufficient appropriate audit evidence regarding individual uncertainties, concludes that the potential interaction of the uncertainties and their possible cumulative effect on the financial report cannot be determined.
  • An 'adverse opinion' is expressed when the auditor, having obtained sufficient appropriate audit evidence, concludes that misstatements individually or in aggregate, are both material and pervasive to the financial statements.
Emphasis of matter

26. An 'emphasis of matter' paragraph is included in the auditor's report when the auditor considers it necessary to draw to users' attention a matter presented in the financial statements that, in the auditor's judgement, is of such importance that it is fundamental to the users' understanding of the financial statements. The circumstances in which an emphasis of matter is used include:

  • when financial statements and the auditor's report have been issued and a fact is discovered that leads to revised financial statements and a new auditor's report being prepared; and
  • when financial statements have been prepared in accordance with a special purpose framework, and as a result the financial statements may not be suitable for another purpose.
Other matter

27. The auditor's report on the financial statements may also include a reference to an 'other matter'. This allows the auditor to communicate a matter other than a matter that is presented or disclosed in the financial statements that, in the auditor's judgement, is relevant to users' understanding of the audit, the auditor's responsibilities or the auditor's report.

Material uncertainty related to going concern

28. The auditor's report on the financial statements will also include a reference to a 'material uncertainty related to going concern' when there are possible or actual events or conditions that may cast significant doubt on an entity's ability to continue as a going concern and the financial statements include adequate disclosure about the uncertainty and management's plans to deal with the uncertainty.

Report on other legal and regulatory requirements

29. The auditor's report on the financial statements may also include a report on other legal and regulatory requirements. This report covers matters that the Auditor-General is required by law to report on in conjunction with the financial statements audit.

Appendix 4 Summary of entities' Gifts and Benefit Policy requirements

Summary of entities' Gifts and Benefit Policy requirements

Entity

Maintain a central register to capture all gifts and benefits received over the reporting threshold

Minimum reporting threshold for reporting internal gifts and benefits

Entity requirement to internally report gifts and benefits

Does the entity's policy include recording gifts and benefits that are refused?

Gifts and Benefits register published on the website as per APSC Guidance?

Minimum reporting threshold for publishing gifts and benefits received on the website

Entity requirement to publish gifts and benefits

Department of Agriculture, Water and the Environment

Yes

Greater than AUD$50

All Staff

No

Yes

Greater than AUD$100

Secretary

Attorney-General's Department

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of Defence

Yes

Greater than AUD$50 (from private sector)

Greater than AUD $200 (from public sector)

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of Veterans' Affairs

Yes

Greater than AUD$50

All Staff

No

Yes

Greater than AUD$100

Senior Staff

Department of Education, Skills and Employment

Yes

Greater than AUD$50

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of Finance

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

Future Fund Management Agency and the Board of Guardians

Yes

All gifts and hospitality received over AUD$100

All Staff

No

Noa

Greater than AUD$100

Senior Staff

Department of Foreign Affairs and Trade

Yes

All

All Staff

No

Yes

Greater than AUD$100

Secretary and Deputy Secretaries

Department of Health

Yes

Greater than AUD$20

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of Home Affairs

Yes

All

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of Industry, Science, Energy and Resources

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of Infrastructure, Transport, Regional Development and Communications

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

Australian Postal Corporation

Yes

Greater than AUD$100

All Staff

Yes

Yes

Greater than AUD$100

All Staff

NBN Co Limitedb

Yes

Greater than AUD$200

All Staff

No

No

N/A

N/A

Department of Parliamentary Services

Yes

Greater than AUD$200

All Staff

No

Yes

Greater than AUD$100

Secretary

Department of the Prime Minister and Cabinet

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

National Indigenous Australians Agency

Yes

Greater than AUD$100

All Staff

Yes

Yes

Greater than AUD$100

All Staff

Department of Social Services

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

Services Australia

Yes

Greater than AUD$20

All Staff

Yes

Yes

Greater than AUD$100

All Staff

National Disability Insurance Scheme Launch Transition Agency

Yes

Greater than AUD$100

All Staff

No

Yes

Greater than AUD$100

All Staff

Department of the Treasury

Yes

All

All Staff

No

Yes

Greater than AUD$100

All Staff

Australian Office of Financial Management

Yes

All

All Staff

Yes

No

Not published

Not published

Australian Taxation Office

Yes

Greater than AUD$100

All Staff

Yes

Yes

Greater than AUD$100

All Staff

Reserve Bank of Australia

Yes

All

All Staff

No

Yes

Greater than AUD$100

Governor and Deputy Governor

               

Note a: The Future Fund Management Agency and the Board of Guardians published its gifts and benefits to 31 March 2020 on 28 April 2020.

Note b: NBN Co Limited as a Commonwealth company is strongly encouraged though not required to comply with the policy released by the Commissioner. NBN Co Limited has not published a gifts and benefits register for the agency head.

Source: ANAO analysis and gifts and register policies.

Appendix 5 Government response to COVID-19

Economic measures announced in response to the COVID-19 pandemic

Economic measures announced in response to the COVID-19 pandemic

Entity

Program

Total Funding Announced

Date Funding Announced

Source of Announcement

Department of Health

Coronavirus Vaccine

The Government is fast tracking $2 million in funding to support Australia's best researchers as they work to understand and respond to the outbreak of novel coronavirus, now known as COVID-19.

$2,000,000

18 February 2020

Source

Department of Health

Coronavirus public health partnership with the states

The Australian Government has committed to a 50-50 shared health funding deal with the states and territories to ensure a rapid health response to the evolving COVID-19 (coronavirus) outbreak.

$5,000,000

6 March 2020

Source

Department of Health

Coronavirus Health Stimulus Package

The package provides unprecedented support across primary care, aged care, hospitals, research and the national medical stockpile.

$2,400,000,000

11 March 2020

Source

Department of Health

Aged Care Workforce Continuity

This package is designed to support the aged care workforce.

$444,600,000

20 March 2020

Source

Department of Social Services

Income support for individuals

The Government is temporarily expanding eligibility to income support payments and establishing a new, time-limited Coronavirus supplement to be paid at a rate of $550 per fortnight.

$14,133,000,000

22 March 2020

Source

Department of Social Services

Payments to support households

Provide two rounds of $750 payments to those eligible.

$8,830,000,000

22 March 2020

Source

Australian Taxation Office

Temporary early release of superannuation

Enable individuals and sole traders directly impacted by the economic consequences of the Coronavirus to access up to $10,000 of their superannuation, tax-free, in 2019–20, and up to a further $10,000 in 2020–21.

$1,150,000,000

22 March 2020

Australian Taxation Office

Temporarily reduce superannuation minimum drawdown rates

Reduce the superannuation minimum drawdown rates by 50 per cent for the 2019–20 and 2020–21 income year.

-

22 March 2020

Department of Social Services

Lower the social security deeming rates

Lower the social security deeming rates in response to the low interest rate environment.

$876,000,000

22 March 2020

Australian Taxation Office

Boosting Cash Flow for Employers

Enhance the previously announced Boosting Cash Flow for Employers by extending access to not-for-profits, including charities; increasing the maximum total payments to $100,000; increasing the rate of the payment, increasing minimum total payments to $20,000.

$31,900,000,000

22 March 2020

Australian Taxation Office

Temporary relief for financially distressed businesses

Help businesses get through a temporary period of insolvency, by temporarily providing higher thresholds and more time to respond to demands from creditors and providing temporary relief from directors' personal insolvent trading liability.

-

22 March 2020

Australian Taxation Office

Increasing the instant asset write-off threshold

Lifting the threshold to $150,000 (from $30,000) — and making more businesses eligible to use it up to a turnover of $500 million.

$700,000,000

22 March 2020

Australian Taxation Office

Backing business investment

Offering businesses a time-limited incentive to invest, by accelerating depreciation deductions.

$3,200,000,000

22 March 2020

Department of Education, Skills and Employment

Supporting apprentices and trainees

Wage assistance to help small businesses to keep their apprentices and trainees.

$1,265,000,000

22 March 2020

Department of Infrastructure, Transport, Regional Development and Communications

Support for Coronavirus affected regions and communities

Financial support to help regions and communities most affected by the Coronavirus to recover.

$1,000,000,000

22 March 2020

Department of Infrastructure, Transport, Regional Development and Communications

Support for Australian airlines and airports

Provide initial support to our airline industry through up to $715 million of relief from a range of taxes and Government charges.

$715,000,000

22 March 2020

Department of the Treasury

Government support for immediate cash flow needs of SMEs

Establish a loan guarantee arrangement between the Government and participating banks to cover the immediate cash flow needs of SMEs.

$20,000,000,000

22 March 2020

Australian Office of Financial Management

Australian Office of Financial Management Support

Provide the Australian Office of Financial Management with an investment capacity of $15 billion to invest in structured finance markets used by smaller lenders.

$15,000,000,000

22 March 2020

Reserve Bank of Australia

Reserve Bank of Australia Support

A package of RBA measures to support the Australian economy.

$90,000,000,000

22 March 2020

Department of Health

Medicare Telehealth

Expand Medicare-subsidised telehealth services for all Australians, with extra incentives to GPs and other health practitioners also delivered.

$1,100,000,000

29 March 2020

Source

Australian Taxation Office

JobKeeper Payment

A significant wage subsidy program to support employees and businesses through the Coronavirus outbreak. Eligible businesses will receive $1,500 per fortnight per eligible employee for a maximum of 26 weeks.

$70,000,000,000

30 March 2020

Source

The estimated economic support provided by the JobKeeper subsidy program was revised from $130,000,000,000 to $70,000,000,000 on 22 May 2020.

Department of Education, Skills and Employment

Early childhood education and care relief package

Government that will help deliver hip pocket relief and help the early childhood education and care sector make it through to the other side of this crisis.

No total provided

2 April 2020

Source

Department of Education, Skills and Employment

Preschool funding guaranteed for 2021

To support almost 350,000 children to access preschool.

$453,200,000

2 April 2020

Source

Department of Health

Boost the national coordinated COVID-19 research response

To support frontline health workers with training and information which will support the treatment of patients with coronavirus.

$3,000,000

14 April 2020

Source

Department of Infrastructure, Transport, Regional Development and Communications

Sustaining Australian Media businesses Package

To help sustain Australian media businesses as they do their vital work of keeping the community informed during the COVID-19 pandemic.

$91,000,000

15 April 2020

Source

Department of Health

Keeping Senior Australians in Residential Aged Care Safe

To ensure aged care providers can offer reinforced levels of safety and care for those who need it most.

$205,000,000

1 May 2020

Source

Attorney-General's Department

National Legal Assistance Partnership

For additional front line legal services and for IT costs to support the sector's transition to delivering assistance virtually and online.

$63,300,000

5 May 2020

Source

Total Value of Funding Measures Announced 

$263,536,100,000

 

 

         

2019–20 appropriations in response to COVID-19

Entity

Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020

Appropriation (Coronavirus Economic Response Package) Act (No. 2) 2019–2020.

Controls Report Entity

Department of Agriculture, Water and the Environment

$15,297,000

Yes

Department of Veterans' Affairs

$642,000

$397,000

Yes

Department of Education, Skills and Employment

$273,627,000

$3,750,000

Yes

Department of Foreign Affairs and Trade

$10,555,000

Yes

Department of Health

$571,584,000

$740,050,000

Yes

Aged Care Quality and Safety Commission

$2,725,000

No

Department of Home Affairs

$18,703,000

Yes

Department of Infrastructure, Transport, Regional Development and Communications

$422,000,000

Yes

Civil Aviation Safety Authority

$15,000,000

No

Services Australia

$321,000,000

Yes

Total 2019–20 Coronavirus Appropriation

$1,651,133,000

$744,197,000

 

       

Note: The Advances to the Finance Minister identified in the Advances to the Finance Minister for the Period 1 July 2019 to 24 April 2020 limited assurance report tabled 7 May 2020 are not included in the table above.

Source: Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020 and Appropriation (Coronavirus Economic Response Package) Act (No. 2) 2019–2020.

Appendix 6 Remote systems access provided to ANAO, by entity

Entity

Remote systems access provided

Department of Agriculture, Water and the Environment

Yes

Attorney-General's Department

Yes

Department of Defence

Yes

Department of Veterans' Affairs

Yes

Department of Education, Skills and Employment

Yes

Department of Finance

Yes

Future Fund Management Agency and Board of Guardians

No

Department of Foreign Affairs and Trade

Yes

Department of Health

Yes

Department of Home Affairs

Yes

Department of Industry, Science, Energy and Resources

Yes

Department of Infrastructure, Transport, Regional Development and Communications

Yes

Australian Postal Corporation

Yes

NBN Co Limited

No

Department of Parliamentary Services

No, in progress

Department of the Prime Minister and Cabinet

Yes

National Indigenous Australians Agency

Yes

Department of Social Services

Yes, but not the grants management system

Services Australia

Yes

National Disability Insurance Scheme Launch Transition Agency

Yes

Department of the Treasury

Yes

Australian Office of Financial Management

No

Australian Taxation Office

Yes

Reserve Bank of Australia

Yes

   

Source: ANAO analysis.

Footnotes

1 The seven entities are the: Departments of: Agriculture, Water and the Environment; Defence; Education, Skills and Employment; Home Affairs; Infrastructure, Transport, Regional Development and Communications; National Disability Insurance Scheme Launch Transition Agency and Services Australia.

2 There were two Administrative Arrangement Orders (AAOs) that impacted 2019-20, which mandated a number of Machinery of Government Changes (AAOs made on 29 May 2019 and 5 December 2019). As a result a number of functions were moved to new departments and a number of entities were abolished. A full listing of the entities in this report is included in appendix 1.

3 There is a range of different governance structures within Commonwealth entities depending on particular legal status or enabling legislation. The term ‘accountable authority’, as defined in the PGPA Act, is used in this report to describe the person or body responsible for an entity’s governance.

4 The Departments of: Agriculture, Water and the Environment; Defence; Education, Skills and Employment; Home Affairs; and Infrastructure, Transport, Regional Development and Communications; and the National Disability Insurance Scheme Launch Transition Agency (NDIA) and Services Australia.

5 The PGPA Act section 13 defines officials of Commonwealth entities.

6 In accordance with section 8 of the PGPA Act finance law means the PGPA Act or PGPA Rules, any instrument made under the PGPA Act or Appropriation Acts.

7 The ANAO has not audited the effectiveness of the executive management structures.

8 The functions of the former Department of Employment, Skills, Small and Family Business were transferred to the renamed Department of Education, Skills and Employment and the renamed Department of Industry, Science, Energy and Resources. The functions of the former Department of Agriculture were transferred to the renamed Department of Agriculture, Water and the Environment. The functions of the former Department of Communications and the Arts were transferred to the renamed Department of Infrastructure, Transport, Regional Development and Communications.

9 Services Australia was established as an Executive Agency within the Social Services Portfolio effective from 1 February 2020.

10 The National Indigenous Australians Agency was established from 1 July 2019.

11 Australian Public Service Commission, Department of Finance, Machinery of Government changes A Guide for Agencies — April 2019, p. 6, available from https://www.apsc.gov.au/machinery-government-mog-changes-new-departmentaps-agency [accessed 30 April 2020].

12 Departments of: Agriculture, Water and the Environment; Education, Skills and Employment; Home Affairs; Industry, Science, Energy and Resources; Infrastructure, Transport, Regional Development and Communications; the Prime Minister and Cabinet; and Social Services, and Attorney-General’s Department and the National Indigenous Australians Agency.

13 Refer to page 12 of the Guide for more details of the recommendations in respect of due diligence.

14 Departments of: Agriculture, Water and the Environment; Education, Skills and Employment; Infrastructure, Transport, Regional Development and Communications; Prime Minister and Cabinet; and Social Services, and Services Australia.

15 Refer to the Guide, p. 6, Overview: point 9.

16 The ANAO had not been provided with documentation relating to the Department of Social Services risk assessment process as at 30 April 2020.

17 As at 30 April 2020 the ANAO has not received the position paper.

18 Sections 45 and 92 of the PGPA Act.

19 ASX Corporate Governance Council, Corporate Governance Principles and Recommendations, 3rd edition, available from https://www.asx.com.au/documents/asx-compliance/cgc-principles-and-recom... [accessed 3rd of April 2020].

20 An amendment to the PGPA Rule which applies from 1 July 2021, requires that the audit committee members for non-corporate Commonwealth entities are not officials of the entity; furthermore a majority of members must not be officials of any Commonwealth entity.

21 The Governor is the accountable authority for the Reserve Bank of Australia under the Reserve Bank Act 1959, part 2, division 1, section 7A(1).

22 The 2018–19 Auditor-General reports were:

  • Report No. 34 Effectiveness of Board Governance at Old Parliament House, tabled on 18 April 2019;
  • Report No. 35 Governance of the Special Broadcasting Service Corporation, tabled on 26 April 2019;
  • Report No. 36 Effectiveness of Board Governance at the Australian Institute of Marine Science, tabled on 30 April 2019; and
  • Report No. 37 Effectiveness of Board Governance at the Sydney Harbour Federation Trust, tabled on 2 May 2019.

23 The Future Fund Board of Guardians is an independent body responsible for deciding how to invest the assets of the Future Fund, and is supported by the Future Fund Management Agency.

24 M Edwards and R Clough, ‘Corporate Governance and Performance: An Exploration of the Connection in a Public Sector Context’, Corporate Governance ARC Project, Paper No. 1, January 2005, p. 14.

25 The Departments of: Defence and Finance; NBN Co Limited (NBN Co), Australian Office of Financial Management and the Future Fund Management Agency and Board of Guardians.

26 In accordance with section 8 of the PGPA Act, finance law means the PGPA Act or PGPA Rules, and any instrument made under the PGPA Act, or Appropriation Acts.

27 RMG 214 does not apply to NBN Co. NBN Co is required to report significant issues to the Minister in accordance with the PGPA Act and other matters as required under the Corporations Act 2001. No matters were identified that required reporting in 2018–19.

28 The ANAO did not undertake audit procedures to make an assessment of, or conclude on judgements made by an accountable authority to determine whether non-compliance was significant.

29 The Australian Postal Corporation, the Departments of: Agriculture, Water and the Environment; Defence; Home Affairs; the Future Fund Management Agency and the Board of Guardians and Services Australia.

30 Department of Veterans’ Affairs 2018–19 Annual Report, pg. 102.

31 Department of Defence 2018–19 Annual Report, pg. 72.

32 This analysis excludes the Australian Office of Financial Management and the Departments of Foreign Affairs and Trade, Services Australia, the NBN Co, the NDIA and the National Indigenous Australians Agency.

33 Australian Postal Corporation and Reserve Bank of Australia.

34 Departments of: Defence; Home Affairs; and Industry, Science, Energy and Resources.

35 GrantConnect provides centralised publication of forecast and current Australian Government grant opportunities and grants awarded.

37 Australian Public Service Commission, Guidance for Agency Heads - Gifts and Benefits, available from https://www.apsc.gov.au/guidance-agency-heads-gifts-and-benefits [accessed on 14 April 2020].

38 Australian Public Service Commission, Guidance for Agency Heads - Gifts and Benefits, available from https://www.apsc.gov.au/guidance-agency-heads-gifts-and-benefits [accessed on 14 April 2020].

39 A summary of entities’ policies relating to gifts and benefits has been included at Appendix 4.

40 Australian Office of Financial Management; Department of Veterans’ Affairs; Future Fund Management Agency and the Board of Guardians; and the NBN Co.

41 The Departments which have circulated the guidance are: Attorney-General’s; Defence; Education, Skills and Employment; Finance; Foreign Affairs and Trade; Home Affairs; Industry, Science, Energy and Resources; Infrastructure, Transport, Regional Development and Communication; Social Services; the Treasury; and Veterans’ Affairs.

The following Portfolio Departments have not circulated the guidance: the Departments of: Agriculture, Water and the Environment; Health; and the Prime Minister and Cabinet.

42 Entities are recommended by the Australian Cyber Security Centre to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

43 Attorney-General’s Department, 10 Safeguarding information from cyber threats [Internet], Attorney-General’s Department, AU, 2020, available from https://www.protectivesecurity.gov.au/ information/safeguarding-information-from-cyber-threats/Pages/default.aspx [accessed 17 April 2020].

44 The Top Four strategies are application whitelisting, patching applications, patching operating systems, and restricting administrative privileges. The non-mandatory Essential Eight strategies are configuring Microsoft Office macros, user application hardening, multi-factor authentication, and daily backup of systems and data.

45 The purpose of application whitelisting is to protect systems and networks from security vulnerabilities in existing applications, and prevent unauthorised applications from running on ICT systems.

46 To protect ICT systems from known vulnerabilities, the Patching Applications and Operating System strategies require entities to deploy security patches as soon as possible after being identified by vendors, independent third parties, system managers or users.

47 Misuse of privileged access can lead to significant security compromises, such as the unauthorised disclosure of information, systems or processes becoming unavailable, or financial impropriety. The Restricting Administrative Privileges strategy includes a requirement for administrative privileges to be regularly reviewed, and restricted only to users who need them and are duly authorised.

48 These remaining strategies include the Essential Eight controls (the Top Four plus four additional controls — User Application Hardening, Macro Controls, Multi-factor Authentication and Daily Backups), as well as any additional control listed in the ISM.

49 Due to the timing of the interim audit work, two entities were excluded from the analysis. These entities were: Future Fund Management Agency and the Board of Guardians and the Australian Office of Financial Management.

50 Four entities in this report are corporate Commonwealth entities or Commonwealth companies, and are not required to report on compliance with the PSPF. These entities are: Australian Postal Corporation; NDIA; NBN Co; and the Reserve Bank of Australia.

51 When applications are frequently updated and appropriate security settings applied, it is more difficult for adversaries to exploit any security vulnerabilities they may discover. Disabling unneeded features in Microsoft Office and configuring web browsers to block Flash, Internet advertisements and Java further reduces the risk of malicious content being introduced to entities’ ICT environments.

52 Effectively configured Microsoft Office macro settings address adversaries’ attempts to create macros that can deny users’ access to sensitive or classified information.

53 Multi-factor authentication requires users to provide at least two independent methods to gain access to an ICT system. These may include:

  • something a user knows, such as a password;
  • something a user has, such a physical token or software-based certificate; and
  • something unique to the user, such as their fingerprint.

54 Australian Signals Directorate, The Commonwealth Cyber Security Posture in 2019, Australian Signals Directorate, AU, 2020, available from https://www.cyber.gov.au/publications/cyber-security-posture-2019 [accessed 16 April 2020].

55 ibid.

56 Australian Signals Directorate, Threat update: COVID-19 malicious cyber activity, Australian Signals Directorate, AU, 2020, available from https://www.cyber.gov.au/threats/threat-update-covid-19-malicious-cyber-activity-20-apr-2020 [accessed 23 April 2020].

57 Attacks that are aimed at stealing user credentials and facilitating fraud.

58 Attacks aiming to trick users into paying fake invoices by masquerading emails as from valid contacts.

59 Australian Signals Directorate, Cyber security is essential when preparing for COVID-19, Australian Signals Directorate, AU, 2020, available from https://www.cyber.gov.au/news/cyber-security-essential-when-preparing-covid-19 [accessed 23 April 2020].

60 This includes laptop devices, firewalls and Virtual Private Network solutions.

61 At time of compilation, assessments of the control environments of the Department of Finance (Service Delivery Office); NBN Co, the Reserve Bank of Australia, and the Future Fund Management Agency and the Board of Guardians had not been completed.

62 Further details regarding the moderate findings carried over from the previous year are detailed in chapter 4 for the Departments of: Agriculture, Water and the Environment; Defence; and Education, Skills and Employment.

63 JCPAA Report No. 477: Commonwealth Financial Statements - Second Report, and Foreign Investment in Real Estate.

64 Further details regarding the moderate findings can be found in chapter 4 for the Departments of: Defence; and Education, Skills and Employment and Services Australia.

65 For further detail regarding the moderate finding in this category, refer to the detailed results in chapter 4 for the Departments of: Defence; and Education, Skills and Employment.

66 ISM control 0430.

67 ITIL is a framework for designing, implementing, delivering and managing IT services. It was originally developed in the 1990s with the support of the British Government, and has been widely adopted by public and private sector entities world-wide.

68 For further detail regarding the moderate finding in this category, refer to the detailed results in chapter 4 for the Department of Agriculture, Water and the Environment.

69 Further details regarding the moderate audit findings can be found in the following entity results section in chapter 4: Departments of: Infrastructure, Transport, Regional Development and Communications; Home Affairs and NDIA.

70 Further details of the audit findings can be found in Department of Defence section in chapter 4. The significant finding was not raised at interim 2017–18 and as a result is not reflected in the graph.

71 The NDIA moderate audit finding was resolved in Auditor-General Report No. 20 2019–20 Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019, paragraphs 4.16.35 to 4.16.40.

72 ASA 315 Identifying and Assessing the Risks of Material Misstatement.

74 See Auditor-General Reports:

  • No. 58 2016–17, Implementation of the Annual Performance Statements Requirements 2015–16;
  • No. 33 2017–18, Implementation of the Annual Performance Statements Requirements 2016–17; and
  • No. 17 2018–19, Implementation of the Annual Performance Statements Requirements 2017–18.

75 For-profit entities will apply the requirements for financial years commencing on or after 1 January 2018.

76 Department of Finance, Commonwealth Entities Financial Statements Guide (RMG 125), available from https://www.finance.gov.au/government/resource-management/list-number [accessed on 20 May 2020].

77 Department of Finance, AASB 16 – Leases Implementation Guide (RMG 110), available from https://www.finance.gov.au/government/resource-management/list-number [accessed on 20 May 2020].

78 Auditor-General report No 20 (2019–20) Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2019.

79 Fair Work Ombudsman, National Employment Standards, available from: www.fairwork.gov.au/employee-entitlements/national-employment-standards [accessed 20 May 2020].

80 Fair Work Commission, Enterprise agreement benchmark, available from: www.fwc.gov.au/enterprise-agreements-benchbook/associated-applications/workplace-determinations [accessed 20 May 2020].

81 Appendix 5 outlines the detail of the Government Funding Response to COVID-19.

82Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020 and Appropriation (Coronavirus Economic Response Package) Act (No. 2) 2019–2020.

83 Advance to the Finance Minister definition, available from: https://www.finance.gov.au/publications/ advance-finance-minister/advance-finance-minister [accessed on 29 April 2020].

84 The ANAO’s rating scale for findings can be found in chapter 1 at Table 1.2.

85 Further detail relating to this finding can be found at paragraph 4.5.24 Department of Education, Skills and Employment Contribution.

86 Appropriation figures reported in this section combine the Appropriation Acts for DAWE, as well as funding available to the former Department of Agriculture. Appropriation funding for Department of Agriculture was transferred to DAWE through determinations made in accordance with s75 of the Public Governance, Performance and Accountability Act 2013 (PGPA Act). Appropriations relating to the Energy function were transferred to the Department of Industry, Science, Energy and Resources through determinations made in accordance with s75 of the PGPA Act.

87 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020, and Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020.

88 DAWE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates.

89 Appendix 5 outlines the detail of the economic stimulus package.

90 Refer to paragraph 4.0.5 to 4.0.8.

91 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, and Appropriation Act (No. 3) 2019–2020.

92 AGD’s 2019–20 revised budget as reported in the 2019–2020 Portfolio Additional Estimates Statements.

93 Appendix 5 outlines the detail of the economic stimulus package.

94 Refer to paragraph 4.0.5 to 4.0.8.

95 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 3) 2019–2020 and Appropriation Act (No. 4) 2019–2020.

96 Defence’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

97 Appendix 5 outlines the detail of the economic stimulus package.

98 Refer to paragraph 4.0.5 to 4.0.8.

99 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020, Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020, and Appropriation (Coronavirus Economic Response Package) Act (No. 2) 2019–2020.

100 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No. 4, 201920.

101 Appendix 5 outlines the detail of the economic stimulus package.

102 Refer to paragraph 4.0.5 to 4.0.8.

103 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020, Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020, Appropriation (Coronavirus Economic Response Package) Act (No. 2) 2019–2020, and Appropriation Act (No. 5) 2019–2020. The net position of Section 75 transfers in to and out of the department resulting from Administrative Arrangement Orders has also been reflected.

104 DESE’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

105 Appendix 5 outlines the detail of the economic stimulus package.

106 Refer to paragraph 4.0.5 to 4.0.8.

107 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020 and Appropriation Act (No. 6) 2019–2020.

108 Finance’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

109 Appendix 5 outlines the detail of the economic stimulus package.

110 Refer to paragraph 4.0.5 to 4.0.8.

111 Appendix 5 outlines the detail of the economic stimulus package.

112 Refer to paragraph 4.0.5 to 4.0.8.

113 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020 and Appropriation (Coronavirus Economic Response Package) Act (No. 1) 2019–2020.

114 Appendix 5 outlines the detail of the economic stimulus package.

115 Refer to paragraph 4.0.5 to 4.0.8.

116 This is provided through Supply Act (No. 1) 2019–20, Supply Act (No. 2) 2019–20, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, and Appropriation Act (No. 4) 2019–2020, Appropriation Coronavirus Economic Response Package Act (No. 1) 2019–20 and Appropriation Coronavirus Economic Response Package Act (No. 2) 2019–20.

117 Health’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

118 Appendix 5 outlines the detail of the economic stimulus package.

119 Refer to paragraph 4.0.5 to 4.0.8.

120 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020 and Appropriation Coronavirus Economic Response Package Act (No. 1) 2019–2020.

121 Home Affairs’ 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

122 Appendix 5 outlines the detail of the economic stimulus package.

123 Refer to paragraph 4.0.5 to 4.0.8.

124 Appropriation figures reported in this section combine the Appropriation Acts for Industry, as well appropriation funding for the former departments of Environment and Energy, and Employment, Skills, Small and Family Business. This funding was transferred to Industry through determinations made in accordance with s75 of the Public Governance, Performance and Accountability Act 2013.

125 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020 and Appropriation Act (No. 4) 2019–2020.

126 Industry’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

127 Appendix 5 outlines the detail of the economic stimulus package.

128 Refer to paragraph 4.0.5 to 4.0.8.

129 Appropriation figures reported in this section combine the Appropriation Acts for Infrastructure, as well as funding available to the former Communications. Appropriation funding for the Department of Communications and the Arts was transferred to Infrastructure through determinations made in accordance with s75 of the Public Governance, Performance and Accountability Act 2013.

130 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020, Appropriation Coronavirus Economic Response Act (No. 1) 2019–2020, and Appropriation Act (No. 5) 2019–2020.

131 Infrastructure’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

132 Table 2.2, Department of the Treasury Portfolio Budget Statements 2019–20, includes funding for programs administered by Infrastructure and the previous Department of Communications and the Arts.

133 Appendix 5 outlines the detail of the economic stimulus package.

134 Refer to paragraph 4.0.5 to 4.0.8.

135 Appendix 5 outlines the detail of the economic stimulus package.

136 Refer to paragraph 4.0.5 to 4.0.8.

137 Refer to paragraph 4.0.5 to 4.0.8.

138 This is provided through Supply (Parliamentary Departments) Act (No. 1) 2019–2020 and Appropriation (Parliamentary Departments) Act (No. 1) 2019–2020.

139 Appendix 5 outlines the detail of the economic stimulus package.

140 Refer to paragraph 4.0.5 to 4.0.8.

141 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 3) 2019–2020. Amounts transferred from PM&C by the Finance Minister under Section 75 of the Public Governance, Performance and Accountability Act 2013 have been deducted.

142 Appendix 5 outlines the detail of the economic stimulus package.

143 Refer to paragraph 4.0.5 to 4.0.8.

144 This is provided through Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, and Appropriation Act (No. 3) 2019–2020. It also includes amounts transferred by the Finance Minister as a result of the transfer of functions from the Department of the Prime Minister and Cabinet, under Section 75 of the Public Governance, Performance and Accountability Act 2013.

145 NIAA’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

146 Appendix 5 outlines the detail of the economic stimulus package.

147 Refer to paragraph 4.0.5 to 4.0.8.

148 Particularly Services Australia, which is responsible for processing significant volumes of complex benefit payments on behalf of DSS.

149 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020 and Appropriation Act (No. 5) 2019–2020.

150 DSS’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

151 Appendix 5 outlines the detail of the economic stimulus package.

152 Refer to paragraph 4.0.5 to 4.0.8.

153 $200 million was appropriated to Services Australia for COVID-19 related expenditure through Appropriation Act (No. 5) 2019–20

154 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020, Appropriation Act (No. 4) 2019–2020, Appropriation Coronavirus Economic Response Act (No. 1) 2019–2020, and Appropriation Act (No. 5) 2019–2020.

155 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No. 4, 2019–20.

156 Appendix 5 outlines the detail of the economic stimulus package.

157 Refer to paragraph 4.0.5 to 4.0.8.

158 This is provided through Supply Act (No. 1) 2019–2020, Appropriation Act (No. 1) 2019–2020 and Appropriation Act (No. 3) 2019–2020.

159 Refer to paragraph 4.0.5 to 4.0.8.

160 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020 and Appropriation Act (No. 3) 2019–2020.

161 Treasury’s 2019–20 revised budget as reported in the 2019–20 Portfolio Budget Additional Estimates Statements.

162 Appendix 5 outlines the detail of the economic stimulus package.

163 Refer to paragraph 4.0.5 to 4.0.8.

164 This is provided through Supply Act (No. 1) 2019–2020 and Appropriation Act (No. 1) 2019–2020.

165 Part 1: Special Appropriations Table, Agency Resourcing, Budget Paper No. 4, 2019–20.

166 Appendix 5 outlines the detail of the economic stimulus package.

167Structured Finance Support (Coronavirus Economic Response Package) Act 2020.

168 Refer to paragraph 4.0.5 to 4.0.8.

169 This is provided through Supply Act (No. 1) 2019–2020, Supply Act (No. 2) 2019–2020, Appropriation Act (No. 1) 2019–2020, Appropriation Act (No. 2) 2019–2020, Appropriation Act (No. 3) 2019–2020 and Appropriation Act (No. 4) 2019–2020.

170 ATO’s 2019–20 revised budget as reported in the 2019–20 Portfolio Additional Estimates Statements.

171 This is provided through the Portfolio Budget Statements 2019–2020, Table 1.1 Resource Statement (k).

172 Appendix 5 outlines the detail of the economic stimulus package.

173 Refer to paragraph 4.0.5 to 4.0.8.

174 Refer to paragraph 4.0.5 to 4.0.8.

175 Three entities have a body corporate status but are prescribed as non-corporate Commonwealth entities. These are the Australian Competition and Consumer Commission; the Australian Prudential Regulation Authority; and the Australian Securities and Investments Commission.