Management of the Certificate of Compliance Process in FMA Act Agencies
The objective of the audit was to assess the effectiveness of annual Certificate of Compliance processes for FMA Act agencies. To form a conclusion against the audit objective, the audit considered: Finance’s administration of the Certificate process at a whole-of-government level; selected agencies’ annual Certificate processes; and, the design and impact of the Certificate.
Australian Government financial management framework
1. During the late 1990s the Australian Government implemented a series of reforms to the financial and budgetary framework of the Commonwealth designed to improve the operational and financial management performance of public sector agencies. As part of this reform process, new legislation including the Financial Management and Accountability Act 1997 (FMA Act) and the Financial Management and Accountability Regulations 1997 (FMA Regulations) was enacted. The current financial management framework is made up of this legislation and complementary financial management policies in areas such as fraud control planning, procurement, grants administration, cost recovery and foreign exchange risk management.
2. The financial management framework is based on a devolved system of financial management, under which Australian Government agencies are responsible for delivering government outcomes and programs, funded by Parliamentary appropriations. The framework includes a principal requirement that Chief Executives manage the affairs of their agency in a way that promotes the proper use of the Commonwealth resources for which they are responsible.
3. The financial management framework has provided flexibility to agencies to establish financial management arrangements suitable to their individual circumstances that are consistent with legislation and government policy. In this context, over time there has been evidence of departures from the requirements of the financial management framework revealed by agencies' own processes and various audit reports.
Certificate of Compliance
4. In order to improve the focus by agencies on their compliance with the requirements of the financial management framework, the Australian Government introduced in 2006–07 the Certificate of Compliance (Certificate) process for FMA Act agencies. 
5. The Certificate process requires the Chief Executive of an FMA Act agency to certify, having regard to advice provided by the agency's internal control mechanisms, management and the audit committee, the agency's compliance during the previous financial year with:
- the FMA Act;
- the FMA Regulations;
- the Financial Management and Accountability (Finance Minister to Chief Executives) Delegation 2009, as amended from time to time;
- the Australian Government's foreign exchange risk management requirements;
- the legal and financial requirements for the management of Special Accounts; and
- selected financial management policies of the Commonwealth.
6. The Certificate also requires Chief Executives to state whether their agency is operating within the agreed resources for the current financial year, and has adopted appropriate management strategies for all currently known risks that may affect the financial sustainability of the agency.
7. Chief Executives are required to provide a completed Certificate to their portfolio minister by 15 October each year. Certificates are also copied to the Minister for Finance and Deregulation (Finance Minister).
8. In order for Chief Executives to certify compliance with the financial management framework it is not intended that all actions and transactions of an agency be checked. However, it is expected that Chief Executives will ensure the agency has sufficient processes and controls in place to provide reasonable confidence that officials are complying. Where non-compliance is identified, details of all known instances of non-compliance with requirements must be provided through the Certificate irrespective of materiality, focusing on remedial measures that are being taken to improve agency compliance.
9. As a self-assessment process, the Certificate has some inherent limitations with respect to the level of assurance it provides on compliance with the financial management framework. Nevertheless, and consistent with the devolved system of financial management, the Certificate is designed to place the responsibility on agencies to have sound systems and assurance mechanisms in place to give confidence that legislation and government policies are adhered to; and where departures from such requirements are identified, to encourage the agencies to improve their systems to avoid any such recurrences. Role of the Department of Finance and Deregulation
10. The Department of Finance and Deregulation (Finance) is responsible for administration of the financial management framework and the Certificate process at a whole-of-government level. Finance undertakes four broad tasks in relation to the Certificate process: provision of written guidance and day to day support to agencies on Certificate requirements and the financial management framework; preparation of aggregate analysis of Certificates and reporting on outcomes to key stakeholders; provision of follow-up advice and training to agencies in support of agency remediation strategies; and development of amendments to the legislative framework and written guidance, as necessary, to address whole-of-government issues identified in the Certificate process. Outcomes of the Certificate process to date
11. Four Certificate cycles have now been completed, for 2006–07, 2007–08, 2008–09 and 2009–10. Reported instances of non-compliance for each year are shown in Table S 1.
Source: Data provided by the Department of Finance and Deregulation.
12. A large majority of reported instances of non-compliance since the introduction of the Certificate have related to agency officials not meeting several requirements established by the FMA Act and FMA Regulations when performing their duties. These requirements pertain to: the approval and authorisation of spending proposals, and application of government policy for procurement and grants administration (collectively referred to as the commitment of public money); statutory control over who may draw upon government appropriations and make payments (drawing rights); and, the prompt banking of public money and use of official bank accounts (banking and investment).
13. Aggregate results of the Certificate process have been published by Finance in the 2008–09 and 2009–10 Certificate of Compliance Report to the Parliament. The 2009–10 report contrasted the number of instances of non compliance reported by agencies with the substantial number of financial activities agencies undertake each year. The reports to the Parliament have attributed:
- the increase in reported instances of non-compliance from 2006–07 to 2007–08 to improvements in agencies' internal systems for identifying non compliance;
- the subsequent fall in non-compliance in 2008–09 to agencies addressing the issues identified in the first two rounds of reporting; and
- the 13.7 per cent increase in reported instances of non-compliance for 2009–10, in large part, to the introduction of new public reporting requirements for grants in 2009.
Audit objective and scope
14. The objective of the audit was to assess the effectiveness of annual Certificate of Compliance processes for FMA Act agencies. To form a conclusion against the audit objective, the audit considered: Finance's administration of the Certificate process at a whole-of-government level; selected agencies' annual Certificate processes; and, the design and impact of the Certificate.
15. The audit was a cross-portfolio review. It examined annual Certificate processes within four selected agencies: the Attorney-General's Department (AGD), the Australian Taxation Office (ATO), the Commonwealth Grants Commission (CGC) and the Office of the Commonwealth Director of Public Prosecutions (CDPP). The audit also reviewed Finance's management of the Certificate process, including support provided by the department to agencies in relation to the Certificate.
16. The audit included a survey of Chief Finance Officers (CFOs) of FMA Act agencies with regard to the Certificate process. Additionally, interviews were held with four independent or external members of FMA Act agency audit committees to obtain their views on the process.
17. The Certificate of Compliance process for FMA Act agencies was introduced in 2006–07 to improve compliance with the Australian Government's financial management framework and to ensure that ministers are kept informed of compliance issues within their portfolios. Through the Certificate, agency Chief Executives certify to their portfolio minister the agency's compliance with the components of the government's financial management framework for the previous financial year.
18. For 2009–10, 86 out of 103 FMA Act agencies reported 17 017 instances of non-compliance through the Certificate. This represented a 13.7 per cent increase in instances of non-compliance on the previous year, which was largely driven by new grant reporting requirements. While remaining significant, the level of reported non compliance is low when compared to the substantial number of government financial activities which occur each year. Since the inception of the Certificate, non compliance has been concentrated in three key areas of the FMA Act and FMA Regulations: the commitment of public money; the use of drawing rights; and banking and investment by agencies.
19. Overall, the Certificate process for FMA Act agencies has been effective notwithstanding the inherent limitations of the self assessment process employed. The Certificate requirement that Chief Executives sign-off on compliance with the financial management framework and report identified instances of non-compliance has heightened the focus of agencies on compliance. The Certificate process has resulted in: establishment and/or further development of agency arrangements for assessing compliance; improvement in officials' understanding of financial management requirements; and strengthening of agencies' financial management procedures in support of compliance.
20. As the central government department responsible for administration of the Certificate, Finance has provided sound high-level guidance for FMA Act agencies on the Certificate process. This has included articulation of reporting requirements and establishment of reasonable confidence as the basis of Chief Executive certification. Finance's Certificate guidance places the Certificate within the context of the governance arrangements, policies and procedures normally used by agencies to implement the financial management framework.
21. In general, the audited agencies' Certificate processes were appropriate in light of each agency's size, financial activities and financial management arrangements. Key aspects of these agencies' Certificate processes were self assessments of compliance by responsible officials and/or business areas; internal audit activity covering compliance with the financial management framework; audit committee involvement; and targeted remediation activities to address identified non-compliance.
22. The main area for improvement identified by the audit concerned the need for more targeted quality assurance activity by agencies in regard to compliance with the financial management framework. Self-assessments by agency officials are unlikely of themselves to consistently provide a high level of assurance to an agency's Chief Executive, and audits undertaken by the ANAO show there can be misunderstanding of the requirements of the framework by agency officials. Well-targeted quality assurance activity, focusing on higher risk, more significant, or high volume transactions in the agency's context, complements self assessments, thereby helping to reinforce financial management compliance and provide greater confidence in Certificate results. Such quality assurance activities commonly involve risk based reviews of some financial transactions, tests of key internal controls and review work of business areas such as the central procurement unit.
23. The ANAO received strong positive feedback from external members of audit committees, CFOs and the audited agencies in regard to the impact of the Certificate process. For example, 90 per cent of CFOs that responded to the ANAO survey agreed the Certificate process had helped improve their agency's compliance with the financial management framework; 80 per cent agreed the Certificate process had helped improve the understanding of agency staff of financial management responsibilities; and 83 per cent agreed the Certificate process had assisted in strengthening internal controls in their agency. At a whole-of-government level, as a result of issues identified through Certificate reporting, Finance has revised some financial management framework requirements and improved guidance material, which has contributed to reductions in non-compliance. These findings illustrate that the Certificate process has helped improve compliance with the financial management framework. In particular, the necessity for Chief Executives to be attentive to the range of requirements covered by the Certificate has flowed through to heightened focus on these requirements by agency staff, and improvements in internal controls.
24. Now that the Certificate process has matured, there is an opportunity for Finance and agencies to consolidate on the improvements made to date. As mentioned above, reported non-compliance is concentrated in a few key areas, particularly relating to the commitment of public money. Effective and collaborative effort is required from Finance and agencies to support the sound application of requirements in these areas by agency officials, such as through more targeted training and guidance. In this context, the Australian Government has recently commenced the Commonwealth Financial Accountability Review, which also presents an opportunity to consider means to address systemic non-compliance issues identified in Certificate reporting. At an agency level, where core Certificate processes and financial management arrangements are in place, agencies should also consider the opportunities for efficiencies in their processes having regard to the nature of the agency, its financial activities, the risks of non-compliance and its potential consequences. Better practice
25. Better practice suggestions for agencies' Certificate processes are based on audit findings at the four auditees, and feedback provided by external members of audit committees. The suggestions cover:
- understanding the requirements of the financial management framework, how they are implemented by the agency, and the associated compliance risks;
- using a risk-based approach to collecting the compliance information which will form the basis of Certificate results;
- quality assuring compliance information;
- integrating internal audit work and the Certificate process;
- supporting audit committee oversight;
- effective remediation and education practices; and
- periodically reviewing the effectiveness and efficiencies of the approach employed to avoid excessive resources being devoted to the assurance provided by the process.
Administration of the Certificate of Compliance Process by Finance (Chapter 2)
26. Finance provides guidance and support to agencies on the Certificate process and application of the financial management framework through a number of different mechanisms, including written guidance and direct support to agencies in response to requests for advice. From the ANAO's CFO survey, a large majority of CFOs were positive or neutral on the adequacy of Finance's guidance and support.
27. Finance has provided suitable and generally timely high-level written guidance on the Certificate process through Finance Circulars, and less by way of intermediate-level written guidance on common issues encountered by agencies, and the methods they apply, in undertaking the Certificate process. The approach of Finance is consistent with the Australian Government's devolved system of financial management, which requires Chief Executives to establish financial management arrangements suitable to their individual circumstances that are consistent with legislation and government policy.
28. In response to a recommendation in the Review of Operation Sunlight: Overhauling Budget Transparency, Finance has tabled in Parliament the 2008–09 and 2009–10 Certificate of Compliance Report to the Parliament. The reports to the Parliament have discussed overall trends in non-compliance; and, presented instances of non-compliance by six categories (or types of requirements) and Australian Government portfolio grouping (for example, Treasury portfolio group). Following receipt of feedback on the first report to Parliament, the second report to Parliament provided context on the extent of financial transactions in agencies, and also included more non-compliance trend data. In addition to informing stakeholders on compliance requirements and trends, the report to Parliament helps provide ongoing focus on key risk areas.
29. Finance delivers a general training program covering the financial management framework (Budget and Financial Essentials (BFE)), and has also provided some targeted training and information sessions to directly address issues identified in the Certificate process. Several factors suggest scope for strengthened coordination and provision of financial management training across government. Specifically: the consolidation of instances of non compliance reported through the Certificate in a few areas; the room for improvement in the coverage of, and agency attendance at, Finance-run financial management training; and the large number of agency-run training programs. Options in this regard include more targeted training programs addressing key risk areas, dissemination of sound agency-level training approaches or modules, and exploration of e-learning options.
30. Actions undertaken by Finance to continuously improve the financial management framework and associated guidance, as a result of issues identified through the Certificate, have been focused on refinements in particular areas of difficulty, and on reducing the level of non-compliance. External members of audit committees consulted as part of this audit gave strong endorsement to further consideration of how the financial management framework should be changed as a result of systemic issues identified by the Certificate process, and to achieve simplification. In this context, in December 2010 the Minister for Finance and Deregulation announced that Finance is undertaking the Commonwealth Financial Accountability Review, with the objective of exploring options for modernising and improving the Commonwealth's financial framework.
Agencies' Certificate of Compliance processes (Chapter 3)
Agencies' Certificate processes
31. The approaches adopted by Chief Executives to provide reasonable assurance that officials are complying with the financial management framework, and to complete their agency's Certificate, should be fit for purpose, having regard to factors such as the size of the agency, its financial activities, financial management arrangements and compliance history. 32. Each of the audited agencies had undertaken some form of mapping of financial management framework requirements prior to or following introduction of the Certificate. The three larger agencies with more devolved financial management arrangements had also assessed: the responsibilities of different business areas in relation to the various compliance requirements; the internal controls in operation in support of compliance; and information needed from business areas to provide adequate assurance the area was compliant with the financial management framework.
33. Key mechanisms used by AGD, ATO and CDPP to assess compliance with the financial management framework, and complete their Certificate, were sign-offs by responsible officials from different business areas (including through completion of surveys/questionnaires); separate reporting of non compliance statistics by business areas with specific framework responsibilities (ATO only); and sample testing of financial transactions (CDPP only). As a small agency with centralised financial management arrangements, CGC's Certificate was completed by the central finance team, based on their close involvement in relevant financial processes throughout the year. The primary methods used by each agency to assess compliance were appropriate in light of the agency's particular characteristics.
34. For three agencies (AGD, ATO and CDPP), internal audit had recently undertaken audits of specific aspects of the financial management framework; and considered the implications of its audit findings in terms of compliance with financial management framework requirements and Certificate reporting. These internal audit activities complemented self-assessments by agency officials. Reflecting the size of the agency, CGC did not have an internal audit function in place. The smaller agencies in the audit (CDPP and CGC) both noted that they placed a certain amount of reliance on the external audit of their financial statements (by the ANAO) to identify potential control weaknesses and non-compliance. ANAO external audit is only one of a number of review mechanisms supporting the exercise of an agency's responsibilities for their own financial arrangements and compliance with the financial management framework.
35. Consistent with Finance's Certificate guidance, the audit committee at each of the agencies assessed and provided advice on the agency's Certificate prior to Chief Executive sign-off. At AGD and ATO, regular updates on the Certificate were provided to the audit committee throughout the year. This assisted committee members to understand issues, influence activities, monitor remedial action and provide relevant and timely advice.
36. A key aspect of the Certificate process is assessing the underlying causes of non-compliance, with a view to taking appropriate remedial action. Providing feedback on an agency's Certificate results to staff also underlines the agency's experience and assists in reinforcing sound practices. The remedial actions of the audited agencies were generally appropriate. Actions taken included changes in agency policies and procedures, and targeted training for staff where particular knowledge gaps were identified. Accuracy of Certificate results
37. ANAO testing to check the accuracy of the audited agencies' Certificate results for 2008–09, identified a small number of instances of under reporting of non-compliance in all of the four audited agencies. The areas of under reported non-compliance in one or more agencies related to the approval of spending approvals by authorised officials, the use of drawing rights, the transfer of leave liabilities between agencies, misuse of credit cards and prompt banking of public money. Testing results highlighted benefit in agencies obtaining data on non-compliance from a variety of sources, and based on an assessment of risks, periodically testing key internal controls to determine if they are working as expected.
38. The ANAO also reviewed instances of non-compliance reported by the agencies for 2008–09 to ascertain whether they had been correctly reported as non compliantTesting found a small number of instances of over reporting of non compliance in one agency and some incorrect classification and recording of actual non-compliance by another. These results illustrated benefit in agencies quality assuring Certificate results, particularly where non compliance is identified by business areas.
Design and impact of the Certificate of Compliance process (Chapter 4)
39. A key design feature of the Certificate process is the requirement that agency Chief Executives certify to their portfolio minister the agency's compliance with specified financial management framework legislation and policy. Consultation undertaken during the audit found this design feature of the Certificate process has been crucial to its overall impact. As mentioned above, Chief Executive sign-off on compliance with the range of requirements covered by the Certificate, has led to strengthened focus on these requirements by agency staff, and improvements in internal controls. Provision of the Certificate to relevant Ministers, and reporting of results by Australian Government portfolio grouping in the annual report to the Parliament, also reinforce the importance of compliance with the financial management framework.
40. Certificate reporting requirements have been set by government and cover compliance with a large number of legislative and policy requirements. Details of all identified instances of non-compliance with the legislative and policy requirements must be reported, regardless of materiality. The requirements covered by the Certificate are highly variable in nature. They range, for example, from fraud control planning, through approval of spending proposals, and application of government policy for procurement and grants administration, cost recovery and foreign exchange risk management. The potential consequences of non-compliance are also variable, depending on the specific requirement and circumstances in question. The Certificate has thus led to a focus on compliance and strengthening of controls for some requirements which, on a risk basis, may have received less attention. In this regard, external audit committee members advised that many instances of non-compliance are relatively minor in terms of their implications. In light of this feedback, there is an opportunity for Finance to obtain agency views on current requirements which may be modified or no longer need to be mandated, thus streamlining administration and the Certificate process at the same time.
41. In addition to certification of financial management compliance, the Certificate requires Chief Executives to state whether their agency is operating within the agreed resources for the current financial year, and has adopted appropriate management strategies for all currently known risks that could affect the financial sustainability of the agency. Senior Executives interviewed as part of the audit indicated that the focus of the Certificate on financial sustainability was in response to ministers' concerns over agencies not managing their budgets effectively and frequently requesting additional funding. For 2009–10, 20 agencies reported financial sustainability issues through the Certificate. Matters raised included difficulties encountered in absorbing the costs of new budget initiatives for which departmental funding had not been provided, difficulties in achieving savings targets, and circumstances which led the agency to seek approval of expected operating losses by the Minister for Finance and Deregulation. From this reporting, the financial sustainability section of the Certificate has provided agency Chief Executives with an opportunity to engage their Minister and Finance on matters concerned with financial sustainability.
42. As previously mentioned, under Certificate guidance Chief Executives should ensure their agency has sufficient processes and controls in place to provide reasonable confidence that officials are complying with the legislative and policy requirements covered by the Certificate. Now that the Certificate process has matured and where systems and processes are in place, agencies should also consider the opportunities for efficiencies in their processes, having regard to the nature of the agency, its financial activities, the risks of non-compliance and its potential consequences.
43. Analysis of reported instances of non-compliance over time indicates that agencies first improved identification of non-compliance, and then worked with some success to address problem areas. There is also correlation between changes made by Finance to financial management framework requirements and guidelines, and reductions in non-compliance. Nevertheless, there remain a significant number of instances of non-compliance in some key areas, particularly where there are a large number of responsible officials (such as approval of spending proposals). This suggests that continued effort is required by Finance and agencies to support staff knowledge of relevant financial management framework requirements and how to meet them.
44. A summary of the agencies' responses to the audit report is provided below.
Department of Finance and Deregulation
45. Finance supports the recommendation that Finance strengthen coordination and provision of training on the financial management framework and Certificate of Compliance (Certificate) process, including by focusing Finance run training on the key risk areas of the framework which account for most non compliance. Training is an important part of Finance's strategy to improve understanding of, and compliance with, the financial management framework.
46. The Attorney-General's Department (AGD) agrees with the overall findings of the ANAO audit report on Management of the Certificate of Compliance Process in FMA Act Agencies, and will continue to undertake ongoing improvements to the internal Certificate of Compliance processes in response to these findings.
Australian Taxation Office
47. The Australian Taxation Office (ATO) recognises the important role of the Certificate of Compliance (COC) in improving compliance with the Australian Government's financial management framework. We pride ourselves in having comprehensive and detailed processes to detect, identify, and report financial framework breaches in our COC and are pleased that this is reflected in the audit report.
48. We consider the report to be a fair representation of our experience with the COC process and we support the Better Practice section of the report, which reflects ATO's existing processes and approach. From a broader Commonwealth perspective, the report also provides useful reflections about the extent to which Agencies understand and manage their financial risks. Although the COC is only one of the tools by which an agency informs itself about financial risks and compliance with the Commonwealth financial framework, we envisage that agencies who adopt the better practice model will see improvements in their financial management practices generally.
Office of the Commonwealth Director of Public Prosecutions
49. The CDPP welcomes the ANAO report, and agrees with the ANAO's recommendation in relation to the provision of training by the Department of Finance and Deregulation. Prior to this ANAO audit, the CDPP identified areas of reporting that could be subject to inconsistency across the Commonwealth, and agrees that better guidance and training would improve the quality of information reported to key stakeholders.
50. Following this audit, the CDPP has implemented a number of initiatives:
- re-evaluated internal controls;
- strengthened quality assurance reviews over testing results from State offices;
- strengthened Audit Committee oversight of the process; and
- implemented follow-up of remedial actions. Commonwealth Grants Commission
51. The report and the suggestions for better practice in the management of the Certificate of Compliance process should encourage improvements to agencies' frameworks for the preparation of the Certificate.
The following better practice suggestions for agencies' Certificate process are directed towards the central area in the agency responsible for coordinating the process. Each agency should adopt Certificate processes that are fit-for-purpose given the agency's size, financial activities, financial management arrangements, compliance history, and the associated risks. Agencies should assess the extent that suggestions are relevant, appropriate and cost-effective in light of their circumstances.
Understand financial management framework requirements and how they are implemented
- Have a clear understanding of the various elements of the financial management framework, and the specific requirements which agencies are required to comply with under the framework.
- Review how the agency applies financial management framework requirements through mechanisms such as delegations, policies and procedures. Ensure policies and procedures are disseminated to, or accessible by, affected staff.
- Outline agency responsibilities and accountabilities for the various elements (or specific requirements) of the financial management framework, and relate these to business areas, office holders and/or staff designation levels.
- Use messages from the Chief Executive and other senior staff to reinforce the importance of compliance with the financial management framework.
- Keep abreast of changes to the financial management framework, communicate changes as necessary, and consider the implications for financial management and Certificate processes. This could include attendance at CFO Forums, monitoring Finance notices, and timely communication with key agency stakeholders on changes to requirements or Finance guidance. Seek Finance advice to clarify any uncertainties.
Assess internal controls supporting compliance with financial management framework requirements
- Periodically assess the integrity of internal controls supporting compliance with the financial management framework. For example, assess the appropriateness of delegated responsibilities and whether delegates have access to adequate guidance and support to understand and properly perform their role.
- Use risk assessment of internal controls to determine the likelihood and potential consequences of existing systems failing to prevent or detect financial management framework departures.
Determine approach to collecting Certificate information
- Consider the information that should be gathered as part of the Certificate process to provide reasonable assurance on compliance with the financial management framework. Where appropriate, draw on existing assurance and monitoring mechanisms to collect data (for example, management reporting or internal audits), thereby strengthening integration of the Certificate process with other business processes.
- Design the Certificate process to focus on areas where assessment of internal controls has found the risks of non-compliance, and/or the potential consequences, are relatively high. Pay particular attention to any problem areas identified previously.
- Choose an appropriate mix of approaches to gather Certificate data and try to avoid overreliance on one information source. Potential options include: self assessment surveys completed by office holders, delegates or other staff with financial management responsibilities; provision of non compliance data captured by business areas with specific financial management framework responsibilities; financial or other system based checks; sample testing of financial transactions; and targeted reviews of internal controls.
- When using self-assessment surveys, tailor questions according to the responsibilities of different business areas and/or officials. Use straightforward language in surveys and make guidance material readily available to staff when completing surveys.
- Relate the regularity of Certificate data collection to the agency's size, financial activities, financial management arrangements and the associated risks.
- Align the timing of completion of the Certificate with the agency's financial statements process to avoid inconsistencies and enable consideration of whether breaches of the financial framework, if any, impact the financial statements.
Quality assure compliance information
- Quality assurance processes should have their primary focus on transactions which traditionally have been higher risk, more significant, or high volume in the agency's context.
- Undertake selective quality assurance of information provided by business areas or officials to help ensure its accuracy prior to completing the annual Certificate.
- Provide feedback on the findings of quality assurance of compliance information to support continuous improvement and consistency in data collection approaches.
Use of internal audit
- Share Certificate results with internal audit and encourage targeted internal audit activity. Potential options include internal audit testing: the operation of key internal controls; compliance with specific requirements (for example, approval of spending proposals) for a sample of financial transactions; or specific business areas based on past performance.
- Support inclusion in relevant internal audit reports of the implications of audit findings for the Certificate. Report non-compliance identified through internal audits in the Certificate.
Audit committee oversight
- Provide regular updates to the audit committee on the Certificate process (covering its design, conduct, results and follow-up actions) to assist committee members understand issues, influence activities, monitor remedial action and provide timely and relevant advice.
- Encourage the audit committee to guide formulation of the internal audit work program to address key risks with respect to application of the financial management framework and the Certificate process.
- Draw on and respond to any audit committee advice on the implications of internal audit findings for internal controls and Certificate reporting, and on effective Certificate processes at other agencies.
Remediation and education
- Review trends in non-compliance over time at agency-wide and business area levels to inform remediation strategies. Understand and address the underlying causes of non-compliance, including any systemic issues.
- Use analysis of Certificate results to identify staff knowledge gaps or business areas experiencing particular difficulties, and focus staff training and development in these areas.
- Monitor the areas from which staff take part in training and awareness programs, and encourage participation where required. Consider mandating tailored training or awareness programs to support staff commencing to exercise a spending delegation, drawing rights delegation or responsibility for cost centre management.
- Review the implementation of remediation strategies, potentially as part of an internal audit.
Review the effectiveness and efficiency of the Certificate process
- Periodically review the effectiveness and efficiencies of the approach employed by the agency for the Certificate to avoid excessive resources being devoted to the assurance provided by the process.
- Seek feedback from staff involved in the Certificate process, and continuously improve the process.
- Monitor whole-of-government compliance trends reported annually by Finance to identify possible issues. This should inform internal audit and process review activity
 Financial Management and Accountability Act 1997, Section 44. In this section, proper use of resources means efficient, effective, economical and ethical use that is not inconsistent with the policies of the Commonwealth.
 See, for example, ANAO Audit Report No.15 2004–05, Financial Management of Special Appropriations, ANAO Audit Report No. 22 2004–05, Investment of Public Funds, ANAO Audit Report No. 28 2005–06, Management of Net Appropriation Agreements, and ANAO Audit Report No. 11 2010–11, Direct Source Procurement, available at: <http://www.anao.gov.au>.
 A separate process applies to entities subject to the Commonwealth Authorities and Companies Act 1997. For further information, see Finance Circular 2008/05: Compliance Reporting – CAC Act Bodies. Available at: <http://www.finance.gov.au/publications/finance-circulars/2008/05.html>.
 A Special Account is an appropriation mechanism that notionally sets aside amounts within the Australian Government Consolidated Revenue Fund for expenditure for special purposes.
 Department of Finance and Deregulation, Finance Circular No. 2009/06, Certificate of Compliance – FMA Act Agencies, 11 August 2009, pp. 2 and 9.
 ‘Drawing rights are a statutory control over who may draw upon appropriations and make payments, and they allow for conditions and limits to be set by the Finance Minister (or the Finance Minister’s delegates) in relation to those activities.’ Department of Finance and Deregulation, 2008–09 Certificate of Compliance Report to the Parliament, December 2009. Available at: <http://www.finance.gov.au/publications/certificate-of-compliance-report/index.html>.
 The ANAO also reported in Audit Report No. 17 2009-10, Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 2009, ‘ANAO enquiries identified that the CoC [Certificate of Compliance] process has resulted in staff having an increased awareness of legislative requirements. Entities advised the ANAO that this has resulted in staff giving higher priority to meeting legislative requirements, particularly in areas where breaches had occurred in 2007–08 … Since its introduction in 2006–07, the Certificate of Compliance process has resulted in an increased awareness of legislative responsibilities and most, if not all, entities have well-established processes in place to identify legislative breaches and take corrective action where appropriate. The significant reduction in breaches in 2008–09 compared with 2007–08 reflects favourably on the effectiveness of these processes’.
 That is, audit committee members who are not employees of the agency.
 Or Presiding Officers in the case of Parliamentary departments.
 Department of Finance and Deregulation, 2008–2009 Certificate of Compliance Report to the Parliament, December 2009, p. 2. Available at: <http://www.finance.gov.au/publications/certificate-of-compliance-report/index.html>.
 For example, ANAO Audit Report No. 11 2010–11 Direct Source Procurement found considerable non‑compliance with the requirements of the FMA Regulations, including the Commonwealth Procurement Guidelines (CPGs), which had not been identified by the audited agencies’ Certificate processes. The report observed that one of the reasons for unidentified non-compliance was delegates’ awareness of the relevant requirements, including the CPGs.
 Over half of the CFOs that responded to the ANAO survey have attended, or had staff attend, Finance’s BFE training and other ad hoc financial management training. By implication, staff from many agencies’ CFO areas had not attended.
 The ANAO reviewed a sample of financial transactions and other relevant evidence, to ascertain compliance for specific financial management framework requirements. Where sampling of financial transactions was used to assess compliance, the ANAO reviewed 60 financial transactions for AGD and ATO, and 35 for CDPP and CGC.
 The ANAO reviewed supporting documentation for a sample of (or all) reported instances of non‑compliance. CGC did not report any non-compliance for 2008–09 financial year and so was not involved in this part of the audit. Where sampling was used, sample sizes were the same as those used for the testing of financial transactions.