Good governance principles for agencies

• Strategy – we have a strong organisational structure, defined roles and responsibilities and a solid planning framework for both strategic and operational planning.
• Culture – leadership and integrity is demonstrated in our structure, conduct and values. Our employees are engaged with our goals and vision and our commitment to service delivery.
• Relations – through our communications we build relationships with internal and external stakeholders that maintain and strengthen the reputation of our Office. In all areas of our business we strive for excellence.
• Performance – through monitoring and evaluating the performance of both our individuals and our organisation we are able to identify and implement opportunities for increased efficiency and effectiveness.
• Compliance and accountability – policies processes and plans are in place to ensure we manage risk across all business areas and meet all statutory, legislative and other obligations.

The Public Sector Commission’s Good Governance Guide is a valuable tool to ensure accountability obligations are met and to achieve a high standard of organisational performance.

The Good Governance Guide includes nine key governance principles. The following pages describes how we apply those principles and includes references to pages in this report for more information.

 

Financial performance

The budget for our Office is largely comprised of accommodation costs, salaries and audit contractor expenses. The variance in total cost of services was primarily due to an increase in accommodation costs and an increase in salaries expense. The variance in total income other than income from state government was primarily due to additional fees charged to agencies for additional audit work and an increase in the number of Royalties for Regions certifications.

The decrease in cash held is due to higher employee benefits, supplies and services and accommodation payments. Note however that these payments were largely offset by higher user charges and fees receipts.

Further explanations are contained in note 27 ‘Explanatory Statement’ to the financial statements on page 103 of this report.

Our staff level was higher than our target for this year as we anticipated a higher attrition rate than was realised. Further information regarding our employee numbers and information is included in the Our People section commencing on page 57.

Financial statements

For more details on our financial performance please refer to the relevant pages in our financial statements section of this report (pages 70 to 109).

Key performance indicators

Effectiveness

The Office’s effectiveness indicator shows the extent to which Parliament has been informed about public sector accountability and performance against four specified categories.

A crucial element of this key performance indicator is the establishment of a three year target for each category of report. The current target of 75 reports over three years encompasses the financial years 2012-13 to 2014-15.

During 2013-14 we tabled one more report than our 2013-14 target. In 2012-13 we missed our target by one report. Therefore, according to our actual performance and our forward planning, we are still on track to meet our three year target.

It is important to note that while the Office aims to meet the individual category targets and the total target, we are also intent on responding to key issues as they emerge, and not sacrificing the quality of our reports in order to achieve a quantitative measure.

Table 3 shows our actual results for the preceding four years, and our performance against the 2013-14 target.

For further information and details about reports tabled this year refer to page 45.

Our topic selection process is outlined on page 43.

Efficiency

The Office’s key efficiency performance indicators measure the cost of our audits relative to government expenditure.

Table 4 shows the cost per million dollars of gross government expenditure for our efficiency indicators.

Further information on our key performance indicators is on pages 111 and 112.

Additional indicators of our performance

The indicators set out in the table below are not audited, however they are included in this annual report because they are considered important in understanding the Office’s operational performance.

The indicators show a steady performance across these areas over the past five years and a consistent meeting of our predetermined targets.

We continue to see an increase in the number of Matters of Significance in the reports the Auditor General tables in Parliament. ‘Key messages’ are the issues a general parliamentary reader would take away from the report after the details of specific findings and recommendations have receded into the background.

While not official key effectiveness or efficiency performance indicators, there are a number of other indicators that provide us with a measure of our ongoing performance in meeting our outcome of ‘An informed Parliament on public sector accountability and performance’. These include:

Also refer to pages 120 to 123 for a summary of our progress against our strategic plan.

Audit opinions

Agencies that operate under the Financial Management Act 2006 (the majority of public sector agencies) receive three opinions from the Auditor General:

• an opinion on the financial statements of the agency
• an opinion regarding the controls in the agency
• an opinion regarding the key performance indicators of the agency and whether they are fairly presented, relevant and appropriate.

These agencies are required under the Act to have their annual reports tabled within 90 days of financial year end.

Agencies operating under other legislation receive an opinion on their financial statements with a small number also receiving an opinion on controls.

A complete list of agencies subject to audit is on pages 124 to 125.

Audit certifications

Audit work also includes the certification of financial and statistical information produced by departments and statutory authorities. This assists agencies to discharge conditions of Commonwealth funding, grants or legislation and assists them to meet requirements of their funding agreements in a timely manner. In 2013-14, 186 certifications were for Royalties for Regions projects.

Across government benchmarking audits

In addition to the annual financial audits, our financial auditors also conduct across government benchmarking audits (AGBAs). These audits focus on common business practices across the sector and provide an indication to Parliament and agencies of how different agencies are performing relative to each other. This year our AGBAs included:

• controls over purchasing cards
• debtor management
• timely payment of invoices.

Audits on controls over purchasing cards and timely payments of invoices were previously conducted in 2007 and 2009.

All agencies are encouraged to review the results and recommendations of the AGBAs and take action to ensure that they comply with accepted good practice.

We conduct two types of performance audits, broad scope and narrow scope. As the name suggests, our broad scope performance audits focus on the effectiveness and efficiency of larger programs, projects and services. Our narrow scope performance audits have a tighter focus and may assess internal agency controls, compliance with legislation, policy and good practice, and information systems. We also conduct follow-up audits to assess the actions taken by agencies in response to our recommendations and the changes and improvements that result.

All of our performance audits are conducted in accordance with our Performance and Compliance Audit Methodology, using a phased approach and regular executive review and approval.

By following the methodology, we have assurance that individual audits are soundly based, and that the Auditor General’s objectivity, independence and credibility are maintained. A set of core professional values underpin our methodology, including being objective, fair and balanced, professionally sceptical, evidence based and criteria driven, consultative, open and clear.

We conduct post project reviews of all our performance audits, and survey agencies for their views on the process after we have completed the audit. Our Performance Audit Methodology User Group meets regularly to ensure continuous improvement opportunities are identified and implemented.

Our audited key effectiveness indicator on page 111 provides an indication of our performance in relation to our reports tabled in Parliament. In addition, from page 45 of this report you will find summary information on all reports tabled in 2013-14.

Working together towards excellence in audit

The Australasian Council of Auditors-General (ACAG) is an association established by Auditors General in 1993 and provides consultative arrangements for the structured sharing of pertinent information and intelligence between Auditors General in a time of increasing complexity and rapid change.

ACAG supports the development of effective and efficient auditing methods and practices by members, and represents externally, where appropriate, the collective opinion of the Auditors General on financial accounting and auditing standards and related issues.

Our involvement with ACAG continues to be beneficial and extremely important in developing and sharing knowledge, information, experience and better practice examples in auditing.

There are a number of ACAG sub committees we participate in throughout the year which provide mutual benefits and learning opportunities between audit offices including:

• Financial Reporting and Auditing Committee: to provide Auditors General and ACAG with strategic and technical advice on developments in accounting, financial reporting and financial auditing.
• Performance Audit Executives Group: to arrange for the sharing of information between members and support the development of effective and efficient performance auditing methods and practices by members.
•  ACAG Information Systems Audit Group: a forum for exchange of knowledge and experience in information technology (IT) audit and use of IT as a support tool for auditors.
• Audit Quality Assurance Panel: The ACAG Quality Assurance Coordinating Committee has been established to develop and maintain ACAG’s capacity to undertake quality assurance reviews when requested by Auditors General using the ACAG Governance and Audit Framework for Self-Assessment and External Review.

Auditing and Assurance Standards Board

The Auditor General is a member of the Auditing and Assurance Standards Board (AUASB).

This Board is an independent, statutory agency of the Australian Government, responsible for developing, issuing and maintaining auditing and assurance standards.

Our Assistant Auditor General Technical and Audit Quality, Michelle Shafizadeh, is a member of a Project Advisory Group for Assurance Engagement on Controls, which is a subgroup of the AUASB.

We also regularly liaise with ACAG audit offices on providing a collegiate response to exposure drafts issued by the Australian Accounting Standards Board and AUASB and their international equivalents.

Quality and continuous improvement

 Quality framework and Quality Assurance Plan

Quality is fundamentally important to everything we do. The Office has a framework that establishes and maintains quality over the work we perform. This framework is instilled throughout our workforce, sending a strong message that audit quality is more than meeting professional standards.

Our framework includes a Quality Assurance Plan which is approved by the Executive Management Group on an annual basis. Our Technical and Audit Quality business unit is responsible for the facilitation of the Plan and for regular reporting of its progress to the Executive Management Group.

This plan is linked to the strategic plan and outlines the role and importance of audit quality and quality assurance. It includes details of the work to be performed, high level objectives and responsibilities for facilitating and reporting the outcomes. The Quality Assurance Plan details the time and cost budget for the work to be performed as well as possible scope areas for future years.

This year we further enhanced our Quality Assurance Plan to ensure we focused our resources and efforts on the areas that would have the most significant impact. We also mapped out to future years the proposed external independent reviews so that we have a clear line of sight and are well prepared for these.

Role of the Quality Assurance Plan

The Quality Assurance Plan plays a vital role for our Office in terms of:

• internal control
• risk management
• corporate governance
• compliance monitoring.

Training is a critical part of the Quality Assurance Plan. Specific sessions have been delivered on ‘what is audit quality?’, ‘the importance of audit quality’ and ‘the role and responsibility for audit quality.’

Focus on continuous improvement

Through our continuous improvement policy we aim to adopt continuous improvement as a regular part of what we do and how we conduct ourselves, rather than as an afterthought or an additional activity. In this way, continuous improvement is embedded within our culture and within our business processes through the cycle of planning, execution and review.

Activities which contribute to our continuous improvement process include:

• Post project reviews – these are conducted following the tabling of each audit report and include the examination of lessons learnt throughout the project and suggested improvements.
• Audit methodology user groups – our audit methodologies are key to what we do, how we do it and why. The user groups meet regularly to ensure that the methodologies are compliant with auditing standards and to identify any best practice or continuous improvement opportunities that could be implemented.

This year we identified a need for improvement within the management of our corporate projects. As a result project documentation has been significantly enhanced to capture all required stages of the project, including project evaluation and review at the conclusion of each project.

Risk management

The Office considers risk management to be a fundamental principle of the work we do for ourselves and others. The Office has a comprehensive risk management practice framework, which forms an integral part of our strategic planning processes.

The framework outlines the policies and processes relating to the management of risk and preventative measures.

Cloud computing

Two significant risk matters we are currently discussing are the possible use of cloud based services and the possible off-shoring of audit work by our contract audit firms. We are reviewing our position on these areas and any impact that this may have on our policies and procedures and audit approach.

Fraud and corruption control

In 2013-14 the Office implemented a new Fraud and Corruption Control Plan which includes a requirement to have a Fraud and Corruption Incident Register. This was a result of the research that was performed during our performance audit in the area of best practice in fraud and corruption control.

Receipt of gifts, benefits and hospitality

We have a Receipt of Gifts, Benefits and Hospitality Policy and a Gift Decision Register is maintained as required by the policy.

The Audit and Risk Management Committee review the Gift Decision Register and internal policies on a regular basis and identify any matters which need to be brought to the attention of the Executive Management Group.

Business Continuity Management Program

Our Business Continuity Management Program (BCMP) addresses major risk events that have the potential to significantly impact on our ability to deliver our services. It prepares our Office to respond to any business interruptions caused by incidents, events or crises.

This year training was provided to members of the Business Continuity and Crisis Management teams. The training included scenario testing and discussion of alternative actions which could be taken should that scenario ever arise.

It was interesting to see the variety of flow on effects that one simple crisis situation may cause and these aspects were central to the discussion as part of the training exercise. The training resulted in the identification of some of the gaps within our plan that we have subsequently been able to address.

Risk management and business continuity is included in the induction process of new employees and reinforced to all employees through our Office forums and Professional Development Program.

Information technology and management

Information technology

Following the development of the Information Technology Strategic Plan last year, 2013-14 saw significant effort being applied across the Office towards implementing projects that addressed our key strategic initiatives of:

•  improved governance
•  improved information management
•  improved service management
•  improved innovation and technology.
• Improved governance focused on enhancements to the operation of the ICT Committee and the review of frameworks, standards and policies.

Providing a high standard of service continues to be a priority and this year an internal business review was undertaken. This review identified efficiencies for improved levels of service which we have been able to address. We also extended our service desk beyond just information technology requests to now include requests for services relating to a range of areas, including general building and facilities issues.

The development of our Business Intelligence tool has improved information management by providing accessibility to live information required for key decision-making.

This year an external provider was engaged to perform an infrastructure and application vulnerability assessment. This was undertaken to identify the presence of security vulnerabilities or misconfigurations in our services exposed to the internet. The assessment identified seven risk areas which have now been addressed.

A significant collaboration project this year was for our Office to take responsibility for the hosting of the Australasian Council of Auditors-General (ACAG) website. This website is a shared facility accessible by all audit offices in Australia.

Information and Communication Technology Committee We have an active Information and Communication Technology (ICT) Committee which meets regularly to discuss ICT projects, activities, opportunities and risks across the Office.

The focus areas of this committee include:

•  the long term plans and directions of all corporate systems
•  progress on all strategic ICT related projects
•  capital work funding submissions and reporting.

This committee regularly reports to the Executive Management Group, and is made up of representatives from all business units of the Office to ensure a strategic approach to ICT and broad consideration of operational and business needs.

Information management

In 2013-14 major information management initiatives within the Office included an increased focus on user access to business information and the training and education of employees in terms of information management tools and responsibilities.

An exciting development this year has been the introduction of online interactive videos published on the intranet. These videos have proved to be a useful training tool that is readily available and easily accessible for all employees.

Our ICT strategic plan includes a range of initiatives and projects for 2014-15 which will allow further integration of information systems and deliver benefits to the business.

Innovation team

The role of the Office innovation team is to facilitate and support innovation across the business. The team has accepted the huge challenge of finding ways to entrench a culture of innovation at the Office, and continues to tackle this across the business.

Through the use of our Innovation Wiki on the intranet all employees have the opportunity to contribute ideas or comment and build on the ideas of others. A streamlined navigation process for accessing the Innovation Wiki was recently developed, with links from the intranet homepage to vote on favourite ideas.

One of the new initiatives for this year was the agreement to share key learnings with staff through attending innovation seminars and inviting guest speakers into the Office. At a recent professional development day, Associate Professor Sharon Delmege from Murdoch University, who researches and teaches creativity and innovation, presented a session ‘Creativity, Innovation and Me.’ This session clarified the processes of creativity and innovation and outlined how to cultivate a more creative disposition, which has been a challenge to innovation at the Office.