The OAG is committed to achieving and demonstrating good governance. In monitoring and assessing our own performance, we have found the 9 key governance principles of the Public Sector Commission’s Good Governance Guide a valuable tool for assisting us to achieve a high standard of organisational performance.
Key governance arrangements
Executive Management Group
Our Executive is our team of senior management who plan, manage and lead our business. They set the strategic direction and organisational values that define the activities of OAG. Chaired by the Auditor General, they meet monthly and hold informal weekly meetings.
Executive holds strategic planning meetings twice a year to discuss strategic and tactical matters. They monitor the implementation of our strategies and measure performance against targets.
A number of committees provide them with operational and administrative support. The committees have a multiple role of governance, inter-office engagement and employee development.
Audit and Risk Management Committee
Our Audit and Risk Management Committee (ARMC) meets regularly to improve the effectiveness of internal audit, external audit and risk management. David Gilchrist, Professor of Accounting, University of Western Australia, is the committee’s independent chair. The key responsibilities of the committee are to:
- monitor the oversight of the Risk Management Framework
- coordinate our internal audit and external audit program
- monitor the effectiveness of the internal control system and that it is reliable, complies with legislation and reduces the risk of fraud and error
- oversee and manage our actions to address quality assurance findings
- monitor the financial and KPI reporting process
- oversee our Business Continuity Management Program and treatment action plans.
Information and Communication Technology Committee
Our Information and Communication Technology (ICT) Committee, meets regularly to discuss ICT projects, activities, opportunities and risks. The focus areas of the committee include:
- the long-term plans and directions of all corporate systems
- progress on all strategic ICT related projects
- capital work funding submissions and reporting.
Audit methodology user groups
We have audit methodology user groups for a range of functions including performance audit, key performance indicator audit and financial audit. The groups facilitate user feedback regarding audit methodologies to ensure they are appropriate to the needs of our organisational and operating environment. Also that they are aligned to the relevant Auditing and Assurance Standards and are effectively and efficiently used within the office. The groups meet approximately 2 times per year.
All new and revised Auditing and Assurance Standards are evaluated by the Technical and Audit Quality (TAQ) business unit for their impact on existing audit methodologies. TAQ makes recommendations to the user groups on the changes necessary to ensure that the audit methodologies comply with the standards.
During the year there were changes to the financial audit methodology to reflect new and amended standards relating to:
- enhancements to auditor’s reports on financial statements, including the communication of key audit matters for selected entities
- the auditor’s responsibilities relating to other information contained in annual reports
- a greater auditor focus on disclosures in the notes to the financial statements
- assurance engagements on controls.
Several other committees provide focused advice and support to Executive, including the:
- Office Consultative Committee
- Professional Development Committee.
OAG policies support and promote efficient and effective office administration by providing sound and consistent operational rules and procedures containing administrative and other compliance requirements. They are designed to answer the most frequently asked questions on audit, administrative, accounting and personnel matters.
We formally review our policies every 2 years undertaking an evaluation and assessment based on feedback from staff, and changes to legislation or other external environments.
This year we reviewed 60 policies. Sixteen were rescinded and 44 were updated and approved by Executive. Staff are informed of policy changes by email, on the intranet and at staff professional development days.
Risk Management Framework
We consider risk management to be a fundamental component of our work. Our comprehensive Risk Management Framework forms an integral part of the strategic planning processes.
The purpose of the framework is to:
- provide an overview of the risk management processes adopted by the OAG
- define the key attributes and objectives for the OAG’s risk culture
- describe roles and responsibilities for managing risk
- outline the process for reporting on risk and ongoing monitoring and review.
The framework is complemented by the OAG Risk Register and business unit risk registers that identify and assess relevant strategic and operational risks.
The OAG Risk Register is supported by the OAG Fraud and Corruption Control Plan and OAG Business Continuity Management Program, which address particular types of risks within specific areas of the OAG’s operational activities.
The ARMC proactively manages the risks facing OAG. An important component of this is setting and managing our annual internal audit program and overseeing the external audit process.
Auditing, accounting and financial reporting knowledge and skills are fundamental to audit quality and performing efficient and effective audits. Our audit professionals are supported by TAQ which provides advice on auditing and financial reporting matters.
A Technical Determination Committee comprising senior staff from the Financial Audit business unit and TAQ is convened to provide advice on complex and contentious technical matters, to resolve differences of opinion about such matters, and to review all proposed modifications to auditor’s reports. This committee may seek advice from external sources where necessary.
Efficiency and Effectiveness Plan
We strive to be efficient and effective in all areas of our business. Annually, we prepare an Efficiency and Effectiveness Plan aligned with our Strategic Plan. This plan includes a number of projects designed to identify ways in which we can operate more efficiently within our current resourcing and budget. We see how other jurisdictions and the private sector perform their role and how we may benefit from their experiences.
Examples of the 2017 projects include:
- formally consider the audit practices of contract audit firms to identify practices we can consider
- use of an ACAG financial audit capability framework as a guide for management and staff
- formally consider feedback from secondees on their return to identify improvement opportunities.
Our Information and Communication Technology Strategic Plan provides high level plans to meet strategic priorities directly aligned with the Strategic Plan.
The objectives and initiatives of the plan will allow us to deliver as a priority:
- increased responsiveness and flexibility in meeting business requirements
- better governance around ICT service delivery and project management
- increased integration of current business information systems
- innovation tied to leveraging potential from our current suite of business information systems infrastructure
- improved security and integrity of information.
Specific projects undertaken over the last 12 months include:
- Development of a reporting management system to replace our current aging system
❍ More efficient, user friendly and relevant reports will be readily available from the new system.
❍ This project is still underway although very close to being finalised. We are looking forward to launching the new tool early in the new financial year.
- Implementation of cloud-based secure email gateway for enhanced email and spam filtering
❍ This new gateway has delivered a number of improvements to the way incoming emails are managed including timelier delivery of emails to recipients.
- Laptop replacement project
❍ This year we replaced all user laptops and, for the first time, delivered a selection of different models specifically tailored to the operational needs of each different business unit.
- Replacement of our tape-based backup system with a cloud-based backup system
❍ This project has reduced our reliance on expensive equipment that was nearing the end of its useful life. Capital savings will be delivered by eliminating the need to replace this hardware as we move towards cloud methodology.
- Upgrade of firewall capabilities to maintain strong network security stance
❍ Security over our network and data is paramount and ensuring our firewall capabilities are maintained assists us to mitigate this risk.
Our ongoing work plan continues with the further development of SharePoint as a performance audit methodology tool and the enhancement of the OAG Portal (our online document portal for the electronic delivery of documents to clients). This year was the first time we used the portal to deliver opinions to all our financial audit clients and ministerial offices.
Three audits have been undertaken in our IT area this year, including an information security assessment. All audits identified areas where improvements can be made and we are confident these will be addressed early in the new financial year.
Ensuring sound financial management of our business is crucial and more critical as the sector is striving to deliver efficiencies in all aspects of operations.
Our focus is on providing Executive and staff with accurate business data on which key decisions can be based, and monitoring and reporting our performance on a monthly basis. In addition, budget forecasting and meeting long-term resourcing requirements remains key discussion aspects at each Executive strategic planning meeting.
At an operational level we are committed to ensuring quality and compliance of all our practices and a way we assess this is through the across government benchmarking audits (AGBAs) undertaken by our financial auditors. AGBAs focus on common business practices and provide information about areas of better practice as well as potential problem areas. We apply the lines of inquiry to our own business and report the results to Executive.
This year we conducted internal assessments against the following AGBAs:
- Financial and Performance Information in Annual Reports
This audit assessed whether agency information relating to the financial statements, KPIs and financial estimates was reported accurately and consistently throughout the annual report.
A thorough comparison was undertaken of our 2015-16 annual report against the audited financial statements and KPIs and no errors were found. The financial estimates had been reported accurately and consistently throughout the report.
However, the review identified an incorrect figure had been entered into the commentary section although the impact was immaterial. This highlighted the importance of quality assurance and review prior to going to print.
- Timely Payment of Suppliers
This audit assessed whether agencies were paying suppliers on a timely basis in accordance with the requirements and principles of the Treasurer’s Instructions.
Our assessment confirmed that we had procedures and controls in place for ensuring payments were being made on a timely basis, including a process for monitoring and identifying invoices close to exceeding the 30 day requirement.
Our full audited financial statements and KPIs are provided in this report from page 62.