Governance

We are committed to achieving and demonstrating good governance. In monitoring and assessing our own performance, we use the 9 key governance principles of the Public Sector Commission’s Good Governance Guide to assist us to achieve a high standard of organisational performance.

Key governance arrangements

Executive Management Group

Our Executive Management Group (Executive) is our team of senior managers who plan, manage and lead our business. They set the strategic direction and organisational values that define the activities of the Office of the Auditor General (OAG). Chaired by the Auditor General, they meet monthly and hold informal weekly meetings.

Executive also holds specific strategic planning meetings at least twice a year to discuss strategic and tactical matters. They monitor the implementation of our strategies and measure performance against targets.

In December 2017, the Executive group was surveyed on its effectiveness. The results were largely positive with some opportunities for improvement identified. A key action from this survey was to review our monthly management report to determine if we are delivering the right content to effectively inform Executive decision-making and strategic direction. This review is well underway by the new Auditor General.

Office committees

A number of committees provide Executive with operational and administrative support. The committees have a multiple role of governance, inter-office engagement and employee development.

Information and Communication Technology Committee

Our Information and Communication Technology (ICT) Committee, meets regularly to discuss ICT projects, activities, opportunities and risks. The focus areas of the committee include:

• the long-term plans and directions of all corporate systems
• progress on all strategic ICT related projects
• capital work, funding submissions and reporting.

Audit methodology user groups

We have audit methodology user groups for a range of audit types including performance audit, key performance indicator audit and financial audit. The groups facilitate user feedback regarding audit methodologies to ensure they are appropriate to the needs of our organisational and operating environment. Also that they are aligned to the relevant Auditing

and Assurance Standards and are effectively and efficiently used within the Office. Each group meets at least 2 times per year.

All new and revised Auditing and Assurance Standards are evaluated by our Technical and Audit Quality (TAQ) business unit for any impact on existing audit methodologies. TAQ makes recommendations to the user groups on the changes necessary to ensure that the audit methodologies comply with the standards.

During the year there were also changes to the financial audit methodology to reflect new and amended standards including those relating to:

• enhancements to auditors’ reports on financial statements, including the communication of key audit matters for selected entities
• the biggest change to methodology with the implementation of a revised standard for performance audits, ASAE3500. Former Auditor General Colin Murphy was instrumental in leading the working group that compiled the standard
• assurance engagements on controls.

Audit and Risk Management Committee

Our Audit and Risk Management Committee (ARMC) meets regularly to provide oversight of systems of risk management, control and reporting in order to provide advice and assurance to the Auditor General on these areas of operation of the OAG. Professor David Gilchrist, University of

Western Australia Business School, was the committee’s independent chair from April 2016 to December 2017. Des Pearson, former Auditor General for Western Australia and Victoria, started as the independent chair on 22 June 2018. The remuneration details for this role are available here.

The key responsibilities of the committee are to:

• monitor the oversight of the Risk Management Framework
• coordinate our internal audit and external audit program
• monitor the effectiveness of the internal control system and that it is reliable, complies with legislation and reduces the risk of fraud and error
• oversee and manage our actions to address any internal audit, quality assurance and external review findings
• monitor the financial and key performance indicator (KPI) reporting process
• oversee our Business Continuity Management Program and treatment action plans.

The Committee, led by the independent chair, also includes:

• Michelle Shafizadeh – Assistant Auditor General, Technical and Audit Quality
• Jordan Langford-Smith – Senior Director, Financial Audit
• Peter Bouhlas – Senior Director, Information Systems and Performance Audit
• Gareth Govan – Director, Performance Audit.

Des Pearson Independent Chair of the OAG Audit and Risk Management Committee Des Pearson’s public sector career spans over 40 years and across 5 jurisdictions. He was Victoria’s Auditor-General from 2006 to 2012. Prior to this, he served as Western Australia’s Auditor General for 15 years. He is currently a Life Member and Fellow of CPA Australia; a Life Member and Fellow of the Australian Institute of Management; a National and Victorian Fellow of the Institute of Public Administration Australia; a Fellow of the Institute of Chartered Accountants Australia; and a Fellow, International Society of Engineering Asset Management.

Figure 7: Biography – Independent Chair of the OAG ARMC

Other committees

Several other committees provide focused advice and support to Executive, including the:

• Local Government Audit Implementation Steering Group
• Culture Committee
• Office Consultative Committee
• Technical Determination Committee
• Professional Development Committee.

Risk Management Framework

We consider risk management to be a fundamental component of our work. Our comprehensive Risk Management Framework forms an integral part of the strategic planning processes.

The purpose of the framework is to:

• provide an overview of our risk management processes
• define the key attributes and objectives for the OAG’s risk culture
• describe roles and responsibilities for managing risk
• outline the process for reporting on risk and ongoing monitoring and review.

The framework is complemented by the OAG Risk Register and business unit risk registers that identify and assess relevant strategic and operational risks and the treatment action plans that we have to address these risks.

Our Risk Register is supported by the OAG Fraud and Corruption Control Plan and the OAG Business Continuity Management Program, which address particular types of risks within specific areas of the OAG’s operational activities.

The ARMC proactively manages the risks facing the OAG. An important component of this is setting and managing our annual internal audit program and overseeing the external audit process.

Policy framework

Our policies are designed to answer the most frequently asked questions on audit, administrative, accounting and personnel matters. They support and promote efficient and effective administration by providing consistent operational rules and procedures containing administrative and other compliance requirements.

We formally review our policies every 2 years and as required, undertaking an evaluation and assessment based on feedback from staff, and changes to legislation or other external environments.

Employees are informed of important policy changes by email, on the intranet and at staff professional development days.

Technical advice

Auditing, accounting and financial reporting knowledge and skills are fundamental to audit quality and performing efficient and effective audits. Our audit professionals are supported by the TAQ business unit which provides advice on auditing and financial reporting matters.

A Technical Determination Committee comprising senior staff from the Financial Audit business unit and the TAQ business unit is convened to provide advice on complex and contentious technical matters, to resolve differences of opinion about such matters, and to review all proposed modifications to auditors’ reports. This committee may seek advice from external sources where necessary.

Efficiency and Effectiveness Plan

We strive to be efficient and effective in all areas of our business. Annually, we prepare an Efficiency and Effectiveness Plan aligned with our Strategic Plan. This plan includes a number of projects designed to identify ways in which we can operate more efficiently within our current resourcing and budget. We see how other jurisdictions and the private sector perform their role and how we may benefit from their experiences.

The key focus for our current plan is our financial audit work. We are considering a number of areas where we can tighten our approach to ensure efficient work, while maintaining our high quality standards and level of assurance. More broadly, we are also working to introduce digital signatures to allow staff to sign documents electronically. We expect this will streamline workflows, reduce resource-waste (paper and ink) and time.

Information systems

Our Information Technology Strategic Plan is aligned with the OAG Strategic Plan and includes objectives and initiatives to deliver:

•     increased responsiveness and flexibility in meeting business requirements

•     better governance around ICT service delivery and project management

•     increased integration of current business information systems

•     innovative and effective use of our current suite of business information systems infrastructure

•     improved security and integrity of information. Over the last 12 months we:

•     provided new laptops to employees to replace ageing technology and to allow for a laptop memory upgrade

•     replaced obsolete smartboard and projector technology with touch screens, which provide better laptop display

•     provided our financial audit staff with external monitors for use when they are working remotely

•     implemented a board meeting management system for all our committees to use, replacing our previous paper-based board meeting system with a fully electronic system providing remote access and full security

•     implemented a swipe card system for network printers, which provides additional security over hardcopy output and reduces print waste

•     extended our secure email gateway to provide email business continuity, allowing staff to access their emails even if our email server is offline

•     upgraded remote device data plans from 2GB to 4GB, providing additional data capacity for all OAG staff working remotely.

Our 2017-18 Capital Works spend is available here.

Financial management

Our focus is on providing Executive and staff with accurate business data on which key decisions can be based, and monitoring and reporting our performance on a monthly basis. In addition, budget forecasting and meeting long-term resourcing requirements remain key discussion aspects at each Executive strategic planning meeting.

Ensuring sound financial management of our business is crucial and more critical as the sector is striving to deliver efficiencies in all aspects of operations.

Introducing a new finance system

In 2017-18, we started the process to replace our existing finance system. Tender submissions closed in early 2018-19 and we are aiming to have a new system in place by mid 2019.

We are looking for a system that fully meets business needs, including advanced management reporting requirements. The new system must be able to adapt to our future needs and be flexible enough to incorporate other business functions such as human resources, payroll and contract management.

Self-assessment against our benchmarking audits

At an operational level we are committed to ensuring quality and compliance of all our practices and a way we assess this is through the across government benchmarking audits (AGBAs) undertaken by our financial auditors. AGBAs focus on common business practices and provide information about areas of better practice as well as potential problem areas. We apply the lines of inquiry to our own business and report the results to Executive.

This year we concluded internal assessments against the following AGBAs:

• Agency Gift Registers – tabled March 2018

The focus of this audit was to determine if agencies had suitable policies and practices in place for the management of gifts received.

The lines of inquiry, which we assessed our Office against, were:

1. Do agencies have appropriate policies for instructing and guiding staff in dealing with gifts?
2. Do agencies maintain a suitable register to record, describe and authorise the acceptance of gifts?
3. Do agencies train or make staff familiar with policy requirements and monitor compliance?

Only one minor recommendation was raised as a result of our internal assessment. This was to update our gifts policy to explicitly prohibit employees accepting cash gifts. While this has always been our standard practice, we felt it important enough to specifically include in the relevant policy.

• Controls over Purchasing Cards – tabled April 2017

The focus of this audit was to determine if agencies have effective controls over expenditure incurred using corporate purchasing cards. We also reviewed the expenses incurred by the chief executive officers of the agencies to assess whether there was adequate independent review of their purchasing card use.

The lines of inquiry, which we assessed our Office against, were:

1. Do agencies have appropriate policies and administrative systems in place for government purchasing cards?
2. Are suitable controls in place to monitor and manage the issue and use of cards and the timely approval of card transactions?
3. Do agencies periodically review their use of purchasing cards and act on any identified shortcomings?

Our assessment confirmed that our controls over purchasing cards are appropriate, effective and demonstrate better practice.

• Tender Process and Contract Extensions – tabled April 2017

The focus of this audit was to assess whether agencies have appropriate processes for tendering and for extending existing contracts. We also assessed how well agencies manage conflicts of interest in their procurements.

The lines of inquiry, which we assessed our Office against, were:

1. Are the policies for tendering and for contract extensions and renewals adequate?
2. Have the processes for tenders above $250,000:
3. resulted in adequate testing of the market by giving all relevant suppliers appropriate opportunity and is the awarding of contracts appropriately reported?
4. provided adequate controls for managing conflicts of interest in procurement?
5. Are agencies adequately controlling:
6. contract extensions and renewals above $50,000, including testing of the market before extending or renewing contracts?
7. contract variations, including approval of variations within delegated limits and where appropriate initiating a new tender process?

Our assessment confirmed that we have appropriate and effective processes in place, which demonstrate better practice.

View our full audited financial statements and key performance indicators.