In addition to the material non-compliance matters reported in our auditor’s reports (see Table 1 on pages 11 to 13), we reported other matters to management, including less material non-compliance as well as financial management and information system control weaknesses identified in our audits. These management letters, together with the auditor’s report, form part of our overall audit report that we provide under section 7.12AD of the LG Act to the mayor, president or chairperson, the CEO and the Minister for Local Government on completion of the audit.
In our management letters, we provide a rating for each matter reported. We rate matters according to their potential impact, and base our ratings on the audit team’s assessment of risks and concerns about the probability and/or consequence of adverse outcomes if action is not taken. We consider the:
- quantitative impact – for example, financial loss
- qualitative impact – for example, inefficiency, non-compliance, poor service to the public or loss of public confidence.
|Risk category||Audit impact|
|Significant||Those findings where there is potentially a significant risk to the entity should the finding not be addressed by the entity promptly.|
|Moderate||Those findings which are of sufficient concern to warrant action being taken by the entity as soon as practicable.|
|Minor||Those findings that are not of primary concern but still warrant action being taken.|
Table 2: Risk categories for matters reported to management
We give LG management the opportunity to review our audit findings and provide us comments prior to completion of the audit. When management responds to our draft management letters, we request them to set a time frame for remedial action to be completed. Often management improves policies, procedures or practices soon after we raise them and before the audit is completed. Other matters may take longer to remedy and we will follow them up during our subsequent annual audits.
During 2017-18, we alerted 40 LGs to control weaknesses that needed their attention. We reported 290 control weaknesses, of which 56 rated as significant and 186 as moderate.
Figure 4 shows a breakdown of the categories of control weaknesses identified in our 2017 18 management letters.
LGs should ensure they maintain the integrity of their financial control environment by:
- periodically reviewing and updating all financial, asset, human resources, governance, information systems and other management policies and procedures and communicating these to staff
- conducting ongoing reviews and improvement of internal control systems in response to regular risk assessments
- regularly monitoring compliance with relevant legislation
- promptly addressing control weaknesses brought to their attention by our audits.