Independent assurance and corporate reporting

Sound financial and corporate reporting structure

LIGHTHOUSE PRINCIPLE: CORPORATE REPORTING

(based on ASX Principle 4)

The integrity of our financial and corporate information is safeguarded by a number of key mechanisms. These mechanisms also provide independent assurance over how well Audit Office processes are operating and complying with relevant laws, standards and policies.

Audit and Risk Committee

The Audit and Risk Committee independently reviews the objectivity and reliability of the Audit Office’s financial information, and ensures the financial statements are supported by appropriate management sign-off on the adequacy of internal controls. At each meeting, financial reports and budgets are presented to the committee for review. A special meeting is also held annually to review the annual financial statements.

Internal audit

Our internal audit function is managed by in-house staff, with internal audit services provided by an external service provider.

In 2017-18, an independent quality assessment of the internal audit function was conducted by the Institute of Internal Auditors – Australia and in accordance with the requirements of the NSW Treasury ‘Internal Audit and Risk Management Policy for the NSW Public Sector’ TPP 15–03 and internal audit standards. The assessment concluded that the Audit Office’s internal audit function is generally operating satisfactorily, with improvement opportunities identified and largely now implemented.

Our internal auditors add value and improve our operations by monitoring and providing independent and objective assurance to the Audit and Risk Committee, and ultimately the Auditor-General. The internal audit function brings a systematic, disciplined approach to evaluate and improve organisational systems, processes and reporting. The internal auditors attend each quarterly Audit and Risk Committee meeting to report on the progress of the internal audit plan and present the findings of their reviews.

In 2017-18, the internal auditors reviewed four areas:

  • Expenditure and accounts payable
  • ISO 27001 information security management system
  • Revenue and pricing model review
  • Follow up of previous internal audit and Australasian Council of Auditors-General (ACAG) peer review findings and recommendations.

All these reviews had a ‘satisfactory’ conclusion, meaning each area assessed had a satisfactory overall control environment with a small number of low risk improvement opportunities.

The number of internal audits conducted in 2017-18 were fewer than in previous years due to further assurance obtained through other independent reviews. These included:

  • Cyber security review
  • Pricing review
  • Quadrennial Public Accounts Committee review
  • Quality and assurance peer review by the Australasian Council of Auditors-General.

Recommendations from internal audits and independent reviews are tracked and progress reported regularly to the Office Executive and Audit and Risk Committee. The majority of recommendations have been implemented.

A new internal auditor was appointed in February 2018 through a process overseen by the Audit and Risk Committee.

External audit

Pursuant to Section 47 of the Public Finance and Audit Act 1983, the Governor of New South Wales appoints an independent audit practitioner to audit the Audit Office’s financial statements. The external auditor provides an independent opinion on whether the Audit Office’s financial statements are true and fair and comply with applicable Australian Accounting Standards. The external auditor also attends all Audit and Risk Committee meetings.

A new external auditor was appointed and commenced in July 2018 to audit the 2017–18 financial statements.

Auditor-General and Management Control Questionnaire

The Auditor-General certifies that the Audit Office’s financial statements give a true and fair view and are prepared in accordance with applicable Australian Accounting Standards, the Public Finance and Audit Act 1983, the Public Finance and Audit Regulation 2010, the Financial Reporting Code for NSW General Government Sector Entities and Treasurer’s Directions.

This certification is supported by the Management Control Questionnaire and the Chief Financial Officer’s sign-off on the effectiveness of internal controls over financial information.

Independent quality assurance program

The Audit Office has established a system of quality control designed to provide assurance that it complies with Australian Auditing Standards, relevant ethical requirements, and applicable laws and regulations. This is achieved through the Quality Audit Review Committee, which monitors the quality of audit products, and provides the Auditor-General with reasonable assurance the Audit Office complies with the requirements of ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Service Engagements and APES 320 Quality Control for Firms.

The Quality Audit Review Committee is accountable to the Auditor-General, is chaired by the Director Office of the Auditor-General, and comprises:

  • the Deputy Auditor-General
  • the Director Office of the Auditor-General
  • two practitioners with appropriate experience and qualifications – one drawn from our financial audit branch and one from our performance audit branch – are standing invitees, as is our Executive Director Quality and Innovation and Director Quality and Innovation.
External reviews

External reviews provide important scrutiny of the Audit Office’s quality control systems and processes and help benchmark their effectiveness.

The Audit Office is subject to, or has participated in, the following external reviews:

  • a quadrennial review by a person appointed by the Public Accounts Committee to examine the auditing practices and standards of the Auditor-General. The most recent review was conducted by Deloitte in 2017–18. The review concluded that we demonstrated the Auditor-General has in place methodology and tools to effectively, economically and efficiently deal with our core business and achieve compliance with the appropriate standards. Without affecting their conclusion, Deloitte made a number of recommendations to assist in further strengthening and improving the effectiveness and efficiency of the Audit Office
  • periodic reviews of aspects of the Audit Office by peer reviewers arranged under a quality assurance framework sponsored by the Australasian Council of Auditors-General (ACAG). The most recent peer review was conducted in 2016–17 and was led by the Western Australian Office of the Auditor-General. The review confirmed that there is very sound governance and audit practice management in place at the Audit Office. Performance and financial audit engagement files reviewed were supported by sufficient and appropriate audit evidence and were rated either ‘better practice’ or ‘good with limited improvement opportunities’.
Quality assurance reviews

The Audit Office reviews the quality of its financial audits annually. The reviews may be coaching reviews, where files are reviewed in progress, or monitoring reviews, where files are reviewed on completion. The quality review program covers the audits the Audit Office conducts internally and those contracted to private sector firms (our audit service providers).

The assurance review program for financial statement audits is managed by the Quality and Innovation group. During 2017–18, 15 financial statement audits were reviewed. The reviews consisted of five coaching reviews and ten monitoring reviews.

The results of these reviews are reported to the Quality Audit Review Committee. The Quality Audit Review Committee is responsible for ensuring the process, conclusions and any remedial actions are communicated to the Auditor-General, the Audit and Risk Committee, the Office Executive, audit teams, and the Audit Office’s audit service providers.

Overall, the reviews concluded that the system of quality control over the Audit Office’s financial audits was functioning effectively, and assurance conclusions for the reviewed audits were appropriate. The results of the quality reviews are communicated to staff at a debrief session and to audit service providers individually and annually at the Audit Service Providers Forum. Quality findings inform the learning and development program of the Audit Office to promote an environment of continuous improvement.

Independence practices

The Audit Office’s commitment to high ethical and professional standards underpins the quality of our work.

The Audit Office’s independence policy requires staff and contractors engaged in audits to comply with the relevant provisions of APES 110 Code of Ethics for Professional Accountants relating to independence so independence of mind and appearance is maintained throughout the audit.

Performance reporting

In 2017-18, performance against the Audit Office’s corporate plan was tracked and reported to the Office Executive. Lead managers and executive sponsors met quarterly to review milestones and key performance indicators and track progress towards achieving overall outcomes.

Regular financial and operational reports were presented to the Office Executive, Financial Audit Executive and Performance Audit Executive to monitor our audits and related reporting. These were also supported by regular reports on the performance of our Corporate Services function.

Transparency reporting

The Corporations Act 2001 includes requirements for annual transparency reporting by auditors.

Although the Audit Office is not subject to the requirements, the Audit Office has embraced the principles of transparency reporting.

For the first time in our 2016–17 annual report we included content that met all relevant transparency reporting requirements as per the Corporations Act 2001.

For our 2017–18 annual report, Appendix Eleven summarises the requirements that are relevant to the Audit Office and shows where the required information is presented in this report.

The year ahead

In 2018-19, our internal auditors will continue to focus on key areas of risk in our audit practices and corporate systems. Internal audits will be conducted in the following areas:

  • implementation review of our Data Centre Refresh project
  • ISO 27001 information security management system
  • performance reporting and progress against strategic initiatives
  • WHS and staff wellbeing
  • quality of audit file reviews
  • cyber security review
  • follow up of past recommendations

We will also expand our Quality Audit Review Committee to include reviews of performance audits, and appoint an external member of the profession to the committee.