results of audit: internal control systems .chief finance officer (cfo) certifications internal...

Download Results of audit: Internal control systems .chief finance officer (CFO) certifications internal audit

Post on 13-Mar-2019

212 views

Category:

Documents

0 download

Embed Size (px)

TRANSCRIPT

Results of audit: Internal control

systems

Report to Parliament 6 : 201314

Queensland Audit Office

Location Level 14, 53 Albert Street, Brisbane Qld 4000

PO Box 15396, City East Qld 4002

Telephone (07) 3149 6000

Email qao@qao.qld.gov.au

Online www.qao.qld.gov.au

The State of Queensland. Queensland Audit Office (2013)

Copyright protects this publication except for purposes permitted by the Copyright Act 1968.

Reproduction by whatever means is prohibited without the prior written permission of the

Auditor-General of Queensland. Reference to this document is permitted only with

appropriate acknowledgement.

Front cover image is an edited photograph of Queensland Parliament, taken by QAO.

ISSN 1834-1128

Contents Summary .................................................................................................................................. 1

Conclusions ....................................................................................................................... 1

Findings from selective control testing .............................................................................. 1

Findings about monitoring controls ................................................................................... 4

Recommendations ............................................................................................................ 6

Reference to comments .................................................................................................... 6

1. Context ............................................................................................................................. 7

1.1 Internal controls .................................................................................................... 7

1.2 Management responsibility ................................................................................... 8

1.3 Audit responsibility ................................................................................................ 8

1.4 Structure of the report ......................................................................................... 10

1.5 Department acronyms......................................................................................... 10

2. Chief finance officer certification ................................................................................ 11

2.1 Context ................................................................................................................ 12

2.2 Audit objectives ................................................................................................... 14

2.3 Conclusions ........................................................................................................ 14

2.4 Findings summary ............................................................................................... 14

2.5 Design ................................................................................................................. 15

2.6 Application .......................................................................................................... 17

2.7 Report form and content ..................................................................................... 20

3. Internal audit .................................................................................................................. 23

3.1 Background ......................................................................................................... 24

3.2 Audit objectives ................................................................................................... 24

3.3 Conclusions ........................................................................................................ 24

3.4 Findings summary ............................................................................................... 25

3.5 Operating principles ............................................................................................ 25

3.6 Resources ........................................................................................................... 26

3.7 Audit plans .......................................................................................................... 31

3.8 Performance of internal audit .............................................................................. 33

4. Audit committees .......................................................................................................... 37

4.1 Background ......................................................................................................... 38

4.2 Audit objectives ................................................................................................... 39

4.3 Conclusions ........................................................................................................ 39

4.4 Findings summary ............................................................................................... 40

4.5 Operating principles ............................................................................................ 40

4.6 Committee structure ............................................................................................ 41

4.7 Key responsibilities ............................................................................................. 42

4.8 Proceedings ........................................................................................................ 44

5. Corporate card control ................................................................................................. 45

5.1 Background ......................................................................................................... 46

5.2 Audit objectives ................................................................................................... 47

5.3 Conclusions ........................................................................................................ 47

5.4 Findings summary ............................................................................................... 47

5.5 Policies and procedures...................................................................................... 48

5.6 Issue and return .................................................................................................. 48

5.7 Acquittal and monitoring ..................................................................................... 49

5.8 Effective use ....................................................................................................... 51

Appendices ............................................................................................................................ 57

Appendix AAgency comments..................................................................................... 59

Report 6 : 201314 | Queensland Audit Office 1

Summary

Internal financial controls are the structures, organisational capabilities, systems, processes,

procedures and activities within an entity that together operate to reduce the risk of fraud and error

in financial reports. They do not and cannot eliminate such risks altogether: the cost of attempting to

do so would outweigh any benefits in terms of matters such as improving the reliability of the annual

financial statements.

The Director-General of each department is responsible for establishing and effectively maintaining

adequate financial control throughout the financial year. The external auditor needs to consider the

internal controls capability of each entity when planning our financial audits. We do this by first

evaluating their design and implementation. Depending on the outcome of our initial evaluation we

may then decide also to test the operation of selected financial controls, but only if we consider it is

efficient and effective to rely on them.

This report summarises the results of our initial control evaluations and of our selective testing of the

financial reporting controls that operated within the 20 government departments during the 201213

financial year. These departments represent the bulk of the General Government Sector revenues

and expenses.

While the controls tested in each department will vary between agencies and years, this year we

also considered the control over the use of corporate cards in all departments. The major thrust of

the report however is the results of our detailed assessment of the three primary mechanisms used

by the Director-General of each department to monitor the health of their own internal control

frameworks:

chief finance officer (CFO) certifications

internal audit activities

audit committee oversight.

Conclusions During 201213 we continued to identify and report on a range of significant control weaknesses

across a number of departments relating to their control environment, information systems and

control activities. While the total number of control weaknesses identified has declined, internal

control structures are not yet as strong as they need to be for risk of fraud and material error to be

reduced to acceptable levels.

The continuation of relatively high numbers of significant control a

Recommended

View more >