Audit Service Provider Briefing Portside Conference Centre 19 - PDF document

19/02/2019 Audit Service Provider Briefing Portside Conference Centre 19 February 2019 Agenda Item Time Welcome 9:30am Address by the Deputy Auditor-General Lessons learnt and Government reporting and compliance developments Morning tea 10:30am Audit oversight – key changes Key contract requirements Data analytics and innovation Information Security and data breaches Other business Close workshop / Lunch 12:30pm 1

19/02/2019 Agenda – Local Government Session Item Time • Local Government IS audit strategy 1:30pm • Debrief on 2017-18 audits • Key areas of focus for 2018-19 audits • Local Government accounting and audit issues • Potential topics for Report to Parliament, performance audits Close workshop 3:00pm Address by the Deputy Auditor-General Ian Goodwin Deputy Auditor-General 2

19/02/2019 Reflections on 2017‐18 Our activity is driven by our Corporate Plan, which includes six strategic initiatives: • local government • influencing for impact • reporting process • working better, working together • data analytics Progress on 2017-2020 • technology and process innovation corporate plan –strategic objectives 3

19/02/2019 This initiative is focused on defining what our work will look like into the future, what capabilities we require and the culture and conditions we need to create. Working better, working together Lessons learnt and Government reporting and compliance developments David Daniels, Director Financial Audit Karen Taylor, Director Financial Audit 4

19/02/2019 Contents • Lessons learned from prior audits • Prior period error themes • Asset revaluation considerations • Monitoring review findings • Government Reporting and Compliance Developments • Mandatory early close procedures • Government Sector Finance Reforms • NSW Cyber Security Policy Lessons learnt 5

19/02/2019 Prior period error themes • There were 40 prior period errors for 30 June 2018 audits • Key financial statement line items impacted: Common causes of prior period errors • Valuation and record keeping of physical assets: o management assessed the asset could not be measured reliably o errors in comprehensive revaluations o assets not carried at fair value o accuracy and completeness of asset registers • Incorrect discount rates to measure provisions under AASB 137 6

19/02/2019 Asset revaluations Important matters to consider: Starting out • Early engagement with all stakeholders including auditors Management’s role • Start revaluations early • Compare pre and post valuation results on an individual basis. Document explanations from the valuer for significant / unusual changes Asset revaluations Using experts • Documented Terms of engagement clearly detailing the valuation methodology • Valuation report should detail key assumptions, valuation approach adopted, how use of relevant observable inputs is maximised Intervening years • Revaluations performed with sufficient regularity to ensure carrying values reflect fair value. Communication • Management meets regularly with auditors to discuss progress and outcomes 7

19/02/2019 Monitoring review findings (for year ending 30 June 2017) Systemic findings across both inhouse and ASP audit files: • Response to identified ITGC deficiencies, arising from: application and database security configurations o privileged user access o • In addition to reporting the deficiencies in the management letter, need to respond by: assessing the risk and likelihood of exploitation of those risks o impact on the audit approach and resulting procedures to target o assessed risk Monitoring review findings (for year ending 30 June 2017) Systemic findings across both inhouse and ASP audit files: • ASA 315 requires an understanding of the information system, including the business processes, relevant to the financial reporting, including: classes of transactions o transaction process flows o month and year end close processes o related controls. o • Adopting a purely substantive audit approach doesn’t mean we can opt-out of ASA 315 8

19/02/2019 Monitoring review findings (for year ending 30 June 2017) Systemic findings across both inhouse and ASP audit files: • For journals testing, teams should: understand the types of journals, including automated journals and o rationale for its exclusion document and evaluate controls o ensure the population of journals is complete o respond to issues identified e.g. segregation of duties in the system, o privileged user access apply appropriate filters o sort down o test the selection o perform update testing o Government reporting and compliance developments 9

19/02/2019 Mandatory early close procedures • Contained in TC19-01 31 March • Applies to all NSW public Agency performs all early close procedures in Appendix B sector entities including State Owned Corporations (SOCs) 23 April • Agencies should engage Agency provides results to the Audit Office and Treasury early with the Audit Office to confirm the nature and timing of procedures to be 31 May performed Audit Office provides observations and feedback on early close procedures to the agency 2018-19 Asset revaluation timetable • Applies to NSW public Agency mandatory deliverables to the Audit Office sector entities, including January SOCs Agency provides listing & position paper on assets • Applies to assets: not recorded in financial statements. • requiring comprehensive valuations 23 April • not currently recorded as they do not meet the Agency provides final valuation report with management’s review report. reliably measurable criteria 10

19/02/2019 Treasury mandates circular • Mandates the options agencies must apply when Australian Accounting Standards allow certain accounting policy choices • Applies to all entities that prepare general purpose financial statements under the Public Finance and Audit Act 1983 , including SOCs • Likely key changes: • includes new mandates under AASB 9 and AASB 15 (for- profit entities) • updates the list of Standards issued but not yet effective. Government Sector Finance reforms Government Sector Finance Act 2018 (GSF Act) • New framework for government sector financial and resource management • Aims to simplify and modernise agency management, responsibility and accountability, financial reporting, governance and performance • Movement to a principle based approach • Became law in November 2018. Elements of the Act came into force from 1 December. For example, expenditure, delegations, financial arrangements and performance information • The financial reporting, audit and annual reporting elements of the Act have not yet come into force. They are proposed to commence progressively from the 2019/20 financial year (inclusive) Government Sector Audit Act 1983 (GSA Act) • Formerly known as the Public Finance and Audit Act 1983 • Addresses the audit of government sector finances and governance of the Public Accounts Committee • Recognises the independence of the Auditor-General and the Audit Office. • Will become effective for the 2019/20 financial year 11

19/02/2019 GSF Act – key reforms • Information sharing: Treasurer and Ministers can request information held by agencies relevant to resource allocation to facilitate better informed budget and State financial management decisions • Performance Information: Treasurer authorised to give directions on performance information agencies are required to keep. This reform supports outcome budgeting • Clusters: Cluster Ministers can access relevant agency financial and non-financial information. The reforms also codify the Cluster Minister’s authority to set terms and conditions on spending from appropriations when delegating the power to agencies • Delegations: Broader range of responsibilities and powers can be delegated (and sub- delegated) than is permitted under the existing framework Further information on the reforms is available on NSW Treasury’s website: https://www.treasury.nsw.gov.au/budget-financial-management/reform/government- sector-finance-act-2018-0 NSW Cyber security policy • Must be adopted by all NSW Public Service Agencies from 1 February 2019 • Recommended adoption by SOCs, local councils and universities • Introduces new mandatory cyber security requirements • Requires agencies to provide a cyber security attestation in their annual reports 12

19/02/2019 Questions? Morning Tea 10:30 – 11:00am 13

19/02/2019 Audit Oversight – Key Changes Karen Taylor Director Financial Audit New Audit Oversight Approach • Commencing for the 2018-19 cycle • Reduction in duplication and number of forms • Improved efficiency - timeliness of review and lower administration costs • More focus on risk areas 14