Guide for staff interacting with a September 2015

advertisement

Guide for staff interacting with a

Treasury Cluster Audit & Risk Committee

September 2015

History: Developed March 2014.

Disclaimer:

This publication is a working document of Treasury’s internal audit function and was not developed by the policymakers.

Bearing this in mind, agencies are welcome to use this document as a model to adapt to their own needs if they wish. Treasury makes every effort to ensure this publication reflects good practice and is kept up to date; however it is the responsibility of agencies to ensure their documents are current and compliant with relevant policies and standards.

Note : For privacy r easons, individuals’ names and contact details were removed from this document prior to posting, but within an agency they should be available to users.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee i

Contents

1 The Audit and Risk Committee and its role ................................................................ 1

1.1.1 Conflicts of Interest and Confidentiality Agreements ..................................... 1

2 Who will be in the room? ............................................................................................ 2

2.1.1 Members ....................................................................................................... 2

2.1.2 Regular Observers ........................................................................................ 2

3 Communication with the ARC .................................................................................... 2

Briefings and Presentations on a Particular Subject…. ........................................ 2

Action List Items .................................................................................................. 3

Responding to an Internal or External Audit Recommendation ............................ 3

Register of Recommendations from a Completed Internal or External Audit ....... 4

3.4.1 Updates to the Registers of Audit Recommendations ................................... 4

3.4.2 Register of Internal Audit Recommendations ................................................ 5

3.4.3 Register of Audit Office Management Letter Recommendations ................... 5

3.4.4 Register of Recommendations from External Bodies .................................... 6

ARC Review of Financial Information .................................................................. 6

3.5.1 Review of the Financial Statements .............................................................. 6

3.5.2 Committee Requirements to Commend Accounts to the CEO ...................... 7

3.5.3 Management Letters Issued by Auditor-General ........................................... 8

4 Appendix FAQS: review of entity financial statements .............................................. 9

Why is the ARC reviewing my agency’s financial statements? ............................ 9

When do I provide my agency financial statements to the ARC? ......................... 9

Why does the ARC get my financial statements before the deadline in the client service plan? ............................................................................................................. 9

Who decides at which meeting my financial statements are going to be considered, and how can I find out the dates? ......................................................... 10

What else should I give the ARC when I give them the financial statements? ... 10

Why do the financial statements have to be in ‘mark-up’? ................................. 10

Why do I have to attend the meeting and for how long am I needed? ................ 11

What does the Audit & Risk Committeee have to do with the final audited version of the financial statements (statutory accounts)? ..................................................... 11

5 Appendix ARC arrangements specific to entities that do not report to the Secretary 12

6 Appendix Checklists and documentation templates ................................................ 13

7 Further information and contacts .............................................................................. 14

Key Contacts ..................................................................................................... 14

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee ii

1 The Audit and Risk Committee and its role

The Audit and Risk Committee (ARC) has been established to oversee and monitor governance, risk and control issues affecting the operations of entities within the

Treasury cluster, including internal and external audit.

There are shared arrangement agreements between NSW Treasury and other cluster entities, e.g. Residual Business Management Corporation (RBMC) 1 . The Committee also provides independent advice to the Secretary and the heads of other cluster entities.

The ARC’s responsibilities generally cover review and oversight of the following areas:

risk management

internal controls

corruption and fraud prevention

external audits of entity and Total State Sector financial statements

compliance with applicable laws and regulations

internal audit.

Conflicts of Interest and Confidentiality Agreements

Members sign a Conflict of Interest Declaration in relation to any interests that they consider might give rise to an actual or perceived conflict with their role as a Committee member. They are also asked at each meeting to declare any conflicts of interest that may have arisen since the formal declaration was last made 2 .

Members sign a Confidentiality Agreement to ensure that the sensitive information to which they have access in carrying out their responsibilities is not released to third parties without prior authorisation, and is only used for the purpose for which it was provided. Confidentiality agreements remain in force after members leave the

Committee.

Samples of these forms are on the Treasury website under the button Audit & Risk

Committee Management .

Further Information on Treasury’s Internal Audit Function: http://www.treasury.nsw.gov.au/About_Us/internal_audit_and_risk_management

1 Refer Appendix 5 for information specific to entities that do not report to the Secretary

2 Conflict of Interest Declarations are made annually, in writing using the prescribed template, by all Committee members.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 1

2 Who will be in the room?

At a Committee meeting you are likely to encounter the following people:

Members

List members, whether they are independent or internal, and their speciality area/s

Regular Observers

There are a number of regular observers at the ARC meetings.

[List observers - Depending on the Committee, these could include the Chief Audit

Executive, Chief Finance Officer, internal audit service provider, Audit Office, agency head.]

3 Communication with the ARC

There are five main ways you are likely to be called on to interact or communicate with the ARC:

1. The Committee has asked you to prepare a paper or presentation and attend the meeting to answer questions.

2. You are responding to an item on the Action List from the minutes of an earlier ARC meeting.

3. You have provided a management response to one or more recommendations in a new internal audit and are assisting EY to present its report to the ARC

4. You are updating an item on the Register of Recommendations from a completed internal audit or Audit Office Management Letter.

5. You have prepared financial statements for a Treasury Cluster entity, or the Total

State Sector Accounts (TSSA).

The following sections are a guide to what is expected in each of these situations.

Briefings and Presentations on a Particular Subject

The Committee has asked you to provide a paper summarising the facts, and including your analysis, of a particular subject in which they are interested. They may also ask you to attend the meeting so that the members can ask questions and clarify the information you have provided.

In preparing your paper you should be mindful of the Committee’s strong interest in risks and how we propose to manage them. You should also be aware your audience are not

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 2

Treasury employees who are familiar with the same issues and acronyms you are.

Your paper will be included in the meeting papers. These papers are sent to the

Committee one week prior to the meeting so that they have time to review the information and formulate the questions that they may wish to ask you.

Your paper should be signed off by your Executive Director and provided to Audit &

Risk Branch by 10 working days before the meeting, to allow time for quality assurance review prior to distribution.

The Committee has a template that includes instructions to assist you with your response. This template is available from the Committee Manager, or from the hyperlink in Appendix 6 (Link 3.1).

The same deadline and signoff rules apply if you wish to provide a PowerPoint presentation instead of a paper. In this case, use the ordinary Treasury PowerPoint template, and be sure to advise the Committee Manager or Chief Audit Executive beforehand whether you wish to speak to paper copies of the slides or show them on the screen. Either is acceptable, but the latter requires us to ensure the technology is in place.

Action List Items

The action list tracks the status of actions arising from previous meetings. The action list is reviewed and revised for each meeting, with new matters being added and completed matters closed.

Responding to an item on the action list generally involves only a short written response (but may occasionally include supplying a paper and/or attending a meeting to update the Committee in person). Note that it is not acceptable just to write “in progr ess” or “completed”. The Committee will want to see where the action is up to, what delays, if any, have been encountered, and what evidence there is that the action has been completed (e.g. “Secretary Approved brief on 1 November”). If the action results in a deliverable, the Committee will sometimes ask for a copy on its completion.

When you first respond to an Action List item you will be asked to estimate the date by which the Action will be completed. You are advised to consider this carefully and give yourself plenty of time, as the Committee may call you, or your manager, to attend and explain if there is repeated slippage of the due date.

Responding to an Internal or External Audit Recommendation

If there has been an audit performed in your work area, you may be asked to respond to recommendations made by the Internal Audit provider (EY), or by the Audit Office in one of its Management Letters.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 3

When you provide this response, you should ensure that:

you clearly understand the Recommendation, and the audit finding it is attempting to resolve (if in doubt, check with the auditor)

your response is specific, with actions able to be monitored by the Committee

your response makes sense as a response to the finding

you have the resources and capability to complete any promised actions within the timeframe you propose.

If you believe it will take months or longer to fully resolve the issue behind a recommendation, talk with the report’s author, or with Treasury’s Chief Audit Executive, about breaking your response into several milestones.

For further detail refer to section 5.4.1 of the Treasury Cluster Internal Audit Manual.

(See Appendix 6.3.3).

If you have provided a response to an audit recommendation, it is possible you may be invited to attend the presentation of that Audit Report to the ARC.

Register of Recommendations from a Completed Internal or

External Audit

3.4.1 Updates to the Registers of Audit Recommendations

The Internal Audit Branch may contact you in order to update any one of the above

Registers of Recommendations prior to an ARC meeting.

In the “Current Status” column of the template, concisely state the date on which you are writing and the implementation status of your response as at that date. If there is an actual or foreseen delay, detail: the issue; a revised due date if necessary; and what you are doing to get the action back on track.

Remember that if you change the “due date” twice, the ARC will ask your Executive

Director or Deputy Secretary for an explanation. Your best safeguard against this is to propose a practical deadline as part of your original management response.

Every time you are asked for an update, please re-read the recommendation and your initial management response. Both are shown in the register.

Ensure that your answer still directly responds to the recommendation and your initial response. If not, bring it back into line.

Occasionally, the ARC may ask you to provide further details on your update in the form of a briefing or presentation at one of their meetings. In this case the Committee

Manager will advise you what is needed.

Background on the three Registers is below for information.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 4

A Register of Recommendations is a document that records the Recommendations from audit reports (or reviews and inquiries, in the case of the External Bodies register), the management responses to those Recommendations, the status of action to implement each response and the expected completion date.

Treasury has three Registers of Recommendations:

Register of Internal Audit Recommendations

Register of Audit Office Management Letter Recommendations

Register of [other] Recommendations from External Bodies

Each Register ranks recommendations by audit (or review/inquiry), and then in order of importance based on the risk rating assigned by the auditor.

The Treasury ARC views the Registers of Internal and Audit Office Recommendations at alternate meetings. The third Register is reviewed at least every 6 months.

3.4.2 Register of Internal Audit Recommendations

Internal Audit Reports are tabled at ARC meetings when the service provider has finalised them, but before they go to the Secretary for his approval.

When the Secretary approves an Internal Audit Report, its recommendations and the management responses are immediately added to the Register of Internal Audit

Recommendations, together with their dates for completion. (Low risk items are monitored separately, by the Chief Audit Executive.)

Progress with the implementation of the management responses is updated and presented to the Committee at alternate meetings. The Committee monitors these updates and provides feedback if it views progress as unsatisfactory in relation to the risks, or fears the action is going off track. If they are unhappy with the progress of an item, they will invite your Deputy (or Associate) Secretary to a meeting to discuss.

When a recommendation has been implemented, you should explain in the “status” column why you are satisfied that it is done. When the ARC agrees the action is complete, the action and the recommendation are removed from the Register.

3.4.3 Register of Audit Office Management Letter Recommendations

This register lists the recommendations made by the Auditor-General and outlined in the Management Letter he sends following his annual audit of the financial statements.

Recommendations that have been rejected by management are highlighted for the

Committee on first presentation, even if they are low risk.

Progress against agreed management responses is updated and presented to the

Committee at alternate meetings throughout the year. The Committee and the Audit

Office advise if either views progress as unsatisfactory or considers that the priorities are not appropriate to the risks.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 5

When the actions detailed in a management response have been demonstrated to be implemented, they are presented at the next ARC meeting to gain agreement that they are finalised, then removed from the Register.

The Audit Office reviews the progress against each response to each Management

Letter at the end of the year, when it is preparing the next one. It will repeat a recommendation in the new Management Letter if the Auditor-General is not convinced the action taken was adequate to manage the risk, even if the ARC has determined it to be complete.

3.4.4 Register of Recommendations from External Bodies

The Register of Recommendations from External Bodies, or “the third register”, tracks the progress of recommendations for Treasury in external reports (other than AO

Management Letters) from entities such as the Public Accounts Committee,

Ombudsman and Auditor-General.

This register tends towards actions with much longer timeframes, such as legislative changes. It is tabled before the Committee every six months unless an issue arises which requires more immediate attention.

ARC Review of Financial Information

3.5.1 Review of the Financial Statements

The Audit and Risk Committee (ARC) reviews the financial statements of many different entities 3 at key dates during the financial year. These dates are determined by the reporting schedule agreed in the Client Service Plan issued by the Audit Office.

The aim of the ARC review is to provide independent advice to the Secretary 4 on the content and form of the financial statements. The Committee will provide feedback to the entity on any issues members feel should be resolved before the statements are provided to the Audit Office. Following audit, they must provide written assurance to the

Secretary before he signs off the accounts.

The financial statements should be accompanied by the prescribed coversheet each time they are submitted to the Committee. Financial statements that the Committee has seen before should always show ‘changes since last time’ in mark-up or highlight

(or coloured font, if Excel). This applies even between early close and the first time they see the end of year financial statements.

3

The Treasury cluster entities are listed in Annexure 1 of the ARC Principal Department Charter

4 or the Directors of the Ports Lessor Corporations.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 6

3.5.1.1 Review of Financial Statements for Early Close

The Committee receives the Early Close Pro-forma Financial Statements at the same time that they are sent to the Audit Office.

The Committee reviews these pro-forma statements in accordance with the Audit and

Risk Committee (Principal Department) Charter and reports any observations to the

CAE, who then passes these comments to the entity concerned, to be introduced into its discussions with the Audit Office.

The Committee’s deadline is always shorter than the Audit Office’s, so that there is time to consider its comments before early close is finalised.

At the end of early close, the Committee has asked for a short report from each entity to let it know which of its comments were adopted and why any were rejected. The person with responsibility for each set of statements is asked to supply this report.

(Link to the template to use as a coversheet for both Early Close and End-of-Year statements is at Appendix 6, 3.5.)

3.5.1.2 Review of Financial Statements for Year End

The Committee needs to receive the Draft Financial Statements at least 3-4 working days before they are sent to the Audit Office so that members may provide feedback prior to submission. It is important for this to be factored into the timeframe for preparation.

The officer who develops the financial statements for a cluster entity should attend the

ARC meeting where feedback is given on that entity’s statements, ideally accompanied by his or her Director. If you attend in this capacity, you will be asked to discuss the methodology you used and any issues that arose , hear members’ comments first-hand, and clarify any concerns members may have.

Because the Treasury Cluster has so many, sometimes the Committee has to review and comment on financial statements out-of-session. In this case, the relevant

Director’s and Executive Director’s contact numbers should be supplied, for the same reasons detailed above.

(Link to the template to use as a coversheet for both Early Close and End-of-Year statements is at Appendix 6, 3.5.)

3.5.2 Committee Requirements to Commend Accounts to the CEO

When the audited financial statements (also known as the statutory accounts) return from the Audit Office, the Committee is responsible for commending them to the Chief

Executive Officer prior to his sign-off under the Public Finance and Audit Act 1983

(s41C).

The person who prepared the financial statements, and liaised with the Audit Office during their review, has responsibility for liaising with the Internal Audit Branch to ensure this process happens smoothly.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 7

To facilitate the commendation, you need to provide the following information to the

Internal Audit team so that it may be forwarded to the Committee:

Accounts, marked up with any changes since last viewed by the Committee and with updated coversheet in place

Client Service Report issued by the Audit Office

Management Representation Letter (MRL) signed by the Chief Financial Officer

3.5.3 Management Letters Issued by Auditor-General

The AuditorGeneral’s Management Letter, which follows some time after final signoff of the year-end accounts, is an important part of the reporting process associated with the review and oversight of the financial and operational activities of the organisation.

This letter typically describes a range of matters that the Auditor-General considers necessary to bring to the attention of management. It includes recommendations for improvement, particularly to better control perceived risks.

Final Management Letters from external audit, which include management responses from Treasury entities, are forwarded by the Audit Office to the CAE at the same time that they are provided to the Secretary 5 .

If you are required to respond to a recommendation from an Audit Office Management

Letter, please see Section 3.3 above. It will help you craft your answers.

The management responses are then transferred into the ARC’s Register of

Recommendations from Audit Office Management Letters. If you are required to take action under any of these responses, it is possible you may be called before the

Committee to answer questions, particularly if progress is slow.

As with the register of recommendations from internal audit, if a deadline is moved more than once, the ARC is likely to call your Executive Director, Associate or Deputy

Secretary to explain the slippage.

5 Or other CEO, in the case of residual entities within the Cluster which do not report through the Secretary.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 8

4 Appendix

FAQS: review of entity financial statements

Why is the ARC reviewing my agency’s financial statements?

The members of the Audit and Risk Committee (ARC) review the financial statements at key dates during the financial year (including at early close). Most of these dates are determined by the reporting schedule agreed in the Client Service Plan issued by the

Audit Office.

The aim of the ARC review is to provide independent advice to the Secretary 6 on the content and form of the financial statements, with a particular emphasis on material risks.

ARC members will also provide feedback to the Chief Financial Officer on any issues that they feel should be resolved before the statements are provided to the Audit Office.

When do I provide my agency financial statements to the ARC?

Ideally, you should aim to have your statements lodged with the Chief Audit Executive at least 3-4 working days prior to the ARC meeting at which they are going to be reviewed (or 4 working days before the Audit Office deadline, if there is no meeting).

This gives the Committee Manager sufficient time to send the statements to the

Committee in printed format as well as electronically. It also allows the Committee time to read the accounts and provide some informal feedback before the statements are discussed at the meeting. The timing of these meetings, and of ARC deadlines for

‘out-of-session’ work, is set with regard for Audit Office deadlines.

Why does the ARC get my financial statements before the deadline in the client service plan?

The Client Service Plan deadline is the date for submission to the Audit Office. The

Committee’s role is to provide independent advice to the Secretary (or other relevant

CEO). The Committee needs sufficient time to review the financial statements, and you need sufficient time to incorporate any suggestions they make before the accounts are presented to the Audit Office.

You should be aware that the Auditor-General will consider any substantive amendment after his Office has received the final end-of-year accounts to be a misstatement or error.

6 or the General Manager RBMC, or the Directors of the Ports Lessor Corporations. In the rest of the text these will be referred to as “or other relevant CEO”.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 9

Who decides at which meeting my financial statements are going to be considered, and how can I find out the dates?

The Committee Manager for the ARC produces a meeting calendar at the beginning of each year with tentative dates for the review of financial statements based on the previous year’s experience. When the current year’s Client Service Plans are received from the Audit Office, the proposed meeting dates are reviewed and some meetings may be rescheduled.

The Chief Audit Executive and the Committee Manager are able to advise you at which meeting your accounts will most likely be reviewed. They are also able to provide you with a current meeting calendar to assist your forward planning.

Some of the smaller accounts may need to be reviewed out of session and the comments sent to you to collate and act on. The Committee Manager for the ARC can advise you on the timing for this process.

What else should I give the ARC when I give them the financial statements?

The Treasury ARC reviews more than 10 separate sets of financial statements at early close, and again at year-end. To be useful in the review role, the ARC must know as much as possible about variances and other related issues before these financial statements are presented to the Audit Office.

To enable the members to review the accounts productively, the Committee has designed a cover sheet to accompany each set of statements, which it requires to be used for each set of accounts.

The coversheet includes instructions to assist completion. Link to the current template can be found in Appendix 6, at 3.5.

Why do the financial statements have to be in ‘mark-up’?

Presenting the financial statements in mark-up allows the Committee to quickly identify the changes that have been made to the contents since their last review. It also helps the members to identify whether their suggestions have been adopted.

The accounts will be ‘clean’ when the first draft is submitted to the ARC at Early Close.

The next draft submitted to the ARC will show ARC-requested changes, as well as any discoveries made by management, or changes requested by audit. These changes will be ‘accepted’ once the Early Close Financial Statements are reviewed and returned by the Audit Office. Therefore, the first draft of the Year End Financial Statements will be

‘clean’ and then subsequent drafts will be marked up, until such time as they are reviewed and returned by the Audit Office.

Explanations of significant changes between versions should be provided in the coversheet that accompanies each set of statements. Your comments should include the rationale underlying any decisions to change the treatment or measurement of significant financial

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 10

transactions, referring where necessary to briefings received from actuaries and similar experts.

Why do I have to attend the meeting and for how long am I needed?

The Committee has invited you to attend so that members can ask questions and clarify information. In some cases you will be able to give them new updates. You will also want to hear their comments to assist you in making any changes. If you disagree with a suggested change, you should let the Committee know why.

The amount of time that will be allocated to your attendance is based on the size of your entity and the complexities of its accounting, and/or whether any significant issues were disclosed in your financial statements.

What does the Audit & Risk Committee have to do with the final audited version of the financial statements (statutory accounts)?

Like the CFO, the Committee has a responsibility to commend the statutory accounts to the Secretary (or other relevant CEO) prior to his signoff under the Public Finance and Audit Act 1983 (Section 41C).

Contact the Committee Manager for the ARC as soon as you know when the accounts will be finalised. When you supply a copy of the audited accounts, together with the

Audit Office’s Client Service Report, the Committee Manager will arrange for the Chair of the Committee to provide a signed letter of commendation.

You must allow enough time for this procedure before the accounts go to the Secretary

(or other CEO).

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 11

5 Appendix

ARC arrangements specific to entities that do not report to the Secretary

Separate, sequential meetings with separate Agendas are held to discuss matters for entities that have a Chief Executive Officer (CEO) other than the Secretary. These meetings are held on the same day as each regular Treasury ARC meeting. The regular Treasury ARC meeting is formally closed and a new one opened to discuss the entity’s business. None of the entity’s business will be dealt with during the main meeting, except in the case where information about that entity is relevant to the consolidated financial statements. In that case it will be treated like any other agency in the same circumstances.

The CEO of an entity should attend that entity’s ARC meetings if at all possible, just as the Secretary attends Treasury ARC meetings.

The CEO will be notified at what time the entity’s meeting is likely to commence, and will be asked, during drafting of the Agenda, whether there is anything to bring to the

Committee ’ s attention. For its part, the Committee can request information or presentation from the CEO in the same way it can from Treasury management.

If there are no items on the entity’s agenda, the Chair will make a final call for Other

Business immediately after closing the Treasury meeting, while a quorum still exists.

If a Treasury internal member exists, he or she will not be a member of these other

Audit and Risk Committees. The Audit & Risk Committee will comprise all of the independent members of the Treasury Committee, unless a conflict of interests prevents this.

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 12

6 Appendix

Checklists and documentation templates

3.5

The following checklists and templates are available from the Committee Manager.

Those which are on the internet page are also hyperlinked.

Document Section

Reference

3.1

3.5, 4.5

3.3

Template for a paper or presentation for the ARC

– a WORD document that provides a suggested format for responding to a briefing request from the

Committee.

For POWERPOINT presentations to the Committee, use the ordinary Treasury template. Advise Audit &

Risk Branch in advance if you want to show a presentation on screen.

Financial statements coversheet template – a

WORD document. Provides the format for the brief that accompanies each set of financial statements provided to the Committee.

ARC Review of Agency Statements - FAQs

Calendar of Meeting Dates

Schedule of Topics Assigned to Meetings

Response to a Recommendation in a new Internal

Audit Report or AO Management Letter

Response to the Register of Recommendations

Treasury Audit Manual

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 13

7 Further information and contacts

For further Information or clarification on issues raised in the discussion paper, please contact:

Key Contacts

Chief Audit Executive :

Committee Manager, ARC:

Internal Audit Program:

NSW Treasury - Guide for staff interacting with a Treasury Cluster Audit & Risk Committee 14

Download