Certificate of Compliance – FMA Act Agencies
advertisement
Finance Circular No. 2013/03 Certificate of Compliance – FMA Act Agencies Key points This circular: provides advice on the annual Certificate of Compliance process for Financial Management and Accountability Act 1997 (FMA Act) agencies affects all chief executives, chief financial officers, audit committees and agency staff reflects the recent updates to the financial management framework replaces Finance Circular 2011/07: Certificate of Compliance – FMA Act Agencies and is available at http://www.finance.gov.au/publications/finance-circulars/index.html Contents Foreword ............................................................................................................................................................ 2 Part 1 The Certificate of Compliance Process ................................................................................... 3 1.1 Key concepts ...........................................................................................................................................4 1.2 Key steps ..................................................................................................................................................6 1.3 Agency governance ..............................................................................................................................7 1.4 The Certificate of Compliance ...................................................................................................... 10 Part 2 Guidance on completing the Certificate .............................................................................. 12 2.1 Compliance with the financial management framework .................................................. 12 2.2 Completing the Certificate ............................................................................................................. 14 Part 3 Tools and templates ................................................................................................................... 18 3.1 Certificate of Compliance letter template................................................................................ 19 3.2 The Certificate of Compliance template ................................................................................... 20 3.3 Appendix A: non-compliance schedule template ................................................................. 21 3.4 Appendix B: financial sustainability schedule template ...................................................... 22 Part 4 Frequently asked questions .................................................................................................... 23 Page 1 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Foreword Foreword This circular provides guidance on the annual Certificate of Compliance (Certificate) process for FMA Act agencies. Compliance monitoring is one element of the Department of Finance and Deregulation’s (Finance) broader strategy to improve the quality of public financial management in all aspects of Commonwealth operations. The Certificate process aims to improve understanding of the financial management framework, and strengthen agency processes, through the identification of non-compliance issues and actions taken to improve processes and compliance. Analysis of Certificate results also provides an opportunity for Finance to identify issues that are common across agencies, highlighting elements of the framework that may require improvement. Since the introduction of the Certificate process in 2006-07, there has been an overall decreasing trend in reported non-compliance across the Commonwealth. This reflects the effectiveness of agencies’ activities to improve processes and address compliance issues identified through the Certificate process, and enhancements to the financial management framework itself. This circular is provided in 4 parts. Part 1 provides an overview of responsibilities and requirements relating to the Certificate. Part 2 contains specific guidance about completing the Certificate and Part 3 contains tools and templates. Part 4 contains frequently asked questions, designed to give practical guidance to agency staff. A summary of the compliance requirements of the FMA Act and Regulations (the compliance requirements summary) is linked to this circular. It has been updated to reflect the changes to the FMA Act and Regulations, including the response to the High Court’s decision in Williams v Commonwealth and the updated Commonwealth Grant Guidelines. Questions on the application of the Certificate process should be directed in the first instance to your chief financial officer area. For questions relating to this finance circular, please contact the Resource Management Branch at finframework@finance.gov.au. Kerry Markoulli Assistant Secretary Resource Management Branch Governance & Resource Management Group May 2013 Page 2 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 1 – The Certificate of Compliance Process Part 1 The Certificate of Compliance Process 1.1 1.2 1.3 1.4 Key concepts Key steps Agency governance The Certificate of Compliance Page 3 of 29 p. 4 p. 6 p. 7 p. 10 Finance Circular 2013/03 Department of Finance and Deregulation 1.1 Key concepts agency means a department of state (including people allocated to the department by the Financial Management and Accountability Regulations 1997 (FMA Regulations)), a parliamentary department or any agency prescribed under the FMA Regulations (see section 5 of the FMA Act). agency staff means officials of the agency. This includes an allocated official. allocated official means a person outside the Commonwealth who performs a financial task and temporarily becomes an official of the FMA Act agency while they are undertaking that financial task. They are temporarily ‘allocated’ to that agency (see FMA Regulation 4). As an ‘allocated official’, they are subject to all the requirements of the financial management framework that apply to all officials, including the FMA legislation, the policies of the Commonwealth and the relevant agency’s Chief Executive’s Instructions (CEIs). If a person outside the Commonwealth is involved with the receipt, custody or payment of public money under an agreement authorised under section 12 of the FMA Act, they do not temporarily become an official (i.e. an allocated official), as that task is not a financial task under FMA Regulation 3. approver means a minister or agency chief executive (including a chief executive’s delegate). An approver is authorised to consider and approve spending proposals under FMA Regulation 9. A person may also be authorised to approve proposals to spend public money under legislation other than the FMA Act (see FMA Regulation 3). chief executive means: (a) for a prescribed agency—the person identified by the regulations as the chief executive of the agency, or (b) for any other agency—the person who is the secretary of the agency for the purposes of the Public Service Act 1999 or the Parliamentary Service Act 1999. financial task means a task or procedure relating to the commitment, spending, management or control of public money. It does not include a task or procedure that is performed by a person outside the Commonwealth under an arrangement or agreement authorised under section 12 of the FMA Act (see FMA Regulation 3 and section 12 of the FMA Act). official means a person who is in an agency or is part of an agency (see section 5 of the FMA Act). This includes an individual who is allocated to an agency, including those temporarily allocated (i.e. an allocated official). outsider means any person other than the Commonwealth, a minister or an official (see section 12 of the FMA Act). For example, a contractor or consultant (including a company) involved in an arrangement with the Commonwealth to provide goods or services, such as administrative or management services undertaken for the Commonwealth, may be an outsider. Page 4 of 29 Finance Circular 2013/03 Department of Finance and Deregulation proper use means efficient, effective, economical and ethical use that is not inconsistent with the policies of the Commonwealth (see section 44 of the FMA Act). While the FMA Act and Regulations do not define the terms efficient, effective, economical and ethical, it is useful to note that the Australian National Audit Office (ANAO) defines: - efficiency as maximising the ratio of outputs to inputs effectiveness as the extent to which intended outcomes were achieved, and economy as minimising cost, that is avoiding waste and increasing the focus on using commonwealth resources to achieve outcomes. public money means: a) money in the custody or under the control of the Commonwealth, or b) money in the custody or under the control of any person acting for or on behalf of the Commonwealth in respect of the custody or control of the money including such money that is held on trust for, or otherwise for the benefit of, a person other than the Commonwealth (see section 5 of the FMA Act). Public money includes Australian currency, foreign currency and cheques in any currency. Public money can be appropriated by parliament and is raised by or on behalf of the Commonwealth through taxes, borrowings, loan repayments, rebates, levies, fees and other means. Money held on trust by the Commonwealth and money found on commonwealth premises is also public money. The FMA Act and Regulations apply to all money held or controlled by FMA Act agencies, irrespective of whether the money is provided through the Federal Budget, a special appropriation or raised by the agency, such as through cost recovery. Page 5 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 1.2 – Key steps 1.2 Key steps 1. The chief executives of all agencies under the FMA Act are required to provide a completed Certificate of Compliance (Certificate) to their portfolio minister each year. 2. The purpose of the Certificate is to improve compliance with the Australian Government’s financial management framework and to ensure that ministers, and the presiding officers in the case of the parliamentary departments, are kept informed of compliance issues within their portfolios. 3. The Certificate process is an important means of identifying and disclosing instances of non-compliance with the financial framework, as a basis for continuous improvement. Certificate of Compliance Process 1 1 Financial Management Information System. Page 6 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 1.3 – Agency governance 1.3 Agency governance 1.3.1 Responsibility of the chief executive Section 44 - Promoting the proper use of Commonwealth resources (1) A Chief Executive must manage the affairs of the Agency in a way that promotes proper use of the Commonwealth resources for which the Chief Executive is responsible. (1A) The responsibility conferred on the Chief Executive by subsection (1) includes, and is taken to have included, the power to: (a) make arrangements, on behalf of the Commonwealth, in relation to the affairs of the Agency and (b) vary those arrangements on behalf of the Commonwealth; and (c) administer those arrangements on behalf of the Commonwealth. Note: Some Chief Executives have delegated this power under section 53. (2) In discharging the responsibility, and exercising the power, conferred by this section, the Chief Executive must comply with this Act, the regulations, Finance Minister’s Orders, Special Instructions and any other law. (3) In this section: administer, in relation to an arrangement, includes give effect to. arrangement includes contract, agreement or deed. make, in relation to an arrangement, includes enter into. proper use means efficient, effective, economical and ethical use that is not inconsistent with the policies of the Commonwealth. 4. A key feature of the financial management framework, which is comprised of the FMA Act and Regulations, delegations and financial management policies,2 is that agency chief executives are directly responsible for the financial management of their agencies. 5. Part 7 of the FMA Act sets out the specific responsibilities of chief executives. Section 44 places a special responsibility on chief executives to manage the affairs of their agency in a way that promotes the ‘proper use’ of the Commonwealth resources for which they are responsible. Proper use means efficient, effective, economical and ethical use that is not inconsistent with the policies of the Commonwealth. In managing the affairs of the agency, chief executives must comply with the FMA Act and Regulations and any other law. The financial management policies of the Commonwealth are detailed in finance circulars, the financial management guidance series and the financial management reference series. The financial management policies which are reportable for Certificate purposes are detailed at part 2.1.3 of this circular. 2 Page 7 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 1.3 – Agency governance 6. Chief executives generally discharge their responsibility under section 44 by ensuring that their agencies have appropriate internal controls, internal governance arrangements, delegations, guidance, education, reporting, monitoring, and process improvement mechanisms in place. For example, this may involve the establishment of specific risk assessment and management activities around fraud control, with the creation of a specific fraud control unit or appointment of fraud control officers to mitigate, monitor and investigate suspected fraud. 7. This broad responsibility to manage the affairs of an agency in a way that promotes proper use of commonwealth resources, is complemented by other requirements in part 7 of the FMA Act, such as the requirements relating to audit committees, financial reporting and fraud control plans. 8. The processes, systems and controls chief executives put in place to promote compliance with the financial management framework may vary between agencies, depending on their size, operations, structure and activities. In most cases, these processes and controls are an extension of those processes that give confidence to the chief executive on matters, such as the use of delegations and budgetary management. The chief executive may consider drawing on a program of internal audits (for example, see the ANAO better practice guide entitled Public Sector Internal Audit), assessment of internal controls, specific senior management requirements, and specialised assurance in relevant high-risk areas, in addition to other advice, materials and processes in signing the Certificate. It is also expected that audit committees will review and monitor internal control mechanisms and advise chief executives on compliance issues on an ongoing basis. 9. Chief executives should put in place appropriate controls to ensure that ‘agency staff’ comply with the requirements of the financial management framework. Accordingly, chief executives should investigate possible breaches of legislation and non-compliance with Australian Government policy and initiate appropriate corrective action. 1.3.2 Responsibility of the audit committee 10. Under section 46 of the FMA Act, chief executives must establish and maintain an audit committee with functions and responsibilities specified in the FMA Regulations. The audit committee is a key component of an agency’s corporate governance and is an important mechanism for overseeing an agency’s financial management processes and compliance with the financial management framework. 11. Chief executives must set the terms of reference for their audit committees, consistent with the general requirements contained in FMA Regulation 22C. Audit committees should put in place activities to promote internal compliance and monitoring arrangements. The Australian National Audit Office has published a better practice guide entitled Public Sector Audit Committees which provides guidance on the establishment and operation of audit committees. 12. Audit committees play a key role in developing and implementing activities and procedures to support the Certificate process. The audit committee’s advice on internal controls should give confidence to a chief executive when completing the Certificate. Page 8 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 1.3 – Agency governance 1.3.3 Responsibility of the chief financial officer 13. Chief financial officers (CFOs) are generally the principal financial advisor to agencies’ chief executives. The scope and range of activities undertaken by a CFO will vary, but his/her primary responsibility is to promote good budget and financial management practices and to support the chief executive to discharge his/her financial management responsibilities, in accordance with the FMA Act and Regulations and the financial management policies. This role usually involves overseeing the financial management and budget processes within an agency. It also includes establishing mechanisms to meet specific reporting requirements and advising the chief executive on the financial health of the agency. As such, the CFO will have a key role in an agency’s Certificate processes. 1.3.4. Responsibility of all agency staff 14. The financial management framework establishes specific financial management responsibilities for all agency staff. For example, section 14 of the FMA Act requires that agency staff must not misapply, improperly dispose of, or improperly use ‘public money’. Section 41 mirrors this requirement for public property. In addition, the special responsibility of chief executives to promote the proper use of commonwealth resources is a requirement that is generally also applied to agency staff, through Chief Executive’s Instructions (CEIs), delegations and other internal requirements. 15. These requirements are reinforced by the various employment frameworks that apply to agency staff. For example, the Australian Public Service (APS) Code of Conduct sets out the standards of conduct required of all APS employees. This includes compliance with applicable Australian laws and using commonwealth resources in a proper manner. Agency staff employed under other employment arrangements, for example Australian Defence Force personnel or Australian Federal Police employees, are subject to similar requirements as a condition of employment. 16. There is a responsibility for all agency staff to comply with and, where relevant, report any suspected instances of non-compliance of the FMA Act, regulations and financial management policies to the appropriate area within their agency.3 The agency will determine if any non-compliance is reportable for Certificate purposes. The identification and reporting of non-compliance should be used as the basis for improving agency processes and increasing awareness and understanding of the financial management framework. 17. Agency staff with specific financial management responsibilities, especially those who are delegates, should have a good understanding and knowledge of the financial management framework and their associated responsibilities. The Certificate process does not require disclosure by employees that is contrary to any legal privilege that a person might claim, including self-incrimination. Agencies should seek appropriate legal advice if such issues arise. 3 Page 9 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 1.4 – The Certificate of Compliance 1.4 The Certificate of Compliance 1.4.1 Purpose 18. The purpose of the Certificate is to improve compliance with the financial management framework and to ensure that ministers are kept informed of compliance issues within their portfolios. 19. The Certificate process aims to improve agency staff’s understanding of the financial management framework, and strengthen agency processes, through the identification of non-compliance issues and by undertaking action to improve processes and compliance. The Certificate promotes continuous improvement within agencies. Analysis of Certificate results also provides an opportunity for Finance to identify issues that are common across agencies, thereby highlighting elements of the framework that may require improvement. 20. The Certificate focuses on identifying non-compliance and improving agency processes. Therefore, individual agencies are not currently identified in the Certificate of Compliance Report to the Parliament. Chief executives should ensure that their systems are robust and identify non-compliance with a view to process improvement. In particular, agencies that report low or no instances of non-compliance should ensure that they have adequate processes to identify instances of non-compliance. 21. Finance prepares an analysis of annual Certificate results that is tabled in the Parliament of Australia each year. This analysis is aggregated to a portfolio level and does not identify agencies. This analysis is reported against six categories which represent key elements of the financial management framework (see the compliance requirements summary). 1.4.2 Certificate requirements 22. The Certificate is based on a self-assessment by an agency’s chief executive. It is an assessment of an agency’s compliance based on advice and internal controls. The Certificate also requires chief executives to state whether their agency has adopted appropriate management strategies for all known risks that may affect the financial sustainability of the agency and whether it is operating within the agreed resources for the current financial year as at the date of signing (see part 2.2 for further information). 23. The Certificate must be provided to the responsible portfolio minister and the Minister for Finance and Deregulation (Finance Minister), by 15 October each year. If 15 October falls on a weekend, then the Certificate is required to be provided on the last working day prior to the weekend. Page 10 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 2 – Guidance on completing the Certificate Part 2 Guidance on completing the Certificate 2.1 Compliance with the financial framework 2.2 Completing the Certificate Page 11 of 29 p. 12 p. 14 Finance Circular 2013/03 Department of Finance and Deregulation Part 2.2– Completing the Certificate 2.1 Compliance with the financial management framework Elements of the financial management framework 4 24. FMA Act agencies operate within an environment that is made up of legislation, legislative instruments and government policy. Within this context, the financial management framework consists of the legislation, delegations and financial management policies, such as those governing the management of commonwealth resources. Given the broad scope of financial management policies, only certain policies are reportable for Certificate purposes (see part 2.1.3 of this circular). 2.1.1 The FMA Act and Regulations 25. The FMA Act and Regulations establish requirements for all chief executives and agency staffs. Failure to meet these requirements, or exceeding the authority provided under this legislation should be reported at Appendix A to the Certificate. 26. To assist agencies, a summary of compliance requirements in the FMA Act and Regulations as at April 2013 is provided on the Finance website (compliance requirements summary). This can be used to develop an internal compliance checklist or questionnaire, which should be regularly reviewed and updated when there are significant changes to the FMA Act and Regulations. In addition to policies that are reportable in the Certificate (see part 2.1.3 of this circular), financial management policies include the policies that are not separately reportable for Certificate purposes (e.g. the procurement on-time payment policy for small business). 4 Page 12 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 2.2– Completing the Certificate 2.1.2 Finance Minister to chief executives delegation 27. The Finance Minister has delegated certain powers and responsibilities to chief executives, with directions. If a delegate does not comply with these directions, or if an agency staff member acts without the appropriate delegation, this should be reported at Appendix A to the Certificate (see the compliance requirements summary for further information on reporting non-compliance). 28. The Finance Minister’s delegation to chief executives (the Delegation) is available on the Finance website at www.finance.gov.au/financial-framework/fma-legislation/fma-delegations.html. 29. Non-compliance with internal delegations should not be reported in the Certificate, unless there has also been non-compliance with the FMA Act or regulations or the directions in the Delegation. For example, non-compliance with directions in the Delegation for section 34 would be reportable. In contrast, an internal policy which requires FMA Regulation 10 to be sought before FMA Regulation 9 approval would not be reportable for the purposes of the Certificate. Issues relating to non-compliance with internal delegations should still be considered as part of an agency’s internal controls and improvement processes. 2.1.3 Reportable financial management policies 30. Financial management policies include requirements that must be met by chief executives and agency staffs in addition to legislative requirements. They do not include Finance publications that outline administrative processes, provide better practice guidance, interpret or explain the legislative requirements. 31. Those policies that are reportable for Certificate purposes may change from time to time. For the purposes of completing the Certificate, the financial management policies5 that chief executives are required to certify compliance with are: – the foreign exchange risk management policy, as outlined in the Australian Government Foreign Exchange Risk Management Guidelines – the requirements for the management of special accounts, as outlined in the Guidelines for the Management of Special Accounts – cost recovery policy, as outlined in the Australian Government Cost Recovery Guidelines – contingent liabilities policy, as outlined in the Guidelines for Issuing and Managing Indemnities, Guarantees, Warranties and Letters of Comfort, and – the management of property policy, as outlined in the Commonwealth Property Management Guidelines. 32. Under FMA Regulation 9 6, ‘approvers’ of spending proposals must be satisfied that giving effect to the spending proposal would be a proper use of commonwealth resources (i.e. efficient, effective, economical and ethical use not inconsistent with the policies of the Commonwealth). All agency staff, particularly approvers, should therefore take care to inform themselves of new commonwealth policies and ensure they take account of relevant policies when approving spending proposals under FMA Regulation 9. For example, The names of these policies have been provided at the time of publication. However, if the name of any policy listed is amended, as occurs from time to time, the policy is still reportable. 6 See Finance Circular 2011/01 - Commitments to spend public money (FMA Regulations 7-12) for further information regarding Regulation 9. 5 Page 13 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 2.2– Completing the Certificate approvers should be particularly aware of the Government’s ongoing development and implementation of policies relating to whole-of-government procurement. 2.2 Completing the Certificate 33. The Certificate is a comprehensive report on each agency’s compliance with the financial management framework. A key focus of the Certificate is the activities undertaken to address non-compliance. The Certificate comprises five parts: – the covering letter to the portfolio minister (see Part 3.1), which must be copied to the Finance Minister – the Certificate (see Part 3.2), signed by the chief executive certifying that, except to the extent known and detailed in the appendices, agency staff within his/her agency complied with the financial management framework requirements during the previous financial year and have adopted appropriate management strategies for all known risks that may affect the financial sustainability of the agency – Appendix A (see Part 3.3), which details all known instances of non-compliance and the action/s taken (including timeframes) to improve agency processes, and – Appendix B (see Part 3.4), which gives an explanation of all known risks that may affect the financial sustainability of the agency and states whether the agency is operating within the agreed resources for the current financial year. 34. The Certificate must be signed by the agency’s chief executive. This responsibility cannot be delegated. 35. The Certificate must be submitted to the responsible portfolio minister7 and copied to the Finance Minister. Where the portfolio minister is not the minister to which the agency normally reports, chief executives should also provide a copy of the Certificate to that minister. 36. Chief executives should implement activities to help complete their agency’s Certificate that are fit‐for‐purpose, having regard to factors such as the size of the agency, its activities, financial management arrangements, compliance history and key risk areas. For example, a chief executive may choose to regularly assess internal controls or use a combination of self-assessment questionaries and sample testing for high risk activities. 37. When developing internal processes to help complete the Certificate, agency staff should consider the impact of other tasks, such as completion of annual financial statements. Audit committees may, for example, wish to take the Certificate into account before providing advice to the chief executive on the agency’s financial statements. They may also wish to consider whether the financial sustainability component of the Certificate has any implications for the ‘going concern’ information in the financial statements. Internal approval processes should allow sufficient time to provide a copy to the responsible portfolio minister and the Finance Minister by the due date. 38. In addition to the copy provided to the Finance Minister, an electronic copy of the Certificate, including all attachments, must be sent to finframework@finance.gov.au before 15 October each year. This will enable Finance to commence its analysis of the Certificate information to develop the annual Certificate report to the parliament. 7 The presiding officers in the case of the three parliamentary departments. Page 14 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 2.2– Completing the Certificate 2.2.1. Assessing compliance: chief executive 39. Chief executives should certify compliance based on their agency’s internal control mechanisms, management, and audit committee advice. Chief executives are not required to check all actions and transactions of the agency. That said, chief executives must ensure that agencies have sufficient processes and internal controls in place to provide reasonable confidence that agency staff are complying with the requirements of the financial management framework. 40. When reviewing non-compliance results, chief executives should consider the adequacy of their agency’s internal controls. Low or no reported instances of non-compliance, depending on the size, financial activities, controls, and the processes of an agency, may not be a measure of good processes, but may in fact reflect a lack of understanding of the financial management framework or inadequate compliance processes. 41. The ANAO audit report, Management of the Certificate of Compliance Process in FMA Act Agencies contains better practice suggestions for agencies’ Certificate processes. The suggestions cover: - understanding the financial management framework requirements and how they are implemented - assessing internal controls supporting compliance with the financial management framework requirements - determining the right approach to collecting Certificate information - quality assuring compliance information - making use of internal audit - ensuring audit committee oversight of the Certificate process - undertaking remediation and education, and - reviewing the effectiveness and efficiency of the Certificate process. 2.2.2 Assessing compliance: reporting non-compliance 42. Compliance with the requirements of the FMA Act and Regulations, the Delegation, and the financial management policies, is not assessed based on materiality. All known instances of non-compliance must be reported at Appendix A to the Certificate, regardless of materiality. 43. In assessing non-compliance, a variety of sources of information should be used. For example, an agency may use surveys, reports from its internal auditor, financial management information systems, and other controls. Targeted quality assurance and sample testing of financial transactions in risk areas will assist to provide assurance on the accuracy of results. 44. Where the processes and controls identify compliance issues, all known instances of non-compliance must be reported. Generalised reporting is inappropriate and should be avoided (for example, reporting ‘several,’ ‘a number of’ or ‘multiple’ instances of non-compliance). 45. The results of sample testing should not be extrapolated. Only known instances of non-compliance should be reported in the Certificate. If exact numbers are unavailable, where there are a large number of incidences of non-compliance caused by a systemic issue, the problem should be described and an estimate of the number of instances should be provided (see part 4 of this circular for further examples). Page 15 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 2.2– Completing the Certificate 46. Activities that give rise to multiple instances of non-compliance should be reported in the Certificate separately. For example, an agency may not have issued appropriate drawing rights for a period of time. In this case, an agency should report the actual numbers of non-compliance (for example, each payroll run made without appropriate drawing rights). 47. Consequential instances of non-compliance should not be reported in the Certificate. A consequential instance only occurs when multiple compliance issues are caused by the same error (i.e. no additional non-compliance would have occurred if the original non-compliance did not occur). For example, failure to bank public money promptly would not result in non-compliance with both section 10 of the FMA Act and FMA Regulation 17. It should only be reported as one instance of non-compliance against section 10. Only the original non-compliance is reportable in the Certificate. Consequential non-compliance may be noted in the explanation of the non-compliance, but need not be reported separately (see example at part 4, frequently asked question 3). 48. Only non-compliance that has occurred during the relevant reporting period is required to be reported in the Certificate. If instances of non-compliance from previous years come to light, chief executives should take appropriate action, as part of the continuous improvement process, but should not report these. 49. Where one agency provides another agency with the authority to perform a ‘financial task’ for that agency, and the receiving agency acts outside that authority, the agency performing the financial task must report the relevant instances of non-compliance in their Certificate. For example, if agency A sub-delegates the power to issue drawing rights to agency B, and agency staff in agency B make payments using agency A’s appropriation without valid drawing rights, then agency B must report the non-compliance in their Certificate. 2.2.3 Financial sustainability 50. Effective risk engagement and management is integral to good corporate governance. It is important for agencies to manage risk effectively and efficiently, not only to meet their statutory obligations under the financial management framework but to improve organisational performance. Chief executives must certify that known risks to the financial sustainability of their agency are being actively managed. Where known risks may affect the financial sustainability of an agency and appropriate management strategies have not or cannot be taken, an explanation must be provided at Appendix B. 51. Balancing increasing demands against limited financial resources is an important part of a chief executive’s responsibilities. Financial sustainability, in this context, is the ability of the agency to meet existing program requirements without the need for supplementation. This includes the management of capital and long-term assets and liabilities. 52. Chief executives must also provide assurance that the agency is operating within the agreed resources for the current financial year. Where a chief executive is not operating within the agreed resources for the financial year (as recorded in the Australian Government’s Central Budget Management System), he/she must provide an explanation at Appendix B. 53. Where an agency has the approval of the Finance Minister for an operating loss for the current financial year, as at the date of signing, the chief executive may take that into account when determining whether the agency is operating within the agreed resources. Where an agency is operating at a loss without the Finance Minister's approval, an explanation must be provided at Appendix B. Agencies that are anticipating the need to seek approval for an operating loss from the Finance Minister in the current, or a future financial year, should also report this at Appendix B to the Certificate. Page 16 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 2.2– Completing the Certificate 2.2.4 Special accounts 54. For further information on the management requirements for special accounts please refer to Finance Circular 2009/01 - An Introduction to Special Accounts and the Guidelines for the Management of Special Accounts.8 8 Available at www.finance.gov.au/publications/finance-circulars/2009/01.html. Page 17 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 3 – Tools and templates Part 3 Tools and templates 3.1 Certificate of Compliance letter template p. 19 3.2 Certificate of Compliance template p. 20 3.3 Appendix A – non-compliance schedule template p. 21 3.4 Appendix B – financial sustainability schedule template p. 22 Page 18 of 29 Finance Circular 2013/03 Department of Finance and Deregulation 3.1 Certificate of Compliance letter template Dear Minister, Please find attached the Certificate of Compliance (Certificate) relating to < insert name of agency > for the < insert date > reporting period. The Certificate aims to improve compliance with the financial management framework by strengthening agency processes and improving understanding of the financial management framework. It also seeks to keep ministers informed of compliance issues within their portfolios. The Certificate promotes continuous improvement through the identification of non-compliance and action to improve processes and reduce non-compliance. I am required to provide you with certification of compliance with the financial management framework by my agency, including identifying any known risks to the financial sustainability of my agency. Based on my agency’s internal control mechanisms, management and audit committee advice, I certify that I, and officials within my agency, complied with the requirements of the financial management framework last financial year, < except to the extent known and detailed in Appendix A to the Certificate >. < You may wish to comment on the robustness of your agency’s controls and internal processes here > I also certify that < insert name of agency > < has adopted or has not adopted > appropriate management strategies for all currently known risks that may affect the financial sustainability of the agency and < is operating or is not operating > within the agreed resources for the current financial year. I have provided a copy of the attached Certificate to the Minister for Finance and Deregulation as required. Yours sincerely <insert agency chief executive’s signature block> Page 19 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 3.2 – Certificate of Compliance template 3.2 The Certificate of Compliance template CERTIFICATE OF COMPLIANCE < FINANCIAL YEAR > < INSERT AGENCY NAME HERE > Based on the agency’s internal control mechanisms, management, and audit committee advice, I certify that for the financial year ended 30 June < insert year >, < insert agency name >, except to the extent detailed in Appendix A, has: a) complied with the provisions and requirements of the Financial Management and Accountability Act 1997 (FMA Act) and the Financial Management and Accountability Regulations 1997 (FMA Regulations), b) exercised the powers delegated by the Finance Minister in the Financial Management and Accountability (Finance Minister to Chief Executives) Delegation 2010 (the Delegation), as amended from time to time, in accordance with the Delegation, and c) complied with reportable financial management policies of the Commonwealth. Except to the extent detailed in Appendix B, my agency has adopted appropriate management strategies for all known risks that may affect the financial sustainability of my agency and is operating within agreed resources for the current financial year. ____________________________________________________ Date: __________ CHIEF EXECUTIVE OF <<INSERT AGENCY NAME HERE>> Page 20 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 3.3 – Appendix A: non-compliance schedule 3.3 Appendix A: non-compliance schedule template CERTIFICATE OF COMPLIANCE < FINANCIAL YEAR > < INSERT AGENCY NAME HERE > Agencies should use the following format to report non-compliance for the Certificate process (it can be presented in landscape or portrait format9). Requirement of non-compliance Title of relevant section, regulation or policy Number of instances of non-compliance The circumstances of non-compliance with the requirements Action taken FMA Act FMA Regulations The Delegation The financial management policies of the Commonwealth Total reported instances of non-compliance The schedule must detail all known instances of non-compliance with: a) the FMA Act and/or the FMA Regulations b) the Delegation, and c) the reportable financial management policies of the Commonwealth are: i. ii. iii. iv. v. foreign exchange risk management policy as outlined in the Australian Government Foreign Exchange Risk Management Guidelines the requirements for the management of special accounts, as outlined in the Guidelines for the Management of Special Accounts cost recovery policy as outlined in the Australian Government Cost Recovery Guidelines contingent liabilities as articulated in the Guidelines for Issuing and Managing Indemnities, Guarantees, Warranties and Letters of Comfort , and the management of property policy as outlined in the Commonwealth Property Management Guidelines. The schedule must specify the: actual (or estimated) number of specific known instances of non-compliance circumstances where the requirements were not complied with, and action that has been undertaken, including timeframes, to improve agency processes. This action should be based on the specific instances of non-compliance and should not be general statements. For example, where the agency has identified a lack of understanding of a particular requirement, it is appropriate to indicate that training on that requirement has been delivered to all affected employees 9 The explanatory text below the schedule should be removed when completing the Certificate. Page 21 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 3.4 – Appendix B: financial sustainability schedule template 3.4 Appendix B: financial sustainability schedule template The schedule should detail any known risks to the financial sustainability of the agency and strategies to manage these risks. The schedule should discuss whether the agency is facing any of the following financial sustainability issues: a) not operating within agreed resources b) seeking, or has obtained, approval from the Finance Minister for an operating loss for the financial year, for reasons such as changes to anticipated levels revenue and expenses, accounting treatments, one-off costs, higher net expenditure or other reasons identified by an agency c) may need to access cash reserves, now or in the future d) may need to seek additional funding e) increasing cost pressures for the financial year f) need to seek supplementation for the financial year g) expected difference in cash flow for the financial year, or h) other issues or risks. An explanation of the issues should be detailed below. Page 22 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Part 4 Frequently asked questions 4.1 Frequently asked questions Q1. How often should I undertake Certificate activities? Your chief executive is required to undertake the Certificate sign-off and report to your minister and the Finance Minister annually by 15 October. Your chief executive should determine which internal processes are appropriate for your specific agency to support annual sign–off. Factors, such as the specific requirements of the agency, including size, structure, nature of operations and the number of transactions, may be a consideration. You should consider undertaking a number of internal reporting rounds within a financial year to help continually assess breaches and promote improvement. Q2. Should I report breaches where agency staff have not complied with CEIs? No. The Certificate does not require your chief executive to certify compliance with CEIs. That said, the Model CEIs generally summarise the key requirements of the financial management framework and therefore may involve a reportable breach. Further, CEIs and any quality assurance processes related to them may help you decide whether there are any non-compliance issues. Q3. How should I report breaches where one issue results in breaches of several financial management framework requirements? The Certificate does not require you to report consequential breaches. A consequential breach occurs where a breach of a requirement of the FMA Act or regulations causes a breach with another part of the FMA Act or regulations. For example, if agency staff did not bank public money on the next banking day (or a banking day approved by the chief executive), this would result in a breach with both section 10 of the FMA Act and FMA Regulation 17. For Certificate reporting purposes, the breach should be reported against section 10 of the FMA Act. The breach of FMA Regulation 17 is a consequential breach, and should not be reported separately. However, requirements that are separate and independent are not consequential. For example, where either FMA Regulation 9 approval and/or FMA Regulation 10 agreement have not been obtained prior to entering into an arrangement, agencies must report these instances of non-compliance separately against the relevant regulations. Non-compliance with FMA Regulation 9 is not ‘consequential’ to the non-compliance with FMA Regulation 10 as they are two separate and independent requirements. That said, the consequential breach against FMA Regulation 8 should not be reported separately. Q4. Does each breach need to be recorded against a specific requirement of the financial management framework? Yes. All known breaches need to be recorded against a specific requirement of the financial management framework, or the policies listed at part 2.1.3 of this circular. The summary of the compliance requirements in the FMA Act and Regulations available on the Finance website should be used to help you determine which requirement to report the breach against. Page 23 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Q5. If I am unsure whether there was a breach, how should I report this? You are only required to report known breaches of the financial management framework. However, where there are suspected breaches, for example, issues are being actively investigated, it may be appropriate to note these in the covering letter to your minister or at Appendix A to the Certificate. For example, there may be a possible breach of section 83 of the Constitution, which would consequently be a breach of section 26 of the FMA Act, where agency staff used an appropriation in a way that was inconsistent with the purpose of the appropriation. If the agency is actively undertaking investigations at the time that the Certificate is signed, then a chief executive may wish to disclose this information in the covering letter and/or the sign-off sheet of the Certificate, but should not report specific instances, as they are not ‘known’ breaches. A known breach of the Constitution should be reported against section 26 because section 27 (5) of the FMA Act provides that a ‘...drawing right has no effect to the extent to which it purports to authorise the making of a payment of public money for which there is no available appropriation’. Where a payment is made without a valid appropriation, then the effect of section 27 (5) would be to invalidate the drawing rights used to make the payment and there would be a breach of section 26. Q6. Should I report breaches where agency staff has not complied with requirements of Finance guidance, such as Finance Circulars? No. Only breaches of the FMA Act, Regulations, Delegation or financial management policies listed at part 2.1.3 of this circular are reportable in the Certificate. For example, not complying with guidance on the Finance website regarding procurement related policies is not reportable for Certificate purposes However, where a policy is not identified separately, and non-compliance occurs, this could still be an instance of non-compliance with FMA Regulation 9 and therefore reported in the Certificate. This is because when providing FMA Regulation 9 approval, an approver needs to be satisfied that the spending proposal is not inconsistent with government policy. For example, the procurement on-time payment policy for small business10 requires agencies to pay invoices on time. Agencies should not anticipate facing late payment charges when seeking FMA Regulation 9 approval for a procurement contract. If the initial FMA Regulation 9 approval includes a late payment component this may be reportable against FMA Regulation 9 as the approval was inconsistent with government policy. Q7. What should I report where there have been several instances of a particular breach, but I cannot determine the number? You are required to specify all actual known breaches. You should not report in a vague or generalised way. For example, you should not report ‘several,’ ‘a number of’ or ‘multiple’ breaches. The results of sample testing should not be extrapolated. Where there are large numbers of known breaches, but the exact number is not known, it is sufficient for you to provide a reasonable estimate, based on the circumstances. See Finance Circular 2012/02 - Procurement On-Time Payment Policy for Small Business for further information. 10 Page 24 of 29 Finance Circular 2013/03 Department of Finance and Deregulation (See part 2.2 of this circular for further information). Q8. Should I list each breach on a separate line in the Certificate? No. If there were 26 breaches of section 26 of the FMA Act, there is no need to have 26 separate line items reported in Appendix A to the Certificate. It is sufficient to describe the problem and specify the number of instances of a similar nature. In this case the total number of instances (26) can be reported on a single line at Appendix A to the Certificate. Q9. How should I report breaches where, on a number of occasions, money was deposited into a bank account that was not an official account? These circumstances are reportable against section 11 of the FMA Act and would result in multiple breaches. You should report each deposit into a non-official account as a breach. Q10. How should I report breaches where the person responsible for initiating 26 fortnightly payroll runs (involving 3,000 cheques) did not have a valid drawing right? In this case, the actual number of instances of breaches are reportable against section 26 of the FMA Act. You should report a separate instance of breach for each payroll run made without the appropriate drawing rights. In total, 26 breaches should be reported. (See part 2.2 of this circular for more information). Q11. How should I report breaches where agency staff did not recover a Commonwealth debt or waived it? Where a debt was not recovered, and it is not within the exempt categories at subsection 47(1) (a) to (c) of the FMA Act, and was either not pursued or it was waived, you should report a breach against section 47 of the FMA Act. Section 47 of the FMA Act requires chief executives to pursue recovery of all debts for which they are responsible, unless the debt has been written off as authorised by an Act, or it is considered that the debt is not legally recoverable or that recovery is not economical to pursue. However, if the debt was deferred in accordance with the Delegation of section 34 during the reporting period, no instances are reportable under the delegation or section 47. Q12. How should I report breaches where a person outside the Commonwealth, who is engaged under an authorised FMA Act section 12 arrangement, does not comply with the requirements of the financial management framework? If the arrangement with the person outside the Commonwealth is authorised under section 12 of the FMA Act and, for example, the person did not comply with the requirement to bank public money the next banking day, this would not be a breach of the FMA Act. The outsider is only required to operate within the requirements of section 12 and the terms and conditions of the contact. There is no requirement for the outsider to comply with the requirements of the financial management framework. While there is no requirement for the outsider to comply with the requirements of the financial management framework, agency staff must still meet these requirements. For example, agency staff still require drawing rights when making payments of public money. There is no reportable breach against section 12 where there is not an authorised section 12 arrangement in place and a person undertakes a financial task, for example receives money on behalf of the Commonwealth. That said, if there is no authorised section 12 arrangement in place, the outsider will automatically become an allocated agency staff of the agency when they are performing a Page 25 of 29 Finance Circular 2013/03 Department of Finance and Deregulation financial task. Allocated agency staffs are subject to the requirements of the financial management framework. If an allocated agency staff has not complied with the requirements of the financial management framework, this is reportable for the purposes of the Certificate against the relevant section, regulation, or policy that has not been complied with. From the example provided above, in relation to banking public money, a breach is reportable against section 10 of the FMA Act each time the money is not banked the next banking day, or a day approved by the chief executive. Q13. How should I report breaches where the estimates update sign-off was not provided in the required timeframe? You should report a breach against FMA Regulation 22D where the sign-off on the estimates update has not been provided within the timeframe indicated in the relevant estimates memorandum issued by Finance. FMA Regulation 22D requires that a chief executive must prepare budget estimates for each financial year, and for any other periods directed by the Finance chief executive. The estimates must be prepared in the form specified by the Finance chief executive. Q14. How should I report a breach where FMA Regulation 9 approval and FMA Regulation 10 agreement have not been obtained before entering into an arrangement? If you have entered into an arrangement (including a contract) without approval under FMA Regulation 9 and, if required, agreement under FMA Regulation 10, it would result in separate breaches against both FMA Regulation 9 and 10. It would also result in a breach against FMA Regulation 8. That said, you should not report the breach against FMA Regulation 8, as it is considered to be a consequential breach. If FMA Regulation 9 approval was not obtained, this should be reported as a breach against FMA Regulation 9. If FMA Regulation 10 agreement was not obtained, this should be reported as a breach against FMA Regulation 10. Q15. How should I report a breach when there is a machinery of government (MOG) change leading to a change in agency functions? When there is a MOG change leading to a change in agency functions, the chief executive should only report on the affected functions for the period those functions were actually under his or her control. Where an agency is abolished, as a result of the MOG change, the chief executive of the successor agency is required to report for the entire reporting period, including the functions of the abolished agency until the date of abolition. Where a new agency is created, as a result of a MOG change, the chief executive must report from the date the agency was created. If a new FMA Act agency is created or a CAC Act body becomes an FMA Act agency the chief financial officer of that agency should contact Resource Management Branch at finframework@finance.gov.au to discuss the Certificate process. Q16. Can someone other than the chief executive sign-off the Certificate? No. Only the chief executive (or acting chief executive) can sign-off the Certificate. This responsibility cannot be delegated. Page 26 of 29 Finance Circular 2013/03 Department of Finance and Deregulation Q17. What should I report against in Appendix B (financial sustainability) to the Certificate, for the ‘current financial year’? You are required to report on the financial sustainability for the ‘current financial year’ (i.e. the year which is underway as at the date of signing). This is a different requirement compared to the Certificate reporting period. For example, for compliance reporting in October 2013, the compliance certification relates to the 2012-13 financial year. The financial sustainability reporting relates to the 2013-14 financial year. Q18. When certifying financial sustainability, should I disclose that an operating loss has been approved, or will be sought, for the current financial year? Yes. If an operating loss has been approved by the Finance Minister for the year which is underway as at the date of signing, or you anticipate seeking approval, this should be indicated in Appendix B to the Certificate with an explanation. Q19. Are individual agency Certificate results publicly available? Finance provides an aggregate analysis of annual Certificate results to parliament each year. This analysis is at the portfolio group level and does not currently separately identify agencies. Agencies should consider the Certificate as a self-improvement process aimed at identifying and improving compliance with the financial management framework. Agencies may also wish to consider the implications of freedom of information legislation. Q20. What processes should my agency have in place to ensure compliance with the financial management framework? Each agency is different and your chief executive should consider the size, operations, structure and activities of your agency when determining the appropriate processes, systems and controls to put in place to promote compliance with the financial management framework. That said, the audit report contains better practice suggestions, such as: - strengthening quality assurance over survey results reported by business areas and agency staff use of targeted testing, focusing on higher risk, more significant or high volume transactions in the agency’s context periodically testing key internal controls to determine if they are working as expected, and strengthening audit committee oversight of the Certificate process, including follow-up on any remedial actions. Q21. Should I survey all agency staff or undertake sample testing on compliance requirements? Surveying agency staff and undertaking sample testing are appropriate methods to gather Certificate information, and should be used in combination with other methods. You should choose an appropriate mix of approaches to gather Certificate data and try to avoid overreliance on one information source. Potential options include: self-assessment surveys completed by office holders, delegates or other agency staff with financial management responsibilities; provision of non-compliance data captured by business areas with specific financial management framework responsibilities; financial or other system based checks; sample testing of financial transactions; and targeted reviews of internal controls. Once Certificate data has been gathered it is also important to quality assure it for accuracy. Quality assurance processes should focus on transactions which traditionally have been higher risk, more significant, or high volume in the agency’s context. You should undertake selective Page 27 of 29 Finance Circular 2013/03 Department of Finance and Deregulation quality assurance of information provided by business areas or agency staff to help ensure its accuracy prior to completing the annual Certificate. Q22. What remediation and education should I undertake? Appropriate remediation and education will depend on the nature and size of your agency. The audit report suggests that chief executives should: - - - - review trends in non-compliance over time at agency-wide and business area levels to inform remediation strategies. Understand and address the underlying causes of noncompliance, including any systemic issues use analysis of Certificate results to identify agency staff knowledge gaps or business areas experiencing particular difficulties, and focus agency staff training and development in these areas monitor the areas from which agency staff take part in training and awareness programs, and encourage participation where required. Consider mandating tailored training or awareness programs to support agency staff commencing to exercise a spending delegation, drawing rights delegation or responsibility for cost centre management, and review the implementation of remediation strategies, potentially as part of an internal audit. Q23. Should I report non-compliance when a Commonwealth credit card (or number) was subject to fraudulent activity or error outside the control of an agency staff member? For example where the credit card was double charged for the same transition by the vendor and later reversed? Non-compliance against section 60 of the FMA Act is reportable when an agency staff member or minister misuses a Commonwealth credit card, card number or credit voucher (including a cabcharge voucher) to obtain cash, goods or services otherwise than for the Commonwealth. In effect, section 60 of the FMA Act prohibits the use of Commonwealth credit cards (or credit vouchers) solely for private purposes by an agency staff, it does not specify what cash, goods or services can be purchased, provided that these items are for the Commonwealth. If for reasons outside the control of an agency staff member, a credit card was misused, for example, used fraudulently due to identity theft, or automatically double charged, this would not be reportable against section 60 for the purposes of the Certificate. However, where the actions of an agency staff contributed to the misuse of the credit card, for example, the agency staff did not take reasonable precautions to safe-guard the use of the credit card, this would result in a reportable instance of non-compliance against section 60. Q24. What is the impact of the updated Commonwealth Grant Guidelines (CGGs) requirements for the 2012-13 reporting period? The Finance Minister released the updated CGGs early to enable agency staff and non-government stakeholders to prepare for implementation. The updated CGGs take effect from 1 June 2013. However, agency staff can commence preparing for implementation of the updated CGGs as soon as possible. Page 28 of 29 Finance Circular 2013/03 Department of Finance and Deregulation For Certificate reporting purposes, the 14 working day requirement to publish information on individual grants on an agency website will be in effect from 1 January 2013. For the period 1/7/2012 to 31/12/2012, agencies report non-compliance with the seven day reporting requirement for grants. For the period of 1/1/2013 to 30/6/2013, agencies report non-compliance with the 14 day reporting requirement for grants. Q25. What is the impact of the Commonwealth Procurement Rules (CPRs) requirements for the 2012-13 reporting period? The Commonwealth Procurement Rules (CPRs) are a legislative instrument which came into effect on 1 July 2012. Non-compliance is reportable against FMA Regulation 7, where an agency staff does not comply with the mandatory requirements of the CPRs. The mandatory requirements are indicated by the term ‘must’ in the CPRs. One significant change, is that the CPRs state ‘agencies must report contracts and amendments on AusTender within 42 days of entering into (or amending) a contract if they are valued at or above the reporting threshold’. This mandatory requirement is reportable where contracts entered into (or amended) on or post 1 July 2012, have not been reported on AusTender within the 42 day requirement. Under the previously issued Commonwealth Procurement Guidelines, the requirement to report on AusTender within 42 days was contained in supporting guidance and non compliance was not reportable for Certificate purposes. Page 29 of 29 Finance Circular 2013/03 Department of Finance and Deregulation
