financial management annual compliance report 2010-11

Financial management annual compliance reportFor the year 2010-11March 2012

The SecretaryDepartment of Treasury and Finance1 Treasury PlaceMelbourne Victoria 3002AustraliaTelephone: +61 3 9651 5111Facsimile: +61 3 9651 5298www.dtf.vic.gov.au

Contents

1. Introduction.................................................................................................1

2. Background..................................................................................................22.1 The Standing Directions of the Minister for Finance and the Financial Management

Compliance Framework.......................................................................................................22.2 Assurance reviews...............................................................................................................2

3. Summary of results......................................................................................33.1 Agencies achieving full compliance.....................................................................................3

3.1.1 Full compliance in 2010-11..................................................................................33.1.2 Historical levels of full compliance......................................................................4

3.2 Full, high, medium, and low compliance grading................................................................43.2.1 Extent of compliance by portfolio.......................................................................6

4. Areas of non-compliance.............................................................................74.1 Most non-compliant requirements.....................................................................................7

4.1.1 Business continuity and disaster recovery plans.................................................74.1.2 Policies and procedures.......................................................................................74.1.3 Audit committee..................................................................................................74.1.4 Purchasing card compliance................................................................................8

5. Significant issues..........................................................................................95.1 Treasury risk management..................................................................................................95.2 Business continuity and disaster recovery planning............................................................95.3 Reporting responsibilities..................................................................................................10

6. Tax issues...................................................................................................116.1 Tax compliance in 2010-11................................................................................................116.2 Emerging challenges..........................................................................................................12

7. Reporting of thefts and losses...................................................................13Thefts and losses in 2010-11......................................................................................................13

8. Purchasing card compliance......................................................................14Unauthorised use of purchasing cards in 2010-11.....................................................................14

9. Conclusion.................................................................................................15

Financial Management Annual Compliance Report for 2010-11March 2012 i

10. Appendices................................................................................................1610.1 Appendix A – Compliance by portfolio..............................................................................1610.2 Appendix B – Partial compliance and non-compliance with Direction requirements........1710.3 Appendix C – Certifying agencies.......................................................................................1810.4 Appendix D – Taxation compliance....................................................................................1910.5 Appendix E – List of Direction requirements.....................................................................20

ii Financial Management Annual Compliance Report for 2010-11March 2012

1. Introduction

Compliance with the Financial Management Compliance Framework and the associated Standing Directions of the Minister for Finance is fundamental in achieving sound financial management within departments and agencies. It promotes the achievement of organisational goals and provides the basis for a continuous improvement approach, as well as ensuring a consistent standard of financial management across the entire Victorian Public Sector (VPS).

The purpose of this report is to provide a summary of the results arising from the 2010-11 certification process, highlighting areas of non-compliance or partial compliance and any significant issues. The report identifies areas where agencies continue to face difficulties achieving compliance and gives proposed actions that address these difficulties. The report also provides a summary of reporting in respect to both purchasing card compliance and reporting of thefts and losses.

Financial Management Annual Compliance Report for 2010-11March 2012 1

2. Background

2.1 The Standing Directions of the Minister for Finance and the Financial Management Compliance FrameworkThe Standing Directions of the Minister for Finance (Directions) under the Financial Management Act 1994 prescribe mandatory requirements that all government departments and public bodies1 must follow. These requirements aim to encourage sound public sector financial management.

Implemented in 2003, the Financial Management Compliance Framework (FMCF) is the mechanism used to monitor and review public sector compliance with the Directions.

A key feature of the FMCF is the annual certification process, which involves certifying agencies2 self-assessing compliance with the Directions and certifying to their relevant minister. The Department of Treasury and Finance (DTF) receives portfolio results of the certification process through portfolio summary letters and compliance data received online via the Compliance Monitoring System (CMS). This report, written for the Minister for Finance, consolidates the portfolio compliance results received from certifying agencies.

2.2 Assurance reviewsGiven the self-assessment nature of certifying compliance, it is important that the results are validated. DTF conducts a number of assurance reviews of individual agencies to validate the certification results and inspect financial management practices. At the conclusion of the assurance reviews, a report on the compliance trends and observations identified is issued to the Minister for Finance. Assurance reviews normally take place from February to May each year following the completion of the previous year’s certification activities.

1 Departments and public bodies are defined in section 3 of the Financial Management Act 1994, and in this report both departments and public bodies are referred to collectively as agencies.2 Although all departments and public bodies are required to comply with the Directions, there are 271 certifying agencies that are required to certify compliance for 2010-11 in accordance with the requirements of the FMCF. Further details of the certifying agencies can be found at Appendix C.

2 Financial Management Annual Compliance Report for 2010-11March 2012

3. Summary of results

3.1 Agencies achieving full compliance

3.1.1 Full compliance in 2010-11There are 31 requirements derived from the Directions (referred to as direction requirements) that certifying agencies, in their yearly self-assessment, certify against (these 31 direction requirements are summarised in Appendix E). Compliance results can be assessed through reviewing the proportion of certifying agencies that are fully compliant with all 31 direction requirements. DTF applies the following descriptions to agencies depending on how they self-assessed compliance against the 31 direction requirements:

an agency that certified itself as compliant with all applicable3 direction requirements is deemed by DTF to be a ‘compliant agency’;

an agency that certified itself as partially compliant with one or more of the applicable direction requirements is deemed by DTF to be a ‘partially compliant agency’; and

an agency that certified itself as non-compliant with one or more of the applicable direction requirements was deemed by DTF to be a ‘non-compliant agency.’

Using this approach, DTF found the following results for 2010-11:

54 per cent of certifying agencies (147 agencies out of 271) indicated that they were compliant with all of their applicable direction requirements;

40 per cent of certifying agencies (108 agencies out of 271) indicated that they were partially compliant with one or more of their applicable direction requirements; and

6 per cent of certifying agencies (16 agencies out of 271) indicated that they were not compliant with one or more of their applicable direction requirements.

This result is roughly similar to that obtained in 2009-10, when 55 per cent of all certifying agencies were compliant agencies, 41 per cent were partially compliant agencies, and 4 per cent were non-compliant agencies.

3 Although there are 31 direction requirements that an agency certifies against, not all 31 requirements may be applicable to the agency.


3.1.2 Historical levels of full complianceBelow is a chart depicting levels of compliance since 2004-05.

Figure 1: History of compliance levels

Levels of compliance in 2004-05 were initially low but increased quickly thereafter. However, the results from 2008-09 till 2010-11 are consistent with a theme presented in the 2009-10 report that suggests that levels of compliance seem to have reached a plateau in recent years.

3.2 Full, high, medium, and low compliance gradingAn alternative approach to assessing agency compliance with the Directions involves assessing an agency as achieving ‘full’, ‘high’, ‘medium’, or ‘low’ compliance. A certifying agency has achieved:

‘full compliance’ if it has certified itself as compliant with all applicable direction requirements;

‘high compliance’ if it has certified itself as compliant with 90 per cent to 100 per cent of all applicable direction requirements;

‘medium compliance’ if it has certified itself as compliant with 80 per cent to 90 per cent of all applicable direction requirements; and

‘low compliance’ if it has certified itself as compliant with fewer than 80 per cent of all applicable direction requirements.

This approach clearly highlights the degree to which certifying agencies are compliant with the Directions.


0%

10%

20%

30%

40%

50%

60%

70%

80%

90%

100%

2004-05 2005-06 2006-07 2007-08 2008-09 2009-10 2010-11

Fully Compliant Partially Compliant Not Compliant

Using this approach, DTF found the following results for 2010-11:

Table 1: Analysis of extent of compliance

Proportion of applicable direction requirements agency is compliant with:

Grading Number of agencies

Percentage

100% Full compliance 147 54%

90% – 100% High compliance 89 33%

80% – 90% Medium compliance 25 9%

< 80% Low compliance 10 4%

These results again illustrate that although only 54 per cent of agencies were fully compliant in 2010-11 the majority of the certifying agencies that were not fully compliant achieved high levels of compliance (i.e. compliant with 90 to 100 per cent of all applicable direction requirements) or medium levels of compliance (i.e. compliant with 80 to 90 per cent of all applicable direction requirements). Only 4 per cent of certifying agencies achieved low levels of compliance (i.e. compliant with fewer than 80 per cent of all applicable direction requirements).The figure below illustrates the extent of compliance since 2004-05.Figure 2: Extent of compliance since 2004-05

The figure above, like Figure 1, also illustrates that agencies have become more compliant over time but the rate of growth of compliance in recent years has declined.


3.2.1 Extent of compliance by portfolioTable 2 below shows the number of certifying agencies that achieved ‘full’, ‘high’, ‘medium’, and ‘low’ levels of compliance in each portfolio4. The chart depicting the results of this table can be found in Appendix A.

Table 2: VPS agency compliance by portfolio in 2010-11

Level of compliance by agencyPortfolio Full High Medium Low Total5

Business and Innovation 4 2 2 2 10Education and Early Childhood Development 11 13 3 1 28Health 51 31 10 4 96Human Services 1 3 0 0 4Justice 14 7 1 0 22Planning and Community Development 10 2 0 0 12Premier and Cabinet 2 7 2 0 11Primary Industries 5 2 0 0 7Sustainability and Environment 32 13 7 3 55Transport 5 3 0 0 8Treasury and Finance 10 6 0 0 16Total 145 89 25 10 269

These results above show that there is a high degree of compliance across all portfolios with most agencies in all portfolios achieving ‘full’ or ‘high’ levels of compliance.

Within the 2009-10 compliance report, certification results were presented on a whole of government level. The disclosure of 2010-11 compliance results by portfolio marks the beginning of an initiative to gradually increase the detail of compliance results presented in these reports. This table highlights that portfolios achieved full or high levels of compliance across the vast majority of portfolio agencies.

4 Note that the term ‘portfolio’ has a different meaning to the term ‘department.’ A department is one entity whereas a portfolio can consist of multiple entities, for example, the Treasury Corporation of Victoria belongs to the Treasury and Finance portfolio.5 In 2010-11, there were 271 certifying agencies. Only 269 agencies were included in Table 2 as the Victorian Auditor-General’s Office and the Department of Parliamentary Services were excluded.


4. Areas of non-compliance

4.1 Most non-compliant requirementsAnalysis of compliance results for 2010-11 show that there are four main areas where agencies have reported non-compliance or partial compliance. These four areas are summarised below. Appendix B provides more detail on the extent of non-compliance or partial compliance for each requirement.

4.1.1 Business continuity and disaster recovery plansDirection 3.2.2 requires each agency to assess the impact on the organisation if its financial management information technology is not available for an extended period, such as following a natural disaster. The present requirement mandates that:

an agency must establish a Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP), and

an agency must establish a plan to review and test these plans on an annual basis.

Some agencies in 2010-11 were not fully compliant with this requirement (17 per cent), mostly because they did not review or test the plans annually. These results followed an assurance review report issued to DTF in August 2011 that claimed that the BCP and DRP requirements were difficult and misunderstood among agencies subject to assurance reviews.

DTF is currently looking into options to provide further developed guidance material and clarify the intent of the requirements for 2011-12 and future compliance years.

4.1.2 Policies and proceduresSome agencies (14 per cent) were not fully compliant with the requirement to document policies and procedures relating to financial administration and management. This requirement, detailed in Direction 3.4, is made up of a large number of elements, e.g. cash flow forecasting (Direction 3.4.4), reconciliations (Direction 3.4.11), and information collection and management (Direction 3.4.13).

As part of DTF’s commitment to continually improve and enhance the compliance framework, consideration will be given to more clearly structuring and specifying these requirements. Increased granularity of direction requirements will provide DTF with greater detail of information and allow for better identification of compliance hot spots.

4.1.3 Audit committeeDirection 2.2(e) requires agencies to establish and maintain an audit committee. Agencies that certified as not fully compliant with the requirement to establish and maintain an audit committee had issues mainly relating to ensuring the audit committee is sufficiently independent. The Directions require boards to establish an audit committee with at least three members, of whom the majority are independent from the agency.


Although DTF acknowledges the importance of audit committee functions in VPS agencies, DTF has an established process allowing agencies to apply for exemptions from the audit committee provisions of the Directions. These exemptions are for smaller agencies for whom the cost of compliance is not justified by the size of the agency and its risk profile. An agency that has been granted exemptions from the audit committee provisions of the Standing Directions is still required to make alternative arrangements to ensure that no aspect of financial governance is compromised.

4.1.4 Purchasing card complianceThe Directions state that agencies that operate a purchasing card must comply with a number of procedures detailed in Direction 4.5.3. Agencies that did not certify themselves as compliant with purchasing card requirements gave varied reasons, included the following:

a review of the card scheme was not included in the internal audit program, as required by the Directions; and

individuals’ transactions breached their financial delegations, a violation of the Directions.

The purchasing card requirements are designed to safeguard public sector purchasing card usage and manage the State’s exposure to the risk of credit card misuse. DTF will continue to promote compliance with purchasing card requirements and update and refresh guidance material.


5. Significant issues

5.1 Treasury risk managementOn 26 October 2011, the Auditor-General tabled in Parliament an audit report titled TAFE Governance. In this audit report, the Auditor-General found the following:

the Holmesglen Institute of TAFE (Holmesglen) gave a loan to a financially distressed Registered Training Organisation as part of the first steps in an acquisition strategy;

the Holmesglen board later chose not to proceed with the acquisition and took steps to recover the loan; and

once the loan repayment was finalised, Holmesglen’s accounts were impaired by $3 million.

According to the Auditor-General, Holmesglen’s acquisition strategy and provision of the loan did not adhere to the Standing Directions of the Minister for Finance, specifically Direction 4.5.6, which requires borrowings, investments, and financial arrangements by public sector agencies to be undertaken with a financial institution that is either a State owned entity or has a credit rating equal to or better than that of the State of Victoria. This requirement is subject to a number of exemptions, e.g. if an agency has been granted specific borrowing or investment powers under its constituting legislation, this Direction would not apply.

DTF acknowledges that in relation to public sector agencies that have specific borrowing and investment powers in their establishing legislation, the applicability of the Standing Directions is not clear. DTF has therefore liaised with DEECD which has communicated with Skills Victoria and requested that TAFEs become fully compliant with Direction 4.5.6. DTF will closely monitor the compliance of agencies with this directional requirement.

5.2 Business continuity and disaster recovery planning For 2010-11, some of certifying agencies (17.3 per cent) certified themselves as either non-compliant or partially compliant with the requirement to document and test business continuity plans (BCPs) and disaster recovery plans (DRPs). This result is roughly similar to that obtained in 2009-10 when 16.7 per cent of certifying agencies certified partially compliant or non-compliant to the same requirement.

In 2011, an assurance review of a sample of public sector agencies revealed difficulties with compliance with the requirement to establish BCPs and DRPs and to test these on an annual basis. The report suggests that consideration be given to tailoring BCP and DRP requirements to reflect agency size and complexity of operations.

DTF will consider the findings of the report and will assess whether to tailor BCP and DRP requirements or to provide further support to agencies to meet this requirement.


5.3 Reporting responsibilitiesIt is important to emphasise that the FMCF is a reporting framework, not an accountability framework. Overall compliance responsibility still rests with each entity’s Responsible Body and Accountable Officer.

An agency that relies on an external agency is still itself responsible for its own compliance with the Directions. For example, an agency that relies on CenITex for IT services is still itself responsible for compliance with IT-related requirements from the Directions.

Before certifying online via the Compliance Monitoring System (CMS), agencies should complete a certification checklist (available on the DTF website). The CMS will produce a certification letter that is to be sent to the relevant minister with a copy to be sent to the portfolio department.

Portfolio departments are to collate the agency certification letters and provide to the Minister for Finance a consolidated portfolio summary report that is signed off by the department's secretary. A copy of this portfolio summary report should also be sent to DTF. Portfolio departments may also brief their portfolio ministers on financial management issues relating to their respective portfolios.

DTF is to collate the portfolio summary reports and provide a consolidated report to the Minister for Finance. DTF’s other responsibilities include the provision of advice to the Minister for Finance on the Directions and the FMCF, provision of detailed guidance material to agencies, and conducting assurance reviews and reporting the results of these assurance reviews to the Minister for Finance.


6. Tax issues

6.1 Tax compliance in 2010-11Direction 4.5.2 (Direction Requirement 27) requires VPS agencies to demonstrate compliance with Commonwealth taxation obligations, including Goods and Services Tax (GST), Fringe Benefits Tax (FBT), and superannuation obligations. In 2010-11, 251 out of 271 agencies certified that they were fully compliant with the requirement, 17 certified that they were partially compliant, and 3 certified that this requirement was not applicable to them. No agencies certified that they were non-compliant with the requirement. As a result, 94 per cent (251/268) of applicable certifying agencies certified themselves as fully compliant with the requirement. The chart below gives the percentages of applicable certifying agencies that are fully compliant, partially compliant, and non-compliant with Direction Requirement 27 since 2004-05 (detailed figures for this chart have been provided in Appendix D).

The chart illustrates that the proportion of applicable certifying agencies fully compliant with the requirement has increased slightly over time but has always been high, averaging 91.4 per cent. Levels of non-compliance are low, averaging 0.4 per cent.

Figure 4: History of compliance with Direction Requirement 27 ‘Taxation compliance’

The most common reason agencies gave for not being fully compliant with the requirement was that an annual review of compliance had not been conducted. DTF is communicating with portfolio department tax managers to highlight the importance of conducting annual reviews of compliance for dissemination of this message to portfolio agencies. DTF provides technical advice to portfolio departments and hosts regular tax issues forums to support compliance with Direction 4.5.2 across the VPS.

Although DTF considers there are no significant issues arising from the tax compliance certification results for 2010-11, there are emerging risks of which to be aware.


6.2 Emerging challengesThere are three significant GST issues that are expected to impact on compliance across all portfolios in the coming twelve months, namely the GST treatment of government-to-government transfers, grants of financial assistance paid by the public sector and taxes, fees and charges payable to the public sector.

In 2010, the Full Federal Court decided that payments made by the Commonwealth Department of Transport to TT Line Company Ltd, a Tasmanian Government entity, were not ‘specifically covered by appropriation’ and GST-exempt because, under the terms of the appropriation, it was possible for payments to also be made to non-public sector entities. The judicial interpretation in the TT Line decision has further complicated the GST free status of government to government transfers.

The Commonwealth Treasury has circulated draft GST legislation in relation to amending the criteria for the GST-exemption of government-to-government transfer payments. The amended law, expected to take effect 1 July 2012, is expected to result in a change to the GST status of some government-to-government payments.

The Australian Taxation Office (ATO) has circulated a draft ruling in relation to the GST treatment of financial assistance payments. The draft ruling reflects the ATO’s revised view that a recipient’s obligation to repay a grant not used in the agreed manner is not, of itself, sufficient to subject the payment to GST. This draft ruling represents the first significant ATO guidance in this area since 2000.

The most challenging tax compliance issue relates to the self-assessment of the GST treatment of taxes, fees and charges levied by and payable to public sector entities. Prior to 1 July 2011, all taxes, fees and charges were automatically subject to GST unless listed on a bi-annual Commonwealth Treasurer Determination. From 1 July 2012, the GST treatment of all fees and charges must be assessed by the agency collecting the fee or charge against a new law and regulations and, if necessary, the general principles of GST. Taxes will generally remain exempt from GST.

DTF is managing the exposure to these risks by working closely with the Commonwealth Treasury and the ATO to ensure that legislative changes and amended legislative interpretations are both effective and understandable for agencies. DTF will also be preparing guidance material in relation to all of these issues once the changes have been finalised at the Commonwealth level.


7. Reporting of thefts and losses

The Directions require agencies to report to the Minister for Finance and the Auditor-General any instances of suspected or actual theft, arson, irregularity or fraud (referred to as ‘thefts and losses’) in connection with the receipt or disposal of money, stores or other property of any kind whatsoever under the control of a public sector agency.

Thefts and losses in 2010-11In 2010-11 there were 26 reports to the Minister for Finance of incidents of theft, loss, fraud, irregularity, or arson that breached the thresholds6 in the Standing Directions.

In most of these instances, agencies have investigated the matter with police and rectified weaknesses in internal controls. Although there are concerns that some of the reports received in 2010-11 are of incidents that have occurred a number of years ago (one report was of an incident that occurred some time before 2003), DTF will continue to lift awareness of thefts and losses reporting requirements so that agencies are aware of their reporting obligations when they become aware of or suspect theft, arson, irregularity, or fraud.

6 Thresholds are detailed in Direction 4.5.4 procedure (a). All suspected or actual theft, arson, irregularity, or fraud is to be reported annually. However, theft, arson, irregularity, or fraud in excess of the thresholds needs to be reported at the time of the occurrence with a follow-up ‘incident report’ to be provided within 2 months.


8. Purchasing card compliance

Unauthorised use of purchasing cards in 2010-11Agencies that operate purchasing cards must follow a number of procedures detailed in Direction 4.5.3. The Directions further require agencies to report instances of unauthorised use of purchasing cards to the Minister for Finance annually for the period ending 30 June. Any instances of unauthorised use of purchasing cards that the agency believes is significant must be reported as soon as an inquiry into the unauthorised use has been completed in addition to being reporting at 30 June. In 2010-11 there were 14 reports to the Minister for Finance on significant instances of unauthorised use of purchasing cards.

Most of the reports of unauthorised use of purchasing cards received by the Minister for Finance in 2010-11 related to purchases of goods and services with a purchasing card for personal purposes. In all these instances the money was reimbursed to the agency. One incident report in which the money was not recovered involved unique circumstances in which a purchasing card was used for an emergency cash advance in a rural area in response to severe flooding. DTF has liaised with this agency and recommended it consider alternative arrangements to prevent this kind of breach in the future.


9. Conclusion

Certification results for 2010-11 show that although levels of compliance among certifying agencies continues to be high, there has been little improvement in recent years, which draws attention to the need for DTF initiatives to improve the compliance framework.

To ensure that the Standing Directions of the Minister for Finance are clear, relevant, and fit-for-purpose, a review of the existing Directions will be undertaken to identify improvements that will increase effectiveness and reduce barriers to compliance. DTF will also consider developing differential requirements for smaller low risk entities.

The Minister for Finance has also approved two new directions relating to commodity risk management and foreign exchange risk management. These new directions aim to enhance public sector risk management.

In addition to reviewing and enhancing the Directions, DTF will also focus on supporting agencies with their compliance requirements, especially through the updating of DTF guidance material and the provision of timely and accurate responses to compliance-related queries. Although DTF guidance material is not binding on agencies and is advisory in nature, it is important for providing clarity in interpreting the Directions.

DTF will review the way in which it measures and reports levels of compliance among certifying agencies, with a view to refining these measurements to allow for more precise identification of areas of compliance risk.

DTF sees potential improvement in thefts and losses and purchasing card reporting whereby greater clarity can be provided regarding what does and does not need to be reported. DTF will work with portfolio departments to promote greater awareness among agencies of thefts and losses and purchasing card reporting requirements.

DTF will continue to take action to address areas of non-compliance revealed by annual certification results and will work with agencies to provide appropriate guidance and support.


10. Appendices

10.1 Appendix A – Compliance by portfolioThe chart below shows the percentage of certifying agencies that achieved ‘full’, ‘high’, ‘medium’, and ‘low’ levels of compliance in each portfolio.Extent of compliance by portfolio in 2010-11

In interpreting the above graph it must be noted that some portfolios have very few certifying agencies. For those portfolios with fewer certifying agencies, any change in compliance result will show a greater impact on the percentages.

For example, the Business and Innovation portfolio has only 10 agencies, of which 2 agencies (20 per cent) achieved low levels of compliance. In contrast, the Health portfolio contains 96 agencies, of which 4 agencies (4.2 per cent) achieved low levels of compliance. Even though the Business and Innovation portfolio has a higher proportion of agencies achieving low compliance compared to the Health portfolio, it has a lower number of agencies achieving low compliance.


10.2 Appendix B – Partial compliance and non-compliance with Direction requirementsThe table below gives the percentage of agencies that are ‘partial compliant’ and ‘not compliant’ with each direction requirement.

Direction requirement % Partially compliant

% Not compliant

Total

17. Business Continuity and Disaster Recovery Plans 17.0 0.4 17.312. Policies and Procedures 14.0 0.4 14.404. Audit Committee 7.7 0.7 8.528. Purchasing Card Compliance Obligations 7.0 0.0 7.007. Internal Audit 5.5 1.1 6.627. Taxation Compliance Obligations 6.3 0.0 6.318. Information Technology Operations Security and Control 5.2 0.7 5.901. Financial Code of Practice 4.4 0.7 5.205. Financial Risk Management 4.1 0.4 4.414. Managing Outsourced Services, Contract and Agreements 3.7 0.7 4.416. Information Technology Management 3.0 1.5 4.426. Financial Management Compliance Obligations 4.1 0.0 4.102. Responsible Body Financial Governance and Oversight 3.7 0.0 3.706. Delegations of Authority 3.7 0.0 3.729. Thefts and Losses Compliance Obligations 3.0 0.4 3.330. Risk Management Compliance 3.0 0.4 3.315. Managing Outsourced Services Cost-Benefit Analysis 1.8 0.4 2.220. Change Control 1.1 0.7 1.825. Financial Performance Management and Evaluation 1.1 0.7 1.821. Education and Training 1.5 0.0 1.531. Treasury Risk Management 1.5 0.0 1.523. Reporting Requirements in Part 7 of the FMA 1.1 0.4 1.511. CFAO Endorsement of Financial Information 0.7 0.7 1.509. Public Sector Agency Financial Management Team Structure 1.1 0.0 1.108. External Audit 0.7 0.4 1.124. Other External Reporting 0.7 0.4 1.113. Chart of Accounts 0.7 0.0 0.719. Information Technology Development 0.0 0.7 0.703. Financial Certification 0.4 0.0 0.410. CFAO Skills, Qualifications and Experience 0.4 0.0 0.422. Internal Financial Management Reporting 0.4 0.0 0.4


10.3 Appendix C – Certifying agenciesThe Financial Management Compliance Framework applies to VPS departments as well as VPS agencies that meet the ‘public body’ definition contained within section 3 of the Financial Management Act 1994 and which have previously fed into the whole of government consolidated Annual Financial Report for the State of Victoria.

There were 271 certifying agencies that were required to certify compliance for 2010-11.

The list of certifying agencies changes from year to year, and between 2009-10 (when there were 281 certifying agencies) to 2010-11 the following changes occurred:

The following agencies were removed:

Port of Hastings Corporation

Victorian Relief Committee Chiropractors Registration Board of Victoria

Medical Practitioners Board of Victoria Nurses Board of Victoria

Optometrists Registration Board of Victoria Osteopaths Registration Board of Victoria

Pharmacy Board of Victoria Physiotherapists Registration Board of Victoria

Podiatrists Registration Board of Victoria Psychologists Registration Board of Victoria

The following agencies were added:

Docklands Studios Melbourne

DTF continuously reviews the list of certifying agencies and is in the process of identifying, analysing, and consulting with agencies with a view to updating the list for 2011-12.


10.4 Appendix D – Taxation complianceDirection 4.5.2 (Direction Requirement 27) requires VPS agencies to demonstrate compliance with Commonwealth taxation obligations.

The table below gives the number of agencies that have certified as fully compliant, partially compliant, and non-compliant with Direction Requirement 27 since 2004-05.

2004-05 2005-06 2006-07 2007-08 2008-09 2009-10 2010-11Full compliance 266 262 271 273 265 254 251Partial compliance 30 30 19 20 23 23 17Non-compliance 1 4 2 1 0 2 0Not applicable 1 1 1 2 4 2 3Total 298 297 293 296 292 281 271

The results above are also expressed as percentages below. For example, in 2010-11, 94 per cent (251/(271-3)) of applicable agencies certified as fully compliant with Direction Requirement 27.

2004-05 2005-06 2006-07 2007-08 2008-09 2009-10 2010-11Full compliance 90 89 93 93 92 91 94Partial compliance 10 10 7 7 8 8 6Non-compliance 0 1 1 0 0 1 0


10.5 Appendix E – List of Direction requirementsDirection

requirement No.

Reference in the Standing Directions of the Minister for

Finance

Requirement

1 2.1 Financial code of practice A ‘financial code of practice’ exists covering areas required by the Directions, and is overseen by effective management with regards to its implementation, monitoring of compliance with its requirements, and dealing with breaches.

2 2.2 Financial governance Responsible BodyThe Responsible Body is responsible for the governance and oversight of financial management and undertakes the duties set out in the Directions. It meets often enough to undertake an effective financial governance role.

3 2.2 Financial governance Formal statementsFor Agencies: The Accountable Officer and the CFAO have, within the last 12 months, made formal statements to the Responsible Body (Board) that the Agency’s financial report present fairly the results and financial condition of the Agency and is founded on sound risk management, internal compliance and control systems.For Government departments: The CFAO has, within the last 12 months, made a formal statement to the Audit Committee and the Accountable Officer, that the Agency’s financial report present fairly the results and financial condition of the Agency and is founded on sound risk management, internal compliance and control systems.

4 2.2 Financial governance Audit committeeAn audit committee has been constituted and has a membership that is consistent with the criteria specified in Direction 2.2. The Audit Committee has functioned within the parameters of a Charter, which has been approved by the Responsible Body and provided to each member of the Audit Committee. It has had direct access to: Internal and external auditors The Accountable Officer The CFAO The public sector agency’s management (through the Accountable Officer)Where an Audit Committee does not exist, a written exemption must be obtained from the Minister for Finance and the Responsible Body undertakes the functions of an Audit Committee.

5 2.3 Financial risk management The public sector agency has a financial risk management policy and internal control system in place which addresses the risks associated with the financial management of the Public Sector Agency. The financial risk profile has been critically reviewed by the Responsible Body within the last 12 months.

6 2.4 Authorisations The Responsible Body has adopted financial authorisations which conform to the requirements of the Directions and these authorisations have been reviewed by the Responsible Body within the last 12 months.


Direction requirement

No.


Finance

Requirement

7 2.5 Internal audit An internal audit function exists and works within the parameters of a Charter and an internal audit plan, both of which have been approved by the audit committee, or Responsible Body in the absence of an audit committee, and are consistent with the requirements of the Directions. A private meeting with the internal auditors has been held at least once in the last 12 months.Where an Internal Audit function does not exist, a written exemption must be obtained from the Minister for Finance.

8 2.6 External audit The Audit committee, or Responsible Body in the absence of an audit committee, has taken the actions required by Direction 2.6 in respect of external audit for the financial year(or part thereof) just ended, including inviting the external auditor to all relevant meetings and making time available to meet privately to discuss audit related issues at least once within the last 12 months.

9 3.1.1 Public sector agency financial management team structure

Roles and responsibilities for positions within the financial management team structure, and the prerequisite skills, qualifications and experience have been defined and documented.

10 3.1.2 Chief Finance and Accounting Officer

CFAO credentialsThe prerequisite skills, qualifications and experience for the CFAO are clearly defined and documented together with position description, role, duties, rights and responsibilities.

11 3.1.2 Chief Finance and Accounting Officer

CFAO endorsementThe CFAO has endorsed financial information submitted to the Accountable Officer, Responsible Body and/or other senior executive forums within the public sector agency.

12 3.1.3 Policies and procedures There are documented and communicated policies and procedures covering the requirements of the Directions (including all relevant requirements in Section 3.4 of the Directions) in respect of financial administration and management.

13 3.1.4 Chart of accounts The CFAO or their delegate has established, maintained and distributed a chart of accounts, which meets the requirements of the Directions.

14 3.1.5 Managing outsourced financial services

Outsourcing governanceAll outsourced finance functions or services are governed by contracts, service level agreements or other documented arrangements, each of which has been reviewed for compliance in the past twelve months.

15 3.1.5 Managing outsourced financial services

Audit scrutinyAll finance functions or services outsourced during the financial year (period) just ended were subjected to a cost benefit analysis, approved by the Responsible Body, and detailed in the form of a contract, service level agreement or equivalent which allows for internal and external audit scrutiny.

16 3.2.1 Information technology management

The Responsible Body has reviewed the use of Information Technology used for financial management within the last 12 months to assess information technology risks and their impact on financial management.



No.


Finance

Requirement

17 3.2.2 Information technology operations

There are documented and tested back up, disaster recovery and business continuity procedures in place that are commensurate with the Public Sector Agency’s financial management needs.

18 3.2.3 Security A formal assessment has been undertaken within the last 12 months of whether financial management information that is sensitive to the Public Sector Agency and stakeholders is adequately controlled and secured.

19 3.2.4 Development A business case was prepared and approved in accordance with the Directions for the development of any proposed financial management system developments during the year.

20 3.2.5 Change control A change control process was followed for changes made to financial management systems.21 3.3 Education and training The training and education needs for the financial management team have been reviewed by the CFAO or their

delegated authority within the last 12 months, and an appropriate program developed to address the training and education needs of financial management staff.

22 4.1 Internal Financial Management Reporting

Requirements for internal financial management reports have been identified and relevant reports have been produced and distributed at regular intervals throughout the financial year.

23 4.2 Reporting requirements in terms of Part 7 of the Financial Management Act 1994

The financial statements and report of operations have been prepared in accordance with Part 7 of the Financial Management Act 1994 and in the required timeframes.

24 4.3 Other external reporting internal financial management reporting

All external reporting requirements have been identified and relevant reports delivered completely, accurately and in a timely manner.

25 4.4 Financial performance management and evaluation

The Responsible Body has developed financial key performance indicators (KPIs) working with management, and there is monitoring and reporting of performance against these to the Responsible Body and/or the Accountable Officer.

26 4.5.1 Compliance with Directions The public sector agency has met its financial management compliance obligations including: conducting an annual review of financial management compliance; and identifying and rectifying financial management compliance issues.

27 4.5.2 Taxation compliance obligations The public sector agency has met its taxation compliance obligations by: conducting an annual review of taxation compliance; developing and maintaining taxation policies and procedures; developing and implementing a taxation education program identifying and rectifying taxation compliance issues.



No.


Finance

Requirement

28 4.5.3 Purchasing card compliance obligations

The public sector agency has: established its own facility account; ensured only one card to cardholders; ensured cards are used for official business and government purposes; obtained supporting documentation and ensured that expenditure is approved by an appropriate financial

delegate; ensured cardholders hold a financial delegation; ensured that all individual card limits do not exceed $25 000; ensured adequate monitoring and security procedures are in place; included in the internal audit program a review of the card scheme and the use of cards issued; and notified the Minister for Finance of any instances of unauthorised use either annually or as appropriate.

29 4.5.4 Thefts and losses compliance obligations

The public sector agency has notified the Minister for Finance and the Auditor-General of any instances of thefts and losses and provided an incident report as required by the Directions.

30 4.5.5 Risk management compliance The public sector agency has: adopted risk management governance, systems and reporting requirements as contained within the Victorian

Government Risk Management Framework; conducted an annual review of their obligations in complying with Direction 4.5.5, and rectified any failures or

deficiencies indentified; and provided an attestation that its risk identification and management plan is consistent with Australian/New

Zealand Standard 4360:2004 or equivalent.31 4.5.6 Treasury risk management All borrowings, investments and financial arrangements undertaken by the Public Sector Agency conform to the

requirements or exceptions outlined within Direction 4.5.6.


24 For the year 2010-11Error! No text of specified style in document., March 2012

www.dtf.vic.gov.au

http://www.dtf.vic.gov.au/

financial management annual compliance report 2010-11

Documents