A recent report by the Australian National Audit Office (ANAO) has given the key financial systems and controls of public sector entities a qualified tick, while urging more work to address issues with legacy systems and/or new systems implementation.
In the report, the ANAO claims many agencies using SAP are failing to take full advantage of internal application controls and called on them to strengthen user access and security administration functions. The ANAO also identifies inconsistencies in the application and execution of best practice approaches, especially in regard to compliance with the financial framework and service entity arrangements between Australian government entities. As a result, the ANAO recommends that entities strengthen their respective IT control environments in the interests of risk mitigation, and to assure the reliability of reported financial information.
Auditor-General Ian McPhee says the audit shows entities generally have appropriate financial management and control regimes in place. "Nevertheless, the issues outlined in this report and a number of our performance audits suggest that implementation of these regimes continue to require improvement particularly in areas such as financial management information systems, business continuity and access management where the scale and complexity of operations creates a particularly demanding financial management environment," McPhee says.
McPhee notes public sector entities are undergoing significant change in financial reporting requirements as Australia adopts international financial reporting standards, with more change likely as the Australian Accounting Standards Board considers a range of on-going public sector specific issues as part of its formal work program. But McPhee says efforts to harmonize Australian accounting standards with the requirements of government finance statistics will likely lead to revised reporting arrangements for the Australian government and eliminate the source of some confusion to users of current budget and financial reports.
The report credits previous ANAO audits and JCPAA (Joint Committee of Public Accounts and Audit) reviews, and efforts by the Department of Finance and Administration (Finance), with improved legal and compliance risk management efforts under their overall risk management framework. But it says some agencies still need to improve legislative requirements management reporting arrangements.
The report notes IT is integral to the financial statement reporting process and claims there has never been greater need for entities to establish and maintain an effective IT control environment under corporate governance arrangements.
It finds IT governance is a well established discipline in the majority of entities assessed, although there is still room for improvement in overall governance arrangements through the integration of IT risk management activities into corporate risk management practices.
The ANAO report says that despite the positive improvement in the implementation of IT security management arrangements within government entities, there is still a need to maintain focus on information security, due to the continued move towards e-Government, the adoption of new technologies and society's increasing reliance on technology.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.