Responses to Performance Audit Recommendations: 2012–13 and 2013–14
Body
This is VAGO's second report examining the extent to which public sector agencies respond to and monitor performance audit recommendations.
Appendix C. Audit Act 1994 section 16—submissions and comments
Introduction
In accordance with section 16(3) of the Audit Act 1994, a copy of this report was provided to the Department of Premier & Cabinet, the Commissioner for Privacy and Data Protection and Department of Environment Land, Water & Planning.
The submissions and comments provided are not subject to audit nor the evidentiary standards required to reach an audit conclusion. Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.
Responses were received as follows:
Appendix B. Financial systems controls report 2014–15: scope and coverage
Figure B1
Entities selected for this financial systems controls report
Entities |
Scope details |
||
|---|---|---|---|
Information technology (IT) audit |
Focus areas | ||
Appendix A. Ratings definitions
Ratings for audit findings reflect our assessment of both the likelihood and consequence of each identified issue in terms of its impact on:
- the effectiveness and efficiency of operations, including probity, proprietyand compliance with applicable laws
- the reliability, accuracy and timeliness of financial reporting.
The ratings also assist management to prioritise remedial action.
Figure A1
Rating definitions and management action
4 Focus areas 2014–15
At a glance
Background
In 2014–15 we had two focus areas:
identity and access management (IDAM) controls—controls which aim to reduce the risk of inappropriate access to information and data
3 Results of IT audits
At a glance
Background
For each of the 45 entities selected for this report, we prepared management letters highlighting any control weaknesses identified by our information technology (IT) audits. For this report, these management letters were analysed to identify the overarching themes and key messages that may have a broader impact.
2 Themes from IT audits
At a glance
Background
Key information technology (IT) audit themes are drawn from testing performed as part of each entity's annual financial audit, as well as discussions with management and analysis of our IT audit findings. These themes are prepared to provide insight and actionable recommendations for public sector entities.
Conclusion
For the 2014–15 financial year, we identified three clear emerging themes from IT audits, and have made a number of recommendations to address them.
1 Background
1.1 Introduction
When planning a financial audit, VAGO seeks to understand and evaluate an entity's information technology (IT) environment and any related risks to the reliability of financial reporting.
This report summarises the results of this work on selected public sector entities' IT general controls as part of the 2014–15 financial audits. This is the second report of its kind and aims to provide extra insight into VAGO's IT audit findings, and identify wider trends that may not be covered in reports to an entity's management.
Auditor-General's comments
Each financial year VAGO undertakes a number of information technology (IT) audits to verify whether key financial systems are managed appropriately to support financial reporting process.
Financial Systems Controls Report: Information Technology 2014–15: Message
Ordered to be published
VICTORIAN GOVERNMENT PRINTER October 2015
PP No 98, Session 2014–15