Part 3: Audit results for government departments, Crown research institutes, and State-owned enterprises

Central government: Results of the 2009/10 audits (volume 1).

3.1
In this Part, we report on our 2009/10 audit results and assessments of the environment, systems, and controls of government departments, Crown research institutes (CRIs), and State-owned enterprises (SOEs). We will report on district health boards and other Crown entities in early 2011.

3.2
We set out our findings on the management control environment, financial information systems, and (for government departments) service performance information and associated systems and controls.

3.3
The Auditor-General has a statutory requirement to attest to the statement of service performance included in the annual reports of government departments and Crown entities (excluding school boards of trustees). There is no such statutory requirement for CRIs and SOEs.

Background

3.4
As part of the annual audit, auditors examine, assess, and grade central government entities' environment, systems, and controls for managing and reporting financial and service performance information.

3.5
We report our assessments to the entity, the responsible Ministers, and the relevant select committees. We also advise the central agencies (the Treasury, the State Services Commission, and the Department of the Prime Minister and Cabinet) and the relevant monitoring department of our assessments and audit findings.

3.6
In 2006/07, we introduced a revised assessment framework to improve the transparency, usefulness, and understandability of our reporting. The framework and commentary is intended to support continual improvement by public entities.

3.7
The framework has three areas that we assess and report on:

  • the management control environment;
  • financial information systems and controls; and
  • service performance information and associated systems and controls (where applicable).

3.8
We explain the three aspects we assess in more detail in Figure 3. Auditors identify deficiencies in each of these aspects, and make recommendations for improvement. The grades assigned directly reflect the recommendations for improvement as at the end of the financial year.

Our grading system

3.9
Figure 2 shows our grading scale for assessing environment, systems, and controls.

Figure 2
Grading scale for assessing environment, systems, and controls

Grade Explanation of grade
Very good No improvements are necessary.
Good Improvements would be beneficial and we recommend that the entity address these.
Needs improvement Improvements are necessary and we recommend that the entity address these at the earliest reasonable opportunity.
Poor Major improvements are required and we recommend that the entity urgently address these.

3.10
Grades for a particular entity may fluctuate from year to year depending on several factors. Some of those factors include changes in the operating environment, in standards, in good practice expectations, and in auditor emphasis. For these reasons, we advise caution when comparing grades between years and between different entities.

3.11
How an entity responds to the auditor's recommendations for improvement is more important than the grade change from year to year. A downward shift in grade, for example, may not indicate deterioration – it may be that the entity has not kept pace with good practice expectations for similar entities between one year and the next. Consequently, the long-term trend in grade movement is a more useful indication of progress than year-to-year grade changes.

3.12
This is the fourth year that we have assessed and graded the management control environment, and financial information systems and controls. It is the second year that we graded service performance information and associated systems and controls of government departments. We discuss service performance information in more detail in paragraphs 3.36-3.53.

Explanation of the scope of the three aspects we examine

3.13
Figure 3 outlines the scope of the three aspects that our auditors examine as part of the annual audit.

Figure 3
Scope of the three aspects that our auditors examine

AreaScope
Management control environment This is the foundation of the control environment and may include considering:
  • clarity of strategic planning/the way the entity manages and reports performance;
  • communication and enforcement of integrity and ethical values;
  • commitment to competence;
  • participation by those charged with governance – for example, the involvement and influence of Audit Committee and Board (or equivalent);
  • management philosophy and operating style;
  • organisational structure;
  • assignment of authority and responsibility;
  • human resources policies and practices;
  • risk assessment and risk management;
  • key entity-level control policies and procedures;
  • information systems and communication (including information technology planning and decision-making);
  • monitoring; and
  • legislative compliance arrangements.
Financial information systems and controls These are the systems and controls (including application-level computer controls) over financial performance and financial reporting, and include considering:
  • appropriateness of information provided and reported;
  • presentation of financial information;
  • reliability of systems;
  • control activity (including process-level policies and procedures); and
  • monitoring.
Service performance information and associated systems and controls This concerns the quality of the service performance measures selected for reporting against, as well as the systems and controls (including application-level computer controls) over service performance reporting, and includes considering:
  • appropriateness of information provided and reported;
  • review of the 2010-13 Statement of Intent;
  • presentation of forecast 2010/11 Statement of Service Performance (SSP) information and the associated information in the Information Supporting the Estimates;
  • the audit of the actual 2009/10 SSP in the annual report;
  • reliability of systems;
  • control activity (including process-level policies and procedures); and
  • monitoring.

Our assessment system

3.14
Auditors base the grades that they assign in their assessment on deficiencies observed through the audit, and on the associated recommendations for improvement. Auditors' conclusions on deficiencies (that is, the gap between "actual practice" and "how practice should be"), and the associated recommendations for improvement, are based on their assessment of how far the entity's practice falls short of good practice. Good practice is based on auditors' professional expertise and judgement, taking into account what is deemed appropriate for each entity, given its size, nature, and complexity. An auditor's professional judgement is informed by many factors, including national and international standards, knowledge of good practice, and standards and expectations for the public sector.

3.15
Our auditors' approach and the standards they apply reflect the unique circumstances of each entity in each financial year. Entities vary greatly in size and organisational structure, and sometimes undergo restructuring or other organisational changes.

Central government context

3.16
The current central government environmental context is one of ongoing change and fiscal constraint due to the global recession. Government initiatives to improve departments' and the wider state sector's performance, effectiveness, and efficiency include machinery of government changes, alternative approaches to delivering services (for example, greater use of private partnerships), and initiatives to improve the efficiency of back-office services across departments (such as all-of-government procurement).

3.17
Change and improvement initiatives can affect organisational capability and capacity. For example, agencies will need to:

  • maintain governance and management of core services in addition to change and improvement processes;
  • develop new cross-agency management and accountability arrangements for collaborative across-government initiatives;
  • maintain capacity and capability if restructuring and/or redeploying staff;
  • understand costs and cost drivers, and maintain good financial and strategic management; and
  • maintain effective control environments and be alert to the potential greater risk of frauds.

3.18
We will continue to take this environment into consideration in the planning and emphasis of our audits of government agencies.

Audit results for government departments

3.19
We audited 39 government departments in 2009/10 – the same number as in 2008/09. Government departments include the Office of the Clerk and the Parliamentary Service, and exclude Offices of Parliament, the Government Communications Security Bureau, and the New Zealand Security Intelligence Service.

3.20
We issued unqualified audit reports on all 39 departments for 2009/10. Four of these reports were non-standard1 and included explanatory paragraphs highlighting that the financial statements had been prepared on a disestablishment basis. These government departments will be disestablished when they are integrated into other government departments.

3.21
Figure 4 shows a summary of the grades for our 2009/10 assessments of environment, systems, and controls for the three aspects that we assess.

Figure 4
Government departments – summary of grades for 2009/10

Number of entities gradedManagement control environmentFinancial information systems and controlsService performance information and associated systems and controls
VGGNIPVGGNIPVGGNIP
39 16 20 3 0 16 23 0 0 0 11 25 3

Ratings used are: VG – Very good, G – Good, NI – Needs improvement, P – Poor

3.22
Overall, the results for 2009/10 show that government departments have generally sound management control environments and financial information systems and associated controls, which is pleasing to see. However, the results also show that there is still significant room for improvement in service performance information and associated systems and controls.

3.23
We discuss the first two aspects (the management control environments and financial information systems and associated controls) together, and the third aspect (service performance information and associated systems and controls) separately.

Management control environment and financial information systems and controls

3.24
Figures 5 and 6 below show the trends in grades for government departments for the four years since we began grading these areas in 2006/07.

Figure 5
Management control environment grades for government departments from 2006/07 to 2009/10, as percentages

Figure 5.

Figure 6
Financial information systems and controls grades for government departments from 2006/07 to 2009/10, as percentages

Figure 6.

3.25
Both figures show that government departments have improved steadily in management control environments and financial information systems and controls during the past four years.

3.26
The proportion of government departments receiving a very good grade for the management control environment increased from 13% in 2006/07 to 41% in 2009/10. For financial information systems and controls, the proportion receiving very good grades increased from 18% in 2006/07 to 41% in 2009/10.

3.27
These are significant improvements and show that government departments have responded and continue to respond to auditors' recommendations for improvement.

Results for 2009/10

3.28
We assessed all but three government departments as having either very good or good management control environments in 2009/10.

3.29
The three government departments that received needs improvement grades were also assessed as needing improvements in 2008/09. Although all three had made some progress in response to the 2008/09 recommendations, they still need to improve their management control environments. However, we note that these government departments all received good grades for their financial information systems and controls in 2009/10.

3.30
We are pleased to report that we assessed all government departments as having either very good or good financial information systems and associated controls in 2009/10. The three government departments assessed as needing improvement in 2008/09 responded in full to auditor recommendations and were all graded as good in 2009/10.

3.31
Most government departments responded either in full or in part to our 2008/09 recommendations for improvement in both the management control environment and financial information systems and controls.

3.32
In our examination of the 2009/10 audit results, we did not identify any significant or common areas for improvement in either the management control environment or financial information systems and controls.

3.33
However, in a number of instances, auditors noted the context of organisational change that we discussed above, including:

  • changes in organisational form, such as current or impending departmental amalgamations;
  • organisational restructures within departments; and
  • reductions in staff numbers, high turnover of staff, and/or loss of key personnel.

3.34
For one government department assessed as needing improvement, the auditor noted that changes in key staff were a contributing factor to the deficiencies noted in the management control environment.

3.35
As noted above, the importance of maintaining capability and effective controls is heightened in an environment of increased change. Therefore, it is reassuring to report that government departments have continued to maintain sound controls and systems in 2009/10.

Service performance information and associated systems and controls

3.36
As part of phasing in improvements to the way we audit service performance information, 2009/10 is the second year that we graded service performance information and associated systems and controls.

3.37
Our primary objective in examining service performance information is to assess the quality of the forecast performance reports and supporting systems and controls, and to audit the service performance reported in the 2009/10 annual report.

Background

3.38
The Auditor-General is required under the Public Finance Act 1989 to attest to the statement of service performance included in the annual reports of government departments.

3.39
We have previously reported on our work of recent years to improve service performance information. This work has had an emphasis on improving auditing standards, methodology, and reporting by appointed auditors.

3.40
In 2008/09, we introduced a revision of the Auditor-General's Auditing Standard on auditing performance information, referred to as AG-4 (Revised) – The Audit of Service Performance Reports. The application of the standard is being phased in and will be effective for 20 government departments from 1 July 2010, 12 departments from 1 July 2011, and the remaining departments the following year.2

3.41
We allowed for a transitional period before we graded service performance information by not grading in 2006/07 or 2007/08. However, our auditors did assess service performance information in both these years and provided comments to entities about improvements they could make.

3.42
In reviewing and grading forecast reports, our auditors considered the relevance, reliability, understandability, and comparability of information in presenting a clear and cohesive description of performance. Performance elements (outcomes, impacts, and outputs) and their associated measures and targets should be presented in a clear and informative context.

Results for 2009/10

3.43
There has been a small improvement in the grades for service performance information and associated systems and controls in 2009/10 compared to 2008/09 as shown in Figure 7.

Figure 7
Comparison of grades for service performance information and associated systems and controls in 2008/09 and 2009/10

Figure 7.

Ratings used are: VG – Very good, G – Good, NI – Needs improvement, P – Poor.

3.44
Despite the small improvement in the 2009/10 results, the overall spread of grades continues to show that there is much room for improvement. Three government departments received poor grades, and 25 government departments (64%) received needs improvement grades.

3.45
As previously reported, in our view, improving the quality of performance reporting is critical not only for demonstrating accountability but also for improving public sector effectiveness.

3.46
Five government departments improved their grades from 2008/09 – two from poor to needs improvement and three from needs improvement to good. The grades of two government departments went down – one from good to needs improvement and one from needs improvement to poor.

3.47
As previously explained, grades may fluctuate from year to year depending on a range of factors. We are particularly interested in how government departments respond to auditors' recommendations for improvement. In 2009/10, we found the following:

  • Overall, 32 government departments responded in part to recommendations from the 2008/09 audits.
  • Two government departments that responded in full to recommendations for improvement in 2008/09 improved their grades from needs improvement to good in 2009/10.
  • Three of four government departments assessed as poor in 2008/09 and requiring urgent major improvements responded in part to the 2008/09 recommendations. Two of these government departments improved their grades to needs improvement in 2009/10.
  • One government department assessed as poor in 2008/09 did not respond at all to the recommendations in 2008/09 and was again assessed as poor in 2009/10. We are aware of particular circumstances in this instance, which we expect to be addressed in 2010/11.

3.48
We examined the recommendations for improvement in the 2009/10 audits of service performance information and identified the following issues that were common across a number of government departments:

  • fundamental problems with the performance framework – for example, the relationship between services (outputs) and the impacts they have was not clear;
  • limited or no performance measures or targets for outcomes/impacts;
  • output classes that were not clearly defined; and
  • performance measures for outputs that either were lacking or did not cover all dimensions of performance (timeliness, cost, quality, and quantity).

3.49
Consistent with our report on the 2008/09 audit results, we expect entities to take appropriate action to address the matters raised by our auditors in 2009/10 and to achieve the recommended improvement to service performance reporting and associated systems and controls.

3.50
We recognise that this is challenging, but consider that it is integral to improving the effectiveness and efficiency of the public sector – both in actual performance and demonstrating it through better accountability. During 2009/10, we worked with central agencies, government departments, and auditors to help lift capability and performance. We will continue this work in 2010/11. Our work programme included:

  • focused engagement with a number of selected government departments;
  • publishing examples of better practice in performance reporting; and
  • facilitating workshops.

3.51
Forthcoming publications on performance reporting by our Office are:

  • a new report giving examples of better practice in the central government sector, which we will publish on our website (www.oag.govt.nz);
  • a report on a longitudinal case study of certain entities' performance reporting over five years; and
  • an overview report of our work on performance information in both central and local government.

3.52
In 2009/10, the local government sector was the first to have audit reports issued under AG-4 (Revised). We will report on these results in 2011. However, preliminary analysis shows that the number of qualified audit opinions was lower than expected. We issued three qualified except-for opinions where our service performance work was limited because data was incomplete or not collected for significant performance measures. In many cases, local government entities were able to fix potential issues to better report their performance on a basis consistent with AG-4 (Revised).

3.53
AG-4 (Revised) will apply to the audit reports of 20 government departments in 2010/11. A range of issues could affect these audit reports. In many cases, the improvements recommended are not substantial and we expect that improvements will be made. However, given the number of departments that need to make improvements, there may be some qualified audit opinions. We will continue to work with government departments to understand their business and help them to better align performance information and reporting with legislative and accounting requirements and with good practice.

Audit results for Crown research institutes

3.54
We audited eight CRIs in 2009/10 – the same number as in 2008/09. The number of CRIs reduced from nine in 2007/08 to eight in 2008/09 after two CRIs were amalgamated.

3.55
We issued unqualified audit opinions on all eight CRIs for 2009/10. We report on non-standard audit reports more fully in Part 6.

3.56
Figure 8 shows a summary of the grades for 2009/10 for the two areas we assess. As the Auditor-General is not required to attest to CRIs' service performance, we do not assess and grade this area.

Figure 8
Crown research institutes – summary of grades for 2009/10

Number of entities gradedManagement control environmentFinancial information systems and controls
VGGNIPVGGNIP
8 8 0 0 0 1 7 0 0

Ratings used are: VG – Very good, G – Good, NI – Needs improvement, P – Poor.

3.57
We are again pleased to report that auditor assessments for 2009/10 continue to show strong performance by the CRIs.

3.58
All eight CRIs had their management control environments assessed as very good in 2009/10. These results are commendable, especially as grades can fluctuate from year to year depending on a range of factors.

3.59
The two CRIs that received good grades for their management control environments in 2008/09 responded fully to our recommendations for beneficial improvement. Both were assessed as very good in 2009/10.

3.60
In 2009/10, one CRI was assessed as very good for its financial information systems and controls. The other seven were assessed as good. Five CRIs responded in part, and two in full, to auditor recommendations in 2008/09 for beneficial improvement to financial information systems and controls.

3.61
Figures 9 and 10 show the trends in grades for CRIs for the four years since 2006/07.

Figure 9
Management control environment grades for Crown research institutes from 2006/07 to 2009/10, as percentages

Figure 9.

Figure 10
Financial information systems and controls grades for Crown research institutes from 2006/07 to 2009/10, as percentages

Figure 10.

3.62
Assessments and grades since 2006/07 have all been either good or very good for both aspects. These consistent results show that CRIs have maintained sound environments, systems, and controls during the past four years.

3.63
Significant change is under way in the CRI sector with the implementation of the recommendations of the Crown Research Institute Taskforce on How to enhance the value of New Zealand's investment in Crown Research Institutes.3 Changes to CRI funding, accountability, and performance reporting are expected to be in place from 1 July 2011. We are monitoring these developments and expect to adjust our audit emphasis for audits from 1 July 2011 in response to these changes.

Audit results for State-owned enterprises

3.64
We report on 2009/10 audit results for 15 SOEs – compared to 17 SOEs in 2008/09.4

3.65
We issued unqualified audit opinions on all 15 SOEs for 2009/10.

3.66
Figure 11 shows a summary of the grades for the two areas we assess for 2009/10. Because the Auditor-General is not required to attest to SOEs' service performance, we do not assess and grade this aspect.

Figure 11
State-owned enterprises – Summary of grades for 2009/10

Number of entities gradedManagement control environmentFinancial information systems and controls
VGGNIPVGGNIP
15 12 2 1 0 6 9 0 0

Ratings used are: VG – Very good, G – Good, NI – Needs improvement, P – Poor.

3.67
The results in 2009/10 show that, overall, SOEs have sound management control environments and financial information systems and controls.

3.68
In 2009/10, all but one SOE received either a very good or a good grade for the two aspects we grade. One SOE received a needs improvement grade for its management control environment. Although this SOE's grade was unchanged from 2008/09, we note that it made good progress during the past year in responding to our recommendations for improvement. Improvements made by this SOE resulted in its grade for financial information systems and controls moving from a needs improvement in 2008/09 to a good in 2009/10.

 

3.69
In 2009/10, five SOEs responded in full and four responded in part to the 2008/09 recommendations for improvement to financial information systems and controls. One SOE responded in full and two responded in part to recommendations for improvement to the management control environment.

3.70
Figures 12 and 13 show the trends in grades for SOEs for the four years since 2006/07.

Figure 12
Management control environment grades for State-owned enterprises from 2006/07 to 2009/10, as percentages

Figure 12.

Figure 13
Financial information systems and controls grades for State-owned enterprises from 2006/07 to 2009/10, as percentages

Figure 13.

3.71
Figures 12 and 13 show a steady increase in very good grades for both aspects we grade since 2006/07. We are pleased to note the trends in the SOE sector for general improvement in both aspects and that entities have been responsive to their auditors' feedback for improvement.


1: We report on non-standard audit reports in Part 6.

2: See Part 5 of Central government: Results of the 2008/09 audits for an explanation of the phasing in and categorisation of entities for the application of AG-4 (Revised).

3: Available at CRI-Taskforce/Final-Report/">www.morst.govt.nz/current-work/CRI-Taskforce/Final-Report/.

4: One SOE (Timberlands West Coast Limited) is being wound up and is therefore not included. Another has a 30 September 2010 balance date, and audit results had not been reported at the time of publication. Air New Zealand Limited has been included as if it were an SOE.

page top