Appendix C. Audit Act 1994 section 16—submissions and comments

Read more about Appendix C. Audit Act 1994 section 16—submissions and comments

Introduction

In accordance with section 16(3) of the Audit Act 1994, a copy of this report was provided to the Department of Premier & Cabinet, the Commissioner for Privacy and Data Protection and Department of Environment Land, Water & Planning.

The submissions and comments provided are not subject to audit nor the evidentiary standards required to reach an audit conclusion. Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.

Responses were received as follows:

Appendix B. Financial systems controls report 2014–15: scope and coverage

Read more about Appendix B. Financial systems controls report 2014–15: scope and coverage

Figure B1

Entities selected for this financial systems controls report

Entities	Scope details
Entities	Information technology (IT) audit	Focus areas

Appendix A. Ratings definitions

Read more about Appendix A. Ratings definitions

Ratings for audit findings reflect our assessment of both the likelihood and consequence of each identified issue in terms of its impact on:

the effectiveness and efficiency of operations, including probity, proprietyand compliance with applicable laws
the reliability, accuracy and timeliness of financial reporting.

The ratings also assist management to prioritise remedial action.

Figure A1

Rating definitions and management action

4 Focus areas 2014–15

Read more about 4 Focus areas 2014–15

At a glance

Background

In 2014–15 we had two focus areas:

identity and access management (IDAM) controls—controls which aim to reduce the risk of inappropriate access to information and data

3 Results of IT audits

Read more about 3 Results of IT audits

At a glance

Background

For each of the 45 entities selected for this report, we prepared management letters highlighting any control weaknesses identified by our information technology (IT) audits. For this report, these management letters were analysed to identify the overarching themes and key messages that may have a broader impact.

2 Themes from IT audits

Read more about 2 Themes from IT audits

At a glance

Background

Key information technology (IT) audit themes are drawn from testing performed as part of each entity's annual financial audit, as well as discussions with management and analysis of our IT audit findings. These themes are prepared to provide insight and actionable recommendations for public sector entities.

Conclusion

For the 2014–15 financial year, we identified three clear emerging themes from IT audits, and have made a number of recommendations to address them.

1 Background

Read more about 1 Background

1.1 Introduction

When planning a financial audit, VAGO seeks to understand and evaluate an entity's information technology (IT) environment and any related risks to the reliability of financial reporting.

This report summarises the results of this work on selected public sector entities' IT general controls as part of the 2014–15 financial audits. This is the second report of its kind and aims to provide extra insight into VAGO's IT audit findings, and identify wider trends that may not be covered in reports to an entity's management.

Auditor-General's comments

Read more about Auditor-General's comments

Each financial year VAGO undertakes a number of information technology (IT) audits to verify whether key financial systems are managed appropriately to support financial reporting process.

Financial Systems Controls Report: Information Technology 2014–15: Message

Read more about Financial Systems Controls Report: Information Technology 2014–15: Message

Ordered to be published

VICTORIAN GOVERNMENT PRINTER October 2015

PP No 98, Session 2014–15

Financial Systems Controls Report: Information Technology 2014–15

Body

This report builds on VAGO's previous inaugural Information and Communications Technology Controls Report 2013–14 and aims to provide additional insight and increased visibility of IT related audit findings. The report is intended to provide decision-makers with relevant information to help them address IT issues and improve processes and controls.

Subscribe to Department of Premier and Cabinet