Appendix B. Financial systems controls report 2014–15: scope and coverage
Figure B1
Entities selected for this financial systems controls report
Entities |
Scope details |
||
|---|---|---|---|
Information technology (IT) audit |
Focus areas | ||
Appendix A. Ratings definitions
Ratings for audit findings reflect our assessment of both the likelihood and consequence of each identified issue in terms of its impact on:
- the effectiveness and efficiency of operations, including probity, proprietyand compliance with applicable laws
- the reliability, accuracy and timeliness of financial reporting.
The ratings also assist management to prioritise remedial action.
Figure A1
Rating definitions and management action
4 Focus areas 2014–15
At a glance
Background
In 2014–15 we had two focus areas:
identity and access management (IDAM) controls—controls which aim to reduce the risk of inappropriate access to information and data
3 Results of IT audits
At a glance
Background
For each of the 45 entities selected for this report, we prepared management letters highlighting any control weaknesses identified by our information technology (IT) audits. For this report, these management letters were analysed to identify the overarching themes and key messages that may have a broader impact.
2 Themes from IT audits
At a glance
Background
Key information technology (IT) audit themes are drawn from testing performed as part of each entity's annual financial audit, as well as discussions with management and analysis of our IT audit findings. These themes are prepared to provide insight and actionable recommendations for public sector entities.
Conclusion
For the 2014–15 financial year, we identified three clear emerging themes from IT audits, and have made a number of recommendations to address them.
1 Background
1.1 Introduction
When planning a financial audit, VAGO seeks to understand and evaluate an entity's information technology (IT) environment and any related risks to the reliability of financial reporting.
This report summarises the results of this work on selected public sector entities' IT general controls as part of the 2014–15 financial audits. This is the second report of its kind and aims to provide extra insight into VAGO's IT audit findings, and identify wider trends that may not be covered in reports to an entity's management.
Auditor-General's comments
Each financial year VAGO undertakes a number of information technology (IT) audits to verify whether key financial systems are managed appropriately to support financial reporting process.
Financial Systems Controls Report: Information Technology 2014–15: Message
Ordered to be published
VICTORIAN GOVERNMENT PRINTER October 2015
PP No 98, Session 2014–15
Financial Systems Controls Report: Information Technology 2014–15
Body
This report builds on VAGO's previous inaugural Information and Communications Technology Controls Report 2013–14 and aims to provide additional insight and increased visibility of IT related audit findings. The report is intended to provide decision-makers with relevant information to help them address IT issues and improve processes and controls.
Appendix C. Audit Act 1994 section 16—submissions and comments
Introduction
In accordance with section 16(3) of the Audit Act 1994, a copy of this report, or part of this report, was provided to the Department of Premier & Cabinet, Department of Health & Human Services, Department of Justice & Regulation, Public Transport Victoria, State Revenue Office and VicRoads.
The submissions and comments provided are not subject to audit nor the evidentiary standards required to reach an audit conclusion. Responsibility for the accuracy, fairness and balance of those comments rests solely with the agency head.