B.3 Scrutiny
Auditor-General Report No. 7/2014-2013-14 Financial Audit
Recommendations
|
Action
|
Status
|
---|
The Audit Office issued an unqualified audit report on the Directorate's 2013-14 Financial Report and an unqualified Report of Factual Findings on its 2013-14 Statement of Performance.
The Audit Office reported unresolved findings and recommended: The Directorate partially resolved one audit finding by approving policies and procedures for establishing, removing and reviewing user access to Maze and performance of reviews of user access at the school level. However, these policies and procedures do not provide guidance on reviewing user access
to Maze at the Directorate level and there was no evidence of such reviews being performed. This weakness presents a risk of unauthorised access to student and financial data, including sensitive student information. - The Directorate has been unable to implement audit logs for the Maze application and data and there is no policy for monitoring the activity of users by the review of audit logs. This increases the risk that erroneous or fraudulent changes to the Maze application and data will not be promptly detected
and rectified.
|
The Directorate has responded as follows:
- The Directorate has advised that it will include guidance on review of user access at Directorate level in its procedures and ensure that these reviews are regularly performed.
- The Directorate has investigated options for audit logs and determined that Maze does not have the capability to produce system or data audit logs. The specifications for an upgrade to the Maze school administration system (the project is currently in a discovery phase) will include a requirement for
audit trails and transactional log capability, it is not anticipated that this recommendation can be activated until full implementation of a new system in 2016. In addition, to minimise potential risks identified by the audit it should be noted that all financial transactions in Maze are locked and
cannot be edited or deleted by the user. Each financial record is tagged with the Maze user account and the date and time the transaction occurred.
| |
Two new audit findings were identified in 2013-14. There was:
- Often no evidence that reviews of salary reports were being performed or performed in a timely manner. This increases the risk that incorrect or fraudulent employee payments will not be promptly detected and addressed.
- Sometimes no evidence of the satisfactory receipt of goods and services at schools prior to payments being made. While these payments were found to be properly related to the operations of the Directorate, there is a risk of payment errors, irregularities and fraud when payments can be made without
clear evidence of the satisfactory receipt of goods and services marked on the payment documentation.
| - The Directorate has amended its procedures to address these audit findings.
- The Directorate has amended its procedures to address these audit findings.
| |
Auditor-General Report on Capital Works Reporting
Recommendations
|
Action
|
Status
|
---|
The audit made eight recommendations to address the audit findings in this report.
Directorates included in the audit were: Chief Minister and Treasury, Commerce and Works; Economic Development; Health; Territory and Municipal Services and Education and Training. The following recommendations were applicable to the Education and Training Directorate: - The Commerce and Works Directorate's Shared Services Procurement and directorates should develop capital works service level agreements, or the equivalent, by 31 December 2014. These should specify reporting responsibilities.
- All Directorates should quality control information to be included in capital works reports to the Chief Minister and Treasury Directorate and the Budget Committee of Cabinet, and have documented quality control procedures.
- The Commerce and Works Directorate's Shared Services Procurement and directorates should develop capital works service level agreements, or the equivalent, by 31 December 2014. These should specify reporting responsibilities.
- All Directorates should quality control information to be included in capital works reports to the Chief Minister and Treasury Directorate and the Budget Committee of Cabinet, and have documented quality control procedures.
| - Whole of Government response to this audit has not been tabled at the time of publication.
| |
Source: Governance and Assurance Branch
For more information contact:
Director
Governance and Assurance
(02) 6205 9328