Fiduciary Controls

Situation

Centium was engaged by a leading NSW Government Agency to undertake an internal audit of the fiduciary controls framework for a smaller business entity in the Cluster, whose corporate and administrative services were transitioned across to the Agency following a restructure. The review formed part of the due diligence process of the Agency for the transition.

Task

The objective of the internal audit was to provide the Agency with reasonable assurance that the fiduciary controls and financial management framework operating in the entity were acceptable. The review specifically examined the adequacy and effectiveness of the following key areas:

• High level financial governance and reporting processes;
• The fiduciary controls framework for financial delegations and their application in the segregation and authorisation of financial transactions;
• Policies and procedures to administer the financial processes and general accounting controls;
• Policies and procedures for accurate and complete payroll processes and time management;
• Financial accounting processes including statutory reporting obligations;
• Financial reporting including the preparation of financial statements and consolidation of work papers;
• Cash management processes;
• Budget preparation and management reporting; and
• Procurement processes and contract development.

Action

In preparation for the review of each of the scope items, we developed a comprehensive Risk and Control Matrix to identify the inherent risks in the process and the controls to be tested. For each scope item we undertook a detailed review of the business processes through a combination of interviews with staff, review of procedures and supporting documentation, and substantive testing. Each scope item was given a risk rating based on the Agency’s risk management framework, and a controls effectiveness rating.

Result

The overall conclusion from the audit was that the fiduciary internal control framework was largely ineffective. The report provided Agency Management with a concise summary of each audit finding, the implication of the finding if not addressed, and practical, value adding recommendations to strengthen controls and suggested improvements to improve efficiency. The report also included a short, but focused, executive summary to provide Senior Management and the Audit and Risk Committee with an overall conclusion about fiduciary risks in the entity and an assessment of the controls effectiveness. Overall, the report identified 42 issues requiring attention and made 21 recommendations to address control failings, and 26 suggested improvements to streamline business processes. Agency Management was pleased with the outcome of the audit as it formed an important part of the due diligence process for the transitioning in of the corporate and administrative services. The report helped Management to baseline fiduciary controls to help measure performance improvement and support the business decision to transition the services to the Agency.