Financial reporting considerations in uncertain times
We have experienced COVID-19 impacts on working arrangements, our community and the economy.
Good internal controls provide reasonable assurance that an entity is achieving its operational, reporting, and compliance objectives. They also serve to protect an entity from fraud or error. Accordingly, it is important that entities regularly assess their controls to ensure they are appropriately designed, implemented, and operating as intended.
Under section 77 of the Financial Accountability Act 2009, chief financial officers (CFOs) of government departments are delegated responsibility for:
Each financial year, departmental CFOs are required to give the accountable officer a statement about whether the financial internal controls are operating efficiently, effectively, and economically. This statement must be provided before, or at the same time as, the CFO certifies the annual financial statements. Statutory bodies—such as hospital and health services—also do this to demonstrate better practice financial governance. We encourage them, and all public sector entities, to undertake this practice.
In preparing the statement on internal controls, CFOs are required to consider whether the entity:
Given the extent of financial internal controls that may exist at an entity, in particular within departments, it is not practical or cost effective for the CFO to attest to each one every year. We recommend adopting a risk-based approach focusing on key financial internal controls that:
To support this, we recommend that CFOs develop an overarching framework for identifying and assessing the key financial internal controls that the statement covers.
The framework should identify:
The format of the statement and level of assurance should be discussed and agreed with the accountable officer early.
While there is no prescribed format for the statement, we recommend that, as a minimum, it addresses:
It is important that there is appropriate documentary evidence to support the CFO’s assessments. While this may include information the CFO has prepared, they should also seek to rely on information that is readily available, including:
Where the CFO does not have direct visibility over key financial internal controls, they should seek separate assurances from the person responsible for the relevant business areas. This is particularly relevant for CFOs at continuing departments who have received new functions under the last machinery of government changes. CFOs will also need to consider how they will obtain assurance for controls that the former department continued to operate on their behalf for a period of time after the machinery of government change.
Audit committees can also play a key role in the development of the CFO assurance statement process. This includes providing feedback on the framework the CFO develops, the proposed format of the statement, and reviewing the statement prior to the CFO presenting it to the accountable officer. The audit committee may also benefit from this process by gaining a better understanding of the entity, and its processes and risks.