The Queensland Audit Office’s annual update for clients’ chief financial officers, finance managers, and other staff involved in financial statement preparation is a key part of our engagement program.

In late February, more than 400 attendees came along or live streamed this session, which covered a range of key topics. In this blog, we cover the key takeaways from the presentations that QAO’s team of experts delivered, along with presentations from the Auditor-General and Queensland Treasury.

Auditor-General’s update

The Auditor-General opened this year’s event by talking about the changing public sector. She also provided an overview of recently tabled and upcoming reports to parliament, along with information about planning for QAO’s 2025–28 forward work plan.

In an environment of change, visibility and transparency is important. Each year, we ask entities to self-assess their progress in implementing the performance audit recommendations we have made in our reports to parliament. Our annual status of Auditor-General’s recommendations report brings together information and insights on this progress and highlights common challenges and improvement opportunities.

In our latest report we asked 84 entities to report on 603 individual recommendations from 40 reports to parliament. This covers recommendations we’ve made in our performance audits or what we have historically called ‘areas of control focus’ reports, like Improving grants management (Report 2: 2022–23) and Implementing machinery of government changes (Report 17: 2022–23).

This report and the interactive dashboard can be particularly helpful for any entities involved in machinery of government changes where functions have come together.

There are some common types of recommendations in this report:

• workforce capability – in particular, workforce plans and planning and identification of future workforce skills and needs
• information systems and data management – such as issues relating to out-of-date information and users being unable to readily access data
• governance – including issues related to clarity of policies, ineffective monitoring, and inefficient and complex processes.

Stewardship and accountability

Helping our clients navigate their stewardship and accountability responsibilities was another key theme of this year’s update. Key areas of focus for QAO include:

• transparency and public defensibility of key decisions and transactions
• achieving value for money in the use of public resources
• impacts of machinery of government changes
• special payments/ex-gratia payments
• internal controls
• fraud risks.

We looked at fraud in detail, exploring influencing factors for fraud risk, profiles of fraudsters, and some of the behavioural red flags to help our clients better understand how fraud occurs and how internal controls can help.

Our presentation brought a range of scenarios to life through case studies and explored the key learnings for the public sector.

We have developed a range of resources that can help entities improve their understanding, including our Fraud risk assessment and planning model and Fraud and corruption self-assessment tool. You can find links to these resources and more at the end of this article. 

Information security

Cyber security and internal information technology (IT) controls are topics that are in sharp focus for financial officers across the public sector. We covered our approach to auditing general IT controls in detail, looking at user access management and authentication issues that commonly arise, such as:

• appropriateness of users with full access (domain and global admins)
• synching accounts with domain and global admins
• managing service accounts.

We also gave an overview of the Mandatory Notification of Data Breach Scheme and the key elements of the scheme’s guideline to encourage attendees to engage more deeply with this. The scheme commences from 1 July 2025 for public sector entities, and from 1 July 2026 for local governments.

Queensland Treasury updates

Principal Accountant Greg Hall joined us from Queensland Treasury for several key technical updates including new and future accounting standards, climate sustainability reporting, and calculating greenhouse gas emissions.

Climate sustainability reporting is a topic of particular interest to many entities, and Queensland Treasury’s presentation updated attendees on current developments. Here are some of the key takeaways:

• The future public sector reporting roadmap and policies/guidance will be rolled out to agencies once the government approves it. Departments and statutory bodies are not to develop voluntary sustainability reports beforehand.
• Entities should focus on ensuring they understand their climate-related risks and build their knowledge and capability in emissions measurement calculations.
• Queensland Treasury is developing a uniform framework to define and calculate greenhouse gas emissions by Queensland Government entities.
• Pilot testing is underway with several agencies, with phase 3 consultation kicking off soon. Queensland Treasury will roll out the emissions calculation tool and guidance document in coming months.

QAO’s technical update

We followed Queensland Treasury’s update with information about climate risks and opportunities from the perspective of an auditor. We explored a range of key topics, including the:

• connectivity between sustainability-related risks and opportunities, and financial reporting
• physical and transitional impacts
• phasing in of audit requirements for mandatory reporting.

We also covered our preparations for providing assurance over climate-related financial disclosures, including how we are working with the Australasian Council of Auditors-General sustainability working group.

Clients reporting under the Corporations Act 2001 can expect our engagement with them to continue over 2025. Their financial audit engagement leader will also manage their sustainability assurance engagement. We will continue to work closely with our clients to talk through these changes.

For more detail on the presentations from this year’s technical audit update, please visit QAO’s website where you can access the full event presentation deck: www.qao.qld.gov.au/reports-resources/events. 

Further resources that may be of interest are also below.

Resources

• 2024 status of Auditor-General’s recommendations (Report 1: 2024–25) and interactive dashboard
• 2023-24 Financial Reporting Requirements for Queensland Government Agencies, Queensland Treasury
• Non-Current Asset Policies for the Queensland Public Sector (NCAPs), Queensland Treasury
• 2024 Queensland Sustainability Report, Queensland Treasury

QAO resources

• Presentation from QAO’s Technical audit update 2025
• Better practice: Annual internal control assessment
• Better practice: Checklist for managing machinery of government changes
• Better practice: Implementing machinery of government changes maturity model
• Better practice: Fraud risk assessment and planning model
• Better practice: Fraud and corruption self-assessment tool
• Better practice: Asset management maturity model
• Better practice: Role capability checklist for cyber attack response and recovery 
• Better practice: Cyber response and recovery governance checklist
• Blog: How understanding the ‘fraud risk triangle’ can reduce employee fraud risk
• Blog: Keep fraud risks front and centre in 2024
• Blog: Ex-gratia payments – what those charged with governance need to consider
• Blog: Implementing machinery of government changes
• Blog: Is your Information Security Management System helping you mitigate cyber risk?
• Various QAO reports to parliament and supporting interactive dashboards.