Appendix 3: The scope and grades of environment, systems, and controls for measuring financial and service performance

Transport sector: Results of the 2011/12 audits.
Management Control Environment This is the foundation of the control environment and may include consideration of the following:
  • clarity of strategic planning/the way the entity manages and reports performance;
  • communication and enforcement of integrity and ethical values;
  • commitment to competence;
  • participation by those charged with governance – for example, the involvement and influence of Audit Committee and Board (or equivalent);
  • management philosophy and operating style;
  • organisational structure;
  • assignment of authority and responsibility;
  • human resources policies and practices;
  • risk assessment and risk management;
  • key entity-level control policies and procedures;
  • information systems and communication (including information technology planning and decision-making);
  • monitoring; and
  • legislative compliance arrangements.
Financial Information Systems and Controls These are the systems and controls (including application-level computer controls) over financial performance and financial reporting and include the following:
  • appropriateness of information provided;
  • presentation of financial information;
  • reliability of systems;
  • control activity (including process-level policies and procedures); and
  • monitoring.
Service Performance Information and Associated Systems and Controls This concerns the quality of the main measures of outcomes or impacts and service performance measures selected for reporting against, as well as the systems and controls (including application-level computer controls) over service performance reporting, and includes the following:
  • appropriateness of information provided and reported;
  • review of the 2012/15 SOI;
  • the audit of the actual 2011/12 SSP and main measures of outcomes/impacts in the annual report;
  • reliability of systems;
  • control activity (including process-level policies and procedures); and
  • monitoring.
Comments and grades are based on conclusions drawn from the 2012/15 SOI and the 2011/12 SSP and annual report

 

Grade Explanation of grade
Very good No improvements are necessary.
Good Improvements would be beneficial and we recommend that the entity address these.
Needs improvement Improvements are necessary and we recommend that the entity address these at the earliest reasonable opportunity.
Poor Major improvements are required and we recommend that the entity urgently address these.

1. The reporting under Environment, Systems, and Controls for Measuring Financial and Service Performance is a by-product of the underlying audit work carried out to form an opinion on the financial and service performance statements. Its scope is limited to those areas of the management control environment, information systems, and controls that the auditor has given attention to during the course of the audit.

2. Recommendations for improvement are generally limited to those findings that the auditor considers are the more notable weaknesses in the design or operation of the management control environment, information systems, or controls. The recommended improvements determine the grade assigned. A single, serious deficiency drawing a recommendation for improvement may, of itself, determine the grade. Similarly, the most serious deficiency among several will draw a stronger recommendation and affect the grade accordingly.

3. Deficiencies in the management control environment, information systems, or controls are the gaps between what auditors observe and what auditors consider, in their professional judgement, constitutes best practice. Auditors' professional judgement is informed by many factors, including national and international standards, knowledge of best practice, and standards and expectations for the public sector in New Zealand.

4. To help ensure the relevance to all entities of the auditor's recommendations and grading, the auditor's recommendations are made with reference to what is considered best practice given the size, nature, and complexity of the entity. Thus, notions of best practice will vary among entities because what is considered necessary, enough, or beneficial for some entities may not be so for others. There is therefore not a "one size fits all" standard in the public sector. Rather, recommendations for improvement are based on the auditor's assessment of how far short the entity is from a standard that is appropriate for the entity's size, nature, and complexity of its business.

5. Further, notions of best practice may vary over time in response to change – for example, changes in the operating environment, changes to standards, and changes in general expectations. Grades assigned to entities may therefore fluctuate from year to year according to how entities respond to changes in the environment and in best-practice expectations. Grades may also be affected from year to year because of changes in emphases, in accordance with the auditor's risk-based approach to testing systems and controls.

6. Improvements are recommended only when it is considered, in the auditor's judgement, that the benefits of the improvements would justify the costs.

7. Recommendations for improvement are based on the auditor's conclusions about the state of the entity's management control environment, information systems, and controls as at the end of the financial year.

page top