FMCF certification checklist (incorporating the detailed procedures) certification period. Updated May 2015

Transcription

1 FMCF certification checklist (incorporating the detailed procedures) certification period Updated May 2015

2 The Secretary Department of Treasury and Finance 1 Treasury Place Melbourne Victoria 3002 Australia Telephone: Facsimile: Authorised by the Victorian Government 1 Treasury Place, Melbourne, 3002 State of Victoria 2015 This work is licensed under a Creative Commons Attribution 3.0 Australia licence. You are free to re-use the work under that licence, on the condition that you credit the State of Victoria as author. The licence does not apply to any images, photographs or branding, including the Victorian Coat of Arms, the Victorian Government logo and the Department of Treasury and Finance logo. Copyright queries may be directed to [email protected] ISBN (pdf) Published March 2015 If you would like to receive this publication in an accessible format please [email protected] This document is also available in PDF format at

3 1. Introduction... 1 Certification against s... 1 levels... 2 Annual FMCF certification process Financial management governance and oversight Financial management structure, systems, policies and procedures Financial management reporting (incorporating the detailed procedures), Updated May 2015 i

4

5 1. The Standing Directions for the Minister for Finance (the Directions) require agencies to certify that they have complied with all applicable Directions. 1 Specifically agencies are required to: certify annually, using a form provided by DTF for this purpose, that they have complied with all applicable Directions; conduct an annual review of their obligations under these Directions; and identify and rectify any failure or deficiency in complying with these Directions. Certification of compliance should be made annually to the Responsibly Body or relevant delegate e.g. Audit Committee. Agencies subject to the Financial Management Framework (FMCF) are also required to annually certify compliance with these Directions to their Minister. FMCF certification against the Directions is completed against s. The s incorporate the key themes and principles from the Directions. Each has a high level requirement. Agencies submit their level of compliance against this high level requirement. In assessing the level of compliance agencies must consider all elements (mandatory requirements) which are taken from the detail in the Directions. 1 Direction ( 26) in the Standing Directions for the Minister for Finance refers to compliance with Directions. (incorporating the detailed procedures), Updated May

6 Agencies are required to certify their level of compliance against each of the s in the annual certification process. The compliance level definitions are detailed in the table below: level Definition Additional information Compliant Partially compliant n-compliant t applicable A compliant level of compliance means that the agency is fully compliant with all elements within the Direction and as at 30 June. A partially compliant level of compliance means that the agency is fully compliant with the majority of elements within the Direction and as at 30 June (i.e. compliant with 50 per cent or more of the elements/ Procedures). A non-compliant level of compliance means that the agency is non-compliant with the majority elements within the Direction and as at 30 June (i.e. compliant with less than 50 per cent of the elements/procedures in the Direction). A not applicable compliance level means that the Direction is not applicable to the agency. This response is only appropriate for a limited number of Directions and s. s that are certified (in the annual certification process) as noncompliant or partially compliant must contain information that outlines: reasons for the partial compliance or non-compliance rectification plans to achieve full compliance te: These responses should be added in the comments field in the Monitoring System and/or Certification Checklist. s that are certified (in the annual certification process) as not applicable must detail reasons for the response. te: If the response is not applicable due to an exemption, please provide details regarding the exemption e.g. date, period of exemption, etc. 2 (incorporating the detailed procedures), Updated May 2015

7 The following flowchart outlines the steps within the annual FMCF certification process at the agency and portfolio level. The timing of tasks is provided as a guide. Data integrity framework Process overview When? Throughout the year June July July August August September What? Complete review requirements Assess compliance Obtain sign-off Complete and submit certification How? There are requirements within the FMCF to complete reviews over a number of areas throughout the year e.g. policy documents and the financial risk profile (see Supplementary Material flyer for Direction review requirements. 1. Complete relevant reviews 2. Where required, obtain endorsement by the CEO/CFO (or delegate) or the Board/Audit Comittee 3. Keep documentation supporting evidence of these reviews The FMCF compliance certification checklist provides detailed guidance of compliance requirements for each Direction 4. Use the compliance certification checklist to review the compliance status against each of the mandatory elements within the Direction Requirements 5. Determine the compliance level (compliant, partially compliant, noncompliant) using results from step 4 and complete the certification checklist as at 30 June 6. Ensure there is evidence to support the compliance levels certified (where relevant) 7. Obtain required approval e.g. Board/ Audit Committee upon completion of the compliance certification checklist 8. Finalise detailed sign-off over Direction 2.2(d) and (w), including: internal controls risk management financial statements 9. Complete online certification via the compliance monitoring system (CMS) website: Provide signed certification letter and exception compliance summary attachment (where applicable) to the relevant portfolio Minister and copied to the portfolio coordinator te: The compliance summary attachment is an exceptions report that details rectification plans and reasons for partially or non-compliant responses. Agencies can also add further comments in this attachment Department/portfolio process When? September October When? Agency compliance certification Agency compliance certification 11. received by the Portfolio Minister via 12. received by the Portfolio Minister via 13. the portfolio department the portfolio department Agency compliance certification received by the Portfolio Minister via the portfolio department (incorporating the detailed procedures), Updated May

8 2. 2.1: Financial Code of Practice ( 1) 1 A Financial Code of Practice exists covering areas required by the Directions, and is overseen by effective management with regards to its implementation, monitoring of compliance with its requirements, and dealing with breaches. level 2 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 2.1 (relevant to 1) a) A public sector agency is required to have a financial code of practice setting out a cohesive statement of the public sector agency s internal processes to ensure probity in the public sector agency s financial management. If the public sector agency has an existing Code of Practice, this will need to be reviewed against the requirements in this Direction and updated as required to ensure compliance. b) Matters to be covered in the financial code of practice include: independence tendering; procurement; conflicts of interest; use of credit cards; personal relationships with the public sector agency s customers and providers; integrity; accountability; corporate opportunities; confidentiality; fair dealing; protection and proper use of the public sector agency s assets; and encouraging the reporting of unlawful or unethical behaviour. 2 response includes compliant, partially compliant, non-compliant and not applicable. 4 (incorporating the detailed procedures), Updated May 2015

9 Procedures for Direction 2.1 (relevant to 1) c) Each public sector agency is required to develop and maintain an appropriate internal management structure with responsibility for: implementing the code of practice; determining the employees required to comply with the code of practice ( relevant employees ) and reviewing this on an annual basis; communicating the requirements to all relevant employees and the initial management of any queries raised by those employees; requiring and monitoring relevant employees compliance with the code of practice; and initiating appropriate action for breaches of the code of practice. (incorporating the detailed procedures), Updated May

10 2.2 Financial Governance ( 2) 2 Responsible Body The Responsible Body is responsible for the governance and oversight of financial management and undertakes the duties set out in the Directions. It meets often enough to undertake an effective financial governance role. level 3 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 2.2 (relevant to 2) a) The governance and oversight of the financial management of a public sector agency is the responsibility of the Responsible Body. b) The Responsible Body, in its financial oversight and governance role is to: review all financial reports that are provided to parties external to the public sector agency, prior to their release but subsequent to the approval of the reports by the Chief Finance and Accounting Officer (CFAO) in accordance with Direction 4.3(c); work with management to develop the strategic directions for the public sector agency, set performance indicators, set performance targets, review performance management information and reports against those targets; monitor and oversee the financial performance of the public sector agency on an ongoing basis ensuring appropriate human and financial resources are available; oversee and ensure that procedures are in place that will result in effective and efficient budgeting; ensure a balance of authority so that no single individual has unfettered powers over the finances of the public sector agency; ratify the appointment or removal of the CFAO, where appropriate; review, ratify and oversee the public sector agency s systems of risk management and financial internal controls; approve and monitor the progress of major capital expenditure, capital management, acquisitions and divestitures; meet often enough to undertake its financial governance role effectively, if it comprises more than one person; establish appropriate arrangements to ensure that public funds and resources are used economically, efficiently, effectively, with due propriety, and in accordance with the statutory or other authorities that govern their use; and 3 response includes compliant, partially compliant, non-compliant and not applicable. 6 (incorporating the detailed procedures), Updated May 2015

11 Procedures for Direction 2.2 (relevant to 2) undertake an annual review of its own performance in respect of its financial governance. c) The Responsible Body may, at its sole discretion, formally delegate some of its responsibilities as set out in b) to an Audit Committee, Finance Committee or equivalent. However: this will not diminish the ultimate responsibility of the Responsible Body to oversee the financial performance of the public sector agency and to ensure the integrity of the financial reporting; and the Responsible Body is to retain oversight responsibility for the relevant actions and activities of its delegates. (incorporating the detailed procedures), Updated May

12 2.2 Financial Governance ( 3) level 4 3 Formal statements For agencies: The Accountable Officer and the CFAO have, within the last 12 months, made formal statements to the Responsible Body (Board) that the agency s financial reports present fairly the results and financial condition of the agency and is founded on sound risk management, internal compliance and control systems. For government departments: The CFAO has, within the last 12 months, made a formal statement to the Audit Committee and the Accountable Officer, that the agency s financial reports present fairly the results and financial condition of the Agency and is founded on sound risk management, internal compliance and control systems Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 2.2 (relevant to 2) d) For public sector agencies (excluding government departments), on an annual basis the Accountable Officer and the CFAO should formally state to the Responsible Body that: the public sector agency s financial reports present fairly, in all material respects, of the public sector agency s financial condition and operational results in accordance with the requirements of the Financial Management Act 1994 (FMA) including the Directions; the financial reports are founded on a sound system of risk management and internal compliance and control which implements the policies adopted by the Responsible Body; and the public sector agency s risk management and internal compliance and control system is operating efficiently and effectively in all material respects. 4 response includes compliant, partially compliant, non-compliant and not applicable. 8 (incorporating the detailed procedures), Updated May 2015

13 Procedures for Direction 2.2 (relevant to 2) w) For government departments, on an annual basis the CFAO should formally state to the Audit Committee and the Accountable Officer that: the financial reports present fairly, in all material respects, of the public sector agency s financial condition and operational results in accordance with the requirements of the FMA including the Directions; the financial report is founded on a sound system of risk management and internal compliance and control which implements the policies adopted by the Accountable Officer (as Responsible Body); and the Department s risk management and internal compliance and control system is operating efficiently and effectively in all material respects. (incorporating the detailed procedures), Updated May

14 2.2 Financial Governance ( 4) 4 Audit Committee An Audit Committee has been constituted and has a membership that is consistent with the criteria specified in Direction 2.2. The Audit Committee has functioned within the parameters of a Charter, which has been approved by the Responsible Body and provided to each member of the Audit Committee. It has had direct access to: internal and external auditors; the Accountable Officer; the CFAO; and the public sector agency s management (through the Accountable Officer). Where an Audit Committee does not exist, a written exemption must be obtained from the Minister for Finance. In this case, the Responsible Body undertakes the functions of an Audit Committee. (If your entity is eligible for an exemption and has obtained one you should tick compliant, if you have not obtained an exemption at the time of certification you should tick non-compliant with an appropriate comment). level 5 Procedures for Direction 2.2 (relevant to 4) e) Each public sector agency must, unless an exemption has been obtained, appoint an Audit Committee to oversee and advise the public sector agency on matters of accountability and internal control affecting the operations of the public sector agency. government departments are not eligible for an exemption. f) At least two members of the Audit Committee must be independent and these members are to be identified as independent in the public sector agency s annual report. g) Where the Responsible Body is a board the Audit Committee is to be comprised of at least three members all of whom are nonexecutive directors and a majority of whom are to be independent. 5 Response includes compliant, partially compliant, non-compliant and not applicable. 10 (incorporating the detailed procedures), Updated May 2015

15 Procedures for Direction 2.2 (relevant to 4) h) If the Responsible Body is supported in its financial management responsibilities by an Audit Committee and/or any other committee: the committee should have a Charter that clearly sets out the role and responsibilities, composition, structure and membership requirements; the Charter must be approved by the Responsible Body and provided to each member of the Committee; and the Charter must be formally reviewed by the Audit Committee periodically, but at least every three years, with recommendations for updates approved by the Responsible Body. i) Each committee is to: be adequately resourced be of sufficient size, independence and technical expertise to discharge its mandate effectively; undertake an annual review of its own performance and report the results of that review to the Responsible Body; be fully accountable to the Responsible Body; meet often enough to discharge its role and responsibilities effectively and no less than four times a year; and minute the meetings reflecting work done by the committee to address its roles and discharge its responsibilities. The minutes are to be provided to the Responsible Body at the next meeting or, where the Responsible Body is not a board, a defined and agreed interval, after each Audit Committee meeting. j) Where the Responsible Body has been exempted from creating an Audit Committee, the Responsible Body must: actively assume all the usual roles and responsibilities of an Audit Committee including those responsibilities specifically set out in these Directions; and take appropriate steps to ensure these responsibilities are fully discharged. k) The Accountable Officer and the CFAO are not to be members of their own public sector agency s Audit Committee but are to attend relevant aspects of Audit Committee meetings by standing invitation. l) Unless an exemption has been obtained the Chairperson of the Audit Committee is to be one of the independent members of that Committee. m) Unless an exemption has been obtained the Chairperson of the Responsible Body must not also be the Chairperson of the Audit Committee. (incorporating the detailed procedures), Updated May

16 Procedures for Direction 2.2 (relevant to 4) n) All members of a public sector agency Audit Committee must have and maintain: basic financial literacy; reasonable knowledge of the public sector agency s own risks and controls; integrity, objectivity, accountability, honesty and openness; dedication of time and effort; an enquiring mind; independence of judgement; relevant industry knowledge; and business experience in the public or private sector. o) Members of an Audit Committee who do not have the requisite level of financial literacy and/or industry knowledge at the time of their appointment must undertake induction training before attending an Audit Committee meeting and additional training, as appropriate, to raise their competency to the level described in (n) above. As a minimum requirement the prescribed level of competence must be achieved within the first six months of membership of that Committee. p) At least one member of an Audit Committee must have appropriate expertise in financial accounting or auditing. q) All members of Audit Committees are required to take appropriate and timely action to ensure they have the requisite understanding of the public sector agency s structure, operations and financial management risks to enable them to discharge their responsibilities. r) The CFAO is to provide all newly appointed Audit Committee members with all necessary and relevant information regarding the Committee s responsibilities and the public sector agency s operations and background to enable them to understand the public sector agency and their duties and responsibilities. The CFAO is to agree which information is necessary and relevant with the Audit Committee Chairperson. s) Membership of the Audit Committee is to be reviewed by the Responsible Body on a periodic basis, and at least every three years. t) The Audit Committee must have direct access to the internal and external auditors without management present. u) The Audit Committee must have: direct access to the Accountable Officer, the CFAO and the public sector agency s management, through the Accountable Officer, when required; and the right to seek explanations and additional information. v) The Audit Committee must be able to seek independent, expert advice to assist it in undertaking its oversight responsibilities. 12 (incorporating the detailed procedures), Updated May 2015

17 Procedures for Direction 2.2 (relevant to 4) x) Government departments are required to monitor and report to the Minister for Finance, through the Department of Treasury and Finance, on their compliance with the requirements of the FMA and the Directions. y) Government departments are required to obtain and report to the Minister for Finance, through the Department of Treasury and Finance, on compliance with the requirements of the FMA and the Directions of all public sector agencies within their portfolio. z) Each government department must endeavour to identify instances of non-compliance with taxation legislation by itself or a public sector agency within their portfolio and it must inform the Minister for Finance, through the Department of Treasury and Finance, of instances of non-compliance so identified. (incorporating the detailed procedures), Updated May

18 2.3 Financial Risk Management ( 5) 5 The public sector agency has a financial risk management policy and internal control system in place which addresses the risks associated with the financial management of the public sector agency. The financial risk profile has been critically reviewed by the Responsible Body within the last 12 months. level 6 Procedures for Direction 2.3 (relevant to 5) a) The Responsible Body must: ensure there is a financial risk management policy and internal control system in place which addresses the risks associated with the financial management of the public sector agency and which clearly articulates the public sector agency s expectations and internal accountabilities for management of those risks including the roles and respective accountabilities of the Responsible Body, Audit Committee, management and internal audit; ensure management has implemented an effective framework to proactively identify, assess, monitor, manage and report, on an ongoing basis, the significant financial risks to which the public sector agency is exposed to as a result of, and in the course of its activities and responsibilities; have a clear understanding of the nature, likely impact and potential consequences of the significant financial management and related risks facing the public sector agency and be informed of any significant changes in these; on a regular basis and no less than annually, critically appraise and challenge the financial risk profile prepared by management to enable it to make an informed assessment about its completeness and accuracy and the appropriateness of the arrangements in place for managing and monitoring those risks; provide clear guidance on the level and categories of financial management risk it regards as acceptable for the public sector agency; provide oversight and supervision of financial management risks and the implementation of the related management plans/treatment strategies; and regularly, and no less than annually, review the effectiveness of the public sector agency s system of risk management and internal control. 6 response includes compliant, partially compliant, non-compliant and not applicable. 14 (incorporating the detailed procedures), Updated May 2015

19 Procedures for Direction 2.3 (relevant to 5) b) A public sector agency must implement and maintain an effective and ongoing process to identify risks associated with the financial management of the public sector agency, assess their likelihood and potential impact under a varied set of assumptions and proactively manage those risks. This is expected to include a framework for: identifying the financial risks related to the public sector agency s objectives as detailed in its strategic plan; identifying new financial risks as they emerge and changes in previously identified risks; deciding what initiatives, programs or other actions are needed to deal with the financial risks in a positive, proactive, cost effective way; identifying or designing and implementing financial controls to ensure the actions are carried out as planned; ensuring appropriate information systems and systems of internal control exist to facilitate reporting on financial risk exposures and mitigation strategies; monitoring the implementation and operation of the financial risk management process and reporting to the governing body; and preparation of a list of annual action items to be reviewed and discussed by the Responsible Body of the public sector agency. (incorporating the detailed procedures), Updated May

20 2.4 Authorisations ( 6) 6 Each public sector agency must establish and maintain authorisations covering the overall financial management of the public sector agency, and must establish and maintain authorisations covering the creation of financial obligations (including contingent liabilities and obligations) on behalf of the public sector agency. te: These authorisations must ensure that financial management and the creation of financial obligations are undertaken by staff with appropriate levels of authority and understanding of business operations. Authorisations must be to positions rather than specific individuals, and must be to employees of the public sector agency. Requirements for Departments level 7 Until Departments transition to the Victorian Government Purchasing Board s (VGPB) new policy framework that came into operation on 1 July 2013, the Responsible Body in respect of that Department may delegate to the Secretary of that Department some or all of the powers and responsibilities of a Responsible Body given by this Direction, but only up to the accreditation limit applicable to that Secretary s Department as determined by the VGPB s purchasing accreditation of that Department. After a Department has transitioned to the VGPB s new policy framework, the Responsible Body in respect of that Department may: a) confer any limit on Departmental officers; and/or b) delegate to the Accountable Officer of that Department the power to give financial authorisations for the creation of obligations for any amount up to but not exceeding $10 million; and may also: c) delegate to the Accountable Officer some or all of the responsibilities of the Responsible Body under this Direction except the power to give financial authorisations exceeding $10 million. Requirements for Section 16(1) Public Administration Act 2004 Offices The Responsible Body in respect of an Office may: a) confer any limit on employees of the Office; and/or b) delegate to the person with the functions of a public service body Head in respect of the Office (as determined by section 16 of the Public Administration Act 2004) the power to give financial authorisations for the creation of obligations for any amount up to but not exceeding $10 million; 7 response includes compliant, partially compliant, non-compliant and not applicable. 16 (incorporating the detailed procedures), Updated May 2015

21 and may also: c) delegate to the person with the functions of a public service body Head in respect of the Office (as determined by section 16 of the Public Administration Act 2004) some or all of the responsibilities of the Responsible Body under this Direction except the power to give financial authorisations exceeding $10 million. Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 2.4 (relevant to 6) a) The Responsible Body must give clear financial authorisations to specific positions within the public sector agency. b) All authorisations must be given so as to cease immediately upon the change in name of the specified position or a substantial and material change in the duties of the position. c) The authorisations are to be retained pursuant to the relevant legal requirements for document retention and record keeping. d) Where more than one financial authorisation is assigned to a particular position, internal control procedures must not be compromised. e) A register of financial authorisations must be established and maintained. f) The Responsible Body must review the public sector agency s authorisations and the register of financial authorisations annually and make any necessary changes. g) The Responsible Body must at least annually review the categories and types of financial authority and make any necessary changes. h) A financial authorisation cannot be given to another position by the person authorised. i) An authorisation cannot be given to a contractor or consultant. j) Audit trails must be maintained to demonstrate compliance with this direction. (incorporating the detailed procedures), Updated May

22 2.5 Internal Audit ( 7) 7 An internal audit function exists and works within the parameters of a Charter and an internal audit plan, both of which have been approved by the Audit Committee, or Responsible Body in the absence of an Audit Committee, and are consistent with the requirements of the Directions. A private meeting with the internal auditors has been held at least once in the last 12 months. Where an internal audit function does not exist, a written exemption must be obtained from the Minister for Finance. (If your entity is eligible for an exemption and has obtained one you should tick compliant, if you have not obtained an exemption at the time of certification you should tick - non-compliant with an appropriate comment). level 8 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 2.5 (relevant to 7) a) An internal audit charter is to be approved by the Audit Committee and is to: provide for the internal audit function to report to senior management; provide for the internal auditor to have direct access to the Chairperson of the Audit Committee; provide for internal audit function to have full, free and effective access at all reasonable times to all records, documents and employees of the public sector agency and the right to seek information and explanations; and set out the independent status of the internal audit function and its personnel. b) An annual internal audit plan is to be developed by the internal auditor to address relevant elements of the public sector agency s risk profile. c) The internal audit plan is to be approved by the Audit Committee. 8 response includes compliant, partially compliant, non-compliant and not applicable. 18 (incorporating the detailed procedures), Updated May 2015

23 Procedures for Direction 2.5 (relevant to 7) d) On an annual basis the Audit Committee is to: review the adequacy and focus of the internal audit work plan and its fit with the public sector agency s risk profile and the work of the external auditors; review the internal audit function s performance, its authority, the adequacy of its resources and the proposed allocation of those resources; take steps to confirm that the internal auditor has not been unduly influenced by management or experienced any problems with management; and meet separately and privately with management and the internal auditors if necessary to ensure free, frank and open communications. e) In addition the Audit Committee should make appropriate enquiries to: approve and review management s proposals as to how the public sector agency plans to respond to advice received from the internal auditor; monitor actions taken by management to resolve issues raised by internal audit; and advise management to adopt and address the accepted recommendations from internal audit on a timely basis. (incorporating the detailed procedures), Updated May

24 2.6 External Audit ( 8) 8 The Audit Committee, or Responsible Body in the absence of an Audit Committee, has taken the actions required by Direction 2.6 in respect of external audit for the financial year (or part thereof) just ended, including inviting the external auditor to all relevant meetings and making time available to meet privately to discuss audit related issues at least once within the last 12 months. level 9 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 2.6 (relevant to 8) a) The Audit Committee is required to take appropriate steps to ensure all members have a clear and detailed understanding of and are satisfied with the: scope of work to be undertaken by the external auditor; audit process; and overall audit approach. b) All external audit reports including performance audits completed by the Auditor-General or his or her agent are to be considered by the Audit Committee. c) The Auditor-General or his or her representative is to be invited to attend relevant meetings, or relevant parts of meetings, of the Audit Committee as an observer. d) At appropriate times during the course of each year the Audit Committee is to meet with the Auditor-General or his or her agent or representative to: discuss the proposed audit objectives with a view to eliminating duplication of audit activities with the internal audit function; obtain a briefing on the proposed external audit process; understand the Auditor-General s views on any accounting issues which may impact on the financial statements; and discuss the outcomes of the external audit. e) The Audit Committee is to meet privately with the Auditor-General or his or her agent at least once a year to ensure free, frank and open communication. 9 response includes compliant, partially compliant, non-compliant and not applicable. 20 (incorporating the detailed procedures), Updated May 2015

25 Procedures for Direction 2.6 (relevant to 8) f) The Audit Committee is to: recommend how the Responsible Body should act on advice received from external auditors and ensure management take appropriate action; monitor actions taken by management to resolve issues raised by external audit; monitor whether accepted recommendations of the external auditors are adopted and addressed by management on a timely basis; investigate the reasons for any material adjustments to the accounts; and review the impact of actions taken by management intended to resolve issues. g) The Responsible Body should ensure that all staff in the public sector agency adopt a cooperative and conservative approach with the external auditors on relevant auditing matters. (incorporating the detailed procedures), Updated May

26 Financial Management Structure public sector agency Financial Management Team Structure ( 9) 9 Roles and responsibilities for positions within the financial management team structure, and the prerequisite skills, qualifications and experience have been defined and documented. level 10 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to 9) a) Roles and responsibilities for positions within the financial management team structure must be defined and documented to ensure the most effective and efficient allocation of tasks and resources. Prerequisite skills, qualifications and experience for each position must also be defined and documented. b) Financial management is defined to encompass: budgeting; financial reporting; accounts receivable/payable; procurement; taxation; asset management; financial systems; accounting policies; cash management; project management financial aspects payroll; and management reporting. 10 response includes compliant, partially compliant, non-compliant and not applicable. 22 (incorporating the detailed procedures), Updated May 2015

27 3.1 Financial Management Structure 3.1.2: Chief Finance and Accounting Officer ( 10) 10 CFAO credentials The Responsible Body must ensure financial management leadership is secured from a suitably experienced and qualified CFAO. level 11 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 10) a) The prerequisite skills, qualifications and experience for the CFAO must be clearly defined and documented together with position description, role, duties, rights and responsibilities. 3.1 Financial Management Structure 3.1.2: Chief Finance and Accounting Officer ( 11) 11 CFAO endorsement The CFAO has endorsed financial information submitted to the Accountable Officer, Responsible Body and/or other senior executive forums within the public sector agency. level 11 Procedures for Direction (relevant to Direction Requirement 11) b) The CFAO must endorse financial reports submitted to senior management in any public sector agency, including reports submitted to the Responsible Body, and peak boards and management groups. 11 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

28 3.1 Financial Management Structure 3.1.3: Policies and Procedures ( 12) Direction 3.4 also refers to There are documented and communicated policies and procedures covering the requirements of the Directions (including all relevant requirements in Section 3.4 of the Directions) in respect of financial administration and management. level 12 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 12) a) The Responsible Body must ensure there are formal, documented policies and procedures in relation to financial administration and management. b) There must be effective and efficient communication of policies and procedures to all officers either manually or electronically. c) There must be quality assurance mechanisms in place for monitoring, review and assessment of compliance with policies and procedures. 12 response includes compliant, partially compliant, non-compliant and not applicable. 24 (incorporating the detailed procedures), Updated May 2015

29 3.1 Financial Management Structure Chart of Accounts ( 13) 13 The CFAO or their delegate has established, maintained and distributed a chart of accounts, which meets the requirements of the Directions. level 13 Procedures for Direction (relevant to Direction Requirement 13) a) The CFAO or an approved delegate is responsible for the development and maintenance of a chart of accounts. b) There must be effective and efficient communication of the chart of accounts to all officers within the public sector agency, either manually or electronically. c) A government department must use any chart of accounts issued by the Minister for Finance as a basis for aligning its activities for the purposes of consistency in reporting. d) There should be an explanatory note to each account within the chart of accounts that describes the nature and purpose of the account, as a means to delineate the boundary lines between capital, revenue and expense items and assist categorisation of transactions. 13 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

30 3.1 Financial Management Structure Managing Outsourced Financial Services ( 14) 14 Outsourcing governance All outsourced finance functions or services are governed by contracts, service level agreements or other documented arrangements, each of which has been reviewed for compliance in the past twelve months level 14 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to 14) b) The financial services to be provided under an outsourced arrangement must be able to be detailed in a contract, service level agreement or equivalent, together with performance indicators and measures. c) Performance against the contract, service level agreement or equivalent, must be regularly monitored and reviewed, including a review (at least annually) by the Accountable Officer, or delegate such as the CFAO. If the Accountable Officer is not the Responsible Body, the results of the review should be reported to the Responsible Body. 14 response includes compliant, partially compliant, non-compliant and not applicable. 26 (incorporating the detailed procedures), Updated May 2015

31 3.1 Financial Management Structure Managing Outsourced Financial Services ( 15) 15 Outsourcing approval and audit scrutiny All finance functions or services outsourced during the financial year (period) just ended were subjected to a cost-benefit analysis, approved by the Responsible Body, and detailed in the form of a contract, service level agreement or equivalent and was subject to internal and external audit scrutiny. level 15 Procedures for Direction (relevant to Direction Requirement 15) a) Prior to outsourcing financial functions either in full or part, the costs and benefits must be analysed and the outsourcing decision approved by the Responsible Body d) Outsourced financial functions must be subject to internal and external audit scrutiny. 15 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

32 3.2 Information Technology Systems Information Technology Management ( 16) 16 The Responsible Body has reviewed the use of Information Technology used for financial management within the last 12 months to assess information technology risks and their impact on financial management. level 16 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 16) a) The Responsible Body must review the use of information technology for financial management on at least an annual basis. b) The Responsible Body must conduct or review (at least annually) an assessment of information technology risks and their impact on financial management. 16 response includes compliant, partially compliant, non-compliant and not applicable. 28 (incorporating the detailed procedures), Updated May 2015

33 3.2 Information Technology Systems Information Technology Operations ( 17) 17 There are documented and tested back up, disaster recovery and business continuity procedures in place that are commensurate with the public sector agency s financial management needs. level 17 Procedures for Direction (relevant to Direction Requirement 17) a) At least annually, the public sector agency must formally assess the impact of information technology that supports financial management not being available for an extended period. This should include review and testing of a formally documented disaster recovery plan and business continuity plan. b) The public sector agency must ensure up-to-date backups are maintained for all financial management systems and data being used. c) A register of licences for financial management software must be maintained. In addition, regular audits or verification reviews of the register must be performed (at least annually). d) Error logs must be identified, reviewed and followed up regularly to monitor access to and transactions through financial management systems. e) Where financial systems are connected externally to the internet, controls must be in place to prevent these connections from undermining system security. Controls may include: firewalls; security logs; and encryption. 17 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

34 3.2 Information Technology Systems Security ( 18) 18 A formal assessment has been undertaken within the last 12 months of whether financial management information that is sensitive to the public sector agency and stakeholders is adequately controlled and secured. level 18 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 18) a) On at least an annual basis, a formal assessment must be performed of whether financial management information that is sensitive to the public sector agency and stakeholders is appropriately controlled and secured. The adequacy of the following controls must be considered: security policies; password controls, for both applications and operating platforms; segregation of incompatible duties and user access levels being commensurate with roles and responsibilities; and restricted physical access to the computer room and other sensitive financial management technology assets. 18 response includes compliant, partially compliant, non-compliant and not applicable. 30 (incorporating the detailed procedures), Updated May 2015

35 3.2 Information Technology Systems Development ( 19) 19 A business case was prepared and approved in accordance with the Directions for the development of any proposed financial management system developments during the year. level 19 Procedures for Direction (relevant to Direction Requirement 19) a) At least annually, a review of whether the use of spreadsheets, manual files or core financial processes would be more efficiently or effectively conducted or delivered through the use of a more formal application package or automated system must be undertaken. b) Public Sector Agencies must develop or adopt a formal information technology development methodology for development of financial management systems and technology. c) For all proposed financial management system developments there must be a business case that is approved by the Information Technology Steering Committee (or Responsible Body or Executive Team, where an Information Technology Steering Committee does not exist) and end users. d) For all developments that proceed, there must be project management processes in place including: status reporting of the project to the project sponsor. 19 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

36 3.2 Information Technology Systems Change Control ( 20) 20 A change control process was followed for changes made to financial management systems. level 20 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 20) Public sector agencies must have a change control and management process. 3.3 Education and Training ( 21) 21 The training and education needs for the financial management team have been reviewed by the CFAO or their delegated authority within the last 12 months, and an appropriate program developed to address the training and education needs of financial management staff. level 20 Procedures for Direction 3.3 (relevant to 21) Training and education needs for the financial management team must be reviewed, at least annually, by the CFAO or their delegate and a program must be developed to address these needs. 20 response includes compliant, partially compliant, non-compliant and not applicable. 32 (incorporating the detailed procedures), Updated May 2015

37 3.4 Policies and Procedures ( 12) Direction also refers to There are documented and communicated policies and procedures covering the requirements of the Directions (including all relevant requirements in Section 3.4 of the Directions) in respect of financial administration and management. level 21 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 3.4 including to (relevant to 12) 3.4.1: Revenue a) Policies and procedures for recognising and recording revenue and corresponding receipts must be developed and implemented. b) Responsibility for revenue and related transactions must be delegated to appropriate officers in accordance with Direction 2.4. c) The levels of charges for goods or services provided must be documented and approved by the CFAO, and must be reviewed at least annually by a delegate of the CFAO and a recommendation made to the Responsible Body as to how they should be updated. d) A register of outstanding receivables balances that ages the outstanding balances and is used by management to monitor and follow up on overdue debtors must be maintained. An analysis of aged debtors must be reported to the CFAO, or a delegate of the CFAO, on a monthly basis. e) A public sector agency must regularly assess revenue that is to be foregone, waived or written off. Revenue foregone, waived or written off must be approved by the CFAO or other officer within the approved financial management delegations. f) For government departments, appropriation revenue received for the provision of outputs may only be recognised as revenue following certification by the Treasurer : Cash handling a) Policies and procedures for cash collection and handling must be developed and implemented. b) Responsibility for cash handling must be delegated to appropriate officers in accordance with Direction response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

38 Procedures for Direction 3.4 including to (relevant to 12) c) All sources, locations and methods of cash collection must be identified and approved by the CFAO and articulated in the policies and procedures : Bank accounts a) Bank accounts must only be opened with the express written approval of the Responsible Body or its delegate. b) A public sector agency must have as few banking institutions and bank accounts as practicable. The number of bank accounts and institutions used for banking should be reviewed at least annually by the CFAO. c) All bank accounts must be reconciled, at least on a monthly basis. d) Bank accounts are only to be closed with the approval of the Responsible Body or its delegate. e) All collections must be paid into the appropriate bank accounts completely, accurately and in a timely manner. f) A register of bank accounts and facilities should be maintained. g) All new bank accounts opened and all bank account closures by government departments must be reported to the Department of Treasury and Finance : Cash flow forecasting a) Cash forecasting must be performed to ensure sufficient cash is available to operate the business of the public sector agency, to maximise investment opportunities and minimise borrowing costs. b) Cash forecasts must be regularly compared (at least monthly) against actual cash flows, updated as required and reported to the CFAO. c) Government departments and other Public Sector Agencies who are required to bank into the Public Account must: prepare and provide the Department of Treasury and Finance with long-term cash flow forecasts on a 12 month rolling basis; prepare and provide, on a monthly basis to the Department of Treasury and Finance, detailed daily estimates of cash flows for the next two forecast months; and prepare and provide the Department of Treasury and Finance with daily advice on public account receipts and payments. 34 (incorporating the detailed procedures), Updated May 2015

39 Procedures for Direction 3.4 including to (relevant to 12) 3.4.5: Procurement a) Relevant mandatory elements in relation to procurement are included at Directions 2.1 Financial Code of Practice, Managing Outsourced Financial Service and Expenditure. b) A public sector agency must ensure that its framework of procurement policies and procedures are based on the following principles: value for money; open and fair competition; accountability; risk management; and probity and transparency. c) In addition, a public sector agency must comply with the Victorian Industry Participation Policy issued by the Victorian Government : Expenditure a) Policies and procedures for the timely and accurate recording of committed expenditure must be developed and implemented. b) Officers with appropriate financial delegations are responsible for approving expenditure and related transactions. c) A system to pay all debts as and when they are due and payable and to ensure early payment discounts are fully utilised must be implemented, where appropriate. d) Payments must be made in a secure and efficient manner that takes advantage of technologies. e) Policies and procedures must specifically address and be established in the following expenditure types: capital expenditure; travel; hospitality; personal expense reimbursement; gifts; employee advances; petty cash; purchasing card rules for use and administration issued by the Department of Treasury and Finance. f) All public sector agencies must report to the Minister for Finance, within one month of becoming aware of, any material and substantial breach of policies and procedures relating to the expenditure transaction processing and management and the management action taken by the public sector agency in response to this breach. (incorporating the detailed procedures), Updated May

40 Procedures for Direction 3.4 including to (relevant to 12) 3.4.7: Employee costs a) A system of internal control must be established and documented in relation to the capture, approval, processing and payment of employee expenses such as salary and wages and associated leave expenses. b) There must be independent review and approval of salary and wage data (including all master file changes) prior to processing salary and wage payments. c) There must be security over payroll data including personnel files, payroll reports and other sensitive employee information. d) Payments must be made in a secure, timely, and accurate manner. e) Leave entitlement balances and corresponding liabilities must be recorded and monitored with a view to ensuring they are minimised at all times to avoid any significant impact upon cash flow : Commission on employee payroll deductions a) Commission must not be charged on taxation, superannuation or other mandatory deductions. b) Any commission which is collected must be brought to account as revenue. c) In the case of health insurance deductions, each public sector agency must enter into arrangements with all health insurance funds to collect the commission annually with: the rate of commission payable on contributions determined by DTF; and the rate of commission payable indexed annually in accordance with the annual rate set by the Treasurer under section 5(4) of the Monetary Units Act d) In the case of any other deductions, the Accountable Officer must determine the rate of commission : Physical and tangible assets a) Policies and procedures for asset identification, recording and management must be established and maintained. b) Depreciation and amortisation must be calculated in accordance with relevant accounting standards and taxation requirements. c) Assets must be kept in secure custody and used for authorised purposes only. d) Proper authority in the form of financial delegations or specific authorisation must be obtained before acquiring, transferring or disposing of an asset. 36 (incorporating the detailed procedures), Updated May 2015

41 Procedures for Direction 3.4 including to (relevant to 12) e) Proper policies and procedures must be documented for the revaluation of assets including appropriate approvals for changes to asset values in accordance with financial delegations. f) Records and details must be maintained in relation to contingent assets as required for public sector agency needs, and to satisfy accounting standards and disclosure requirements. g) Records and details for intangible assets must be sufficient to ensure compliance with accounting standards and disclosure requirements, in addition to any operational needs of the business : Liabilities a) Policies and procedures must be developed to ensure that liabilities are incurred for authorised purposes only and that proper authority is obtained prior to incurring liabilities. b) Officers with appropriate authorisation or financial delegations are responsible for incurring liabilities. c) Records and details must be maintained in relation to contingent liabilities and contingent assets as required for public sector agency needs and to satisfy accounting standards and disclosure requirements : Reconciliations Procedures in relation to the completion, review and monitoring of reconciliations must be implemented : Administration of discretionary financial benefits Policies and procedures for the financial management of discretionary financial benefit programs must be developed and implemented, where applicable. Any policies and procedures must be consistent with the FMA and the Directions : Information collection and management a) Appropriate policies and procedures for information collection, storage and dissemination must be developed, implemented and maintained, reflecting regular risk assessments related to key agency sets of data. b) Responsibility for the integrity of significant sets of data must be delegated to appropriate officers by the Accountable Officer. c) Public Sector Agencies must on a regular basis conduct a review of their obligations under this Direction. (incorporating the detailed procedures), Updated May

42 Internal Financial Management Reporting ( 22) 22 Requirements for internal financial management reports have been identified and implemented to maintain timely, accurate, appropriate and effective reporting. Relevant reports have been produced and distributed at regular intervals throughout the financial year. level 22 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 4.1 (relevant to 22) a) The requirements of the public sector agency for financial management information must be identified and used as a basis for the design, preparation and distribution of internal financial management reports. b) Financial management reports must be tabled and discussed by the Responsible Body or at another recognised senior forum as determined by the Responsible Body, on a timely basis to ensure financial information is adequately monitored and acted on. c) Prior to release, internal financial management reports must be reviewed by the CFAO, or delegate for internal financial management reports that are not material. d) The financial systems used by the public sector agency must support internal financial management reporting to the level of detail and within the timeframes required. 22 response includes compliant, partially compliant, non-compliant and not applicable. 38 (incorporating the detailed procedures), Updated May 2015

43 4.2 Reporting Requirements in terms of Part 7 of the FMA ( 23) 23 The financial statements and report of operations have been prepared in accordance with Part 7 of the Financial Management Act 1994 and in the required timeframes. level 23 Procedures for Direction 4.2 (relevant to 23) a) Australian accounting standards (AAS and AASB standards) and other mandatory professional reporting requirements; Financial Reporting Directions; and business rules. b) The financial statements are to comprise the following: a statement of financial position; a statement of profit or loss and other comprehensive income; a statement of changes in equity ; a statement of cash flows; and notes to the financial statements. c) The financial statements must where applicable be signed and dated by the Accountable Officer, CFAO and a member of the Responsible Body, stating whether, in their opinion: the financial statements present fairly the financial transactions during the reporting period and the financial position at the end of the period; the financial statements are prepared in accordance with this direction and applicable Financial Reporting Directions; and the financial statements comply with applicable Australian accounting standards (AAS and AASB standards) and other mandatory professional reporting requirements. d) The financial statements must be expressed to the nearest dollar except where the total assets, or revenue, or expenses of the public sector agency are greater than: $ , when the amounts shown in the financial statements may be expressed by reference to the nearest $1 000; or $ , when the amounts shown in the financial statements may be expressed by reference to the nearest $ e) The financial statements must be reviewed and recommended by the Audit Committee or Responsible Body prior to finalisation and submission. 23 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

44 Procedures for Direction 4.2 (relevant to 23) f) The financial statements of government departments must present fairly and in accordance with the requirements contained within the Model Financial Report for Victorian Government Departments. g) The report of operations should include qualitative and quantitative information on the operations of the public sector agency and should be prepared on a basis consistent with the financial statements prepared by the public sector agency pursuant to the FMA. This report should provide users with general information about the entity and its activities, operational highlights for the reporting period, future initiatives and other relevant information not included in the financial statements. h) The report of operations must be prepared in accordance with the requirements of the Financial Reporting Directions. i) The report of operations for government departments must be presented in accordance with the guidelines contained within the Model Financial Report for Victorian government departments. j) The report of operations must be signed and dated by the Accountable Officer in the case of a government department or, in the case of any other public sector agency, a member of the Responsible Body. k) * * * * * Requirement now contained in the Financial Reporting Direction 8C and should be assessed as part of Direction 4.2 (h). l) Government departments must include in their annual report, but not forming part of the audited financial report, a comparison between their portfolio financial statements published in the relevant Budget Paper and actual results for the portfolio for the corresponding financial year. m) The comparison between portfolio budget and actual figures referred to in (l) above must be presented as a set of financial statements in the same format and consolidation basis as those for the portfolio set out in the relevant Budget Paper for the financial year. These financial statements are to be referred to as budget portfolio outcomes. n) In relation to a financial year each public sector agency must make its financial statements and report of operations available to DTF. o) Financial information for the purposes of meeting the State s Consolidated Financial Reporting requirements in section 24 and 25 of the FMA must be forwarded to the Department of Treasury and Finance in the format and by the date determined by the Deputy Secretary, Budget and Finance. 40 (incorporating the detailed procedures), Updated May 2015

45 4.3 Other External Reporting ( 24) 24 All external reporting requirements have been identified and relevant reports delivered completely, accurately and in a timely manner. level 24 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction 4.3 (relevant to 24) a) Public sector agencies must identify all of their external reporting requirements. b) External financial reports must be delivered completely, accurately and in a timely manner. c) Prior to release, external financial reports must be reviewed by the CFAO or their delegate. 24 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

46 4.4 Financial Performance Management and Evaluation ( 25) 25 The Responsible Body has developed financial key performance indicators (KPIs) working with management, and there is monitoring and reporting of performance against these to the Responsible Body and/or the Accountable Officer. level 25 Procedures for Direction 4.4 (relevant to 25) a) Financial key performance indicators (KPIs) must be developed by the Responsible Body working with management, including the CFAO and the Accountable Officer. b) The financial KPIs must be designed to measure and monitor the financial management performance of the public sector agency. c) Performance against financial KPIs must be measured, monitored and reported on a regular basis (at least quarterly, unless the financial KPI is an annual measure) to the Responsible Body. d) The Responsible Body must ensure that procedures are implemented to monitor financial KPIs. e) Government departments must: set performance indicators for its Departmental objectives in accordance with the business rules contained in Budget and Financial Management Guidance BFMG-08 Objectives Specification, Performance Indicators published by the Department of Treasury and Finance. set output performance targets in accordance with the business rules contained in Budget and Financial Management Guidance BFMG-09 Output Specification, Performance Measures published by the Department of Treasury and Finance. 25 response includes compliant, partially compliant, non-compliant and not applicable. 42 (incorporating the detailed procedures), Updated May 2015

47 4.5 Financial Management Obligations with Directions ( 26) 26 The public sector agency has met its financial management compliance obligations including: conducting an annual review of financial management compliance; and identifying and rectifying financial management compliance issues. level 26 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 26) Public sector agencies must: a) Certify annually, using the form provided by DTF for the purpose, that they have complied with all applicable Directions; b) Conduct an annual review of their obligations under these Directions; and c) Identify and rectify any failure or deficiency in complying with these Directions. 26 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

48 4.5 Financial Management Obligations Taxation Obligations ( 27) 27 The public sector agency has met its taxation compliance obligations by: conducting an annual review of taxation compliance; developing and maintaining taxation policies and procedures; developing and implementing a taxation education program; and identifying and rectifying taxation compliance issues. level 27 Procedures for Direction (relevant to Direction Requirement 27) Public sector agencies must in respect of the requirements and regimes established under the laws of the Commonwealth of Australia: a) certify annually that they have met requirements in relation to taxation compliance and concessions; b) conduct an annual review of compliance with requirements in relation to taxation and concessions; c) develop and maintain taxation policies and procedures for use by agency staff; d) develop and implement a taxation education program for agency staff; and e) identify and rectify any taxation compliance issues. 27 response includes compliant, partially compliant, non-compliant and not applicable. 44 (incorporating the detailed procedures), Updated May 2015

49 4.5 Financial Management Obligations Purchasing Card Obligations ( 28) 28 A purchasing card facility was operated in accordance with the requirements of Direction level 28 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 28) a) Public sector agencies which operate a Purchasing Card ( Card ) must: establish their own facility account, including a maximum monthly account limit, directly with the Card provider; ensure only one Card is issued to each employee approved as a cardholder; ensure cardholders use the Card for official business and that purchases of goods and services are for Government purposes; require cardholders to provide supporting documentation for all transactions and ensure that monthly statements are reviewed and approved by the appropriate financial delegate, and that any discrepancies identified with the cardholder or provider are resolved in a timely manner; ensure cardholders hold a financial delegation and their individual transaction limits do not exceed this delegation; ensure that all individual Card limits do not exceed $25 000, unless approved by the Minister for Finance; ensure adequate monitoring and security procedures are in place; include in the internal audit program a review of the Card scheme and the use of cards issued; and certify annually that they have followed this Purchasing Card procedure b) The accountable officer must provide a written report to the Minister for Finance and the public sector agency s audit committee in the event of a significant instance of unauthorised use of a purchasing card, as soon as an inquiry into the unauthorised use has been completed. c) Each public sector agency to report annually to the Minister for Finance all instances of unauthorised use of its purchasing cards for the period ending 30 June. 28 response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

50 4.5 Financial Management Obligations Thefts and Losses Obligations ( 29) 29 The public sector agency has notified the Minister for Finance and the Auditor-General of any instances of thefts and losses and provided an incident report as required by the Directions. level 29 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 29) a) The Responsible Body must ensure that all cases of suspected or actual theft, arson, irregularity or fraud in connection with the receipt or disposal of money, stores or other property of any kind whatsoever under the control of a public sector agency are notified to the Minister for Finance and the Auditor-General as follows: In respect to the receipt or disposal of money: if the amount is equal to or exceeds $1 000, at the time of the occurrence with an incident report to be provided within two months; or if the amount is less than $1 000 annually for the period ending 30 June together with an incident report. In respect to stores and property of any kind: if the value is equal to or exceeds $20 000, at the time of occurrence with an incident report to be provided within two months; or if the value is less than $20 000, annually for the period ending 30 June together with an incident report. b) An incident report prepared for the purposes of paragraph b) must state, in addition to any other appropriate information: whether internal controls and systems have been reviewed; whether any weaknesses in internal controls and systems have been identified and have or will be rectified; the status of any proceedings, investigations or disciplinary actions; and what has been recovered, whether by way of money, stores, other property or insurance. 29 response includes compliant, partially compliant, non-compliant and not applicable. 46 (incorporating the detailed procedures), Updated May 2015

51 4.5 Financial Management Obligations Risk Management ( 30) 30 The Responsible Body must ensure the public sector agency complies with the mandatory requirements set out in the Victorian Government Risk Management Framework. level 30 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 30) a) The Responsible body must include a statement of attestation in the agency s annual report that the agency has complied with the mandatory requirements of the Victorian Government Risk Management Framework; and b) For public sector agencies with an Audit Committee, the statement of attestation must be verified by the Audit Committee. te: The detailed requirements under the Victorian Government Risk Management Framework for are the same as previously issued under Standing Directions and response includes compliant, partially compliant, non-compliant and not applicable. (incorporating the detailed procedures), Updated May

52 4.5 Financial Management Obligations Treasury Risk Management ( 31) 31 All borrowings, investments and financial arrangements undertaken by the public sector agency conform to the requirements or exceptions outlined within Direction level 31 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 31) Relevant public sector agencies must: a) conduct an annual review of their obligations under this Direction; b) identify and rectify any failure or deficiency in complying with this Direction; c) undertake all borrowings, investments and financial arrangements with a financial institution that is either a State owned entity or has a credit rating, assigned by a reputable rating agency, that is the same as or better than the State of Victoria subject to the following exemptions: where a public sector agency has been granted specific borrowing or investment powers under its constituting legislation, this Direction will not apply (see explanatory note); where the investment is cash on hand in a transactional bank account with an Authorised Deposit-Taking Institution (ADI); where the financial arrangement is a foreign currency hedging transaction of less than $ undertaken with an ADI; where a public sector agency is operating a bank overdraft as part of its normal transactional banking operations; where amounts invested by the public sector agency with an ADI, excluding cash on hand in a transactional bank account, do not in aggregate exceed $ ; where the public sector agency holds money, other than money held on trust for the State or a public body, invested pursuant to a statutory function to hold it on trust for a known beneficiary; or where, following consultation with the public sector agency s portfolio Minister, the Treasurer has in writing approved otherwise. Explanatory te: Where a public sector agency merely has general powers to do things necessary or convenient to perform its functions or achieve its objects, this Direction will apply to that Agency s borrowings or investments. Where specific borrowing and/ or investing powers are provided e.g. investment powers for registered funded agencies under the Health Services Act 1988, this Direction will not apply to those investments. 31 response includes compliant, partially compliant, non-compliant and not applicable. 48 (incorporating the detailed procedures), Updated May 2015

53 4.5 Financial Management Obligations Foreign Exchange Risk Management ( 32) 32 The public sector agency has ensured foreign exchange risks are effectively identified, assessed, monitored, and managed in accordance with the requirements outlined within Direction level 32 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 32) a) Relevant public sector agencies must conduct an annual review of their obligations under this Direction. b) Relevant public sector agencies must identify and rectify any failure or deficiency in complying with this Direction. c) A public sector agency that has a foreign currency exposure that is in aggregate AUD or more and is known with certainty (with respect to the timing and a minimum quantity) must fully hedge the exposure. Except with the prior written approval of the Treasurer, all hedging transactions must be executed with the Treasury Corporation of Victoria (TCV). d) A public sector agency that has a foreign currency exposure that is in aggregate less than AUD and is known with certainty must hedge the exposure where it is considered material. The transaction must be with TCV or an Authorised Deposit-Taking Institution (ADI). e) The accountable officer must verify that the requirements have been complied with. 33 Explanatory te: Exemptions to the requirements of this Direction may only be obtained with the written approval of the Treasurer. This Direction does not apply to foreign currency exposures incurred by a public sector agency where the funds are managed by the Victorian Funds Management Corporation (VFMC), or by VFMC acting as trustee on behalf of a public sector agency, nor does it apply to money held on trust for the private sector. 32 response includes compliant, partially compliant, non-compliant and not applicable. 33 Verification of compliance is to be performed as part of the FMCF certification process. (incorporating the detailed procedures), Updated May

54 4.5 Financial Management Obligations Commodity Risk Management ( 33) 33 The public sector agency has ensured that commodity risks are effectively identified, assessed, monitored, and managed in accordance with the requirements outlined within Direction level 34 Consider the compliance areas within the Direction as outlined below when certifying the compliance level for this. Procedures for Direction (relevant to Direction Requirement 33) a) Relevant public sector agencies must conduct an annual review of their obligations under this Direction. b) Relevant public sector agencies must identify and rectify any failure or deficiency in complying with this Direction. c) A public sector agency is responsible for developing appropriate policies and procedures for managing exposure to specific commodity risk where it is considered these risks could have a material impact on the business. d) A public sector agency must consider whether fully hedging the exposure is appropriate. e) The accountable officer must verify that this requirement has been complied with. 35 This Direction does not apply to commodity exposures incurred by a public sector agency where the funds are managed by VFMC, or by VFMC acting as trustee on behalf of a public sector agency, nor does it apply to money held on trust for the private sector. 34 response includes compliant, partially compliant, non-compliant and not applicable. 35 Verification of compliance is to be performed as part of the FMCF certification process. 50 (incorporating the detailed procedures), Updated May 2015

55

56 2 (incorporating the detailed procedures), Updated May 2015