Audit activities: Information Governance

The Information Governance area covers issues related to the common information flows in the management of central government finances, the reliability of central government data, the development of the cost-effectiveness of production, the improvement of the State Group information, the management of central government risks, internal control, and compliance with the budget.

The audit work of the impact area ensures, in material respects, that the state budget is complied with and that the state’s financial management has effective internal control. Starting from 2020, we have applied a new procedure in the audit of the lawfulness of the state’s financial management and compliance with the budget. This applies particularly to the financial audit conducted in the impact area.

Developing audits of compliance with the budget and the lawfulness of financial management (financial audit)

In its financial audits, the National Audit Office verifies the reliability and usability of the information on central government finances, and the realization of good governance. Reliable information on central government finances and the state’s financial position contribute to sustainable public finances. The NAOF’s core expertise and the related insight are formed in connection with and on the basis of auditing. The NAOF supports the reforms and changes of public sector activities both during audits and in projects for the development of public administration through its expertise and also through speeches, articles, and interaction.

The financial audit conducted by the NAOF implements all of the NAOF’s strategic impact targets both as an audit type and through its audit questions. In addition to auditing, a key means to influence is expert activities both during the audit and in all forums that are relevant for impact work. Through its wide-reaching and regular contacts related to financial audits, the NAOF promotes the implementation of the principles of good governance and the sharing of good practices in the management of central government finances, strengthens Parliament’s budgetary and legislative powers, and supports the administration operating under the Government in the management of central government finances.

During the planning period, we will audit the audit questions that are the most essential in the audit of compliance with the budget in a centralized manner. The audit criteria will be defined in such a manner that they are uniform for all accounting offices, and the audits will utilize data analytics. We will not make any limitations specific for certain accounting offices in the audits. In addition to the centralized audit of compliance with the budget, we will take into account the special characteristics of each government agency in the implementation of and compliance with the budget.

The audit of common information flows in the state’s financial management has also been centralized in material respects. The aim is to conduct the audit of these information flows in a centralized manner in material respects up until the transaction audits required. The controls related to shared processes will be tested both in the audit of the service centre and in the government agencies. We will not make any limitations specific for certain accounting offices in the audits.

In the planning period, government agencies will be audited according to teamwork principles in such a manner that the teams will be responsible for auditing several agencies. The aim is to take the special characteristics of each agency into account already in the organization of the audit. This will make it easier to target the audit work in the planning period at the most essential transactions and operating processes from the agencies’ perspective.

Financial audit reports will be prepared in the planning period on the final central government accounts and on the financial audits of ministries, other accounting offices, and certain funds. The audits conducted by the National Audit Office will continue to cover the ministries and accounting offices, which are obligated by law to prepare final accounts, certain off-budget funds, and the final central government accounts.

We will promote the digitalization of audits and software robotics during the planning period in all sectors of audit work so that new procedures can be introduced quickly and efficiently. The goal is to further automate data transfer and develop analytical audits utilizing data from several sources. Financial audits will be developed during this audit period to better utilize data analytics and to target them by means of analytical assessment and automation, using a risk-based approach. In this development work, we will centralize tasks, for example, to further reduce and centralize manual work. The goal is to verify a significant part of the data given in the final accounts and notes to them by means of automated and centralized audits.

Data analytics will be developed to meet the needs of audit work in close cooperation with the development of audit methods and the organization of audits. The reorganization of audits contributes to efficient integration of the benefits of data analytics with our procedures. The methodology according to the financial audit standards works very well with financial audits conducted using data analytics.

In connection with the development of financial audit, we have launched a project for developing the information systems used in auditing.

Common information flows in the management of central government finances

Common information flows in the management of central government finances cover specified shared processes of the state’s financial management. These processes are need-to-payment, order-to-collection, entry-to-final-accounts, payroll administration, and travel. The processes are mainly shared by all government agencies, and they operate in shared information systems. A key actor in the shared processes is the Finnish Government Shared Services Centre for Finance and HR. Audit work related to these processes will be centralized in essential respects until the necessary transaction audits.

The aim of the audit is to produce an adequate amount of appropriate financial audit evidence on the accuracy of the accounting offices’ final accounts insofar as the accounting transactions are performed in the shared processes: the aim is to present an opinion based on reasonable assurance on the final account items concerned or their assertions. Another aim is to ensure that internal control is appropriately organized and that the provisions laid down have been complied with.

The financial audit of the shared processes is planned on the basis of materiality and risk in such a manner that the audit can efficiently address the identified risks and thereby ensure that the processes and the information systems used in them comply with legislation and that the internal control of the information in the final accounts is appropriate and adequate. Audits targeted at the shared processes reduce the audit risk involved in the opinions given in the financial audit reports of the service centre and the accounting offices that are its customers.

In the planning period, the financial audit of the shared processes will be developed in the audit team for shared processes and in a separate financial audit development project. This requires continuous renewal of the procedures applied in financial audit.

Reliability of central-government-level information and improvement of the State Group information

The final accounts of accounting offices have been audited annually in financial audits. During the planning period, the audit work will continue to be performed without any limitations per accounting office, but the organization and implementation of the audits will be developed. The audits will be conducted to a greater extent from the perspective of central government final accounts. The targeting of audits will be strongly based on materiality and risk.

The National Audit Office has audited and will continue to audit central government final accounts annually. The information contents of central government final accounts will continue to consist of the final accounts of the accounting offices, the reliability of which will thus determine whether the central government final accounts give a true and fair picture. Material balance sheet items are still missing from the balance sheet of the accounting offices and central government. The most significant item is defence materiel. The balance sheet also lacks part of the national heritage. The reliability and information content of central government information will continue to be developed in this respect.

During the planning period, the NAOF will issue financial audit reports on the audits of the final central government accounts and the accounting offices’ final accounts. The financial audit reports present the NAOF’s opinions on the following issues regarding each accounting office and the final central government accounts:

  • compliance with the budget (reasonable assurance),

  • financial statements and notes (reasonable assurance),

  • information on the operational efficiency (limited assurance),

  • internal control (limited assurance).

The audits are planned and resourced in such a manner that the above opinions can be provided.

No consolidated accounts are prepared for the State Group. However, internal transactions of different central government actors are material. They include transactions between government agencies and also between the state and the entities controlled by it. During the planning period, the National Audit Office will, in a manner appropriate to its role, support projects related to the improvement of State Group information and also prepare to audit this information. Uniform financial information on the State Group would contribute to the improvement of the overall operational management as well.

Compliance with the state budget

Compliance with the state budget means that the budget has been prepared in accordance with relevant provisions and regulations and that public administration uses appropriations, revenue estimates, and budget expenditure and revenue in compliance with the budget, and the related provisions and regulations.

When the budget is applied, it is necessary to be aware of the budget valid at any given time and the relevant provisions related to it. During the year, it is important to monitor changes made to the budget, such as supplementary budgets approved by Parliament, permissions to exceed variable appropriations, changes to the account scheme, any letters granting unallocated appropriations for specific uses, and any changes to the most relevant provisions governing the state budget. The audit work aims at promoting knowledge of the budget as a key steering document in the central government.

When auditing compliance with the budget, the National Audit Office will pay special attention to

  • compliance with the key budget principles,

  • compliance with the legislation governing gross and net budgeting

  • the use of items,

  • the types of appropriations and the overrun and carry-over of appropriations,

  • the categorization of expenditure,

  • the justifications for the budget and their wording,

  • the budgeting of authorizations,

  • the allocation of expenditure, revenue, and authorizations to the budget year.

Central government risk management and internal control

The introduction and utilization of new digital technology, and rapid changes in the ICT technology of the operating environment call for rapid solutions, clear operating models and responsibilities, as well as foresight. The problem with the current steering model is that it is unable to respond in a sufficiently quick and timely manner to emerging challenges and risks, which will become more probable and relevant as a result of new methods and technologies. New technologies and methods will also cause new kinds of significant risks and threats to information and cyber security, and data protection, for example. The management of these risks will be even more important in the future.

The increasingly limited central government resources will also cause many kinds of risks to digital capability. In view of the utilization of ICT technology, public administration suffers from uneven distribution of competence. Public administration has limited possibilities of extensive competence renewal. If resourcing problems or any defects in present competence are fixed by outsourcing, there is a risk that wrong functions are outsourced or that functions are outsourced in a wrong way.

The central government is increasingly dependent on ICT technology, and digital procedures and technologies are used in almost all central government functions. It was found in the audit that systems are rolled out into production while their development is still in progress, which results in incomplete controls, for example. Another risk is posed by the central government’s competence and ability to order large IT projects and supervise their implementation. This may result, for example, in a substantial delay in the introduction of an IT system, a significant overrun of the cost estimate, and partial obsolescence of the system upon introduction.

When auditing government agencies, the National Audit Office always goes through the information systems that are important to the management of central government finances and targets its audits annually at the most essential information systems.

The NAOF has been assigned with the task of maintaining and overseeing the transparency register

The establishment of a transparency register was one of the measures proposed in Prime Minister Marin’s Government Programme to strengthen democracy and the rule of law. The National Audit Office will be proposed as the controller and the authority overseeing the activities.

In spring 2020, the Government set up a parliamentary steering group and expert working group to prepare the transparency register, and the group’s report was completed on 2 December 2021. The working group proposes enacting a separate Transparency Register Act to enter into force at the end of 2023 and establishing a transparency register.

The information recorded in the transparency register would include information on legal persons’ and private entrepreneurs’ lobbying activities targeted at Parliament, ministries, and government agencies. Similarly, professional consulting related to lobbying, such as the activities of influencer communications offices, should be entered in the register.

Legal persons or private entrepreneurs should register when they start professional and long-term influencing activities. These actors should also submit activity notifications to the transparency register twice a year – in May and November – on their influencing activities or on the consulting they have provided on influencing. The information would be published on the Internet.

The purpose of registering these activities would be to improve the transparency of decision-making, combat inappropriate influencing, and strengthen citizens’ trust. Lobbying is regarded as an acceptable part of the democratic system, and the transparency register makes these activities transparent.

According to the report, the National Audit Office would be responsible for maintaining the transparency register and, in the future, also for overseeing compliance with the related disclosure obligations. In relation to the transparency register, the NAOF would also set up an advisory board, whose role would be to define a good lobbying practice and to monitor the effectiveness of legislation and the transparency register even otherwise.

Before the introduction of the transparency register in 2023, it would be necessary to define, put out to tender, build, and test the information system to be used.