Audit operations: Information Governance

The Information Governance area covers issues related to the common information flows in the management of central government finances, the reliability of central government data, the development of the cost-effectiveness of production, the improvement of State Group information, the management of central government risks, internal control, and compliance with the budget.

The audit work of the impact area ensures, in material respects, that the state budget is complied with and that the state’s financial management has effective internal control. From 2020 onwards, we apply a new procedure in the audit of the lawfulness of the state’s financial management and compliance with the budget. This applies particularly to the financial audit conducted in the impact area.

Development of the audit of compliance with the budget and the lawfulness of financial management (financial audit)

In its financial audits, the National Audit Office verifies the reliability and usability of information on central government finances and the realization of good governance. Reliable information on central government finances and the state’s financial position contribute to sustainable central government finances. The NAOF’s core expertise and the related insight are formed in connection with and on the basis of auditing. The NAOF supports reforms and changes in public administration with its expertise both during audits and in governance development projects, and through opinions, articles, and other interaction.

The financial audit conducted by the NAOF implements all of the NAOF’s strategic impact targets both as an audit type and in its audit questions. In addition to auditing, a key means to influence is expert activities both during the audit and in all forums that are relevant for impact work. Through its wide-reaching and regular contacts related to financial audits, the NAOF promotes the implementation of the principles of good governance and the sharing of good practices in the management of central government finances, strengthens Parliament’s budgetary and legislative powers, and supports the administration operating under the Government in the management of central government finances.

The audit questions that are the most essential in the audit of compliance with the budget will be audited in a centralized manner during the planning period. The criteria for the centralized audit will be defined in such a manner that they are uniform for all accounting offices. We will utilize data analytics in the audit, and we will not make any limitations specific for certain accounting offices. In addition to the centralized audit of compliance with the budget, we will take into account the special characteristics of each government agency in the implementation of and compliance with the budget.

The audit of common information flows in the state’s financial management has also been centralized in material respects. The aim is to conduct the audit of these information flows in a centralized manner in material respects until the transaction audit required. The controls related to shared processes will be tested both in the audit of the service centre and in government agencies. We will not make any limitations specific for certain accounting offices in the audit.

In the planning period, government agencies will be audited according to teamwork principles in such a manner that the teams will be responsible for the audit of several agencies. The aim is to take the special characteristics of each agency into account already in the organization of the audit. This will make it easier to target the audit work in the planning period at the most essential transactions and operating processes from the agencies’ perspective.

Financial audit reports will be prepared in the planning period on the final central government accounts and on the financial audits of ministries, accounting offices, and certain funds. The audits conducted by the National Audit Office will continue to cover the ministries and accounting offices, which are obligated by law to prepare final accounts, certain off-budget funds, and the final central government accounts.

We will promote the digitalization of audits and software robotics during the planning period in all sectors of audit work so that new procedures can be introduced quickly and efficiently. The goal is to further automate data transfer and develop analytical audits utilizing data from several sources. Financial audits will be developed during this audit period to better utilize data analytics and to target them by means of analytical assessment and automation, using a risk-based approach. In this development work, we will utilize centralization of tasks, for example, to further reduce and centralize manual work. The goal is to verify a significant part of the data given in final accounts and notes to them by means of automated and centralized audits.

Data analytics will be developed to meet the needs of audit work in close cooperation with the development of audit methods and the organization of audits. The reorganization of audits contributes to efficient integration of the benefits of data analytics with our procedures. The methodology based on financial audit standards also works very well with financial audits conducted using data analytics.

In connection with the development of financial audit, we will launch an information system development project. The aim is to compile the entire audit process and the key work phases and guidelines related to it in the information system. The division of tasks between the different financial audit teams can also be managed by means of the information system.

Common information flows in the management of central government finances

Common information flows in the management of central government finances cover specified shared processes of the state’s financial management. These processes are need-to-payment, order-to-collection, entry-to-final-accounts, payroll administration, and travel. The processes are mainly shared by all government agencies, and they operate in shared information systems. A key actor in the shared processes is the Finnish Government Shared Services Centre for Finance and HR. Audit work related to these processes will be centralized in material respects until the necessary transaction audit.

The aim of the audit is to produce an adequate amount of appropriate financial audit evidence on the accuracy of the accounting-office-specific final accounts insofar as the accounting transactions are performed in the shared processes: the aim is to present an opinion based on reasonable assurance on the final account items concerned or their assertions. Another aim is to ensure that internal control is appropriately organized and that the provisions laid down have been complied with.

The audit of the shared processes is planned on the basis of materiality and risk in such a manner that the audit can efficiently address the identified risks and thereby ensure that the processes and the information systems used in them comply with the rules and that the internal control related to final accounts information is appropriate and adequate. Audits targeted at the shared processes reduce the audit risk involved in the opinions given in the financial audit reports of the service centre and the accounting offices that are its customers.

In the planning period, the audit of the shared processes will be developed in the audit team for shared processes and in a separate financial audit development project. This requires continuous renewal of the procedures applied in financial audits.

State aid activities must be effective, and their effectiveness must be assessed continuously. This is a key requirement and applies to both the state aid authority and the entities receiving state aid. A significant annual aid package consists of government grants distributed through the proceeds of gambling activities. Gambling proceeds have decreased annually, and therefore it may be necessary to prioritize government grants in a new way. In this case, effectiveness should be a key criterion when government grants are allocated.

Reliability of central-government-level information and improvement of State Group information

The final accounts of accounting offices have been audited annually in financial audits. During the planning period, the audit work will continue to be performed without any limitations per accounting office, but the organization and implementation of the audits will be developed. The audits will be conducted to a greater extent from the perspective of central government final accounts. The targeting of audits will be strongly based on materiality and risk.

The National Audit Office has audited and will continue to audit central government final accounts annually. The information contents of central government final accounts will continue to consist of the final accounts of the accounting offices, the reliability of which will thus determine whether the central government final accounts give a true and fair picture. Material balance sheet items are still missing from the balance sheet of the accounting offices and central government. The most significant item is defence materiel. The balance sheet also lacks part of the national heritage. The reliability and information content of central-government-level information will continue to be developed in this respect.

No consolidated accounts are prepared for the State Group. Internal transactions of different central government actors are material. They include transactions between government agencies and also between central government and entities controlled by it. During the planning period, the National Audit Office will, in a manner appropriate to its role, support projects related to the improvement of State Group information and also prepare to audit this information. Uniform financial information on the State Group would contribute to the improvement of the overall operational management as well.

A significant part of the state’s long-term liabilities consists of pensions for which the state is liable. In the state budget, pension expenditure is a significant expenditure item. The objective of our audit is to provide an overall picture of how pensions are managed outside the state’s direct financial management. Another objective is to provide an overall picture of the steering of other entities than central government actors and how this differs from central government steering. The aim is also to compile an overall assessment of the state’s long-term pension liabilities. Our audit examines how central government finances have prepared for an increase in the pension liabilities annually financed from the budget. It will also be ensured that the use of state funds outsourced to pension institutions and pension companies is appropriately regulated, supervised and legal.

Compliance with the state budget

Compliance with the state budget means that the budget has been prepared in accordance with relevant provisions and regulations and that public administration uses appropriations, revenue estimates, and budget expenditure and revenue in compliance with the budget, and the related provisions and regulations.

When the budget is applied, it is necessary to be aware of the budget valid at any given time and the relevant provisions related to it. During the year, it is important to monitor changes made to the budget, such as supplementary budgets approved by Parliament, permissions to exceed variable appropriations, changes to the account scheme, any letters granting unallocated appropriations for specific uses, and any changes to the most relevant provisions governing the state budget. The audit work aims at promoting knowledge of the budget as a key steering document in central government.

When auditing compliance with the budget, the National Audit Office will pay special attention to

  • compliance with the key budget principles

  • compliance with the legislation governing gross and net budgeting

  • the use of items

  • types of appropriations, and overrun and carry-over of appropriations

  • categorization of expenditure

  • justifications for the budget and their wording

  • budgeting of authorizations

  • allocation of expenditure, revenue, and authorizations to the budget year.

Through our audit work, we have promoted the uniformity of the state budget and the clarity of budget practices. The follow-up of the audit is conducted when the budget for 2022 is prepared.

Central government risk management and internal control

The use, introduction and utilization of new digital technology, and the rapid changes in the ICT technology of the operating environment call for rapid solutions, clear operating models and allocation of responsibilities, as well as foresight. The problem with the current steering model is that it is unable to respond in a sufficiently quick and timely manner to emerging challenges and risks, which will become more probable and relevant as a result of new methods and technologies. New technologies and methods will also cause new kinds of significant risks and threats to information and cyber security and data protection, for example. The management of these risks and threats will be increasingly important.

From the perspective of effective financial management and central government revenue, it is absolutely essential that the taxation process is effective and efficient. Effectiveness is also linked with the automation of the process and with ensuring that the right amount of statutory taxes is collected at the right time. The Act on the Assessment Procedure for Self-Assessed Taxes has been in force since 2017, and it has not been subject to any audits. The off-the-shelf software reform (the Valmis project) has been underway in the Finnish Tax Administration since 2013. The project will end in 2020, when all tax information systems have been replaced by a new uniform information system. The system covers all types of tax.

The increasingly limited resources of central government will also cause many kinds of risks to digital capability. In view of the utilization of ICT technology, public administration suffers from uneven distribution of competence. Public administration has limited possibilities of competence development. If resourcing problems or any defects in present competence are fixed by outsourcing, there is the risk that outsourcing is used in wrong functions or in a wrong way.

Central government is increasingly dependent on ICT technology, and digital procedures and technologies are used in almost all central government functions. It was found in the audit that systems are rolled out into production while their development is still in progress, which results in incomplete controls, for example. Another risk is central government’s competence and ability to order large information system projects and supervise their implementation. This may result, for example, in a substantial delay in the introduction of an information system, in a significant overrun of the cost estimate, and in partial obsolescence of the system upon introduction.

When auditing government agencies, the National Audit Office always goes through the information systems that are important to the management of central government finances, and the NAOF directs its audits annually to the most essential information systems.