Go to top of page


The AOFM’s enterprise risk management framework is complemented by an assurance framework that is used to monitor the operation and effectiveness of key controls. The framework is designed to meet the needs of the AOFM and is modelled on best practice industry standards.

The AOFM’s compliance with external obligations, internal controls, and its business procedures is monitored through a co‑sourced arrangement, with in‑house assurance and compliance activities supplemented by the use of independent internal audit services.

In 2019‑20, assurance and compliance activities provided structured assurance on the effectiveness and efficiency of the AOFM’s governance arrangements, risk management and internal control environment. Key activities undertaken in 2019‑20 included:

  • completion of the annual assurance testing program to assess operating effectiveness of key controls and compliance with key legislative and policy requirements
  • maintenance and performance of the AOFM’s approach to obligations under the Anti‑Money Laundering and Counter‑Terrorism Financing Act 2006, and
  • completion of the annual fraud control testing program.

Information and output derived from the enterprise risk management and assurance frameworks support the CEO in meeting an obligation to maintain systems of risk management and internal control pursuant to section 16 of the PGPA Act.

Internal audit

The AOFM’s internal audit service provider is PricewaterhouseCoopers. Internal audit coverage is determined using a methodology aligned with professional internal audit standards, with due regard to the AOFM’s business and risk contexts. The Audit Committee endorses the internal audit strategy, for CEO approval.

The internal auditor completed three reviews in 2019–20:

  • a review of AOFM’s cash management, with a focus on the processes designed to manage and monitor the government’s cash balances;
  • a review of AOFM’s financial risk policy framework; and
  • a review of AOFM’s information security awareness.

Two reviews from the 2019–20 strategic internal audit plan were deferred:

  • a review of AOFM’s implementation of the Australian Business Securitisation Fund was deferred to the first quarter of 2020‑21 to align with completion of the first transaction; and
  • a business continuity exercise was deferred to 2022‑23 as there was extensive business continuity testing during 2019‑20 (for example, the January bushfires and the pandemic).

In its annual report on internal controls, the internal auditor concluded that the AOFM continues to have a mature control environment (demonstrated by the nature and type of findings reported). Audit recommendations were aimed at enhancing the efficiency of the current control environment or clarifying current settings. At 30 June 2020, four internal audit recommendations remained outstanding and are being addressed in accordance with agreed timelines.