Audit committees can catalyse better governance in an entity.
They help entities become more efficient, effective, and economical, and promote accountability, integrity and transparency. They are an important group for advocating our audit recommendations and monitoring their entities’ implementation progress.
This page shares some of our resources that may be of value to audit committees.
[Feature an item here?]
We select audit topics that matter most to Queensland. Our planning approach helps identify the risks and opportunities facing public service delivery, and we align our audit topics in response.
View our 3-year forward work plan and learn more about our upcoming audits.
We produce reports to parliament on the results of our audits. They:
- consolidate our audit results and findings
- may include recommendations for entities
- share the broader insights we have gathered across our work.
Tabled reports to parliament >
We prepare advice for state and local government public sector entities in response to the issues, challenges, and opportunities we identify through our audit work and engagement.
Key elements of an effective audit committee
This better practice guide can help audit committees understand how effectively they are delivering on their role, and provides actions they can take for improvement. Audit committees can use the guide to regularly reassess and refine what value they provide and how they provide it.
New cyber one
This checklist provides key questions that all entities can consider when managing their third-party cyber security risks. It is a practical tool to help entities align their systems, processes, and practices with better practice guidance.
Link >
Role capability checklist for cyber attack response and recovery
This checklist helps entities map where they do or do not hold relevant cyber capabilities across their people, processes, or through technology.
Link >
Cyber response and recovery governance checklist\
This checklist provides key questions that those charged with governance (such as executive management, boards, and councillors) can consider when planning how they respond to and recover from cyber security incidents.
Link >
Risk management maturity model
This model can help entities self-assess their risk management practices to understand what they are doing well and where they need to improve. It includes 19 questions and outlines 4 levels of maturity across the primary attributes of risk management.
Link >
You can find the full range of our resources, including guides, checklists and self–assessment tools, on our Better practice page >
Local government audit committees—getting the right membership - TEMP EDIT just to have an example of a tile that goes over 3 lines as a test
Appointing the right members to a council’s audit committee allows for informed, effective oversight. Effective audit committees…
Are your ‘everyday’ internal controls strong enough to prevent a fraud attempt?
Frauds are continuing to occur in the Queensland public sector. Over the last 18 months alone, successful frauds have resulted in losses of over $2.2 million.
Local government audit committees—getting the right membership - TEMP EDIT just to have an example of a tile that goes over 3 lines as a test
Appointing the right members to a council’s audit committee allows for informed, effective oversight. Effective audit committees…
The role of audit committees in financial reporting
Audit committees are typically assigned a broad range of responsibilities under their charters.
How can audit committees improve audit quality?
A key element of effective audit committees is the existence of a strong and robust relationship with external audit.This relationship should be built on open, regular, and frank communication between the committee and the…
Our update on Queensland Treasury’s reporting requirements for 2025
In this blog, we summarise Queensland Treasury’s major changes in its 2024–25 Financial Reporting Requirements for Queensland Government Agencies (FRRs) and its Non-Current Asset Policies for the Queensland Public Sector (NCAPs)…
Are you managing your legacy system risks?
Modern technology systems are essential to efficient and productive businesses, helping to strengthen service delivery, security, and operational efficiency.
Does your entity need to prepare for climate reporting?
A new era of climate-related reporting has arrived in Australia. It’s time to ensure entities required to report are preparing for the change.
How understanding the ‘fraud risk triangle’ can reduce employee fraud risk
Data shows that losses due to employee fraud in public sector entities are on the rise.
What does it mean to have a 'culture of risk leadership'?
How does the tone at the top influence a risk culture?The risk culture of an organisation is influenced by the style and behaviours of those responsible for its leadership.
We prepare dashboards for some of our reports to parliament to help illustrate our insights.
Our dashboards allow you to find out more about the performance of public sector and local government entities based on where you live or the services you receive. Search your address, click the map, or select a region, and compare entities.
You can explore:
- the status of Auditor-General's recommendations
- grants in Queendland
- services and finances across the state in our QAO Queensland dashboard.
We host events for our clients to raise awareness of emerging issues and share our industry expertise and insights.
Biannually, QAO briefs public sector and local government audit committee chairs. These briefings are usually held in May and December each year, and upcoming dates are published on our Events page in advance.
Our most recent briefing was in Month, Year, and covered ...
Link to latest pack and info on what we covered >
Are you managing your legacy system risks?
Modern technology systems are essential to efficient and productive businesses, helping to strengthen service delivery, security, and operational efficiency.
Is your Information Security Management System helping you mitigate cyber risk?
In its most recent Annual Cyber Threat Report (2021), the Australian Cyber Security Centre reported a 13 per cent increase in cybercrime reports over the previous year, with no sector of the Australian economy immune to the…
The role of governance committees in managing cyber security risks
As cyber attacks continue, cyber risk has become one of the top enterprise-wide risks facing entities. Entities need to remain vigilant and governance committees need to ensure they understand the impact of cyber risk on…
Have you considered physical security as part of your cyber security strategy?
Entities need more than technical security controls to protect their data from cyber security risks.
What does the Queensland Government’s information security policy (IS18:2018) mean for you?
The impacts of cyber attacks, and malicious or inadvertent actions of employees, present a very real risk.
Access controls for information technology systems
Technological advances now enable departments to use a range of services that combine into wider technology ecosystems.
Advice on reporting data breaches
Cyber security risks represent one of the most significant threats to all organisations, with attacks increasing in intensity and frequency.
Advice on ransomware prevention and recovery
Ransomware attacks are among today’s most significant organisational threats. They aim to lock organisations out of their systems and files (usually through encryption).
[OR]
Connect at our events
We host events for our clients to raise awareness of emerging issues and share our industry expertise and insights.
Biannually, QAO briefs public sector and local government audit committee chairs. These briefings are usually held in May and December each year, and upcoming dates are published on our Events page in advance.
Our most recent briefing was in Month, Year, and covered ...
Link to latest pack and info on what we covered >
Our update on Queensland Treasury’s reporting requirements for 2025
In this blog, we summarise Queensland Treasury’s major changes in its 2024–25 Financial Reporting Requirements for Queensland Government Agencies (FRRs) and its Non-Current Asset Policies for the Queensland Public Sector (NCAPs)…
How understanding the ‘fraud risk triangle’ can reduce employee fraud risk
Data shows that losses due to employee fraud in public sector entities are on the rise.
What does it mean to have a 'culture of risk leadership'?
How does the tone at the top influence a risk culture?The risk culture of an organisation is influenced by the style and behaviours of those responsible for its leadership.
Local government audit committees—getting the right membership - TEMP EDIT just to have an example of a tile that goes over 3 lines as a test
Appointing the right members to a council’s audit committee allows for informed, effective oversight. Effective audit committees…
Are you managing your legacy system risks?
Modern technology systems are essential to efficient and productive businesses, helping to strengthen service delivery, security, and operational efficiency.
Is your Information Security Management System helping you mitigate cyber risk?
In its most recent Annual Cyber Threat Report (2021), the Australian Cyber Security Centre reported a 13 per cent increase in cybercrime reports over the previous year, with no sector of the Australian economy immune to the…
The role of governance committees in managing cyber security risks
As cyber attacks continue, cyber risk has become one of the top enterprise-wide risks facing entities. Entities need to remain vigilant and governance committees need to ensure they understand the impact of cyber risk on…
Have you considered physical security as part of your cyber security strategy?
Entities need more than technical security controls to protect their data from cyber security risks.
What does the Queensland Government’s information security policy (IS18:2018) mean for you?
The impacts of cyber attacks, and malicious or inadvertent actions of employees, present a very real risk.
Access controls for information technology systems
Technological advances now enable departments to use a range of services that combine into wider technology ecosystems.
Advice on reporting data breaches
Cyber security risks represent one of the most significant threats to all organisations, with attacks increasing in intensity and frequency.
Advice on ransomware prevention and recovery
Ransomware attacks are among today’s most significant organisational threats. They aim to lock organisations out of their systems and files (usually through encryption).