Reports and publications

Browse our range of reports and publications including performance and financial statement audit reports, assurance review reports, information reports and annual reports.

View reports and publications

Insights

The aim of audit insights is to communicate lessons from our audit work to make it easier for people working within the Australian public sector to apply those lessons.

View ANAO Insights

Work program

The ANAO work program outlines potential and in-progress work across financial statement and performance audit.

View the work program

Careers

Our staff add value to public sector effectiveness and the independent assurance of public sector administration and accountability, applying our professional and technical leadership to have a real impact on real issues.

View Careers

About us

The Australian National Audit Office (ANAO) is a specialist public sector practice providing a range of audit and assurance services to the Parliament and Commonwealth entities.

About Us

The Financial Statements Audit Services Group (FSASG) volume of the ANAO Audit Manual applies to the financial statement audit activity performed by FSASG in collaboration with the Systems Assurance and Data Analytics (SADA) group. Relevant policies and guidance from the FSASG volume are also applied to other assurance work performed by FSASG. Policies and guidance in the FSASG volume address the planning, execution and reporting stages of the financial statement audit process.

ANAO Audit Manual

Shared content

FSASG specific

PASG specific

PSASG specific

Engagement performance — general

Chapters 101 to 106

101. Terms of audit engagement

Policy

101.1 An engagement letter shall be issued for each new audit engagement. The terms of engagement shall be formally re-confirmed at least every 5 years.

101.2 Circumstances where an engagement letter shall be re-issued include, but are not limited to, a material change to the terms of the audit engagement, including:

  1. a change in legal or regulatory requirements, including significant changes in Australian National Audit Office (ANAO) Auditing Standards impacting on the terms of the audit engagement;
  2. a change in the financial reporting framework adopted in the preparation of the financial statements; and
  3. a change in other significant reporting requirements.

101.3 The Engagement Executive shall assess whether there is a need to draw the attention of the entity to the existing terms of engagement. These circumstances include, but are not limited to:

  1. a change in:
    1. (the head of) the accountable authority for a Commonwealth entity, or
    2. the Board Chair for a Commonwealth company or subsidiary company; or
    3. for all other auditees, the person with ultimate responsibility for the preparation of the financial statements to be audited; or
  2. where there is an indication that the entity misunderstands the objective and scope of the audit.

101.4 The Engagement Executive shall consider whether the circumstances identified in paragraph 101.3 warrant the re-issue of the terms of engagement.

When the audit engagement is undertaken according to legislation, including legislation other than the Auditor-General Act 1997 (Cth) (A-G Act), the applicable terms contained in the legislation shall be included in the letter. This includes the legislation creating the Auditor-General’s mandate to perform the audit or, where the audit is conducted by arrangement, section 20 of the A-G Act.

Guidance

101.5 Engagement letters are required for each individual engagement performed by the Auditor-General irrespective of whether the engagement is a mandated engagement or entered into by arrangement under section 20 of the A-G Act.

101.6 For financial statement audits mandated by legislation, the engagement letter is sent to the accountable authority of a Commonwealth entity (normally the Chair is the accountable authority where the authority has more than one member) or to the Chair of the Board of Directors of a Commonwealth company or subsidiary company for their acknowledgement. As the terms of the audit engagement for financial statement audits are mandated by legislation, these are not subject to agreement from management. However, there is still a requirement to obtain written acknowledgement from the accountable authority that they understand their responsibility under the audit.1 Where the audit is conducted by arrangement under section 20 of the Auditor-General Act 1997, the engagement letter is sent to the accountable authority or to the Chair of the Board of Directors for their agreement.

101.7 ASA 210 Agreeing the Terms of Audit Engagements requires that, on recurring audits, the auditor should assess whether circumstances require the terms of the engagement to be revised, and whether there is a need to re-confirm in writing the existing terms of the engagement with the entity.2

101.8 Paragraphs 101.2 and 101.3 list situations where ANAO policy requires an engagement letter to be revised and re-issued or requires the attention of the entity to be drawn to the existing terms. Subject to these specific policy requirements, it is a matter for judgement by the Engagement Executive whether to formally confirm the terms of engagement or to draw attention to existing terms. The list of circumstances in paragraphs 101.2 and 101.3 are not exhaustive, and the Engagement Executive needs to be alert to other circumstances where an entity needs to be advised of revised terms of engagement or reminded of the existing terms. Examples where the Engagement Executive will need to consider re-issuing or drawing the entity’s attention to the terms of engagement include:

  1. a change of several Board members (other than the Board Chair);
  2. a change of Audit Committee Chair;
  3. a significant change in ownership; and
  4. a significant change in nature or size of the entity’s business e.g. by the addition of functions following an Administrative Arrangements Order (AAO).

101.9 A new formal acknowledgement by the entity is needed when the matters covered by the current engagement letter change or new conditions relevant to an engagement arise. Examples are changes in governing legislation, respective responsibilities or reporting requirements. In this situation, formal acknowledgement on behalf of the entity of the revised terms of engagement is needed from the (head of the) accountable authority, company Board Chair or equivalent.

101.10 Where the existing terms of engagement are unchanged but there is a need to draw the entity’s attention to the existing terms, a response from the entity is not required.

101.11 For the purpose of applying paragraph 101.5, the applicable legislation for most Financial Statements Audit Services Group (FSASG) financial statement audits is the Public Governance, Performance and Accountability Act 2013 (Cth) (PGPA Act) or the Corporations Act 2001 (Cth) (Corporations Act). In a small number of cases, the audit is conducted under entity-specific legislation (e.g. High Court of Australia Act 1979 (Cth)) or under other arrangements.

101.12 Pro forma engagement letters are located in Teamstore.

102. Roles and responsibilities of the Engagement Executive

Background

102.1 This policy sets out the responsibilities of the Engagement Executive in a financial statements audit or other FSASG assurance engagement conducted in-house. This policy does not apply to those engagements where the responsibility for the audit is substantially contracted to a third party. In these circumstances, the responsibilities of the ANAO Engagement Executive are specified in Chapter 105 Project managed audits.

102.2 The Signing Officer is formally the ‘engagement partner’ under the auditing standards. The engagement partner is defined in the auditing standards as the person who is responsible for the audit engagement and its performance, and for the auditor’s report that is issued on behalf of the firm.

102.3 In practice in the ANAO, the duties of the engagement partner are fulfilled by the FSASG Engagement Executive. This policy on the roles and responsibilities of the Engagement Executive applies whether the Engagement Executive is also the Signing Officer for the audit or not. Where the Signing Officer is a person other than the Engagement Executive, additional policies apply (see Chapter 103 Role and responsibilities of the Signing Officer.)

Policy

102.4 The Engagement Executive shall fulfil:

  1. the responsibilities of the ‘engagement partner’ under the ANAO Auditing Standards and assigned by legislation:
    1. in their own right, when the Engagement Executive is also the Signing Officer for the audit; and
    2. on behalf of the Signing Officer, where another person signs the auditor’s report; and
  2. other responsibilities assigned by ANAO policy.

102.5 Where this Manual specifies a policy requirement, that policy does not require the Engagement Executive to be directly involved in the performance of that action unless the policy specifically requires the Engagement Executive to do so. However, as required by 102.4, the Engagement Executive retains overall responsibility that the audit has been conducted in accordance with this Manual. Further, as required by Chapter 8 Engagement performance of the ANAO Audit Manual Shared Content, the Engagement Executive also retains overall responsibility for suitable direction, review and supervision being provided to the members of the audit team working on an engagement. They are responsible for creating an environment that emphasises ANAO culture and the expected behaviour of engagement team members. In managing quality at the engagement level, ASA 2203 permits the Engagement Executive to assign the design or performance of some procedures, tasks or actions to appropriately skilled or suitably experienced members of the engagement team to assist the Engagement Executive. In such circumstances, ASA 2204 requires the Engagement Executive to continue to take overall responsibility for managing and achieving quality on the audit engagement.

102.6 Where the Signing Officer for the audit is the Auditor-General or Deputy Auditor-General, the Engagement Executive shall provide the Auditor-General with:

  1. At planning:
    1. Audit Strategy Document;
    2. Materiality levels determined for the financial statements and where relevant particular items, including ‘overall materiality’, ‘performance materiality’, and ‘clearly trivial threshold’. This information shall be included in a cover letter which is to accompany the Audit Strategy Document;
  2. At interim (if applicable):
    1. Interim Management Letter;
  3. At the end of the audit:
    1. For contract-out audits, the Signing Officers Review Memorandum (SORM);
    2. Closing letter;
    3. Final draft of the financial statements;
    4. Proposed auditor’s report; and
  4. Any other information as directed by the Auditor-General in the form and at the audit stage requested.

102.7 Consistent with the responsibilities of an engagement partner under the ANAO Auditing Standards:

  1. Where an Engagement Quality Reviewer (EQR) is appointed to the audit, the Engagement Executive shall discuss significant matters arising during the audit, including those identified through the EQR’s processes, with the EQR and also with the Signing Officer if applicable.
  2. Where an EQR has not been appointed, the Engagement Executive shall be alert for changes in circumstances that would require an EQR to be appointed.

102.8 Consistent with ASA 220 Quality Management for an Audit of a Financial Report and Other Historical Financial Information, the Engagement Executive shall, on or before the date of the auditor’s report, through a review of the audit documentation and discussion with the engagement team, determine that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued.5

The FSASG GED shall not exercise any authority specifically reserved by the Audit Manual to the role of FSASG GED with regards to the audits for which they have been appointed Engagement Executive. In these circumstances, the Auditor-General or the Deputy Auditor-General shall delegate this authority to other GEDs in the ANAO.

Guidance

102.9 Australian Auditing Standards (ASA) require certain responsibilities to be undertaken by the engagement partner. This approach is explained in the definition of ‘auditor’, as follows:

‘Auditor’ is used to refer to the person or persons conducting the audit, usually the engagement partner or other members of the engagement team, or, as applicable, the firm. Where an ASA expressly intends that a requirement or responsibility be fulfilled by the engagement partner, the term ‘engagement partner’ rather than ‘auditor’ is used.6

102.10 These requirements are concentrated mainly in ASA 220.7 Some other standards also have engagement partner-specific requirements or guidance.8

102.11 The responsibilities in the auditing standards which this policy places on Engagement Executives include the following:

  1. the overall quality on each audit engagement to which the Engagement Executive is assigned;
    1. through their actions and appropriate messages to the engagement team, the Engagement Executive should emphasise the importance of compliance with the ANAO Auditing Standards and quality management policies and procedures. In addition, the engagement team should have the ability to raise concerns without fear of reprisals. Quality is essential in performing audit engagements and the overall quality of the audit is maintained by ensuring that the audit is performed consistent with ANAO standard methodology.
  2. the engagement team’s compliance with relevant ethical requirements including APES 110;
    1. these include the principles of integrity, objectivity, professional competence and due care, confidentiality and professional behaviour. The Engagement Executive should actively monitor and encourage ethical behaviour and take action where behaviour does not meet the standards of the requirements.
  3. the engagement team’s compliance with the ANAO’s Independence Policy (ANAO Audit Manual – Shared Content Chapter 5);
  4. for audits by arrangement, applying appropriate procedures regarding acceptance and continuance of auditee relationships and specific audit engagements;9
    1. these procedures should include consideration of the integrity of those charged with governance and management, competence of the engagement team and compliance with ethical requirements. All conclusions reached should be documented within the audit file.
  5. communication of the role of Engagement Executive and where different, the Signing Officer, to key members of auditee management and those charged with governance;
  6. the appropriate planning of the engagement consistent with ASA 300 Planning an Audit of a Financial Report;
  7. the assignment of engagement teams and auditor’s experts which collectively have the appropriate levels of competence and capabilities, including sufficient time and resources10 (see also ANAO Audit Manual – Shared Content)
    1. the Engagement Executive shall emphasise to the engagement team that all team members are responsible for contributing to managing and achieving quality at the engagement level; the importance of professional ethics, values and attitudes; the importance of open and robust communication and the ability to raise concerns without fear of reprisal; and the importance of exercising professional scepticism..11 When considering the competence and capabilities of the engagement team as a whole, the Engagement Executive may take into account such matters as the team’s understanding and practical experience of audit engagements of a similar nature, their understanding of Australian Auditing Standards and regulatory and legal requirements, technical expertise, ability to apply professional judgement and understanding of the ANAO’s quality management policies and procedures.
  8. the direction, supervision and review of the performance of the engagement that is: consistent with professional and auditing standards and regulatory and legal requirements; and responsive to the nature and circumstances of the audit engagement and the resources assigned or made available to the engagement team by the ANAO. The Engagement Executive should document the extent and timing of their reviews. Refer to the policy Direction, Supervision and Review (ANAO Audit Manual - Shared Content, paragraphs 8.2-8.4) for further guidance;
  9. ensuring that sufficient and appropriate audit evidence exists and is documented to support the conclusions reached and for the auditor’s report to be issued;
    1. in line with the ANAO policy Audit Documentation (ANAO Audit Manual - Shared Content, paragraphs 9.2-9.17) the only work that should be done after the signing of the auditor’s report is that of an administrative nature.
  10. following appropriate procedures for consultations and differences of opinion and, in particular, ensuring compliance with the ANAO policy on differences of opinion (ANAO Audit Manual - Shared Content, paragraphs 8.12-8.40);
  11. determining that an EQR has been appointed, as required by the ANAO Auditing Standards and ANAO policy (refer to policy Engagement Quality Review (ANAO Audit Manual - Shared Content, paragraph 8.44-8.46);
  12. discussing the susceptibility of the entity to material misstatement, particularly due to fraud, with the engagement team; and
  13. enough involvement in the audit engagement at appropriate stages throughout the engagement including attendance at key meetings, discussions with the engagement team, EQR and Signing Officer (where appropriate) and the completion of the planning and completion checklists at the appropriate stages of the audit.
Relationship with engagement quality reviewer

102.12 Where an EQR has been appointed:

  1. significant issues arising on an engagement should be considered by the Engagement Executive (and the Signing Officer if applicable) in consultation with the Professional Services Group (PSG) as appropriate before consultation with the EQR to preserve the EQR’s objectivity. Where there is a difference of opinion between the Engagement Executive (and the Signing Officer if applicable) and the EQR, ANAO policy on Differences of Opinion in ANAO Engagements (ANAO Audit Manual - Shared Content, paragraphs 8.75-8.79) should be followed;
  2. the auditor’s report cannot be issued until the completion of the engagement quality review (refer to the Engagement Quality Reviewer policy (ANAO Audit Manual - Shared Content, paragraph 8.60.))

102.13 Where an EQR has not been appointed, circumstances which may cause the Engagement Executive to seek to have an EQR appointed could include the emergence of an unforeseen risk of material misstatement (RoMM), identification of areas which are complex or contentious, or an increased reputational threat to the ANAO. For audit engagements for which an engagement quality review is required, the Engagement Executive cooperates with the EQR and informs other members of the engagement team of their responsibility to do so.

Date of signing the auditor’s report

102.14 The date of signing the auditor’s report should coincide with the date financial statements (or other reports) are signed. The Engagement Executive should endeavour to agree an audit timetable with the auditee that provides for the auditor’s report to be signed on the same date the financial statements (or other report) are signed. Historically, the ANAO reported to Parliament the gap between the dating of the statements and the dating of the auditor’s report in the Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 20XX (Year End Report).

102.15 Where the reports are not signed on the same day, ASA 560 Subsequent Events provides that a subsequent events review to the date of the auditor’s report must be undertaken and documented in the audit working papers (and the audit file for project managed audits). The reasons for the gap between the two signing dates should be documented in the audit file.

103. Role and responsibilities of the Signing Officer

Background

103.1 The Signing Officer is the person who signs the audit report on the financial statements. In most cases, the Signing Officer is also the Engagement Executive for the audit.

103.2 On some audits, the Auditor-General signs the audit report or delegates where signing responsibilities are assigned to another executive other than the Engagement Executive for the audit. In such cases the Signing Officer has a reduced involvement in the audit due to the Engagement Executive’s role.

This policy requires the Signing Officer to review or approve key aspects of the audit and also provides the basis for the Signing Officer’s reliance on the Engagement Executive.

Policy

103.3 The Signing Officer is responsible for the audit and is the engagement partner for the purposes of the ANAO Auditing Standards.

103.4 While the Signing Officer relies on the Engagement Executive to fulfil key duties and requirements of the ANAO Auditing Standards, this does not reduce the Signing Officer’s overall responsibility for the audit. Where the Signing Officer is not the Engagement Executive on the audit, the following shall apply:

  1. the Signing Officer shall be briefed by the Engagement Executive at appropriate times during the audit;
  2. the Signing Officer shall review and approve:
    1. key aspects of the audit approach;
    2. the Engagement Executive’s assessment of overall and performance materiality for the financial statements as a whole and for particular items;
    3. the schedule of unadjusted differences;
    4. the Signing Officer Review Memorandum (SORM) if prepared;
    5. the audited financial statements;
    6. the auditor’s report including, if applicable, the description of the key audit matters and related audit documentation to determine that the report to be issued will be appropriate in the circumstances; and
    7. formal written communications to management, those charged with governance or regulatory authorities.
  3. the Signing Officer shall determine that the Engagement Executive has completed their work consistent with the ANAO Auditing Standards;
  4. where an EQR is appointed, the Signing Officer shall determine that the review processes have been completed satisfactorily before the audit report is issued;
  5. the Signing Officer shall seek to review other information if the Signing Officer considers it appropriate to the circumstances of the audit; and
  6. the audit file shall contain documented evidence of the Signing Officer’s involvement.

Guidance

103.5 Significant matters arising on an engagement should be considered by the Engagement Executive in consultation with the Signing Officer as appropriate. Significant matters may include critical areas of judgement, difficult or contentious matters, high risks of material misstatement or other areas that the Engagement Executive or Signing Officer consider important.

103.6 The requirement for the Signing Officer to approve key aspects of the audit strategy is intended to ensure that the Signing Officer provides approval of the key judgements in the audit.

103.7 Part of the audit approach is determination of the materiality levels applied on the audit. In addition to approving overall, performance and particular materiality levels, the Signing Officer should formally approve any changes to materiality which may be made as the audit progresses.

103.8 The SORM may be used by the Signing Officer as a basis for accepting that the Engagement Executive has met their responsibilities under the auditing standards and ANAO Audit Manual – FSASG Specific policy.

103.9 When approving the SORM, the Signing Officer should note details of significant matters arising on the audit, and in particular, consultation and conclusions on matters that were difficult or contentious.

103.10 The Signing Officer may seek to review matters additional to those required by this policy. For example, the Signing Officer may seek to review the interim or final management letters or the closing report.

103.11 Where the Signing Officer is the Auditor-General or Deputy Auditor-General, the information required by the Auditor-General or the Deputy Auditor-General to fulfil the requirements of this policy will ordinarily be limited to that specified at paragraph 102.6 and verbal briefings. Where further information is required, this will be requested by the Auditor-General or the Deputy Auditor-General.

103.12 The Signing Officer’s approval of documents or key judgements and other significant matters can be evidenced in the TeamMate file or alternatively by signing-off file copies of documents, file notes in the working papers or other means, as appropriate.

103.13 Signing Officer templates are located in the TeamStore.

104. Role and responsibilities of the Second Reviewer

Background

104.1 The ANAO Auditing Standards require FSASG to have policies and procedures requiring, for appropriate engagements, an engagement quality review that provides an objective evaluation of the significant judgements made by the engagement team and the conclusion reached in formulating the auditor’s report. Relevant policies are set out in Chapter 107 Engagement Risk Rating and Public Interest Entity Assessment and in ANAO Audit Manual - Shared Content Chapter 8 Engagement performance.

104.2 This policy sets out the role of a ‘Second Reviewer’ and the responsibilities of that role. This policy has been developed to promote audit quality within FSASG by providing review processes over and above those required by the auditing standards.

104.3 Unlike the EQR, the Second Reviewer does not need to be independent of the engagement team. This allows the Second Reviewer, in addition to fulfilling the responsibilities required by this policy, to decide the extent of their further involvement in the audit, such as increasing their involvement in the planning phase of the audit.

104.4 In particular, the aims of this policy are:

  1. to provide a mechanism for the GED to appoint someone who is neither the Engagement Executive nor the EQR to have a formal role in an engagement; and
  2. to provide a mechanism to support the quality of an engagement where the appointment of an independent EQR is not required by ANAO Audit policy.

Policy

104.5 The FSASG GED, in consultation with the Auditor-General, shall determine the engagements in each audit cycle to which a Second Reviewer will be appointed. The GED shall provide a summary report to the Auditor-General early in the audit cycle each year.

104.6 In the year in which an outsourced audit engagement of a material entity transitions back in-house, the GED shall consider assigning a Second Reviewer, unless an EQR has been appointed. The summary report required by paragraph 104.5 shall note the considerations made by the GED in determining whether to appoint a Second Reviewer in these circumstances.

104.7 The Second Reviewer shall be an Executive Director or higher.

104.8 The Second Reviewer shall be at least one level higher than the Engagement Executive, unless the GED approves appointment of a Second Reviewer who is the same level as the Engagement Executive.

104.9 The Second Reviewer shall be independent of the auditee consistent with the ANAO Independence policy and standards.

104.10 The Second Reviewer shall undertake at least the review activities required by ANAO Policy for an EQR and consider any additional review activities for EQRs detailed in the guidance to ANAO policy.

104.11 Before the issue of the auditor’s report, the Second Reviewer shall document the review activities undertaken consistent with ANAO Auditing Standards and policy, including:

  1. completing the Second Reviewer checklists at the planning and final stages of the audit;
  2. documenting briefings or relevant discussions with the Engagement Executive; and
  3. evidencing their review of the SORM (where applicable).

104.12 Subject to fulfilling the responsibilities required by this policy, the Second Reviewer shall decide the extent of their further involvement in the audit. The Second Reviewer is not permitted to perform functions that substitute the responsibilities of the Engagement Executive or audit team.

Guidance

104.13 The Second Reviewer responsibilities required by this policy are the same review and documentation responsibilities required by ANAO policy addressing the responsibilities of the EQR.

104.14 Unlike an EQR, the Second Reviewer is not required to operate independently of the engagement team. It is also not intended that a Second Reviewer perform work in substitution for the work of the Engagement Executive or the team. This policy therefore provides that, subject to fulfilling the Second Reviewer’s responsibilities required by this policy, the Second Reviewer may determine the extent of their further involvement in the audit, taking into consideration the complexity of the engagement, the experience of the Engagement Executive and the risk that the auditor’s report may not be appropriate in the circumstances. In making this decision, it is anticipated that a Second Reviewer would liaise with the Engagement Executive.

104.15 A Senior Executive may be involved in an engagement, as a Second Reviewer, to allow the ANAO to be represented at an appropriate level or to support the quality of the engagement, particularly when the Engagement Executive is not an SES officer. Representing the ANAO in this manner does not of itself involve the Senior Executive, however a greater involvement may be appropriate in some circumstances.

104.16 Second Reviewers are to be regarded as key audit personnel for the purposes of the ANAO rotation policy within ANAO Audit Manual - Shared Content Professional, ethical and independence requirements paragraphs 5.15 to 5.17.

104.17 Second Reviewer templates are located in TeamStore.

105. Project managed audits

Background

105.1 When the ANAO contracts out an audit, or part of an audit, the duties of the engagement partner are, in practice, fulfilled by the contractor partner. In these circumstances, the responsibilities of the ANAO Engagement Executive are set out in this policy. Where an outsourced audit has both an ANAO Engagement Executive and ANAO Signing Officer in place, this policy applies equally to both individual roles.

Policy

Minimum requirements for contracts

105.2 Tenders and contracts for the audit or part of the audit of the financial statements of an ANAO auditee shall require the use of an audit methodology that enables compliance with the requirements of:

  1. the ANAO Auditing Standards;
  2. legislation or regulations relevant to the audit;
  3. APES 110, as supplemented by ANAO policy about the provision of other services to ANAO auditees;
  4. applicable ANAO audit policies as provided to the contractor through the PSG extranet or via other means; and
  5. such ANAO policies and procedures as are notified to the contractor by the ANAO Engagement Executive.
Signing Officer and Engagement Executive responsibilities

105.3 The ANAO Signing Officer shall be responsible for the audit and is the engagement partner for the purposes of the ANAO Auditing Standards. The ANAO Engagement Executive, if a different person to the Signing Officer, and contract engagement partner shall fulfil the responsibilities of the ‘engagement partner’ under the ANAO Auditing Standards and assigned by legislation on behalf of the Signing Officer.

105.4 At a minimum, the following policies shall apply to the Engagement Executive and the Signing Officer, if a different person:

  1. the Engagement Executive shall be briefed by the contract engagement partner at appropriate times during the audit (if a different person, the Engagement Executive shall brief the Signing Officer);
  2. the Engagement Executive (and if different, the Signing Officer) shall approve:
    1. key aspects of the audit approach, including audit responses to significant risks;
    2. the contract engagement partner’s assessment of overall and performance materiality for the financial statements as a whole and for particular items;
    3. the schedule of uncorrected misstatements;12
    4. the SORM;
    5. the audited financial statements; and
    6. the auditor’s report.
  3. the Engagement Executive (and if different, the Signing Officer) shall determine that the contract engagement partner has completed their work consistent with the ANAO Auditing Standards;
  4. where an EQR13 (either a contractor or an ANAO EQR) is appointed, the Engagement Executive (and if different, the Signing Officer) shall determine that the review processes have been completed satisfactorily before the auditor’s report is issued; and
  5. the audit file shall contain documented evidence of the Engagement Executive’s (and if different, the Signing Officer’s) involvement, including documentation of the briefings at the planning, interim and final stages of the audit before the signing of the auditor’s report.
Further Engagement Executive responsibilities

105.5 The Engagement Executive shall:

  1. gain an understanding of the Auditee to be comfortable that the risk assessments are appropriate, including the rating of risks;
  2. in approving materiality levels, ensure that ANAO policy on materiality is applied, including component materiality set for the purposes of the Consolidated Financial Statements (CFS), and materiality levels for particular items;
  3. review significant risks, key judgements, assumptions, estimates and other major sources of estimation uncertainty, that have a risk of resulting in material misstatement or adjustment on the audit;
  4. determine that the ANAO policies notified to the contractor firm have been complied with; and
  5. review and sign all correspondence on ANAO letterhead.

105.6 The Engagement Executive shall make enquiries and document their review of contractor partners work papers, as deemed necessary, and determine that the quality management procedures applied to the audit are consistent with the requirements of the contract, including:

  1. meeting the ANAO Auditing Standards; and
  2. the use of contractor staff with appropriate competence, qualifications and experience.

105.7 For larger or higher risk audits, the Engagement Executive’s involvement shall be extended with a greater involvement in audit planning and execution, regular meetings with firm and auditee, and review of significant matters arising during the audit.

Audit completion

105.8 Before signing the auditor’s report, the Signing Officer shall determine that the contractor’s work provides sufficient appropriate audit evidence to support the release of the auditor’s report.

105.9 At the completion of the audit, the Engagement Executive shall ensure the following procedures are performed:

  1. before the signing of the auditor’s report, the contract engagement partner shall provide written sign-off on the audit consistent with the approved form ‘Contractor’s Representation Letter’, including the auditor’s independence declaration if the audit is performed under the Corporations Act; and
  2. review the contractor’s representations and complete the relevant TeamMate library file.

105.10 Contractor firm files shall be completed and ready for finalisation consistent with ANAO Audit Manual - Shared Content, paragraph 9.12.

105.11 The Engagement Executive shall request the contractor firm to provide all the working papers within 30 days of the date of the finalisation of each year’s financial statement audit. Contractor firm files shall be archived consistent with ANAO Audit Manual – Shared Content, paragraph 9.37.

Guidance

Legal basis for contracting

105.12 Under section 27 of the A-G Act, the Auditor-General, on behalf of the Commonwealth, may engage any person under contract to help in the performance of any Auditor-General function. For various reasons, the ANAO engages audit firms to undertake an audit or a discrete part of an audit on their behalf.

105.13 Under section 29 of the A-G Act, the Auditor-General may delegate any of their functions or powers to an Official,14 which includes a person engaged under contract. The Auditor-General has exercised their power of delegation regarding audits to senior ANAO staff. Auditor’s reports on contracted out audits are therefore signed either by the Auditor-General or by an appropriately delegated senior staff member of the ANAO.

Minimum requirements for contracts

105.14 The mandatory requirements governing ANAO audits need to be made known to contractors via tender and contract documentation.

105.15 ANAO policy is to comply with the requirements of APES 110. Those requirements apply equally to contractor firms and their staff. ANAO policy also adds to these professional requirements; for example, ANAO policy Provision of other services by ANAO Contractors to ANAO auditees (ANAO Audit Manual – Shared Content paragraphs 5.46-5.47) includes prohibited services additional to the requirements of APES 110.

105.16 Except for the ANAO audit policies provided to the contractor through the PSG extranet or notified to the contractor by the ANAO Engagement Executive, audit firms contracting to the ANAO can use their own audit methodologies on the basis that they meet the requirements of the ANAO Auditing Standards. To help ensure that contractors comply with ANAO policy, paragraph 105.2(d) of this policy requires tenders and contracts for audit services to make provision for the ANAO Engagement Executive to notify the contractor of policies and procedures the ANAO requires be followed on the audit.

Signing Officer and Engagement Executive responsibilities

105.17 The ANAO Signing Officer is formally the ‘engagement partner’ under the auditing standards. In practice, when the ANAO contracts out an audit, or part of an audit, the duties of the engagement partner are fulfilled by the contactor partner, while the responsibility for the audit remains with the ANAO.

105.18 The ANAO Signing Officer and the Engagement Executive may be the same person. Where this is the case, this policy requires the Engagement Executive to meet the requirements of paragraphs 105.4 to 105.8 inclusive about the conduct of the audit.

105.19 Where the ANAO Signing Officer and the Engagement Executive are different people, the requirements of paragraph 105.4 apply to the Signing Officer. These responsibilities for the separate Signing Officer are the same that apply when there is a separate Signing Officer on ANAO audits conducted in-house.

105.20 The Engagement Executive is required by ASA 220 to determine that sufficient appropriate audit evidence has been obtained to support the conclusions reached and the auditor’s report to be issued. The Engagement Executive’s review covers critical areas of judgement, especially those relating to difficult or contentious matters identified during the course of the engagement, significant risks and other areas the Engagement Executive has identified as important. Evidence of this review should be documented and recorded in the audit file.

105.21 To satisfy the requirements of paragraph 105.6, and as part of the review of the contractor’s audit working papers as deemed necessary, the Engagement Executive should consider reviewing the key areas of financial statements risk and associated key judgements, assumptions and other major sources of estimation uncertainty, that may result in a material misstatement or adjustment on the audit, including:

  1. the execution and conclusions reached on audit procedures identified and communicated to the auditee as part of the audit strategy;
  2. the design and execution of the sampling strategy performed on the key areas of audit focus, including the evaluation of the sampling results;
  3. the design and appropriateness of the substantive analytical procedures performed on the key areas of audit focus; and
  4. the design and execution of audit procedures that were identified as deficient in prior year quality assurance reviews that relate to sufficiency and appropriateness of audit evidence.

105.22 The Engagement Executive should ensure that the Appropriation Test Program has been completed and that sufficient and appropriate procedures have been undertaken on other financial statement disclosures required by the Public Governance, Performance and Accountability (Financial Reporting Rule) 2015 (PGPA FRR 2015).

105.23 The Engagement Executive should determine that the engagement partner and other senior members of the audit team were suitably involved in the design, execution and evaluation of the key audit procedures, including planning, control, and substantive audit procedures.

105.24 Where deficiencies are identified in the course of undertaking the review, the Engagement Executive will need to notify the contract engagement partner and request that identified deficiencies are rectified promptly and before the issue of the auditor’s report. To determine that the quality management procedures are consistent with the requirements, the Engagement Executive would need to determine that the identified deficiencies have been appropriately rectified.

105.25 The audit contractor is responsible for ensuring that audit work undertaken on behalf of the Auditor-General is performed in a manner consistent with Australian Auditing Standards and for having in place quality management policies and assurance procedures to be employed throughout the audit engagement. It is expected that these policies and procedures would include the contracted audit engagement being subject to periodic internal review as part of the contracted Firm’s quality assurance processes.

105.26 ASA 600 Special Considerations – Audits of a Group Financial Report provides a useful reference point to guide the ANAO Engagement Executive in determining an appropriate level of involvement for project-managed audits (taking a parallel from the group engagement team involvement in the audit of a component). Relevant requirements in ASA 600 that might be considered, include:

  1. the level of materiality of components (i.e. contracted-out audits) is reviewed by the group engagement team (ANAO) when set by the component auditor (contractor) to ensure that it is within the threshold set by the group engagement team (refer to policy paragraph 105.5(b)).
  2. for selected components, the group engagement team is involved in the component auditor’s risk assessment to identify significant risks of material misstatement of the group (CFS) financial statements. The nature, timing and extent of this involvement is affected by the team’s understanding of the component auditor but should include at a minimum:
    1. discussion with the component auditor of those of the business activities that are significant to the CFS;
    2. discussion with the component auditor on the susceptibility of the entity to material misstatement due to fraud or error; and
    3. review of the component auditor’s documentation of identified significant risks of material misstatements. This documentation may take the form of a memorandum that reflects the component auditor’s conclusion regarding identified significant risks; and
  3. where significant risks of material misstatement of the group financial statements have been identified in a component audit, the group engagement team is required by ASA 600 to evaluate the appropriateness of further audit procedures to be performed.

105.27 The level of involvement in the contracted-out audit is also influenced by:

  1. the size of the audit relative to the CFS;
  2. the potential level of parliamentary interest in the entity;
  3. the engagement risk; and
  4. the competency of the contractor’s audit team and their familiarity with the auditee (i.e. first year of the contract versus later years).

105.28 The expected level of ANAO involvement should be communicated to the contract partner at the start of the audit to allow for timely involvement throughout the audit.

Use of letterhead

105.29 For the purpose of applying the policy at paragraph 105.5(e), ANAO letterhead should be used in covering letters or covering e-mails to an entity and all communications to Ministers, but attachments such as Audit Strategy Documents may be jointly badged. In jointly badged attachments, the ANAO name and logo needs to have no less prominence than the contractor’s name and logo. Refer to paragraph 109.3 or further guidance on the form of the Audit Strategy Document.

Completion

105.30 The working papers provided by the contractor can be provided in:

  1. an electronic copy, in a form which can be read by the ANAO using its existing software; or
  2. another suitable form which does not affect the readability of the working papers. For example, a file in PDF or HTML format from which working papers in excel or word file formats are extracted and provided in an electronic copy.

105.31 Contractor audit templates are located in TeamStore.

106. Role and responsibilities of the SADA Executive

Background

106.1 This policy sets out the responsibilities of the Systems Assurance and Data Analytics (SADA) Executive in a financial statements audit or other FSASG assurance engagement that engages the specialist skills of the SADA Branch.

106.2 A SADA Executive is allocated to a financial statements audit or other assurance engagement consistent with ANAO Audit Manual - Shared Content paragraph 6.4.

Policy

106.3 The role and responsibilities of the SADA Executive shall include:

  1. the direction, supervision and performance of the SADA component of the engagement;
  2. reviewing key documents and work papers on the audit file, including:
    1. the SADA sign-off – planning and completion procedures; and
    2. those relating to significant IT risks, judgements and difficult or contentious matters;
  3. having sufficient involvement in the engagement at appropriate stages including attendance at key audit team meetings and discussions with the engagement team, Engagement Executive and/or Signing Officer;
  4. attendance at entry/exit meetings where appropriate, or other relevant meetings with senior IT management; and
  5. attendance at Audit Committees, where appropriate.

Guidance

106.4 The responsibility for the direction, supervision and performance of the SADA component of the engagement includes:

  1. emphasising the importance of audit quality on each engagement;
  2. tracking the progress of the SADA component of the engagement;
  3. considering the competence and capabilities of the SADA audit team assigned to the engagement;
  4. ensuring that appropriate SADA procedures are planned and performed;
  5. addressing significant SADA matters arising during the engagement and the impact on the planned approach; and
  6. ensuring the SADA work performed supports the conclusions reached and is appropriately documented.

106.5 Attendance at key meetings should be determined by the nature of the audit and the level of SADA involvement. Attendance at key meetings would be expected if there was extensive SADA involvement and/or material findings arising from SADA work performed.

Engagement performance — planning

Chapters 107 to 109

107. Engagement risk rating and public interest entity assessment

Background

107.1 The assessment of engagement risk helps the Auditor-General, the FSASG GED and FSASG Engagement Executives identify professional risks associated with auditees and engagements of the ANAO at a whole-of-practice and individual engagement level. The determination of engagement risk provides a basis to determine whether additional quality management responses in accordance with ASA 220 and equivalent provisions for non-financial engagements are required.

107.2 In addition to the EQR requirements in this section, the assessment of whether an entity is, or is to be treated as, a Public Interest Entity (PIE),15 impacts independence requirements under the ANAO Independence Policy and the parameters to be applied in determining overall materiality (refer to Chapter 108 Materiality).

Policy

Annual engagement risk and public interest entity assessment

107.3 At the start of each audit cycle the FSASG GED shall determine the following matters:

  1. the risk ratings assigned to all FSASG engagements; and
  2. which entities that are subject to FSASG engagements must be classified as a PIE.

107.4 The FSASG GED’s determinations shall be communicated to the Auditor-General, the Deputy Auditor-General, the PSG GED and all Engagement Executives responsible for FSASG engagements.

Policy applicable to assessment of engagement risk for FSASG engagements

107.5 An engagement shall be assessed as being a High, Moderate or Low risk engagement based upon the overall risk of the engagement to the Auditor-General and the ANAO. This shall include consideration of:

  1. the inherent RoMM arising from the engagement (that is, the risk that there is a material misstatement in the subject matter before the conduct of the engagement); and
  2. other professional risks, being any other source of risk to the Auditor-General and the ANAO arising from the conduct of the engagement including, but not limited to, litigious and reputational risks.

107.6 A preliminary assessment of the engagement risk for each engagement shall be documented by the Engagement Executive. The results of this preliminary assessment shall be made available to the FSASG GED for consideration.

107.7 Where a new FSASG engagement has become part of the ANAO’s mandate or has been accepted under a section 20 arrangement, the Engagement Executive shall recommend an engagement risk rating to the FSASG GED for approval.

107.8 Engagement risk shall be monitored throughout the engagement. Where a change in the circumstances of a FSASG engagement causes the Engagement Executive to believe that the engagement risk rating requires revision, a new rating shall be recommended to the FSASG GED for approval.

Policy applicable to assessment of PIE status of auditees

107.9 The FSASG GED shall apply APES 110 paragraph 400.8 to AUST 400.8 A1 in determining which entities to treat as PIEs.

107.10 In determining under APES 110 paragraph AUST R400.8.1 which additional entities to treat as a PIE, the FSASG GED shall consider the following factors:

  1. the level of public interest and scrutiny applied to the entity;
  2. the size of the entity, including the number of employees;
  3. the nature of the business, including holding assets in a fiduciary capacity for a large number of stakeholders; and
  4. any other indicators that the entity has a large number and wide range of stakeholders.

Consequences of engagement risk assessments

107.11 Where the engagement risk has been assessed as High on a mandated financial statements audit that is material to the Commonwealth’s Consolidated Financial Statements:

  1. an EQR shall be assigned;
  2. staff assigned with key roles shall have appropriate skills and experience for their assigned role; and
  3. other appropriate responses shall be determined and documented, including specific responses to the underlying events or conditions giving rise to the High engagement risk rating.

107.12 For all other engagements (including FSASG engagements on subjects other than historical financial information and engagements under a section 20 arrangement) where the engagement risk has been assessed as High, the Engagement Executive shall consider and document an appropriate response or responses to the assessed risk (which does not necessarily require the appointment of an EQR). If the response does not include the appointment of an EQR, the Engagement Executive shall document the reasoning.

107.13 Where the engagement risk has been assessed as High on an engagement conducted under section 20 of the A-G Act the consideration of an appropriate response by the Engagement Executive shall include whether it is appropriate to continue to undertake the engagement (refer to ANAO Audit Manual - Shared Content paragraphs 2.116-2.119).

107.14 The engagement risk, together with the associated rationale and impact on the audit approach, shall be communicated to the auditee as part of formal communication at the planning stage.

107.15 Where the engagement risk assessment is revised to High during the audit, the Engagement Executive shall ensure that the risk responses required by this policy, including appointment of an EQR where applicable, are applied.

Consequences of PIE assessments

107.16 Where an auditee has been assessed to be a PIE, an EQR shall be appointed.

Guidance

Components of engagement risk

107.17 When assessing engagement risk, one relevant risk is the risk of material misstatement, which is a risk posed by the engagement and reflects the risk prior to the conduct of the engagement that the engagement subject matter contains material misstatements. The auditor’s procedures in response to the risk of material misstatement are designed to reduce audit risk to an acceptably low level in each engagement.

107.18 However, for the purposes of managing risk for the ANAO as a whole, engagement risk also encapsulates other risks to the Auditor-General and the ANAO arising from the conduct of the engagement that is separate or additional to the risk of material misstatement. These risks are referred to collectively as “Other Professional Risks.”

107.19 FSASG uses an engagement risk rating scale of High, Moderate and Low. The rating assigned to an auditee is based on professional judgement relating to the auditee’s particular circumstances.

107.20 Sources of engagement risk are cumulative and should be considered collectively to assess the overall risk.

Risks of material misstatements

107.21 For audits of financial reports, the risk of material misstatement exists at the financial report level and at the assertion level. The risks of material misstatement at the assertion level consist of two components: inherent risk and control risk. Inherent risk and control risk are the entity’s risks; they exist independently of the audit of the financial report.

107.22 Assessment of risk of material misstatement does not take into account the ANAO’s planned audit response to reduce the residual risk to an acceptable level. Overall, this means that for an audit of a financial report, the risk of material misstatement is the risk that the financial report is materially misstated prior to audit.

107.23 Risk of material misstatement applies equally to assurance engagements on non-financial information and is the risk that the subject matter information is materially misstated. In the case of direct-reporting engagements, this includes material differences between the engagement subject matter and the criteria against which it will be assessed. The definition of risk of material misstatement and related concepts in ASAE 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information and any relevant subject-matter specific auditing standards should be considered in making this determination for engagements other than those related to financial statements.

107.24 The assessment of the risk of material misstatement is central to the risk-based audit approach, and requires the engagement team to:

  1. understand the entity and its environment, including internal control;
  2. assess the risks of material misstatement at the financial statement and assertion level, whether due to fraud or error; and
  3. design and perform audit procedures to reduce audit risk to an acceptably low level.

107.25 TeamMate contains templates in the A.2: Understand Entity and its Environment (including IT risks) folder which help in determining the risk of material misstatement for an auditee and may be used as the basis for recording the preliminary risk assessment required by paragraph 107.6.

107.26 Factors to consider when determining the risk of material misstatement include:

  1. size, complexity and stability of the auditee;
  2. materiality;
  3. nature of the business risks the auditee faces and the strength of the controls in place to mitigate those business risks;
  4. effectiveness of internal control;
  5. results of previous engagements and actions taken to address any issues identified; and
  6. the integrity of management and those charged with governance, including evidence from prior engagement with the ANAO or other bodies.

107.27 The risk of material misstatement would generally be characterised by the following attributes:

High risk of material misstatement

  • highly complex entities with multiple programs or functions;
  • deficiencies in corporate governance;
  • significant business risks which impact on the financial statements, some of which are poorly managed;
  • high risk financial statement items, which may include complex accounting estimates and valuations;
  • poorly controlled and or changing processes and accounting systems;
  • frequent changes in key personnel, systems or programs which are poorly managed; and
  • prior year’s auditor’s report may have been modified.

Moderate risk of material misstatement

  • moderately complex entities with multiple programs or functions;
  • significant business risks which impact on the financial statements, that are somewhat well-managed;
  • may contain one or two high risk and several medium risk financial report items;
  • internal control is considered to be generally effective; and
  • prior year’s audit may have a limited number of significant findings, which are being addressed by management.

Low risk of material misstatement

  • less complex entities with usually a small number of programs or functions;
  • business risks which impact on the financial statements are Low or Moderate and for the most part are appropriately managed;
  • most financial report components are low risk with no high risk items;
  • effective internal control, or for small organisations with inadequate segregation of duties, appropriate compensating controls exist; and
  • prior year’s audit findings will tend to be less significant.

107.28 The assessed risk of material misstatement is communicated to the auditee as part of formal communication at the planning stage. Subject to the agreement of the FSASG GED, Low and Moderate engagement risk ratings may be communicated to the auditee as ‘normal’ risk.

107.29 The Interim Report on Key Financial Controls of Major Entities (Controls Report) and the Year End Report tabled in Parliament use the Low, Moderate and High risk rating approach in line with the TeamMate file workpapers. The Low or Moderate rating can be communicated with the auditee formally or informally, as considered appropriate by the relevant Engagement Executive.

Other professional risks

107.30 While the assessment of the risk of material misstatement is central to the ANAO’s risk-based audit approach, it does not address all of the risks that the Auditor-General must manage to effectively deliver on all of the functions provided under the A-G Act. To assist the Auditor-General to manage these risks it is the responsibility of the FSASG to identify and respond to other potential risks arising out of the conduct of individual engagements.

107.31 While the A-G Act provides the ANAO with expansive powers, independence and indemnities, the Office and the Auditor-General are not immune from litigation. The possibility of legal action being taken by an auditee or other interested party due to the conduct of an FSASG engagement may impinge upon the professional reputation and independence of the Office.

107.32 In some other circumstances there may be a reputational risk arising from the conduct of an audit. Reputational risks may arise because of perceptions about the appropriateness, competence or role of the Auditor-General. Examples may include:

  1. politically sensitive subject matters where the ANAO’s audit conclusion may be perceived as supportive or unsupportive of areas of government policy;
  2. audit subject matters where stakeholder understanding or expectation is different from the relevant engagement criteria for the matter, resulting in an expectation gap between the scope of the audit and the expectations of the users. For example, the ANAO may issue an unmodified auditor’s report on financial statements which do not include disclosures that are not required by the Australian Accounting Standards but are considered desirable or necessary by Parliamentarians;
  3. breaches (or apparent breaches) of confidentiality and privacy provisions of the A-G Act, Parliamentary conventions, other legislation and community expectations;
  4. difficult or contentious relationships with auditees, particularly those likely to lead to public disagreements;
  5. the ANAO being perceived as unpragmatic, unrealistic or otherwise inconsistent with relevant stakeholder expectations;
  6. the ANAO auditing an entity that is likely to be privatised or to otherwise leave ANAO’s mandate and there being significant differences in accounting treatment accepted by the incoming auditor; and
  7. the ANAO not being perceived as independent because of a conflict between the ANAO’s mandate and relevant professional independence requirements.

107.33 In some cases, no amount of additional audit work will significantly reduce the risk arising from Other Professional Risks, however the employment of additional quality assurance and risk management procedures will provide the Auditor-General with additional confidence that the work performed is appropriate and will stand up to scrutiny.

Roles, Responsibilities and Appointment of EQRs

107.34 Where it is determined under this policy that an EQR is to be appointed, the roles, responsibilities and appointment of the EQR are determined by the Engagement Quality Review policy (refer to ANAO Audit Manual - Shared Content, paragraphs 8.54-8.60).

107.35 Under the policy, the role of an EQR may be fulfilled by an external party to the ANAO where relevant, including in the case of an appropriate EQR partner from an auditing firm to whom the engagement has been contracted out. In some cases, the firm’s own internal policies may require appointment of an EQR, and so long as the work of their internal EQR is sufficient to meet the requirements of the Audit Manual, there is no requirement for an additional ANAO EQR.

Public interest entity assessment

107.36 PIEs refer to those auditees which have a fiduciary or other financial trust relationship with a large number and wide range of stakeholders. The following meet the definition of a PIE under APES 110:

  1. a Listed Entity;16 or
  2. any entity:
    1. defined by regulation or legislation as a PIE; or
    2. for which the audit is required by regulation or legislation to be conducted in compliance with the same independence requirements that apply to the audit of Listed Entities. Such regulation may be promulgated by any relevant regulator, including an audit regulator; or
    3. for which the ANAO’s policy has determined to treat as PIE because they have a large number and wide range of stakeholders.

107.37 By their nature, Australian Government entities have a higher level of public interest than other entities because they are taxpayer-funded, subject to parliamentary oversight and often engage directly with the general public. This, in itself, does not make an Australian Government entity a PIE, and the relative interest in that entity compared to other Australian Government entities should be considered when determining whether the entity is a PIE.

107.38 As the consolidation of the entire Commonwealth government and its controlled entities, the CFS should be considered to be a PIE because all Australian citizens could be considered a stakeholder. Entities that are significant or material to CFS are not PIEs automatically, and each entity should be assessed on a case by case basis.

107.39 For entities other than CFS that are not Listed Entities, not defined by legislation as a PIE or not otherwise subject to the same independence standards as Listed Entities, the following indicators will assist in determining which entities are to be treated as PIEs based upon their large number and wide range of stakeholders:

Indicator

More likely to be a PIE

Less likely to be a PIE

Level of public interest and scrutiny applied to the entity

Entities with increased public or parliamentary interest compared to other public sector entities demonstrated by:

  • extensive media coverage;
  • frequency of being called to give evidence to parliamentary committees and enquiries;
  • existence of additional scrutiny, accountability and reporting processes, for example special public reporting required of the entity in addition to the general requirements of the PGPA Act; and
  • for-profit entities that voluntarily hold themselves to external scrutiny standards equivalent to their listed peers, for example preparing a reviewed half-year financial report or publishing a remuneration report.

Subject only to the standard parliamentary accountability processes, for example Senate Estimates and general requirements of the PGPA Act.

Size of the entity and number of employees

Entities that control assets or liabilities on behalf of the Australian Government that are significant to the Australian economy.

Entities with large service delivery aspects to their business that gives rise to large numbers of staff.

Entities that primarily deliver a narrow range of outcomes as a policy agency or specialist entity.

Nature of the business, including holding assets in a fiduciary capacity for a large number of stakeholders and any special rules relating to the conduct of the audit.

Entities that provide financial services to the public or to significant subsets of the public on terms broadly comparable to other financial industry service providers, such as general insurance, investment management/superannuation and banking.

Audits where there are special rules relating to auditor independence or conduct greater than the generally accepted provisions related to the Auditor-General’s mandate.

Entities that administer loans (e.g. educational loans), personal benefits and similar entitlements to the public on the basis of legal entitlements and special appropriations where the user would not expect to have any reasonable concern about the ability of the Australian Government to make the associated payments or the discretion applied by the entity in the delivery of these services.
     

107.40 Paragraph AUST 400.8.1 A1 of APES 110 provides a list of entities which are likely to be classified as PIEs based on the large number and wide range of stakeholders. This includes entities regulated by the Australian Prudential Regulatory Authority, disclosing entities under the Corporations Act and other issuers of debt and equity instruments to the public. These entities would be expected to be captured under the application of this policy because of the nature of their business.

107.41 In some cases, the source of stakeholder interest for a Commonwealth entity may be balances and transactions that are reported in the administered statements. Because administered items are items that the entity does not control directly, this may be a consideration supporting the determination that an entity is not a PIE. In relation to administered items, the entity is more likely to be a PIE if the accountability for the related items is chiefly through the entity (for example, if stakeholder interest was chiefly related to how the specific program was managed by the entity). The entity is less likely to be a PIE if the accountability for the related items is chiefly through the Commonwealth government as a whole (for example if the main source of stakeholder interest is the credit-worthiness of the government, which is best represented by the CFS accounts).

108. Materiality

Background

108.1 This policy creates standard parameters to apply the concept of materiality in planning and performing the audit. Chapter 111 Evaluating misstatements deals with the evaluation of misstatements identified as a result of the audit and creates the parameters for setting a clearly trivial threshold. Chapter 107 Engagement risk rating and public interest entity assessment includes policy and guidance on assessing if an entity is, or is to be treated as, a PIE.

108.2 Overall and particular materiality amounts are driven by the needs of users and are the materiality levels against which we evaluate misstatements. Performance and particular performance materiality amounts reflect audit risk and are the levels that we audit to.

Policy

108.3 The Engagement Executive shall be responsible for approving materiality. Where there is a separate Signing Officer to the Engagement Executive, approval of materiality is also required by the separate Signing Officer.

108.4 The basis for the professional judgements made in assessing materiality shall be documented. The materiality levels to be determined for each audit are as follows:

  1. materiality for the financial statements as a whole (‘overall materiality’);
  2. ‘performance materiality’; and
  3. ‘particular materiality’ and ‘particular performance materiality’ where relevant, for particular classes of transactions, account balances or disclosures.

108.5 Where the financial statements include both ‘departmental’ items and ‘administered’ items, materiality shall be determined separately for each.

108.6 In determining overall materiality for an ANAO audit (other than the CFS), the Engagement Executive shall use professional judgement to apply standard benchmarks and thresholds, taking into account the financial information needs of users of the financial statements report.

108.7 In determining performance materiality for an audit (other than CFS), the Engagement Executive/Signing Officer shall reduce overall materiality having regard to the level and pervasiveness of the risk of material misstatement. Standard ANAO ‘haircuts’ of overall materiality are 10%, 25% or 50%.

108.8 Engagement Executives shall specify particular materiality and a related performance materiality for classes of transactions, account balances and disclosures when, in their professional judgement, it is appropriate to do so. In addition, Engagement Executives shall comply with any particular materiality and related performance materiality for application on specified classes of audits determined by the FSASG GED. Formal GED approval is required for departures from FSASG GED-determined particular materiality.

108.9 The following items shall be treated as material by nature, and it may be appropriate to determine a particular materiality for these items:

  1. Appropriations note disclosures, including:
    1. annual and special appropriations; and
    2. special accounts;
  2. authorisation of investments (sections 58 and 59 of the PGPA Act); and
  3. disclosures of key management personnel remuneration required by the PGPA FRR 2015 and AASB standards.

108.10 The FSASG Engagement Executive for the audit of the CFS shall recommend to the Auditor-General for approval:

  1. the overall materiality level to be applied to the CFS audit;
  2. performance materiality; and
  3. the maximum overall materiality level or levels to apply to the component audits for the CFS. Overall materiality in the financial statement audit of a component of the CFS shall not exceed this maximum.

108.11 Materiality levels shall be revised when the auditor becomes aware of information during the audit that would have caused the auditor to have determined a different materiality amount (or amounts) at planning.

108.12 Materiality levels determined for application on an audit shall not be communicated to the auditee unless such communication is approved by the FSASG GED.

Guidance

Materiality in the context of an audit

108.13 ASA 320 Materiality in Planning and Performing an Audit provides specific guidance on the application of materiality for auditing in the public sector in the following terms:

‘In the case of a public sector entity, legislators and regulators are often the primary users of its financial report. Furthermore, the financial report may be used to make decisions other than economic decisions. The determination of materiality for the financial report as a whole (and, if applicable, materiality level or levels for particular classes of transactions, account balances or disclosures) in an audit of the financial report of a public sector entity is therefore influenced by law, regulation or other authority, and by the financial information needs of legislators and the public about public sector programs.’

108.14 In the audit of general purpose financial statements, the needs of users as a group are considered because the needs of specific individual users may vary widely. However, in an audit of special purpose financial statements, the needs of specific users need to be taken into account.

108.15 Materiality is considered when planning and performing the audit to reduce audit risk to an acceptably low level. Materiality is used to:

  1. determine the nature, timing and extent of risk assessment procedures;
  2. identify and assess the risk of material misstatement in the financial statements; and
  3. determine the nature, timing and extent of further audit procedures.
Engagement Executive/Signing Officer involvement

108.16 It is important for both overall materiality and performance materiality levels to be discussed and agreed during planning. If materiality is set too high during planning, audit procedures might fail to detect a misstatement that users of the financial statements consider material. If materiality is set too low, the engagement team is likely to over-audit.

108.17 Discussion up-front as a team, with Engagement Executive involvement, is vital to avoid under or over-auditing, which can result where team members have different views on what is material. The final judgements on materiality are the responsibility of the Engagement Executive with, where a different person, the approval of the Signing Officer (refer to Chapter 103 Roles and Responsibilities of the Signing Officer).

108.18 This materiality policy applies to all project-managed audits undertaken by private firms under contract to the ANAO. Where materiality levels proposed by a contractor are not based on the standard ANAO benchmarks and thresholds described in this policy, the ANAO Signing Officer/Engagement Executive needs to determine that the amounts proposed are appropriate to the audit. The approval of the Signing Officer/Engagement Executive is subject to the consultation and approvals required by this policy.

Overall materiality

108.19 The Parliament is the primary user of the financial statements. Financial statements provide a basis for Parliamentarians to keep Government and its entities accountable for their actions and may be used by the Executive Government for making economic decisions (about the allocation of resources). Overall materiality is influenced by the ANAO’s perception of the financial information needs of the Parliament and other users about the activities of Government.

108.20 The auditor determines a single overall materiality level based on a selected benchmark (for example, revenue) relevant to users of the financial statements. Overall materiality based on this benchmark is applied to the overall financial statements and forms a basis for performance materiality. Applying separate quantitative levels of overall materiality (for example, a certain materiality level for profit and loss account items and a different materiality level for balance sheet items) will not enable the auditor to plan the audit effectively to detect material misstatements.

108.21 ANAO Audit Manual – FSASG Specific policy specifies standard benchmarks and thresholds to be considered in setting overall materiality. However, there is an overriding responsibility of the Engagement Executive and Signing Officer to consider whether the standard benchmarks and threshold are appropriate for the particular entity. In cases where a non-standard benchmark is used, approval by the Qualifications and Technical Advisory Committee (QTAC) is required when the overall materiality amount determined is higher than the highest amount that could be determined using a standard benchmark threshold for the type of entity.

Selecting a benchmark

108.22 Factors that may help to identify an appropriate benchmark include:

  1. the elements of the financial report (for example, assets, liabilities, equity, revenue, expenses);
  2. whether there are items on which the attention of the users of the particular entity’s financial report tends to be focused (for example, for the purpose of evaluating financial performance users may tend to focus on profit, revenue or net assets);
  3. the nature of the entity, where the entity is in its life cycle, and the industry and economic environment in which the entity operates;
  4. the entity’s ownership structure and the way it is financed (for example, if an entity is financed solely by debt rather than equity, users may put more emphasis on assets, and claims on them, than on the entity’s earnings); and
  5. the relative volatility of the benchmark.
Applying a threshold to a chosen benchmark

108.23 A key determinant in setting overall materiality is whether the entity is assessed to be a PIE under Chapter 107 Engagement risk rating and public interest entity assessment.

108.24 In most circumstances, a threshold percentage towards the higher end of the range can be applied to a chosen benchmark when setting overall materiality where there are no indicators that a lower threshold should be applied. However, depending on the entity’s nature, particular circumstances and users of the financial statements, a threshold percentage towards the lower end of the range should be considered when setting overall materiality. Factors which may indicate that a percentage at the lower end of the range may be appropriate include:

  1. the entity is currently subject to relatively high levels of scrutiny by the Parliament, or its Committees compared to other government entities;17
  2. the entity is currently subject to relatively high levels of interest from the media, or the public compared to other government entities;
  3. the entity has a significant level of external debt;
  4. there are specific factors, such as the existence of financial covenants, which increase the sensitivity of the selected benchmark; and
  5. the chosen benchmark may be particularly sensitive based on the understanding of users’ interests in the financial statements (but note that general purpose financial statements are being considered – it is more likely that benchmarks are particularly sensitive in special purpose financial information designed to meet the specific needs of the users).

108.25 Note that consideration of audit risk is reflected in the determination of performance materiality. Therefore, factors such as the effectiveness of the entity’s internal controls and the number of identified misstatements in prior years’ audits are reflected in the determination of performance materiality, affecting the selection of the haircut percentage (10%, 25% or 50%), rather than overall materiality.

Performance materiality

108.26 Planning the audit solely to detect individually material misstatements overlooks the fact that the aggregate of individually immaterial misstatements may cause the financial statements to be materially misstated and leaves no margin for possible undetected misstatements. Auditors determine performance materiality, which is one or more amounts, to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements in the financial statements exceeds materiality for the financial statements as a whole.

108.27 The determination of performance materiality is impacted by the auditor’s understanding of the entity and is updated during the performance of the risk assessment procedures. It is also affected by the nature and extent of misstatements identified in previous audits and thereby the auditor’s expectations about misstatements in the current period.

108.28 Performance materiality is used throughout planning to determine which account balances, classes of transactions and disclosures to select for examination. Throughout the audit, it enables the auditor to define the extent of work necessary to reduce audit risk to an acceptably low level. It also impacts testing through the selection of items for testing (targeted testing and sampling) and substantive analytical procedures. It is not always appropriate to exclude all balances below the performance materiality level from the scope of the audit. The auditor should consider the risks relating to those account balances, including the risk relating to completeness of those balances. The auditor should also take into account the overall coverage achieved from the audit, to avoid the risk that large numbers of non-material balances totalling a material balance are excluded from the audit plan.

ANAO standard haircuts

108.29 Setting performance materiality is a matter of professional judgement taking into account an entity’s circumstances and is calculated by taking a ‘haircut’ off overall materiality. ANAO haircuts are usually 10%, 25% and 50%.

108.30 A haircut above 25% should form part of the Engagement Executive’s documented risk assessment for the purposes of the engagement risk rating assessment at the start of each audit cycle.18 Otherwise, it should be considered for consultation under the ANAO Audit Manual - Shared Content paragraph 8.15.

Factors to consider in setting haircut

Haircut

Proposed audit adjustments

Risk assessment & aggregation risk19

Control effectiveness

10%

History of limited or no booked proposed audit adjustments.

The characteristics of the entity being audited result in low aggregation risk related to potential misstatements arising from environmental factors.20

Where testing of operational effectiveness of controls is part of the overall audit strategy, the controls have historically been determined to be operating effectively.

25%

History of limited or no booked proposed audit adjustments.

The characteristics of the entity being audited result in low to moderate aggregation risk related to potential misstatements arising from environmental factors.21

Where testing of operational effectiveness of controls is part of the overall audit strategy, the controls have historically been determined to be operating effectively.

50%

History of frequent audit adjustments.

Significant management turnover that suggests a potential increase in the frequency of audit adjustments.

The characteristics of the entity being audited result in high aggregation risk related to potential misstatement arising from environment factors.22

Expected or known significant deficiencies in controls.
       

108.31 When considering the history of misstatements in determining the appropriate haircut, audit teams should ensure that they consider the nature and extent of the misstatements identified during the audit for the immediate prior year. Extent of misstatements includes both the number of misstatements and the size, individually and collectively, of those misstatements. In considering these misstatements, it is not appropriate to exclude corrected misstatements, nor should misstatements be disregarded because they have no or only a small impact upon the net result of the entity. For example, a corrected misstatement resulting in a gross-up of the balance sheet or income statement may have nil impact on the operating surplus of the auditee but is still an indicator of increased risk of material misstatements given that the misstatement was resolved during the audit and not prevented by management. In some circumstances the auditor may consider that misstatements in the previous year do not indicate a higher risk of misstatements because they are unlikely to be repeated in the current year. For example, the misstatements may have related to a one-off event such as implementation of a new accounting standard. Where this is the case auditors should ensure that their documentation clearly addresses this judgement.

108.32 Using one of the haircut percentages above will generally be appropriate. However, in some circumstances we may consider using percentages other than those above. For example, a percentage between 25% and 50% may be appropriate where the entity has a predominant factor at both the higher and lower end of the range, and we consider these factors to be equally important.

108.33 A 50% haircut would be considered when the risk factors described above are pervasive across the entity. If risk factors are isolated to one area or business process, consider using a 25% haircut and applying a higher haircut to the riskier account(s).

Items that are material by nature

108.34 When forming the audit plan, the auditor often uses performance materiality to identify line items and disclosures that require audit examination, to ensure that audit risk is reduced to an acceptably low level. The auditor also needs to consider whether, in the specific circumstances of the entity, there exist items that require audit examination due to their nature even though their dollar amount below performance materiality.

108.35 Items may be identified as material by nature due to:

  1. the users’ interest in the item, consistent with the assessment of when setting a particular materiality level for certain items is appropriate; or
  2. the financial reporting framework requiring disclosures for certain items regardless of the amount and materiality. Paragraph 108.9 identifies specific items to be treated as material by nature.

108.36 As a minimum, items that are material by nature will be subject to a level of audit attention that:

  1. is consistent with the Engagement Executive’s assessment of the user’s interest in the item; or
  2. gains sufficient and appropriate audit evidence that the disclosures are appropriate and consistent with the requirements of the financial reporting framework.

108.37 Setting a particular materiality for an item that is material by nature may help in driving the level of audit attention required and evaluating misstatements but is not always necessary.

108.38 For example, the appropriation of the Consolidated Revenue Fund (CRF) is a key control that the Parliament has over the Executive Government. The appropriation notes in non-corporate Commonwealth entities’ financial statements disclose, for each appropriation, the purpose and total amount of spending authorised by the Parliament and the spending actually made. If we were to set a particular materiality for each appropriation, we would render overall materiality largely redundant, as all non-corporate Commonwealth entity expenditure is made via an appropriation. Setting a particular materiality for each appropriation would ordinarily be unnecessary. Enough coverage would usually be obtained by evaluating the effectiveness of the design of controls over (i) recording appropriations available and (ii) spending for purpose. We can then test the effectiveness of those controls over the year for appropriation items of all sizes and undertake appropriate substantive testing.

108.39 For senior and key management personnel remuneration, it may be appropriate in some cases to fully substantiate remuneration of key management personnel such as the accountable authority, Chief Executive, Statutory Office Holders and Company Directors. Other executives may be able to be audited by controls testing and analytical review of the supporting schedules and financial statement disclosures.

108.40 In the case of authorisation of the PGPA Act Part 2-4 Division 5 investments, audit teams should ensure that the entity has the appropriate delegation to invest23 and that the investment is an authorised investment under:

  1. Section 58 of the PGPA Act and section 22 of the PGPA Rule, for non-corporate Commonwealth entities; or
  2. section 59 of the PGPA Act, for corporate Commonwealth entities.24

108.41 Refer to Chapter 111 Evaluating misstatements for policy and guidance when evaluating misstatements in items that are identified as material by nature.

Materiality for particular items

108.42 When forming the audit plan, the auditor needs to consider whether, in the specific circumstances of the entity, misstatements in particular items of lesser amounts than overall materiality could reasonably be expected to influence the economic or political decisions of users. For this reason, it is appropriate to set particular materiality levels for some items.

108.43 Factors which may be considered in determining the need for particular materiality include:

  1. whether accounting standards, law or regulations (PGPA FRR 2015) affect users’ expectations regarding the measurement or disclosure of certain items (examples include disclosures of related party transactions and remuneration of directors, senior and key management personnel and others charged with governance);
  2. the key disclosures about the industry and the environment in which the entity operates;
  3. whether attention is focused on the financial performance of a particular business segment that is separately disclosed in the financial statements; and
  4. the factors mentioned in paragraph 108.42 when they affect one or more particular classes of transactions, account balances or disclosures rather than the financial statements as a whole.

108.44 Where particular materiality is determined, performance materiality relating to that particular class of transactions, account balance or disclosure is set to reduce to an appropriately low level the probability that the aggregate of uncorrected and undetected misstatements exceeds the pre-determined materiality level for that particular class of transactions, account balance or disclosure.

108.45 ANAO Audit Manual – FSASG Specific policy provides for the FSASG GED to determine particular materiality for specific items. Where such a determination is made, it will be communicated formally by the FSASG GED or via a PSG Technical Update or other communication mediums. The absence of a determination of particular materiality for any item does not relieve the Engagement Executive/Signing Officer of the responsibility to determine particular materiality where appropriate to their individual audit.

Australian Government Consolidated Financial Statements

108.46 The materiality for any individual audit cannot exceed the materiality for the CFS of the Whole of Government. Accordingly, the Engagement Executive for the CFS recommends to the Auditor-General the overall materiality level (a single dollar amount) for the CFS audit and the maximum materiality level or levels to be applied on all ANAO audits that are components of the CFS. The CFS Engagement Executive will formally advise the maximum materiality level or levels to all Engagement Executives and PSG as soon as practicable after the decision.

Materiality considerations for entities with disproportional financial statements

108.47 Some Commonwealth entities have one account balance or class of transactions that is significantly larger than the remainder of the financial statements. When selecting the appropriate benchmark for determining overall materiality, the audit team’s judgement should be driven by what they consider to be the primary area of interest to users. If the benchmark selected includes the significantly large line item resulting in a high overall materiality figure compared to the remainder of the financial statements, the audit team also needs to consider if there are further areas of interest to users that require a particular materiality to be determined at a lower level for those line items.

108.48 The audit team may also consider that some line items are not focus areas for users and do not require a particular materiality level to be set. However, the audit team may consider that these line items contain an unacceptable level of risk and performing limited audit procedures over them is not appropriate. For these line items/risk areas, the audit team’s response may be to determine a lower performance materiality level by applying a larger haircut, which will drive further audit procedures and increase the level of assurance gained. Judgements made and the supporting considerations in the above scenarios should be documented clearly in the audit file.

Revising materiality levels

108.49 The auditor’s initial assessment of materiality and audit risk may change after evaluating the results of audit procedures. This could be because of a change in circumstances, new information or because of a change in the auditor’s knowledge as a result of performing audit procedures.

108.50 The levels of overall materiality, performance materiality and materiality for particular items need to be revised when the auditor becomes aware of information during the audit that would have resulted in a lower materiality at planning. In addition to the flow-on effect of changes in overall materiality, performance materiality and materiality for particular items to the clearly trivial threshold, such information may also require the auditor to revise the clearly trivial threshold percentage in accordance with ANAO Audit Manual – FSASG Specific Chapter 111 Evaluating Misstatements.

Minimum documentation

108.51 To meet the policy requirement of documenting the professional judgements made regarding materiality, the documentation of the rationale in determining materiality levels should include:

  1. how the individual circumstances of the entity were taken into account;
  2. the benchmark and rule of thumb percentage used;
  3. reasons for selecting the benchmark and the percentage used;
  4. the rationale for selecting the haircut for determining performance materiality; and
  5. the reason(s) for determining a different materiality for particular items (if any).

108.52 Changes to the preliminary judgment about materiality are to be documented and approved by the Engagement Executive/Signing Officer.

108.53 ASA 320 requires the audit file to include evidence that overall materiality, performance materiality, and materiality for particular items (if any) were discussed by the engagement team and the decisions made (including any revisions) to be communicated to the team. This should be achieved by including a materiality discussion on the agenda of the planning meeting, documenting the procedures performed to determine materiality and by the Engagement Executive’s planning sign-off.

108.54 Chapter 105 Project Managed Audits in the ANAO Audit Manual – FSASG Specific requires audit files to contain evidence that decisions on materiality and the professional judgements exercised for contracted-out audits are those approved by the Signing Officer/Engagement Executive.

Communicating materiality to auditees

108.55 As a matter of ANAO policy, materiality levels determined for application on an audit are ordinarily not to be communicated to the auditee. The reason for this approach is to avoid situations where the auditee deliberately structures transactions to avoid audit scrutiny or responds to our request for adjustments to be made to the financial statements based on our materiality decisions. This is consistent with the requirements in the standards for auditors to request that all errors accumulated during the audit (i.e. those above clearly trivial) are corrected by the auditee and for auditors to include some unpredictability in their audit work.

108.56 Where requested by an auditee, a materiality parameter may be advised verbally to, for example, the chair of an audit committee. The extent to which we communicate materiality will be a matter of judgment for individual Signing Officers.

108.57 Nevertheless, it is appropriate to give an auditee and its management a general explanation of the concept of materiality and how materiality is applied on the audit, including mention of overall and performance materiality and items that we regard as material by nature. It is also important to communicate that there may also be qualitative factors which impact on the assessment of whether misstatements identified during the audit are material. Auditees should be reminded that we will be requesting that they correct all audit adjustments communicated to them during the audit, and that the reason for this is that it represents a safeguard against accumulated undetected misstatements that may exist in the financial statements.

109. Communicating the audit strategy

Background

109.1 The auditing standards require the auditor to establish an overall audit strategy that sets the scope, timing and direction of the audit and that guides the development of the audit plan.25 Care is required to ensure that in communicating a strategy, the audit is not compromised (for example, by making procedures too predictable).

109.2 An overview of the audit strategy is therefore communicated to the auditee. This will help meet the needs of the auditee regarding information about the audit.

Policy

109.3 An overview of the audit strategy shall be communicated to Those Charged With Governance (TCWG).

109.4 For financial statements audits that are material to Whole of Government, the audit strategy shall be communicated in writing.

109.5 For other audits, the audit strategy shall be communicated either in writing or orally. Where communicated orally, that communication shall be documented.

109.6 The following matters shall be communicated, as a minimum:

  1. a reference to the terms for the audit engagement and the date at which they were formalised;
  2. an overview of the planned scope and timing of the audit;26
  3. the form, timing and expected general content of communications;27
  4. the identity of the members of the audit team and, if applicable, the EQR Executive for the audit; and
  5. either:
    1. for engagements where no fee is payable, the expected audit cost; or
    2. for engagements where a fee is payable, the expected audit fee.

Guidance

Timing for communication of the overview of the audit strategy

109.7 To create the audit strategy, the engagement team should have enough knowledge of the auditee to enable the team to determine the approach to be adopted in the audit of the financial statements. For continuing audit engagements, the team may be in a position to document the audit strategy at the completion of the previous year’s audit. However, where the engagement team has changed or where there have been changes within the auditee, the development of the audit strategy might be somewhat later in the planning phase.

109.8 It may be necessary to speak to TCWG as a step in forming the strategy. This will help ensure that the auditee concurs with our assessment of the various risks affecting the organisation.

The overview of the audit strategy

109.9 The content and detail of the audit strategy will depend on the size and nature of the auditee, and this will affect the information communicated to them.

109.10 The overview of the planned scope of the audit should include:28

  1. an analysis of significant risks and how the audit proposes to address them, including:
    1. new external or internal factors which may significantly affect the auditee;
    2. significant accounting and auditing issues relevant to the financial statements, including changes in reporting requirements;29 and
    3. where relevant, audit activity proposed for significant organisational units/geographical locations.
  2. the audit’s approach to internal control relevant to financial reporting, including:
    1. where IT is significant, the broad approach to the audit of major IT applications;
  3. the impact of status of unresolved audit findings and their impact upon the audit;
  4. the application of the concept of materiality and how it impacts on the audit; and
  5. where there is an internal audit function, the planned use of the internal audit.

109.11 Communication of the timing of the audit would include agreeing a timetable for the various phases of the audit to the timing of audit procedures.

109.12 It is appropriate to communicate information on performance audits planned for the auditee during the audit cycle, after clearance by the relevant Engagement Executive in the Performance Audit Services Group (PASG) and their impact, if any, on the financial statements audit.

Form of communication

109.13 Audit Strategy Documents issued, including those for contracted-out audits, should be identifiably an ANAO document in appearance. This is achieved through the use of ANAO Audit Strategy Document and Covering E-mail templates, though these templates are not required by the Audit Manual. For contracted-out audits, refer to paragraph 105.29 for the policy on jointly badged documents.

109.14 Proforma audit strategy documents are located in TeamStore.

Engagement performance — execution

Chapters 110 to 115

110. Lead schedules

Background

110.1 Lead schedules are the mechanism by which each line item in the financial statements is linked to its general ledger accounts and the audit procedures performed.

Policy

110.2 Lead schedules shall be used to agree each line item in the final financial statements to its component general ledger accounts.

110.3 Lead schedules shall include the final analytical review performed on the line items in the schedule.

110.4 The lead schedule shall include a conclusion as to whether sufficient appropriate audit evidence has been obtained to provide reasonable assurance that the line item and its related disclosure are not materially misstated.

Guidance

110.5 Final analytical review is performed as an overall review of the financial statements at the end of the audit to assess whether the financial statements are consistent with our understanding of the entity. It includes a comparative analysis of the current year balance to the prior year and identifies and explains significant variances.

111. Evaluating misstatements

Background

111.1 In considering misstatements identified during the audit, the auditor’s objective under ASA 450 Evaluation of Misstatements Identified during the Audit is to evaluate:

  1. the effect of identified misstatements on the audit; and
  2. the effect of uncorrected misstatements, if any, on the financial statements.

Policy

Accumulation of misstatements

111.2 All misstatements identified shall be accumulated, except those that are ‘clearly trivial’.

111.3 A misstatement is clearly trivial if it is clearly inconsequential, whether taken individually or in aggregate and whether judged by any criteria of size, nature or circumstances. The Signing Officer shall approve an amount below which identified misstatements are ‘clearly trivial’. The amount is to be the lower of:

  1. 0%, 3% or 5% of overall materiality consistent with the guidance at paragraph 111.17; and
  2. 0.1% of the CFS overall materiality level, unless a different amount is approved by the Auditor-General.

111.4 When obtaining the Auditor-General’s approval for the CFS overall materiality threshold, the FSASG Engagement Executive for the audit of the CFS shall obtain approval from the Auditor-General on the impact of the CFS overall materiality level on the clearly trivial threshold for FSASG financial statement audits under 111.3(b). The CFS Engagement Executive shall inform the FSASG Signing Officers and PSG GED of the approved threshold.

111.5 Paragraph 111.3 does not apply to the audit of the CFS, and the clearly trivial threshold for CFS shall be approved by the Auditor-General.

111.6 Paragraph 111.3 does not apply to misstatements in items identified by policy as material by nature or presentation and disclosure misstatements. These misstatements shall be judged to be clearly trivial where, after assessing the nature and circumstance of the misstatement, it is assessed to be clearly inconsequential either individually or in aggregate.

Consideration of identified misstatements as the audit progresses

111.7 As the audit progresses, audit teams shall evaluate the effect of accumulated misstatements, including those corrected by management, on:

  1. the overall audit strategy and audit approach; and
  2. the amount at which the clearly trivial threshold has been set.

111.8 The audit strategy and approach shall be revised if the nature of identified misstatements (including corrected misstatements) and the circumstances of their occurrence indicate that:

  1. other misstatements may exist that, when totalled with accumulated misstatements, could be material; or
  2. deficiencies in internal control not previously identified give rise to additional risk of material misstatement.
Communication and correction of misstatements

111.9 All accumulated misstatements shall be reported to the appropriate level of management. Management shall be requested to adjust accumulated misstatements in the financial statements.

Evaluating the effect of uncorrected misstatements

111.10 Uncorrected accumulated misstatements shall be assessed, both individually and in aggregate, and a conclusion made as to whether they are material to the financial statements (refer to Materiality Policy, paragraph 108.3).

111.11 Uncorrected accumulated misstatements relating to items identified as material by nature or presentation and disclosure shall be evaluated by assessing the nature of the item or disclosure, the nature of the misstatements and the circumstances of their occurrence rather than against overall materiality.

Communication with those charged with governance

111.12 The audit team shall communicate to TCWG all uncorrected misstatements, including uncorrected misstatements related to prior periods that continue to impact upon the financial statements, and the effect that they, individually or in aggregate, may have on the opinion in the auditor’s report. Uncorrected misstatements that may contribute to a material misstatement shall be identified individually, as their impact on the audit opinion will need to be considered. The auditor shall request that uncorrected misstatements be corrected.

Misstatements below the clearly trivial threshold

111.13 Factual misstatements of 0.02% or more of the CFS overall materiality which are below the clearly trivial threshold (‘other misstatements’) shall be communicated to management with a record of the misstatement and communication in the audit file.

Documentation

111.14 The auditor shall document the clearly trivial threshold, each misstatement that is to be accumulated, each other misstatement, and conclusions as to whether the misstatements are material individually or in aggregate.

Prior period misstatements identified in the current audit

111.15 During the course of an audit, teams or the auditee might discover misstatements that relate to prior periods. In such circumstances, the auditor shall:

  1. evaluate the effect of uncorrected misstatements related to prior periods, taking into account the newly-discovered misstatements; and
  2. consider the requirements of ASA 560.

111.16 Material prior period misstatements require consultation as per ANAO Audit Manual - Shared Content paragraph 8.17.

Guidance

Determining a threshold for misstatements that are ‘clearly trivial’

111.17 The Signing Officer for the audit should approve an amount below which identified misstatements are ‘clearly trivial’ and is permitted to set that amount in the range of 0% to 5% of overall materiality, consistent with the following guiding factors supporting a clearly trivial threshold, to a maximum of 0.1% of the CFS overall materiality level:

Threshold (% of overall materiality)

History of misstatements

Risk assessment

Management and audit committee expectation of misstatements to be communicated

0%

Frequent and material

High engagement risk. Numerous significant risks identified.

All misstatements regardless of amount.

3%

Frequent but not material

Generally, several additional significant risks identified beyond the presumed significant risks of revenue recognition and management override.

Misstatements less than 5% of overall materiality.

5%

Occasional and not material

Generally, several risks of material misstatement that show a higher but not significant level risk of material misstatement or few additional significant risks other than the presumed significant risks of revenue recognition and management override.

Misstatements about 5% of overall materiality
Accumulation of identified misstatements

111.18 Misstatements that are not clearly trivial are accumulated in the ‘Overs and Unders Schedule’ for referral to the auditee.

111.19 To help in evaluating the effect of misstatements, misstatements should be accumulated as follows:

  1. factual misstatements: the amount of the misstatement is known;
  2. judgmental misstatements: differences arising from the judgements of management about accounting estimates that the auditor considers unreasonable, or the selection or application of accounting policies that the auditor considers unreasonable;
  3. projected misstatements: the auditor’s best estimate of misstatements in populations based on projections of misstatements in sampling. Note that as projected misstatements are only an estimate of misstatements, management should not adjust the financial statements without further investigation and determining the actual misstatement; and
  4. material by nature
Consideration of identified misstatements as the audit progresses

111.20 A misstatement may not be an isolated occurrence. A misstatement arising from a breakdown in internal control may indicate that other misstatements also exist. Similarly, an inappropriate assumption identified in one measure may suggest that misstatements exist in other measures using the same assumption.

111.21 Where frequent and/or material misstatements have been identified during the engagement, the auditor should consider if the clearly trivial threshold should be revised downwards if initial expectations about the level of misstatements in the subject matter were too low. If we identify an increased number of misstatements below the original clearly trivial posting level, we may need to decrease it until we are satisfied that misstatements below the designated amount, either individually or aggregated with other adjustments, would be trivial to the financial statements.

111.22 If aggregate misstatements accumulated during the audit approach materiality threshold, the risk increases that the accumulated misstatements taken together with possible undetected misstatements could exceed the materiality threshold. In these situations, the audit team needs to consider whether the audit strategy or audit plan need to be reconsidered to reduce this risk. The Engagement Executive may consider explaining to management (and, if considered appropriate, TCWG) the implications on the audit when misstatements are not corrected and strongly encourage them to correct all misstatements above the clearly trivial threshold.

Communication and correction of misstatements

111.23 The audit team should promptly advise all accumulated misstatements, uncorrected misstatements related to prior periods, to the appropriate level of management and request that they be corrected. The appropriate level of management is the one that has responsibility and authority to evaluate the misstatements and to take the necessary action.

111.24 Should management not correct a misstatement, the auditor shall obtain an understanding of management’s reasons and use that understanding when evaluating the impact on the financial statements as a whole. If the effect of the unadjusted misstatements is material, a modified audit report will need to be considered.

111.25 Uncorrected misstatements that do not contribute to a material misstatement may be advised in aggregate in appropriate cases. Communication with TCWG is discussed further in the Closing Letter policy (refer to paragraph 122.4).

111.26 The audit team needs to be alert to the possibility that the correction of a prior period misstatement by adjustment of the current year’s figures might give rise to a material misstatement in the current year’s figures (i.e. the adjustment causes the current year figures to be materially different to what they would have been had there been no error in the current and prior periods). In this situation, retrospective restatement will be necessary. The techniques most commonly used to guard against this possibility are generally referred to as the “rollover” and “iron curtain” methods.

111.27 The audit team should use the rollover method when assessing the materiality of uncorrected misstatements.

111.28 The rollover method quantifies a misstatement based on the amount of the error originating in the current year statement of comprehensive income. This method considers that differences not considered in the period in which they arise may be offset against the misstatements in the ‘Overs and Unders Schedule’ of the subsequent period.

111.29 Guidance on how to use the rollover method is available in the Online Audit Guide paragraph 8204.3 entitled ‘Methods of Assessing Uncorrected Misstatements of Current and Prior Periods.

Evaluating the effect of uncorrected misstatements

111.30 Before the evaluation of the effect of uncorrected misstatements, the audit team shall re-examine materiality determined during the planning stage (Refer to Chapter 108 Materiality) based on the actual financial results to confirm whether it remains appropriate.

111.31 The circumstances related to some misstatements may cause the auditor to evaluate them as material, individually or when considered together with other misstatements accumulated during the audit, even if they are lower than materiality for the financial statements as a whole – for example, the extent to which a misstatement affects compliance with regulatory requirements. Further examples are included in the ‘Application’ and ‘Other Explanatory Material’ sections of ASA 450.

111.32 When reviewing individual misstatements, the auditor should assess quantitative and qualitative materiality by considering, for example, whether the item:

  1. affects compliance with regulatory requirements;
  2. affects compliance with debt covenants or other contractual requirements;
  3. relates to the incorrect selection or application of an accounting policy that has an immaterial effect on the current period’s financial report but is likely to have a material effect on future periods’ financial reports;
  4. masks a change in earnings or other trends, especially in the context of general economic and industry conditions;
  5. affects segment information presented in the financial report (for example, the significance of the matter to a segment or other portion of the entity’s business that has been identified as playing a significant role in the entity’s operations or profitability);
  6. has the effect of increasing management remuneration, for example, by ensuring that the requirements for the award of bonuses or other incentives are satisfied;
  7. is significant having regard to the auditor’s understanding of known previous communications to users, for example, in relation to forecast earnings;
  8. relates to items involving particular parties (for example, whether external parties to the transaction are related to members of the entity’s management);
  9. is an omission of information not specifically required by the applicable financial reporting framework but which, in the judgement of the auditor, is important to the users’ understanding of the financial position, financial performance or cash flows of the entity; or
  10. affects other information to be included in the entity’s annual report (for example, information to be included in a ‘Management Discussion and Analysis’ or an ‘Operating and Financial Review’) that may reasonably be expected to influence the economic decisions of the users of the financial report. ASA 720 paragraph 16 deals with the auditor’s responsibilities relating to other information.

These circumstances are only examples; not all are likely to be present in all audits, nor is the list necessarily complete. The existence of any circumstances such as these does not necessarily lead to a conclusion that the misstatement is material.

111.33 Evaluating misstatements is discussed further in Online Audit Guide 8204.

Evaluating the effect of uncorrected misstatements in items that are material by nature and presentation and disclosure misstatements.

111.34 As outlined in Chapter 108, in an audit there may be items that are identified as material by nature due to either:

  1. the users’ interest in the item; or
  2. the financial reporting framework requiring disclosures for certain items regardless of the amount and materiality.

111.35 If a misstatement is identified in an item that is material by nature, it cannot be evaluated based on size alone and misstatements below the clearly trivial threshold may be accumulated. A misstatement identified by the audit team for a financial statement line item or disclosure will not always be classified as material. The evaluation of misstatements in items that are material by nature involves a high degree of professional judgment. This is also the case for presentation and disclosure misstatements.

111.36 If a misstatement is identified in:

  1. an item that is material by nature due to the requirements of the financial reporting framework; or
  2. the presentation and disclosure of the financial statements,

the auditor needs to consider if the misstatement or omission impacts the entity meeting its financial reporting requirements. For example, appropriations are considered to be material by nature in the PGPA FRR 2015 and as such, information for Special Accounts is required to be disclosed regardless of whether the amounts are considered to be immaterial.

Written representations

111.37 The auditor is required to request a written representation from management and, where appropriate, TCWG about uncorrected accumulated misstatements (refer to the Representation letters policy, paragraph 113.1).

Misstatements below the clearly trivial threshold

111.38 Other misstatements of 0.02% or more of the CFS overall materiality which are below clearly trivial, are communicated to management outside of the purposes of ASA 450 and should not have an impact on the audit if they remain uncorrected, as they are clearly trivial. There is no requirement to communicate in writing to senior executives, and the means and audience for the communication will depend on the nature and risk of the misstatement. It is at the discretion of the Engagement Executive whether ‘other misstatements’ are also communicated to TCWG.

111.39 The purpose of communicating other misstatements is to inform management of misstatements that we have identified, regardless of the impact on the audit. This information allows management to properly maintain their accounts and records and may alert them to other underlying issues that the audit team is not aware of.

111.40 Where the clearly trivial threshold is below 0.02% of the CFS’ overall materiality, there is no requirement to communicate misstatements below the clearly trivial threshold to management.

Minimum documentation

111.41 The following information should be documented:

  1. the amount below which misstatements would be regarded as clearly trivial;
  2. all misstatements accumulated during the audit and whether they have been corrected;
  3. in a schedule either separate to or part of the Overs and Unders Schedule, all ‘other misstatements’; and
  4. the auditor’s conclusion as to whether uncorrected misstatements are material, individually or in aggregate, and the basis for that conclusion.
Identified misstatements that relate to prior periods

111.42 The nature and extent of uncorrected and corrected misstatements identified in prior years are taken into account when setting performance materiality and the audit approach for the current year’s audit. Further, uncorrected misstatements from the prior year are carried forward to the current year’s Overs and Unders Schedule to ensure that current year and prior year errors do not accumulate to a material misstatement in the current year.

111.43 During the course of an audit, the audit team or the auditee might discover misstatements that relate to prior periods. Should this happen, the audit team should:

  1. promptly obtain sufficient appropriate evidence to determine whether the misstatement is material to the prior period30 and if so, take the actions required by ASA 560;
  2. consider the implications for the current year’s audit approach; and
  3. consider the implications of correction in the current year.
Determining whether a newly-discovered prior period misstatement identified in the current year is material

111.44 When a prior period misstatement is newly discovered, the evaluation of misstatements for the prior year should effectively be re-performed, consistent with ASA 450 (including considering whether the misstatement is an isolated instance.)

111.45 The identification of a prior period misstatement that is material is a ‘fact which becomes known to the auditor after the date of the auditor’s report that, had it been known to the auditor at that date, may have caused the auditor to amend the auditor’s report.’ The Engagement Executive should refer to ASA 560 paragraphs 14 to 17 and to ASA 706 Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report (ASA 706) paragraphs 8 and A4-A5 which include considerations relating to the re-issue of the financial statements and the auditor’s report. The Engagement Executive should consider and document the following points in addition to the requirements of ASA 560 when consulting with the FSASG GED and when making a recommendation for required action regarding a prior period material misstatement:

  1. the pervasiveness of the misstatement(s) – if the misstatement is both material and pervasive to the financial statements (as defined in ASA 705 Modifications to the Opinion in the Independent Auditor’s Report), it is expected that the financial statements will be amended and reissued and our auditor’s report reissued.31
  2. the timing of the identification of the material misstatement – if the planned issuance date of the financial statements and auditor’s report for the current period is imminent, it may not be necessary to reissue the prior period financial statements, provided appropriate disclosures are made in the current financial statements;32
  3. the action to be taken to notify users of the prior period error, such as communicating to the Minister or Parliament or reporting to the Minister and Parliament under section 25 or 26 of the A-G Act; and
  4. for audits conducted under the Corporations Act, the material misstatement may result in a section 311 breach (refer to Chapter 120 Auditor’s Reporting Obligations under Section 311 of the Corporations Act.)

111.46 Note that ASA 560 paragraphs 10 to 13 address the situation where the auditor’s report has been signed but the financial statements have not yet been tabled in Parliament (issued). In this situation, the ANAO expects that the financial statements will be corrected and re-signed, and a new auditor’s report issued and dated.

Impact on the current audit approach

111.47 As noted at paragraph 111.42, the nature, extent and circumstances of identified and uncorrected prior period misstatements are considered in planning the current year’s audit approach and setting performance materiality, and their amounts are added to the Overs and Unders Schedule.

111.48 Similarly, newly discovered prior period misstatements, whether material or not, will require the audit approach and performance materiality to be re-examined (and if necessary amended) and are also added to the Overs and Unders Schedule.

111.49 It is necessary to consider and document:

  1. the nature of the prior period misstatement and the circumstances of its occurrence;
  2. if the misstatement is indicative of a deficiency in controls previously not identified that should be raised as an audit finding;
  3. if there is a deficiency in prior year’s audit procedures that needs to be resolved in the current audit cycle; and
  4. if the current cycle audit approach needs to be modified to ensure that there are no other misstatements previously unidentified.
Correction in the current year

111.50 If the misstatement was material to a prior period and the financial statements were not re-issued, the auditee is required to correct the misstatement retrospectively by presenting corrected figures as comparative information in the current year’s financial statements and making the necessary disclosures, consistent with AASB 108 Accounting Policies, Changes in Accounting Estimates and Errors. The auditee may also be required to present a third balance sheet consistent with AASB 101 Presentation of Financial Statements.

111.51 In this situation, an Emphasis of Matter paragraph may need to be included in our current period auditor’s report where the correction and disclosure is fundamental to users’ understanding of the financial statements.33 This may be the case where the correction significantly amends the net result for the period or where an administered item is involved. This is a matter of judgement, and the Engagement Executive should consult with the FSASG GED before following the QTAC referral process.

111.52 As noted at paragraph 111.26, it may also be necessary to retrospectively correct misstatements that are not material to the prior period to avoid a material misstatement to current year figures.

Comparatives not corrected

111.53 If a material misstatement exists in prior period financial statements on which an unmodified opinion was issued and the comparative figures have not been properly restated or appropriate disclosures made, ASA 710 Comparative Information – Corresponding Figures and Comparative Financial Reports requires the auditor to express a modified opinion in the current period’s auditor’s report with respect to the comparative figures.34

Definitions

111.54 Misstatement – a difference between the amount, classification, presentation, or disclosure of a reported financial statement item and the amount, classification, presentation, or disclosure that is required for the item to be consistent with the applicable financial reporting framework. Misstatements can arise from error or fraud.

111.55 Accumulated misstatements – misstatements which are above the clearly trivial threshold and misstatements that are discovered in items identified as material by nature and presentation and disclosure (except those that are clearly inconsequential to the audit.)

111.56 Other Misstatements –misstatements which are equal to or greater than 0.02% of the CFS’ overall materiality but below the clearly trivial threshold.

111.57 Overs and Unders schedule - a schedule used to record accumulated misstatements, which provides a summary of:

  1. all unadjusted audit differences above the clearly trivial threshold, aggregating the combined effect of the differences identified; and
  2. all adjusted differences above the clearly trivial threshold.

111.58 Adjustments identified and corrected as a result of the auditee’s own procedures are not considered as adjusted differences and therefore do not have to be posted to the Overs and Unders schedule.

111.59 Minimum posting level – the term ‘minimum posting level’ means the same as the clearly trivial threshold.

111.60 Clearly trivial – matters that are clearly trivial will be of a wholly different (smaller) order of magnitude than materiality used in planning and performing the audit, and will be matters that are clearly inconsequential, whether taken individually or in aggregate and whether judged by any criteria of size, nature or circumstances. Further, whenever there is uncertainty about whether one or more items are clearly trivial, the auditor ordinarily presumes the item is not clearly trivial.

112. ANAO’s responsibilities regarding an entity’s annual report

Background

112.1 This policy deals with making sure that the Auditor’s Report and Audited Financial Statements published in the entity’s Annual Report and on the entity’s website:

  1. are as they were signed;
  2. are clearly differentiated from other information in the Annual Report; and
  3. are not inconsistent with that other information.

Policy

112.2 This policy shall apply to both printed material and material published on the entity’s website.

112.3 The engagement team shall ensure that the audit file allows the definitive version of the audited financial statements and auditor’s report to be readily identified. This shall be achieved by either of the following methods.

  1. Where, under either the PGPA Act or this Audit Manual, a copy of the financial statements and auditor’s report thereon has been provided by the ANAO to the auditee’s responsible Minister, that email with attached documents shall be placed on the audit file and is taken to be definitive.
  2. Where the circumstances of the engagement do not require the financial statements and auditor’s report thereon to be communicated to the responsible Minister, the definitive final version of those documents shall be clearly marked as such and placed in the audit file..

112.4 The engagement team shall obtain a copy of the audited financial statements and the auditor’s report thereon in their final pre-publication form (both for printing and publishing on the entity’s website and/or https://www.transparency.gov.au) and confirm that each is consistent with the definitive copy of the financial statements and the signed auditor’s report.

112.5 The engagement team shall verify that information in the Annual Report which is not covered by the audit opinion is clearly differentiated from the audited financial statements, and if it is not, shall take the follow-up action required by ASA 700 Forming an Opinion and Reporting on a Financial Report.

112.6 The engagement team shall review the Annual Report for material inconsistencies with the audited financial statements and material misstatements of fact consistent with ASA 720 The Auditor’s Responsibilities Relating to Other Information.35

112.7 The published audited financial statements and auditor’s report shall be checked against the definitive copy of the financial statements and the signed auditor’s report. If discrepancies are discovered, appropriate follow-up action to address the discrepancies shall be taken consistent with ASA 720.36

112.8 If the auditee will not adjust the Annual Report for material misstatements or inconsistencies between signed financial statements and the Annual Report on the internet, the matter shall be referred to QTAC.

Guidance

Definitive copy of audited financial statements and auditor’s report

112.9 Having a policy to establish the definitive copy of the audited financial statements ensures there is always a copy of the financial statements which can be readily identified as the audited document. The definitive copy of the audited financial statements and the audit report are used to verify the content of the entity’s annual report and supports the audit of comparatives in future periods.

112.10 In almost all cases, the PGPA Act or this policy manual will require financial statements and auditor’s reports to be provided to the responsible Minister. In those cases, it will not be necessary to certify the financial statements as the version communicated to the Minister is considered to be definitive. The main exception to this arrangement would be where audits or reviews of financial statements are performed on a section 20 basis, where the arrangement entered into with the auditee does not require the ANAO to provide a copy of the financial statements or auditor’s report to the responsible Minister.

112.11 Where it is necessary to certify a copy of the financial statements and auditor’s report, at a minimum, the first page of the financial statements shall be, either digitally or physically:

  1. stamped with an ‘ANAO’ stamp or marked ‘certified’; and
  2. signed by the audit manager, Engagement Executive or Signing Officer and dated.
Pre- and post-publication accuracy checks

112.12 Responsibility for the publication of the audited financial statements and auditor’s report rests with management. Nevertheless, the ANAO applies the policies at paragraphs 112.4 and 112.7 given the importance of the audited financial information.

Clear differentiation from other information in annual report

112.13 ASA 700 requires clear differentiation of audited information from other information in the Annual Report.

112.14 If supplementary information that is not required by the applicable financial reporting framework is presented with the audited financial statements and is not clearly differentiated, the auditor may need to explain in the auditor’s report that such supplementary information has not been audited. Such matters should be referred to QTAC.

112.15 Supplementary information that is not required by the applicable financial reporting framework but is nevertheless an integral part of the financial statements because it cannot be clearly differentiated from the audited financial statements due to its nature and how it is presented may be covered by the audit opinion. For example, this would be the case when the notes to the financial statements include an explanation of the extent to which the financial statements comply with another financial reporting framework. In circumstances where the requirements on a specific audit are unclear, advice should be sought from PSG.

112.16 The audit opinion would also cover notes or supplementary schedules that are cross-referenced from the financial statements. The standard provides guidance on how this differentiation might be made. An example would be removing any cross references from the financial statements to unaudited supplementary schedules or unaudited notes so that the demarcation between the audited and unaudited information is clear enough. Unaudited notes that are intermingled with the audited notes can be misinterpreted as being audited.

Material inconsistencies and misstatements of fact

112.17 ASA 720 deals with these aspects. It covers:

  1. reading other information;
  2. material inconsistencies; and
  3. material misstatements of fact.

112.18 It is more difficult to rectify inconsistencies identified once the financial statements have been published as there may be unknown users placing reliance on the financial statements to make decisions. Therefore, it is important that this procedure is conducted in a timely manner. Close liaison with the auditee after the signing of the audit opinion is suggested to identify to the auditee that the auditor is required to review final drafts before their publication.

112.19 There are many mandatory provisions in the standard. Of particular concern is that a material inconsistency may indicate that the financial statements might need amending, and if not corrected, may lead to a qualification of the auditor’s report.

112.20 Commonwealth entity annual reports include other (unaudited) financial summary information, as required by the PGPA Act. For this reason, the Annual Report needs to be examined consistent with ASA 720.

Publication of annual report on the entity web site

112.21 GS 006 Electronic Publication of the Auditor’s Report (GS 006) provides guidance to auditors on matters relating to the electronic publication of the auditor’s report, including management’s responsibility for appropriate differentiation of the audited information from other material.

113. Representation letters

Policy

113.1 All ANAO financial statements audits are to be supported by written representations (representation letters) consistent with the auditing standards and this policy.

113.2 Representation letters (RLs) shall be signed by management and, where appropriate, TCWG who have appropriate responsibilities for the financial report and knowledge of the matters concerned.

113.3 For ANAO mandated audits, representations are required from management (preferably including those who sign the financial statements) in the form of the relevant PSG template as follows:

  1. for non-corporate Commonwealth entities, the accountable authority and Chief Financial Officer (CFO) sign the Management Representation Letter (MRL);37 and
  2. for corporate Commonwealth entities and Commonwealth Companies, the Chief Executive Officer (CEO) and the CFO sign the MRL.38

113.4 The representations to be obtained shall include all representations required by the auditing standards and PSG templates.

113.5 The auditor shall obtain any additional written representations requested by the CFS audit team.

113.6 If management or TCWG refuse to provide a specific representation, the auditor shall:

  1. discuss the matter with management or TCWG, as appropriate;
  2. re-evaluate the integrity of management and TCWG and evaluate the effect that this may have on the reliability of representations, both oral and written, and audit evidence in general; and
  3. take appropriate action, including determining any additional effect on the auditor’s report (which in certain circumstances shall include a disclaimer of opinion).

113.7 The RL(s) shall be dated and signed the same date as the auditor’s report or as near as practicable to, but not after, that date.

Guidance

113.8 The auditor is required under the auditing standards to obtain written representations from management and, where appropriate from TCWG, that they believe they have fulfilled their responsibilities, and to support other audit evidence in the financial statements. The written representations are written statements from management and, where appropriate, TCWG to the auditor which attest to having fulfilled these responsibilities and may be used to confirm other specific audit matters. A RL may be used to focus management’s and TCWG’s attention on particular matters and thus cause them to specifically address those matters in more detail than would otherwise be the case.

113.9 Written representations are requested from those responsible for the preparation of the financial report. Those individuals may vary depending on the governance structure of the entity and relevant law or regulation; however, management (rather than TCWG) is often the responsible party. Written representations may therefore be requested from the entity’s chief executive officer and chief financial officer, or other equivalent persons in entities that do not use such titles. In particular circumstances, however, other parties, such as TCWG, are also responsible for the preparation of the financial report.

113.10 The auditor may conclude that written representations should be sought from TCWG (i.e. the board of directors of corporate Commonwealth entities and Commonwealth companies) as additional audit evidence to address a particular risk of material misstatement. Examples of such circumstances include:

  1. where the auditor believes that management have not discharged their responsibility for the preparation of the financial report; or
  2. where the auditor considers it necessary to request representations which only TCWG are able to provide; for example, representations that relate to strategic decisions by the Board of Directors which only directors are able to provide.

113.11 Each year, PSG releases updated MRL template that reflect the latest relevant changes to the accounting and auditing standards and the PGPA FRR 2015. These templates should be used and tailored for individual auditees, in particular where additional representations are required in the specific circumstances of an entity. Rarely, a representation in the PSG template may be omitted if it is not required by the auditing standards and is not relevant to the entity.

113.12 PSG does not maintain a template that can be used to obtain written representation from directors. When an Engagement Executive decides to obtain written representations from the directors of a corporate Commonwealth entity or a Commonwealth company, those written representations should be in accordance with the ANAO Auditing Standards. The Engagement Executive should consult with PSG before seeking written representations from directors.

113.13 When there is a delay between signing the RL(s) and the auditor’s report, the auditor should consider the necessity to undertake additional procedures to ensure that no matters have arisen subsequent to the date of the RL(s) which impact the auditor’s report.

113.14 Written representations provide necessary but not sufficient audit evidence; that is, a representation does not in itself provide sufficient appropriate audit evidence. Circumstances where other appropriate audit evidence does not exist are anticipated to be relatively rare. However, if they do arise, such circumstances can give rise to a limitation of scope and, where it is material, the matter should be referred to QTAC as per the ANAO Audit Manual - Shared Content paragraph 8.75.

113.15 If management or TCWG provide a representation which is contradicted by other audit evidence, the auditor should investigate the circumstances and as necessary reconsider the reliability of other representations made.

113.16 The auditor is required to disclaim an opinion on the financial statements if there is enough doubt about the integrity of management or TCWG. This occurs when the representations required are not reliable, or if the representations required by ASA 580 Written Representations paragraphs 10 and 11 are not provided.39 The matter should be referred to QTAC as per the ANAO Audit Manual - Shared Content paragraph 8.75.

113.17 In considering any additional effects on the auditor’s report as directed under paragraph 113.6, the auditor should consider if a refusal to provide representations impacts on the auditor’s requirement to form an opinion on matters as required by legislation. For example, under subsection 307(b) of the Corporations Act, the auditor is required to form an opinion as to whether all information, explanations and help necessary for the conduct of the audit have been given.

113.18 Pro forma representation letters are located in the TeamStore.

114. Selecting items for testing

Background

114.1 The means available to the auditor for selecting items for testing are:

  1. selecting all items;
  2. selecting specific items; and
  3. sampling (both statistical and non-statistical).

114.2 The means by which items are selected for testing should be determined by the most efficient and effective way to obtain the necessary audit assurance given the characteristics of the account, class of transactions or presentation and disclosure requirement.

114.3 In some situations, sampling may not be appropriate. For example, the auditor may use targeted testing or 100% selection of a population where individual items in a population are at amounts greater than performance materiality. In other situations, sampling may be less efficient than other acceptable alternatives because of the time it takes to examine a larger number of transactions.

114.4 When a decision is made to use audit sampling, the objective of the auditor ‘is to provide a reasonable basis for the auditor to draw conclusions about the population from which the sample is selected.’40

114.5 The ANAO uses both statistical and non-statistical sampling methods. The ANAO non-statistical sampling approach is based on statistical sampling principles. Typically, non-statistical sampling will be more efficient than statistical sampling.

Policy

114.6 The non-statistical sampling method shall be used when undertaking tests of controls.

114.7 Tests of controls shall be conducted using the control testing sampling template.

114.8 When testing controls on a rotational basis, sample size and selection must be consistent with this policy.

114.9 Exceptions identified when performing tests of controls shall be evaluated to determine whether the exceptions are isolated instances which can be remediated by the auditee.

114.10 Non-statistical sampling, targeted testing, accept-reject testing or a combination of these shall be used when conducting tests of details.

114.11 The Engagement Executive shall obtain approval from the FSASG GED before using statistical sampling method for tests of control and tests of details. The Engagement Executive shall document:

  1. the reason that it is considered necessary to use a statistical approach, which may include circumstances where it is expected that there is a high error rate in the population or that the account is materially misstated; or
  2. the basis on which they are satisfied that the team has access to sufficient expertise to design and execute a statistical sampling approach.

114.12 The Engagement Executive shall document their approval before any of the following sampling strategies are applied to an audit:

  1. a low or supplemental level of assurance is used to determine a representative sample size; or
  2. the ‘two-step revenue testing’ strategy.

114.13 The principal methods of selecting samples are: random selection, systematic selection and haphazard selection. Haphazard selection of items for testing shall only be used in rare and unusual circumstances. Each use of haphazard selection shall have a documented basis for why this approach was determined to be the most efficient and effective method and shall be approved by the Engagement Executive.

Guidance

114.14 The ANAO’s methodology for non-statistical sampling and other means of selecting items for testing is described in the Online Audit Guide in TeamMate and is supported by templates located in TeamStore.

114.15 The relevant references in the Online Audit Guide are:

  1. Test of Controls (Non-statistical Sampling) – section 5403;
  2. Test of Details (Non-statistical Sampling) – section 6201.4.1.6;
  3. Test of Details (Accept-Reject Testing) – section 6201.3.1; and
  4. Test of Details (Targeted Testing) – section 6201.2.
Statistical and non-statistical sampling

114.16 Although ASA 530 Audit Sampling recognises both non-statistical and statistical sampling, the ANAO’s preferred approach is the use of non-statistical audit sampling. The primary advantages of statistical audit sampling are a statistically derived sample size and a statistically determined evaluation of sampling risk.

114.17 However, the advantages of statistical sampling do not outweigh the primary disadvantages, which include the use of formal techniques to determine:

  1. sample size,
  2. the sample, and
  3. evaluate the results.

114.18 Ordinarily, the application of non-statistical sampling will result in a sample size comparable to the sample size resulting from an efficient and effectively designed statistical sample, considering the same sampling parameters. Therefore, a properly executed application of non-statistical audit sampling through the use of the test of details sampling template will generally be the preferable approach.

114.19 In rare and exceptional circumstances, the use of a statistical approach may be appropriate where the parameters of the population are outside the range supported by the test of details sampling template.

114.20 Samples chosen using the supplemental level of assurance, low level of assurance and ‘two-step revenue testing’ strategies will not provide sufficient substantive evidence on their own but may be suitable in certain parts of a broader audit strategy in certain circumstances. The supplemental level of assurance, low level of assurance and ‘two-step revenue testing’ strategies accept a higher level of sampling risk on the basis that audit evidence obtained from other audit procedures is contributing to the overall sufficiency of audit evidence. Further guidance on the levels of assurance to be obtained from different sampling approaches is provided at 6201.4 in the Online Audit Guide.

114.21 Audit documentation evidencing the Engagement Executive’s approval to use low or supplemental level or ‘two-step revenue testing’ strategies should identify, for each relevant financial statement line item:

  1. assertions to which the above sampling strategies will be applied to; and
  2. other audit procedures (tests of controls and/or substantive procedures) performed or to be performed that, when combined with the above sampling strategies, will provide the desired level of evidence and assurance at the financial statement line item assertion level.

114.22 Subject to clear documentation of all of the above considerations, the Engagement Executive’s approval can be documented by the use of a summary minute or through timely documented approval of the relevant Bridge and does not necessarily require the approval of each individual sampling template.

Stratification

114.23 In some circumstances it may be convenient to divide a population into monetary or risk-based strata. The population is divided into sub-populations or strata and each stratum is treated separately. The calculation of sample size and selection of the items for testing for each stratum is done separately.

Sample selection techniques

114.24 Random sampling – all items in the population have the same probability of being selected. The auditor selects a random sample by matching random numbers generated by a computer or selected from a random number table with sequentially numbered items in the population.

114.25 Systematic sampling – the auditor determines a uniform interval by dividing the number of physical units in the population by the sample size. A starting point is randomly selected in the first interval and one item is selected throughout the population at each of the uniform intervals from the starting point.

Judgemental selection

114.26 Haphazard sampling – a sample method that attempts to approximate a random selection by selecting sampling units without any conscious bias. This method of sample selection is not permitted in the ANAO unless the auditor obtains the prior approval of the Engagement Executive. A situation where haphazard selection might be approved is in the audit procedure of stock-taking from floor to record. The rationale and approval are required to be documented in the working papers.

114.27 Intentional bias – the auditor selects from the population based on some pre-determined criteria. The auditor consciously selects items which are believed to be representative. This form of selection is distinct from targeted testing which is a non-sampling substantive technique.

114.28 Block sample – involves the selection of some contiguous items; for example, items in sequence. It is common when conducting cut-off testing. This method of selection is a non-sampling technique and does not result in a representative sample.

Choosing a sample before period end (Interim testing)

114.29 Sampling populations will typically be for the full financial year. Where controls testing is to be performed before the end of the period, the auditor can estimate the total population and determine the sample size for the estimated population, and test those sampled items that have occurred at interim and test the remaining sample at final.

114.30 Should an auditor wish to draw a conclusion at a point in time before the period end, the population from which the sample is chosen needs to be defined at that point in time and the sample size generated accordingly.

Deviations and misstatements

114.31 The following paragraphs provide guidance on evaluating deviations and misstatements under the headings ‘controls testing’ and ‘substantive tests of detail’ respectively. When applying this guidance, regard should be given to ASA 530 paragraph 13, which requires the auditor to obtain a high degree of certainty that deviations or misstatements are not representative of the population by performing additional audit procedures.

Controls testing

114.32 The control testing sampling template is used for controls testing when using ANAO non-statistical sampling. Note that the sample sizes which are typically used in initial samples do not allow for any exceptions. The history of control deviations should be considered in deciding whether to use this approach.

114.33 If the auditee is able to fix identified control errors which are demonstrated to be isolated instances, the auditor can then select a ‘remediated sample’ and retest the control to form a conclusion on its effective operation. A ‘remediated sample’ is an additional sample selected from the population. The size of the remediated sample is smaller than the original sample and is generated by the control testing sampling template using the same initial parameters.

114.34 Remediation of errors is only appropriate where the auditee intends to revise all affected control events for the period and there is an intention to rely on these controls. Where the auditor is unable to determine if the exceptions are isolated instances which can be remediated, it may be possible to quarantine those transactions in which the errors where identified. For example, there may be a one-week period where a contractor was responsible for the operation of the control, and it is possible to exclude transactions for that week from the population. The auditor can then select a remediated sample excluding those transactions and retest the control to form a conclusion on the controls for that part of the population not excluded.

114.35 The Online Audit Guide contains guidance on assessing exceptions in internal control in sections 6101 and 6102.

Substantive tests of detail

114.36 The Online Audit Guide contains guidance on non-statistical sampling in sections 6201.4.1 and 6201.4.2.

114.37 The sections in this guidance on ‘Sample selection techniques’ and ‘Choosing a sample before period end’ also apply to sampling for substantive tests of detail.

Projecting errors of non-statistical sampling to the untested population

114.38 Difference estimation involves calculating the average error per sampling unit and multiplying this average by the number of items in the population. It is appropriate where the misstatements relate to the sampling unit itself and not to its monetary value. An example is a processing or shipping fee incorrectly applied to all orders regardless of value.

114.39 Ratio estimation should be used for projecting all other errors. It is done by projecting the percentage error in the sample across the population.

114.40 An anomalous misstatement may be excluded when projecting misstatements to the population and is added to the projected misstatement. The basis for concluding that an error is anomalous needs to be documented. The aggregate misstatement is a best estimate of misstatement in the population.

114.41 Factual misstatements discovered during sampling and projected misstatements need to be clearly distinguished and taken to the Overs and Unders Schedule. Factual misstatements are misstatements about which there is no doubt. The projected misstatement may not be reliable or accurate enough to determine the amount to be corrected by the auditee. In some cases it will be appropriate to request the auditee to investigate the factual misstatements and perform procedures to determine the amount of actual misstatement in the population to make appropriate adjustments (refer to Chapter 111 Evaluating misstatements.)

Targeted testing

114.42 Targeted testing is used when, in the auditor’s judgement, items within an account balance or class of transactions are individually significant. These items are separated from the population to which the auditor may then, if necessary, apply audit sampling.

114.43 Targeted testing is not audit sampling as it is not intended to be a representation of the whole population. Items to be tested are selected based on a characteristic, usually higher value or higher risk, and the purpose of the test is to draw a conclusion about the items tested. The results of audit procedures applied to items selected using target testing cannot be projected to the population.

114.44 The Online Audit Guide contains guidance on targeted testing at 6201.2.

Accept-reject testing

114.45 Accept-reject testing is a substantive test of detail and is appropriate to apply when the auditor is interested in a particular attribute of the population, rather than the monetary balance. It should not be used to gain assurance where multiple assertions are being tested, which include valuation or accuracy. Examples where this approach can be used include cut-off testing, testing the accuracy of inventory counts and testing outstanding cheques to see that they cleared after year end.

114.46 The results of accept-reject testing are not projected on the population but are used to draw conclusions across the population about the attribute being tested.

114.47 The Online Audit Guide contains guidance on accept-reject testing at 6201.3.

Supplemental level of assurance

114.48 Supplemental sampling provides limited confidence (and therefore limited evidence) and will not by itself provide sufficient substantive evidence at the assertion level. Therefore, supplemental sampling would only be used when sufficient other substantive procedures related to relevant financial statement line item assertions are performed.

114.49 The Online Audit Guide contains guidance on supplemental sampling testing at 6201.4.

Documentation

114.50 The applicable ANAO templates require the following to be documented about sample selection:

  1. objective of audit procedure;
  2. attributes of the population – for example, number of items, dollar value, date range, etc;
  3. means of testing – for example, statistical sample, non-statistical sample;
  4. how the sample size is enough to reduce sampling risk to an acceptably low level – refer to Appendices 2 and 3 of ASA 530 for further guidance; and
  5. rationale for sample selection technique.

115. Rotating control testing

Background

115.1 Under ASA 330 The Auditor’s Responses to Assessed Risks, the auditor must design and perform tests of controls when the auditor intends to rely on the operating effectiveness of controls in determining the nature, timing and extent of substantive procedures or where substantive procedures alone cannot provide sufficient appropriate evidence.

115.2 In certain circumstances, ASA 330 allows the auditor to rely on audit evidence obtained in previous audits about the operating effectiveness of controls that have not changed since they were last tested or controls that do not mitigate a significant risk.

115.3 Being able to rely on prior period evidence reduces audit effort in the current year without compromising the audit’s effectiveness.

Policy

115.4 The auditor shall use audit evidence from a previous audit about the operating effectiveness of specific controls unless:

  1. significant changes in those specific controls have occurred subsequent to the previous audit; and
  2. those specific controls mitigate a significant risk.

115.5 Where there have been no significant changes to controls referred to in paragraph 115.4, the auditor shall:

  1. test those controls at least once every third audit; and
  2. test some controls each audit to avoid the possibility of testing all the controls on which the auditor intends to rely in a single audit period with no testing of controls in the subsequent two audit periods.41

Guidance

Using audit evidence obtained in previous audits

115.6 Before the auditor uses the audit evidence from a previous audit about the operating effectiveness of specific controls, the auditor needs to establish the continuing relevance of the prior period evidence by considering:

  1. whether there have been significant changes in the control since the previous audit; and
  2. whether there have been changes in circumstances which make continued reliance on the control risk inappropriate.

115.7 The auditor should establish the continuing relevance of the prior period evidence by performing enquiry combined with observation or inspection.

115.8 The auditor should not rely on the operating effectiveness of specific controls where significant changes in those controls have occurred subsequent to the previous audit. If there have been significant changes that affect the continuing relevance of the audit evidence from the previous audit, the auditor should test the controls in the current audit.

115.9 The auditor needs to use their professional judgement to decide what constitutes a significant change. For example, if the auditor identified that a new sales order processing system had been introduced at the beginning of the period, this would be considered a significant change that would impact both manual and automated controls, rendering evidence from prior years irrelevant for the current period.

115.10 The longer the time elapsed since the testing of the controls’ operating effectiveness, the less assurance the results of prior year’s work may provide with regard to operating effectiveness in the current year. At a minimum, the auditor is required to test the operating effectiveness of the controls at least every third year, but there may be cases where the auditor decides to test the operating effectiveness of unchanged controls more frequently than every third year.

115.11 In general, the higher the risk of material misstatement, or the greater the reliance on controls, the shorter the time period elapsed, if any, is likely to be. Factors that may result in not relying on audit evidence obtained in previous audits or decrease the period for retesting a control, include the following:

  1. higher risk of material misstatement and greater reliance on the control;
  2. a deficient control environment;42
  3. deficient monitoring of controls;
  4. a significant manual element to the relevant controls;43
  5. personnel changes that significantly affect the application of the control;
  6. changing circumstances that indicate the need for changes in the control; and
  7. deficient general IT controls.

115.12 When there are a number of controls for which the auditor intends to rely on audit evidence obtained in previous audits, testing some of those controls in each audit provides corroborating information about the continuing effectiveness of the control environment. This contributes to the auditor’s decision about whether it is appropriate to rely on audit evidence obtained in previous audits.

115.13 Where the auditor plans to rely on controls, the auditor may consider testing at least some controls within each business process. However, in some circumstances, where the auditor has obtained evidence that the controls have not changed since they were last tested, the auditor may consider rotating controls testing on a business process basis, e.g. test controls within some processes in the current year audit and test within other processes in the next year. It would be inappropriate to completely rely on prior year testing for a business process if:

  1. there are higher risks associated with that business process;
  2. there is a significant manual element to the process; or
  3. if there are weak entity level controls or exceptions identified in prior year tests.
Information Technology General Controls

115.14 Because of Information Technology General Controls’ (ITGCs’) pervasive effect on application controls, the audit team needs to be more cautious about using audit evidence obtained in prior periods regarding the continued operating effectiveness of ITGCs. While it may not be necessary to test the operating effectiveness of every relevant ITGC each year, consider the extent of the intended reliance on automated application controls and the planned approach for testing the automated controls when determining the nature and extent of evidence needed about the operating effectiveness of ITGCs. For example, when the audit team’s approach contemplates high reliance on numerous automated application controls based on prior year evidence, at least relevant program change controls would ordinarily be tested in the current period to obtain sufficient evidence that the application controls have not changed.

Documentation

115.15 In order to evidence the consideration of the prior year audit evidence about the operating effectiveness of controls the audit team should include:

  1. the reasons why it is appropriate to place reliance on previous years’ audit evidence of the operating effectiveness of controls; and
  2. the results of the prior year testing.

115.16 The appropriate place to record this is in the relevant bridge in column “rotational testing”.

115.17 For further guidance on rotating control testing refer to Online Audit Guide 5406.2 “Three Year Rule for Controls Testing”.

Engagement performance — reporting

Chapters 116 to 122

116. Communicating audit findings

Background

116.1 The ANAO Auditing Standards define management and TCWG. In addition, legislation or other authority may require or permit audit findings to be reported to a responsible Minister and to Parliament.

116.2 The ANAO Auditing Standards require particular audit findings to be communicated to management and TCWG, respectively.

116.3 As required by the ANAO Auditing Standards, audit findings to be communicated to management include:

  1. deficiencies in internal control, including those to prevent or detect fraud;
  2. an actual or possible fraud;
  3. non-compliance with laws and regulations; and
  4. misstatements that are not clearly trivial for correction and material misstatements indicative of a deficiency in internal control.

116.4 The ANAO Auditing Standards require other communications to management in particular circumstances, including:

  • where going concern issues arise,
  • where other information accompanying the audited financial statements is materially misstated, and
  • when the auditor is an incoming auditor.

116.5 As required by the ANAO Auditing Standards, audit findings to be communicated to TCWG include:

  1. most of the audit findings communicated to management, including all significant deficiencies in internal control in writing;
  2. fraud involving management or certain others;
  3. intentional and material non-compliance involving management;
  4. audit matters (findings per this policy) of governance interest; and
  5. all uncorrected misstatements (see Chapter 111 Evaluating misstatements for further policy and guidance on communication of misstatements to TCWG.)

116.6 Audit findings are categorised according to the criteria in paragraph 116.7 below.

Policy

116.7 Audit findings shall be categorised using the following criteria:

Category A: Issues that pose a significant business or financial management risk to the entity. These include issues that could result in the material misstatement of the entity’s financial statements;

Category B: Issues that pose moderate business or financial management risk to the entity. These may include prior year issues that have not been satisfactorily addressed;

Category C: Issues that pose a low business or financial management risk to the entity. These may include accounting issues that, if not addressed, could pose a moderate risk in the future;

Category L1: Instances of significant potential or actual breaches of the Constitution; and instances of significant non-compliance with the entity’s enabling legislation, legislation that the entity is responsible for administering, and the PGPA Act;

Category L2: Other instances of non-compliance with legislation the entity is required to comply with, such as Occupational Health and Safety (OH&S) and privacy legislation; and

Category L3: Instances of non-compliance with subordinate legislation such as the PGPA FRR 2015.

Audit findings to be communicated to management

116.8 All audit findings categorised consistent with paragraph 116.7 above, shall be communicated to the appropriate level of management in writing.

Audit findings to be communicated to those charged with governance

116.9 As a minimum, audit findings in categories A, B, and L1 shall be communicated to TCWG in writing.

Audit findings to be reported to ministers

116.10 Category A, B and L1 audit findings shall be reported to the Minister in writing.

Audit findings to be reported to the Parliament

116.11 The content of Audit Reports on these matters to the Parliament is determined by the Auditor-General.

116.12 Where an Engagement Executive considers that information shall be excluded from a report to Parliament on the grounds that it is sensitive within the meaning of section 37 of the Auditor-General Act 1997, the Engagement Executive shall provide a recommendation to the Auditor-General for decision.

Rule for reporting audit findings to a higher level of authority

116.13 Audit findings shall be advised in writing to the appropriate level of management before being reported to the responsible Minister. Equally, the responsible Minister shall be advised in writing of audit findings before the audit findings are reported to Parliament.

Guidance

Appropriate level of management

116.14 The determination of the appropriate level of management requires consideration of the management structure of the entity and is a matter of professional judgement. Ordinarily, it would include the CFO (or equivalent) and can include those who have responsibilities for corporate functions and IT systems.

Sensitive information

116.15 Situations where information should not be included in public reports are detailed in section 37(2) of the A-G Act. Reasons that information is sensitive are:

  1. it would prejudice the security, defence or international relations of the Commonwealth;
  2. it would involve the disclosure of deliberations or decisions of the Cabinet or of a Committee of the Cabinet;
  3. it would prejudice relations between the Commonwealth and a State;
  4. it would divulge any information or matter that was communicated in confidence by the Commonwealth to a State, or by a State to the Commonwealth;
  5. it would unfairly prejudice the commercial interests of any body or person;
  6. any other reason that could form the basis for a claim by the Crown in right of the Commonwealth in a judicial proceeding that the information should not be disclosed.
Individual reports to ministers – interim and year end

116.16 Individual reports to Ministers need to include all information planned to be tabled in the relevant parliamentary report, being:

  1. Controls Report, or
  2. Year End Report.
Portfolio reports to ministers

116.17 The purpose of the year end portfolio report is to provide the Minister with a succinct report on the results of and major issues arising from financial statements audits of entities within the Minister’s portfolio, in addition to the audit findings. The report lists reporting entities within the Minister’s portfolio, indicating whether the audit reports are modified and whether significant issues arose during the audit.

116.18 Portfolio wide issues should be highlighted within the report, where possible.

Reference to third parties

116.19 Where an audit finding includes a description of the role of a third party, such as an accounting firm or IT services provider, direct reference to the third party should be avoided where possible. In circumstances where this may not be possible without compromising the context and clarity of the finding, this should be discussed with the FSASG GED.

Reporting of legislative breaches

116.20 Where the legislative breach is a result of a failure by management to design and/or implement appropriate controls to help prevent and detect non-compliance with applicable laws and regulations, a finding relating to the control breakdown that resulted in the breach, as well as a finding relating to the legislative breach should be reported to TCWG.

116.21 A finding relating to a legislative breach is at a point in time. Where a breach of legislative requirements has already occurred, this cannot be resolved by the entity. That is, a breach cannot be reversed. Accordingly, a finding for a legislative breach cannot be unresolved and carried forward to subsequent years. If the breach occurs again in the next year, a new legislative breach finding should be raised.

117. Distribution and timing of letters and written reports

Background

117.1 Letters and written reports are normally provided (under legislation, auditing standards and ANAO policy) to:

  1. Management;
  2. TCWG, including Audit Committees;
  3. Ministers; and
  4. Parliament.

117.2 Generally, the basis and nature of letters to management and TCWG are sourced in auditing standards and will be required for all financial statements audit engagements. Reports to Ministers and Parliament are sourced in legislation and are required for financial statements audits under the Commonwealth’s financial framework.

117.3 It is important to note that there are situations where legislation or the auditing standards require matters to be reported promptly. Formal reports required in these situations are in addition to the regular reports required by this policy.

117.4 Auditors may also engage in correspondence with entities to resolve particular matters in the course of the audit, for example, about the application of accounting policies.

Policy

Letters to management and TCWG

117.5 Letters detailing audit findings44 shall be provided to management and TCWG, including:

  1. At interim:
    1. for each entity to be included in the Controls Report to the Parliament; and
    2. for each other entity for which we have completed an interim audit phase and audit findings exist.
  2. At the end of the audit:
    1. for each entity where audit findings which had not been communicated at interim exist.

117.6 Before releasing written letters to the management or TCWG of Departments of State or other entities where a potential performance audit has been included in the ANAO’s Audit Work Program, a draft shall be provided to the Engagement Executive in PASG responsible for the portfolio and to the Engagement Executive responsible for the annual performance statements audit (where applicable). Any issues raised by PASG or PSASG need to be resolved before the formal release of correspondence.

117.7 A Closing Letter shall be provided for every financial statements audit to the persons signing the entity’s financial statements and, if different, to TCWG. The Engagement Executive shall issue the Closing Letter before the signing of the financial statements.

Audit report on the financial statements

117.8 The audit report on the financial statements shall be signed and provided within 2 business days after the financial statements are signed.

117.9 Engagement Executives shall notify the FSASG GED where the auditor’s report will not be signed and provided within 2 business days after the financial statements are signed.

Reporting to ministers

117.10 Ministers shall be provided a copy of extracts from any report to the Parliament which are relevant to their portfolios at least two days before the report is being tabled in Parliament. The extracts shall be clearly marked as being ‘final draft’ documents. Ministers shall be provided with a copy of each signed audit report and the signed financial statements as soon as practicable after they are prepared.

Guidance

Material entity

117.11 A ‘material entity’ means an entity that is material to the Commonwealth’s CFS as determined by the Department of Finance. Advice on entities that are material is provided by the Engagement Executive for the CFS audit.

Reports to parliament

117.12 Reports to Parliament are issued under section 25 of the A-G Act. This section allows the Auditor-General to cause a report to be tabled in either House of Parliament on any matter. The A-G Act requires that a copy of such a report be provided to the Prime Minister, the Minister for Finance and to any other Minister who, in the Auditor-General’s opinion, has a special interest in the report.

Reports to ministers45

117.13 Reports to Ministers are issued in support of the reports to Parliament – the Controls Report and the Year End Report.

117.14 Section 26(2) of the A-G Act provides the legislative authority for reporting to Ministers, in that it allows the Auditor-General to provide a report to a Minister on any matter at any time. Reports to the Minister issued in support of the reports to Parliament fall within this section.

117.15 Section 26(1) of the A-G Act requires the Auditor-General to bring to the attention of the responsible Minister any important matter that comes to the Auditor-General’s attention during the course of the audit. This section should only be used to report matters outside the boundaries of normal financial statements audit issues.

117.16 Proforma management letter templates are located in TeamStore.

118. Signing Officer Review Memorandum

Background

118.1 The SORM is a summary document that describes the significant matters arising during the audit and how they have been addressed.

Policy

118.2 A SORM shall be prepared by the contract firm for all contracted-out audits.

118.3 Where appointed, the EQR or Second Reviewer shall approve the SORM before the auditor’s report is signed.46

118.4 The Signing Officer shall approve the SORM before signing the auditor’s report, either by signing the SORM document or providing an electronic reviewer sign-off in the TeamMate file.

118.5 The SORM shall include:

  1. the nature of the proposed auditor’s report;
  2. a statement regarding the extent to which the financial statements comply with their applicable financial reporting framework (for Commonwealth entities, this is Australian Accounting Standards and the PGPA FRR 2015);
  3. the risk rating for the audit, including changes in the rating during the course of the audit, and the rationale for the change;
  4. the amounts determined and basis for:
    1. overall materiality, performance materiality, particular materiality, the clearly trivial threshold, including planned amounts and any revisions throughout the audit; and
    2. items considered material by nature;
  5. documentation of significant matters identified during the audit including:
    1. how each matter was addressed;
    2. the conclusions reached; and
    3. the significant professional judgments made in reaching those conclusions;
  6. for audits that will communicate key audit matters in the auditor’s report, the matters that required significant audit attention and the rationale for the determination as to whether each matter is a key audit matter;
  7. an analytical review of the financial statements/report;
  8. an evaluation of the adequacy of the two-way communication between the audit team and TCWG;47
  9. a statement that the independence requirements of the ANAO, including APES 110 and where applicable, the Corporations Act have been met;
  10. a conclusion from the Contract Partner stating that:
    1. all audit work has been finalised consistent with the approved audit strategy, as revised; and
    2. as a result of the audit work conducted, sufficient appropriate audit evidence exists to support the issue of the proposed auditor’s report;
  11. a statement that the auditor’s responsibilities under legislation or other governing arrangements, Auditing Standards and ANAO policy have been met;
  12. where an EQR has been assigned, a statement that the Engagement Quality Review is complete; and
  13. sign-off by the Contractor Partner.

Guidance

118.6 The SORM is not required to be prepared for in-house financial statement audits, unless formally requested by the Signing Officer. Where there is a separate Signing Officer and the Signing Officer has not requested a SORM, the Signing Officer shall ensure that their review and approval of key aspects of the audit are consistent with Chapter 1033 Role and responsibilities of the Signing Officer and is documented in the Audit File.

118.7 The SORM may be prepared for other audits if requested by the Engagement Executive. However, it is expected that the review of matters included in the SORM for all other audits will be enabled through the functionality of TeamMate.

118.8 Where the audit has objectives and reporting requirements that are additional to the requirements provided for by the PGPA Act and this policy for financial statement audits, these should also be stated.

Significant matters

118.9 The SORM should address the following as significant matters:

  1. the outcome of the auditor’s response to significant risks (including the risk of fraud) identified in the planning or throughout the audit, or as a result of PASG audit or other assurance work;
  2. significant findings as a result of audit procedures and whether communicated to management or TCWG;
  3. audit adjustments identified during the audit, whether they are adjusted or unadjusted and their impact on the financial statements if material;
  4. changes in accounting policies, including as a result of new financial reporting requirements having or expected to have a significant impact on the accounts and other (voluntary) changes in accounting policy;
  5. the method used to gain assurance that the appropriation note disclosures (if applicable) are consistent with the requirements of the PGPA FRR 2015 and that they are complete and present fairly the appropriations (and their use) which the auditee is responsible for;
  6. material after balance date events;
  7. other significant audit/accounting/disclosure issues which were resolved without the need for formal management reporting (what the issue was and how it was resolved); and
  8. consultation undertaken during the audit and, if applicable, how significant differences of opinion were resolved and implemented.
Financial statements analytical review

118.10 In conjunction with the SORM review, the Signing Officer needs to carefully review and approve the audited financial statements. To support this review, the SORM should include an analytical review of the financial statements/report, in line with ASA 520 Analytical Procedures. In conducting this analytical review, it is important to consider whether the overall relationships and trends are consistent with our knowledge of the government sector, benchmarks, entity history and performance for the reporting period, audit test results, and prior audit experience. There may be instances where individual significant differences appear to be explained by our audit work, but overall financial statement relationships or trends appear unusual.

118.11 There needs to be enough analysis in this broader analytical review and the movement analysis for the Signing Officer to be comfortable that:

  1. all significant differences and other unusual items are adequately explained;
  2. we have gained a comprehensive understanding of the financial statements, including the inter-relationships between items; and
  3. the overall financial statement presentation is consistent with the audit results, performance of the entity’s underlying business and our knowledge of the business and government sector.

118.12 It is useful for the SORM to provide a financial context for the reader. Accordingly, the SORM should provide a brief explanation of the operating results, including any relevant trends, and major balance sheet movements as well as an explanation of the composition of any unusual/new financial statement items and an outline of the audit approach about significant financial statement items. In most cases this will be achieved through the analytical review required by paragraph 118.5(g) of this policy.

Management of the audit

118.13 It is useful for the SORM to provide a summary of Audit Resourcing. The personnel involved in the audit should be identified as well as a comparison of budget to actual audit resources and an explanation for any significant variations.

118.14 The SORM also provides an opportunity to record lessons learned. The SORM should include reference to the major issues noted which have implications for either future financial statement audits with this auditee or for wider applications within the ANAO.

Audit completion

118.15 In exceptional circumstances, it may not be possible to document work done on the audit file before the signing of the auditor’s report. In this situation, the SORM may be used to document audit evidence obtained and the conclusions drawn and the Engagement Executive’s review.

118.16 Documentation in the SORM is not a substitute for fully documenting audit evidence in the audit file; accordingly, the audit file needs to be updated for this material.

118.17 A proforma SORM template is located in TeamStore.

119. Legislative compliance

Background

119.1 Commonwealth entities operate under a range of legislative provisions.

  1. Many Commonwealth entities are created by legislation which specifies their functions and powers.
  2. There will be legislation affecting a Commonwealth entity because of the nature of the entity, e.g., the PGPA Act for Commonwealth entities and the Corporations Act for companies. Among other things, such legislation typically creates the applicable financial reporting framework.
  3. Many non-corporate Commonwealth entities, in particular Departments of State, are allocated responsibility for the administration of legislation by the AAOs made from time to time by the Governor-General. This legislation may give rise to financial statement items or disclosures.
  4. Like private sector entities, there will be legislation affecting a Commonwealth entity because it is a functioning organisation with staff which transacts with other entities in the economy, e.g., legislation imposing the Goods and Services Tax (GST) or OH&S legislation.

119.2 In some situations, non-compliance with the legislation may not only be a significant matter in its own right but may also affect the entity’s financial position or financial performance. Accordingly, we need to consider the effects of non-compliance on the financial statements. ASA 250 Consideration of Laws and Regulations in an Audit of a Financial Report sets out the requirements of the auditing standards.

119.3 In addition, the ANAO is obliged by legislation or other arrangements under which the audit is conducted to report on specific areas of non-compliance.

Policy

119.4 In planning an audit, consideration shall be given to the effects of non-compliance with legislation where:

  1. non-compliance represents a risk which may affect the entity’s financial position or financial performance (the level of risk will be assessed consistent with the ANAO’s financial statement audit approach);
  2. statements or disclosures indicating compliance are included in the financial statements; or
  3. the Auditor-General is required to report on compliance.

119.5 The nature, timing and extent of audit procedures addressing compliance with legislation depend on the risk of material misstatement arising from non-compliance; and, about paragraph 119.4(c), also on the nature of the Auditor-General’s reporting obligations.

119.6 Regarding the disclosure of appropriations in the notes to the financial statements of Commonwealth entities:

  1. the audit procedures shall include the audit team obtaining an understanding of the nature of, basis for and extent of an entity’s appropriations;
  2. including the assessed risk of material misstatement, the audit team:
    1. shall understand and assess the entity’s systems for determining that:
      • the amount of appropriation available for spending is correct;
      • spending is for purpose;
      • spending is charged to the correct appropriation; and
      • spending is within appropriation limits; and
    2. shall undertake audit work which provides reasonable assurance that the amounts of appropriation available and spent are fairly stated and that spending has been for the appropriation’s purpose.

119.7 The FSASG GED may specify audit work programs to be followed to help achieve the purposes of this policy. The Appropriations Test Program issued by PSG on MyANAO shall be completed for all financial statements audits of Commonwealth entities which are required by the PGPA FRR 2015 to report appropriations in their financial statements.

119.8 The audits of corporate Commonwealth entities which are directly appropriated an amount under an Act of Parliament shall comply with FSASG policy at paragraphs 119.6 and 119.7.

119.9 Expenditure from the CRF without the authority of an appropriation by the Parliament shall be advised to the FSASG GED and referred to QTAC.

Guidance

119.10 The risk of non-compliance with legislation is more likely to be a significant when legislation is first introduced or is amended in important ways, and that risk impacts on financial management and reporting.

119.11 Addressing the risks from such change is the entity’s responsibility, and the auditor should expect to see a considered response by the entity to manage the change. For example, revisions to the PGPA Act or any significant rules under that Act require entities to understand the legislation, assess its impact on their operations and to create systems and procedures to respond appropriately.

119.12 An entity might also be audited by the relevant regulator, which would provide information against which we could evaluate our risk assessment.

119.13 Even where our assessment of the risk of material misstatement is low, we are required to be alert for breaches of legislation and to consider their impact on the audit and our auditor’s report.

Statements or disclosures indicating compliance

119.14 Financial statements are usually required to be prepared consistent with a financial reporting framework specified in legislation or by some other authority. Those responsible for the preparation of the financial statements are usually required to assert material compliance with that framework.

119.15 In addition, financial statements may include disclosures relating to, or assertions of, specific aspects of compliance with legislation. The most commonly encountered of such disclosures in the Commonwealth is the disclosure of appropriations by Commonwealth entities.

119.16 Appropriations are laws made by the Australian Parliament. Commonwealth entities cannot spend money from the CRF without an appropriation. All appropriations are provided for a particular purpose. Entities are not permitted to make payments using an appropriation unless the payment is consistent with the appropriation’s purpose. There are three main categories of appropriations: annual appropriation, special appropriations (including PGPA Act section 58 investments) and special accounts.

119.17 Commonwealth entities which are directly appropriated an amount from any of the above-mentioned appropriations under an Act of Parliament are required to make disclosures about compliance with appropriations. In addition, an entity (“the spending entity”) which has the authority to access the appropriation of the other entity (“the responsible entity”) is required to make appropriation disclosures. The PGPA FRR 2015 and Resource Management Guide 125 set out appropriation reporting and disclosure requirements for Commonwealth entities.

119.18 A corporate Commonwealth entity which is directly appropriated an amount under an Act of Parliament is required to disclose appropriations consistent with the PGPA FRR 2015. Conversely, a corporate Commonwealth entity is not required to make appropriation disclosures for amounts which are appropriated to the relevant non-corporate Commonwealth entity for payment to the corporate entity.

119.19 The system of parliamentary appropriations is an important means by which the Parliament exercises control over the Executive Government. Accordingly, we regard the disclosure of appropriations and their use as material by nature.

119.20 A misstatement in the reporting of appropriations and their use may arise because:

  1. the amount reported as available to spend is incorrect;
  2. the amount spent is misstated;
  3. the amount spent is recorded against the wrong appropriation; or
  4. the amount is not spent for an authorised purpose.

119.21 We need to understand the basis, nature and extent of Commonwealth entity’s appropriations. We need to consider, as a minimum:

  1. the basis on which an appropriation operates;
    1. for example, entities are appropriated certain receipts under section 74 of the PGPA Act. The conditions under which those receipts become available to the entity are set out in section 27 of the PGPA Rule;
    2. some entities operate special accounts to which only specified receipts may be credited and out of which only specified payments may be made. Legislation or determinations by the Finance Minister create special accounts and their purposes;
    3. investments of relevant money may only be made in prescribed instruments by delegated persons in certain entities (refer to sections 58 and 59 of the PGPA Act);
    4. in these cases, we need to check that the entity’s systems and processes are structured to comply with legislative requirements. The risk of material misstatement is of course higher when the basis on which an appropriation operates has changed, which in turn requires an appropriate response from the entity;
  2. the entity’s systems for ensuring that spending is for purpose and is charged to the correct appropriations, and for preventing spending in excess of appropriation limits;
  3. reconciling the amounts spent in total to the statement of cash flows and the balance of unspent appropriations to the balance sheet;
  4. identifying formal and administrative additions and reductions to appropriation limits;
  5. when testing payments, checking the correct appropriation is charged; and
  6. reviewing journal entries between appropriation accounts where appropriation limits are approached. A misstatement may disguise a breach of an appropriation.

119.22 It may be possible to integrate testing required for appropriations with testing performed for other purposes during the audit.

Where the Auditor-General is required to report on compliance

119.23 In addition to the obligation to report on whether financial statements ‘present fairly’ or give a ‘true and fair view’ of the matters required by legislation, the Auditor-General has obligations to report on legal compliance in other circumstances, including the following:

  1. section 311 of the Corporations Act requires the Auditor-General to report to the Australian Securities and Investigation Commission (ASIC) suspected and actual contraventions of the Corporations Act – Refer to ANAO Audit Manual – FSASG Specific policy Chapter 120 Auditor’s reporting obligations under section 311 of Corporations Act; and
  2. in some cases, including the audit of the High Court, and certain entities which are not subject to the PGPA Act, the Auditor-General is required to report whether the receipt, expenditure and investment of money and the acquisition and disposal of assets has been consistent with the enabling legislation.

119.24 The reporting obligation mentioned in paragraph 119.23(a) is regarded as being ‘by exception.’ It does not require a positive expression of an opinion that there are no breaches, and therefore does not require a systematic approach to identifying breaches. However, reporting obligations of the type described in 119.233(b) does require us to have reasonable assurance over the compliance matters mentioned. Similarly, where disclosures are made in the financial statements about compliance (as in the case of appropriations by non-corporate Commonwealth entities), enough work is required to obtain reasonable assurance over their presenting information fairly, in all material respects, as set out in this policy.

Communicating non-compliance to the entity

119.25 The auditing standards and ANAO policy require instances of non-compliance to be communicated to the appropriate level within the entity. ANAO policy in Chapter 116 Communicating audit findings requires the audit team to report all issues posing a financial reporting risk to the entity, including legislative breaches. In doing so, the audit team must determine whether the breaches of legislation pose significant risks or not, and Chapter 116 further stipulates how the findings are to be dealt with.

PGPA framework compliance reporting

119.26 Commonwealth entities and Commonwealth companies within the general government sector (GGS) are not required to provide an annual report on compliance with the PGPA framework, but are expected to have an internal compliance reporting process to provide the accountable authority or Directors with the means to be able to identify and report to responsible Ministers significant legislative breaches.

119.27 ANAO audit teams should seek to be kept informed of any significant breaches of legislation discovered by Commonwealth entities and Commonwealth companies as they arise. Entities should be encouraged to complete their internal compliance reporting processes for the year at the time of signing the representations letter to the ANAO and, if not finalised, obtain and assess the latest draft of their compliance reporting at the time of the signing of the financial statements. This will enable TCWG to be confident that there are no relevant identified breaches at the time they sign their written representation letter to the ANAO.

120. Auditor’s reporting obligations under section 311 of the Corporations Act

Policy

120.1 Where a member of the engagement team becomes aware of circumstances stated in section 311 of the Corporations Act, the member shall promptly notify the Engagement Executive. If the Signing Officer and Engagement Executive are different people, the Signing Officer shall be promptly notified by the Engagement Executive.

120.2 The circumstances stated in section 311 of the Corporations Act are those that:

  1. the auditor has reasonable grounds to suspect amount to a contravention of the Corporations Act; or
  2. amount to an attempt, in relation to the audit, by any person to unduly influence, coerce, manipulate or mislead a person involved in the conduct of the audit;48 or
  3. amount to an attempt, by any person, to otherwise interfere with the proper conduct of the audit.

120.3 As required by section 311 of the Corporations Act, the Signing Officer shall notify ASIC in writing of the circumstances as soon as practicable, and in any case, within 28 days after becoming aware of the circumstances.

Guidance

120.4 ASIC has issued Regulatory Guide 34 Auditor’s Obligations: Reporting to ASIC (RG 34). The Guide deals with suspected contraventions of the Act under paragraph 120.2. The following sections of RG 34 are relevant to ANAO engagements:

  1. Overview;
  2. General obligation under section 311 and 601HG;
  3. How to lodge auditor breach reports; and
  4. Appendix: Examples of suspected contraventions.
Planning

120.5 RG 3449 advises the following in regard to planning:

‘We believe that the auditor reporting obligations are a key aspect of the auditor’s role in conducting an audit and should be included in the audit plan and program for each entity subject to audit. We expect auditors to be vigilant and to make appropriate inquiries where the circumstances warrant inquiry.’

‘While we do not expect auditors to engage in a systemic search for all possible contraventions of the Corporations Act, auditors should be alert to matters that come to their attention that may indicate such contraventions. The auditor reporting obligations are not limited to matters that have arisen from audit or review. Information may come to the auditor’s attention during the audit or review, or otherwise, which gives rise to reasonable grounds to suspect that a contravention of the Corporations Act has occurred.’

‘In addition, staff reporting to an auditor should be made aware of the extent of the auditor’s duty.’

120.6 In planning and conducting the audit, the auditor also has regard to the requirements and guidance of ASA 250 which deal with consideration of laws and regulations in an audit of a financial report.

Suspected contravention of the act

120.7 If paragraph 120.2(a) applies, section 311(1)(b) of the Corporations Act adds the following additional requirements:

  1. the contravention must be a significant one; or
  2. the contravention is not a significant one, and the auditor believes that the contravention has not/will not be adequately dealt with by commenting on it in the auditor’s report or bringing it to the attention of the directors.

120.8 RG 34 provides guidance on the application of section 311(1)(b), including the following examples of suspected contraventions that are likely to be significant:

  1. insolvent trading by the company;
  2. failure to comply with accounting standards;
  3. modified audit or review reports;
  4. fraud by officers or employees of the entity;
  5. related party transactions;
  6. composition of the board of directors;
  7. failure to keep books and records;
  8. non-lodgement of financial reports; and
  9. ongoing failures to comply with a compliance plan.
Reasonable grounds

120.9 Note that subparagraph 311 (1)(a)(i) of the Corporations Act requires the auditor only to have ‘reasonable grounds to suspect’ a contravention. RG 34 explains what the courts have held to be ‘reasonable grounds to suspect’.

120.10 A proforma letter to ASIC is available in TeamStore.

120.11 Refer directly to the Corporations Act for additional clarity.50

121. ANAO auditor’s reports on financial statements

Background

121.1 The requirements for the Auditor-General to report for most ANAO audits of financial statements are set out in the following enactments:

  1. for Commonwealth entities – section 43 of the PGPA Act;51 and
  2. for companies – section 308 of the Corporations Act.52

121.2 For other bodies, the requirement to report may be found in the body’s enabling legislation or, for audits by arrangement, as agreed in making the arrangement.

121.3 The form and content of ANAO auditor’s reports on financial statements are determined by the requirements of:

  1. The legislation or arrangement under which the audit is conducted; and
  2. The relevant auditing standards.

121.4 PSG prepares proforma ANAO auditor’s reports for Commonwealth entities and companies.

Policy

121.5 The Engagement Executive shall prepare the ANAO auditor’s report on each set of financial statements for which the executive is responsible consistent with the designated proforma prepared by PSG, where such a proforma exists. If no proforma exists, the Engagement Executive shall prepare the ANAO auditor’s report consistent with the requirements of the auditing standards and ANAO policy and having regard to the form and content of the proforma templates.

121.6 The Engagement Executive shall describe each key audit matter in a separate section under the heading ‘Key Audit Matters’ of the auditor’s report of Commonwealth entities for which key audit matters reporting was adopted by the Auditor-General.53

121.7 Where an Engagement Executive considers that a variation to the proforma ANAO auditor’s report is required, the proposed variation shall be approved by PSG.

121.8 Each ANAO auditor’s report on financial statements shall make a statement on the ANAO’s independence. Where the independence requirements applicable to the audit cannot be met because of an unavoidable conflict between those requirements and the Auditor-General’s obligation to audit and report, an explanation of the conflict in the ANAO auditor’s report shall be considered.

121.9 The Engagement Executive shall confirm that the auditor’s report published on the auditee’s website is identical to that signed for the financial statement audit. Where differences are identified, the Engagement Executive shall request management to correct any differences immediately. Where management does not correct identified differences, the Engagement Executive shall notify the FSASG GED.

Guidance

Addressee

121.10 ANAO auditor’s reports on the financial statements of Commonwealth entities are addressed to ‘the Minister who is responsible for the entity or company, unless otherwise prescribed by the rules.’ This is the Minister that the entity presents its annual report to under the PGPA Act.54 In some circumstances, Commonwealth entities may address their annual report to more than one responsible Minister in which case the ANAO’s auditor’s report should do the same.

121.11 ANAO auditor’s reports on the Parliamentary Departments are addressed to the relevant presiding officer(s) who are regarded as the responsible Minister under the PGPA Act.

121.12 Ministers of State are listed in the official Ministry List by portfolio (Parliamentary Secretaries and Ministers assisting another Minister are effectively regarded as Assistant Ministers). Where a portfolio has more than one Minister, all those Ministers administer the department with the effect that all Ministers are formally able to administer the legislation associated with the department. In practice, each Minister in a portfolio will have discrete areas of policy and legislative responsibility.55 The legislation associated with a department is given in the AAO made from time to time by the Governor-General.

121.13 The Ministry List, the AAO and the Legislation Handbook are updated as required and published on the website of the Department of the Prime Minister and Cabinet at the Current Ministry list.

121.14 ANAO auditor’s reports on the financial statements of Commonwealth companies are addressed to the members of the company in line with the requirements of the Corporations Act.

Independence statement within the ANAO auditor’s report

121.15 ANAO policy is to make an independence statement in each ANAO auditor’s report issued on financial statements. For financial statement audits conducted under the Australian Auditing Standards, ASA 700 requires the auditor’s report to include a statement on independence. Auditor’s reports prepared under ASA 700 do not need an additional statement to achieve this policy requirement. However, auditor’s reports not prepared under ASA 700 (for example, reports on limited assurance reviews or reviews of a financial report) may not achieve this policy requirement unless an independence statement has been added in addition to the requirements for the assurance report under the relevant assurance standard.

121.16 Where there is a possibility that the applicable independence requirements cannot be met because of an unavoidable conflict between those requirements and the Auditor-General’s obligation to audit and report, an explanation of the conflict for inclusion in the ANAO auditor’s report needs to be considered. Such a situation is expected to be rare in practice.56

121.17 If an unavoidable conflict arises in respect of an audit of a company under the Corporations Act, the impact on the audit report should be discussed with the FSASG GED as soon as the conflict is identified. The Corporations Act requires conflicts of interest to be resolved within a specified short time period and reported to ASIC. Further, the Act requires a declaration by the auditor to the directors as to compliance with both the Act’s provisions and professional independence requirements and provides for the updating of that declaration in the auditor’s report.

Modification of the ANAO auditor’s report

121.18 PSG publishes, in addition to the various specific auditor’s report proforma templates, a generic financial statement auditor’s report proforma template. It is expected to be rare that there would not be a relevant proforma to be applied by FSASG for financial statement audits. The ANAO auditor’s reports proforma templates include guidance, based on the ANAO Auditing Standards, which should be followed when drafting a modified auditor’s report (either by modifying the auditor’s opinion or adding an emphasis of matter).

The PGPA Financial Reporting Rule

121.19 The Finance Minister is empowered to make rules under the PGPA Act prescribing matters required or permitted by the PGPA Act. Section 42(2) of the PGPA Act requires that Commonwealth entities’ annual financial statements comply with the Australian Accounting Standards and any other requirements prescribed by the rules. The PGPA FRR 2015 sets out the minimum financial reporting requirements for all Commonwealth reporting entities in the preparation of their financial statements and prescribes the requirements that reporting entities must comply with in preparing their annual financial statements to present fairly the entity’s financial position, financial performance and cash flows. The PGPA Act requires the ANAO auditor’s report to state whether, in the Auditor-General’s (or delegate’s) opinion, the statements:

  1. comply with the accounting standards and any other requirements prescribed by the rules; and
  2. present fairly the entity’s financial position, financial performance and cash flows.
Reporting on other legal and regulatory requirements

121.20 The requirement for the ANAO to report on financial statements may involve a requirement to consider other matters in addition to the financial statements. Where such matters are to be reported, they are to be included under a separate report heading within the auditor’s report.

121.21 Where an audit of financial statements is undertaken according to other legislation or by arrangement, care needs to be taken to ensure all relevant matters are addressed in the auditor’s report.

Referral to QTAC

121.22 ANAO policy in respect of QTAC outlines when a proposed ANAO auditor’s report is to be referred to QTAC.

121.23 Audit reporting templates are located in TeamStore.

122. Closing letter

Background

122.1 The Closing Letter is prepared to communicate matters that are directly relevant to the financial statements, or that the auditing standards require to be communicated before the statements are signed.

122.2 The distribution and timing of the Closing Letter are dealt with in Chapter 117 Distribution and Timing of Letters and Written Reports.

122.3 The Closing Letter may also serve to replace other letters to management or TCWG that detail the audit’s findings.57 Matters to be communicated as audit findings are identified Chapter 116 Communicating Audit Findings Chapter 116.

Policy

122.4 The Closing Letter shall:

  1. state that sufficient appropriate audit evidence has been obtained to provide a basis for the opinion in the auditor’s report, noting any outstanding audit work to be finalised;
  2. state whether the conclusion in the auditor’s report is unmodified, and if modified, the nature of the modification;58
  3. describe other matters required to be reported on in the auditor’s report, including such other matters as agreed in the terms of engagement;
  4. describe those matters the auditor has determined to be key audit matters (for entities for which key audit matters reporting was adopted by the Auditor-General);
  5. include a schedule of unadjusted misstatements, and the effect that they, individually or in aggregate, may have on the opinion in the auditor’s report (ASA 450 paragraphs 12 and 13);59
  6. identify significant matters addressed during the audit (ASA 260 Communication with Those Charged with Governance (ASA 260) paragraph 16(c)(i));
  7. note previously reported audit findings (part of ASA 260 paragraph 16(c));
  8. note audit findings yet to be reported in detail (part of ASA 260 paragraph 16(c));
  9. discuss the ANAO’s views about significant qualitative aspects of the entity’s accounting practices, including accounting policies, accounting estimates and financial statement disclosures (ASA 260 paragraph 16(a));
  10. identify significant disagreements with management, including those regarding accounting policy, practices and disclosures:
    1. resolved60 during the course of the audit; and
    2. to be resolved in the future;
  11. discuss significant difficulties, if any, encountered during the audit and the quality and oversight of the financial statements preparation process (ASA 260 paragraph 16(b) & (e)); and
  12. state how an uncorrected material misstatement of other information will be addressed in the auditor’s report (ASA 260 paragraphs 16(d) and A24).

Guidance

122.5 The Closing Letter is prepared on the basis that the content of the management representation letter and financial statements being signed are as anticipated.

122.6 The Closing Letter refers to other matters which are to be included in the auditor’s report. These matters can include a report required on legal or other regulatory requirements or a matter that is relevant to the users’ understanding of the audit, the auditor’s responsibilities or the auditor’s report.61

122.7 The Closing Letter may also include the following elements:

  1. include a schedule of audit adjustments made;
  2. discuss the final audit fee;
  3. acknowledgement of support received from the auditee; and
  4. details of the planned beginning of the audit of the financial statements for next financial year.

122.8 ASA 700 paragraph 12 requires the auditor, as part of the evaluation of whether the financial statements as a whole are free from material misstatement, to consider qualitative aspects of the entity’s accounting policies, including indicators of possible management bias. Examples of bias are also given.

122.9 Qualitative aspects of accounting practices that might be considered for inclusion in the Closing Letter are discussed in ASA 260 and in ASA 700. Appendix 2 of ASA 260 includes examples of qualitative aspects of accounting practices, such as:

  1. Accounting policies: the effect of significant accounting policies in controversial or emerging areas (or those unique to an industry, particularly when there is a lack of authoritative guidance or consensus).
  2. Accounting estimates and related disclosures: management’s process for making accounting estimates and related disclosures.
  3. Financial statement disclosures: issues involved, and related judgments made, in formulating particularly sensitive financial report disclosures (e.g., disclosures related to revenue recognition, remuneration, going concern, subsequent events, and contingency issues).
  4. Related matters: the extent to which the financial statements are affected by unusual transactions, including non-recurring amounts recognised during the period, and the extent to which such transactions are separately disclosed in the financial statements.

122.10 Closing Letter templates are located in TeamStore.

Glossary and footnotes

Glossary

AAO

Administrative Arrangements Order

AASB

Australian Accounting Standards Board

AASB 101

Presentation of Financial Statements

AASB 108

Accounting Policies, Changes in Accounting Estimates and Errors

A-G Act

Auditor-General Act 1997 (Commonwealth)

ANAO

Australian National Audit Office

APES 110

Code of Ethics for Professional Accountants (including Independence Standards)

ASA

Australian Auditing Standards

ASA 102

Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements

ASA 200

Overall Objectives of the Independent Auditor and the Conduct of an Audit in Accordance with Australian Auditing Standards

ASA 210

Agreeing the Terms of Audit Engagements

ASA 220

Quality Management for an Audit of a Financial Report and Other Historical Financial Information

ASA 230

Audit Documentation

ASA 240

The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report

ASA 250

Consideration of Laws and Regulations in an Audit of a Financial Report

ASA 260

Communication With Those Charged With Governance

ASA 300

Planning an Audit of a Financial Report

ASA 315

Identifying and Assessing the Risks of Material Misstatement

ASA 320

Materiality in Planning and Performing an Audit

ASA 330

The Auditor’s Responses to Assessed Risks

ASA 450

Evaluation of Misstatements Identified during the Audit

ASA 520

Analytical Procedures

ASA 530

Audit Sampling

ASA 540

Auditing Accounting Estimates and Related Disclosures

ASA 560

Subsequent Events

ASA 580

Written Representations

ASA 600

Special Considerations – Audits of a Group Financial Report

ASA 620

Using the Work of an Auditor’s Expert

ASA 700

Forming an Opinion and Reporting on a Financial Report

ASA 701

Communicating Key Audit Matters in the Independent Auditor’s Report

ASA 705

Modifications to the Opinion in the Independent Auditor’s Report

ASA 706

Emphasis of Matter Paragraphs and Other Matter Paragraphs in the Independent Auditor’s Report

ASA 710

Comparative Information – Corresponding Figures and Comparative Financial Reports

ASA 720

The Auditor’s Responsibilities Relating to Other Information

ASAE 3000

Assurance Engagements Other than Audits or Reviews of Historical Financial Information

ASIC

Australian Securities and Investments Commission

CEO

Chief Executive Officer

CFO

Chief Financial Officer

CFS

Consolidated Financial Statements

Controls Report

Interim Report on Key Financial Controls of Major Entities

Corporations Act

Corporations Act 2001 (Cth)

CRF

Consolidated Revenue Fund

EBITDA

Earnings before interest, tax, depreciation and amortisation

EQR

Engagement Quality Reviewer

FSASG

Financial Statements Audit Services Group

GED

Group Executive Director

GGS

General Government Sector

GS

Guidance Statements

GS 006

Electronic Publication of the Auditor’s Report

GS 023

Special Considerations – Public Sector Engagements

GST

Goods and Services Tax

ITGC

Information Technology General Controls

MRL

Management Representation Letter

OH&S

Occupational Health and Safety

PASG

Performance Audit Services Group

PGPA Act

Public Governance, Performance and Accountability Act 2013 (Cth)

PGPA FRR 2015

Public Governance, Performance and Accountability (Financial Reporting Rule) 2015

PIE

Public Interest Entity

PSG

Professional Services Group

QTAC

Qualifications and Technical Advisory Committee

REAL

Revenues, Expenses, Assets, Liabilities

RG

Regulatory Guide

RG 34

Regulatory Guide: Auditor’s obligations: Reporting to ASIC

RoMM

Risk of Material Misstatement

SADA

Systems Assurance and Data Analytics

SES

Senior Executive Service

SORM

Signing Officer Review Memorandum

TCWG

Those Charged with Governance

Year End Report

Audits of the Financial Statements of Australian Government Entities for the Period Ended 30 June 20XX
   

Footnotes

1 This is consistent with the principles of AUASB Guidance Statement GS 023 Special Considerations – Public Sector Engagements

2ASA 210 paragraphs 13, A30.

3 See ASA 220, paragraphs 9 and 15.

4ASA 220, paragraphs 13 and 40.

5ASA 220 paragraphs 32, A90 – A94.

6ASA 200 paragraph 13(d).

7 Under the Clarity standards, the requirements are concentrated in ASA 220 for an individual audit and in ASA 600 Special Considerations-Audits of a Group Financial Report (Including the Work of Component Auditors) for group audits.

8 Refer to the following:
ASA 102 paragraph 6.
ASA 230 paragraphs A7, A16, A20.
ASA 240 paragraphs 5, A6, A7.
ASA 300paragraphs 5, A4, A5,, A17.
ASA 315 paragraphs 15, 17, 18, A38, A45, A218.
ASA 540 paragraph A96.
ASA 620 paragraph A6.

9 Refer to Auditor-General’s Mandate policies: Legislative Basis for ANAO Work Audits (ANAO Audit Manual - Shared Content, paragraphs 2.108-2.109).

10ASA 220 paragraphs 25 – 28

11ASA 220 paragraph 14.

12 The Overs and Unders schedule, also referred to in external communication documents as unadjusted differences.

13 ANAO terminology for Engagement Quality Reviewer as defined in ASA 220.

14 The ANAO, for the purposes of the PGPA Act, is a listed entity. An official of a Commonwealth entity that is a listed entity is a person who is prescribed by an Act or the rules to be an official of the entity. Under section 38(3)(c)(iii) of the A-G Act, the persons listed as officials of the Audit Office include persons engaged under contract as referred to in section 27.

15APES 110 paragraphs R400.8-AUST R400.8.1 A1.

16 Includes a listed entity as defined in section 9 of the Corporations Act.

17 This guidance is relevant to the setting of materiality with consideration for the expectation of users. Where Parliamentary of other scrutiny is concentrated on particular aspects of the financial statements, the audit team should consider the use of a particular materiality in accordance with this chapter and ensure that the audit’s overall risk response for that time is suitable.

18 Refer to Chapter 107 Engagement risk rating and public interest entity assessment, paragraph 107.5.

19 Aggregation risk = risk that undetected and uncorrected misstatements taken together will be material.

20 Examples of environmental factors for 10% haircut: sufficient qualified management resources are present, there is low pressure to achieve targeted results, the entity does not operate in a high-risk industry, there is a limited number of financial statement line items subject to high estimate uncertainty with significant risks and/or with risks at the higher end of the normal risk continuum.

21 Examples of environmental factors for 25% haircut: sufficient qualified management resources are present, there is low pressure to achieve targeted results and/or the entity does not operate in a high-risk industry, etc.

22 Examples of environmental factors for 50% haircut: such as insufficient qualitied management resources are present, the initial audit of a company having never been audited before, there is high pressure to achieve targeted results and/or the entity operates in high-risk industry, etc.

24Resource Management Guide No. 301 – Investment by Commonwealth Entities provides a useful summary of section 58 and 59 investments.

25ASA 300 paragraph 7.

26ASA 260 paragraph 15.

27ASA 260 paragraph 18.

28ASA 260 paragraphs A13, A14.

29 PSG provides an update of changes to reporting requirements which can be tailored to highlight any significant impact on the auditee.

30ASA 710 paragraph 8.

31ASA 705 paragraph 5.

32ASA 560 paragraph A13.

33ASA 710 paragraph A4 to A6.

34ASA 710 paragraph 12.

35ASA 720 paragraphs 14-15, A23-A38.

36ASA 720 paragraphs 16, A39-A43.

37 For a non-corporate Commonwealth entity, the CEO, however named, is normally the accountable authority. Audit teams will need to consider, on a case-by-case basis, who to get representations from where the chief executive and accountable authority are different, with particular reference to who signs the financial statements on behalf of the entity.

If the Commonwealth entity is:

The accountable authority is:

a Department of State

the Secretary of the Department

a Parliamentary Department

the Secretary of the Department

a listed entity

the person or group of persons prescribed by an Act or the rules to be the accountable authority of the entity.
   

38 Because representations for those charged with governance are not required by this policy, there is ordinarily no requirement to obtain representations from the accountable authority for a corporate Commonwealth entity. This is because, for these entities, the accountable authority is normally a board of directors or equivalent governance body. There remains a requirement for corporate bodies to obtain representations from the chief executive. In many cases, the chief executive of a corporate Commonwealth entity is a member of the governing board, however in those cases the representations sought from the CEO are in that officer’s capacity as the head of management and not as a board member.

39ASA 580 paragraph 20.

40ASA 530 paragraph 4.

41ASA 330 paragraph 14(b).

42 The audit team should consider the impact of any relevant existing A, B or C findings when assessing the effectiveness of the control environment.

43 Note that not all manual controls are required to be retested every period. Routine, transaction-level manual controls performed in a stable environment, combined with consideration of other factors noted above may allow for reliance on previous period testing. Conversely, complex, judgmental manual controls addressing risk areas at the higher end of the normal continuum may not be good candidates for the reliance on previous period testing.

44 Refer to Chapter 116 Communicating Audit Findings for policy on which findings are to be reported and to whom.

45 For guidance on addressing members of parliament refer to Australian Parliament House webpage: How to address Senators and Members.

46 The EQR may be a firm partner on a project-managed audit. The contractor EQR is required by this policy to endorse the SORM.

47ASA 260 paragraphs 22, A51-A53.

48Corporations Act section 311(1)(ii).

49 Australian Securities and Investments Commission, Regulatory Guide 34 Auditor’s obligations: Reporting to ASIC paragraphs RG34.13-RG34.15.

50Corporations Act, Volume 2, Chapter 2M – Financial reports and audit, Part 2M.3 – Financial Reporting, Division 3 – Audit and auditor’s report and section 311 Reporting to ASIC.

51 PGPA Act section 43.

52 Corporations Act section 308.

53ASA 701 paragraph 11.

54 Under section 46 of the PGPA Act, the accountable authority of a Commonwealth entity is required to give an annual report to the entity’s responsible Minister for presentation to the Parliament.

56 Example wording for a modification to the independence framework statement usually made in our auditor’s report for a Commonwealth entity could be as follows: ‘In conducting the audit I have followed the independence requirements of the ANAO, which incorporate the requirements of the Australian accounting profession to the extent that they are not inconsistent with the Auditor-General Act 1997 or other relevant legislation.’

57 As required by paragraph 117.105 of the Distribution and Timing of Letters and Written Reports.

58 Modifications of the auditor’s report involve either modification of the auditor’s opinion or an emphasis of matter.

59ASA 450 requires the auditor to request TCWG to correct all accumulated misstatements. This will need to be communicated also to management in the first instance, so that if management declines to correct, there is enough time for TCWG to respond. The effect of uncorrected misstatements related to prior periods shall also be communicated to TCWG.

60 Legislative breaches are a point in time finding for the financial year observation and breaches should be recorded as a legislative breaches each financial year as the breach is only relevant to the year under observation. Unresolved legislative breaches are not reported.

61 Reports on other legal and regulatory requirements are dealt with in ASA 700. Matters relevant to the users’ understanding are dealt with in ASA 706.