Authority and maintenance of the ANAO audit manual

Background legislation and standards

1.1 The Australian National Audit Office (ANAO) Audit Manual (the Manual) sets ANAO policies and guidance applying specifically to the audits and other assurance work performed by or on behalf of the Auditor-General consistent with ANAO Auditing Standards.

1.2 The Manual forms part of the ANAO quality management framework which demonstrates compliance with the requirements of Auditing Standard on Quality Management ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements for policies and procedures which promote quality audits and for monitoring the application of those policies and procedures.

Guidance

1.11 The Manual addresses performance audit, financial statements audit, performance statements audit and other assurance work policy and guidance. As such, it comprises a shared content section applicable to all ANAO assurance engagements and separate chapters for specific content.

1.12 The Manual is organised as follows:

ANAO shared content

1. Authority and maintenance of the ANAO audit manual

2. Auditor-General’s mandate

3. Strategic planning

4. Governance and leadership responsibilities for quality

5. Professional, ethical and independence requirements

6. Resources

7. Information, communication and relationship with the auditee

8. Engagement performance

9. Documentation

10. Monitoring quality management policies and procedures

11. Evaluation of the Quality Management Framework

FSASG specific content

101. Engagement performance – general

107. Engagement performance – planning

110. Engagement performance – execution

116. Engagement performance – reporting

PASG specific content

201. Engagement performance – general

205. Engagement performance – planning

210. Engagement performance – execution

224. Engagement performance – reporting

PSASG specific content

301. Engagement performance – general

311. Engagement performance – planning

321. Engagement performance – execution

331. Engagement performance – reporting

1.13 The Manual forms part of the ANAO Quality Management Framework (QMF). It contains ANAO policy and guidance in respect of ANAO audit and assurance work. Other elements of the ANAO QMF are contained in the policy and procedures manuals and documents of the Corporate Management Group (CMG). ANAO staff are bound by these other ANAO policies where they are relevant to audit and assurance activities. Some policies within this Manual allude to these other policies.

1.14 The policies and procedures that make up the QMF respond to quality risks that arise in respect to the nature and circumstances of the ANAO and the engagements conducted. An annual review of the quality objectives and risks ensures that additional or modified quality objectives and risks are identified and modifications and additions to the QMF are designed and implemented as necessary.

1.15 The performance audit specific part of the Manual applies to performance audits. Application Guidance for Limited Assurance Reviews has been developed for guidance when applying the Manual to a Limited Assurance Review under section 19A of the Auditor-General Act 1997.

1.16 The Manual has been developed for use by ANAO executives and staff. In-house contractors must also comply with the policies in the Manual. Where audit and other assurance work has been contracted out, relevant sections of the Manual are to be made known to the contractor firm (refer to paragraph 1.4).

1.17 The Manual enables the achievement of ANAO business objectives. Audit service group executives and senior staff should raise with PSG any conflicts between the delivery of ANAO business objectives and the Manual.

1.18 The Manual does not seek to re-express, as ANAO policy, material that is binding under other authorities (e.g. in respect of the mandatory requirements of ANAO Auditing Standards). However, the Manual does seek to enunciate the relationship between various authorities and provide guidance on their application in the ANAO. Refer to Diagram 1.

1.19 PSG has overall responsibility for the Manual and any amendments to it. This is to ensure that ANAO policy and procedures for audit and other assurance work remain consistent with the authorities governing the ANAO’s work. Amendments, other than those that are clearly trivial, will involve consultation with ANAO GEDs, Chief Operating Officer (COO) or their nominees and oversight by the ANAO Quality Committee.

1.20 An annual review of the Manual is needed to keep policies current. Minor editorial or technical amendments (e.g. updating legislative references) will be made as required by PSG.

1.21 Each section of the Manual will be subject to version control. Major changes will restart the number sequence (e.g. v1.0, v2.0). Minor changes will be designated as amendments to the previous major change (e.g. v1.2, v2.4).

1.22 All changes to the Manual, other than those that are clearly trivial, will be notified to ANAO audit staff and contractors through mechanisms such as direct email, the issue of a PSG Announcement or discussion at PSG Technical Updates and service group forums.

1.23 Material in the Manual that is superseded is archived consistent with the ANAO Information Management Framework.

1.24 In the ANAO wide aspects of this Manual, the term Engagement Executive is used to describe the leader of the assurance engagement. For financial statement audits, performance statements audits, and other assurance engagements conducted by FSASG or PSASG, this means the Engagement Executive assigned to the engagement consistent with the Auditor-General’s delegations and may be a GED, Senior Executive Director (SED), Executive Director or Senior Director. For performance audits and other assurance engagements conducted by PASG, this means the Executive Director assigned to the engagement consistent with the Auditor-General’s delegations.

Diagram 1: Relationship between ANAO audit manual and authorities governing ANAO work

The Auditor-General’s mandate and work of the ANAO

Background

2.1 The Auditor-General Act 1997 (Cth) (A-G Act) creates the Auditor-General’s mandate, the ANAO and the requirement for ANAO Auditing Standards. It also sets out the relationship with the Parliament and the Joint Committee of Public Accounts and Audit (JCPAA), and requires the appointment of the Independent Auditor.

Guidance/legislative requirements

Introduction to the Auditor-General Act 1997 (Cth)

2.22 An outline of these matters is set out below and staff should refer to the A-G Act itself. A copy of the A-G Act is available on https://www.legislation.gov.au/.

2.23 The A-G Act is in eight parts.

1. Preliminary: Deals with the start of the A-G Act, its application to things outside Australia and its application to the Crown.
2. Interpretation: Contains definitions of terms that are frequently used throughout the A-G Act.
3. The Auditor-General: Creates the office of Auditor-General. Schedule 1 deals with administrative matters relating to the office of Auditor-General, such as the Auditor-General’s appointment, conditions, resignation and removal.
4. Main functions and powers of the Auditor-General: Sets out the functions and powers of the Auditor-General.
5. Information-gathering powers and secrecy: Gives the Auditor-General various powers to gather information. It also places restrictions on the disclosure or publication of information.
6. The ANAO: Establishes the ANAO.
7. Audit of the ANAO: Establishes the Independent Auditor. The functions of the Independent Auditor are to audit the financial statements of the ANAO and to carry out performance audits of the Office. Schedule 2 deals with administrative matters relating to the Independent Auditor, such as the Independent Auditor’s appointment, conditions, resignation and removal.
8. Miscellaneous: Deals with miscellaneous matters such as a Commonwealth indemnity for people carrying out Auditor-General functions.

2.24 The A-G Act creates the statutory position of the Auditor-General as an independent officer of the Parliament (sections 7, 8). It also creates the ANAO (section 38).

2.25 The Auditor-General has complete discretion in the performance or exercise of his or her functions or powers, limited only by the A-G Act and other laws of the Commonwealth. In particular, the Auditor-General is not subject to direction from anyone about:

1. whether a particular audit is to be conducted; or
2. how a particular audit is to be conducted; or
3. the priority to be given to any particular matter (section 8(4)).

2.26 Section 40(2) of the A-G Act further protects statutory independence by providing that directions to ANAO staff relating to the performance of the Auditor-General’s functions may only be given by the Auditor-General or ANAO staff authorised to give such directions by the Auditor-General.

2.27 The Auditor-General’s main functions include financial statement audits (sections 11 and 12), annual performance statement audits (section 15), performance audits (sections 17, 18, 18A and 18B), and assurance reviews (section 19A).

2.28 The Auditor-General may also enter into an arrangement with any person or body to conduct a financial statements audit or performance audit of that body or to provide services that are commonly provided by auditors (section 20). The Auditor-General shall not perform functions under section 20 for a purpose that is outside the Commonwealth’s legislative power. An audit may not be conducted by arrangement under section 20 where a law mandates the Auditor-General to conduct the audit. Further policy and guidance about section 20 audits is available in the section on Audits and Audit Related Services by Arrangement.

2.29 In addition, the Auditor-General can provide advice and disseminate information relevant to the Auditor-General’s responsibilities (section 23) and may at any time report to the Parliament or a Minister on any matter (sections 25 and 26).

2.30 The Auditor-General is required to set auditing standards. All staff must comply with the ANAO Auditing Standards determined by the Auditor-General from time to time when performing the auditing functions for which the standards are specified (section 24). The auditing standards applying to other work are a matter of policy. Further guidance is available in the section on Applicable Auditing Standards.

The Auditor-General’s information-gathering powers

2.31 To help in fulfilling audit functions, the A-G Act provides the Auditor-General with wide-ranging information-gathering powers. In practice, information is gathered through cooperation with audited entities and the information-gathering powers are treated by the ANAO as ‘reserve’ powers. These information-gathering powers are balanced by strict confidentiality provisions, which are explained in the section on Confidentiality of audit evidence. More information about the information-gathering powers is available in Supplementary Guidance titled The Auditor-General’s information-gathering powers.

2.32 Section 32 of the A-G Act provides the Auditor-General with the ability to direct a person to provide information or documents that the Auditor-General requires, as well as the ability to direct that a person attend a judicial proceeding to give evidence before the Auditor-General, or an authorised official. The Auditor-General may direct that the information or answers given as oral evidence in a judicial proceeding, or as written evidence, be collected or verified under oath or affirmation. Formal procedures that must be followed in accordance with paragraph 2.19 have been developed by ANAO Legal Services and are available at Procedures for Conducting ANAO Judicial Proceedings.

2.33 Legal advice confirms that the direction‐making powers can extend to a person who is a member of Parliament or their staff. In practice, the principal focus is on Ministers and their staff undertaking executive government functions. Based on that advice, the Auditor‐General takes care, in the rare cases that the powers are used, to ensure that any direction does not interfere with the proceedings of Parliament. Relevant considerations including the timing of a direction (to have regard to sitting days) and the location of an interview conducted under oath (to ensure it is outside the parliamentary precincts).

2.34 The nature of the information collected and how it is reported must also be considered. The A-G Act recognises that information‐gathering powers are limited by laws relating to the powers, privileges and immunities of the Parliament, its members and committees. Typically, information‐gathering conducted during an audit is focused on the entity whose activities are under review. In some audits, information gathering may also extend to relevant Ministers’ offices where information relating to the activities of the executive government may be held. The information sought by the ANAO tends to relate to Ministerial decisions or actions in the conduct of resource management activities such as procurement and grants administration but is not necessarily limited to this type of information.

2.35 Section 33 provides authorised officials with full and free access to audited entity premises, documents or property on those premises. All ANAO auditors should be authorised officials and carry a written authorisation from the Auditor-General when attending audited entity premises.

2.36 The following table summarises circumstances where escalation may be required in respect to use of warrant cards in exercising section 33 information-gathering powers.

2.37 Self-incrimination cannot be used as a reason by a person to refuse to supply information (section 35). Penalty provisions exist for non-compliance.

2.38 The Auditor-General’s preference is for the ANAO to obtain audit evidence through cooperation with audited entities. Cooperative information-gathering means that the audit team and the audited entity cooperate to ensure that the audit team receives the information that it requires in a timely manner. When auditing cooperatively, the information-gathering powers in the A-G Act are either not exercised, or are only exercised, including at the request of audited entities, to avoid a particular legal or other impediment such as a statutory secrecy provision.

2.39 Where there is a genuine legal impediment preventing an audited entity from providing audit evidence, the Audit Manager or the Engagement Executive should engage with the audited entity and seek Group Executive Director agreement to either request that the Auditor-General consider using section 32 to direct that the evidence be provided, or that an authorised official will attend the audited entity’s premises and take evidence using section 33.

2.40 If an audited entity or person is unwilling to cooperate to provide audit evidence or wishes to impose conditions on providing information, the issue should be first escalated to the Engagement Executive. Engagement Executives should not agree to any conditions that could impinge on the Auditor-General’s mandate such as:

1. non-disclosure agreements or conditions preventing the ANAO from using information in an audit report;
2. agreements that the ANAO will not copy or remove documents from audited entity premises;
3. unreasonable requirements to complete the audited entity’s pre-employment checks; and
4. unreasonable requirements to attend the audited entity’s mandatory training.

2.41 Issues that cannot be resolved should be escalated to Group Executive Director level to consider the ANAO’s options, which may include consideration of whether evidence can be taken using section 33 or whether it will be necessary to request that the Auditor-General consider issuing a section 32 notice.

2.42 There may also be situations where the Auditor-General determines that use of a judicial proceeding is necessary, for example to obtain verbal interview evidence under oath to lift the robustness of the evidence. More detailed guidance on the conduct of judicial proceedings is available in the PSG Guidance Document.

Confidentiality of audit evidence

2.43 Audits must comply with the confidentiality requirements of the A-G Act. A person performing an Auditor-General function must not disclose any information except in the course of performing an Auditor-General function (see subsection 36(1)) or where it is in the Commonwealth’s interest to provide advice or information (see section 23) and the provision of information is within the scope of the person’s assigned duties and responsibilities.

2.44 The confidentiality obligations in the A-G Act are generally limited to ANAO staff and other persons performing Auditor-General functions (such as ANAO contractors). However, the A-G Act imposes a confidentiality obligation on staff of an audited entity or other persons who receive proposed section 19 audit reports and working papers created for the purposes of preparing a proposed report under section 19, including the Report Preparation Papers.

2.45 Section 23A also allows a person performing an Auditor-General function to provide information to a person to assist in conducting a performance audit or assurance review and for this information to be protected by section 36(2B). Section 23A and section 36(2B) can be used to protect sensitive information about performance audits, such as if a support person is attending a judicial proceeding or where further consultation about a performance audit report is required after the section 19 process is complete. In these situations, the recipient of the sensitive information should be informed of their obligations under section 36(2B) and ANAO Legal Services can assist with this.

2.46 A person provided with a copy of a proposed report (including a draft) created for the purposes of preparing a proposed report, or extract provided for comment, must not disclose any information from that report before a final report being tabled in the Parliament (section 36(3)). Section 36(4) provides that the Auditor-General may consent to a disclosure otherwise prohibited by subsection 36(3).

2.47 The Auditor-General has agreed that the Accountable Authorities of Commonwealth entities or Chairpersons of Commonwealth companies may decide to disclose, on a confidential basis, relevant papers (including report preparation papers and proposed reports provided under section 19) to entity officials as well as members of the entity’s audit committee. The Auditor-General’s consent treats a range of secondees, as well as some specific types of contractors and consultants as entity officials. More information about the Auditor-General’s consents is set out in Supplementary Guidance titled Confidentiality of Report Preparation Papers and Proposed Reports.

2.48 Where a relevant paper is addressed to an officer of an entity, instead of an Accountable Authority, the Auditor-General has agreed that the officer to whom the paper has been addressed may decide to disclose, on a confidential basis, that paper to relevant officers of the entity or members of the entity’s audit committee.

2.49 Accountable Authorities and Officers wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants (who are not entity officials) and Ministers, must seek the consent of the Auditor-General.

2.50 Note that proposed reports under section 19, should, unless agreed by the Auditor-General, only be addressed to the Accountable Authority (the Secretary, Chief Executive, or governing board), or in the case of Commonwealth companies, subsidiaries and Commonwealth partners (which do not have an accountable authority of their own), a director or member of the governing body of the entity. Relevant papers other than proposed reports, such as report preparation papers, will usually be sent to an officer that is not an accountable authority, director or member of the governing body of the entity. For example, a report preparation paper will often be sent to an SES Band 2 officer. For further information about the practicalities of issuing report preparation papers and proposed reports, refer to the PASG Workflow and the Supplementary Guidance titled Confidentiality of Report Preparation Papers and Proposed Reports.

2.51 These confidentiality provisions do not prevent the Auditor-General from disclosing particular information to the Commissioner of the Australian Federal Police if the Auditor-General is of the opinion that the disclosure is in the public interest (subsection 36(2)).

Sensitive information not to be included in public reports

2.52 The Auditor-General must not include particular sensitive information in public reports that in the Auditor-General’s opinion would be contrary to the public interest (section 37).

2.53 The Auditor-General may consider that disclosure of information would be contrary to the public interest for the following reasons:

1. it would prejudice the security, defence or international relations of the Commonwealth;
2. it would involve the disclosure of deliberations or decisions of the Cabinet or of a Committee of the Cabinet;
3. it would prejudice relations between the Commonwealth and a State;
4. it would divulge any information or matter that was communicated in confidence by the Commonwealth to a State, or by a State to the Commonwealth;
5. it would unfairly prejudice the commercial interests of any body or person; and
6. any other reason that could form the basis for a claim by the Crown in right of the Commonwealth in a judicial proceeding that the information should not be disclosed.

Application of other relevant legislation

2.54 The Parliamentary Privileges Act 1987 (Cth) confers exemption from legal recrimination to a certain range of documents and activities that relate to transacting the business of the Parliament. This means that ANAO audit documentation and reports cannot be the subject of legal action. In the context of audits, Parliamentary privilege is accorded to:

1. reports tabled in the Parliament;
2. an audit report as it is being prepared — privilege is not compromised by the fact that the draft report is first provided to the entity before tabling;
3. section 19 reports, working papers, report preparation papers and draft management reports that are created during the course of an audit, as necessary steps in the completion of a final audit report for presentation to Parliament, to comply with the A-G Act and relevant auditing standards;⁵ and
4. audit reports that are tabled in the Parliament.

2.55 Legal Services Directions (Directions) are issued by the Attorney-General under section 55ZF of the Judiciary Act 1903 (Cth). The Directions outline a range of matters that non-corporate Commonwealth entities (that is, entities with the legal persona of the Commonwealth, such as the ANAO) must comply with about litigation and legal services generally. Clause 10 of the Directions impose obligations on non-corporate Commonwealth entities about sharing legal advice and consulting with other entities when getting legal advice. The ANAO has been granted an exemption from Clause 10, subject to the following condition:

1. if the ANAO receives legal advice indicating an ambiguity or other issue in legislation that should be addressed by remedial action to be taken by the administering non-corporate Commonwealth entity, then the ANAO is required to advise the administering non-corporate Commonwealth entity of the issue. This must be done as soon as practicable, having regard to the circumstances in which the ANAO has sought the advice.

2.56 The ANAO will cooperate with relevant non-corporate Commonwealth entities to address any legal interpretation issues. ANAO Legal Services can help with discussing these issues with audited entities.

2.57 Very few audited entities would be aware that the ANAO is exempt from Clause 10 of the Legal Services Directions and audited entities are likely to be concerned if the ANAO does not consult consistent with Clause 10. Despite being exempt, the ANAO should endeavour to consult in a manner consistent with Clause 10 of the Directions unless there is an audit reason that it would not be appropriate to consult. Where consultation is not possible, the ANAO should explain to audited entities, at the first suitable opportunity, that the ANAO is exempt from Clause 10 of the Directions. ANAO Legal Services can help with discussing these issues with audited entities.

2.58 In recognition of the Auditor-General’s independent status, the Auditor-General is exempt from the application of the Freedom of Information Act 1982 (Cth) (FOI Act). However, to the extent appropriate, the ANAO provides information on request in the spirit of the FOI Act, about the administration of the ANAO. As a general rule, information about the findings of an audit in progress is not made public. The release under FOI of records created by another entity, which have been collected by the ANAO for an audit purpose, is usually a matter for the entity that created the records.

2.59 The Auditor-General is also exempt from the application of the Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act 1988 (Cth). However, consistent with the ANAO’s policy relating to the FOI Act, the ANAO complies with the intent and spirit of the APPs to the extent appropriate.

2.60 The National Anti-Corruption Commission (NACC) operates under the National Anti-Corruption Commission Act 2022. The NACC is an independent Commonwealth agency that detects, investigates and reports on serious or systemic corruption in the Commonwealth public sector. Guidance regarding engagement with the NACC is available for staff. [link to be added once guide released]

Statutory whistleblower regimes

2.61 The Public Interest Disclosure Act 2013 (Cth) (PID Act), Corporations Act 2001 and Taxation Administration Act 1953 (Tax Act) contain whistleblower regimes which on occasion impact on audit processes. The PID Act clearly applies to suspected wrongdoing by ANAO staff but has limited application to audit processes. The Corporations Act whistleblower regime applies to ANAO staff auditing companies and the Tax Act regime could apply if auditors discover possible tax avoidance or non-compliance with tax laws.

2.62 The PID Act is designed to enable disclosure and investigation of wrongdoing in the Commonwealth public sector. The primary mechanism to achieve this is by protecting ‘whistleblowers’ from reprisal action to encourage public officials to report suspected wrongdoing.

2.63 The operation of the PID Act does not impact the way the ANAO conducts its auditing and related responsibilities that are governed by the A-G Act. In particular, during the performance of an Auditor-General function, where matters such as breaches of legislation and deficiencies in aspects of public administration are identified they should be reported to a supervisor. The ANAO’s audit policies, procedures and practices continue to apply including those procedures set out in this audit manual. All staff must also continue to comply with the confidentiality and other provisions of the A-G Act. Reporting of disclosable conduct and relevant disclosure processes outlined in the PID Act are separate from, and should not impact directly on, the way ANAO staff perform an Auditor-General function.

2.64 In rare situations, auditors may require information from an audited entity about a public interest disclosure involving that entity. Information about the public interest disclosure will likely be covered by the general secrecy provision in section 65 of the PID Act, which carries a penalty of two years imprisonment or 120 penalty units, or both. The information-gathering power in section 32 of the A-G Act prevails over the PID Act. However, the A-G Act will only prevail if section 32 is used, and an audited entity that voluntarily provides information covered by section 65 of the PID Act exposes itself to risk of breaching section 65. For this reason, the information-gathering powers in the A-G Act should be used if an auditor requires information that relates to a public interest disclosure. ANAO Legal Services can help with discussing these types of issues with the audited entity.

2.65 The Corporations Act whistleblower regime provides protection to whistleblowers in companies who disclose misconduct in the Commonwealth company to ANAO auditors. An example of a whistleblower disclosure would be if a staff member of a Commonwealth company alleged, in an informal private conversation, that a senior company officer was defrauding the company. ANAO auditors who receive a disclosure may face criminal penalties if they divulge the identity of the whistleblower or engage in conduct to the detriment of the whistleblower. ANAO auditors who suspect that they may have received a whistleblower disclosure should consider seeking advice from ANAO Legal Services, as the Corporations Act allows disclosure to legal advisers.

Legal professional privilege

2.66 Legal professional privilege is a rule of law that protects the confidentiality of certain communications between legal advisers and clients. Legal professional privilege applies to a communication where the dominant purpose of the communication is to provide legal advice to the client. Section 30 of the A-G Act provides that auditees cannot claim legal professional privilege to refuse access to information for audit purposes. In addition, subsection 30(2) provides protection to auditees to ensure that disclosure within the audit of otherwise privileged information does not waive that privilege for purposes outside the audit. Subsection 30(2) applies in addition to the fact that information is not considered to be disclosed when it is provided between different non-corporate Commonwealth entities. This is because those entities are all considered to be legally the same entity (i.e. the Commonwealth). ANAO Legal Services has developed Supplementary Guidance which provides further information about legal professional privilege.

The work of the ANAO

2.67 The ANAO is a statutory body exercising defined functions and powers. It is important that audit staff and contractors understand the basis in law for each engagement they are to undertake. Furthermore, the absence of legal authority to conduct an audit is likely to jeopardise the indemnity provided under section 55 of the A-G Act⁶ for a liability that might be incurred by a person undertaking an Auditor-General function.

2.68 Financial statement, performance audits, performance statements audits and other assurance reviews must be carried out consistent with the Auditor-General’s mandate having regard to any exclusions relating to particular persons or bodies. The Auditor-General is responsible for financial, performance audits and assurance reviews of all Commonwealth entities, companies and subsidiaries, with the exception that performance audits and an audit of performance measures of Government Business Entities (GBE) can only be undertaken if they are requested by the JCPAA (subsection 17(2)). In addition, a performance audit of a Commonwealth partner that is part of, or controlled by, a state or territory government cannot be undertaken unless it is requested by the responsible minister or the JCPAA (paragraph 18B (1)(a)).

2.69 The relevant legislation for conducting annual financial statement audits comes under Part 4, Division 1 of the A-G Act, which provides for the audits of:

• Commonwealth entities consistent with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) (section 11(a));
• Commonwealth companies consistent with the A-G Act (section 11(b));
• subsidiaries of corporate Commonwealth entities and Commonwealth companies consistent with the A-G Act (section 11(c)); and
• annual consolidated financial statements of the Commonwealth (section 12).

2.70 Financial statements audits can also be undertaken under other Acts. The Auditor-General’s functions include any functions given to the Auditor-General by any other Act (section 22). For example, the authority for the audit of the financial statements of the High Court is section 47 of the High Court of Australia Act 1979.

2.71 In the case of audits that are conducted under the authority of an Act other than the A-G Act or the PGPA Act, there may be specific provisions in the particular Act requiring a report to a Minister, typically the Minister responsible for the particular Act. For example, subsection 43(1) of the High Court Act requires the Auditor-General to inspect and audit the accounts and records of the Court and under subsection 43(3), to report the results to the Attorney-General. The High Court Act also requires a report to the Attorney-General on the results of the financial statements audit under section 47.

2.72 Regular reports to Ministers on the results of interim and final financial statements audit work are provided under the authority of subsection 26(2) of the A-G Act which provides that the Auditor-General may at any time give a report to any Minister on any matter. Reports to the Parliament on the results of interim and final financial statements audit work are provided under the authority of section 25(1), which provides that the Auditor-General may at any time cause a report to be tabled in either House of the Parliament on any matter.

2.73 There are other provisions dealing with situations where a report to a Minister (other than the audit report on the financial statements) must be provided.

• Section 26(1) of the A-G Act provides that the Auditor-General bring to the attention of the responsible Minister any important matter that comes to the attention of the Auditor-General while (a) conducting an audit referred to in Division 1 or (b) performing functions as an auditor under the Corporations Act 2001. For this purpose, what is an ‘important matter’ is a matter for the Auditor-General’s judgement.
• A provision similar to subsection 26(1) exists in some other Acts. For example, section 43(1) of the High Court Act provides that the Auditor-General shall draw the attention of the Attorney-General to any irregularity disclosed by the inspection and audit that, in the opinion of the Auditor-General, is of sufficient importance to justify his or her so doing.

2.74 Persons performing a financial statements audit under section 49 of the PGPA Act (the Annual consolidated financial statements of the Commonwealth) are required by the A-G Act to comply with the ANAO auditing standards. Standards applying to other work (audits or services by arrangement or audits under Acts other than the A-G Act) are not required by law and are a matter of ANAO policy.

2.75 Performance audits are conducted under sections 17, 18, 18A and 18B of the A-G Act. Section 17 refers to performance audits of a single Commonwealth entity, Commonwealth company or the subsidiary of a corporate Commonwealth entity or a Commonwealth company. Section 18 refers to general performance audits, otherwise known as cross-entity audits, which are conducted to review a particular aspect of Commonwealth public sector operations across more than one entity. Section 18A refers specifically to the auditing of entity performance measures and the reporting against those measures. Section 18B refers to the conduct of a performance audit of a Commonwealth partner. Other sections in the A-G Act refer to performance statement audits (sections 15-16), assurance reviews (section 19A), priority assurance reviews (section 19A(5)) and audits by arrangement (section 20).

2.76 The Auditor-General’s functions do not extend to examining and reporting on the appropriateness of government policy. This differs from reviewing and reporting on:

• the timeliness and evidence base of policy advice provided to government to help inform the development of government policy; or
• policy settings or guidance relating to implementation of the PGPA Act and Rule.

2.77 The Auditor-General cannot audit the performance of Ministers of State about the exercise of their constitutional duties. This prohibition extends to judicial and quasi-judicial officers and Royal Commissioners about performing their statutory duties but may allow examination where the duties involve the management of an entity.⁷

2.78 The Auditor-General can audit the functions of statutory office holders who have administrative functions in addition to their statutory functions. When conducting audits under sections 17 or 18, the Auditor-General’s mandate extends to the actions of Ministers who discharge responsibilities under specific legislation relating to the subject matter of each audit. For example, the administrative function of grant approval or the approval of proposed expenditure by a Minister under section 71 of the PGPA Act.

Relationship with the Parliament and the JCPAA

2.79 The Parliament is the ANAO’s primary client and the A-G Act provides that audit reports be tabled in the Parliament, except for reports on assurance reviews under section 19A(4) of the A-G Act.⁸ The JCPAA is the ANAO’s primary point of contact with the Parliament and the ANAO’s oversight committee.

2.80 The JCPAA is a joint statutory committee of the Parliament that has a special relationship with the ANAO. The JCPAA is formed under the Public Accounts and Audit Committee Act 1951 (PAAC Act) and is empowered to scrutinise the moneys spent by Commonwealth entities from funds appropriated to them.

2.81 The JCPAA’s duties as set out in section 8 of the PAAC Act include to:

1. examine all reports of the Auditor-General (including reports of the results of performance audits) (section 8(c));
2. consider the operations and resources of the ANAO and the reports of the ANAO’s Independent Auditor (section 8(g)) and to report to both Houses of the Parliament on any matters arising from this consideration (section 8(h));
3. report to both Houses of the Parliament on the performance of the ANAO at any time (section8(i));
4. consider the ANAO budget (subsection 8(j));
5. consider the level of fees determined by the Auditor-General under subsection 16(1) of the A-G Act (subsection 8(ka)); and
6. determine the audit priorities of the Parliament for audits of the ANAO by the Independent Auditor (subsection 8(n)).

2.82 Other Parliamentary Committees, particularly the Senate Finance and Public Administration Committee, also review ANAO audit reports and conduct enquiries that draw on the ANAO’s work and scrutinise the ANAO’s administration.

Independent auditor

2.83 The A-G Act provides for the appointment of an independent auditor for the ANAO. The independent auditor can undertake both financial and performance audits of the ANAO and has powers and functions similar to those provided to the Auditor-General under the A-G Act. Reports of audits undertaken by the independent auditor must be tabled in the Parliament and the JCPAA can review these reports (the A-G Act, Part 7).

Applicable auditing standards

Background

2.84 The ANAO Auditing Standards set by the Auditor-General under section 24 of the A-G Act must be applied by all persons performing the Auditor-General functions specified in that section of the A-G Act.

2.85 These functions include:

1. auditing of the annual financial statements of:
   
   1. Commonwealth entities and Commonwealth companies consistent with the PGPA Act,
   2. subsidiaries of Commonwealth entities and Commonwealth companies consistent with the PGPA Act, and
   3. the Commonwealth under section 49 of the PGPA Act (Commonwealth consolidated financial statements);
2. auditing of annual performance statements of Commonwealth entities consistent with the PGPA Act;
3. performance audits of Commonwealth entities, Commonwealth companies and subsidiaries and Commonwealth partners;
4. general performance audits under section 18 of the A-G Act;
5. auditing of performance measures under section 18A of the A-G Act; and
6. assurance reviews of Commonwealth entities, Commonwealth companies and subsidiaries of a corporate Commonwealth entity or a Commonwealth company.

2.86 This Manual (at paragraph 2.83) mandates that the ANAO Auditing Standards will apply to all assurance engagements conducted by the ANAO despite the fact that section 24 of the A-G Act does not require the ANAO Auditing Standards to apply to audits conducted under other Acts (except the annual audit of the Commonwealth Financial Statements under the PGPA Act) or audit-related services undertaken by arrangement under section 20.

Guidance

2.89 The ANAO Auditing Standards set by the Auditor-General are registered legislative instruments and are publicly available on the Federal Register of Legislation.

2.90 It is ANAO practice to incorporate into the ANAO Auditing Standards, by reference, the standards made by the Australian Auditing and Assurance Standards Board (AUASB). The only constraint on the application of AUASB standards is that should an AUASB standard(s) conflict with a legal requirement, the legal requirements prevail.⁹

2.91 The operation of the ANAO Auditing Standards is fully explained in the Explanatory Statement which is found on the Federal Register of Legislation.¹⁰

2.92 Some Commonwealth entities are audited under provisions in Acts other than Part 4 Division 1 of the A-G Act and are not therefore within the scope of the section 24 Standards. Nevertheless it is appropriate for such bodies to be audited under the ANAO Auditing Standards. For example, the High Court of Australia is not a Commonwealth entity (refer to subsection 10(2) of the PGPA Act). The audit requirements are in the High Court Act 1979.

2.93 Some ANAO engagements are undertaken by arrangement under section 20 of the A-G Act. Such an engagement may be with an Australian body not wholly within the Commonwealth’s jurisdiction (for example, a body set up jointly by the Commonwealth and State Governments) or with an international or foreign body.

Relationship between the Public Governance, Performance and Accountability Act 2013 and the Corporations Act 2001

Background

2.94 Section 11 of the A-G Act states that the Auditor-General’s functions include auditing the financial statements of:

1. Commonwealth entities;
2. Commonwealth companies; and
3. subsidiaries of corporate Commonwealth entities and Commonwealth companies.

2.95 Section 21 of the A-G Act allows the Auditor-General to accept appointment as an auditor of Commonwealth companies and Commonwealth subsidiaries under the Corporations Act 2001 (Corporations Act).

2.96 A Commonwealth company or a Commonwealth subsidiary may choose not to appoint the Auditor-General as their auditor under the provisions of the Corporations Act. However, the Auditor-General is still required by section 11 of the A-G Act and sections 44(3), 97(3) and 99(3) of the PGPA Act to audit their financial statements in addition to the audit done by the appointed auditor under the Corporations Act. Refer to paragraph 2.91 for exceptions to this requirement.

Guidance

Commonwealth Entities

2.99 Audit teams performing engagements consistent with the Corporations Act need to be aware of the relationship between the Corporations Act, the PGPA Act and its impact on the Auditor-General’s mandate about companies controlled by the Commonwealth.

2.100 As defined in section 10 of the PGPA Act, Commonwealth entities include: Departments of State; Parliamentary Departments; listed entities; and bodies corporate.¹¹ Commonwealth companies are not Commonwealth entities. The High Court and the Future Fund Board of Guardians are also excluded from the definition of Commonwealth entities, under section 10 of the PGPA Act (refer to Diagram 2 PGPA Act structure).

2.101 There are two types of Commonwealth entity:

1. corporate Commonwealth entities – a Commonwealth entity that is a body corporate; and
2. non-corporate Commonwealth entities – a Commonwealth entity that is not a body corporate.

2.102 Corporate Commonwealth entities are legally separate from the Commonwealth, whereas non-corporate Commonwealth entities are legally part of the Commonwealth. The Department of Finance maintains the Flipchart of Commonwealth entities and companies which provides a quick reference to which Commonwealth entities are corporate and which are non-corporate Commonwealth entities.

2.103 Most bodies that meet the definition of bodies corporate are incorporated for a public purpose by an Act and hold money on their own account. Whether a Commonwealth entity is a body corporate can usually be determined from the provisions in the legislation forming the body. Money is taken to be held on a corporate Commonwealth entity’s own account unless it is relevant money as defined in section 8 of the PGPA Act. The Finance Minister also has the power to make rules that form bodies corporate under section 87 of the PGPA Act.

2.104 There are a small number of entities that have a body corporate status but are prescribed as non-corporate Commonwealth entities, for example the Australian Competition and Consumer Commission.

2.105 There are also a small number of bodies which are corporate Commonwealth entities but whose enabling legislation states that the PGPA Act applies but only in certain respects. For example, section 4A of the Australian National University Act 1991 modifies the application of the PGPA Act.

The particular definitions of ‘Commonwealth ‘company’ and ‘subsidiary’ in the PGPA Act

2.106 Section 89(1) of the PGPA Act defines a ‘Commonwealth company’ as a Corporations Act company that the Commonwealth controls. However, an entity that is controlled by a corporate Commonwealth entity or a Commonwealth company is referred to in the Act as a ‘subsidiary’, even if it is a company under the Corporations Act.

2.107 The distinction is important because the provisions of the PGPA Act applying to Commonwealth companies are sometimes different to those applying to subsidiaries.

Application of the Corporations Act

2.108 The Corporations Act applies under its own terms to Commonwealth companies and Commonwealth subsidiaries;¹² that is, nothing in the PGPA Act detracts from the application of the Corporations Act.

2.109 There are provisions in the Corporations Act which allow certain companies not to prepare annual financial statements. A Commonwealth subsidiary that meets those requirements can use them not to report under the Corporations Act. However, section 97(1) of the PGPA Act requires all Commonwealth companies to give to their responsible Minister a copy of the financial report, directors’ report and auditor’s report that the company would be required to prepare if they were a public company, even if they are exempt under the Corporations Act from preparing annual financial statements.

The nature and application of the Auditor-General’s mandate in respect of Commonwealth companies and Commonwealth subsidiaries

2.110 An exception to the Auditor-General’s legislative mandate for the audit of the financial statements of a subsidiary exists when the subsidiary is incorporated or formed in a place outside Australia and certain other conditions are met (refer sections 44(3) and 99(3) of the PGPA Act).

Diagram 2: PGPA Act structure

Diagram 3: Decision Tree - ANAO financial statements audit mandate under the PGPA Act

Audits and Audit Related Services by arrangement under section 20 of the A-G Act

Guidance

Approving the engagement

2.120 This policy deals with the matters to be considered when making a recommendation whether to accept a request to undertake an audit, or audit related service by arrangement, under section 20 of the A-G Act.

2.121 An audit by arrangement is an assurance-related service performed by the ANAO of a kind normally performed by auditors (including financial statement and performance audits) that is conducted under an agreement between the ANAO and another party.

2.122 Following a proposal or request to enter into an audit or audit related service by arrangement, the FSASG/PASG GED should consider and document the following in forming a view as to whether to recommend the request:

1. Is the proposed arrangement a mandated Auditor-General function?
2. Does the proposed arrangement involve the Auditor-General performing a function that is outside of the Commonwealth’s legislative power?
3. Will the preconditions for the engagement be met, as required by the ANAO Auditing Standards?
4. Who within the organisation is responsible for the preparation of the report? If the responsibility is not at the accountable authority or Director level, is the signatory appropriate and is there appropriate governance over the report?
5. Who are the intended users of the ANAO report?
6. Does the proposed arrangement provide the Auditor-General with the ability to report to the responsible Minister and Parliament on the results of the audit?
7. Will the ANAO have satisfactory access to information, premises and relevant individuals?
8. Are there any questions or concerns over the integrity of the client (key management and TCWG)?
9. Will the ANAO have the competence and capabilities, including available time and resources to conduct the engagement?
10. Does the engagement pose any risks to compliance with ethical requirements?
11. Are there any possible legislative or public interest considerations that impact the recommendation?

Legislative requirements

2.123 Under section 20(1) of the A-G Act the Auditor-General may enter into an arrangement with any person or body to:

1. audit financial statements of the person or body; or
2. conduct a performance audit of the person or body; or
3. provide services to the person or body that are of a kind commonly performed by auditors.

2.124 The Auditor-General does not delegate the power to enter into arrangements under section 20.

2.125 The Explanatory Memorandum of the original Auditor-General Bill states that audits by arrangement under section 20 may include:

1. audits of Commonwealth Corporations Act companies where the audit is not otherwise permitted or required under the A-G Act;
2. audits of international organisations of which the Commonwealth is a member;
3. provision of services normally performed by auditors and accounting firms including workers’ compensation certificates, comfort letters, investigating accountants’ reports and help in matters of financial administration; and
4. audits of organisations or people who are the recipients of Commonwealth grants or benefits.

2.126 Section 20 allows the Auditor-General to undertake engagements outside of engagements otherwise mandated by the A-G Act or other legislation, but section 20(3) specifies that the Auditor-General must not perform functions for a purpose that is outside of the Commonwealth’s legislative power. The Commonwealth’s legislative powers are set out in section 51 of the Australian Constitution.

2.127 When forming the recommendation, if in doubt, the GED should consult with ANAO Legal Services to confirm that a particular matter falls within the Commonwealth’s legislative powers.

2.128 Section 20(4) allows the Auditor-General to enter into an arrangement with a GBE under section 20.

Duration

2.129 Requests to conduct engagements by arrangement may be for a specified time period or on an ongoing basis. The Auditor-General’s approval will cover the duration of the engagement as specified in the recommendation. If an approval is limited to a specific time period, an extension will require further approval from the Auditor-General.

Preconditions and acceptance and continuance

2.130 The preconditions for the engagement are specified in:

1. ASA 210 for an audit of historical financial information;
2. ASRE 2410 for a review of a financial report where the ANAO is also the auditor of the annual financial reports; and
3. ASAE 3000 for assurance engagements other than audits or reviews of historical financial information. For performance audits, this is complemented by ASAE 3500.

2.131 Where information is obtained on an existing engagement that would have caused the GED to recommend declining the engagement, the following procedures should be undertaken:

1. consider whether there is a professional, legal or regulatory requirement for the ANAO to continue the engagement, or public interest considerations;
2. discuss with the appropriate level of the entity’s management and those charged with governance the appropriate action that the ANAO might take based on the relevant facts and circumstances; and
3. document significant matters, consultations, conclusions and the basis for the conclusions.

Reporting powers

2.132 The Auditor-General has powers in sections 25 and 26 of the A-G Act to provide extra reports to responsible Ministers and the Parliament.

Responding to audit requests

Guidance

2.135 From time-to-time, the Auditor-General receives an external request to examine a matter related to public administration. Such requests commonly originate from parliamentary committees, individual parliamentarians or community groups.

2.136 The available options for responding to a request for a performance audit are:

1. agree to undertake an audit of the matter(s) outlined in the request (objectives and scope of the audit should be expressed consistent with the ANAO’s mandate and policies, which may mean that the objectives and scope are different from that requested);
2. agree to take the request into account in the conduct of an audit in progress or a planned audit;
3. conduct an assurance review of the matters covered by the request. Such reviews can provide limited or reasonable assurance and do not constitute an audit;
4. agree to inquire into the matters and respond by correspondence;
5. agree to take the request into account in future planning for the ANAO’s work program; or
6. take no further action.

2.137 Responses to audit requests from members and senators of Parliament are signed by the Auditor-General and published on the ANAO Website - Requests for Audits.

2.138 Where it is intended to proceed to the conduct of an audit or a review, the response should outline the proposed focus of the audit or review (the formal objectives will generally be determined at the time a plan is prepared and approved) and clearly indicate any matters raised in the original request that will not be within the scope of the proposed audit or review.

Audit delegations and authorisations

Background

2.139 Section 29 of the A-G Act allows the Auditor-General to delegate by written instrument the Auditor-General functions and powers.

Guidance

2.142 The A-G Act and other legislation specify the Auditor-General’s functions and powers.

2.143 Section 29 of the A-G Act allows the Auditor-General to delegate, by written instrument, these functions and powers to an official of a non-corporate Commonwealth entity, who must comply with any directions the Auditor-General gives.

2.144 The Auditor-General has delegated some of his functions and powers. They have also given authorisations about their powers to direct staff about the performance of an Auditor-General function and to the access of premises and documents etc.

2.145 An official of a non-corporate Commonwealth entity, as defined in the PGPA Act, means an individual who is in, or forms part of, the entity. Section 38(3) of the A-G Act lists the following persons as officials of the Audit Office: the Auditor-General; the staff referred to in section 40; and persons engaged under contract as referred to in section 27.

2.146 The delegations made and authorisations given can be found on MyANAO. Responsibility for maintaining the currency of delegations and authorisations on MyANAO rests with CMG, while responsibility for advising when the delegations and authorisations need to be updated rests with FSASG and PASG respectively.

Nature of delegations and authorisations

2.147 There is a difference in law between exercising a function as a delegate rather than under authorisation. A delegate exercises a function in their own right, whereas a person authorised to perform a function does so for and on behalf of the person to whom the function belongs. This distinction has some implications.

1. Subject to any directions accompanying the delegation, the delegate is given autonomy in performing the function, whereas the person acting for and on behalf of the Auditor-General must perform the function in the way the Auditor-General would, which implies consultation with the Auditor-General.
2. It is appropriate for the person exercising the function to indicate the capacity in which they sign. A delegate states they sign as ‘delegate of the Auditor-General’; a person authorised to perform the functions signs ‘for and on behalf of the Auditor-General’.

2.148 The delegation of a function or power does not prevent the Auditor-General exercising the function or power personally. General guidance on delegations and authorisations can be found in Australian Government Solicitor Legal Briefing - Delegations, authorisations and the Carltona principle.

Audit delegations specific to ANAO personnel

2.149 The Auditor-General’s audit delegations (under the A-G Act unless otherwise indicated) to specified ANAO personnel are listed below and can be found here: Delegations and Authorisations.

• Section 11 - conduct and sign reports for audits of annual financial statements of Commonwealth entities, Commonwealth companies and subsidiaries.
• Section 15 – Conduct and sign reports for audits of annual performance statements of Commonwealth entities agreed to by the Auditor-General.
• Subsection 20(1) – Conduct and sign reports for arrangements agreed to by the Auditor-General to audit financial statements of a person or body; conduct a performance audit of the person or body; or provide services to the person or body that are of a kind commonly performed by auditors.
• Section 22 – all powers and functions of the Auditor-General under s313 of the Bankruptcy Act 1965 and all powers and functions to conduct and sign financial statements audit reports under any other Commonwealth Act.
• Section 27 – Engaging any person under contract to help in the performance of any Auditor-General Function.

2.150 These delegations are made subject to the general conditions that in ‘exercising any power or function, a delegate must have due regard to ANAO and Services Group policies and procedures’.

Delegations and the Corporations Act

2.151 Section 1281 of the Corporations Act deems the Auditor-General to be taken to be registered as a company auditor under the Act. Subsection 1281(2) also deems a person to whom the Auditor-General delegates the function of conducting an audit or the power to conduct an audit, to be taken to be registered as a company auditor for the purposes of applying Chapter 2M to the audit. It is important to note that subsection 1281(2) is limited to Chapter 2M of the Corporations Act, and as such, for any audits performed outside of Chapter 2M (e.g. Chapter 7 audits of Regulated Funds and AFSL audits) only the Auditor-General is taken to be registered as auditor.

Appointment and resignation as auditor under the Corporations Act

Background

2.152 The appointment and resignation of auditors for companies is governed by Division 6 of Part 2M.4 of the Corporations Act.

2.153 The directors of a public company must appoint an auditor within one month after the day the company is registered, unless an auditor was appointed at a general meeting (section 327A).

2.154 The directors of a proprietary company may appoint an auditor for the company if an auditor has not been appointed by the company in a general meeting (section 325).

2.155 A company must not appoint an auditor unless the auditor has consented to appointment by written notice to the company, or the directors of the company, before the appointment is made (section 328A).

Guidance

The Auditor-General must accept and resign appointment

2.160 Proforma letters for the request to appoint (to be sent by the company) and for the Auditor-General’s consent to act are available in TeamStore.

Conditions for resignation

2.161 The Auditor-General may act as an auditor under the Corporations Act only while the audit is within the Auditor-General’s mandate. If the Auditor-General were to operate outside his/her mandate, the indemnity provided by section 55 of the A-G Act would not operate.

2.162 An audit may come to fall outside the Auditor-General’s mandate for many reasons, such as the Commonwealth selling the company to a private investor.

2.163 Should it appear not to be possible for the Auditor-General to resign as company auditor at the time of loss of mandate, legal advice may be needed to protect the indemnity under section 55 and the Engagement Executive should consult with ANAO Legal Services.

Processes for resignation

2.164 Subdivision B of Division 6 of Part 2M.4, of the Corporations Act, deals with removal and resignation of company auditors. Some provisions differ according to whether the company is a public or proprietary company. Sections 329(5) to (9) are especially relevant.

2.165 ASIC publishes Regulatory Guides (RGs) and other information relevant to the appointment and resignation of company auditors. RG 26 Resignation of auditors should be referred to.

2.166 Matters dealt with in legislation or in the RG include:

1. the auditor stating reasons for resigning;
2. the consent of ASIC to resignation;
3. the date of effect of resignation, including at other than the company’s annual general meeting;
4. the use of prescribed forms; and
5. fees.

2.167 ASIC consent is not required for an auditor to resign from a proprietary company unless it holds an Australian Financial Services licence. For a proprietary company that does not hold such a licence, the auditor can resign by giving the company a notice of resignation. The company is then required to lodge a Form 315 Notification of resignation, removal or cessation of auditor (available from ASIC’s website) within 14 days after receiving the notice of resignation from the auditor.

Authority to charge fees

Guidance

2.171 The ANAO may charge a fee for work that it is required to do by law only when the law expressly provides for a fee to be charged or it is implied necessarily that a fee may be charged.

Fee charging under the Auditor-General Act

2.172 Section 14(1) of the A-G Act provides that:

A person or body (other than a non-corporate Commonwealth entity) whose annual financial statements are audited as mentioned in section 11 of the A-G Act; or subsection 30(3) of the Governance of Australian Government Superannuation Schemes Act 2011; is liable to pay audit fees for the audit, based on a scale of fees determined by the Auditor-General.¹⁴

2.173 Section 14 provides authority for the ANAO to charge audit fees for auditing the financial statements of corporate Commonwealth entities and their subsidiaries and Commonwealth companies and their subsidiaries consistent with the PGPA Act.

2.174 There is no authority under the A-G Act for the ANAO to charge fees for performance auditing or for auditing the financial statements of: non-corporate Commonwealth entities; or a corporate Commonwealth entity that was an Agency under the Financial Management and Accountability Act 1997 as at 30 June 2014, consistent with the Public Governance, Performance and Accountability (Consequential and Transitional Provisions) Act 2014 Schedule 4, Part 2 section 57(2). However, there are a small number of Commonwealth entities which are audited under their own legislation rather than consistent with the PGPA Act. The authority to charge a fee for the audit of their financial statements rests with their particular legislation (see below).

2.175 Section 16(1) of the A-G Act provides authority for the ANAO to charge audit fees for annual performance statement audits of corporate Commonwealth entities consistent with the PGPA Act.

2.176 Subsection 20(1) of the A-G Act also provides for the ANAO to enter into audits or other services by arrangement. Fees may be charged in these cases.¹⁵ Refer to the policy on Audits and Audit Related Services by Arrangement, which notes that audits by arrangement are not Budget-funded and require the recovery of costs to be considered when entering into these arrangements.

Fee charging in other circumstances

2.177 There are some audits undertaken by the ANAO under legislation other than the PGPA Act.

ANAO annual work program

Guidance

3.3 The Annual Audit Work Program is published annually in July and presents information on financial statement audits, performance statements audits, performance audits in progress, a rolling program of potential performance audits and assurance engagements for each government portfolio.¹⁶ The performance audit program also includes cross-entity and whole-of-system performance audits that involve some entities.

3.4 The ANAO’s Annual Audit Work Program is accessible on the ANAO’s website.

3.5 Information that can be useful to collect during an audit for strategic planning purposes includes:

1. entity corporate documents such as Corporate Plans, Risk Management Plans, Internal Audit Programs, audit committee papers, annual reports and other publicly available reports;
2. Joint Committee of Public Accounts and Audit and other parliamentary committee reports;
3. Hansards, including of parliamentary debates, question time, parliamentary committee inquiries and Senate Estimates hearings;
4. media reports, ministerial statements and entity press releases, newspaper and journal articles;
5. external stakeholders, such as relevant peak bodies’ policy submissions; and
6. Budget papers, including Portfolio Budget Statements.

3.6 Other sources of information include meetings with entities, between Service Groups and with the ANAO Executive.

Governance and leadership responsibilities for quality

Background

4.1 Consistent with ASQM 1 and ASA 220, the ANAO has established a system of quality management that promotes an internal culture that is committed to quality based on the recognition that quality in the delivery of the ANAO’s audit services is critical in supporting the integrity of our audit reports and maintaining the confidence of the Parliament and public sector entities.

Guidance

4.14 The Auditor-General assigns responsibility for quality of audit delivery to the FSASG GED, PASG GEDs, PSASG GED and SADA GED. To meet this responsibility FSASG, PASG, PSASG and SADA need to manage their audits and business so that all FSASG, PASG, PSASG and SADA staff appreciate that:

1. all team members are expected to maintain a high level of quality in all assigned tasks;
2. quality will not be compromised by budgetary or timing considerations on assignments;
3. ANAO policies need to be consistently followed by all team members;
4. team members’ annual performance reviews consider performance against the ANAO Capability Framework which includes the capabilities off Trusted Expertise and Rigorous Analysis and Sound Judgement that demonstrate commitments to quality (including training);
5. training, and attendance at appropriate training, is recognised as a key component to ensuring quality is maintained; and
6. sufficient resources will be devoted for the support and execution of quality management policies and procedures.

Promoting an internal culture committed to quality

4.15 The ANAO’s culture is an important factor in influencing the behaviour of personnel. Relevant ethical requirements ordinarily establish the principles of professional ethics, and are further addressed in the relevant ethical requirements component of ASQM 1 and chapter 5 of the ANAO Audit Manual. Professional values and attitudes include:

1. Professional manner, for example, timeliness, courteousness, respect, accountability, responsiveness and dependability;
2. A commitment to teamwork;
3. Maintaining an open mind to new ideas or different perspectives in the professional environment;
4. Pursuit of excellence;
5. A commitment to continual improvement (e.g., setting expectations beyond the minimum requirements and placing a focus on continual learning, including learning from findings raised through the Quality Assurance Review Program¹⁸); and
6. Social responsibility.

4.16 The ANAO’s leadership establishes tone at the top through their actions and behaviour. Additionally, clear, consistent and frequent actions and communications at all levels within the ANAO collectively contribute to the ANAO’s culture and demonstrates a commitment to quality. The importance of quality is communicated regularly through ANAO town hall meetings, the Auditor-General’s monthly messages, service group all staff meetings and technical updates. The responsibility of all ANAO staff for quality is recognised and reinforced by the incorporation of consideration of audit quality into individual performance agreements, discussion and assessment.

4.17 The ANAO’s strategic decision-making process, including the establishment of a corporate strategy, and its financial and operational priorities may directly or indirectly affect its commitment to quality. Additionally, the ANAO’s leadership seeks to ensure that resources are obtained, allocated and assigned in a manner that is consistent with their commitment to quality. This includes:

1. Allocating resources that are prioritised by the nature and circumstances of the audit, including the engagement risk rating and need for experienced audit staff; and
2. an assignment of a volume of work to Engagement Executives and Audit Managers which will not adversely affect the quality of work performed.

4.18 The ANAO Academy supports the ANAO Workforce Plan 2022–25. The ANAO Workforce Plan outlines how the ANAO will attract, develop and retain the capability of its workforce, to ensure that it is suitably skilled to deliver on its purpose to Parliament. It includes a considered and comprehensive approach to professional development. The ANAO Academy is the ANAO’s hub for professional learning, bringing together high-quality systems, programs and tools for an integrated learning experience.

Professional ethical and independence requirements

Background

5.1 The ANAO Auditing Standards incorporate ASQM1¹⁹ and ASA 102.²⁰ ASQM 1 requires the ANAO to establish policies and procedures designed to provide reasonable assurance that the ANAO and its personnel fulfil responsibilities in accordance with relevant ethical requirements, including those related to independence. Relevant ethical requirements is defined in ASA 102 paragraph 5(e) and includes the applicable requirements of APES 110 Code of Ethics for Professional Accountants (including Independence Standards) issued by the APESB, the applicable provisions of the Corporations Act 2001²¹ and other applicable law or regulation.

5.2 The application of ASQM 1 in the context of the ANAO is that the ANAO is a ‘firm’ that performs audits and reviews of financial statements and other historical financial information and other assurance engagements. The requirements of ASQM 1 are firm-wide and all ANAO audit staff and contractors are required to comply with the relevant ethical requirements. ASA 102 applies to the ANAO as an office and applies to an audit or review of a financial report or complete set of financial statements, an audit or review of other information and other assurance engagements. ASAE 3000, ASAE 3100 and ASAE 3500 also require compliance with relevant ethical requirements set out in ASA 102.

5.3 The Auditor-General is an independent officer of the Parliament. As an independent officer of the Parliament and subject to the law, the Auditor-General has complete discretion in the performance or exercise of the functions or powers. In exercising the mandated and discretionary functions and powers, the Auditor-General is not subject to direction from anyone in relation to:

1. whether a particular audit is to be conducted;
2. the way a particular audit is to be conducted; or
3. the priority to be given to any particular matter.²²

The Auditor-General Act 1997 includes provisions defining the scope of an Auditor-General’s mandate, the appointment and removal of an Auditor-General and the performance of his or her responsibilities.

Guidance

5.24 Refer to the ANAO Internal Application Guidance document for further guidance on the application of the requirements set in this policy and APES 110.

5.25 The fundamental principles of professional ethics in APES 110 are:

1. integrity;
2. objectivity;
3. professional competence and due care;
4. confidentiality; and
5. professional behaviour.

The concept of Independence is fundamental to compliance with the principles of integrity and objectivity.

5.26 It is also important to note that the ANAO, on occasion, may impose requirements that go beyond the requirements of APES 110; for example, the ANAO may take a stricter line on the provision of other services by audit contractors to an ANAO auditee on which the contractor is engaged or to the requirements regarding employment with an auditee. Refer to Provision of other services by ANAO contractors to ANAO auditees for policy requirements, beginning at paragraph 5.37 below.

5.27 Part 4A of APES 110 sets out the independence requirements applicable to audit and review engagements related to historical financial information, which typically covers the audits and other assurance engagements undertaken by FSASG. Part 4B of APES 110 sets out the independence requirements for assurance engagements that are not audits and review engagements of historical financial information, which includes performance audits, performance statements audits and other assurance engagements.

5.28 In the ANAO context, threats to independence are more likely to arise through employment and personal relationships, through familiarity with ANAO auditees and its employees and sometimes through financial and business or commercial relationships. ANAO staff should refer to the following APES 110 requirements when considering threats to independence:

5.29 The ethical requirements of APES 110 apply in addition to the ethical requirements that apply to ANAO staff as members of the Office and as Commonwealth public servants. ANAO staff are bound by the ANAO Values and Behaviours and the Australian Public Service (APS) Values and Code of Conduct made under the Public Service Act 1999. ANAO staff are also bound by the General Duties of Officials under Chapter 2, Part 2-2, Division 3 of the PGPA Act.

5.30 In addition to the requirements of this policy, ANAO Senior Executives and others determined by the Auditor-General to have similar decision-making responsibilities, including staff with financial statement audit delegations, are required to comply with the ANAO’s Declaration of Personal Interests Policy.³²

5.31 Where a conflict arises, the Auditor-General Act 1997 takes precedence and a departure from a provision of APES 110 may be necessary to enable the Auditor-General to perform mandated functions. A departure from the independence requirements of APES 110 may impact the assertions which the ANAO make of compliance with the independence requirements of the ANAO Auditing Standards.

5.32 The policy on rotation of key audit persons in paragraphs 5.15and 5.16 does not apply where it conflicts with the Auditor-General’s mandate. Accordingly, it does not apply to the Auditor-General (a statutory 10-year appointment) or, in respect of the audit of the Commonwealth’s Consolidated Financial Statements (CFS), it cannot be applied to the Engagement Executives in FSASG as a group. It is, however, a requirement to rotate the individual Engagement Executives for the audit of CFS and other financial statements audits, except where the Auditor-General or Deputy Auditor-General determines that an exception to the policy is needed to enable the performance of the Auditor-General’s responsibilities. The rotation policy is not intended to prevent the FSASG GED from participating in the Qualifications and Technical Advisory Committee (QTAC) or from acting as a “sounding board” or formal consultation point for any audit.

5.33 An individual’s “time on” period resets to zero only once they have completed the required “cooling off” period, which must be continuous: shorter gaps in service do not affect the “time on” counter. The specified lengths of the “time on” and “cooling off” periods depend on the type of entity being audited, and the role(s) undertaken by the individual during their “time on” period.

5.34 Audits conducted under legislation other than the PGPA Act may be subject to independence requirements particular to that legislation, such as those conducted under the Corporations Act 2001 or Superannuation legislation. Auditors should be familiar with and ensure they comply with those requirements.

5.35 In respect of companies incorporated under the Corporations Act 2001, section 307C(1) requires the auditors of financial reports to provide an Independence Declaration to the Directors of the company. Guidance on this requirement including the declarations made, the timing of the issue of the declaration and a proforma declaration is available in TeamStore and the ANAO contractor extranet page.

5.36 Legal advice may be necessary if situations arise where the requirements of the Corporations Act 2001 or other specific legislation appear to conflict with the Auditor-General’s mandate.

Provision of other services by ANAO contractors to ANAO auditees

5.37 This policy applies to individuals or firms contracted by the ANAO to provide external audit services as an in-house contractor or undertake a contract out audit. It applies when a potential ANAO audit contractor tenders for an ANAO audit, and also when an existing ANAO audit contractor wishes to provide other services to an ANAO auditee.

5.38 ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements requires compliance with relevant ethical requirements when performing audits, reviews and other assurance engagements, which is defined and includes APES 110 Code of Ethics for Professional Accountants (including Independence Standards).

5.39 APES 110 applies to all ANAO engagements except to the extent, if any, of a conflict between APES 110 and legislative requirements.

5.40 ANAO engagements may be subject to independence requirements in legislation (e.g. the Corporations Act has requirements in addition to mandating compliance with APES 110). Compliance with APES 110 is not a substitute for compliance with legislation, and the audit teams should refer to such legislation to determine any further obligations.

5.41 An important part of independence requirements involves consideration of the provision by an auditor of other services to an auditee.³³ While the ANAO itself does not provide other non- assurance services to its auditees, firms or individuals contracting to the ANAO may seek to do so.

Guidance

5.59 As part of the tender process for prospective contractors, the contractor is required to declare any conflicts of interest and any other services that they are providing to auditees. The tender evaluation team is responsible for evaluating whether conflicts of interest and any other services create threats to independence that cannot be safeguarded against and the prospective contractor should not be awarded the contract. Consultation with PSG may be necessary in the evaluation process to ensure that the ANAO independence policies and requirements of APES 110 are considered.

Approach

5.60 APES 110 categorises threats to independence and the following factors should be considered in the evaluation of actual, potential and perceived threats to independence arising from the provision of other services:

1. self-interest threat – the threat that a financial or other interest will inappropriately influence the audit contractors’ judgement or behaviour;
2. self-review threat – the threat that audit contractors will not appropriately evaluate the results of a previous judgement made, or activity performed by the audit contractors or another individual within the firm or employing organisation, on which the audit contractors will rely when forming a judgement as part of the ANAO audit;
3. advocacy threat – the threat that audit contractors will promote an auditee’s or employer’s position to the point that the audit contractors objectivity is compromised;
4. familiarity threat – the threat that due to a long or close relationship with an auditee, audit contractors will be too sympathetic to their interests or too accepting of their work; and
5. intimidation threat – the threat that audit contractors will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the audit contractors.

Non-assurance services considered in APES 110

5.61 APES 110 considers the provision of non-assurance services to auditees in the following types:

1. management responsibilities;
2. accounting and bookkeeping services;
3. administrative services;
4. valuation services;
5. taxation services;
6. internal audit services;
7. information technology (IT) systems services;
8. litigation support services;
9. legal services;
10. recruiting services; and
11. corporate finance services.

Non-assurance services prohibited by APES 110

5.62 There are some non-assurance services identified in APES 110 that shall not be provided as the threats created would be so significant that no safeguards could reduce the threats to an acceptable level. APES 110 prohibits a firm or network firm from providing the following services to any auditee:

1. assuming a management responsibility;
2. valuation services if the valuation involves a significant degree of subjectivity and will have a material effect on the financial statements;
3. tax planning and other tax advisory services advice where the effectiveness of the advice depends on a particular accounting treatment or presentation in the financial statements and:
   
   1. the audit team has reasonable doubt over the appropriateness of the accounting treatment or presentation; and
   2. the outcome or consequences of the tax advice will have a material effect on the financial statements.
4. a taxation service involving acting as an advocate for the auditee before a public tribunal or court in the resolution of a tax matter and the amounts involved are material to the financial statements;
5. acting in an advocacy role for an auditee in resolving a dispute or litigation when the amounts involved are material to the financial statements;
6. IT systems services involving the design or implementation of IT systems that (a) form a significant part of the internal controls over financial reporting, or (b) generate information that is significant to the auditee’s accounting records or financial statements, unless appropriate policies and procedures are in place to ensure that the client retains management responsibility;
7. the appointment of a Partner or an employee of the firm or network firm as General Counsel for the legal affairs of an auditee;
8. corporate financial services that involve promoting, dealing in, or underwriting the auditee’s shares;
9. corporate finance advice where the effectiveness of that advice depends on a particular accounting treatment or presentation in the financial statements and:
   
   1. the audit team has reasonable doubt over the appropriateness of the accounting treatment or presentation; and
   2. the outcome or consequences of the tax advice will have a material effect on the financial statements; and
10. the following recruiting services with respect to a Director or Officer in the auditee or senior management in a position to exert significant influence over the preparation of the accounting records or the financial statements:
    
    1. searching for or seeking out candidates; and
    2. undertaking reference checks of prospective candidates.

5.63 For auditees that are public interest entities (PIEs), in addition to those listed above, the following services should not be provided:

1. valuation services that would have a material effect, separately or in aggregate, on the financial statements;
2. internal audit services that (a) would be a significant part of the internal controls over financial reporting; (b) financial accounting systems that generate information that is, individually or in the aggregate, material to the auditee’s accounting records or financial statements on which the auditee will express an opinion; or (c) amounts or disclosures that are, individually or in the aggregate, material to the financial statements on which the auditee will express an opinion;
3. preparation of tax calculations of current and deferred tax liabilities (as assets) for the purpose of preparing accounting entries that are material to the financial statements; and
4. IT systems services involving the design or implementation of IT statements that (a) form a significant part of the internal controls over financial reporting or (b) generate information that is significant to the auditee’s accounting records or financial statements.

Other services

5.64 For services other than those prohibited by APES 110 or ANAO policy, the threat created by the provision of another service may be able to be reduced to an acceptable level by applying safeguards including:

1. arranging for other services to be performed by an individual who is not a member of the audit team; and
2. if such services are performed by a member of the audit team, using a partner or senior staff member with appropriate expertise who is not a member of the audit team to review the work performed.

5.65 APES 110 provide examples of safeguards that may eliminate or reduce threats to an acceptable level, such as:

1. using different partners and engagement teams with separate reporting lines for the provision of non-assurance services to the ANAO auditee;
2. discussing ethical issues with those charged with governance, such as the audit committee;
3. disclosing to those charged with governance, such as the audit committee, the nature of services provided and extent of fees charged;
4. rotating senior assurance team personnel;
5. the ANAO auditee implementing internal procedures that ensure objective choices in commissioning non-assurance engagements; and
6. the ANAO auditee’s corporate governance structure that provides appropriate oversight and communications regarding the contractor’s services.

5.66 In addition to the examples in APES 110 Part 4A, ANAO auditors should consider the threat posed and appropriate safeguards where a contractor provides services relating to fundamental aspects of the entity’s business and strategic planning, including information technology and the provision of services, such as actuarial evaluations.

5.67 While taxation advice of a strategic or tax planning nature is not permitted by ANAO policy, tax services of a compliance nature are not automatically excluded.

5.68 Dialogue regarding the application of accounting standards or policies that does not constitute advice is a normal part of the audit process and does not generally create threats to independence.

Fee considerations

5.69 The ANAO needs to consider the perception of independence where the proposed value of other services performed and requested to be performed by the contractor exceeds the value of the ANAO contract. The objectivity of the contractor may be impaired if they are dependent on the auditee for other services income as concern about losing the other services can create a self-interest or intimidation threat, particularly when that income is greater than the value of the ANAO audit contract.

5.70 A significant threat to contractor independence may arise where, over the period of a proposed or existing ANAO contract, the value of other services provided or to be provided by the ANAO contractor to the ANAO auditee would exceed the value of the ANAO contract to the contractor.

5.71 The fees for proposed or existing other services are required to be included in the recommendation to the PSG GED for approval to allow the PSG GED to consider the threats arising from fee parity. Fee parity is considered over the life of the audit contract. This may allow some flexibility to approve ‘one-off’ other services that exceed the audit fee in a single year, provided that the value of the total contract is not exceeded.

5.72 If the fee for other services is a contingent fee, this may create a self-interest threat that APES 110 requires to be evaluated and safeguards applied to eliminate the threat or reduce it to an acceptable level (refer to APES 110 paragraphs 330.4 A2 to 330.4 A4 for further guidance on contingent fees).

Network firms

5.73 Network firms are required to be independent of the contractor’s auditee. A Network is defined in APES 110 as ‘a larger structure that is aimed at co-operation; and that is clearly aimed at profit or cost sharing or shares common ownership, control or management, common quality management policies and procedures, common business strategy, the use of a common brand-name, or a significant part of professional resources.’

5.74 Requests to provide other services by ANAO contractors should include relevant information in respect of their network firms.

Human resources - Assignment of engagement teams and individuals who perform activities within the system of quality management

Background

6.1 Under ASA 220, ASQM 1 and ASAE 3500, the ANAO is required to have policies and procedures to assign appropriate personnel to assurance engagements to enable the ANAO to issue reports that are appropriate in the circumstances. ASQM 1 also includes an objective to ensure that individuals are assigned to perform activities within the system of quality management who have appropriate competence and capabilities, including sufficient time, to perform such activities, that include individuals within PSG and CMG.

Guidance

Assignment of engagement teams

6.7 Each service group Practice Management Unit in consultation with relevant SES or resourcing committees or staff follows allocation processes to ensure:

1. that personnel are matched to audits that meet their capabilities and capacity;
2. the most efficient use of capability across the service group.
3. a balance between continuity across audits or portfolios and rotation aimed to reduce familiarity threats and to allow for learning and development opportunities and variety for staff.

6.8 When allocating personnel to engagements with the potential to uncover challenging content, the HR Team should be consulted to arrange additional support for audit team members.

Engaging SADA

6.9 The extent of SADA involvement in any audit engagement can vary significantly. Therefore, engagement with SADA is a highly consultative process. Audit Managers and SADA Managers need to consult with each other during both the planning and execution phases of the audit.

6.10 The Engagement Executive and Audit Manager should assess the following factors when determining whether to engage SADA:

1. the client has a moderate or high complexity IT environment;
2. audit procedures over IT General controls or applications are required to get sufficient appropriate evidence, or in the most efficient manner;
3. possible risks arise from information that is processed using significant processing systems;
4. the audit identified for the current period or for prior periods that it may not be possible or practicable to get sufficient appropriate evidence from substantive procedures alone;
5. the audit team is planning to rely on system-generated reports to complete audit testing; and
6. the client has undertaken, or is planning to undertake, a major change to the IT environment.

Managing and Responding to Threats

6.11 Staff who receive threats of self-harm or suicide from a person, threats to others or threats to property either during the course of an engagement or outside the course of an engagement should consult their supervisor. Advice and support should also be sought from the appropriate CMG team.

Assignment of individuals who perform activities within the system of quality management

6.12 Activities within the system of quality management are assigned to individuals in all business groups of the ANAO, including PSG and CMG, such as:

1. People services, including supporting recruitment, workforce planning, learning and development and performance management;
2. Information services, ensuring that appropriate technological resources are developed, implemented and maintained to enable the ANAO Quality Management Framework and performance of engagements;
3. Practice management, supporting the processes and procedures that implement the ANAO audit manual policies and identification of need for contracted resources;
4. PSG activities including audit methodology support, technical training, technical accounting, audit or legal advice, monitoring activities and development of audit policies.

Continuing professional development

Background

6.13 In accordance with ASQM 1, the ANAO Quality Management Framework includes quality objectives related to the recruitment, development and retention of personnel who demonstrate a commitment to quality through their actions and behaviours and through developing and maintaining the appropriate competence to perform their roles.

Guidance

6.16 Competence is developed through a variety of methods such as continuing professional development, including training. Continuing professional development is an essential means of staff maintaining their knowledge and capabilities.

6.17 Technical training can be in the form of formal presentations, such as technical updates, conferences, e-learning or time spent in preparation of presentations of technical training. Typically, Continuing Professional Development (CPD) hours for the preparation of technical training equals three hours per one hour of presented material, e.g. a two hour presentation equals six hours of eligible preparation CPD hours. Table 1 outlines activities that are recognised as qualifying professional development activities (adapted from CAANZ Regulations). This can be used by all staff as a guide for professional development activities that are acceptable under ANAO policy, provided they relate directly to relevant auditing, accounting or Australian Government legal frameworks.

Table 1 – Activities which will be recognised as qualifying for formal Training and Development include the following:

As a guide, formal CPD would normally include the following activities:

Technological resources – Use of TeamMate

Background

6.18 The respective FSASG, PSASG and PASG TeamMate library files are the ANAO audit methodology for financial statements, performance statements and performance audits. The FSASG and PSASG TeamMate library files are released annually and contain mandatory procedures addressing auditing standards requirements and ANAO Audit Manual policy. The PASG TeamMate library file is released as required and contains mandatory procedures addressing performance assurance standards requirements and ANAO Audit Manual policy.

6.19 The use of TeamMate and the library file is a vital element in assuring the responsible GEDs and the ANAO Executive that the ANAO’s audits comply with the ANAO Auditing Standards, ANAO Audit Manual policies, and other requirements while also promoting consistency in the quality of engagement performance.

Guidance

6.26 The ‘Guidance’ in each procedure summary is not mandatory but is intended to help in the completion of mandatory steps.

6.27 The TeamMate library file is not intended to include all ANAO Audit Manual – FSASG, PSASG or PASG Specific policy requirements in the procedure summaries. However, where they are included, they are identified by reference to the specific policy.

6.28 The TeamMate library file can be adapted for use on other assurance engagements, considering the applicable ANAO Auditing Standards and ANAO Audit Manual policy.

6.29 In some cases, the ANAO conducts an audit or assurance engagement for an auditee in addition to the financial statements audit, such as an audit of reports prepared consistent with special purpose frameworks or single financial statements (grant acquittals). It is expected that a separate file is created for these additional engagements due to:

1. the difference in timing of the engagements and the impact on finalising each audit file as required by ANAO Audit Manual - Shared Content, paragraph 9.11to 9.14;
2. the difference in audit approach, including setting of materiality parameters; and
3. the different levels of sufficient and appropriate audit evidence required for each engagement.

6.30 Where documentation from the financial statements audit file is relevant to the additional engagement(s), it is acceptable for the same audit team to cross reference documentation of work performed in the financial statements audit file on the basis there has been appropriate review of the work for the purposes of the additional engagement.

6.31 The scope of performance audits may change significantly during the audit due to amendments to the audit criteria, the addition or removal of audited entities or other events. Performance audit teams should consider the impact in the change of scope to audit procedures and templates already completed in the TeamMate file. For example, a change in criteria approved by the Auditor-General may mean that the Audit Test Plan is no longer complete or may require additional involvement by SADA specialists requiring an update to the SADA engagement procedures. Depending upon the nature of the change in scope, performance audit teams may consider directly updating the affected parts of the TeamMate file or alternatively preparing an overarching working paper summarising the necessary changes to the previously completed aspects of the audit.

6.32 The Auditor-General may decide to divide a performance audit into parts that report separately, creating multiple performance audits. Performance audit engagement teams may consider requesting approval from the responsible GED to allow both audits to be completed in a single TeamMate file. This approach may promote efficient audit documentation by avoiding the need to repeat documentation of procedures that are common to both audits, however where the multiple performance audits will not be tabled in the Parliament at the same time, the audit team should consider whether this approach will prevent compliance with the archiving requirements.

6.33 The audit team should ensure that procedure summaries and templates contained in the rolled over TeamMate library file meet the requirements of the current audit cycle’s TeamMate library file.

Technological resources – Use of detailed electronic auditee data and data analytics solutions

Background

6.34 Data analytics may provide a means of analysing large volumes of detailed data in a manner not easily achievable through manual procedures.

6.35 The use of detailed data in audit procedures may enhance the effectiveness and efficiency of audits. Other situations where the use of detailed data can be beneficial include when:

1. there are computations done by a system with high audit risk;
2. computations are done by a system that is known to be error prone;
3. computations are done by a newly implemented system;
4. data migration has occurred between legacy and new systems;
5. functionality of the systems includes extensive interfacing between systems;
6. it is necessary to examine how data is collected or used for monitoring, compliance or management reporting;
7. there are repetitive business processes;
8. more complex systems are in place;
9. there is a large volume of transactions/calculations; and
10. understanding and visualising complex data is critical to the audit.

6.36 Efficiency may be further enhanced by the use of a PSG approved ‘standardised solution’. A standardised solution is a data analytics solution that is designed for use on multiple audits, with limited SADA time required to apply it to an audit.

Guidance

Approval and quality assurance of standardised solutions

6.42 In some contexts, solutions developed by SADA will be expected to be used routinely in the conduct of multiple engagements (for example, risk assessment dashboards supporting financial statement audits) and on a more bespoke basis in other audits (for example, for performance audits). Some data analytics solutions may be developed for bespoke needs but then have applications that support the transition of the solution to a standardised solution.

6.43 Where a solution is expected to be used routinely, it is likely to be efficient for SADA to obtain PSG approval for that solution to be a standardised solution so that individual audit files do not need to include comprehensive documentation about the quality management processes over the solution.

6.44 PSG’s approval process would not seek to replicate SADA’s internal quality assurance processes but would provide an independent assessment of the appropriateness of those processes to demonstrate the integrity of the standardised solution and may consider (but are not limited to):

1. The sufficiency and appropriateness of SADA’s documentation of the operation of the standardised solution, including the evidence of appropriate internal SADA review and supervision and rectification of identified issues;
2. The appropriateness of any assurance or accounting assumptions (implicit or explicit) associated with the operation of the standardised solution (that is, are there relevant accounting or auditing issues that the standardised solution will fail to detect or alternatively may the standardised solution unreasonably identify false positives);
3. The extent to which the documented operation of the standardised solution may not be suitable for particular purposes for which it might be used (that is, are there assumptions or limitations in the standardised solution that prevents it from being appropriate for particular audit purposes); and
4. The extent to which ongoing development/monitoring will be required for the standardised solution.

Nature of data analytics procedures

6.45 When using a data analytics solution to obtain audit evidence, audit teams need to perform procedures to validate the reliability of the underlying information. See PwC Audit Guide 5107.4.2³⁷ for examples of report testing with and without ITGC reliance.

6.46 Data analytics may also be used to collect data for other ANAO objectives, such as collecting and analysing data to report on insights across the Commonwealth as part of the annual Interim Report on Key Financial Controls of Major Entities report.

Documentation requirements

6.47 The primary principle guiding documentation of audit procedures is that an experienced auditor should be able to understand the nature, timing and extent of the audit procedures performed. This principle applies to procedures performed using data analytics in the same way it does for other audit procedures.

6.48 Data analytics procedures should be designed such that they support the archiving of sufficient appropriate audit evidence with the audit file.

6.49 The ANAO Auditing Standards and ANAO Data Governance Framework do not require the auditor to retain all of the information used in selecting items to test, or to retain all datasets used in data analytics procedures on the audit file. However, they require the auditor to document the identifying characteristics of the specific items or matter tested. The guiding principle to determine the extent to which data should be retained is to ensure that the audit file includes enough details to enable obtaining the same dataset from the audited entity and the reperformance of the procedure.

6.50 Audit data analytics are often run in tools separate from the audit file. The audit team determines what inputs and outputs to evidence on the audit file. Sufficient appropriate audit evidence may include:

1. Variables and criteria input to data analytics solutions;
2. Screenshots of interactive data analytics relating to the test parameters; and
3. Evidence produced by data analytics specialists.

6.51 The documentation requirements may be achieved in each circumstance through a combination of:

1. The relevant required templates and documentation standards that apply to the related procedure category under the relevant policy manual;
2. To the extent not covered by (a) above, ANAO standard work papers developed specifically to document compliance with policies set out in this data analytics methodology; and/or
3. Workpapers developed by audit teams for individual audits.

6.52 Flowcharts and diagrams that aid the understanding of bespoke (i.e., not standardised) solutions used are to be rolled forward onto each audit file in years where the solution is run.

6.53 Audit documentation is also required to demonstrate the integrity of the operation of a solution. Where a standardised solution has been used, it is sufficient for the audit file to document that the solution used is a standardised solution.

Attending audit committee meetings

Guidance

7.8 Audit committees of Commonwealth entities and Commonwealth companies are an important element of an entity’s governance arrangements and are a key point of contact for the ANAO.

7.9 As an observer, the ANAO representative should speak to matters relating to the ANAO and provide such other help to the committee as required.

7.10 The ANAO attends audit committee meetings to:

1. meet our obligations under the auditing standards, including:
   
   1. about fraud in relation to an audit, formally raising for discussion the risk of fraud and material misstatement at one or more audit committee meetings and, where possible, have the minutes record the discussion (ASA 240 paragraphs 21-22);⁴¹ and
   2. communicating an overview of the planned scope and timing of the financial statement audit, via the Audit Strategy Document (ASA 260 paragraph 15);
2. communicate about how the ANAO’s system of quality management supports the consistent performance of quality audit engagements;⁴²
3. brief committees on entity-specific financial statements, performance statements and performance audit coverage and assurance reviews where applicable, as well as to make a ‘value-added’ contribution by bringing an APS-wide perspective obtained through our work across the public sector. The nature and extent of our interaction with committees needs to recognise the role that individual committees have in reviewing an entity’s financial and performance statements and recommending their signing by the entity’s accountable authority and any role that they have been requested by the accountable authority to have about individual performance audits;
4. contribute our knowledge and experience to the agenda of the meeting;
5. inform, and be informed, of any significant issues arising which have the potential to result in an untoward effect on the integrity of financial or performance reporting or administration of the entity; and, to the extent practicable, agree on steps to overcome such issues, or to minimise their effect;
6. encourage open discussion on issues affecting the performance of entities through the mature handling of information from the entity, considered as part of the audit of the entity;
7. advise the committee of the auditor’s responsibilities about the financial statements audit, performance statements audit and of any scheduled performance audits and their objectives;
8. enable an unrestricted, frank and confidential exchange (the audit committee members and the ANAO representative only should meet with independent members at least annually);
9. discuss the effectiveness of the internal controls structure and risk management;
10. present emerging accounting policy, accounting and auditing issues for consideration;
11. provide ongoing assurance on independence where sub-contract arrangements have changed; and
12. enable feedback on the effectiveness of communication and reporting between the ANAO and the committee.

7.11 The FSASG Engagement Executive usually attends the audit committee as the ANAO representative, however another senior officer may attend as a replacement where necessary. It is important that ANAO representatives read committee papers in advance of committee meetings and be prepared, to the extent practicable, to respond to questions and issues that arise from agenda items. This may require consultation with other areas of the ANAO before committee meetings. Where a question or issue is taken on notice, it is important that a response, through the committee Chair or committee secretariat, be provided in a timely manner. Where possible, the Chair should be advised, directly or via the committee secretariat, of ANAO attendance at each meeting.

7.12 In circumstances where a committee seeks to limit ANAO attendance at some or all committee meetings, a senior ANAO representative should discuss with the committee Chair the ANAO’s expectation that the ANAO will have a standing invitation to attend all meetings as an observer. Having a standing invitation at audit committee meetings is considered important so that the ANAO is aware of issues potentially impacting the entity’s control environment and to help in maintaining effective relationships with the committee.

7.13 The content of reports to audit committees will vary depending on the phase of the audit cycle. Examples of content are below.

1. Summary Corporate activity update prepared by PSG.
2. Status of financial statements audit activity within the entity.
3. Status of performance statements audit activity within the entity (as relevant).
4. Status of relevant performance or other audits in progress.
5. Any issues that will be reported to the Minister or Parliament, as they must be advised to the audit committee.
6. Non-trivial findings arising from the audit.
7. Depending on the timing of the audit committee meeting, provision and discussion of the draft closing report.
8. Advice on final reports to the Minister and Parliament.

7.14 Information included in a committee briefing should have been discussed or formally communicated to entity management. Committee briefings will be at a relatively high level and consistent with the periodic briefings provided to senior management of the entity. Where further detail is sought on a particular audit, such as cross-entity audits or audits that are sensitive, it may be appropriate to offer the committee a separate briefing from the responsible audit team so that the committee is aware of the potential exposure of the entity to any significant risks or issues.

7.15 It is a matter of good practice for the accountable authority to consider draft and proposed reports, the recommendations and the position it will take in responding. The Auditor-General has agreed that accountable authorities of entities may decide to disclose, on a confidential basis, draft and proposed reports provided under section 19 of the Act to their audit committees. This consent was given because audit committees have a key role in monitoring entity risks and the implementation of any changes proposed in audit reports. The ANAO advises those who receive draft and proposed reports to treat the material as confidential and the provision of proposed reports to an audit committee is made on the condition that the report will continue to be treated as confidential.

7.16 Most or all members of the audit committees of corporate Commonwealth entities will be members of the corporate Commonwealth entity’s Board, and these Board members will have an interest in reviewing a section 19 draft report given their overall responsibility for the operation of the entity.

7.17 The accountable authority of a corporate Commonwealth entity who is provided the section 19 report (generally the Chair of the Board) can disclose the contents of the report to other Board members,⁴³ while advising the accountable authority to restrict distribution of the report to those with a ‘need to know.’

7.18 It is important that when reports are finalised, audit committees are briefed about the conclusions and that the organisational implications are discussed.

Management and those charged with governance

Guidance

7.24 TCWG is defined as the person(s) or organisation(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting process. For some entities, those charged with governance may include management personnel; for example, executive members of a governance board of a corporate commonwealth entity.

7.25 Management is defined as the person(s) with executive responsibility for the conduct of the entity’s operations. For some entities, management includes some or all of those charged with governance; for example, executive members of a governance board.

7.26 For Commonwealth entities under the PGPA Act, the accountable authority is charged with governance. The accountable authority of a non-corporate Commonwealth entity is the Secretary of the Department or Parliamentary Department, or for a listed entity the person prescribed in the Act or the rules to be the accountable authority (refer to PGPA Act section 12(2)).⁴⁵ In the case of a corporate Commonwealth entity, the accountable authority is the governing body of the entity, usually a board of directors (however described), unless otherwise prescribed by an Act or the rules.

7.27 The concept of an accountable authority applies only to Commonwealth entities. In a Commonwealth company or a subsidiary company, the board of directors are TCWG.

7.28 In addition to departmental secretaries, members of the audit committees of Commonwealth entities, companies and subsidiaries are, in the absence of conflicting information, presumed to be persons charged with governance. Refer to PGPA Act 2013, section 45 Audit committee for Commonwealth entities and PGPA Rule 2014 section 17 Audit committee for Commonwealth entities for the legislative requirements of audit committees.

7.29 There may be other persons charged with governance within Commonwealth entities.

7.30 The auditing standards permit communication with a sub-group of TCWG where appropriate, and the intention of ASA 260 Communication with Those Charged with Governance is to cater for the wide variety of governance structures that exist throughout the world, including those applying in public sector entities. In deciding with whom to communicate, the auditor’s understanding of an entity’s governance structure and processes is relevant. The appropriate person(s) with whom to communicate may also vary depending on the matter to be communicated.

7.31 For corporate Commonwealth entities and Commonwealth companies, the audit committee is usually a subset of the board. Guidance in ASA 260 provides that while the specific authority and functions of audit committees may differ, communication with the audit committee, where one exists has become a key element in the auditor’s communication with those charged with governance (ASA 260 paragraph A7).

7.32 ANAO policy on matters to be communicated to TCWG and the timing of those communications are in paragraphs 7.19 to 7.23. This policy should be read in conjunction with the policy on Attending Audit Committee meetings.

Publication and communication of Audit Quality documents

Background

7.33 The ANAO’s Quality Management Framework (QMF) is the system of quality management for all assurance and related activities undertaken by the ANAO. The QMF provides assurance that:

1. the ANAO complies with the ANAO auditing standards, regulatory requirements and ANAO policies and procedures; and
2. reports issued by the ANAO are appropriate in the circumstances.

7.34 The ANAO Quality Management Framework and plan document demonstrates the processes, policies, and procedures that make up the ANAO system of quality management. The Quality management strategy and deliverables component of the document identifies the key activities that the ANAO conducts to provide the Auditor-General with confidence that the controls established within the Quality Management Framework are implemented and operating effectively.

7.35 The ANAO Audit Quality Report captures the ANAO evaluation of the implementation and operating effectiveness of the elements of the ANAO Quality Management Framework. The report outlines audit quality indicators measuring ANAO performance against target benchmarks and includes the achievement of the quality management strategy and deliverables set out in the Quality Management Framework and Plan.

Guidance

7.40 The ANAO is not required to communicate the Audit Quality Report to external parties under ANAO Auditing Standards, legislation or regulations. The ANAO chooses to publish the ANAO QMF and Plan and the Audit Quality Report on the ANAO website to demonstrate transparency over how the ANAO system of quality management supports the consistent performance of quality engagements. The achievement of the quality management strategy and deliverables is reported on externally to enhance accountability.

Communication with the ANAO Audit Committee

7.41 The Auditor-General has established an ANAO Audit Committee in compliance with section 45 of the PGPA Act and section 17 of the PGPA Rule – Audit committee for Commonwealth entities.

7.42 The ANAO Audit Committee’s role is to provide independent assurance to the Auditor-General on the ANAO’s financial and performance responsibilities, risk oversight and management, and system of internal control.

Guidance

7.44 The ANAO Audit Committee’s functions are set out in the ANAO Audit Committee Charter. The policy requirements in paragraph 7.44 above are in respect of its functions relating to providing assurance to the Auditor-General on audit quality. The ANAO may be required to communicate with respect to matters additional to those in paragraph 7.44 to support the ANAO Audit Committee in discharging its other functions.

Direction, supervision and review

Background

8.1 ASA 220 and ASQM 1 require policies and procedures for direction, supervision and performance and reviews of audit staff and work.

Guidance

8.5 Generally, the more experienced and senior the officer, the less supervision and direction is required.

8.6 Direction of the engagement team involves informing team members of:

1. their responsibilities, including the need to comply with relevant ethical requirements and exercise professional scepticism;
2. the responsibilities of the Engagement Executive, Signing Officer (SO) (if applicable) and Engagement Quality Reviewer (EQR) (if applicable);
3. the objectives of the work to be performed;
4. the nature of the entity’s business and associated risks, problems that may arise and the detailed approach to performance of the audit; and
5. relationship management techniques for ensuring a positive professional relationship with audited entities is maintained.

8.7 Supervision includes the following:⁴⁷

1. tracking the progress of the audit engagement;
2. consideration of the following with respect to members of the engagement team: whether they understand their instructions; and whether the work is being carried out in accordance with the planned approach to the engagement;
3. addressing significant matters arising during the audit engagement, considering their significance and modifying the audit plan accordingly; and
4. identifying matters for consultation or consideration by more experienced engagement team members during the engagement.

8.8 The ANAO Core Capability Framework provides guidance to auditors on the role of supervision for their level.

8.9 Review of work completed, by reference to the working papers and other documentation, is a fundamental part of the audit process. A review of work performed may include considering whether:

1. the work has been performed in accordance with the ANAO’s policies or procedures, the ANAO Auditing Standards and applicable legal and regulatory requirements;
2. significant matters have been raised with the Audit Manager or Engagement Executive for further consideration;
3. appropriate consultations have been undertaken and the resulting conclusions have been documented and implemented (see Consultation policy);
4. the audit team has exercised appropriate professional judgement and professional scepticism;
5. the planned nature, timing and extent of audit procedures have been revised where required;
6. the work performed supports the conclusions reached and are appropriately documented;
7. the audit evidence is sufficient and appropriate to support the audit report; and
8. the objectives of the audit engagement have been achieved.

8.10 It is the responsibility of the Engagement Executive to ensure that audit work, including procedures in the electronic working papers, are reviewed and evidenced as having been reviewed consistent with the ANAO policies in this Manual.⁴⁸ However, this does not require that the review is only performed by the Engagement Executive or the Audit Manager. The level of review depends on the risk of the items and the complexity of the audit work being performed. For example, the Audit Manager or the Engagement Executive may allocate lower risk items, completed by less experienced members of the engagement team (e.g. junior auditor) to be reviewed by a more experienced engagement team member (e.g. Team Leader or Senior Auditor). In particular, the Engagement Executive should review:

1. critical areas of judgement, especially those relating to difficult or contentious matters;
2. significant risks; and
3. any other areas the Engagement Executive considers important.

8.11 Quality management of IT aspects of audits is the responsibility of the Group Executive Director of SADA. The SADA Manager would, however, review the work of the IT team members where such a team was involved. Further, the Engagement Executive and Audit Manager should also conduct sufficient review of IT aspects of the audit to enable those auditors to have a sufficient understanding of all components of the audit.

Consultation

Background

8.12 Auditors often deal with accounting or auditing issues that are difficult or contentious. ASQM 1 requires policies and procedures that give the ANAO reasonable assurance that appropriate consultation takes place in these circumstances, and that the outcomes are appropriately documented and implemented.

8.13 The standards also make the Engagement Executive responsible for ensuring that consultation is undertaken and appropriate, and that it is concluded, documented, agreed and implemented.

Guidance

FSASG communication protocols

8.24 FSASG protocols require topical issues to be communicated to a GED on a timely basis and to be reported promptly to the ANAO Executive in FSASG Weekly Operational Report. The list of topical issues is to include difficult or contentious matters identified by Engagement Executives and all other matters on which consultation is required.

8.25 In addition, the Signing Officer Technical Forum provides an opportunity to communicate new or unusual accounting and auditing matters. This will raise awareness of the matter and allow for the exchange of views.

PASG communication protocols

8.26 PASG protocols require performance audit issues to be communicated to a GED through regular progress review meetings. Issues of high sensitivity should be reported promptly to the responsible GED, and to the ANAO Executive in PASG’s Weekly Operational Report.

PSASG communication protocols

8.27 PSASG protocols require topical issues to be communicated to a GED on a timely basis and to be reported promptly to the ANAO Executive in PSASG Weekly Operational Report. The list of topical issues is to include difficult or contentious matters identified by Engagement Executives and all other matters on which consultation is required.

8.28 In addition, the Senior Officer Technical Forum provides an opportunity to communicate new or unusual auditing matters. This will raise awareness of the matter and allow for the exchange of views.

When to consult

8.29 Engagement teams should take advantage of opportunities to consult with others within the ANAO (without breaching confidentiality or security requirements) when forming views or opinions and taking actions for reaching decisions.

8.30 Other than matters on which consultation is required by ANAO Policy, it is a matter of judgement as to whether consultation should be sought. If in doubt, it is prudent to err on the side of caution.

8.31 There will generally be greater need to consult in the early years of a new financial reporting (standard or rule), auditing or legal requirement than after most teams have obtained substantial experience applying the requirement.

8.32 A consultation can be differentiated from an enquiry. A consultation (which may also be referred to as a formal consultation) is a discussion in which the engagement team wants to get an objective view or receive guidance regarding a specific set of facts and circumstances. There are certain requirements that both the engagement team and the consultant need to satisfy for the consultation to be effective, including appropriate documentation and implementation of conclusions resulting from consideration of the consultation.

8.33 Enquiries are other types of discussions which are not consultations; for example, a ‘point me in the right direction’ or ‘have you seen’ type of question. Often, the team may wish for example to be informed about, or clarify their understanding of, a matter before deciding whether formal consultation is necessary. This dialogue is a normal part of the audit process. Whether such enquiry needs to be documented is a matter of judgement.

Who to consult

8.34 Appropriate consultation requires consulting with those having appropriate knowledge, seniority and experience within the ANAO or, where applicable, outside the ANAO on significant technical, ethical and other matters.

8.35 In addition to formal requirements to consult with the GED, Engagement Executives should, where appropriate, use the GEDs as ‘sounding boards’ on matters arising on their audits. It will not be unusual for these interactions to result in a formal consultation in due course.

8.36 When consulting with an EQR, both the engagement team and the EQR should take care to maintain the EQR’s objectivity so as not to compromise the EQR’s ability to perform the role.

8.37 An important part of the role of PSG is to provide expert advice on accounting and auditing issues, such as the items in paragraphs 8.16 b) to f). The e-mail addresses PSGAccounting@anao.gov.au and PSGAudit@anao.gov.au should be used for sending e-mail queries.

Guidance on matters where consultation is required

8.38 Specific matters that require consultation include an apparent lack of corporate governance. A lack of governance may be revealed about only one major and readily apparent matter. For example, deliberate misapplication of appropriations. It may also be a series of single, but apparently unrelated events. For example, no Audit Committee meetings for an extended period, together with issues relating to trust moneys and other instances suggesting a lack of governance.

Documentation

8.39 Where consultation has occurred, the standards require audit documentation which enables a reviewer to understand, among other things, the significant matters that arose during the audit, the consultation and the conclusions reached thereon.

8.40 Accordingly, when an Engagement Executive concludes that it should consult on a matter, the team should prepare documentation setting out:

1. the matter or issue;
2. all relevant facts and circumstances, including significant aspects of the audit evidence obtained if relevant;
3. the client’s preliminary point of view and justification, where applicable;
4. the audit team’s preliminary point of view and justification; and
5. the analysis of accounting, auditing or other relevant literature, including implication(s) of the matter.

Engagement quality review

Background

8.41 The professional accounting and auditing standards require internal policies and procedures which provide reasonable assurance that auditing engagements and other assurance reviews are conducted according to the relevant standards, ethical and legal requirements.

8.42 The ANAO’s QMF addresses these requirements by providing a system of quality management for the ANAO to have reasonable assurance that auditing staff are complying with the relevant professional standards, regulatory requirements and ANAO policies and procedures.

8.43 ASQM 1 requires that an EQR be appointed to audits of listed entities. ANAO policy extends this requirement to all high risk engagements. ASQM 2 and ASA 220 deal with the requirements related to the eligibility of the EQR and the Engagement Executive and EQR’s responsibilities relating to the performance and documentation of the engagement quality review.

Guidance

8.63 The EQRs are usually appointed at the beginning of an audit. Appointments may be made later if circumstances on an audit change so that appointing an EQR becomes appropriate.

8.64 The policy has scope for an EQR to be appointed from outside the ANAO should the need arise. This includes the appointment of an EQR by the ANAO contractor on a contracted out audit.

8.65 The policy also has scope for persons to be assigned to assist the EQR. This may be appropriate where highly specialised knowledge, skills or expertise may be useful for understanding certain transactions undertaken by the entity to help the EQR evaluate the significant judgements made by the engagement team related to those transactions. The option of appointing assistants to the EQR does not diminish the overall responsibility of the EQR for the engagement quality review. In particular, the EQR is expected to consider whether the assistants understand their instructions and whether the work is being carried out in accordance with the planned approach to the review; and to address matters raised by assistants, considering their significance and modify the planned approach appropriately.

8.66 The FSASG GED, at the start of each audit cycle, is responsible for determining whether an entity is a Public Interest Entity. Refer to Chapter 107 Engagement risk rating and Public Interest Entity assessment of the ANAO Audit Manual - FSASG Specific for policy and guidance on assessing if an entity is, or is to be classified as, a Public Interest Entity.

8.67 The Engagement Executive may consult with the EQR during the engagement; for example, to confirm that a judgement made by the Engagement Executive will be acceptable to the EQR. Such consultation avoids identification of differences of opinion at a later stage of the engagement and need not compromise the EQR’s eligibility to perform the role. Where the nature and extent of the consultations become significant, the EQR’s objectivity may be compromised unless care is taken by both the engagement team and the EQR to maintain the EQR’s objectivity. Where this is not possible, another individual may be appointed to take on the role of either the EQR or the person to be consulted on the engagement.

8.68 Significant matters arising on an engagement should be considered by the Engagement Executive (and the Signing Officer if applicable) in consultation with the GED as appropriate before consultation with the EQR to minimise compromising the EQR’s objectivity. Differences of opinion between the Engagement Executive (or the Signing Officer if applicable) and the EQR should be dealt with consistent with the ANAO policy Differences of Opinion.

8.69 The extent of the review may depend on, among other things, the complexity of the engagement and the risk that the auditor’s report may not be appropriate in the circumstances. The review should be performed on a real time basis and completed before the issue of the auditor’s report. Where applicable, the EQR should use the normal review mechanisms, so that the completed audit will reflect the effect of the review without recourse to review notes.

8.70 The EQR is required to document the engagement quality review. The review results should also be discussed with the audit team, and a brief written report, outlining work undertaken and the results, provided to the audit team.

8.71 Any issues raised by the EQR must be addressed by the audit team. When providing the audit report to the GED, the audit team is required to indicate the action taken to address the issues raised by the review, and to advise of any issues or review comments not addressed.

8.72 In financial statement audits, to evaluate the significant judgements made by the team, the EQR reviews and considers:

1. significant risks identified during the engagement and the responses to those risks including the engagement team’s assessment of, and response to, the risk of fraud;
2. judgements made, particularly those underlying the materiality assessment;
3. the significance and disposition of corrected and uncorrected misstatements identified during the audit; and
4. the matters to be communicated to management and those charged with governance, including the Audit Strategy, Closing Letter and Management Letters and any other communications highlighting significant findings from the audit, and, where applicable, communications to other parties such as regulatory bodies.

8.73 In performance audits, to evaluate the decisions made by the audit team, the EQR reviews and considers:

1. whether there is sufficient audit evidence to support the key audit findings, and, by extrapolation, the audit conclusion;
2. whether there is evidence that there has been an adequate review of the work of the audit team;
3. whether there has been adequate consideration of comments/views received from the audited entity(s) and other stakeholders (where relevant);
4. whether the audit addresses the audit objective, and there is a clear link between the audit objective and audit conclusion, and that the audit adequately addresses the audit criteria; and
5. whether the audit recommendations address the cause of the significant issues identified by the audit, they are realistic and achievable, and they are understandable on their own.

Differences of opinion in ANAO engagements

Background

8.74 Policies and procedures about differences of opinions are required by:

• ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements; and
• ASA 220 Quality Management for an Audit of a Financial Report and other Historical Information.

Guidance

8.80 The ANAO promotes a culture of collaboration and consensus building which encourages and values critical thinking. Because auditing requires the use of professional judgement, differences of opinion can arise. A difference of opinion may be expressed without fear of reprisal. Engagement Executives should be actively involved in resolving accounting or auditing problems encountered by professional staff in the course of audit engagements.

8.81 The audit engagement team comprises professionals with varying levels of experience and expertise, and differences in professional views between members may arise. These differences, particularly those involving personnel at senior levels, generally involve a high degree of professional judgement and technical accounting and auditing questions. Each professional staff member of the ANAO is expected to form their own conclusions and be responsible for ensuring that those views receive adequate consideration.

8.82 This policy applies where differences of opinion arise about matters that (i) could cause financial statements to be misleading; (ii) may impact on the audit conclusion of a performance audit or the audit review opinion or conclusion for an assurance review; (iii) could cause us to modify the auditor’s report; or (iv) could involve an apparent inconsistency in the reporting of a matter between FSASG and PASG. Although differences over matters of this degree of significance are expected to be infrequent, they may arise in such areas as:

1. selection and application of accounting principles or auditing standards;
2. financial statement presentation and disclosure;
3. nature, timing, and extent of auditing procedures;
4. interpretation of authoritative pronouncements, both ANAO and professional; or
5. circumstances resulting in a departure from the standard audit report.

8.83 This policy provides a means to enable such differences being expressed and resolved.

Role of the qualifications and technical advisory committee

Guidance

8.97 Situations will arise where Engagement Executives deal with difficult or contentious matters or unresolved differences of professional opinion. QTAC is a mechanism providing for Engagement Executives to consult on certain difficult or contentious matters and, where necessary, for dealing with and resolving differences of opinion. PSG provides guidance to Engagement Executives on the application of this policy.

Submission process

8.98 Engagement Executives are expected to provide their submissions that have been reviewed by the responsible GED for QTAC referral to PSG allowing seven days’ notice to be given to members and allow time for PSG to review the submission and schedule a QTAC meeting. The final QTAC submission is expected to be provided to QTAC members three days before the scheduled QTAC meeting. Engagement with QTAC should occur as early as possible in the audit cycle. Potential issues should be flagged with PSG and the GED when first identified. Exceptions to the above timeframes will be subject to the discretion of the Chair.

8.99 In the case of performance audits and limited assurance reviews, where one or more of the circumstances in 8.77exist, the Auditor-General is to be notified as soon as the relevant circumstance arises to allow for a decision to be made as to whether referral will be made to QTAC.

8.100 The QTAC process may be fast-tracked at the discretion of the Chair of the QTAC Committee.

8.101 Submissions to QTAC should include only material that is relevant to the matter to be considered, including:

1. an outline of the matter;
2. details and analysis of relevant accounting or auditing standards impacted;
3. the Engagement Executive’s view as to the appropriate form of the audit report or resolution of the matter; and
4. any potential delays to the schedule of the audit arising from the QTAC process.

8.102 In the case of financial statements audits, a copy of the most recent draft of the financial statements is also to be included.

Meeting process

8.103 QTAC meets on an as needed basis, with minutes recorded at all meetings. QTAC may resolve matters out of session.

8.104 In addition to QTAC members, Engagement Executive, PSG secretariat staff and Auditor-General (where the Auditor-General chooses to attend the meeting), the EQR or second reviewer (if appointed), other ANAO staff and external contractors engaged on contract-out audits or engaged as auditor’s experts may also attend the meeting as observers.

8.105 Ordinarily, senior members of the Engagement Team, including audit managers and team leaders, should be invited as observers. Inviting such team members should not be regarded as diminishing the Engagement Executive’s overall responsibility for the conduct of QTAC consultation, however their attendance at the meeting provides an opportunity for these staff to be aware of the considerations of the committee and may also be able to provide support to the Engagement Executive.

8.106 Other ANAO staff that should be considered to attend the meeting as observers may include:

1. Engagement Executives and other senior staff of audits affected by the matter being considered, including other financial statements, performance statements audits and relevant performance audits; and
2. SADA Executives and other senior ANAO staff from outside the engagement team whose work contributes to the matter being considered.

8.107 Attendance at QTAC of non-ANAO staff is rare but may be suitable in some circumstances. Auditee attendance is not anticipated because QTAC is an internal ANAO consultation, but contractors engaged by ANAO to assist its audit activities may be invited where it is helpful to the deliberations of the committee. The Chair should be consulted on contractor involvement in each case. This may include circumstances where there is a difference of opinion between the contract-out audit partner and key ANAO personnel or where the matter being considered relates to the work of an external auditor’s expert.

Matters to be referred to QTAC

8.108 Paragraphs 8.86(d)-(e) above require accounting or related matters that are material to the CFS where there is, or there is significant potential for, differing professional opinions to be referred to QTAC, as well as matters which are likely to attract significant parliamentary or public attention. Such matters may affect one or more Australian Government entities, may be raised by the Department of Finance, or may involve a different treatment under the rules for the preparation of Government Finance Statistics or the Australian Government Budget.

Going concern

8.109 In the public sector, it is common for restructures of administrative arrangements to occur. This involves the reallocation or reorganisation of functions and responsibilities among government-controlled entities. This can result in Commonwealth entities ceasing to exist or merging with other Commonwealth entities. The transfer of functions, merging and cessation of non-corporate Commonwealth entities with other non-corporate Commonwealth entities does not create Going Concern considerations, as non-corporate Commonwealth entities form one legal entity that is the ‘Commonwealth’.

8.110 Corporate Commonwealth entities and Commonwealth companies and their subsidiaries are separate legal entities from the ‘Commonwealth’ and going concern risks can arise from situations where government support is reduced or withdrawn through privatisation, lack of funding or when policy decisions are made that affect the services provided by the entity. If events or conditions are identified that cast significant doubt on the entity’s ability to continue as a going concern, the audit team is required to get sufficient appropriate audit evidence to determine whether a material uncertainty exists consistent with ASA 570. Audit teams are required to refer these situations to QTAC to help them in concluding whether a material uncertainty exists. The conclusion made, in consultation with QTAC, will have implications for the entity’s financial statements disclosures and our auditor’s report.

8.111 When a government decision is made to abolish a corporate Commonwealth entity and legislation is required to be passed to cease the entity, the entity is treated as a going concern until the legislation is enacted.

8.112 These principles were used to form the following ANAO position endorsed by QTAC which is to be applied where a Commonwealth entity ceases, in consultation with PSG. This approach does not apply to ceasing Commonwealth companies as specific circumstances of a ceasing Commonwealth company will drive a decision and a general approach cannot be applied.

8.113 Exceptional circumstances may arise in individual cases that require a treatment different to the position above. Engagement Executives, in consultation with PSG, will need to assess if the approach can be sensibly applied in their individual circumstances. Where exceptional circumstances are apparent, the matter must be referred to QTAC for consideration. If management’s view does not accord with the audit view, consult with the responsible GED and PSG in the first instance.

Audit documentation

Background

9.1 Documentation requirements are set out in ASA 230, ASAE 3000 and ASAE 3500.

Guidance

Content and extent of audit documentation

9.18 Audit documentation is the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor has reached. The term ‘work papers’ is also used when referring to audit documentation. The extent of the audit documentation will be influenced by considerations such as the nature, size, complexity and risk of the auditee or engagement.

9.19 Audit file means one or more folders or other storage media, in physical or electronic form, containing records that comprise the audit documentation for a specific engagement. This includes audit documentation recorded on TeamMate and E-Hive.

9.20 In order for documentation to support the conclusions drawn and work performed, a degree of detail is necessitated. For example, when completing risk assessment procedures under ASA 315 to get evidence about the design and implementation of internal controls, the auditor may use enquiry, observation, inspection and tracing transactions. The standard notes that enquiry alone is not sufficient. To properly evidence that the auditor has complied with this requirement, the documentation must include details of with whom discussions took place, what specifically was observed and what documents were inspected or traced to provide evidence that the control was implemented. Similarly, when using analytical procedures, it is not sufficient to conclude that a variance is immaterial without stating the basis on which the conclusion is drawn.

9.21 Audit documentation is to be recorded in the electronic working papers (TeamMate/E-Hive). In some circumstances, it is useful to have a file to record general background documentation on the client (e.g. policy manuals, budget papers, legislation). This information may be referred to as necessary during the audit, but any information on a file that needs to be documented for the purposes of the audit must be included in the official records (E-Hive).

9.22 TeamMate audit files shall reference the exact file location of audit documentation contained in E-hive. This can be achieved by inserting a functioning URL link into TeamMate to the audit documentation in E-hive or referencing audit documentation E-hive’s file and document numbers.

9.23 In the case of performance audits, the following should be documented:

1. the identifying characteristics of the specific items or matters being tested; for example, for an entity Business Plan, the year to which it refers and the date on which it was approved, and for minutes of meetings, the date of minutes of meetings and who approved them;
2. discussions of significant matters with entity management and other stakeholders;
3. the key judgements made and the rationale for these judgements;
4. how any contradictions or inconsistencies with the final conclusion drawn by the audit team on any significant matter(s) were addressed in forming that conclusion; and
5. any limitations to audit coverage, that is, in certain rare circumstances, where factors outside the audit team’s control prevent relevant audit work being undertaken, including access to relevant information, records or data. The limitations should be documented and consideration given to including details of the limitation to audit coverage in the audit report.

Planning

9.24 The ANAO audit methodology includes mandatory steps that ensure the planning requirements under the standards are met. Evidence of review by the Audit Manager and Engagement Executive, as appropriate, before the performance of further audit procedures provides assurance that the planning has reduced the audit risk to an acceptably low level and that the audit approach is efficient.

9.25 For financial statement audits, the Engagement Executive or the Audit Manager is required to sign-off procedure summaries in folder A ‘Understand and Plan the Audit’ of the relevant TeamMate library prior to commencement of the interim audit work. Policy at paragraph 9.8 outlines the requirement when the planning and interim audit phases are scheduled to be undertaken concurrently. In some cases, the Engagement Executive or the Audit Manager’s review procedures may identify deficiencies or areas for improvement in the planning procedures and documentation. In these cases, despite the existence of open review comments (coaching notes) on planning procedures, recording of the approval of these procedures in the file by the Engagement Executive or the Audit Manager, subject to subsequent timely resolution of individual open review comments, will satisfy the requirement of paragraph 9.8 if the recording of the approval is completed before the commencement of interim audit work.

9.26 The Engagement Executive retains overall responsibility for ensuring that open review points have been satisfactorily addressed before the completion of the audit. The Engagement Executive or the Audit Manager should not record approval of planning procedures if significant deficiencies exist which may cause doubt about the suitability of the planned overall audit approach. The Audit Manager or the Engagement Executive should not allow any interim audit work to commence until these matters are resolved.

9.27 Where there have been changes to the planned audit approach subsequent to commencement of the interim audit work, the Engagement Executive or the Audit Manager should ensure that the audit file accurately reflects the changes made to the audit approach.

Completion of the audit file

9.28 Work done after the date of the Auditor-General’s report should not involve the performance of new audit procedures or the drawing of new conclusions.

9.29 Work done to complete the audit file after the signing or tabling of the audit report should be of an administrative nature only; for example, deleting superseded documentation, sorting, collating and cross referencing work papers, signing of checklists relating to the audit file assembly process. Audit documentation which has been superseded or is not relevant to the audit opinion or report must be removed from the audit file.

9.30 It is possible that before the audit report being signed or tabled, the auditor has obtained evidence that is not yet fully documented in the audit file. To meet the requirement of the standard, this evidence must be discussed and agreed with the relevant members of the audit team before the date of the audit report and evidence of this prior discussion and agreement must be included within the audit documentation. Completion of the audit file may result in a review date being recorded electronically in the audit file which is after the date of the audit report. To evidence compliance with the standards, it is important that the nature of post-signing or post-tabling audit work is described in the audit file.

9.31 A performance audit file should retain all audit evidence that informs the preparation of the audit report, supports the conclusions against the audit criteria, and any other evidence relevant to audit findings.

9.32 Instructions for the finalisation of TeamMate files are located here.

9.33 Audit teams contact the Records Management Unit to finalise E-Hive files.

Management and retention of audit information

Background

9.34 ASQM 1 requires the ANAO to create policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility, retrievability and retention of engagement documentation.

9.35 This policy should be read with the legislative, regulatory requirements and policy on audit documentation, including the:

1. Archives Act 1983;
2. Procedure Security Policy (AGID); and
3. Information Security Manual (ASD).

Guidance

Records management and security

9.39 ANAO general record keeping and information management policies are the responsibility of the ANAO’s Chief Information Officer. These policies are available on MyANAO and include:

1. ANAO Information Management Framework;
2. ANAO Records Authority;
3. ANAO Security Policy Manual; and
4. E-Hive policies and procedures.

9.40 Collectively, these policies are designed to meet the requirements of the Archives Act 1983, the Protective Security Policy Framework issued by the Attorney-General’s Department and the Information Security Manual issued by the Australian Signals Directorate.

9.41 ANAO staff and contractors should be aware particularly of those aspects of these policies that affect their daily work, including classification of information under National Security and Non-National Security regimes; and the holding, transmission or transporting of such information:

1. by Email;
2. in Electronic Working Papers (TeamMate / E-Hive);
3. on ANAO Standard Laptop and Desktop computers;
4. in physical storage;
5. on the ANAO Network; and
6. when physical and electronic classified documents are in use both within the ANAO premises and outside the Office.

9.42 Refer to Laptop & Mobile Device Security Policy on MyANAO for requirements on storage of ANAO’s laptops or devices when working outside of ANAO’s office.

External correspondence

9.43 External correspondence (both issued and received) must be maintained in E-Hive. External correspondence should be declared as a record in E-Hive. This includes confirmations received from third parties such as bank confirmations or solicitor’s representation letters.

Access to working papers

Background / legislative requirements

9.44 Section 36(1) of the A-G Act provides:

If a person has obtained information in the course of performing an Auditor-General function, the person must not disclose the information except in the course of performing an Auditor-General function or for the purpose of any Act that gives functions to the Auditor-General.

Penalty: Imprisonment for 2 years.

Note: Chapter 2 of the Criminal Code sets out the general principles of criminal responsibility.

Guidance

Access by ANAO staff and contractors

9.49 Officers with a need to know would generally be members of the audit team as well as other ANAO officers who become involved in the audit from time to time (e.g. members of PSG who may be called on to provide technical advice, or staff undertaking quality assurance programs).

9.50 In the case of information with a national security classification, access would be restricted to members of the audit team with an appropriate security clearance.

Access by courts or tribunals

9.51 If courts or tribunal request access to audit working papers through a subpoena or discovery process, the Auditor-General may decide on a case-by-case basis, to argue that subsection 36(1) of the A-G Act, relating to the confidentiality of information, prevents the ANAO from complying with a subpoena or a discovery process.

9.52 Parliamentary Privilege also attaches to the working papers of audits and such privilege could also prevent the release of audit working papers to courts or tribunals.

Access by third parties

9.53 Third parties include internal auditors, regulators, external auditors of joint venturers where ANAO audits the joint venture, advisors to prospective purchasers, investors or lenders to entities audited by the ANAO and successor auditors where ANAO auditees leave the Auditor-General’s mandate. Such third parties may request access to our working papers to evaluate the suitability of our work to be relied upon for their professional duties.

9.54 ANAO audit working papers are the property of the ANAO, including the audit work papers of contractors performing audit work on our behalf. Subject to law, the ANAO has the right to decline or restrict access to third parties.

9.55 In deciding on whether to release working papers to a third party, the implications of legal advice about the operation of subsection 36(1) of the A-G Act need to be considered.

9.56 If the Auditor-General has given permission for the release of working papers to a third party then before release, the Engagement Executive will consider the guidance provided in the AUASB Guidance Statement GS 011 Third Party Access to Audit Working Papers.

9.57 General considerations to providing access to working papers to third parties should be given to:

1. client confidentiality;
2. client indemnity from any legal claims;
3. indemnities from third parties from any legal claims;
4. compliance with the ANAO Security Policy;
5. ANAO control over access to audit working papers;
6. whether the audit and working papers are complete; and
7. whether the working papers are subject to any legal professional privilege, which should not form part of the audit working papers released to third parties.

9.58 All conditions, scopes and indemnities should be obtained in writing from all parties before the release of any working papers to third parties. Example letters are contained within AUASB GS 011.

Access to our working papers by the Parliament

9.59 As the primary users of the ANAO’s audit reports, it is usual practice for the Auditor-General and other ANAO officials to attend parliamentary committees including the JCPAA to give evidence about the conduct of our work. In that context, the evidence provided by the ANAO is normally specifically drawn out of the audit report or is contextual factual information that supports the interpretation of information provided in the auditor’s report.

9.60 Members of the Parliament or its committees may request that the ANAO provide documents obtained during the auditing process that have not been included in the ANAO’s performance audit report.

9.61 The Auditor-General considers that it is generally not in the public interest that audit evidence not included in the performance audit report should be provided in response to such requests for several reasons, including:

1. the A-G Act and APES110 impose obligations and principles of confidentiality on our work;
2. the Auditor-General and the ANAO are exempt from the Freedom of Information Act 1982 to stop the ANAO being an alternate option for documents that should be more properly requested from the document owner; and
3. providing such information outside of the established report preparation papers and section 19 processes may circumvent ANAO’s natural justice obligations and the operation of the Attorney-General’s authority to require removal of information that is contrary to the public interest to include in a public report.

9.62 Under our auditing framework, audited entities and others can trust that the Auditor-General and the ANAO will treat them fairly and will protect the confidentiality of specific items of audit evidence. The Auditor-General considers that it would be contrary to the public interest if the ANAO is frustrated in its ability to obtain information from auditees and report to Parliament. Audited entities may perceive a risk that they could lose control of specific items of audit evidence provided to the ANAO because the Auditor-General may release that information outside of an audit report.

9.63 Because of these considerations, audit evidence obtained from entities should not be provided to the Parliament outside of the normal audit reporting processes unless approved by the Auditor-General.

Copies of report preparation papers and section 19 proposed reports

9.64 ANAO papers created for the purposes of preparing a proposed report under section 19 and proposed reports issued under section 19 of the A-G Act are subject to the confidentiality obligation in section 36(3) of the A-G Act. Section 36(3) applies very broadly and a person commits an offence if they receive any report or extract created for the purposes of preparing a proposed report under section 19 (including report preparation papers and ANAO working papers) or a proposed report or extract under section 19 of the A-G Act and they disclose any information in the report or extract. The penalty for breaching section 36(3) is imprisonment for two years.

9.65 Section 36(4) provides that the Auditor-General may consent to a disclosure. Accountable Authorities wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants and Ministers, must seek the consent of the Auditor-General. The Auditor-General has delegated to the Deputy Auditor-General the power to consent to disclosure of information under subsection 36(4).

9.66 The Auditor-General has agreed that the Accountable Authorities of entities may decide to disclose, on a confidential basis, relevant papers (including report preparation papers and proposed reports provided under section 19) to entity officials as well as members of the entity’s audit committee. The consent to provide relevant papers to entity officials was given to allow Accountable Authorities discretion to determine which of their officials require access to papers, provided that the confidentiality of the papers is maintained. The consent to provide relevant papers to members of the entity’s audit committee was given to allow Accountable Authorities to use their audit committee to monitor entity risks and the implementation of any changes proposed in audit reports.

9.67 Accountable Authorities wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants and Ministers, must seek the consent of the Auditor-General as required by paragraph 2.46of this Manual.

9.68 Where a relevant paper is addressed to an officer of an entity, instead of an Accountable Authority, the Auditor-General has agreed that the officer to whom the paper has been addressed may decide to disclose, on a confidential basis, that paper to relevant officers of the entity or members of the entity’s audit committee.

9.69 Entities may, of course, provide those persons with information such as the objectives and criteria of an audit (which are published on the ANAO’s website) and factual material on the audit process, such as what stage an audit is at (consistent with what is published on the ANAO’s website).

Monitoring – inspection of ANAO assurance products

Background

10.1 Consistent with ASQM 1, the ANAO has designed and performs monitoring activities to provide a basis for the identification of deficiencies in the ANAO’s system of quality management.

10.2 In determining the nature, timing and extent of the monitoring activities, the ANAO considers:

1. The reasons for the assessments given to the quality risks;
2. The design of the responses;
3. The design of the firm’s risk assessment process and monitoring and remediation process;
4. Changes in the system of quality management;
5. The results of previous monitoring activities, whether previous monitoring activities continue to be relevant in evaluating the firm’s system of quality management and whether remedial actions to address previously identified deficiencies were effective; and
6. Other relevant information, including complaints and allegations (see paragraphs 10.33–10.39 below), information from external inspections and information from service providers.

Guidance

10.27 The monitoring process, including the inspection and evaluation of completed audits, is an important component of the QMF. The QMF comprises the ANAO’s policies and procedures designed to provide reasonable assurance that, in the conduct of assurance engagements, applicable auditing and professional standards and legal and regulatory requirements are met and the audit report issued is appropriate in the circumstances.

10.28 The scope of the QARP encompasses all aspects of the audit or engagement process. The program is designed to contribute to continuous improvement by creating the opportunity for audit teams and the ANAO to learn from experience. Each audit team is expected to consider whether their audit is impacted by communicated findings and to adopt appropriate responses.

10.29 The QARP will be conducted using a test program which is designed to provide assurance for each engagement reviewed, that the audit has been conducted in accordance with the ANAO auditing standards and ANAO policies and procedures.

10.30 An audit may involve arrangements to rely on work conducted by another ANAO auditor as provided for in auditing standards ASA 402, ASA 600 and ASAE 3500. In such cases, the file review may also include review of relevant work conducted on the other audit.

10.31 When evaluating whether an audit has complied with a specific requirement as set out in the test program, the reviewer will indicate either that the audit complies or does not comply. Where file reviews are conducted by ASIC, ASIC’s rating system will be used. For all other reviews, if the audit does not comply, the finding will be rated consistent with the following system for rating individual findings.

10.32 In addition to the QARP, the ANAO undertakes further internal and external reviews to monitor and gain assurance over the effective operation of its system of quality management. These include:

1. Real time quality assurance reviews of a selection of in-progress financial statements and performance statements audits;
2. An annual internal audit of compliance with components of the ANAO Audit Manual;
3. An annual review of the ANAO Quality Management Framework and financial statements audit files by ASIC;
4. Biennial peer reviews of a selection of completed performance audits performed by the Office of the Auditor General of New Zealand; and
5. Other external reviews of the ANAO Quality Management Framework and a selection of completed audits, as considered appropriate.

Complaints and allegations

Background

10.33 During the course of ANAO work, complaints and allegations may be made. Many of these are dealt with through the ANAO’s normal management and communication channels. This policy deals with the formal management of any complaints or allegations that the work performed by the ANAO does not comply with applicable standards, requirements, systems of quality management or independence policies.

Guidance

10.39 Under the Public Interest Disclosure Scheme, the identity of the person making the disclosure will remain confidential as far as practicable. It is a criminal offence to take or threaten to take a reprisal, such as discriminatory treatment, termination of employment or injury, against someone because they make a disclosure.

Fraud, corrupt conduct and related matters in the conduct of audits

Background

10.40 This policy deals with the formal management of reporting any potential fraud, corrupt conduct or other wrongdoing identified during the conduct of an audit.

10.41 Australian Auditing Standard ASA 240 provides requirements for dealing with fraud or potential fraud in a financial statement audit. These requirements can also be applied to other types of assurance engagement, including performance audits.⁵⁷

Guidance

10.45 Audit teams may become aware of, or identify potential fraud, corrupt conduct or other wrongdoing. Audit teams may also receive allegations of such a nature, sometimes anonymously, from members of the public via correspondence or electronically through email, or the citizens’ contribution facility. In such circumstances it is important that the actions of the audit team do not inadvertently affect any future investigation of the potential fraud or wrongdoing by the auditee or other body. The audit team should retain original copies of relevant documents, which may assist any future investigations, when they become aware of, or identify potential fraud, corrupt conduct or wrongdoing. Such original documents should be retained, in the relevant E-hive file, regardless of whether the ANAO Auditing Standards require retention of such documents.

10.46 All ANAO staff or contractors who become aware of a potential fraudulent activity should refer to the ANAO Fraud and Corruption Strategy 2024-2026 for additional guidance.

Background

11.1 Consistent with ASQM 1, the ANAO has established and maintains a system of quality management. The Auditor-General is ultimately responsible for the quality of all assurance and related activities undertaken by the ANAO. From an operational perspective, the Auditor-General is assisted by the Deputy Auditor-General in ensuring that the ANAO’s system of quality management satisfies the requirements of the ANAO Auditing Standards. The Auditor-General and the Deputy Auditor-General are helped by the GEDs of PSG, FSASG, PASG, PSASG and SADA and the COO with this role.

11.2 The ANAO Quality Committee is responsible for monitoring and reporting to EBOM on the implementation of the QMF.

Guidance

11.7 The evaluation and conclusion on the QMF will be informed by:

1. the results of the annual QARPs for FSASG, PSASG and PASG, including an evaluation of:
   
   1. The severity and pervasiveness of identified deficiencies, and the effect on the achievement of the objectives of the system of quality management;
   2. Whether remedial actions have been designed and implemented, and whether the remedial actions taken up to the time of the evaluation are effective; and
   3. Whether the effect of identified deficiencies on the system of quality management have been appropriately corrected;
2. the ANAO’s performance against audit quality indicators (AQIs). AQIs are reliable quantitative measures which when considered with relevant qualitative information provide insights into factors that may influence audit quality and the operating effectiveness of the system of quality management.

ASQM 1 requires periodic performance evaluation of the individual assigned ultimate responsibility and accountability for the ANAO Quality Management Framework, which is the Auditor-General. The standard acknowledges in the public sector considerations that this is not practicable in the case of an Auditor General.⁵⁹ Performance evaluations are undertaken for individuals assigned operational responsibilities as set out in Chapter 4 Governance and leadership responsibilities for quality.

Glossary

Footnotes