Quality in the delivery of the ANAO’s audit services is critical in supporting the integrity of our audit reports and maintaining the confidence of the Parliament and public sector entities. The ANAO Corporate Plan 2023–24 is the ANAO’s primary planning document. It outlines our purpose; the dynamic environment in which we operate; our commitment to building capability; and the priorities, activities and performance measures by which we will be held to account. This quality management framework and plan complements the corporate plan. It describes the ANAO’s system of quality management and reflects the ANAO’s responses to quality risks for the coming year.

The ANAO Quality Management Framework is the ANAO’s established system of quality management to provide the Auditor-General with reasonable assurance that the ANAO complies with the ANAO Auditing Standards and applicable legal and regulatory requirements, and reports issued by the ANAO are appropriate in the circumstances.

The quality management framework and plan component of this document identifies the ANAO’s quality objectives and key responses to address identified quality risks and to provide the Auditor-General with confidence that those responses are implemented and operating effectively.

The ANAO reports on the audit quality indicators that measure the ANAO’s performance against target benchmarks in the annual audit quality report published on the ANAO website. The audit quality report also provides transparency with respect to the implementation and operation of the responses to address quality risks for each component of the ANAO’s system of quality management.

1. Introduction

1.1 The purpose of the Australian National Audit Office (ANAO) is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance.

1.2 The quality of ANAO audit work is reliant on the strength of its independence and system of quality management (SOQM). A sound SOQM supports delivery of high-quality audit work and enables the Auditor-General to have confidence in the opinions and conclusions in the reports prepared for the Parliament. This facilitates the confidence of the Parliament that the ANAO operates with independence and that the audit approach meets the auditing standards set by the Auditor-General.

1.3 The ANAO defines audit quality as the provision of timely, accurate and relevant audits, performed independently in accordance with the Auditor-General Act 1997 (the Act), and ANAO Auditing Standards and methodologies, which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

1.4 The Quality Management Framework and Plan describes the ANAO’s SOQM and sets out the key responses to address identified quality risks planned for the financial year as part of the ANAO’s investment in audit quality.

Framework for quality management

1.5 The ANAO is established under the Auditor-General Act 1997. Section 24 of the Act requires the Auditor-General to set auditing standards that are to be complied with by persons performing functions under the Act. The ANAO Auditing Standards set under this provision incorporate standards issued by the Auditing and Assurance Standards Board (AUASB) and relevant auditing and assurance standards issued by standard-setting bodies other than the AUASB as appropriate. With respect to quality management, this includes ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (ASQM 1) and ASQM 2 Engagement Quality Reviews.

Purpose of the Quality Management Framework and Plan

Quality Management Framework

1.6 In accordance with ASQM 1, the ANAO has designed, implemented and operates a system of quality management, the ANAO Quality Management Framework. The SOQM enables the consistent performance of quality audits by providing the Auditor-General with reasonable assurance that:

  • the ANAO, and its staff, fulfill their responsibilities in accordance with the ANAO Auditing Standards and applicable legal and regulatory requirements, and delivers on its purpose in accordance with such standards and requirements; and
  • reports issued by the ANAO are appropriate in the circumstances.

1.7 The Quality Management Framework is designed to meet ANAO quality objectives. The policies and procedures that make up the Quality Management Framework respond to quality risks that arise in respect to the nature and circumstances of the ANAO and the engagements conducted. An annual review of the quality objectives and risks ensures that additional or modified quality objectives and risks are identified and modifications and additions to the Quality Management Framework are designed and implemented as necessary.

1.8 The Quality Management Framework includes policies and procedures that address:

  1. The ANAO’s risk assessment process;
  2. Governance and leadership;
  3. Relevant ethical requirements;
  4. Acceptance and continuance of client relationships and specific engagements;
  5. Engagement performance;
  6. Resources;
  7. Information and communication; and
  8. Monitoring and remediation process.

1.9 The Quality Management Framework replaces the ANAO Quality Assurance Framework to reflect the introduction of three new and revised Australian Quality Management Standards issued by the AUASB that became effective on 15 December 2022:

  • ASQM 1 – Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements.
  • ASQM 2 – Engagement Quality Reviews.
  • ASA 220 – Quality Management for an Audit of a Financial Report and Other Historical Information.

1.10 The new and revised standards introduced a quality management approach that is focused on proactively identifying and responding to risks of quality. The standards include enhanced requirements and focus on governance and leadership, monitoring and remediation. The ANAO has implemented the revised standards by making enhancements to the Quality Management Framework to ensure that it clearly demonstrates the ANAO responses to the quality risks that arise in audits of public sector entities.

Quality Management Plan

1.11 The Quality Management Plan is informed by the priorities identified in the ANAO Corporate Plan, the prior period’s results of the ANAO Quality Assurance Program (the QA Program), and better practice insights from engagement with peers and the wider auditing profession. The plan:

  • identifies and highlights the key activities to be performed and monitored to provide assurance that critical aspects of the Quality Management Framework are operating effectively;
  • includes a timetable for deliverables to provide accountability by ensuring that quality management activities are completed and reported on as planned;
  • facilitates coordination of all monitoring activities, including internal audit, internal and external quality assurance reviews and external audit; and
  • identifies the resource requirements necessary for the performance of monitoring functions.

1.12 The ANAO Corporate Plan contains the following performance measure in respect of quality:

The ANAO’s independent Quality Assurance Program indicates that audit opinions and conclusions are appropriate.

1.13 The QA Program is a key activity that addresses the monitoring element of the Quality Management Framework. The objective of the QA Program is to form an opinion as to whether each audit report:

  • complies with ANAO Auditing Standards, policies and procedures and other legal and regulatory requirements; and
  • evidences sufficient appropriate audit procedures to support conclusions reached.

1.14 The QA Program also provides assurance on the implementation and operating effectiveness of other elements of the Quality Management Framework. The scope of the QA Program is discussed in the monitoring and remediation section of this document.

1.15 The strategy and activities described in the Quality management strategy and deliverables for 2023–24 focus on those that address the audit performance and monitoring and remediation elements of the Quality Management Framework.

2. The ANAO Quality Management Framework

Overview

2.1 A sound quality management framework supports high-quality evidence and standards-based audit work. This enables the Parliament to have confidence in the opinions and conclusions made by the Auditor-General.

2.2 The ANAO Quality Management Framework is in accordance with the requirements of Auditing Standard ASQM 1.

Responsibilities for the system of quality management

2.3 The Auditor-General is ultimately responsible for the system of quality management in place for all management and related activities undertaken by the ANAO. From an operational perspective, the Deputy Auditor-General is responsible for ensuring that the system of quality management satisfies the requirements of the ANAO Auditing Standards and is assisted by the Group Heads with this role.

2.4 The Professional Services and Relationships Group (PSRG) Group Executive Director (GED) is responsible for the design, implementation and maintenance of the Quality Management Framework and for monitoring compliance with the Framework. The PSRG GED is also responsible for compliance with independence requirements, including the ANAO independence policies in the Audit Manual and the approval of non-audit services to auditees by contracted firms and for the monitoring and remediation processes. PSRG reports to the ANAO Executive, Quality Committee and Audit Committee on the results of these monitoring activities.

The ANAO Quality Committee

2.5 The ANAO Quality Committee is responsible for monitoring the implementation of the Quality Management Framework and reporting to the Executive Board of Management (EBOM) on this implementation.

2.6 The Committee is comprised of members representing all ANAO service groups and is chaired by the PSRG GED.

2.7 The Committee meets on a quarterly basis and has terms of reference which include the following responsibilities:

  • reviewing the findings of external and internal reviews in relation to quality which have been reported to the Executive Board of Management (EBOM);
  • monitoring the ANAO’s progress in addressing the findings and recommendations made in external or internal reviews;
  • monitoring and reporting to EBOM on the implementation, operating effectiveness and efficiency of the Quality Management Framework, having regard to the findings of external and internal reviews and the audit quality indicators;
  • advising the Auditor-General on whether the operation of the Quality Management Framework provides reasonable assurance that the ANAO’s quality objectives are being achieved;
  • monitoring the strategic and operational risks associated with quality; and
  • considering proposed amendments to the ANAO Audit Manual that substantially impact the conduct of an audit and making recommendations to the Auditor-General for approval.

The ANAO’s risk assessment process

ANAO Quality Risk Assessment (ASQM 1 paragraphs 23–27)

ASQM 1 requires the ANAO to design and implement a risk assessment process to establish quality objectives, identify and assess quality risks, and design and implement responses to address the quality risks.

This requirement includes the establishment of the quality objectives specified by ASQM 1 and any additional quality objectives considered necessary by the ANAO to achieve the objectives of the SOQM.

The ANAO identifies and assesses quality risks by:

  • obtaining an understanding of the conditions, events, circumstances, actions or inactions that may adversely affect the achievement of the quality objectives, including with respect to the nature and circumstances of the firm and its engagements; and
  • taking into account how, and the degree to which, the conditions, events, circumstances, actions or inactions may adversely affect the achievement of the quality objectives.

The ANAO has designed and implemented responses to address the quality risks in a manner that is based on, and responsive to, the reasons for the assessments given to the quality risks. It has also established policies and procedures that are designed to identify information that indicates additional quality objectives, or additional or modified quality risks or responses, are needed.

2.8 Effective risk management is fundamental to achieving our purpose and improving our performance. The ANAO risk management framework plays an important role in shaping the ANAO’s strategic direction, contributes to evidence-based decision-making and is embedded into business-as-usual practices. The framework is supported by the Enterprise Risk Register (ERR). The ERR identifies, outlines and assesses relevant strategic and operational risks of the ANAO. The Auditor-General takes advice from EBOM when establishing the Risk Management Framework, the ERR and determining the ANAO’s appetite and tolerance for risk.

2.9 The ANAO takes an integrated approach to monitoring risks across the organisation and in existing business processes and ANAO enabling frameworks (i.e., policies, procedures and guidance materials). Risks are continually monitored by EBOM, the Audit Committee, governance subcommittees and ANAO staff.

2.10 The ANAO Quality Risk Assessment process, including the establishment of quality objectives, identification and assessment of quality risks and design and implementation of responses to address the quality risks is informed by the ANAO Enterprise Risk Register, including monitoring changes in environment, risks causes and the operating effectiveness of responses to risks.

2.11 The ANAO has established all of the quality objectives in ASQM 1 and an additional ANAO specific objective (see paragraph 2.50). The quality objectives are set out for each component of the Quality Management Framework accompanied by the responses the ANAO has designed and implemented to address identified quality risks.

2.12 The process of risk assessment is iterative. The ANAO has established an annual review and assessment process of the ANAO quality objectives and quality risks. This annual review supports the annual review of the Quality Management Framework and takes into account the Auditor-General’s evaluation on whether the Quality Management Framework provides reasonable assurance that the ANAO’s quality objectives are being achieved.

Governance and leadership

Quality objectives (ASQM 1 paragraph 28)

The ANAO’s governance and leadership framework establishes an environment that demonstrates a commitment to quality through a culture that exists throughout the organisation, which recognises and reinforces:

  • The ANAO’s role in serving the public interest by consistently performing quality engagements;
  • The importance of professional ethics, values and attitudes;
  • The responsibility of all personnel for quality relating to the performance of engagements or activities within the system of quality management, and their expected behaviour; and
  • The importance of quality in the ANAO’s strategic decisions and actions, including the ANAO’s financial and operational responsibilities.

Leadership is responsible and accountable for quality.

Leadership demonstrates a commitment to quality through their actions and behaviours.

The organisational structure and assignment of roles, responsibilities and authority is appropriate to enable the design, implementation and operation of the ANAO’s Quality Management Framework.

Resource needs, including financial resources, are planned for and resources are obtained, allocated or assigned in a manner that is consistent with the ANAO’s commitment to quality.

Commitment to quality through culture

2.13 The ANAO demonstrates a culture that is committed to audit quality in corporate documents including the ANAO Corporate Plan, the Annual Report, and Quality Report. These documents recognise that quality in the delivery of the ANAO’s audit services is critical in supporting the integrity of our audit reports and maintaining the confidence of the Parliament and public sector entities. The publication of this Quality Management Framework document and the Audit Quality Report demonstrates the importance governance and leadership places on transparency and accountability regarding audit quality.

2.14 The ANAO definition of audit quality (paragraph 1.3) demonstrates that the commitment to audit quality is linked to the purpose of the ANAO and how the ANAO serves the public interest through reporting to Parliament.

2.15 The culture committed to quality is supported by the tone at the top established by the ANAO’s leadership through their actions and behaviour, and by clear, consistent and frequent actions and communications at all levels within the ANAO. The importance of quality is communicated regularly through ANAO town hall meetings, the Auditor-General’s monthly messages, service group all staff meetings and technical updates. The responsibility of all personnel for quality is recognised and reinforced by the incorporation of quality into individual performance agreements, discussion and assessment.

2.16 The ANAO’s recognition of the importance of quality in strategic and operational decisions is captured in the ANAO Corporate Plan where it states in the ‘Risk oversight and management’ that ‘the ANAO further recognises that the risk environment for Commonwealth entities is dynamic. As a result, the ANAO must continuously monitor the risk to entities’ ability to provide accurate evidence for audits. Where appropriate, the ANAO may adjust audit plans to ensure that quality is retained, and auditing standards are not compromised’.

Leadership responsibility and accountability for quality

2.17 The ANAO Audit Manual specifies the responsibilities of leadership for quality:

  • The Auditor-General is ultimately responsible and accountable for the system of quality management in place for all assurance and related activities undertaken by the ANAO.
  • The Deputy Auditor-General has operational responsibility for ensuring that the system of quality management satisfies the requirements of the ANAO Auditing Standards.
  • The PSRG GED is responsible for the ANAO audit methodology, which supports compliance with the ANAO Auditing Standards. This includes the development of policies and procedures to support that audit methodology.
  • The Financial Statements Audit Services Group (FSASG), Performance Audit Services Group (PASG), Performance Statements Audit Services Group (PSASG), and Systems Assurance and Data Analytics (SADA) Group Heads are responsible for the delivery of quality audit services within their respective business units.
  • The FSASG, PASG and PSASG engagement executives and SADA executives are responsible for quality within their portfolio of audits and supporting the Group Heads in the delivery and management of quality audit services.
  • The Corporate Management Group (CMG) Senior Executive Director (SED) is responsible for the design, execution and maintenance of policies supporting the Quality Management Framework in respect of human resources, IT security and support, external communications, and learning and development.
  • The PSRG and CMG Group Heads are jointly responsible for the ANAO Academy.

2.18 The fulfilment of leadership responsibilities is assessed in quality assurance reviews through review of engagement executive involvement in an audit, including key approvals, judgements and consultations. The attitudes and behaviours of engagement leadership throughout the QA review, including openness to review and continuous improvement, are also considered in the review. Any issues in leadership responsibilities are highlighted in the reports to EBOM as part of the results of the QA review program and concerns with attitudes and behaviours are considered and dealt with by the Executive. Follow-up actions can include additional levels of review, such as assignment of engagement quality reviewers (EQRs) or second reviewers, or through performance or contract management.

2.19 Quality is incorporated into individual staff performance agreements. Any concerns with audit quality will be raised in performance assessment discussions and considered in performance evaluations. The annual evaluation of the system of quality management will inform performance assessments of individuals responsible for elements of the system of quality management.

Leadership commitment to quality through actions and behaviours

2.20 Performance assessments address actions and behaviours, including commitment to audit quality. Performance assessments of senior leaders are informed by upward feedback.

Organisational structure and assignment of roles and responsibilities

2.21 The ANAO organisational structure is consistent with the assignment of roles and responsibilities for quality in the ANAO Audit Manual and Quality Management Framework. The roles and responsibilities are set out above at paragraphs 2.3–2.7.

Resource needs are consistent with the commitment to quality

2.22 The ANAO Workforce Plan considers the immediate and future resourcing / capability requirements of the ANAO. The Plan captures approaches to attract, recruit, develop and retain staff (including measures to support high performance, technical and specialist skill development and succession planning towards leadership positions).

2.23 Recruitment is based on current needs and priorities, future forecasts, and attrition data / trends. The Plan (and broader ANAO polices) focus on maintaining a working environment that enables the ANAO to be seen as an employer of choice and leader in public sector auditing.

2.24 EBOM actively monitors the ANAO risk register which includes a strategic risk regarding resourcing and recruitment. When risks are elevated, there is increased reporting to EBOM, including reporting on the testing of controls.

2.25 When considering the Annual Audit Work Program (AAWP) and the approval of the commencement of audits, the ANAO considers appropriate resourcing. Audits are not approved for commencement without appropriate resourcing.

Relevant ethical requirements

Quality objectives (ASQM 1 paragraph 29)

The ANAO, its personnel and contract service providers understand, and fulfil their responsibilities in relation to the ethical requirements relevant to ANAO work.

2.26 The ANAO Auditing Standards require the Auditor-General and ANAO staff to fulfill their responsibilities in accordance with relevant ethical requirements, including those pertaining to independence, which are set out in APES 110 Code of ethics for professional accountants (including independence standards) (APES 110).

2.27 The ethical requirements of APES 110 apply in addition to the ethical requirements that apply to ANAO staff as employees of the ANAO and as Commonwealth public servants. ANAO staff are bound by the ANAO Values and Behaviours, and the Australian Public Service (APS) Values and Code of Conduct set out in the Public Service Act 1999. ANAO staff are also bound by the General Duties of Officials under Part 2–2 Division 3 of the Public Governance, Performance and Accountability Act 2013.

Integrity

2.28 The ANAO regards integrity as a core value of the organisation — critical in sustaining the confidence of Parliament, strengthening public trust in government and delivering quality audit products. The ANAO upholds five key principles of integrity – independence, honesty, openness, accountability and courage. To support integrity, the ANAO has an Integrity Framework that provides an overarching structure to the ANAO’s integrity controls, assists in risk, fraud and misconduct management, and promotes ethical decision-making. The ANAO has an Integrity Advisor, whose responsibilities include supporting the effective ongoing application of the Integrity Framework and increasing integrity awareness across the ANAO. Under the Integrity Framework, the Integrity Advisor reports annually to EBOM on integrity matters and integrity awareness activities and training conducted during the year.

Independence

2.29 Independence is fundamental to the principles of integrity and objectivity and is central to maintaining an attitude of professional scepticism. Independence comprises both independence of mind and independence in appearance.

2.30 The ANAO Quality Management Framework ensures that threats to independence are appropriately managed through the application of ANAO independence policies.

2.31 The Auditor-General is an independent officer of the Parliament as set out in section 8 of the Auditor-General Act 1997 (the Act). The Auditor-General’s statutory independence is provided for in the Act through defining the scope of the Auditor-General’s mandate, the appointment and removal of the Auditor-General and the performance of their responsibilities. The Auditor-General has complete discretion in the performance or exercise their functions or powers and is not subject to direction from anyone in relation to:

  • whether or not a particular audit is to be conducted; or
  • the way in which a particular audit is to be conducted; or
  • the priority to be given to any particular matter.

2.32 Section 40(2) of the Act further provides for independence of ANAO functions, providing that directions to ANAO staff in relation to the performance of the Auditor-General’s functions may only be given by the Auditor-General or a member of the staff of the ANAO authorised to give such directions.

2.33 The completion of a declaration of independence is to be undertaken prior to participating in an audit, review, or other engagement or information report. The declaration is required to be maintained on the file and reviewed by the responsible engagement executive.

2.34 Under the ANAO independence policy, suspected or actual contraventions of the independence requirements of legislation, APES 110 or ANAO policy requirements must be reported immediately to the responsible GED.

2.35 Staff are required to complete mandatory training that covers independence and other ethical requirements, including the APS Code of Conduct and ANAO values. Completion of mandatory training is monitored and reported to EBOM and captured in each staff member’s Professional Development Agreement. Regular reminders of policy requirements are provided through a variety of other channels such as technical updates, and the ANAO has published for internal use an application guidance document covering frequently asked questions regarding independence and the practical application of ANAO policies and the conceptual framework set out in APES 110.

2.36 Additionally, methodology steps within each Teammate audit file set out the requirements from APES 110 and ANAO policies and prompt staff to document their independence in the audit file. Compliance with independence and other ethical requirements is monitored through quality assurance reviews of audit files and internal audits.

Rotation of key audit personnel

2.37 The ANAO independence policy sets key audit personnel rotation requirements for financial statements audits. Their purpose is to safeguard against the threat to independence that may arise from a long association with an auditee. This policy specifies the length of time that key audit personnel can be assigned to the financial statements audit of an entity before rotation or approval to extend involvement is required. Monitoring of the assignment and rotation of key audit personnel is performed by the FSASG SED responsible for Resourcing and Budgeting.

2.38 Familiarity threats are required to be considered in recurring performance statements audits, performance audits and other assurance engagements.

Conflicts of interest

2.39 The ANAO also monitors potential conflicts of interest through:

  • the declaration of personal interests policy – requires all ANAO SES and other relevant staff in sensitive positions to submit, at least annually, a written declaration of their, and their immediate family’s, financial and other interests that could involve a real or apparent conflict of interest;
  • the ANAO employment manual – requires ANAO staff to seek prior approval to engage in outside activities or employment. In the approval process, the Deputy Auditor-General considers if the outside activities or employment create a real or perceived conflict of interest; and
  • procurement policies and procedures – require the declaration of conflicts of interest.
Gifts and benefits monitoring

2.40 The ANAO must meet public expectations of integrity, accountability, independence, transparency and professionalism. This requires that staff not be influenced, or perceived to be influenced, by gifts, benefits or inducements. The Auditor-General’s Instructions and supporting Financial Management Procedures require staff to report any offered gift or benefit (whether accepted or refused), within 10 business days of the offer being made, in the gifts and benefits register. In limited circumstances, staff may retain the gift after following the appropriate approval processes. The ANAO maintains a gifts and benefits register which is published on its website and updated monthly.

Ethical requirements applying to contracted firms

2.41 The ANAO communicates the ANAO specific independence policies to contracted firms and presents an annual webinar for contracted firms with reinforced messaging regarding the relevant ethical requirements that apply to ANAO audits and engagements.

2.42 The onboarding of contract staff includes induction training on relevant ethical requirements and all contactors issued with an ANAO laptop are required to complete training addressing independence and other ethical requirements.

Other services

2.43 The ANAO contracts private sector firms to undertake some audits on behalf of the Auditor-General. The ANAO Audit Manual requires contracted firms to request approval from the ANAO to provide other non-assurance services to auditees. The PSRG GED is responsible for assessing and deciding whether to approve requests from contracted firms to perform other services, to ensure consistency in the considerations and judgments underlying the decision.

2.44 If breaches are identified, the matter is raised with the responsible GED and PSRG GED. The firm will be required to cease providing the other services. The PSRG GED communicates with the contract relationship partner to understand how the breach occurred and what processes or safeguards the firm has implemented to ensure that breaches do not recur. The ANAO reports all identified breaches of independence in the Quality Report.

Audit mandate and selection

Quality objectives (ASQM 1 paragraph 30)

Judgements by the ANAO about whether to commence a non-mandated audit are appropriate based on:

  • information obtained about the nature and circumstances of the engagement, the integrity and ethical values of the auditee; and
  • the ANAO’s ability to perform the engagement in accordance with ANAO auditing standards and applicable legal and regulatory requirements.

Judgements about the number of non-mandated audits (performance audits and performance statements audits) to conduct are based on the ANAO’s ability to perform the engagement in accordance with ANAO Auditing Standards and applicable legal and regulatory requirements.

2.45 Due to the ANAO’s mandate, the first quality objective related to audit mandate and selection only relates to accepting engagements performed under section 20 of the Act as further outlined in paragraph 2.52 to 2.54.

Mandated financial statements audits

2.46 The Auditor-General is mandated, under the Act, to audit the annual financial statements of all Commonwealth entities, companies and subsidiaries, and the annual Commonwealth Consolidated Financial Statements.

Non-mandated performance audits and performance statements audits

2.47 In addition to mandated financial statements audits, the Auditor-General can conduct performance audits of Commonwealth entities, companies and subsidiaries, with the exception that performance audits of Government Business Entities (GBE) can only be undertaken if they are requested by the Joint Committee for Public Accounts and Audit (JCPAA). Performance statements audits can be requested by the responsible Minister for a Commonwealth entity or the finance minister.

2.48 The Auditor-General publishes an annual audit work program (AAWP) in July each year which outlines the proposed audit activities to be undertaken in the financial year. The AAWP includes potential performance audit topics, annual performance statements audits and the annual program of mandated financial statements audits. The ANAO develops the AAWP guided by the following objectives:

  • have regard to the priorities of the Parliament of Australia as determined by the JCPAA along with any reports of the JCPAA;
  • consider the interests of other parliamentary committees and parliamentarians;
  • provide a balanced program of activity that is informed by risk, and promotes accountability, transparency and improvements to public administration;
  • follow up on past recommendations and identify trends for improvement, or declines in performance across government; and
  • apply all of the Auditor-General’s mandate.

2.49 Throughout the year, the Auditor-General determines which audits will commence based on a risk assessment, priorities identified by the JCPAA, and achieving sufficient breadth and depth across the government sector. The Auditor-General also considers any recent developments in the public sector and areas of public concern, opportunities to demonstrate good practice in public administration and accountability, requests for audit and resourcing. Approaches by parliamentarians, parliamentary committees and others with suggestions for audits are also considered by the Auditor-General for potential audit activity.

2.50 The ANAO has established an ANAO-specific quality objective, in addition to those required by ASQM 1, that judgments about which non-mandated audits to perform are based on the ANAO’s ability to perform the engagement in accordance with the ANAO Auditing Standards and applicable legal and regulatory requirements. The ANAO has identified a quality risk that the ANAO’s performance measure targets in the ANAO Corporate Plan 2023–24 regarding the number of non-mandated audits may drive judgments relating to commencement of audits without consideration of the ANAO’s ability to perform the engagement with sufficient resources, time and capability.

2.51 The ANAO’s responses to this quality risk include the following:

  • for performance audits – the audit work plan specifies the audit team members to provide the Auditor-General with assurance that the audit team is adequately resourced and has the appropriate capability to conduct the audit, and senior leaders are actively engaged in the audit work plan approval process to ensure consideration of appropriate resourcing;
  • for performance statements audits – the ANAO Audit Manual sets out that it is the PSASG GED’s responsibility to support the Auditor-General’s decision-making; and
  • the budget allocation process focusses first on the need to complete mandated audits.

Audits by arrangement

2.52 The Auditor-General may also conduct audits by arrangement under section 20 of the Act. Audits by arrangement conducted by the ANAO are subject to the requirements of ASQM 1 in relation to acceptance and continuance of client relationships and specific engagements.

2.53 The ANAO audit manual sets requirements related to acceptance of a section 20 engagement, including the matters that must be considered and included in the recommendation to the Auditor-General for approval. The competence and capabilities of the ANAO, including available time and resources to conduct the engagement are included among the mandatory considerations. The Auditor-General determines whether to accept or continue an audit under section 20. This ensures consistency and appropriateness of judgements about whether to accept or continue a section 20 engagement.

2.54 If the Auditor-General determines that it is appropriate to withdraw from an engagement, the responsible engagement executive is required to discuss the withdrawal with the entity’s management and those charged with governance. The discussion includes the reason for withdrawal, and consideration of whether the withdrawal should be reported to regulatory authorities.

Engagement performance

Quality objectives (ASQM 1 paragraph 31)

Audit teams understand and fulfill their responsibilities including, as applicable, the overall responsibility of engagement executives for managing and achieving quality on the engagement and being sufficiently and appropriately involved throughout the engagement.

The nature, timing and extent of direction and supervision of audit teams and review of the work performed is appropriate, based on the nature and circumstances of the audit and the resources assigned or made available to the audit team, and the work performed by less experienced team members is directed, supervised and reviewed by more experienced team members.

Audit teams exercise appropriate professional judgement and professional scepticism.

Consultation on difficult or contentious matters is undertaken and the conclusions agreed are implemented.

Differences of opinion within the audit team, or between the audit team and the engagement quality reviewer or individuals performing activities within the ANAO’s system of quality management are brought to the attention of the Auditor-General and resolved.

Engagement documentation is assembled on a timely basis after the date of the audit report, and is appropriately maintained and retained to meet the needs of the ANAO and comply with law, regulation, relevant ethical requirements, or ANAO auditing standards.

Audit team responsibilities and engagement executive responsibilities and involvement

2.55 The ANAO Audit Manual policy clearly sets the responsibilities of audit teams and engagement executives to comply with ANAO Auditing Standards, ANAO Audit Manual policies and methodology.

2.56 ANAO auditors apply a robust methodology as set out in the ANAO Audit Manual and are supported by standardised documentation tools and templates. Application of this methodology ensures ANAO audits are of a consistent quality and are performed in accordance with the ANAO Auditing Standards.

2.57 The ANAO Audit Manual and supporting tools and templates are reviewed on an annual basis to incorporate any improvements or amendments arising from changes in the ANAO Auditing Standards, responses to findings from quality monitoring processes and audit staff consultation.

2.58 Compliance with ANAO Auditing Standards and the Audit Manual, including engagement executive involvement and approvals, are monitored through QA reviews.

2.59 The level of engagement executive and senior staff involvement in audits and other engagements is assessed as Audit Quality Indicators (AQIs) and benchmarked against comparable audit offices. These AQIs are reported in the Audit Quality Report.

Risk assessment process

2.60 Engagement risk is the risk of expressing an inappropriate audit conclusion based on evidence that is not soundly based. This may include evidence that is improper or incomplete as a result of inadequacies in the evidence gathering process, misrepresentation or fraud. In all ANAO audits and engagements an engagement risk rating is assigned at planning. Engagement risk is monitored throughout the engagement and updated for changes in circumstances.

Direction, supervision and review

2.61 The ANAO audit manual and methodology incorporate policies regarding direction, supervision and review of team-members by more senior staff. Auditors are provided with levels of direction, supervision and on-the-job training appropriate to their skills and experience. Engagement executives are responsible for determining that adequate direction and supervision is provided to all auditors working on an engagement.

2.62 Review responsibilities are allocated on the basis that the more experienced auditors, including engagement executives, review work performed by the less experienced members of the audit team. The engagement executive on each audit is required to review a sufficient quantity of the work performed to determine that the audit has been properly performed and appropriate evidence-based conclusions reached. Reviews are conducted in a timely fashion at appropriate stages during the audit.

2.63 Review processes differ in timing and extent of executive involvement for performance audits, performance statements audits and financial statements audits. This reflects the differences in the length and nature of the audits.

Performance audits

2.64 The key stages of review and approval for performance audits are:

  • Audit selection process – each quarter the Auditor-General approves the selection of performance audits, from the AAWP or otherwise identified as a priority, that are to commence.
  • Audit work plan (AWP) – the audit team, Executive Director (ED) and GED meet with the Auditor-General and Deputy Auditor-General to discuss the proposed AWP prior to an audit commencing. The Auditor-General approves the audit scope, audit objective and criteria, proposed audit methods and audit resourcing. Audit team members from financial statements audit and systems assurance and data analytics attend the workshop where the audit topic is relevant to their portfolio.
  • Progress review 1 – occurs when approximately 20% of the allocated audit hours have been consumed. The performance audit team meets with the ED for low and medium risk audits and the ED and GED for high-risk audits. The focus of this meeting is on assessing the plan agreed at the AWP approval stage and how achievable it is given new information as well as considering the storyline, test program and risk assessment and how the audit is tracking against timeframes.
  • Progress review 2 – occurs when approximately 50% of the allocated audit hours have been consumed. The audit team meets with the ED, GED, Deputy Auditor-General and Auditor-General to consider key findings, recommendations, the preliminary audit conclusion and the evidence base for these.
  • Progress review 3 – this may be required in rare circumstances for performance audits with major complexities. If a meeting is held, it will occur before or after the exit interview and can be requested by the ED, GED or Auditor-General.
  • Section 19 – a meeting is held to discuss the proposed audit report prior to it being issued to the accountable authority of the auditee for comment under section 19 of the Auditor-General Act. The report is reviewed by the ED, and provided to the Deputy Auditor-General and the Auditor-General for review and discussion at the section 19 meeting. Following the incorporation of any comments, the ED and, as necessary, the GED, reviews the section 19 report for final approval and formal signoff by the Auditor-General.
  • Final audit report – all final audit reports are formally signed-off by the responsible ED and approved for tabling in Parliament by the Auditor-General.

2.65 The ANAO contracts firms to undertake some performance audits or discrete parts of performance audits on behalf of the Auditor-General. Through the AAWP and/or the quarterly audit selection process, performance audits that have well established methodologies and lower engagement risk are identified as suitable for outsourcing. The contracted firm is required to plan and conduct the audit in accordance with ANAO’s methodology and policies. The contracted firm fulfils the responsibilities of the audit team in the key stages of review and approval set out in paragraph 2.64 and the ANAO Executive Director remains responsible for the audit. In 2022–23, four out of the forty performance audits tabled in Parliament were undertaken utilising contracted firms as the audit team.

Financial statements audits

2.66 The engagement executive reviews a sufficient quantity of the work to ensure that the audit has been properly performed and appropriate conclusions reached, given the evidence obtained. This includes a review of critical areas of judgment, especially those relating to difficult or contentious matters, significant risks and any other areas the engagement executive considers important. This review is conducted at the planning, interim and final stages of the audit and is completed on or before the date of the auditor’s report.

2.67 Where the signing officer and engagement executive are different people, the signing officer approves:

  • key aspects of the audit approach;
  • the engagement executive’s assessment of overall and performance materiality;
  • the schedule of unadjusted differences;
  • the audited financial statements; and
  • the audit report.

2.68 The FSASG GED, in consultation with the Auditor-General, may appoint a second reviewer to an audit. This is separate to the engagement quality review executive described below. A second reviewer will usually be appointed where a new signing officer is assigned to an audit, or an audit is conducted in-house after being contracted out for a period.

2.69 The ANAO contracts firms to undertake some financial statements audits on behalf of the Auditor-General. The determination of which audits are contracted out and which are performed in-house by the ANAO is performed using a risk-based model which takes the need for specific expertise into account. Under this model, audits are classified as follows:

  • audits requiring public sector specialist skills – this includes Departments of State, National security agencies, regulatory authorities and bodies key to the functioning of the APS. These audits are performed in-house by ANAO staff;
  • audits requiring specific industry expertise or in a location where it is not cost-efficient for the ANAO to perform the audit. These audits are contracted out to private sector firms; and
  • all other audits – performed either in-house or contracted out to balance workloads and to rotate audits that are contacted out.

2.70 A large proportion of the ANAO’s mandated financial statements audits (just over 65 per cent of the total number of audits, and just under 40 per cent of the total audit fees charged by the ANAO for mandated financial statements audits) are contracted-out to private sector auditing firms in order to deliver the total coverage of entities in a timely and cost-effective way. Responsibility for signing audit reports remains with the ANAO.

2.71 In the case of audits conducted by contract firms, the ANAO engagement executive remains responsible for the audit. The engagement executive is required to be satisfied that the contract engagement partner has completed their work consistent with the ANAO Auditing Standards and that the contractor’s work provides sufficient appropriate audit evidence to support the issue of the auditor’s report. This is achieved through briefings by the contract engagement partner at appropriate times during the audit. The signing officer also approves key aspects of the audit approach, including:

  • audit responses to significant risks;
  • the contract engagement partner’s assessment of overall and performance materiality;
  • the schedule of uncorrected misstatements;
  • the signing officer review memorandum;
  • the audited financial statements; and
  • the auditor’s report.

2.72 For larger or higher risk audits, the engagement executive’s involvement is extended with a greater involvement in audit planning and execution, regular meetings with the contract firm and auditee, and review of significant matters arising during the audit.

Performance statements audit

2.73 The PSASG GED provides recommendations to the Auditor-General on the selection and commencement of audits of annual performance statements.

2.74 The engagement executive takes responsibility for the overall quality on the performance statements audit, including:

  • the audit being planned, performed and documented in accordance with the ANAO auditing standards, the ANAO audit manual and any other relevant ANAO policy and legal and regulatory requirements;
  • appropriate review of the engagement documentation to be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued; and
  • that appropriate consultation has been undertaken on difficult and contentious matters.

2.75 The Signing Officer approves:

  • key aspects of the audit approach;
  • the interim management letter;
  • the audited performance statements; and
  • the auditor’s report.

2.76 For higher risk audits, the PSASG GED is more involved in the monitoring of audit planning, execution and reporting, including significant matters arising during the audit.

Professional judgment and professional scepticism

2.77 Auditing requires the use of professional judgment and professional scepticism. Professional scepticism is an attitude that includes a questioning mind being alert to conditions which may indicate possible misstatement or to the validity of evidence obtained, and a critical assessment of evidence. The exercise of professional judgment and scepticism entails ANAO staff approaching audits with an open mind, free of bias, and results in an independent and objective assessment of an entity’s financial or performance statements, or an aspect of its operations.

2.78 The ANAO recognises that coaching, direction and review is critical to the audit teams’ ability to exercise appropriate professional judgment and scepticism. The ANAO methodology steps support the application of the ANAO auditing standards, including those relating to exercising professional judgment and scepticism. Additionally, the ANAO Audit Manual specifies that senior staff are responsible for directing audit teams, which includes coaching teams to exercise appropriate professional judgment.

2.79 In addition, ANAO auditors conduct audits with an open mind, free from bias.

Consultation and differences of opinion

2.80 The ANAO audit manual includes policies requiring appropriate consultation on difficult or contentious matters. Depending on the nature of the matter, consultation is with either the engagement quality review executive, the relevant GED or with specialists in PSRG. The ANAO also has policies setting escalation processes to resolve a difference in opinion. An audit report cannot be issued if there is an unresolved significant difference of opinion within the ANAO.

Qualifications and Technical Advisory Committee

2.81 The ANAO has a Qualifications and Technical Advisory Committee (QTAC), which provides a forum for engagement executives to consult on difficult or contentious matters and, where necessary, resolve differences of opinion on audit related matters. ANAO policy identifies the matters that must be referred to QTAC who meet as required to provide advice to the Auditor-General. These matters include:

  • issuing a modified financial statements or performance statements audit opinion or conclusion;
  • differences of opinion;
  • accounting or audit matters which are likely to attract significant Parliamentary or public attention;
  • consideration of the adequacy of the underlying audit evidence;
  • accounting or related matters that are material to the Commonwealth’s Consolidated Financial Statements where there is, or there is significant potential for, different professional opinions; and
  • proposal to not comply with an ANAO Auditing Standards or ANAO Audit Manual policy.

2.82 Potentially difficult or contentious issues are reported to the Weekly Operational Committee, one of the ANAO’s governance committees. Compliance with policies on consultation processes and resolving differences of opinion are assessed in the QA Program.

Engagement quality review

2.83 The ANAO Audit Manual requires that an Engagement Quality Reviewer (EQR) be appointed to:

  • all high-risk performance audits and performance statements audits;
  • all high risk mandated financial statements audits of entities that are material to the Commonwealth’s Consolidated Financial Statements;
  • all financial statements audits of entities determined to be Public Interest Entities;
  • any other engagements for which an EQR is required by law or regulation; and
  • any other audit at the discretion of the relevant GED, the Deputy Auditor-General or the Auditor-General.

2.84 In the case of financial statements audits of non-material entities that are assessed as high risk, the engagement executive considers the appropriate response to that risk assessment, which may result in the appointment of an EQR.

2.85 The EQR provides an objective evaluation of the significant judgements made by the audit team and conclusions reached in formulating the audit report.

2.86 The ANAO Quality Assurance Program reviews compliance with the EQR policy including:

  • an assessment of whether an EQR was required to be appointed;
  • whether an appointed EQR met the eligibility criteria; and
  • whether the documentation of that involvement throughout the audit was in accordance with the ANAO Audit Manual policy requirements.

Documentation

2.87 The ANAO’s policies and procedures are designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of audit documentation. All ANAO documentation is retained in accordance with the ANAO record keeping policy. At the completion of the audit, the audit file is finalised and locked to prevent any changes after the finalisation of the audit. Backups of all ANAO computerised files are made regularly and a disaster recovery plan is in place. Policy and guidelines in this area are based on the Australian Government Protective Security Policy Framework. Compliance with documentation requirements is monitored through the ANAO’s QA Program.

Resources

Quality objectives (ASQM 1 paragraph 32)

ANAO staff are hired, developed and retained and have the competence and capabilities to consistently perform quality audits or carry out non-audit responsibilities in relation to the operation of the ANAO system of quality management.

ANAO staff demonstrate a commitment to quality through their actions and behaviour, develop and maintain the appropriate competence to perform their roles, and are held accountable or recognised through timely evaluations, compensation, promotion and other incentives.

Individuals are obtained from external sources (i.e., service providers) where the ANAO does not have sufficient or appropriate personnel to enable the operation of the ANAO’s system of quality management or performance of engagements.

Engagement team members are assigned to each engagement, including an engagement executive, who have appropriate competence and capabilities, including being given sufficient time, to consistently perform quality engagements.

Individuals are assigned to perform activities within the system of quality management who have appropriate competence and capabilities, including sufficient time, to perform such activities.

Appropriate technological resources are obtained or developed, implemented, maintained, and used, to enable the operation of the ANAO’s system of quality management and the performance of quality engagements.

Appropriate intellectual resources are obtained or developed, implemented, maintained, and used, to enable the operation of the ANAO’s system of quality management and the consistent performance of quality engagements, and such intellectual resources are consistent with ANAO auditing standards and applicable legal and regulatory requirements, where applicable.

Human, technological or intellectual resources from service providers are appropriate for use in the ANAO’s system of quality management and in the performance of engagements, taking into account the quality objectives above.

Human Resources

2.88 The ANAO articulates its commitment to investing in workforce capability in the ANAO Workforce Plan. The ANAO’s people policies and procedures aid in the attraction, development and retention of staff who have the necessary integrity and capability to perform the work required.

2.89 The ANAO Academy is the hub of continuous professional learning through which the ANAO delivers its commitment to cultivating workforce capability. The ANAO also evaluates, recognises and improves workforce performance through its performance and career development program.

ANAO workforce capability and capacity

2.90 Workforce capability and capacity is a key driver of audit quality. The ANAO Workforce Plan considers the immediate and future resourcing and capability requirements of the ANAO. It captures strategies to attract, develop and retain staff, including measures to support high performance, technical and specialist skill development and succession planning towards leadership positions. The plan outlines an evidence-based approach to recruitment based on a supply and demand analysis of key job families. The workforce plan, and broader ANAO polices, focus on maintaining a working environment that enables the ANAO to be seen as an employer of choice and leader in public sector auditing.

2.91 Additionally, workforce resourcing risks are closely monitored by senior leaders at the ANAO. The risk of the ANAO not having sufficient workforce capability and capacity is articulated in the ANAO Enterprise Risk Register, which is discussed as a standing agenda item at Quality Committee and People and Change Committee, which provide strategic advice to EBOM on people and capability development, for further monitoring.

Learning and development

2.92 The ANAO is a learning organisation, with the ANAO supporting, and our staff committed to, continuous learning, growth and development. Professional learning is accessed through the ANAO Academy, which delivers a vision for capability development that is empowering, purposeful, impactful and quality assured. The Academy comprises both technical and non-technical learning.

2.93 Staff complete mandatory learning requirements through the Academy, including essential training to undertake their duties as public servants and continuous professional development (CPD) to meet technical capability requirements. Mandatory learning encompasses the ANAO new-starter induction and annual e-learning modules accessed through the Academy Learning Management System (LMS). As part of the ANAO annual performance assessment process, staff include a declaration confirming the completion of all corporate mandatory training requirements.

2.94 The ANAO offers staff a blended curriculum of classroom training comprising both technical and non-technical courses and a library of e-learning modules. ANAO courses have been designed and developed in consultation with the service groups and are aligned to the six core capabilities contained in the ANAO Capability Framework.

Performance and career development

2.95 Performance management at the ANAO is an ongoing process of communication between staff members and their direct supervisor with a view to improve organisational effectiveness and individual performance. The ANAO’s Performance and Career Development Policy has been designed to facilitate high performance across the ANAO, which in turn supports the ANAO to achieve its business and quality objectives.

2.96 Performance plans contain the agreed expectations of performance and behaviour for staff as well as documenting the mandatory training to be undertaken over the performance cycle. Staff are asked to draft their performance plan that takes account of:

  • the ANAO Capability Framework;
  • the relevant level standards;
  • mandatory training requirements; and
  • any group or specific information provided within group plans that relate to role development.

2.97 Performance ratings are moderated by SES supervisors (or by the Deputy Auditor-General for performance ratings of SES officers), who ensure that audit quality has been considered in the assignment of performance ratings.

Use of contractors

2.98 The ANAO engages contractors obtained from external resources, including auditor’s experts such as valuers and actuaries, to perform audit functions under the supervision of senior staff at the ANAO. Individual contractors are also engaged as contract-in staff to supplement staff resourcing on in-house audits; in other instances, the ANAO contracts out the performance of an audit, or part of an audit, to a private sector firm.

2.99 The policies and procedures which apply to contractors, which are intended to ensure that the ANAO’s quality objectives are achieved, are outlined above at paragraphs 2.41–2.44 (in relation to relevant ethical requirements) and 2.65 and 2.69–2.72 (in relation to engagement performance).

2.100 The ANAO has an approach to contract-out audits that balances the expertise, skills and resourcing capability to be gained from contracting-out, while supporting the resourcing requirements of the ANAO to ensure and support quality.

Assignment of engagement teams and individuals who perform activities within the system of quality management

2.101 The ANAO’s allocation policies and processes ensure that audit team members have appropriate competence and capabilities, including sufficient time. Staff workloads are monitored throughout the audit cycle using resourcing and time charging tools. Engagement executives are responsible for monitoring the allocation of personnel to engagements and to raise concerns to the responsible Group Head.

2.102 ANAO policies also specify that the assignment of individuals to perform activities within the SOQM take into account their capability, competence and time available to perform such activities. These policies are supported by ANAO group business plans, which identify projects, activities, tasks and priorities for each service group, including activities performed in the SOQM. Active monitoring of progress against business plans, including through six-monthly reporting to EBOM, ensures that sufficient time is allocated to key quality management activities.

Technological resources

2.103 As outlined in the ANAO’s Corporate Plan 2023–24 the ANAO is focused on keeping pace with advances in technology to ensure we remain positioned to respond to environmental changes, mitigate risks and deliver on our purpose.

2.104 Change across the ANAO is supported by a structured approach to strategic planning, governance, risk management and change management. In particular, IT initiatives adhere to a project management framework involving:

  • Approval through appropriate governance mechanisms;
  • An escalation pathway for issue, risk and scope change management;
  • Taking advantage of learnings from other projects;
  • Managing dependencies between projects;
  • Accurate reporting to governance bodies; and
  • Efficiency gains through implementation of repeatable processes.

2.105 The ANAO Audit Manual sets out requirements in relation to the use of the following existing IT applications, to ensure that they are used in an appropriate manner to enable the operation of the system of quality management and the performance of engagements.

  • TeamMate is required to be used to document all audits and other assurance engagements in accordance with the ANAO Audit Manual and record keeping policies.
  • Data analytics solutions provide a means of analysing large volumes of detailed data in a manner not easily achievable through manual procedures. Data analytics solutions are quality assured by SADA. Where it is intended that a solution be used as a ‘standardised solution’ across multiple audits, it is required to be approved by PSRG. PSRG approval is required where a standardised solution is used in a manner different to that specified in its design specifications, or where a non-standardised solution is used.

Intellectual resources

2.106 The principal intellectual resources utilised by the ANAO are its policies and procedures, including the ANAO Audit Manual, and its methodology. The ANAO audit methodology for financial statements audits is procured from a private sector firm.

2.107 To ensure that the ANAO’s intellectual resources are appropriate, the PSRG GED is responsible for the audit methodology applied by the ANAO which supports compliance with the ANAO Auditing Standards. This includes the development of policies and procedures to support that audit methodology. Additionally, the Audit Manual is reviewed on an annual basis by PSRG and is reviewed and approved by the Quality Committee and then by EBOM. Methodologies are reviewed by PSRG and approved by the PSRG GED, in consultation with the relevant audit service group.

Service providers

2.108 The ANAO uses service providers who provide human resources, technology and methodology support and, in some instances, are contracted to perform engagements on behalf of the ANAO. ANAO procurement, contract evaluation and contract management processes are designed to ensure that human, technological or intellectual resources from service providers are appropriate and in line with ANAO objectives. The ANAO procurement process complies with the Commonwealth Procurement Rules (CPRs) and is designed to meet the intent of the CPRs.

Information and communication

Quality objectives (ASQM 1 paragraph 33)

The information system identifies, captures, processes and maintains relevant and reliable information that supports the system of quality management, whether from internal or external sources.

The culture of the ANAO recognises and reinforces the responsibility of personnel to exchange information with the ANAO and with one another.

Relevant and reliable information is exchanged throughout the ANAO, including:

  • Sufficient information is communicated to staff to enable them to understand and carry out their responsibilities within the system of quality management; and
  • staff communicate information to the ANAO when performing activities within the system of quality management or engagements.

Relevant and reliable information is communicated to external parties, including:

  • Information is communicated by the ANAO to service providers, enabling service providers to fulfill their responsibilities relating to the services or resources provided by them; and
  • Information is communicated externally when required by law, regulation or ANAO auditing standards, or to support external parties’ understanding of the system of quality management.

Information systems

2.109 The ANAO uses a number of information systems which support its system of quality management and the performance of engagements, including:

  • TeamMate – the ANAO’s audit software, which is used to retain audit documentation;
  • E-Hive – the ANAO’s enterprise document management system;
  • Saviom – the ANAO’s enterprise resource management and workforce planning system;
  • Aurion Timekeeper – the ANAO’s time recording system;
  • Learning Management System;
  • SharePoint – the ANAO intranet;
  • ANAO website;
  • SADA data analytics tools and Nuix; and
  • Microsoft applications such as Excel.

2.110 Issues with systems are raised with the CMG.

Communication within the ANAO

2.111 The ANAO encourages collaboration and information-sharing between staff in accordance with the Auditor-General Act and the Protective Security Policy Framework.

2.112 ANAO audit manual policies and processes support collaboration between audit service groups, including the participation of representatives of all audit service groups in key performance audit meetings; and the process of developing the Annual Audit Work Plan includes planning workshops which bring together staff across service groups to discuss risks in various portfolios. Information sharing also occurs through town hall meetings, LearnFest (the ANAO’s annual whole-of-office learning and development week), staff forums and other corporate events. Additionally, office neighbourhoods are designated for particular portfolio groups to enhance collaboration.

2.113 New starter and induction training programs are designed to provide new starters with all reliable information relevant to their duties. For ANAO staff more generally, regular technical updates inform staff about any changes to aspects of the system of quality management, including changes to Audit Manual policies, methodology and templates.

Communication with external parties

2.114 The ANAO communicates with external parties including auditees, service providers, Parliament, the Australasian Council of Auditors General and the International Organisation of Supreme Audit Institutions.

Communication with auditees

2.115 Audit committees are an important element of an entity’s governance arrangements and are a key point of contact for the ANAO. ANAO representatives attend, as observers, as many audit committee meetings of Commonwealth entities and Commonwealth companies as are reasonably practicable, to meet its obligations under the auditing standards in respect of information and communication.

2.116 Engagement executives are also responsible for communicating with the accountable authority of an auditee, which is charged with the governance of the auditee.

Communication with service providers

2.117 The ANAO contracts service providers to provide human resources, technology and methodology support, and to perform engagements on the ANAO’s behalf. The ANAO therefore recognises that effective communication with service providers is an important mechanism for promoting audit quality.

2.118 The ANAO provides all relevant ANAO policies and templates to contracted service providers firms via the GovTeams contractor community page. Additionally, annual webinars communicate changes to policies, template and requirements and regular notifications communicate the release of new information. For contract staff, onboarding processes include mandatory online modules specifically designed to set out expectations for contractors. Additionally, the ANAO Audit Manual makes clear that the requirements which apply to contractors are consistent with those which apply to ANAO staff.

Communication with other external parties

2.119 The ANAO also communicates its Quality Management Framework by publishing this Quality Management Framework and Plan, the Audit Quality Report, and the Audit Manual on the ANAO website. The ANAO is not required to communicate these matters to external parties under the ANAO Auditing Standards, legislation or regulations, but chooses to publish them to demonstrate transparency over how the ANAO system of quality management supports the consistent performance of quality engagements. This is intended to promote the confidence of Parliament and the general community in the ANAO.

Monitoring and remediation process

ASQM 1 requirement (paragraph 35–47)

ASQM 1 requires the ANAO to:

  • establish a monitoring and remediation process to provide information about the design, implementation and operation of the system of quality management, and to take action to respond to identified deficiencies on a timely basis;
  • design and perform monitoring activities to provide a basis for the identification of deficiencies, which must include the inspection of completed engagements; the inspection must consider the other monitoring activities undertaken by the ANAO and must select at least one completed engagement for each engagement executive on a cyclical basis;
  • establish policies and procedures requiring that the individuals performing the monitoring activities have the competence and capabilities, including sufficient time, to perform the monitoring activities effectively, and be objective;
  • evaluate findings to determine whether deficiencies exist, and evaluate the severity and pervasiveness of identified deficiencies by investigating the root cause(s) of the deficiencies and evaluating their effect on the SOQM;
  • design and implement remedial actions to address identified deficiencies that are responsive to the results of the root cause analysis; the individual assigned operational responsibility for the monitoring and remediation process is required to evaluate whether the remedial actions are appropriated designed and effective and, if the evaluation indicates that they are not, take action to appropriately modify them;
  • respond to findings that an engagement for which procedures required were omitted or the report issued may be inappropriate, including taking appropriate action to comply with relevant ANAO standards and applicable legal and regulatory requirements, and when the report is considered to be inappropriate, considering the implications and taking appropriate action.

ASQM 1 also requires the individual assigned operational responsibility for the monitoring and remediation process to communicate on a timely basis to the individuals assigned ultimate and operational responsibility and accountability for the SOQM, and to engagement teams and other individuals assigned activities within the SOQM:

  • a description of the monitoring activities performed;
  • the identified deficiencies, including the severity and pervasiveness of such deficiencies; and
  • the remedial actions to address the identified deficiencies.

This communication enables these individuals and teams to take prompt and appropriate action in accordance with their responsibilities.

2.120 A key element of the Quality Management Framework is monitoring of compliance with policies and procedures that comprise the system of quality management. The monitoring system involves internal and external quality assurance reviews of the ANAO’s audits and other assurance engagements.

2.121 Monitoring activities are the responsibility of the PSRG GED, and include:

  • annual quality assurance reviews of a selection of completed audits covering all of the functions of the ANAO;
  • real time quality assurance reviews of a selection of in-progress financial statements and performance statements audits;
  • an annual internal audit of compliance with components of the ANAO Audit Manual;
  • biennial external peer reviews of a selection of completed performance audits performed by the Office of the Auditor General New Zealand (OAG NZ); and
  • external reviews of the Quality Management Framework and a selection of completed audits by the Australian Securities and Investments Commission (ASIC), as considered appropriate.

Internal reviews

2.122 The objective of ANAO internal quality assurance reviews is to form an opinion on whether each engagement file inspected:

  • complies with the Act, professional requirements, ANAO auditing standards and other legal and regulatory requirements;
  • complies with the ANAO’s policies and procedures, including quality management;
  • provides relevant, reliable and timely information about the design, implementation and operation of the system of quality management; and
  • evidences sufficient and appropriate assurance procedures to support conclusions reached.

2.123 Compliance with the independence policies, including the completion of independence declarations, is tested as part of the ANAO’s quality management processes, internal audits and quality assurance monitoring reviews.

2.124 The mix of audits selected for review comprises audits conducted utilising in-house resources and those undertaken by contracted firms. The ANAO selects audits and other engagements in accordance with the ANAO Audit Manual QA review selection policy, which provides sufficient coverage of all responsible engagement executives on a cyclical basis.

2.125 All deficiencies noted as a result of the monitoring process are evaluated and classified according to an agreed rating scale. Audits are given an overall rating of satisfactory or unsatisfactory.

2.126 The ANAO conducts root-cause analysis to understand more deeply any areas in our work where we have identified scope for improvement to continue to improve our audit practice. The root-cause analysis is targeted towards any audit files rated unsatisfactory under the QA Program and a selection of identified thematic findings. The root-cause analysis assists with identifying what corrective action (if any) is required, including whether any targeted training needs to be provided.

2.127 Where a QAR of an individual engagement indicates that an inappropriate audit report may have been issued or that procedures were omitted such that sufficient and appropriate evidence may not have been obtained on a material item, the responsible GED is required consult with the PSRG GED to agree further corrective actions and to advise the matter to the Auditor-General and Deputy Auditor-General.

Ad-hoc reviews initiated by the Auditor-General

2.128 The Auditor-General may initiate reviews of in-process or completed audits on an ad-hoc basis. These reviews are conducted by the GED or other relevant specialists in PSRG, who are independent of the performance of the audit. Circumstances that may result in an ad-hoc quality review include parties external to the ANAO raising concerns or questions about the quality of work performed by the ANAO or the evidence supporting a conclusion or finding in an audit.

External reviews

2.129 External oversight of quality at the ANAO is provided through scrutiny from the Parliament; peer review arrangements with the OAG NZ; the ASIC review; and external audits.

2.130 All audit reports produced by the ANAO are public documents and tabled in the Parliament. The Joint Committee of Public Accounts and Audit (JCPAA) reviews all tabled Auditor-General reports and conducts inquiries into selected reports.

2.131 Section 41 of the Auditor-General Act 1997 (the Act) establishes the position of the Independent Auditor, appointed by the Governor-General. Under Part 7 Division 2 of the Act, the Independent Auditor is required to audit the ANAO annual financial statements and may at any time conduct a performance audit of the ANAO (having regard to the audit priorities of the Parliament determined by the JCPAA). The Independent Auditor also audits the ANAO’s annual performance statements at the request of the Auditor-General.

2.132 The ANAO engages the ASIC to conduct an annual review of the Quality Management Framework and financial statements audit files, in a similar way to the review work conducted by ASIC on external auditors in the private sector.

2.133 All external audits and reviews are published on the ANAO website.

Communication of the results of monitoring activities

2.134 The results of internal and external monitoring activities are reported to EBOM, the Quality Committee and the ANAO Audit Committee. PSRG communicates to EBOM a description of the monitoring activities performed and the deficiencies identified, including the severity and pervasiveness of such deficiencies. The GED PSRG and the relevant GED agree proposed remedial actions to address the deficiencies and the root causes of deficiencies for EBOM endorsement. The proposed remedial actions as reported to EBOM identify the officers responsible for the implementation and expected completion deadlines.

2.135 The ANAO Quality Committee is responsible for monitoring the ANAO’s progress in addressing the findings and recommendations arising from the monitoring activities. The ANAO Audit Committee also receives reports at each meeting on results of monitoring activities as well as the status of the implementation of recommendations arising from external monitoring processes.

2.136 Findings from monitoring processes are communicated to ANAO audit staff and contract firms to allow all staff to implement lessons learnt and to foster continuous improvement.

Complaints and allegations

2.137 The ANAO Audit Manual sets policies and processes for the formal management of any complaints or allegations that the work performed by the ANAO does not comply with applicable standards, requirements, systems of quality management or independence policies. The policies include escalation and consultation procedures to resolve any complaints or allegations made. The policy also sets out remedial actions required if a deficiency in the design or operation of the ANAO’s quality management policies and procedures, or non-compliance with the ANAO’s system of quality management by an individual or individuals, are identified during the investigation into a complaint or allegation.

2.138 The ANAO has appointed authorised officers to manage public interest disclosures under the Public Interest Disclosure (PID) Scheme. The scheme provides for employees (including former employees) of the ANAO and contracted service providers to the ANAO, to make a PID of suspected wrongdoing relating to any public official, and provides for any public officials and former public officials to make a PID of suspected wrongdoing relating to ANAO activities or ANAO officials.

Evaluating the system of quality management

ASQM 1 requirement (paragraphs 53–56)

The Auditor-General is required to evaluate the system of quality management at least annually. The Auditor-General is required to conclude on whether the system of quality management provides the ANAO with reasonable assurance that the objectives of the system of quality management are being achieved.

If the Auditor-General concludes that the system of quality management (SOQM):

  • does not provide reasonable assurance; or
  • provides reasonable assurance except for identified deficiencies that have a severe but not pervasive effect;

the ANAO is required to:

  • take prompt and appropriate action; and
  • communicate to engagement teams, other individuals assigned activities within the system of quality management, and external parties.

2.139 The Auditor-General, based on advice and recommendations from the PSRG GED and the ANAO Quality Committee, evaluates and concludes whether the SOQM provides reasonable assurance that the ANAO’s quality objectives are being achieved.

2.140 The evaluation and conclusion are made on an annual basis and are reported in the ANAO Quality Report. The Quality Report describes the basis on which the Auditor-General’s conclusion is made.

2.141 The evaluation and conclusion on the SOQM are informed by the results of the ANAO’s monitoring activities and the ANAO’s performance against audit quality indicators.

2.142 If the evaluation identifies deficiencies in the SOQM, the Auditor-General may conclude that the Quality Management Framework does not provide reasonable assurance that the ANAO quality objectives are being achieved. If this occurs, the PSRG GED is required by ANAO policies to determine what corrective action is required following consultation with the Group Head(s). Any recommendations for corrective action or improvements to the SOQM are provided to EBOM for endorsement. The Quality Committee is responsible for monitoring the implementation of recommendations and other corrective actions.

3. Quality management strategy and deliverables for 2023–24

3.1 The ANAO’s focus in 2023–24 will include the implementation of the quality management plan and enhancements to the quality framework with particular emphasis on:

  • monitoring compliance with ASQM 1 - Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements; ASQM 2 - Engagement Quality Reviews; and ASA 220 - Quality Management for an Audit of a Financial Report and Other Historical Financial Information;
  • continuing to expand our root cause analysis program - in particular, expanding the program to include analysing results from quality assurance reviews of performance statements audit and performance audit files, as well as continuing to expand the existing program for analysing results from financial statements audit quality assurance reviews;
  • continuing to refine the performance statements audit manual and methodology; and
  • refining the methodology associated with auditing efficiency and ethics, including reviewing application of the efficiency methodology in practice and monitoring implementation of the ethics methodology.

Table 3.1: Key deliverables for 2023–24

Quality framework element

High level objectives

Brief scope of work

Completion date

All elements

To evaluate the system of quality management and conclude whether the ANAO Quality Management Framework provides the ANAO with reasonable assurance that the ANAO quality objectives are being achieved

Annual evaluation and conclusion on the ANAO Quality Management Framework.

30 November 2023

Annual review of quality objectives and quality risks

31 March 2024

Annual audit manual review – shared content

31 March 2024

To communicate to external parties to support their understanding of the ANAO’s system of quality management

Publication of the Audit Quality Report

30 September 2023

Engagement performance

To ensure that the ANAO audit methodology is compliant with the ANAO Auditing Standards

Annual audit manual review - financial statement audits

31 March 2024

Annual audit manual review - performance audits

30 April 2024

Annual audit manual review – performance statements audit

31 March 2024

Annual financial statement audit methodology and template updates

30 November 2023

Annual assessment of performance audit methodology and template updates

30 April 2024

Annual performance statements audit methodology and template updates

30 November 2023

Annual communication template updates

30 June 2024

To ensure ANAO staff are supported in the application of ANAO audit methodology and ANAO Auditing Standards

Financial statements audit peer review program

31 October 2023

To maintain a high level of audit quality by keeping ANAO staff knowledge up-to-date and fostering continuous improvement

Training on methodology and standards updates, quality findings and other relevant issues

30 June 2024

Release of regular and timely methodology reminders, communicating areas of focus identified in quality assurance and peer reviews.

30 June 2024

To maintain a high level of audit quality by keeping contract firms’ knowledge up-to-date and fostering continuous improvement

Contractor webinar on methodology and standards updates, quality findings and other relevant issues including topic specific training to address knowledge gaps identified in quality assurance reviews

31 May 2024

Presentation to contract firm relationship partners on ANAO expectations for quality and results of quality inspections

30 June 2024

Monitoring and Remediation

To determine whether audits have been performed in accordance with the ANAO Auditing Standards

Annual internal review of a sample of completed financial statements audits

31 March 2024

Annual internal review of a sample of completed performance audits

31 July 2024

Annual internal review of a sample of completed performance statements audits

31 March 2024

Annual internal real-time review of in-progress financial statement audits

30 November 2023

Annual internal real-time review of in-progress performance statements audits

30 November 2023

Annual external review by ASIC of ANAO quality framework

30 June 2024

Annual external review by ASIC of a sample of completed financial statement audits

30 June 2024

Biennial peer review by NZ OAG of a sample of completed performance audits

30 June 2024

Internal audits of compliance with selected requirements of the ANAO audit manual

30 June 2024

To obtain insights on audit quality from entity feedback on their experience with the performance audit process

Annual independent external survey of entities that have been involved in a performance audit. The survey focusses on the audit process, audit reporting and value of the performance audit

31 August 2023

To obtain insights on audit quality from entity feedback on their experience with the annual financial statements audit process

Annual independent survey of entities that have been involved in an annual financial statement audit. The survey focusses on the knowledge, skills and conduct of the audit staff and the value of the financial statement audit services

31 January 2024

To identify the root cause(s) of inspection findings in order to determine most appropriate remedial actions

Root cause analysis of unsatisfactory files and thematic findings and observations

Completed in conjunction with internal QA reviews and reporting

To monitor themes arising in inspections of contract firms

Review of published results of QA reviews of firms, firm transparency reports and the annual ASIC audit inspection report.

30 June 2024

       

4. Measurement framework

Corporate plan performance measure

4.1 The ANAO Corporate Plan includes one performance measure in respect of quality:

The ANAO’s independent Quality Assurance Program indicates that audit opinions and conclusions are appropriate.

4.2 Performance against this measure is assessed through the ANAO Quality Assurance Program (QA program) and the results reported in the ANAO annual performance statements.

Audit quality indicators

4.3 Audit quality indicators (AQIs) are reliable quantitative measures regarding individual audits and organisations that perform audits which provide insights about key matters that may contribute to the quality of an audit. Taken together with qualitative context, the indicators may inform discussions regarding auditing process and lead to strengthened audit planning, execution, and communication.

4.4 The ANAO 2022–23 Quality Report will report on 10 quantitative AQIs. Four AQIs are measures from the Australasian Council of Auditors-General (ACAG) macro benchmarking survey in which most Australian audit offices, including the ANAO, participate. The ACAG macro benchmarking survey project is an annual exercise that has been conducted since 1994. The overall purpose of the project is to provide, to the extent practicable, comparable information to audit offices across Australasia on quantitative and qualitative benchmarks of the operations of audit offices and specific characteristics of each jurisdiction. The remaining six AQIs are derived from ANAO performance measures, audit manual policy requirements and expectations regarding independence and audit quality.

4.5 Measuring AQIs against specific benchmarks can inform and enhance reporting about audit quality and assist in understanding the root causes of quality inspection findings. This in turn enhances audit quality by ensuring that remediation activities address the issues that potentially impact audit quality.

4.6 The ANAO has identified benchmarks for each of these AQIs against which ANAO results are assessed and interpreted in the Audit Quality Report. ANAO benchmarks for the AQIs derived from the ACAG macro benchmarking survey are developed using past results of comparable audit offices to calculate a three-year rolling average.

Table 4.1: The ANAO measures the following AQIs against the nominated benchmarks

Audit Quality Indicator

Benchmark

Source of benchmark

Relevant ethical requirements

1. Compliance with independence requirements — Breaches of independence policy

0

Zero risk and quality tolerance for independence policy breaches

Human resources

2. Staffing leverage — Ratio of engagement executive hours charged to in-house financial audit work to lower-level audit staff hours

0.09

ACAG Macro Benchmarking survey

3. Engagement executive and manager workload — Hours charged by audit staff who are classified as an engagement executive, Manager, EQCR executive or higher as a percentage of total hours charged

ACAG Macro Benchmarking survey

Financial Audit and Performance Statements Audit

22%

 

Performance audit

40%

 

4. Staff workload — Chargeable hours per FTE professional

ACAG Macro Benchmarking survey

Financial audit and Performance Statements Audit

1,200

 

Performance audit

1,100

 

5. Technical accounting and auditing resources — Percentage of total office expenditure allocated to technical resources

2%

ACAG Macro Benchmarking survey

6. Turnover of audit personnel

15-20%

ANAO Workforce Strategy

7. Training hours per audit professional

80

ACAG Macro Benchmarking survey

Audit performance

8. Frequency and impact of material financial statement restatements and errors — Number and percentage (of audited financial statements) of restatements for material errors, computed annually, and the magnitude of those restatements

0

The ANAO aims to have no material restatements resulting from errors detected after the auditor’s report is issued.

Monitoring

9. Internal quality review results — Percentage of engagement executives subject to review annually

ANAO policy

Financial audit

33%

 

Performance audit

33%

 

Contracted out firms – financial audit

33%

 

Performance statements audit

33%

 

10. Internal quality review results — Number of audit files rated as ‘unsatisfactory’ in the ANAO Annual Inspection Program

0

The ANAO aims to have no unsatisfactory audit files.

     

Audit quality reporting

4.7 The ANAO will produce an Audit Quality Report at the end of the financial year and publish it on the ANAO website. This Audit Quality Report provides transparency in respect of the processes, policies, and procedures that are used to address or support each element of audit quality. Performance in respect of the AQIs will also be measured and reported against the indicated benchmarks. The achievement of the quality assurance strategy and deliverables will also be reported on to enhance accountability.