1.1 The purpose of the Australian National Audit Office (ANAO) is to support accountability and transparency in the Australian Government sector through independent reporting to the Parliament, and thereby contribute to improved public sector performance.

1.2 The quality of ANAO audit work is reliant on the strength of its independence and system of quality management (SOQM). A sound SOQM supports delivery of high-quality audit work and enables the Auditor-General to have confidence in the opinions and conclusions in the reports prepared for the Parliament. This facilitates the confidence of the Parliament that the ANAO operates with independence and that the audit approach meets the auditing standards set by the Auditor-General.

1.3 The ANAO defines audit quality as the provision of timely, accurate and relevant audits, performed independently in accordance with the Auditor-General Act 1997 (the Act), and ANAO Auditing Standards and methodologies, which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

1.4 The Quality Management Framework and Plan describes the ANAO’s SOQM and sets out the key responses to address identified quality risks planned for the financial year as part of the ANAO’s investment in audit quality.

Framework for quality management

1.5 The ANAO is established under the Auditor-General Act 1997. Section 24 of the Act requires the Auditor-General to set auditing standards that are to be complied with by persons performing functions under the Act. The ANAO Auditing Standards set under this provision incorporate standards issued by the Auditing and Assurance Standards Board (AUASB) and relevant auditing and assurance standards issued by standard-setting bodies other than the AUASB as appropriate. With respect to quality management, this includes ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (ASQM 1) and ASQM 2 Engagement Quality Reviews.

Purpose of the Quality Management Framework and Plan

Quality Management Framework

1.6 In accordance with ASQM 1, the ANAO has designed, implemented and operates a system of quality management, the ANAO Quality Management Framework. The SOQM enables the consistent performance of quality audits by providing the Auditor-General with reasonable assurance that:

• the ANAO’s people fulfill their responsibilities in accordance with the ANAO Auditing Standards and applicable legal and regulatory requirements, and the ANAO delivers on its purpose in accordance with such standards and requirements; and
• reports issued by the ANAO are appropriate in the circumstances.

1.7 The Quality Management Framework is designed to meet ANAO quality objectives. The policies and procedures that make up the Quality Management Framework respond to quality risks that arise in respect to the nature and circumstances of the ANAO and the engagements conducted. An annual review of the quality objectives and risks ensures that additional or modified quality objectives and risks are identified and modifications and additions to the Quality Management Framework are designed and implemented as necessary.

1.8 The Quality Management Framework includes policies and procedures that address:

1. The ANAO’s risk assessment process;
2. Governance and leadership;
3. Relevant ethical requirements;
4. Acceptance and continuance of client relationships and specific engagements; 
5. Engagement performance;
6. Resources;
7. Information and communication; and
8. Monitoring and remediation process.

Quality Management Plan

1.9 The Quality Management Plan is informed by the priorities identified in the ANAO Corporate Plan, the prior period’s results of the ANAO Quality Assurance Program (the QA Program), and better practice insights from engagement with peers and the wider auditing profession. The plan:

• identifies and highlights the key activities to be performed and monitored to provide assurance that critical aspects of the Quality Management Framework are operating effectively;
• includes a timetable for deliverables to provide accountability by ensuring that quality management activities are completed and reported on as planned;
• facilitates coordination of all monitoring activities, including internal audit, internal and external quality assurance reviews and external audit; and
• identifies the resource requirements necessary for the performance of monitoring functions.

1.10 The ANAO Corporate Plan contains the following performance measure in respect of quality:

The ANAO’s independent Quality Assurance Program indicates that audit opinions and conclusions are appropriate.

1.11 The QA Program is a key activity that addresses the monitoring element of the Quality Management Framework. The objective of the QA Program is to form an opinion as to whether each audit report:

• complies with ANAO Auditing Standards, policies and procedures and other legal and regulatory requirements; and
• evidences sufficient appropriate audit procedures to support conclusions reached.

1.12 The QA Program also provides assurance on the implementation and operating effectiveness of other elements of the Quality Management Framework. The scope of the QA Program is discussed in the monitoring and remediation section of this document.

1.13 The strategy and activities described in the Quality management strategy and deliverables for 2024–25 focus on those that address the audit performance and monitoring and remediation elements of the Quality Management Framework.

Overview

2.1 A sound quality management framework supports high-quality evidence and standards-based audit work. This enables the Parliament to have confidence in the opinions and conclusions made by the Auditor-General.

2.2 The ANAO Quality Management Framework is in accordance with the requirements of Auditing Standard ASQM 1.

2.3 The framework encompasses a number of key elements as presented in Figure 1.

Figure 1: Elements of the ANAO quality management framework

Responsibilities for the system of quality management

2.4 The Auditor-General is ultimately responsible for the system of quality management in place for all management and related activities undertaken by the ANAO. From an operational perspective, the Deputy Auditor-General is responsible for ensuring that the system of quality management satisfies the requirements of the ANAO Auditing Standards and is assisted by the Group Heads with this role.

2.5 The Group Executive Director (GED) of Professional Services Group (PSG) is responsible for the design, implementation and maintenance of the Quality Management Framework and for monitoring compliance with the Framework. The PSG GED is also responsible for compliance with independence requirements, including the ANAO independence policies in the ANAO Audit Manual and the approval of non-audit services to auditees by contracted firms and for the monitoring and remediation processes. PSG reports to the ANAO Executive Board of Management (EBOM), Quality Committee and Audit Committee on the results of these monitoring activities.

The ANAO Quality Committee

2.6 The ANAO Quality Committee is responsible for monitoring the implementation of the Quality Management Framework and reporting to EBOM on its implementation.

2.7 The Committee is comprised of members representing all ANAO service groups and is chaired by the PSG GED.

2.8 The Committee meets on a quarterly basis and has terms of reference which include the following responsibilities:

• reviewing the findings of external and internal reviews in relation to quality which have been reported to the Executive Board of Management (EBOM);
• monitoring the ANAO’s progress in addressing the findings and recommendations made in external or internal reviews;
• monitoring and reporting to EBOM on the implementation, operating effectiveness and efficiency of the Quality Management Framework, having regard to the findings of external and internal reviews and the audit quality indicators;
• advising the Auditor-General on whether the operation of the Quality Management Framework provides reasonable assurance that the ANAO’s quality objectives are being achieved;
• monitoring the strategic and operational risks associated with quality; and
• considering proposed amendments to the ANAO Audit Manual that substantially impact the conduct of an audit and making recommendations to the Auditor-General for approval.

The ANAO’s risk assessment process

2.9 Effective risk management is fundamental to achieving our purpose and improving our performance. The ANAO risk management framework plays an important role in shaping the ANAO’s strategic direction, contributes to evidence-based decision-making and is embedded into business-as-usual practices. The framework is supported by the Enterprise Risk Register (ERR). The ERR identifies, outlines and assesses relevant strategic and operational risks of the ANAO, including risks related to audit quality. The Auditor-General takes advice from EBOM when establishing the Risk Management Framework, the ERR and determining the ANAO’s appetite and tolerance for risk. The Auditor-General sets a low tolerance for risks related to audit quality.

2.10 The ANAO takes an integrated approach to monitoring risks across the organisation and in existing business processes and ANAO enabling frameworks (i.e., policies, procedures and guidance materials). Risks are continually monitored by EBOM, the Audit Committee, governance subcommittees and ANAO people.

2.11 The ANAO Quality Risk Assessment process, including the establishment of quality objectives, identification and assessment of quality risks and design and implementation of responses to address the quality risks is informed by the ANAO ERR, including monitoring changes in the environment, causes of risks and the operating effectiveness of responses to risks.

2.12 The ANAO has established all of the quality objectives in ASQM 1 and an additional ANAO specific objective (see paragraph 2.51). The quality objectives are set out for each component of the Quality Management Framework accompanied by the responses the ANAO has designed and implemented to address identified quality risks.

2.13 The process of risk assessment is iterative. The ANAO has established an annual review and assessment process of the ANAO quality objectives and quality risks. This annual review supports the annual review of the Quality Management Framework and considers the Auditor-General’s evaluation on whether the Quality Management Framework provides reasonable assurance that the ANAO’s quality objectives are being achieved. The Quality Committee has responsibilities for reviewing the quality risk assessments including the assignment of risk ratings.

Governance and leadership

Commitment to quality through culture

2.14 The ANAO demonstrates a culture that is committed to audit quality in corporate documents including the ANAO Corporate Plan, the Annual Report, and Quality Report. These documents recognise that quality in the delivery of the ANAO’s audit services is critical in supporting the integrity of our audit reports and maintaining the confidence of the Parliament and public sector entities. The publication of this Quality Management Framework document and the Audit Quality Report demonstrates the importance governance and leadership places on transparency and accountability regarding audit quality.

2.15 The ANAO definition of audit quality (paragraph 1.3) demonstrates that the commitment to audit quality is linked to the purpose of the ANAO and how the ANAO serves the public interest through reporting to Parliament.

2.16 The culture of commitment to quality is supported by the tone at the top established by the ANAO’s leadership through their actions and behaviour, and by clear, consistent and frequent actions and communications at all levels within the ANAO. The importance of quality is communicated regularly through ANAO town hall meetings, the Auditor-General’s monthly messages, service group all staff meetings and technical updates. The responsibility of all personnel for quality is recognised and reinforced by the incorporation of quality into individual performance agreements, discussion and assessment.

2.17 The ANAO’s recognition of the importance of quality in strategic and operational decisions is captured in the ANAO Corporate Plan where it states in the ‘Risk oversight and management’ section that ‘the ANAO further recognises that the risk environment for Commonwealth entities is dynamic. As a result, the ANAO must continuously monitor the risk to entities’ ability to provide accurate evidence for audits. Where appropriate, the ANAO may adjust audit plans to ensure that quality is maintained, and auditing standards are not compromised’.

Leadership responsibility and accountability for quality

2.18 The ANAO Audit Manual specifies the responsibilities of leadership for quality:

• The Auditor-General is ultimately responsible and accountable for the system of quality management in place for all assurance and related activities undertaken by the ANAO.
• The Deputy Auditor-General has operational responsibility for ensuring that the system of quality management satisfies the requirements of the ANAO Auditing Standards.
• The PSG GED is responsible for the ANAO audit methodology, which supports compliance with the ANAO Auditing Standards. This includes the development of policies and procedures to support that audit methodology.
• The GEDs of Financial Statements Audit Services Group (FSASG), Performance Audit Services Group (PASG), Performance Statements Audit Services Group (PSASG), and Systems Assurance and Data Analytics (SADA) are responsible for the delivery of quality audit services within their respective business units.
• The FSASG, PASG and PSASG engagement executives and SADA executives are responsible for quality within their portfolio of audits and supporting the GEDs in the delivery and management of quality audit services.
• The Corporate Management Group (CMG) Chief Operating Officer (COO) is responsible for the design, execution and maintenance of policies supporting the Quality Management Framework in respect of human resources, IT security and support, external communications, and learning and development.
• The GED of CMG is responsible for the ANAO Academy.

2.19 The fulfilment of leadership responsibilities is assessed in quality assurance reviews through review of engagement executive involvement in an audit, including key approvals, judgements and consultations. The attitudes and behaviours of engagement executive leadership throughout the QA review, including openness to review and continuous improvement, are also considered in the review. Any issues in leadership responsibilities are highlighted in the reports to EBOM as part of the results of the QA review program and concerns with attitudes and behaviours are considered and dealt with by the Executive. Follow-up actions can include additional levels of review, such as assignment of engagement quality reviewers (EQRs) or second reviewers, or through performance or contract management.

2.20 Quality is incorporated into individual performance agreements. Any concerns with audit quality will be raised in performance assessment discussions and considered in performance evaluations. The annual evaluation of the system of quality management will inform performance assessments of individuals responsible for elements of the system of quality management.

Leadership commitment to quality through actions and behaviours

2.21 Performance assessments address actions and behaviours, including commitment to audit quality. Performance assessments of senior leaders are informed by upward feedback.

Organisational structure and assignment of roles and responsibilities

2.22 The ANAO organisational structure is consistent with the assignment of roles and responsibilities for quality in the ANAO Audit Manual and Quality Management Framework. The roles and responsibilities are set out above at paragraphs 2.4–2.8.

Resource needs are consistent with the commitment to quality

2.23 The ANAO Workforce Plan considers the immediate and future resourcing / capability requirements of the ANAO. The Plan captures approaches to attract, recruit, develop and retain people (including measures to support high performance, technical and specialist skill development and succession planning towards leadership positions).

2.24 Recruitment is based on current needs and priorities, future forecasts, and attrition data / trends. The Workforce Plan (and broader ANAO policies) focuses on maintaining a working environment that enables the ANAO to be seen as an employer of choice and leader in public sector auditing.

2.25 EBOM actively monitors the ANAO ERR which includes a strategic risk regarding resourcing and recruitment. When risks are elevated, there is increased reporting to EBOM, including reporting on the testing of controls.

2.26 When considering the Annual Audit Work Program (AAWP) and the approval of the commencement of audits, the ANAO considers appropriate resourcing. Audits are not approved for commencement without appropriate resourcing.

Relevant ethical requirements

2.27 The ANAO Auditing Standards require the Auditor-General and ANAO people to fulfill their responsibilities in accordance with relevant ethical requirements, including those pertaining to independence, which are set out in APES 110 Code of ethics for professional accountants (including independence standards) (APES 110).

2.28 The ethical requirements of APES 110 apply in addition to the ethical requirements that apply to ANAO people as employees of the ANAO and as Commonwealth public servants. ANAO people are bound by the ANAO Values and Behaviours, and the Australian Public Service (APS) Values and Code of Conduct set out in the Public Service Act 1999. ANAO people are also bound by the General Duties of Officials under Part 2–2 Division 3 of the Public Governance, Performance and Accountability Act 2013.

Integrity

2.29 The ANAO regards integrity as a core value of the organisation — critical in sustaining the confidence of Parliament, strengthening public trust in government and delivering quality audit products. The ANAO upholds five key principles of integrity – independence, honesty, openness, accountability and courage. To support integrity, the ANAO has an Integrity Framework that provides an overarching structure to the ANAO’s integrity controls, assists in risk, fraud and misconduct management, and promotes ethical decision-making. The ANAO has an Integrity Advisor, whose responsibilities include supporting the effective ongoing application of the Integrity Framework and increasing integrity awareness across the ANAO. Under the Integrity Framework, the Integrity Advisor reports annually to EBOM on integrity matters and integrity awareness activities and training conducted during the year. The Auditor-General publishes the Integrity framework and report to provide increased transparency of the measures the ANAO has in place to maintain a high-integrity culture in the ANAO.

Independence

2.30 Independence is fundamental to the principles of integrity and objectivity and is central to maintaining an attitude of professional scepticism. Independence comprises both independence of mind and independence in appearance.

2.31 The ANAO Quality Management Framework ensures that threats to independence are appropriately managed through the application of ANAO independence policies.

2.32 The Auditor-General is an independent officer of the Parliament as set out in section 8 of the Auditor-General Act 1997. The Auditor-General’s statutory independence is provided for in the Act through defining the scope of the Auditor-General’s mandate, the appointment and removal of the Auditor-General and the performance of their responsibilities. The Auditor-General has complete discretion in the performance or exercise of their functions or powers and is not subject to direction from anyone in relation to:

• whether or not a particular audit is to be conducted; or
• the way in which a particular audit is to be conducted; or
• the priority to be given to any particular matter.

2.33 Subsection 40(2) of the Act further provides for independence of ANAO functions, providing that directions to ANAO people in relation to the performance of the Auditor-General’s functions may be given only by the Auditor-General or a member of the staff of the ANAO authorised to give such directions.

2.34 The completion of a declaration of independence is to be undertaken prior to participating in an audit, review, or other engagement or information report. The declaration is required to be maintained on the file and reviewed by the responsible engagement executive.

2.35 Under the ANAO independence policy, suspected or actual contraventions of the independence requirements of legislation, APES 110 or ANAO policy requirements must be reported immediately to the responsible GED.

2.36 People are required to complete mandatory training that covers independence and other ethical requirements, including the APS Code of Conduct and ANAO values. Completion of mandatory training is monitored and reported to EBOM and captured in each Professional Development Agreement. Regular reminders of policy requirements are provided through a variety of other channels such as technical updates, and the ANAO has published for internal use an application guidance document covering frequently asked questions regarding independence and the practical application of ANAO policies and the conceptual framework set out in APES 110.

2.37 Additionally, methodology steps within each electronic  audit file set out the requirements from APES 110 and ANAO policies and prompt audit team members to document their independence in the audit file. Compliance with independence and other ethical requirements is monitored through quality assurance reviews of audit files and internal audits.

Rotation of key audit personnel

2.38 The ANAO independence policy sets key audit personnel rotation requirements for financial statements audits. Rotation requirements exist to safeguard against the threat to independence that may arise from a long association with an auditee. The independence policy specifies the length of time that key audit personnel can be assigned to the financial statements audit of an entity before rotation or approval to extend involvement is required. Monitoring of the assignment and rotation of key audit personnel is performed by the FSASG Senior Executive Director (SED) responsible for Resourcing and Budgeting.

2.39 Familiarity threats are required to be considered in recurring performance statements audits, performance audits and other assurance engagements.

Conflicts of interest

2.40 The ANAO also monitors potential conflicts of interest through:

• the declaration of personal interests policy – requires all ANAO SES and other relevant staff in sensitive positions to submit, at least annually, a written declaration of their, and their immediate family’s, financial and other interests that could involve a real or apparent conflict of interest;
• the ANAO employment manual – requires ANAO staff to seek prior approval to engage in outside activities or employment. In the approval process, the Deputy Auditor-General considers if the outside activities or employment create a real or perceived conflict of interest; and
• procurement policies and procedures – require the declaration of conflicts of interest.

Gifts and benefits monitoring

2.41 The ANAO must meet public expectations of integrity, accountability, independence, transparency and professionalism. This requires that staff not be influenced, or perceived to be influenced, by gifts, benefits or inducements. The Auditor-General’s Instructions and supporting Financial Management Procedures require staff to report any offered gift or benefit (whether accepted or refused), within 10 business days of the offer being made, in the gifts and benefits register. In limited circumstances, staff may retain the gift after following the appropriate approval processes. The ANAO maintains a gifts and benefits register which is published on its website and updated monthly.

Ethical requirements applying to contracted firms

2.42 The ANAO contracts private sector firms to undertake audit work on behalf of the Auditor-General, with signing responsibility remaining with the Auditor-General. For each of these audits, the contract Partner is required to provide the ANAO with written representations that confirm that the firm has:

• complied with the ANAO Auditing Standards, including ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements;
• complied with ANAO independence policies including the requirement to gain ANAO approval to provide other services to the auditee (see paragraph 2.45), and if other services have been provided to the auditee, confirming they do not give risk to any conflict of interest; and
• not accepted any gifts or hospitality from the auditee.

2.43 The ANAO communicates the ANAO specific independence policies to contracted firms and presents an annual webinar for contracted firms with reinforced messaging regarding the relevant ethical requirements that apply to ANAO audits and engagements.

2.44 The onboarding of contract staff includes induction training on relevant ethical requirements and all contractors issued with an ANAO laptop are required to complete training addressing independence and other ethical requirements.

Other services

2.45 The ANAO Audit Manual requires contracted firms to request approval from the ANAO to provide other non-assurance services to auditees. The PSG GED is responsible for assessing and deciding whether to approve requests from contracted firms to perform other services, to ensure consistency in the considerations and judgements underlying the decision.

2.46 If the absence of approval to conduct or extend other work is identified, the matter is raised with the responsible GED and PSG GED. The firm will be required to cease providing the other services. The PSG GED communicates with the contract relationship partner to understand how the breach occurred and what processes or safeguards the firm has implemented to ensure that breaches do not recur. The ANAO reports all identified breaches of independence in the Quality Report.

Audit mandate and selection

2.47 Due to the ANAO’s mandate, the first quality objective related to audit mandate and selection only relates to accepting engagements performed under section 20 of the Act as further outlined in paragraph 2.53 to 2.55.

Mandated financial statements audits

2.48 The Auditor-General is mandated, under the Act, to audit the annual financial statements of all Commonwealth entities, companies and subsidiaries, and the annual Commonwealth Consolidated Financial Statements.

Non-mandated performance audits and performance statements audits

2.49 In addition to mandated financial statements audits, the Auditor-General can conduct performance audits of Commonwealth entities, companies and subsidiaries, with the exception that performance audits of Government Business Entities (GBE) can be undertaken only at the request of the Joint Committee of Public Accounts and Audit (JCPAA). Performance statements audits can be requested by the responsible minister for a Commonwealth entity or the Minister for Finance.

2.50 The Auditor-General publishes an annual audit work program (AAWP) in July each year which outlines the proposed audit activities to be undertaken in the financial year. The AAWP includes potential performance audit topics, annual performance statements audits and the annual program of mandated financial statements audits. The ANAO develops the AAWP guided by the following objectives:

• have regard to the priorities of the Parliament of Australia as determined by the JCPAA along with any reports of the JCPAA;
• consider the interests of other parliamentary committees and parliamentarians;
• provide a balanced program of activity that is informed by risk, and promotes accountability, transparency and improvements to public administration;
• follow up on past recommendations and identify trends for improvement, or declines in performance across government; and
• apply all of the Auditor-General’s mandate.

2.51 Throughout the year, the Auditor-General determines which audits will commence based on a risk assessment, priorities identified by the JCPAA, and achieving sufficient breadth and depth across the government sector. The Auditor-General also considers any recent developments in the public sector and areas of public concern, opportunities to demonstrate good practice in public administration and accountability, requests for audit and resourcing. Approaches by parliamentarians, parliamentary committees and others with suggestions for audits are also considered by the Auditor-General for potential audit activity.

2.52 In addition to the quality objectives set out in ASQM 1, the ANAO has established an ANAO-specific quality objective: judgements about the number of non-mandated audits to conduct are based on the ANAO’s ability to perform the engagement in accordance with the ANAO Auditing Standards and applicable legal and regulatory requirements. The ANAO Corporate Plan 2024–25 sets performance measure targets regarding the number of non-mandated performance and performance statements audits to be completed in the year. The ANAO has identified a quality risk that these targets may drive judgements relating to commencement of audits without consideration of the ANAO’s ability to perform the engagement with sufficient resources, time and capability.

2.53 The ANAO’s responses to this quality risk include the following:

• for performance audits – the audit work plan specifies the audit team members to provide the Auditor-General with assurance that the audit team is adequately resourced and has the appropriate capability to conduct the audit, and senior leaders are actively engaged in the audit work plan approval process to ensure consideration of appropriate resourcing;
• for performance statements audits – the ANAO Audit Manual sets out that it is the PSASG GED’s responsibility to support the Auditor-General’s decision-making; and
• the budget allocation process focusses first on the need to complete mandated audits.

Audits by arrangement

2.54 The Auditor-General may also conduct audits by arrangement under section 20 of the Act. Audits by arrangement conducted by the ANAO are subject to the requirements of ASQM 1 in relation to acceptance and continuance of client relationships and specific engagements.

2.55 The ANAO Audit Manual sets requirements related to acceptance of a section 20 engagement, including the matters that must be considered and included in the recommendation to the Auditor-General for approval. The competence and capabilities of the ANAO, including available time and resources to conduct the engagement are included among the mandatory considerations. The Auditor-General determines whether to accept or continue an audit under section 20. This ensures consistency and appropriateness of judgements about whether to accept or continue a section 20 engagement.

2.56 If the Auditor-General determines that it is appropriate to withdraw from an engagement, the responsible engagement executive is required to discuss the withdrawal with the entity’s management and those charged with governance. The discussion includes the reason for withdrawal, and consideration of whether the withdrawal should be reported to regulatory authorities.

Engagement performance

Audit team responsibilities and engagement executive responsibilities and involvement

2.57 The ANAO Audit Manual policy clearly sets the responsibilities of audit teams and engagement executives to comply with ANAO Auditing Standards, ANAO Audit Manual policies and methodology.

2.58 ANAO auditors apply a robust methodology as set out in the ANAO Audit Manual and are supported by standardised documentation tools and templates. Application of this methodology ensures ANAO audits are of a consistent quality and are performed in accordance with the ANAO Auditing Standards.

2.59 The ANAO Audit Manual and supporting tools and templates are reviewed on an annual basis to incorporate any improvements or amendments arising from changes in the ANAO Auditing Standards, responses to findings from quality monitoring processes and audit staff consultation.

2.60 Compliance with ANAO Auditing Standards and the Audit Manual, including engagement executive involvement and approvals, are monitored through QA reviews.

2.61 The level of engagement executive and senior staff involvement in audits and other engagements is assessed as Audit Quality Indicators (AQIs) and benchmarked against comparable audit offices. These AQIs are reported in the Audit Quality Report.

Risk assessment process

2.62 Engagement risk is the risk of expressing an inappropriate audit conclusion based on evidence that is not soundly based. This may include evidence that is improper or incomplete as a result of inadequacies in the evidence gathering process, misrepresentation or fraud. In all ANAO audits and engagements an engagement risk rating is assigned at planning. Engagement risk is monitored throughout the engagement and updated for changes in circumstances.

Direction, supervision and review

2.63 The ANAO Audit Manual and methodology incorporate policies regarding direction, supervision and review of team-members by more senior team members. Auditors are provided with levels of direction, supervision and on-the-job training appropriate to their skills and experience. Engagement executives are responsible for determining that adequate direction and supervision is provided to all auditors working on an engagement.

2.64 Review responsibilities are allocated on the basis that the more experienced auditors, including engagement executives, review work performed by the less experienced members of the audit team. The engagement executive on each audit is required to review a sufficient quantity of the work performed to determine that the audit has been properly performed and appropriate evidence-based conclusions reached. Reviews are conducted in a timely fashion at appropriate stages during the audit.

2.65 Review processes differ in timing and extent of executive involvement for performance audits, performance statements audits and financial statements audits. This reflects the differences in the length and nature of the audits.

Performance audits

2.66 The key stages of review and approval for performance audits are:

• Audit selection process – each quarter the Auditor-General approves the selection of performance audits, from the AAWP or otherwise identified as a priority, that are to commence.
• Audit work plan (AWP) – the audit team, Executive Director (ED) and GED meet with the Auditor-General and Deputy Auditor-General to discuss the proposed AWP prior to an audit commencing. The Auditor-General approves the audit scope, audit objective and criteria, proposed audit methods and audit resourcing. Audit team members from financial statements audit, performance statements audit and systems assurance and data analytics attend the workshop where the audit topic is relevant to their portfolio.
• Progress review 1 – occurs when approximately 20% of the allocated audit hours have been consumed. The performance audit team meets with the ED for low and medium risk audits and the ED and GED for high-risk audits. The focus of this meeting is on assessing the plan agreed at the AWP approval stage and how achievable it is given new information as well as considering the storyline, test program and risk assessment and how the audit is tracking against timeframes.
• Progress review 2 – occurs when approximately 50% of the allocated audit hours have been consumed. The audit team meets with the ED, GED, Deputy Auditor-General and Auditor-General to consider key findings, recommendations, the preliminary audit conclusion and the evidence base for these.
• Progress review 3 – this may be required in rare circumstances for performance audits with major complexities. If a meeting is held, it will occur before or after the exit interview and can be requested by the ED, GED or Auditor-General.
• Section 19 – a meeting is held to discuss the proposed audit report prior to it being issued to the accountable authority of the auditee for comment under section 19 of the Auditor-General Act 1997. The report is reviewed by the ED and provided to the GED, Deputy Auditor-General and the Auditor-General for review and discussion at the section 19 meeting. Following the incorporation of any comments, the ED and, as necessary, the GED, reviews the section 19 report for final approval and formal signoff by the Auditor-General.
• Final audit report – all final audit reports are formally signed-off by the responsible ED and approved for tabling in Parliament by the Auditor-General.

2.67 The ANAO contracts firms to undertake some performance audits or discrete parts of performance audits on behalf of the Auditor-General. Through the AAWP and/or the quarterly audit selection process, performance audits that have well established methodologies and lower engagement risk are identified as suitable for resourcing through private sector firms with oversight by an ANAO ED. The contracted firm is required to plan and conduct the audit in accordance with ANAO’s methodology and policies. The contracted firm fulfils the responsibilities of the audit team in the key stages of review and approval set out in paragraph 2.65 and the ANAO Executive Director remains responsible for the audit. In 2023–24, six out of the 45 performance audits tabled in Parliament were undertaken utilising contracted firms as the audit team.

Financial statements audits

2.68 The engagement executive reviews a sufficient quantity of the work to ensure that the audit has been properly performed and appropriate conclusions reached, given the evidence obtained. This includes a review of critical areas of judgement, especially those relating to difficult or contentious matters, significant risks and any other areas the engagement executive considers important. This review is conducted at the planning, interim and final stages of the audit and is completed on or before the date of the auditor’s report.

2.69 Where the signing officer and engagement executive are different people, the signing officer approves:

• key aspects of the audit approach;
• the engagement executive’s assessment of overall and performance materiality;
• the schedule of unadjusted differences;
• the audited financial statements; and
• the audit report.

2.70 The FSASG GED, in consultation with the Auditor-General, may appoint a second reviewer to an audit. This is separate to the engagement quality review executive described below. A second reviewer will usually be appointed where a new signing officer is assigned to an audit, or an audit is conducted in-house after being contracted out for a period.

2.71 The ANAO contracts firms to undertake some financial statements audits on behalf of the Auditor-General. The determination of which audits are contracted out and which are performed in-house by the ANAO is performed using a risk-based model which takes the need for specific expertise into account. Under this model, audits are classified as follows:

• audits requiring public sector specialist skills – this includes Departments of State, National security agencies, regulatory authorities and bodies key to the functioning of the APS. These audits are performed in-house by ANAO staff;
• audits requiring specific industry expertise or in a location where it is not cost-efficient for the ANAO to perform the audit. These audits are contracted out to private sector firms; and
• all other audits – performed either in-house or contracted out to balance workloads and to rotate audits that are contracted out.

2.72 A large proportion of the ANAO’s mandated financial statements audits (just over 65 per cent of the total number of audits, and just under 40 per cent of the total audit fees charged by the ANAO for mandated financial statements audits) are contracted-out to private sector auditing firms to deliver the total coverage of entities in a timely and cost-effective way. Responsibility for signing audit reports remains with the ANAO.

2.73 In the case of audits conducted by contract firms, the ANAO engagement executive remains responsible for the audit. The engagement executive is required to be satisfied that the contract engagement partner has completed their work consistent with the ANAO Auditing Standards and that the contractor’s work provides sufficient appropriate audit evidence to support the issue of the auditor’s report. This is achieved through briefings by the contract engagement partner at appropriate times during the audit. The signing officer also approves key aspects of the audit approach, including:

• audit responses to significant risks;
• the contract engagement partner’s assessment of overall and performance materiality;
• the schedule of uncorrected misstatements;
• the signing officer review memorandum;
• the audited financial statements; and
• the auditor’s report.

2.74 For larger or higher risk audits, the engagement executive’s involvement is extended with a greater involvement in audit planning and execution, regular meetings with the contract firm and auditee, and review of significant matters arising during the audit.

Performance statements audit

2.75 The PSASG GED provides recommendations to the Auditor-General on the selection and commencement of audits of annual performance statements.

2.76 The engagement executive takes responsibility for the overall quality on the performance statements audit, including:

• the audit being planned, performed and documented in accordance with the ANAO auditing standards, the ANAO Audit Manual and any other relevant ANAO policy and legal and regulatory requirements;
• appropriate review of the engagement documentation to be satisfied that sufficient appropriate audit evidence has been obtained to support the conclusions reached and for the auditor’s report to be issued; and
• that appropriate consultation has been undertaken on difficult and contentious matters.

2.77 The Signing Officer approves:

• key aspects of the audit approach;
• the interim management letter;
• the audited performance statements; and
• the auditor’s report.

2.78 For higher risk audits, the PSASG GED is more involved in the monitoring of audit planning, execution and reporting, including significant matters arising during the audit.

Professional judgement and professional scepticism

2.79 Auditing requires the use of professional judgement and professional scepticism. Professional scepticism is an attitude that includes a questioning mind being alert to conditions which may indicate possible misstatement or to the validity of evidence obtained, and a critical assessment of evidence. The exercise of professional judgement and scepticism entails ANAO people approaching audits with an open mind, free of bias, and results in an independent and objective assessment of an entity’s financial or performance statements, or an aspect of its operations.

2.80 The ANAO recognises that coaching, direction and review is critical to the audit teams’ ability to exercise appropriate professional judgement and scepticism. The ANAO methodology steps support the application of the ANAO auditing standards, including those relating to exercising professional judgement and scepticism. Additionally, the ANAO Audit Manual specifies that senior staff are responsible for directing audit teams, which includes coaching teams to exercise appropriate professional judgement.

Consultation and differences of opinion

2.81 The ANAO Audit Manual includes policies requiring appropriate consultation on difficult or contentious matters. Depending on the nature of the matter, consultation is with either the engagement quality review executive, the relevant GED or with specialists in PSG. The ANAO also has policies setting escalation processes to resolve a difference in opinion. An audit report cannot be issued if there is an unresolved significant difference of opinion within the ANAO.

Qualifications and Technical Advisory Committee

2.82 The ANAO has a Qualifications and Technical Advisory Committee (QTAC), which provides a forum for engagement executives to consult on difficult or contentious matters and, where necessary, resolve differences of opinion on audit related matters. ANAO policy identifies the matters that must be referred to QTAC who meet as required to provide advice to the Auditor-General. These matters include:

• issuing a modified financial statements or performance statements audit opinion or conclusion;
• differences of opinion;
• accounting or audit matters which are likely to attract significant Parliamentary or public attention;
• consideration of the adequacy of the underlying audit evidence;
• accounting or related matters that are material to the Commonwealth’s Consolidated Financial Statements where there is, or there is significant potential for, different professional opinions; and
• proposal to not comply with an ANAO Auditing Standards or ANAO Audit Manual policy.

2.83 Potentially difficult or contentious issues are reported to the Weekly Operational Committee, one of the ANAO’s governance committees. Compliance with policies on consultation processes and resolving differences of opinion are assessed in the QA Program.

Engagement quality review

2.84 The ANAO Audit Manual requires that an Engagement Quality Reviewer (EQR) be appointed to:

• all high risk performance audits and performance statements audits;
• all high risk mandated financial statements audits of entities that are material to the Commonwealth’s Consolidated Financial Statements;
• all financial statements audits of entities determined to be Public Interest Entities;
• any other engagements for which an EQR is required by law or regulation; and
• any other audit at the discretion of the relevant GED, the Deputy Auditor-General or the Auditor-General.

2.85 In the case of financial statements audits of non-material entities that are assessed as high risk, the engagement executive considers the appropriate response to that risk assessment, which may result in the appointment of an EQR.

2.86 The EQR provides an objective evaluation of the significant judgements made by the audit team and conclusions reached in formulating the audit report.

2.87 The ANAO Quality Assurance Program reviews compliance with the EQR policy including:

• an assessment of whether an EQR was required to be appointed;
• whether an appointed EQR met the eligibility criteria; and
• whether the documentation of that involvement throughout the audit was in accordance with the ANAO Audit Manual requirements.

Documentation

2.88 The ANAO’s policies and procedures are designed to maintain the confidentiality, safe custody, integrity, accessibility and retrievability of audit documentation. All ANAO documentation is retained in accordance with the ANAO record keeping policy. At the completion of the audit, the audit file is finalised and locked to prevent any changes after the finalisation of the audit. Backups of all ANAO electronic files are made regularly and a disaster recovery plan is in place. Policy and guidelines in this area are based on the Australian Government Protective Security Policy Framework. Compliance with documentation requirements is monitored through the ANAO’s QA Program.

Resources

Human Resources

2.89 The ANAO articulates its commitment to investing in workforce capability in the ANAO Workforce Plan. The ANAO’s people policies and procedures aid in the attraction, development and retention of staff who have the necessary integrity and capability to perform the work required.

2.90 The ANAO Academy is the hub of continuous professional learning through which the ANAO delivers its commitment to cultivating workforce capability. The ANAO evaluates, recognises and improves workforce performance through its performance and career development program.

ANAO workforce capability and capacity

2.91 Workforce capability and capacity is a key driver of audit quality. The ANAO Workforce Plan considers the immediate and future resourcing and capability requirements of the ANAO. It captures strategies to attract, develop and retain staff, including measures to support high performance, technical and specialist skill development and succession planning towards leadership positions. The plan outlines an evidence-based approach to recruitment based on a supply and demand analysis of key job families. The workforce plan, and broader ANAO policies, focus on maintaining a working environment that enables the ANAO to be seen as an employer of choice and leader in public sector auditing.

2.92 Workforce resourcing risks are closely monitored by senior leaders at the ANAO. The risk of the ANAO not having sufficient workforce capability and capacity is articulated in the ANAO ERR, which is discussed as a standing agenda item at Quality Committee and People and Change Committee, which provide strategic advice to EBOM on people and capability development, for further monitoring.

Learning and development

2.93 The ANAO is a learning organisation, with the ANAO supporting, and our staff committed to, continuous learning, growth and development. Professional learning is accessed through the ANAO Academy, which delivers a vision for capability development that is empowering, purposeful, impactful and quality assured. The Academy comprises both technical and non-technical learning.

2.94 Staff complete mandatory learning requirements through the Academy, including essential training to undertake their duties as public servants and continuous professional development (CPD) to meet technical capability requirements. Mandatory learning encompasses the ANAO new-starter induction and annual e-learning modules accessed through the Academy Learning Management System (LMS). As part of the ANAO annual performance assessment process, staff include a declaration confirming the completion of all corporate mandatory training requirements.

2.95 The ANAO offers staff a blended curriculum of classroom training comprising both technical and non-technical courses and a library of e-learning modules. ANAO courses have been designed and developed in consultation with the service groups and are aligned to the six core capabilities contained in the ANAO Capability Framework.

Performance and career development

2.96 Performance management at the ANAO is an ongoing process of communication between staff members and their direct supervisor with a view to improve organisational effectiveness and individual performance. The ANAO’s Performance and Career Development Policy has been designed to facilitate high performance across the ANAO, which in turn supports the ANAO to achieve its business and quality objectives.

2.97 Performance plans contain the agreed expectations of performance and behaviour for staff as well as documenting the mandatory training to be undertaken over the performance cycle. Staff are asked to draft their performance plan that takes account of:

• the ANAO Capability Framework;
• the relevant level standards;
• mandatory training requirements; and
• any group or specific information provided within group plans that relate to role development.

2.98 Performance ratings are moderated by SES supervisors (or by the Deputy Auditor-General for performance ratings of SES officers), who ensure that audit quality has been considered in the assignment of performance ratings.

Use of contractors

2.99 The ANAO engages contractors obtained from external resources, including auditor’s experts such as valuers and actuaries, to perform audit functions under the supervision of senior staff at the ANAO. Individual contractors are also engaged as contract-in staff to supplement staff resourcing on in-house audits; in other instances, the ANAO resources the performance of an audit, or part of an audit, through contracting a private sector firm.

2.100 The policies and procedures which apply to contractors, which are intended to ensure that the ANAO’s quality objectives are achieved, are outlined above at paragraphs 2.42–2.43 (in relation to relevant ethical requirements) and 2.66 and 2.70–2.73 (in relation to engagement performance).

2.101 The ANAO has an approach to contracted audit work that balances the expertise, skills and resourcing capability to be gained from contracting, while supporting the resourcing requirements of the ANAO to ensure and support quality.

Assignment of engagement teams and individuals who perform activities within the system of quality management

2.102 The ANAO’s allocation policies and processes ensure that audit team members have appropriate competence and capabilities, including sufficient time to complete the required work. Staff workloads are monitored throughout the audit cycle using resourcing and time charging tools. Engagement executives are responsible for monitoring the allocation of personnel to engagements and to raise concerns to the responsible GED.

2.103 ANAO policies also specify that the assignment of individuals to perform activities within the SOQM take into account their capability, competence and time available to perform such activities. These policies are supported by ANAO group business plans, which identify projects, activities, tasks and priorities for each service group, including activities performed in the SOQM. Active monitoring of progress against business plans, including through six-monthly reporting to EBOM, ensures that sufficient time is allocated to key quality management activities.

Technological resources

2.104 As outlined in the ANAO’s Corporate Plan 2024–25 the ANAO is focused on keeping pace with advances in technology to ensure we remain positioned to respond to environmental changes, mitigate risks and deliver on our purpose.

2.105 Change across the ANAO is supported by a structured approach to strategic planning, governance, risk management and change management. IT initiatives adhere to a project management framework involving:

• approval through appropriate governance mechanisms;
• an escalation pathway for issue, risk and scope change management;
• taking advantage of learnings from other projects;
• managing dependencies between projects;
• accurate reporting to governance bodies; and
• efficiency gains through implementation of repeatable processes.

2.106 The ANAO Audit Manual sets out requirements in relation to the use of the following existing IT applications, to ensure that they are used in an appropriate manner to enable the operation of the system of quality management and the performance of engagements.

• TeamMate is required to be used to document all audits and other assurance engagements in accordance with the ANAO Audit Manual and record keeping policies.
• Data analytics solutions provide a means of analysing large volumes of detailed data in a manner not easily achievable through manual procedures. Data analytics solutions are quality assured by SADA. Where it is intended that a solution be used as a ‘standardised solution’ across multiple audits, it is required to be approved by PSG.

Intellectual resources

2.107 The principal intellectual resources utilised by the ANAO are its policies and procedures, including the ANAO Audit Manual, and its methodology.

2.108 To ensure that the ANAO’s intellectual resources are appropriate, the PSG GED is responsible for the audit methodology applied by the ANAO which supports compliance with the ANAO Auditing Standards. This includes the development of policies and procedures to support that audit methodology. Additionally, the ANAO Audit Manual is reviewed on an annual basis by PSG and is reviewed and approved by the Quality Committee and then the Auditor-General. Methodologies are reviewed by PSG and approved by the PSG GED, in consultation with the relevant audit service group.

Service providers

2.109 The ANAO uses service providers who provide human resources, technology and methodology support and, in some instances, are contracted to perform engagements on behalf of the ANAO. ANAO procurement, contract evaluation and contract management processes are designed to ensure that human, technological or intellectual resources from service providers are appropriate and in line with ANAO objectives. The ANAO procurement process complies with the Commonwealth Procurement Rules (CPRs) and is designed to meet the intent of the CPRs.

Information and communication

Information systems

2.110 The ANAO uses several information systems which support its system of quality management and the performance of engagements, including:

• TeamMate – the ANAO’s audit software, which is used to retain audit documentation;
• E-Hive – the ANAO’s enterprise document management system;
• Saviom – the ANAO’s enterprise resource management and workforce planning system;
• Aurion Timekeeper – the ANAO’s time recording system;
• Learning Management System;
• SharePoint – the ANAO intranet;
• ANAO website;
• SADA data analytics tools and Nuix; and
• Microsoft applications such as Excel.

2.111 CMG is the systems owner of the information systems used to support the ANAO’s system of quality management. CMG is responsible for resolving issues affecting systems.

Communication within the ANAO

2.112 The ANAO encourages collaboration and information-sharing between staff in accordance with the Auditor-General Act and the Protective Security Policy Framework.

2.113 ANAO Audit Manual policies and processes support collaboration between audit service groups, including the participation of representatives of all audit service groups in key performance audit meetings; and the process of developing the Annual Audit Work Plan includes planning workshops which bring together staff across service groups to discuss risks in various portfolios. Information sharing also occurs through town hall meetings, LearnFest (the ANAO’s annual whole-of-office learning and development week), staff forums and other corporate events. Additionally, office neighbourhoods are designated for portfolio groups to enhance collaboration.

2.114 New starter and induction training programs are designed to provide new starters with all reliable information relevant to their duties. For ANAO staff more generally, regular technical updates inform staff about any changes to aspects of the system of quality management, including changes to ANAO Audit Manual policies, methodology and templates.

Communication with external parties

2.115 The ANAO communicates with external parties including auditees, service providers, Parliament, the Australasian Council of Auditors-General and the International Organization of Supreme Audit Institutions. 

Communication with auditees

2.116 Audit committees are an important element of an entity’s governance arrangements and are a key point of contact for the ANAO. ANAO representatives attend, as observers, as many audit committee meetings of Commonwealth entities and Commonwealth companies as are reasonably practicable, to meet its obligations under the auditing standards in respect of information and communication. The ANAO communicates how the ANAO’s quality management framework supports the consistent performance of quality engagements to each Commonwealth audit committee.

2.117 Engagement executives are also responsible for communicating with the accountable authority of an auditee, which is charged with the governance of the auditee.

Communication with service providers

2.118 The ANAO contracts service providers to provide human resources, technology and methodology support, and to perform engagements on the ANAO’s behalf. The ANAO therefore recognises that effective communication with service providers is an important mechanism for promoting audit quality.

2.119 The ANAO provides all relevant ANAO policies and templates to contracted service providers firms via the GovTeams contractor community page. Additionally, annual webinars communicate changes to policies, template and requirements and regular notifications communicate the release of new information. For contracted staff, onboarding processes include mandatory online modules specifically designed to set out expectations for contractors. Additionally, the ANAO Audit Manual makes clear that the requirements which apply to contractors are consistent with those which apply to ANAO staff.

Communication with other external parties

2.120 The ANAO also communicates its Quality Management Framework by publishing this Quality Management Framework and Plan, the Audit Quality Report, and the ANAO Audit Manual on the ANAO website. The ANAO is not required to communicate these matters to external parties under the ANAO Auditing Standards, legislation or regulations, but chooses to publish them to demonstrate transparency over how the ANAO system of quality management supports the consistent performance of quality engagements. This is intended to promote the confidence of Parliament and the general community in the ANAO.

Monitoring and remediation process

2.121 A key element of the Quality Management Framework is monitoring of compliance with policies and procedures that comprise the system of quality management. The monitoring system involves internal and external quality assurance (QA) reviews of the ANAO’s audits and other assurance engagements.

2.122 Monitoring activities are the responsibility of the PSG GED, and include:

• annual quality assurance reviews of a selection of completed audits covering all of the functions of the ANAO;
• real time quality assurance reviews of a selection of in-progress financial statements and performance statements audits;
• an annual internal audit of compliance with components of the ANAO Audit Manual;
• biennial external peer reviews of a selection of completed performance audits performed by the Office of the Auditor-General New Zealand (OAG NZ); and
• external reviews of the Quality Management Framework and a selection of completed audits by the Australian Securities and Investments Commission (ASIC), agreed on an annual basis.

Internal reviews

2.123 The objective of ANAO internal quality assurance reviews is to form an opinion on whether each engagement file inspected:

• complies with the Act, professional requirements, ANAO auditing standards and other legal and regulatory requirements;
• complies with the ANAO’s policies and procedures, including quality management;
• provides relevant, reliable and timely information about the design, implementation and operation of the system of quality management; and
• evidences sufficient and appropriate assurance procedures to support conclusions reached.

2.124 Compliance with the independence policies, including the completion of independence declarations, is tested as part of the ANAO’s quality management processes, internal audits and quality assurance monitoring reviews.

2.125 The mix of audits selected for review comprises audits conducted utilising in-house resources and those undertaken by contracted firms. The ANAO selects audits and other engagements in accordance with the ANAO Audit Manual QA review selection policy, which provides sufficient coverage of all responsible engagement executives on a cyclical basis.

2.126 All deficiencies noted as a result of the monitoring process are evaluated and classified according to an agreed rating scale of significant, moderate and minor.

2.127 The ANAO conducts root-cause analysis to understand more deeply any areas in our work where we have identified scope for improvement to continue to improve our audit practice. The root-cause analysis is targeted towards significant and thematic findings identified in the QA Program. The root-cause analysis assists with identifying what corrective action (if any) is required, including whether any targeted training needs to be provided.

2.128 Where a QA review of an individual engagement indicates that an inappropriate audit report may have been issued or that procedures were omitted such that sufficient and appropriate evidence may not have been obtained on a material item, the responsible GED is required to consult with the PSG GED to agree on corrective actions and to advise the Auditor-General and Deputy Auditor-General of the matter.

Ad-hoc reviews initiated by the Auditor-General

2.129 The Auditor-General may initiate reviews of in-process or completed audits on an ad-hoc basis. These reviews are conducted by the GED or other relevant specialists in PSG, who are independent of the performance of the audit. Circumstances that may result in an ad-hoc quality review include parties external to the ANAO raising concerns or questions about the quality of work performed by the ANAO or the evidence supporting a conclusion or finding in an audit.

External reviews

2.130 External oversight of quality at the ANAO is provided through scrutiny from the Parliament; peer review arrangements with the OAG NZ; the ASIC review; and external audits.

2.131 All audit reports produced by the ANAO are tabled in the Parliament, through which process they become public documents. The Joint Committee of Public Accounts and Audit (JCPAA) reviews all tabled Auditor-General reports and conducts inquiries into selected reports.

2.132 Section 41 of the Auditor-General Act 1997 establishes the position of the Independent Auditor, appointed by the Governor-General. Under Part 7 Division 2 of the Act, the Independent Auditor is required to audit the ANAO annual financial statements and may at any time conduct a performance audit of the ANAO (having regard to the audit priorities of the Parliament determined by the JCPAA). The Independent Auditor also audits the ANAO’s annual performance statements at the request of the Auditor-General.

2.133 The ANAO engages ASIC under a Memorandum of Understanding to conduct reviews of the Quality Management Framework and financial statements audit files, in a similar way to the review work conducted by ASIC on external auditors in the private sector. The scope of the ASIC review is agreed annually, including whether ASIC reviews an aspect of the ANAO Quality Management Framework.

2.134 All external audits and reviews are published on the ANAO website.

Communication of the results of monitoring activities

2.135 The results of internal and external monitoring activities are reported to EBOM, the Quality Committee and the ANAO Audit Committee. PSG communicates to EBOM a description of the monitoring activities performed and the deficiencies identified, including the severity and pervasiveness of such deficiencies. The GED PSG and the relevant GED agree on proposed remedial actions to address the deficiencies and the root causes of deficiencies for EBOM endorsement. The proposed remedial actions as reported to EBOM identify the officers responsible for the implementation and expected completion deadlines.

2.136 The ANAO Quality Committee is responsible for monitoring the ANAO’s progress in addressing the findings and recommendations arising from the monitoring activities. The ANAO Audit Committee also receives reports at each meeting on results of monitoring activities as well as the status of the implementation of recommendations arising from external monitoring processes.

2.137 Findings from monitoring processes are communicated to ANAO audit staff and contract firms to allow all staff to implement lessons learnt and to foster continuous improvement.

Complaints and allegations

2.138 The ANAO Audit Manual sets policies and processes for the formal management of any complaints or allegations that the work performed by the ANAO does not comply with applicable standards, requirements, systems of quality management or independence policies. The policies include escalation and consultation procedures to resolve any complaints or allegations made. The policy also sets out remedial actions required if a deficiency in the design or operation of the ANAO’s quality management policies and procedures, or non-compliance with the ANAO’s system of quality management by an individual or individuals, are identified during the investigation into a complaint or allegation.

2.139 The ANAO has appointed authorised officers to manage public interest disclosures under the Public Interest Disclosure (PID) Scheme. The scheme provides for employees (including former employees) of the ANAO and contracted service providers to the ANAO, to make a PID of suspected wrongdoing relating to any public official, and provides for any public officials and former public officials to make a PID of suspected wrongdoing relating to ANAO activities or ANAO officials.

Evaluating the system of quality management

2.140 The Auditor-General, based on advice and recommendations from the PSG GED and the ANAO Quality Committee, evaluates and concludes whether the SOQM provides reasonable assurance that the ANAO’s quality objectives are being achieved.

2.141 The evaluation and conclusion are made on an annual basis and are reported in the ANAO Quality Report. The Quality Report describes the basis on which the Auditor-General’s conclusion is made.

2.142 The evaluation and conclusion on the SOQM are informed by the results of the ANAO’s monitoring activities and the ANAO’s performance against audit quality indicators.

2.143 If the evaluation identifies deficiencies in the SOQM, the Auditor-General may conclude that the Quality Management Framework does not provide reasonable assurance that the ANAO quality objectives are being achieved. If this occurs, the PSG GED is required by ANAO policies to determine what corrective action is required following consultation with the relevant GED(s). Any recommendations for corrective action or improvements to the SOQM are provided to EBOM for endorsement. The Quality Committee is responsible for monitoring the implementation of recommendations and other corrective actions.

3.1 The ANAO’s focus in 2024–25 will include the implementation of the quality management plan and enhancements to the quality management framework with particular emphasis on:

• refining our processes for the evaluation of the quality management framework, including implementing lessons learnt from our inaugural evaluation;
• strengthening our root-cause analysis program by identifying the key quality risks arising from thematic quality deficiencies to ensure remediation activities effectively address those risks;
• developing an ANAO sustainability assurance methodology for audits of Commonwealth entity climate disclosures.
• expanding the conduct of internal special monitoring programs, including inspections of specific aspects of auditing across multiple audits to assess compliance with auditing standards and methodology.

3.2 The key deliverables for 2024–25 are as follows:

Corporate plan performance measure

4.1 The ANAO Corporate Plan includes one performance measure in respect of quality:

The ANAO’s independent Quality Assurance Program indicates that audit opinions and conclusions are appropriate.

4.2 Performance against this measure is assessed through the ANAO Quality Assurance Program (QA program) and the results reported in the ANAO annual performance statements.

Audit quality indicators

4.3 Audit quality indicators (AQIs) are reliable quantitative measures regarding individual audits and organisations that perform audits which provide insights about key matters that may contribute to the quality of an audit. Taken together with qualitative context, the indicators may inform discussions regarding auditing process and lead to strengthened audit planning, execution, and communication.

4.4 The ANAO 2024–25 Quality Report will report on 10 quantitative AQIs. Four AQIs are measures from the Australasian Council of Auditors-General (ACAG) macro benchmarking survey in which most Australian audit offices, including the ANAO, participate. The ACAG macro benchmarking survey project is an annual exercise that has been conducted since 1994. The overall purpose of the project is to provide, to the extent practicable, comparable information to audit offices across Australasia on quantitative and qualitative benchmarks of the operations of audit offices and specific characteristics of each jurisdiction. The remaining six AQIs are derived from ANAO performance measures, audit manual policy requirements and expectations regarding independence and audit quality.

4.5 Measuring AQIs against specific benchmarks can inform and enhance reporting about audit quality and assist in understanding the root causes of quality inspection findings. This in turn enhances audit quality by ensuring that remediation activities address the issues that potentially impact audit quality.

4.6 The ANAO has identified benchmarks for each of these AQIs against which ANAO results are assessed and interpreted in the Audit Quality Report. ANAO benchmarks for the AQIs derived from the ACAG macro benchmarking survey are developed using past results of comparable audit offices to calculate a three-year rolling average.

4.7 The ANAO measures the following AQIs against the nominated benchmarks:

Audit quality reporting

The ANAO produces an Audit Quality Report at the end of the financial year and publishes it on the ANAO website. The Audit Quality Report sets out the Auditor-General’s evaluation on the implementation and operating effectiveness of the ANAO Quality Management Framework. Performance in respect of the AQIs will also be measured and reported against the indicated benchmarks. The achievement of the quality assurance strategy and deliverables will also be reported on to enhance accountability.