For both audits, sign-offs needed during the reporting phase of the audit were missing. However, it was clear from the files that senior staff had reviewed reports at important stages.

1. ANAO to confirm policy requirements for sign-offs during the reporting phase of the audit have been addressed in revised version of the ANAO Audit Manual;
2. PASG to confirm workflow and templates for sign-offs during the reporting phase of the audit are in place;
3. PASG Quality Assurance test program to be updated to reflect the sign-off requirements in accordance with current requirements and retested in next PASG Quality Assurance program.

Completed

The follow-up actions were confirmed as addressed as part of the 2016-17 ANAO Quality Assurance program.

Locating key documents and sign-offs

The reviewers sometimes found it difficult to find documentation for significant stages of the audit (for example, some sign-offs could not be found). At times, it was unclear which file was a final version. We suggest having a more structured approach to audit documentation including consistent naming conventions and putting the important documents in one place in the filing system. We understand that performance audit teams are piloting audit software as an option.

For performance audits using the ANAO’s document management system as the audit file:

PSRG will present to all staff on the findings from the peer review and will encourage staff to clearly label saved items as final versions.

PSRG will work with PASG Practice Management to develop a guide on naming conventions for key documents and approvals saved in the document management system.

Completed

Findings from the NZ Peer Review were shared with staff at the All PASG staff meeting held in March 2019.

As performance audits used audit software from 1 July 2019, guidance on naming conventions for the document management system was not considered to be necessary.

IT audit services

Both the audits had used IT audit services. Clearer documentation of the IT service specifications of the services would be useful. This includes naming the IT audit staff assigned, and describing how they will work with the audit team (for example, in the team or independently with set outputs). It would also be useful for documentation to include a description of the tasks, lines of responsibility, relevant outputs, and time frames.

Addressed by existing follow-up action

An existing follow up action from the 2017-18 PASG internal Quality Assurance program on the clear documentation of the IT audit scope, procedures and results will address this better practice recommendation. SADA and PASG have developed IT Audit Memorandums and the Audit Work Plan template includes the responsible IT Executive. PSRG are drafting the ANAO Audit Manual policies for engagement of IT specialists to ensure it is consistent between AASG and PASG.

The IT Audit Executive is identified in the Audit Work Plan and IT sign-off is incorporated into the audit methodology.

Specific policy requirements regarding the involvement of the IT Audit Executive was added to the ANAO Audit Manual – PASG Specific volume released in 2019.

Independence declarations

It was difficult to assess the completeness of Independence Declaration documentation for the audits. As team members and senior staff changed through an audit, the Audit Work Plan did not necessarily have the full list of people who may have worked on the audit. Ensuring staff put their job title on the declarations would help.

Addressed – no follow up action required.

Practice changes have been implemented to address findings regarding completion of Independence Declarations arising from internal Quality Assurance reviews of AASG and PASG engagements and the Internal Audit on compliance with ANAO policies have addressed this recommendation. It is the responsibility of the Engagement Executive to ensure that all team members have signed a declaration by checking to ‘time charged’ records prior to signing the completion and Policy compliance checklists.

Not applicable

Test Programmes

The audits reviewed did not prepare test programmes after completing their Audit Work Plans. Even if a test programme is not prepared, detailing how the intended methodology will ensure the evidence collected will address the audit criteria would be useful. This can provide extra assurance that the planned fieldwork will generate the evidence needed to address the audit criteria.

Addressed by existing follow up action

PSRG and PASG are working on the implementation of consistent test programs as a current action item arising from an internal PASG Quality Assurance review. The project will incorporate the recommendation from the NZ Peer Review to ensure it addresses the points made in the detailed test programs. PSRG will also request a copy of their test program template.

Completed

Test program guidance was released and minor policy updates were made in the ANAO Audit Manual – PASG Specific volume released in July 2019.