The shared content volume of the ANAO Audit Manual applies to all assurance activity performed by the ANAO, including financial statements and performance auditing. The shared volume addresses key matters affecting compliance with the Auditor-General Act 1997 and other aspects of the ANAO’s legislative framework. It sets out the main requirements of the ANAO’s overall system of quality control in accordance with ASQC1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements.

1. Authority and maintenance

Authority and maintenance of the ANAO audit manual

Background legislation and standards

1.1 The Australian National Audit Office (ANAO) Audit Manual (the Manual) sets ANAO policies and guidance applying specifically to the audits and other assurance work performed by or on behalf of the Auditor-General consistent with ANAO Auditing Standards.

1.2 The Manual also demonstrates compliance with the requirements of Auditing Standard on Quality Control ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, and Other Assurance Engagements for policies and procedures which promote quality audits and for monitoring the application of those policies and procedures.

Policy

1.3 The Manual is issued under the authority of the Auditor-General.

1.4 Material within the Manual that is ANAO policy is displayed in bold type under the heading ‘Policy’ and is binding in respect of audits or other assurance work undertaken by the ANAO. Policies relevant to audits contracted out to an audit firm (project-managed audits) are communicated to the audit firm via tender or contract documentation or as notified by the Engagement Executive1 under paragraph 106.2 of the ANAO Audit Manual — AASG Specific.

1.5 In rare and exceptional circumstances, substantive departures from policy may need to be considered. In these circumstances, approval by the Auditor-General, through the Qualifications and Technical Advisory Committee (QTAC), is required.

1.6 Professional Services Relationships Group (PSRG) shall monitor and analyse developments in applicable auditing and professional standards and legal and regulatory requirements. This includes consulting with service Group Executive Directors (GED) on applicable developments and their impact on the work of the ANAO and how they are incorporated into the ANAO’s policies, procedures and audit methodology.

1.7 PSRG shall communicate changes to audit methodology to audit staff through technical updates and other staff meetings such as Audit and Assurance Services Group (AASG) and Performance Audit Services Group (PASG) Senior Executive Service (SES) meetings.

1.8 The Manual shall be subject to an annual review by PSRG, to be completed by 1 November.

1.9 The ANAO Quality Committee shall be responsible for:

  1. considering amendments to the Manual that substantially impact the conduct of an audit; and
  2. making a recommendation to the Auditor-General for approval of the amendments.

    1.10 Any amendments to the Manual, other than those which are clearly trivial, outside the annual review shall be referred for endorsement to the ANAO Quality Committee if the changes result in substantial impacts on the conduct of an audit. Administrative changes and changes to guidance made by PSRG outside of the annual review do not require approval.

    Guidance

    1.11 The Manual addresses performance audit, financial statement audit and other assurance work policy and guidance. As such, it comprises a shared content section applicable to all ANAO assurance engagements and separate chapters for specific content.

    1.12 The Manual is organised as follows:

    ANAO shared content

    • 1. Authority and maintenance of the ANAO audit manual
    • 2. Auditor-General’s mandate
    • 3. Strategic planning
    • 4. Leadership responsibilities for quality
    • 5. Professional, ethical and independence requirements
    • 6. Human resources
    • 7. Communication and relationship with the auditee
    • 8. Engagement performance
    • 9. Documentation
    • 10. Monitoring quality control policies and procedures

    AASG specific content

    • 101. Engagement performance – general
    • 109. Engagement performance – planning
    • 112. Engagement performance – execution
    • 118. Engagement performance - reporting

    PASG specific content

    • 201. Engagement performance – general
    • 206. Engagement performance – planning
    • 213. Engagement performance – execution
    • 227. Engagement performance – reporting

    1.13 The Manual forms part of the ANAO Quality Assurance Framework (QAF). It contains ANAO policy and guidance in respect of ANAO audit and assurance work. Other elements of the ANAO QAF are contained in the policy and procedures manuals and documents of the Corporate Management Group (CMG). ANAO staff are bound by these other ANAO policies where they are relevant to audit and assurance activities. Some policies within this Manual allude to these other policies.

    1.14 The performance audit specific part of the Manual applies to performance audits. Application Guidance for Limited Assurance Reviews has been developed for guidance when applying the Manual to a Limited Assurance Review under section 19A of the Auditor-General Act 1997.

    1.15 The Manual has been developed for use by ANAO executives and staff. In-house contractors must also comply with the policies in the Manual. Where audit and other assurance work has been contracted out, relevant sections of the Manual are to be made known to the contractor firm (refer to paragraph 1.4).

    1.16 The Manual enables the achievement of ANAO business objectives. Audit service group executives and senior staff should raise with PSRG any conflicts between the delivery of ANAO business objectives and the Manual.

    1.17 The Manual does not seek to re-express, as ANAO policy, material that is binding under other authorities (e.g. in respect of the mandatory requirements of ANAO Auditing Standards). However, the Manual does seek to enunciate the relationship between various authorities and provide guidance on their application in the ANAO. Refer to Diagram 1.

    1.18 PSRG has overall responsibility for the Manual and any amendments to it. This is to ensure that ANAO policy and procedures for audit and other assurance work remain consistent with the authorities governing the ANAO’s work. Amendments, other than those that are clearly trivial, will involve consultation with ANAO GEDs or the GEDs’ nominees and oversight by the ANAO Quality Committee.

    1.19 An annual review of the Manual is needed to keep policies current. Minor editorial or technical amendments (e.g. updating legislative references) will be made as required by PSRG.

    1.20 Each section of the Manual will be subject to version control. Major changes will restart the number sequence (e.g. v1.0, v2.0). Minor changes will be designated as amendments to the previous major change (e.g. v1.2, v2.4).

    1.21 All changes to the Manual, other than those that are clearly trivial, will be notified to ANAO audit staff and contractors through mechanisms such as direct email, the issue of a PSRG Announcement or discussed at PSRG Technical Updates and service group forums.

    1.22 Material in the Manual that is superseded is archived consistent with the ANAO Recordkeeping Framework.

    1.23 In the ANAO wide aspects of this Manual the term Engagement Executive is used to describe the leader of the assurance engagement. For financial statement audits and other assurance engagements conducted by AASG this means the Engagement Executive assigned to the engagement consistent with the Auditor-General’s delegations and may be a GED, Senior Executive Director (SED), Executive Director or Senior Director. For performance audits and other assurance engagements conducted by PASG this means the Executive Director assigned to the engagement consistent with the Auditor-General’s delegations.

    Diagram 1: Relationship between ANAO audit manual and authorities governing ANAO work

    Diagram shows the relationship between the ANAO audit manual and the ANAO Auditing Standards, legislation, APES 320, audit methodology, audit templates, and audit guides and supplementary guidance.

    2. Auditor-General’s mandate

    The Auditor-General’s mandate and work of the ANAO

    Background

    2.1 The Auditor-General Act 1997 (Cth) (A-G Act) creates the Auditor-General’s mandate, creates the ANAO and the requirement for ANAO Auditing Standards, sets out the relationship with the Parliament and the Joint Committee of Public Accounts and Audit (JCPAA), and requires the appointment of the Independent Auditor.

    Policy

    2.2 All ANAO audit staff shall familiarise themselves with the A-G Act and other legislation or authorities governing ANAO audits and other engagements.

    2.3 Engagement Executives shall ensure at the beginning of each audit or assurance engagement that the legislative basis and requirements of the engagement are documented in the current audit file.

    2.4 Audit reports shall not include particular sensitive information that in the Auditor-General’s opinion is not in the public interest. Where references to sensitive information are considered to be necessary to explain or support the audit findings, this shall be discussed with the relevant GED and the Executive during the audit and, where included, the relevant documents (for example Report Preparation Papers) shall have the appropriate security markings.

    Guidance / legislative requirements

    Introduction to the Auditor-General Act 1997 (Cth)

    2.5 An outline of these matters is set out below and staff should refer to the A-G Act itself. A copy of the A-G Act is available on https://www.legislation.gov.au/.

    2.6 The A-G Act is in eight parts:

    1. Preliminary: Deals with the start of the A-G Act, its application to things outside Australia and its application to the Crown.
    2. Interpretation: Contains definitions of terms that are frequently used throughout the A-G Act.
    3. The Auditor-General: Creates the office of Auditor-General. Schedule 1 deals with administrative matters relating to the office of Auditor-General, such as the Auditor-General’s appointment, conditions, resignation and removal.
    4. Main functions and powers of the Auditor-General: Sets out the functions and powers of the Auditor-General.
    5. Information-gathering powers and secrecy: Gives the Auditor-General various powers to gather information. It also places restrictions on the disclosure or publication of information.
    6. The ANAO: Establishes the ANAO.
    7. Audit of the ANAO: Establishes the Independent Auditor. The functions of the Independent Auditor are to audit the financial statements of the ANAO and to carry out performance audits of the Office. Schedule 2 deals with administrative matters relating to the Independent Auditor, such as the Independent Auditor’s appointment, conditions, resignation and removal.
    8. Miscellaneous: Deals with miscellaneous matters such as a Commonwealth indemnity for people carrying out Auditor-General functions.

      2.7 The A-G Act creates the statutory position of the Auditor-General as an independent officer of the Parliament (sections 7, 8). It also creates the ANAO (section 38).

      2.8 The Auditor-General has complete discretion in the performance or exercise of his or her functions or powers, limited only by the A-G Act and other laws of the Commonwealth. In particular, the Auditor-General is not subject to direction from anyone about:

      1. whether a particular audit is to be conducted; or
      2. how a particular audit is to be conducted; or
      3. the priority to be given to any particular matter (section 8(4)).

        2.9 Section 40(1)(2) of the A-G Act further protects statutory independence by providing that directions to ANAO staff relating to the performance of the Auditor-General’s functions may only be given by the Auditor-General or ANAO staff authorised to give such directions by the Auditor-General.

        2.10 The Auditor-General’s main functions include financial statement audits (sections 11 and 12), annual performance statement audits (section 15), performance audits (sections 17, 18, 18A and 18B), and assurance reviews (section 19A).

        2.11 The Auditor-General may also enter into an arrangement with any person or body to conduct a financial statements audit or performance audit of that body or to provide services that are commonly provided by auditors (section 20). The Auditor-General shall not perform functions under section 20 for a purpose that is outside the Commonwealth’s legislative power. Further, an audit may not be done by arrangement under this section where a law already mandates the Auditor-General to do an audit. Further policy and guidance about section 20 audits is available in the section on Audits and Audit Related Services by Arrangement.

        2.12 In addition, the Auditor-General can provide advice and disseminate information relevant to the Auditor-General’s responsibilities (section 23), and may at any time report to the Parliament or a Minister on any matter (sections 25 and 26).

        2.13 The Auditor-General is required to set auditing standards. All staff must comply with the ANAO Auditing Standards determined by the Auditor-General from time to time when performing the auditing functions for which the standards are specified (section 24). The auditing standards applying to other work are a matter of policy. Further guidance is available in the section on Applicable ANAO Auditing Standards.

        The Auditor-General’s information-gathering powers

        2.14 To help in fulfilling audit functions, the A-G Act provides the Auditor-General with wide-ranging information-gathering powers. In practice, information is gathered through cooperation with audited entities and the information-gathering powers are treated by the ANAO as ‘reserve’ powers. These information-gathering powers are balanced by strict confidentiality provisions, which are explained in the section on Confidentiality of audit evidence. More information about the information-gathering powers is available in Supplementary Guidance titled The Auditor-General’s information-gathering powers.

        2.15 Section 32 of the A-G Act provides the Auditor-General with the ability to direct a person to provide information or documents that the Auditor-General requires, as well as the ability to direct that a person attend a judicial proceeding to give evidence before the Auditor-General, or an authorised official. The Auditor-General may direct that the information or answers given as oral evidence in a judicial proceeding, or as written evidence, be collected or verified under oath or affirmation.,

        2.16 Section 33 provides authorised officials with full and free access to audited entity premises and any documents or property on those premises. All ANAO auditors should be authorised officials and carry a written authorisation from the Auditor-General when attending audited entity premises.

        2.17 Self-incrimination cannot be used as a reason by a person to refuse to supply information (section 35). Penalty provisions exist for non-compliance.

        2.18 The Auditor-General’s preference is for the ANAO to obtain audit evidence through cooperation with audited entities. Cooperative information-gathering means that the audit team and the audited entity cooperate to ensure that the audit team receives the information that it requires in a timely manner. When auditing cooperatively, the information-gathering powers in the A-G Act are either not exercised, or are only exercised, including at the request of audited entities, to avoid a particular legal or other impediment such as a statutory secrecy provision.

        2.19 Where there is a genuine legal impediment preventing an audited entity from providing audit evidence, the Audit Manager or the Engagement Executive should engage with the audited entity and seek Group Executive Director agreement to either request that the Auditor-General consider using section 32 to direct that the evidence be provided, or that an authorised official will attend the audited entity’s premises and take evidence using section 33.

        2.20 If an audited entity or person is unwilling to cooperate to provide audit evidence or wishes to impose conditions on providing information, the issue should be first escalated to the Engagement Executive. Engagement Executives should not agree to any conditions that could impinge on the Auditor-General’s mandate such as:

        1. non-disclosure agreements or conditions preventing the ANAO from using information in an audit report;
        2. agreements that the ANAO will not copy or remove documents from audited entity premises;
        3. unreasonable requirements to complete the audited entity’s pre-employment checks; and
        4. unreasonable requirements to attend the audited entity’s mandatory training.

          2.21 Issues that cannot be resolved should be escalated to Group Executive Director level to consider the ANAO’s options, which may include consideration of whether evidence can be taken using section 33 or whether it will be necessary to request that the Auditor-General consider issuing a section 32 notice.

          2.22 There may also be situations where the Auditor-General determines that use of a judicial proceeding is necessary, for example to obtain verbal interview evidence under oath to lift the robustness of the evidence. More detailed guidance on the conduct of judicial proceedings is available in the PSRG Guidance Document.

          Confidentiality of audit evidence

          2.23 Audits must comply with the confidentiality requirements of the A-G Act. A person performing an Auditor-General function must not disclose any information except in the course of performingperformance an Auditor-General functions (see subsection 36(1)) or where it is in the Commonwealth’s interest to provide advice or information (see section 23) and the provision of information is within the scope of the person’s assigned duties and responsibilities.

          2.24 The confidentiality obligations in the A-G Act are generally limited to ANAO staff and other persons performing Auditor-General functions (such as ANAO contractors).. However, the A-G Act imposes a confidentiality obligation on staff of an audited entity or other persons who receive proposed section 19 audit reports and working papers created for the purposes of preparing a proposed report under section 19, including the Report Preparation Papers.

          2.25 Section 23A also allows a person performing an Auditor-General function to provide information to a person to assist in conducting a performance audit, or assurance review and for this information to be protected by subsection 36(2B). Section 23A and subsection 36(2B) can be used to protect sensitive information about performance audits, such as if a support person is attending a judicial proceeding or where further consultation about a performance audit report is required after the section 19 process is complete. In these situations, the recipient of the sensitive information should be informed of their obligations under subsection 36(2B) and ANAO Legal Services can assist with this.

          2.26 A person provided with a copy of a proposed report (including a draft) created for the purposes of preparing a proposed report, or extract provided for comment, must not disclose any information from that report before a final report being tabled in the Parliament (subsection 36(3)). Subsection 36(4) provides that the Auditor-General may consent to a disclosure otherwise prohibited by subsection 36(3).

          2.27 The Auditor-General has agreed that the Accountable Authorities of Commonwealth entities or Chairpersons of Commonwealth companies may decide to disclose, on a confidential basis, relevant papers (including report preparation papers and proposed reports provided under section 19) to entity officials as well as members of the entity’s audit committee. The Auditor-General’s consent treats a range of secondees, as well as some specific types of contractors and consultants as entity officials. More information about the Auditor-General’s consents is set out in Supplementary Guidance titled Confidentiality of Report Preparation Papers and Proposed Reports.

          2.28 Where a relevant paper is addressed to an officer of an entity, instead of an Accountable Authority, the Auditor-General has agreed that the officer to whom the paper has been addressed may decide to disclose, on a confidential basis, that paper to relevant officers of the entity or members of the entity’s audit committee.

          2.29 Accountable Authorities and Officers wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants (who are not entity officials) and Ministers, must seek the consent of the Auditor-General.

          2.30 Note that proposed reports under section 19, should, unless agreed by the Auditor-General, only be addressed to the Accountable Authority (the Secretary, Chief Executive, or governing board), or in the case of Commonwealth companies, subsidiaries and Commonwealth partners (which do not have an accountable authority of their own), a director or member of the governing body of the entity. Relevant papers other than proposed reports, such as report preparation papers, will usually be sent to an officer that is not an accountable authority, director or member of the governing body of the entity. For example, a report preparation paper will often be sent to an SES Band 2 officer. For further information about the practicalities of issuing report preparation papers and proposed reports refer to the PASG Workflow and the Supplementary Guidance titled Confidentiality of Report Preparation Papers and Proposed Reports.

          2.31 These confidentiality provisions do not prevent the Auditor-General from disclosing particular information to the Commissioner of the Australian Federal Police if the Auditor-General is of the opinion that the disclosure is in the public interest (subsection 36(2)).

          Sensitive information not to be included in public reports

          2.32 The Auditor-General must not include particular sensitive information in public reports that in the Auditor-General’s opinion would be contrary to the public interest (section 37).

          2.33 The Auditor-General may consider that disclosure of information would be contrary to the public interest for the following reasons:

          1. it would prejudice the security, defence or international relations of the Commonwealth;
          2. it would involve the disclosure of deliberations or decisions of the Cabinet or of a Committee of the Cabinet;
          3. it would prejudice relations between the Commonwealth and a State;
          4. it would divulge any information or matter that was communicated in confidence by the Commonwealth to a State, or by a State to the Commonwealth;
          5. it would unfairly prejudice the commercial interests of any body or person;
          6. any other reason that could form the basis for a claim by the Crown in right of the Commonwealth in a judicial proceeding that the information should not be disclosed.
            Application of other relevant legislation

            2.34 The Parliamentary Privileges Act 1987 (Cth) confers exemption from legal recrimination to a certain range of documents and activities that relate to transacting the business of the Parliament. This means that ANAO audit documentation and reports cannot be the subject of legal action. In the context of audits, Parliamentary privilege is accorded to:

            1. reports tabled in the Parliament;
            2. an audit report as it is being prepared—privilege is not compromised by the fact that the draft report is first provided to the entity before tabling;
            3. section 19 reports, working papers, report preparation papers and draft management reports that are created during the course of an audit, as necessary steps in the completion of a final audit report for presentation to Parliament, to comply with the A-G Act and relevant auditing standards2; and
            4. audit reports that are tabled in the Parliament.

              2.35 Legal Services Directions (Directions) are issued by the Attorney-General under section 55ZF of the Judiciary Act 1903 (Cth). The Directions outline a range of matters that non-corporate Commonwealth entities (that is, entities with the legal persona of the Commonwealth, such as the ANAO) must comply with about litigation and legal services generally. In particular, Clause 10 of the Directions imposes obligations on non-corporate Commonwealth entities about sharing legal advice and consulting with other entities when getting legal advice. The ANAO has been granted an exemption from Clause 10, subject to the following condition:

              1. If the ANAO receives legal advice indicating an ambiguity or other issue in legislation that should be addressed by remedial action to be taken by the administering non-corporate Commonwealth entity, then the ANAO is required to advise the administering non-corporate Commonwealth entity of the issue. This must be done as soon as practicable, having regard to the circumstances in which the ANAO has sought the advice.

              2.36 The ANAO will cooperate with relevant non-corporate Commonwealth entities to address any legal interpretation issues. ANAO Legal Services can help with discussing these issues with audited entities.

              2.37 Very few audited entities would be aware that the ANAO is exempt from Clause 10 of the Legal Services Directions and audited entities are likely to be concerned if the ANAO does not consult consistent with Clause 10. Despite being exempt, the ANAO should endeavour to consult in a manner consistent with Clause 10 of the Directions unless there is an audit reason that it would not be appropriate to consult. Where consultation is not possible, the ANAO should explain to audited entities, at the first suitable opportunity, that the ANAO is exempt from Clause 10 of the Directions. ANAO Legal Services can help with discussing these issues with audited entities.

              2.38 In recognition of the Auditor-General’s independent status, the Auditor-General is exempt from the application of the Freedom of Information Act 1982 (Cth) (FOI Act). However, to the extent appropriate, the ANAO provides information on request in the spirit of the FOI Act, about the administration of the ANAO. As a general rule, information about the findings of an audit in progress is not made public. The release under FOI of records created by another entity, which have been collected by the ANAO for an audit purpose, is usually a matter for the entity that created the records.

              2.39 The Auditor-General is also exempt from the application of the Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act 1988 (Cth). However, consistent with the ANAO’s policy relating to the FOI Act, the ANAO complies with the intent and spirit of the APPs to the extent appropriate.

              2.40 Statutory whistleblower regimes The Public Interest Disclosure Act 2013 (Cth) (PID Act), Corporations Act 2001 and Taxation Administration Act 1953 (Tax Act) contain whistleblower regimes which on occasion impactimpacts on audit processes. The PID Act clearly applies to suspected wrongdoing by ANAO staff but has limited application to audit processes. The CorpsCorporationPs Act whistleblower regime applies to ANAO staff auditing companies and the Tax Act regime could apply if auditors discover suspicions of tax avoidance or non-compliance with tax laws.

              2.41 The PID Act is designed to enable disclosure and investigation of wrong doing in the Commonwealth public sector. The primary mechanism to achieve this is by protecting ‘whistleblowers’ from reprisal action to encourage public officials to report suspected wrongdoing.

              2.42 The operation of the PID Act does not impact the way the ANAO conducts its auditing and related responsibilities that are governed by the A-G Act. In particular, where during the performance of an Auditor-General function, matters such as breaches of legislation and deficiencies in aspects of public administration are identified and reported to ANAO’s staff member’s supervisor, the ANAO’s audit and related policies, and procedures and practices continue to apply including those procedures set out in this audit manual. All staff must also continue to comply with the confidentiality and other provisions of the A-G Act. The reporting of disclosable conduct and the processes involved in dealing with the disclosure of such conduct, that are outlined in the PID Act, are separate from, and should not impact directly on, the way ANAO staff perform an Auditor-General function.

              2.43 In rare situations, auditors may require information from an audited entity about a public interest disclosure involving that entity. Information about the public interest disclosure will likely be covered by the general secrecy provision in section 65 of the PID Act, which has a penalty of two years imprisonment or 120 penalty units or both. The information-gathering power in section 32 of the A-G Act prevails over the PID Act. However, the A-G Act will only prevail if section 32 is used, and an audited entity that voluntarily provides information covered by section 65 of the PID Act exposes itself to risk of breaching section 65. For this reason, the information-gathering powers in the A-G Act should be used if an auditor requires information that relates to a public interest disclosure. ANAO Legal Services can help with discussing these types of issues with the audited entity.

              2.44 The Corporations Act whistleblower regime provides protection to whistleblowers in companies, who disclose misconduct in the Commonwealth company to ANAO auditors. An example of a whistleblower disclosure would be if a staff member of a Commonwealth company alleged, in an informal private conversation, that a senior company officer was defrauding the company. ANAO auditors who receive a disclosure may face criminal penalties if they divulge the identity of the whistleblower or engage in conduct to the detriment of the whistleblower. ANAO auditors who suspect that they may have received a whistleblower disclosure should consider seeking advice from ANAO Legal Services, as the Corporations Act allows disclosure to legal advisers.

              Legal professional privilege

              2.45 Legal professional privilege is a rule of law that protects the confidentiality of certain communications between legal advisers and clients. Legal professional privilege applies to a communication where the dominant purpose of the communication is to provide legal advice to the client. Section 30 of the A-G Act provides that auditees cannot claim legal professional privilege to refuse access to information for audit purposes. In addition, subsection 30(2) provides protection to auditees to ensure that disclosure within the audit of otherwise privileged information does not waive that privilege for purposes outside the audit. Subsection 30(2) applies in addition to the fact that information is not considered to be disclosed when it is provided between different non-corporate Commonwealth entities. This is because those entities are all considered to be legally the same entity (i.e. the Commonwealth). ANAO Legal Services has developed Supplementary Guidance which provides further information about legal professional privilege.

              The work of the ANAO

              2.46 The ANAO is a statutory body exercising defined functions and powers. It is important that audit staff and contractors understand the basis in law for each engagement they are to undertake. Furthermore, the absence of legal authority to conduct an audit is likely to jeopardise the indemnity provided under section 55 of the A-G Act3 for a liability that might be incurred by a person undertaking an Auditor-General function.

              2.47 Financial statement, performance audits and other assurance reviews must be carried out consistent with the Auditor-General’s mandate having regard to any exclusions relating to particular persons or bodies. The Auditor-General is responsible for financial, performance audits and assurance reviews of all Commonwealth entities, companies and subsidiaries, with the exception that performance audits and an audit of performance measures of Government Business Entities (GBE) can only be undertaken if they are requested by the JCPAA (subsection 17(2)). In addition, a performance audit of a Commonwealth partner that is part of, or controlled by, a state or territory government cannot be undertaken unless it is requested by the responsible minister or the JCPAA (paragraph 18B (1)(a)).

              2.48 The relevant legislation for conducting annual financial statement audits comes under Part 4, Division 1 of the A-G Act, which provides for the audits of:

              • Commonwealth entities consistent with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) (subsection 11(a)).
              • Commonwealth companies consistent with the A-G Act (subsection 11(b)).
              • Subsidiaries of corporate Commonwealth entities and Commonwealth companies consistent with the A-G Act (subsection 11(c)).
              • Annual consolidated financial statements of the Commonwealth (section 12).

              2.49 Financial statements audits can also be undertaken under other Acts. The Auditor-General’s functions include any functions given to the Auditor-General by any other Act (section 22). For example, the authority for the audit of the financial statements of the High Court is section 47 of the High Court of Australia Act 1979.

              2.50 In the case of audits that are conducted under the authority of an Act other than the A-G Act or the PGPA Act, there may be specific provisions in the particular Act requiring a report to a Minister, typically the Minister responsible for the particular Act. For example, subsection 43(1) of the High Court Act requires the Auditor-General to inspect and audit the accounts and records of the Court and under subsection 43(3), to report the results to the Attorney-General. The High Court Act also requires a report to the Attorney-General on the results of the financial statements audit under section 47.

              2.51 Regular reports to Ministers on the results of interim and final financial statements audit work are provided under the authority of subsection 26(2) of the A-G Act which provides that the Auditor-General may at any time give a report to any Minister on any matter. Reports to the Parliament on the results of interim and final financial statements audit work are provided under the authority of subsection 25(1), which provides that the Auditor-General may at any time cause a report to be tabled in either House of the Parliament on any matter.

              2.52 There are other provisions dealing with situations where a report to a Minister (other than the audit report on the financial statements) must be provided.

              • Subsection 26(1) of the A-G Act provides that the Auditor-General must bring to the attention of the responsible Minister any important matter that comes to the attention of the Auditor-General while (a) conducting an audit referred to in Division 1 or (b) performing functions as an auditor under the Corporations Act 2001. For this purpose, what is an ‘important matter’ is a matter for the Auditor-General’s judgement.
              • A provision similar to subsection 26(1) exists in some other Acts. For example, subsection 43(1) of the High Court Act provides that the Auditor-General shall draw the attention of the Attorney-General to any irregularity disclosed by the inspection and audit that, in the opinion of the Auditor-General, is of sufficient importance to justify his or her so doing.

              2.53 Persons performing a financial statements audit under section 49 of the PGPA Act (the Annual consolidated financial statements of the Commonwealth) are required by the A-G Act to comply with the ANAO auditing standards. Standards applying to other work (audits or services by arrangement or audits under Acts other than the A-G Act) are not required by law and are a matter of ANAO policy.

              2.54 Performance audits are conducted under sections 17, 18, 18A and 18B of the A-G Act. Section 17 refers to performance audits of a single Commonwealth entity, Commonwealth company or the subsidiary of a corporate Commonwealth entity or a Commonwealth company. Section 18 refers to general performance audits, otherwise known as cross-entity audits, which are conducted to review a particular aspect of Commonwealth public sector operations across more than one entity. Section 18A refers specifically to the auditing of entity performance measures and the reporting against those measures. Section 18B refers to the conduct of a performance audit of a Commonwealth partner. Other sections in the A-G Act refer to performance statement audits (sections 15-16), assurance reviews (section 19A), priority assurance reviews (section 19A(5)) and audits by arrangement (section 20).

              2.55 The Auditor-General’s functions do not extend to examining and reporting on the appropriateness of government policy. This differs from reviewing and reporting on:

              • the timeliness and evidence base of policy advice provided to government to help inform the development of government policy; or
              • policy settings or guidance relating to implementation of the PGPA Act and Rule.

              2.56 The Auditor-General cannot audit the performance of Ministers of State about the exercise of their constitutional duties. This prohibition extends to judicial and quasi-judicial officers and Royal Commissioners about performing their statutory duties, but may allow examination where the duties involve the management of an entity.4

              2.57 The Auditor-General can audit the functions of statutory office holders who have administrative functions in addition to their statutory functions. When conducting audits under sections 17 or 18, the Auditor-General’s mandate extends to the actions of Ministers who discharge responsibilities under specific legislation relating to the subject matter of each particular audit. For example, the administrative function of grant approval or the approval of proposed expenditure by a Minister under section 71 of the PGPA Act.

              Relationship with the Parliament and the JCPAA

              2.58 The Parliament is the ANAO’s primary client and the A-G Act provides that audit reports be tabled in the Parliament, except for reports on assurance reviews under section 19A(4) of the A-G Act5. The JCPAA is the ANAO’s primary point of contact with the Parliament and the ANAO’s oversight committee.

              2.59 The JCPAA is a joint statutory committee of the Parliament that has a special relationship with the ANAO. The JCPAA is formed under the Public Accounts and Audit Committee Act 1951 (PAAC Act) and is empowered to scrutinise the moneys spent by Commonwealth entities from funds appropriated to them.

              2.60 The JCPAA’s duties as set out in section 8 of the PAAC Act include to:

              1. examine all reports of the Auditor-General (including reports of the results of performance audits) (subsection 8(c));
              2. consider the operations and resources of the ANAO and the reports of the ANAO’s Independent Auditor (subsection 8(g)) and to report to both Houses of the Parliament on any matters arising from this consideration (subsection 8(h));
              3. report to both Houses of the Parliament on the performance of the ANAO at any time (subsection8(i));
              4. consider the ANAO budget (subsection 8(j));
              5. consider the level of fees determined by the Auditor-General under subsection 16(1) of the A-G Act (subsection 8(ka)); and
              6. determine the audit priorities of the Parliament for audits of the ANAO by the Independent Auditor (subsection 8(n)).

                2.61 Other Parliamentary Committees, particularly the Senate Finance and Public Administration Committee, also review ANAO audit reports and conduct enquiries that draw on the ANAO’s work and scrutinise the ANAO’s administration.

                Independent auditor

                2.62 The A-G Act provides for the appointment of an independent auditor for the ANAO. The independent auditor can undertake both financial and performance audits of the ANAO and has powers and functions similar to those provided to the Auditor-General under the A-G Act. Reports of audits undertaken by the independent auditor must be tabled in the Parliament and the JCPAA can review these reports (the A-G Act, Part 7).

                Applicable auditing standards

                Background

                2.63 The ANAO Auditing Standards set by the Auditor-General under section 24 of the A-G Act must be applied by all persons performing the Auditor-General functions specified in that section of the A-G Act.

                2.64 These functions include:

                1. auditing of the annual financial statements of:
                  1. Commonwealth entities and Commonwealth companies consistent with the PGPA Act,
                  2. subsidiaries of Commonwealth entities and Commonwealth companies consistent with the PGPA Act, and
                  3. the Commonwealth under section 49 of the PGPA Act (Commonwealth consolidated financial statements).
                2. auditing of annual performance statements of Commonwealth entities consistent with the PGPA Act;
                3. performance audits of Commonwealth entities, Commonwealth companies and subsidiaries and Commonwealth partners;
                4. general performance audits under section 18 of the A-G Act;
                5. auditing of performance measures under section 18A of the A-G Act; and
                6. assurance reviews of Commonwealth entities, Commonwealth companies and subsidiaries of a corporate Commonwealth entity or a Commonwealth company.

                  2.65 This Manual (at 2.53) mandates that the ANAO Auditing Standards will apply to all assurance engagements conducted by the ANAO despite the fact that section 24 of the A-G Act does not require the ANAO Auditing Standards to apply to audits conducted under other Acts (except the annual audit of the Commonwealth Financial Statements under the PGPA Act) or audit-related services undertaken by arrangement under section 20.

                  Policy

                  2.66 Unless otherwise determined by the Auditor-General, the ANAO Auditing Standards shall apply to all ANAO assurance engagements, including those within the scope of section 24 of the A-G Act as well as those:

                  1. authorised by section 22 of the A-G Act (a function given to the Auditor-General by an Act other than the PGPA Act); or
                  2. entered into consistent with section 20 of the A-G Act (by arrangement).

                    2.67 The engagement letter shall identify the auditing standards that apply.

                    Guidance

                    2.68 The ANAO Auditing Standards set by the Auditor-General are registered legislative instruments and are publicly available on the Federal Register of Legislation.

                    2.69 It is ANAO practice to incorporate into the ANAO Auditing Standards, by reference, the standards made by the Australian Auditing and Assurance Standards Board (AUASB). The only constraint on the application of AUASB standards is that should an AUASB standard(s) conflict with a legal requirement, the legal requirements prevails.6

                    2.70 The operation of the ANAO Auditing Standards is fully explained in an Explanatory Statement which is also on the Legislation Register.

                    2.71 Some Commonwealth entities are audited under provisions in Acts other than Part 4 Division 1 of the A-G Act and are not therefore within the scope of the section 24 Standards. It is nevertheless appropriate for such bodies to be audited under the ANAO Auditing Standards. For example, the High Court of Australia is not a Commonwealth entity (refer to subsection 10(2) of the PGPA Act). The audit requirements are in the High Court Act 1979.

                    2.72 Some ANAO engagements are undertaken by arrangement under section 20 of the A-G Act. Such an engagement may be with an Australian body not wholly within the Commonwealth’s jurisdiction (for example, a body set up jointly by the Commonwealth and State Governments) or with an international or foreign body.

                    Relationship between the Public Governance, Performance and Accountability Act 2013 and the Corporations Act 2001

                    Background

                    2.73 Section 11 of the A-G Act states that the Auditor-General’s functions include auditing the financial statements of:

                    1. Commonwealth entities;
                    2. Commonwealth companies; and
                    3. subsidiaries of corporate Commonwealth entities and Commonwealth companies.

                      2.74 Section 21 of the A-G Act allows the Auditor-General to accept appointment as an auditor of Commonwealth companies and Commonwealth subsidiaries under the Corporations Act 2001 (Corporations Act).

                      2.75 A Commonwealth company or a Commonwealth subsidiary may choose not to appoint the Auditor-General as their auditor under the provisions of the Corporations Act. However, the Auditor-General is still required by section 11 of the A-G Act and subsections 44(3), 97(3) and 99(3) of the PGPA Act to audit their financial statements in addition to the audit done by the appointed auditor under the Corporations Act. Refer to paragraph 2.71 for exceptions to this requirement.

                      Policy

                      2.76 An Engagement Executive shall endeavour to have the Auditor-General appointed as auditor under the Corporations Act of all entities captured by section 21 of the A-G Act which are within the Engagement Executive’s area of responsibility.

                      2.77 Where an entity seeks to appoint another auditor under the Corporations Act, the Auditor-General shall be notified immediately.

                      Guidance

                      Commonwealth Entities

                      2.78 Audit teams performing engagements consistent with the Corporations Act need to be aware of the relationship between the Corporations Act, the PGPA Act and its impact on the Auditor-General’s mandate about companies controlled by the Commonwealth.

                      2.79 As defined in section 10 of the PGPA Act, Commonwealth entities include: Departments of State; Parliamentary Departments; listed entities; and bodies corporate7. Commonwealth companies are not Commonwealth entities. The High Court and the Future Fund Board of Guardians are also excluded from the definition of Commonwealth entities, under section 10 of the PGPA Act (refer to Diagram 2 PGPA Act structure).

                      2.80 There are two types of Commonwealth entity:

                      1. corporate Commonwealth entities - a Commonwealth entity that is a body corporate; and
                      2. non-corporate Commonwealth entities - a Commonwealth entity that is not a body corporate.

                        2.81 Corporate Commonwealth entities are legally separate from the Commonwealth, whereas non-corporate Commonwealth entities are legally part of the Commonwealth. The Department of Finance maintains the Flipchart of Commonwealth entities and companies which provides a quick reference to which Commonwealth entities are corporate and which are non-corporate Commonwealth entities.

                        2.82 Most bodies that meet the definition of bodies corporate are incorporated for a public purpose by an Act and hold money on their own account. Whether a Commonwealth entity is a body corporate can usually be determined from the provisions in the legislation forming the body. Money is taken to be held on a corporate Commonwealth entity’s own account unless it is relevant money as defined in section 8 of the PGPA Act. The Finance Minister also has the power to make rules that form bodies corporate under section 87 of the PGPA Act.

                        2.83 There are a small number of entities that have a body corporate status but are prescribed as non-corporate Commonwealth entities, for example the Australian Competition and Consumer Commission.

                        2.84 There are also a small number of bodies which are corporate Commonwealth entities but whose enabling legislation states that the PGPA Act applies but only in certain respects. For example, section 4A of the Australian National University Act 1991 modifies the application of the PGPA Act.

                        The particular definitions of ‘Commonwealth ‘company’ and ‘subsidiary’ in the PGPA Act

                        2.85 Subsection 89(1) of the PGPA Act defines a ‘Commonwealth company’ as a Corporations Act company that the Commonwealth controls. However, an entity that is controlled by a corporate Commonwealth entity or a Commonwealth company is referred to in the Act as a ‘subsidiary’, even if it is a company under the Corporations Act.

                        2.86 The distinction is important because the provisions of the PGPA Act applying to Commonwealth companies are sometimes different to those applying to subsidiaries.

                        Application of the Corporations Act

                        2.87 The Corporations Act applies under its own terms to Commonwealth companies and Commonwealth subsidiaries8 that is, nothing in the PGPA Act detracts from the application of the Corporations Act.

                        2.88 There are provisions in the Corporations Act which allow certain companies not to prepare annual financial statements. A Commonwealth subsidiary that meets those requirements can use them not to report under the Corporations Act. However, subsection 97(1) of the PGPA Act requires all Commonwealth companies to give to their responsible Minister a copy of the financial report, directors’ report and auditor’s report that the company would be required to prepare if they were a public company, even if they are exempt under the Corporations Act from preparing annual financial statements.

                        The nature and application of the Auditor-General’s mandate in respect of Commonwealth companies and Commonwealth subsidiaries

                        2.89 An exception to the Auditor-General’s legislative mandate for the audit of the financial statements of a subsidiary exists when the subsidiary is incorporated or formed in a place outside Australia and certain other conditions are met (refer subsections 44(3) and 99(3) of the PGPA Act).

                        Diagram 2: PGPA Act structure

                        Diagrams show the structure of the PGPA Act, including Commonwealth entities, Corporate Commonwealth entities under the PGPA Act and Commonwealth companies.

                        Diagram 3: Decision Tree - ANAO financial statement audit mandate under the PGPA Act

                        Diagram showing a decision tree on how to work out the ANAO financial statements audit mandate under the PGPA Act

                        Audits and Audit Related Services by arrangement under section 20 of the A-G Act

                        Policy

                        2.90 The Auditor-General shall determine whether to accept or continue an audit or audit related service by arrangement under section 20.

                        2.91 The responsible GED shall make a written recommendation to the Auditor-General covering, at a minimum:

                        1. the name of the organisation and the position of the person making the request;
                        2. the reason for requesting the engagement;
                        3. the nature, engagement risk rating and duration of the proposed engagement;
                        4. whether, and on what terms, to accept the request, with supporting rationale;
                        5. the proposed fee to be charged for the engagement, with supporting basis. For ongoing engagements, propose the arrangement for determining fees to be charged in future periods; and how any significant matters identified from the considerations in the guidance to this policy will be managed.

                          2.92 The letter of engagement shall reflect the specific terms and conditions approved by the Auditor-General, including the auditing standards that the engagement will be performed under.

                          2.93 The Auditor-General’s powers to get information under section 32 and ‘to access premises’ under section 33 are not available for arrangements made under section 20. The Auditor-General’s ability to get information shall be agreed in the engagement letter.

                          2.94 An arrangement cannot be entered into unless the person responsible for the subject matter of the proposed engagement personally acknowledges the terms of the engagement in writing.

                          Managing the engagement

                          2.95 If information is obtained that would have caused the responsible GED to recommend declining the engagement, had that information been available earlier, the responsible Engagement Executive shall communicate that information promptly to the Auditor-General with a recommended course of action.

                          2.96 AASG shall provide an annual report to the Deputy Auditor-General on audits and audit related services by arrangement consistent with Monitoring at the Service Group Level.

                          2.97 Subsection 20(2) provides for the Auditor-General to charge fees for an engagement entered into under arrangement. The Auditor-General shall determine the fee at the time of entering into the arrangement. The Auditor-General has delegated the power to determine the fees to be charged for an engagement entered into under section 20 to the Deputy Auditor-General. If the engagement by arrangement covers more than one period, the recommendation shall propose the arrangement for determining the fees to be charged for future periods.

                          2.98 Information obtained when deciding whether to accept or continue a section 20 engagement may be relevant to identifying risks of material misstatement. If relevant, the Engagement Executive shall ensure the information is communicated to the audit team for inclusion in risk assessment procedures.

                          2.99 If the Auditor-General determines that it is appropriate to withdraw from an engagement, the responsible Engagement Executive shall discuss the withdrawal with the appropriate level of the entity’s management and those charged with governance (TCWG). The discussion shall include the reasons for withdrawal, and consideration of whether the withdrawal should be reported to regulatory authorities.

                          Guidance

                          Approving the engagement

                          2.100 This policy deals with the matters to be considered when making a recommendation whether to accept a request to undertake an audit, or audit related service by arrangement, under section 20 of the A-G Act.

                          2.101 An audit by arrangement is an assurance-related service performed by the ANAO of a kind normally performed by auditors (including financial statement and performance audits) that is conducted under an agreement between the ANAO and another party.

                          2.102 Following a proposal or request to enter into an audit or audit related service by arrangement, the AASG/PASG GED should consider and document the following in forming a view as to whether to recommend the request:

                          1. Is the proposed arrangement a mandated Auditor-General function?
                          2. Does the proposed arrangement involve the Auditor-General performing a function that is outside of the Commonwealth’s legislative power?
                          3. Will the preconditions for the engagement be met, as required by the ANAO Auditing Standards?
                          4. Who within the organisation is responsible for the preparation of the report? If the responsibility is not at the accountable authority or Director level, is the signatory appropriate and is there appropriate governance over the report?
                          5. Who are the intended users of the ANAO report?
                          6. Does the proposed arrangement provide the Auditor-General with the ability to report to the responsible Minister and Parliament on the results of the audit?
                          7. Will the ANAO have satisfactory access to information, premises and relevant individuals?
                          8. Are there any questions or concerns over the integrity of the client (key management and TCWG)?
                          9. Will the ANAO have the competence and capabilities, including available time and resources to conduct the engagement?
                          10. Does the engagement pose any risks to compliance with ethical requirements?
                          11. Are there any possible legislative or public interest considerations that impact the recommendation?
                            Legislative requirements

                            2.103 Under subsection 20(1) of the A-G Act the Auditor-General may enter into an arrangement with any person or body to:

                            1. audit financial statements of the person or body; or
                            2. conduct a performance audit of the person or body; or
                            3. provide services to the person or body that are of a kind commonly performed by auditors.

                              2.104 The Auditor-General does not delegate the power to enter into arrangements under section 20.

                              2.105 The Explanatory Memorandum of the original Auditor-General Bill states that audits by arrangement under section 20 may include:

                              1. Audits of Commonwealth Corporations Act companies where the audit is not otherwise permitted or required under the A-G Act.
                              2. Audits of international organisations of which the Commonwealth is a member.
                              3. Provision of services normally performed by auditors and accounting firms including workers’ compensation certificates, comfort letters, investigating accountants’ reports and help in matters of financial administration.
                              4. Audits of organisations or people who are the recipients of Commonwealth grants or benefits.

                                2.106 Section 20 allows the Auditor-General to undertake engagements outside of engagements otherwise mandated by the A-G Act or other legislation, but subsection 20(3) specifies that the Auditor-General must not perform functions for a purpose that is outside of the Commonwealth’s legislative power. The Commonwealth’s legislative powers are set out in section 51 of the Australian Constitution.

                                2.107 When forming the recommendation, if in doubt, the GED should consult with ANAO Legal Services to confirm that a particular matter falls within the Commonwealth’s legislative powers.

                                2.108 Subsection 20(4) allows the Auditor-General to enter into an arrangement with a GBE under section 20.

                                Duration

                                2.109 Requests to conduct engagements by arrangement may be for a specified time period or on an ongoing basis. The Auditor-General’s approval will cover the duration of the engagement as specified in the recommendation. If an approval is limited to a specific time period, extension for a further period will require a further approval from the Auditor-General.

                                Preconditions and acceptance and continuance

                                2.110 The preconditions for the engagement are specified in:

                                1. ASA 210 for an audit of historical financial information;
                                2. ASRE 2410 for a review of a financial report where the ANAO is also the auditor of the annual financial reports;
                                3. ASAE 3000 for assurance engagements other than audits or reviews of historical financial information. For performance audits this is complemented by ASAE 3500.

                                  2.111 Where information is obtained on an existing engagement that would have caused the GED to recommend declining the engagement, the following procedures should be undertaken:

                                  1. consider whether there is a professional, legal or regulatory requirement for the ANAO to continue the engagement, or public interest considerations;
                                  2. discuss with the appropriate level of the entity’s management and those charged with governance the appropriate action that the ANAO might take based on the relevant facts and circumstances; and
                                  3. document significant matters, consultations, conclusions and the basis for the conclusions.
                                    Reporting powers

                                    2.112 The Auditor-General has powers in subsections 25 and 26 of the A-G Act to provide extra reports to responsible Ministers and the Parliament.

                                    Responding to audit requests

                                    Policy

                                    2.113 Each external audit request received shall be considered by the responsible GED and a recommendation shall be made to the Auditor-General who shall determine the course of action to be taken.

                                    2.114 Once the course of action is determined, a response shall be provided to the requestor in a timely manner.

                                    Guidance

                                    2.115 From time-to-time, the Auditor-General receives an external request to examine a matter related to public administration. Such requests commonly originate from parliamentary committees, individual parliamentarians or community groups.

                                    2.116 The available options for responding to a request for a performance audit are:

                                    1. agree to undertake an audit of the matter(s) outlined in the request (objectives and scope of the audit should be expressed consistent with the ANAO’s mandate and policies, which may mean that the objectives and scope are different from that requested);
                                    2. agree to take the request into account in the conduct of an audit in progress or a planned audit;
                                    3. conduct an assurance review of the matters covered by the request. Such reviews can provide limited or reasonable assurance and do not constitute an audit;
                                    4. agree to inquire into the matters and respond by correspondence;
                                    5. agree to take the request into account in future planning for the ANAO’s work program; or
                                    6. take no further action.

                                      2.117 Responses to audit requests are signed by the Auditor-General and published on the ANAO Website - Requests for Audits.

                                      2.118 Where it is intended to proceed to the conduct of an audit or a review, the response should outline the proposed focus of the audit or review (the formal objectives will generally be determined at the time a plan is prepared and approved) and clearly indicate any matters raised in the original request that will not be within the scope of the proposed audit or review.

                                      Audit delegations and authorisations

                                      Background

                                      2.119 Section 29 of the A-G Act allows the Auditor-General to delegate by written instrument the Auditor-General functions and powers.

                                      Policy

                                      2.120 ANAO audit personnel responsible for the performance of an Auditor-General function shall ensure they have a formal delegation or authorisation to perform that function.

                                      2.121 ANAO audit personnel shall exercise the responsibilities of a delegation or authorisation consistent with any conditions attaching.

                                      Guidance

                                      2.122 The A-G Act and other legislation specify the Auditor-General’s functions and powers.

                                      2.123 Section 29 of the A-G Act allows the Auditor-General to delegate, by written instrument, these functions and powers to an official of a non-corporate Commonwealth entity, who must comply with any directions the Auditor-General gives.

                                      2.124 The Auditor-General has delegated some of his functions and powers. He has also given authorisations about his powers to direct staff about the performance of an Auditor-General function and to the access of premises and documents etc.

                                      2.125 An official of a non-corporate Commonwealth entity, as defined in the PGPA Act, means an individual who is in, or forms part of, the entity. Section 38 of the A-G Act lists the following persons as officials of the Audit Office: the Auditor-General; the staff referred to in section 40; and persons engaged under contract as referred to in section 27.

                                      2.126 The delegations made and authorisations given can be found on Audit Central. Responsibility for maintaining the currency of delegations and authorisations on Audit Central rests with CMG, while responsibility for advising when the delegations and authorisations need to be updated rests with AASG and PASG respectively.

                                      Nature of delegations and authorisations

                                      2.127 There is a difference in law between exercising a function as a delegate rather than under authorisation. A delegate exercises a function in their own right, whereas a person authorised to perform a function does so for and on behalf of the person to whom the function belongs. This distinction has some implications, including:

                                      1. Subject to any directions accompanying the delegation, the delegate is given autonomy in performing the function, whereas the person acting for and on behalf of the Auditor-General must perform the function in the way the Auditor-General would, which implies consultation with the Auditor-General.
                                      2. It is appropriate for the person exercising the function to indicate the capacity in which they sign. A delegate states they sign as ‘delegate of the Auditor-General’; a person authorised to perform the functions signs ‘for and on behalf of the Auditor-General’.

                                        2.128 The delegation of a function or power does not prevent the Auditor-General exercising the function or power personally. General guidance on delegations and authorisations can be found in Australian Government Solicitor Legal Briefing No.74 Dec 2004.

                                        Audit delegations

                                        2.129 The Auditor-General’s audit delegations (under the A-G Act unless otherwise indicated) to specified ANAO personnel are listed below and can be found here: Delegations and Authorisations.

                                        Audit delegations specific to ANAO personnel (not limited to specific service groups)
                                        • Section 15 – Conduct and sign reports for audits of annual performance statements of Commonwealth entities agreed to by the Auditor-General.
                                        • Subsection 20(1) (signing powers) – Conduct and sign reports for arrangements agreed to by the Auditor-General to audit financial statements of a person or body; or provide services to the person or body that are of a kind commonly performed by auditors.
                                        • Section 23 – Provision of advice or information.
                                        • Section 27 – Engaging any person under contract to help in the performance of any Auditor-General Function.
                                        Audit Delegations specific to AASG personnel

                                        2.130 The Auditor-General’s audit delegations (under the A-G Act unless otherwise indicated) to specified AASG personnel are listed below:

                                        • Section 11 – Conduct and sign reports for audits of annual financial statements of Commonwealth entities, Commonwealth companies and subsidiaries.
                                        • Section 22 – Conduct and sign reports for functions under other Acts - financial statements audit reports.
                                        • Subsections 26(1) and (2) – Signing extra report to Ministers.
                                        Audit Delegations specific to PASG personnel

                                        2.131 The Auditor-General’s audit delegations (under the A-G Act unless otherwise indicated) to specified PASG personnel are listed below:

                                        • Subsections 19(1), (2), (3), (4) – Provide a copy of a proposed report or extracts of a proposed report.

                                        2.132 These delegations are made subject to the general conditions that in ‘exercising any power or function, a delegate must have due regard to ANAO and Services Group policies and procedures’.

                                        Delegations and the Corporations Act

                                        2.133 Section 1281 of the Corporations Act deems the Auditor-General to be taken to be registered as a company auditor under the Act. Subsection 1281(2) also deems a person to whom the Auditor-General delegates the function of conducting an audit or the power to conduct an audit, to be taken to be registered as a company auditor for the purposes of applying Chapter 2M to the audit. It is important to note that subsection 1281(2) is limited to Chapter 2M of the Corporations Act, and as such, for any audits performed outside of Chapter 2M (e.g. Chapter 7 audits of Regulated Funds and AFSL audits) only the Auditor-General is taken to be registered as auditor.

                                        Appointment and resignation as auditor under the Corporations Act

                                        Background

                                        2.134 The appointment and resignation of auditors for companies is governed by Division 6 of Part 2M.4 of the Corporations Act.

                                        2.135 The directors of a public company must appoint an auditor within one month after the day the company is registered, unless an auditor was appointed at a general meeting (section 327A).

                                        2.136 The directors of a proprietary company may appoint an auditor for the company if an auditor has not been appointed by the company in a general meeting (section 325).

                                        2.137 A company must not appoint an auditor unless the auditor has consented to appointment by written notice to the company, or the directors of the company, before the appointment is made (section 328A).

                                        Policy

                                        2.138 The Auditor-General shall personally exercise his/her power under section 21 of the A-G Act to accept an appointment as auditor under the Corporations Act. This power shall not be delegated. The appointment shall be accepted in writing consistent with the requirements of the A-G Act.

                                        2.139 Before recommending that the Auditor-General accept appointment as a company auditor under the Corporations Act, the Engagement Executive for the engagement shall ensure that the entity is captured by section 21 of the A-G Act.

                                        2.140 When the audit of a company for which the Auditor-General is the appointed auditor under the Corporations Act ceases to be within the Auditor-General’s mandate, the Engagement Executive shall make the necessary arrangements to effect the Auditor-General’s resignation with effect at the time the mandate ceases. The Auditor-General’s resignation as appointed auditor shall be notified in writing, by the Auditor-General, consistent with the requirements of the Corporations Act.

                                        2.141 If it is not possible for the resignation to take effect at the time the mandate ceases, the Engagement Executive shall advise the Auditor-General promptly and shall consider consulting with ANAO Legal Services as to the effect on the indemnity under section 55 of the A-G Act.

                                        Guidance

                                        The Auditor-General must accept and resign appointment

                                        2.142 Proforma letters for the request to appoint (to be sent by the company) and for the Auditor-General’s consent to act are available on the PSRG audit support intranet page.

                                        Conditions for resignation

                                        2.143 The Auditor-General may act as an auditor under the Corporations Act only while the audit is within the Auditor-General’s mandate. If the Auditor-General were to operate outside his/her mandate, the indemnity provided by section 55 of the A-G Act would not operate.

                                        2.144 An audit may come to fall outside the Auditor-General’s mandate for many reasons, such as the Commonwealth selling the company to a private investor.

                                        2.145 Should it appear not to be possible for the Auditor-General to resign as company auditor at the time of loss of mandate, legal advice may be needed to protect the indemnity under section 55 and the Engagement Executive should consult with ANAO Legal Services.

                                        Processes for resignation

                                        2.146 Subdivision B of Division 6 of Part 2M.4, of the Corporations Act, deals with removal and resignation of company auditors. Some provisions differ according to whether the company is a public or proprietary company. Subsections 329(5) to (9) are especially relevant.

                                        2.147 ASIC publishes Regulatory Guides (RGs) and other information relevant to the appointment and resignation of company auditors. RG 26 Resignation of auditors should be referred to.

                                        2.148 Matters dealt with in legislation or in the RG include:

                                        1. the auditor stating reasons for resigning;
                                        2. the consent of ASIC to resignation;
                                        3. the date of effect of resignation, including at other than the company’s annual general meeting;
                                        4. the use of prescribed forms; and
                                        5. fees.

                                          2.149 ASIC consent is not required for an auditor to resign from a proprietary company, unless it holds an Australian Financial Services licence. For a proprietary company that does not hold such a licence, the auditor can resign by giving the company a notice of resignation. The company is then required to lodge a Form 315 Notification of resignation, removal or cessation of auditor (available from ASIC’s website) within 14 days after receiving the notice of resignation from the auditor.

                                          Authority to charge fees

                                          Policy

                                          2.150 Fees for an ANAO engagement shall only be charged where legal authority to do so exists.

                                          2.151 The Engagement Executive shall consider, at the time of first undertaking an engagement, whether authority exists for the ANAO to charge a fee. The authority for charging a fee shall be documented at that time.

                                          2.152 Where the existence of authority to charge a fee is not clear, ANAO Legal Services shall be consulted.

                                          Guidance

                                          2.153 The ANAO may charge a fee for work that it is required to do by law only when the law expressly provides for a fee to be charged or it is implied necessarily that a fee may be charged.

                                          Fee charging under the Auditor-General Act

                                          2.154 Subsection 14(1) of the A-G Act provides that:

                                          A person or body (other than a non-corporate Commonwealth entity) whose annual financial statements are audited as mentioned in section 11 of the A-G Act; or subsection 30(3) of the Governance of Australian Government Superannuation Schemes Act 2011; is liable to pay audit fees for the audit, based on a scale of fees determined by the Auditor-General.9

                                          2.155 Section 14 provides authority for the ANAO to charge audit fees for auditing the financial statements of corporate Commonwealth entities and their subsidiaries and Commonwealth companies and their subsidiaries consistent with the PGPA Act.

                                          2.156 There is no authority under the A-G Act for the ANAO to charge fees for performance auditing or for auditing the financial statements of: non-corporate Commonwealth entities; or a corporate Commonwealth entity that was an Agency under the Financial Management and Accountability Act 1997 as at 30 June 2014, consistent with the Public Governance, Performance and Accountability (Consequential and Transitional Provisions) Act 2014 Schedule 4, Part 2 subsection 57(2). However, there are a small number of Commonwealth entities which are audited under their own legislation rather than consistent with the PGPA Act. The authority to charge a fee for the audit of their financial statements rests with their particular legislation (see below).

                                          2.157 Subsection 16(1) of the A-G Act provides authority for the ANAO to charge audit fees for annual performance statement audits of corporate Commonwealth entities consistent with the PGPA Act.

                                          2.158 Subsection 20(1) of the A-G Act also provides for the ANAO to enter into audits or other services by arrangement. Fees may be charged in these cases.10 Refer to the policy on Audits and Audit Related Services by Arrangement, which notes that audits by arrangement are not Budget-funded and require the recovery of costs to be considered when entering into these arrangements.

                                          Fee charging in other circumstances

                                          2.159 There are some audits undertaken by the ANAO under legislation other than the PGPA Act.

                                          3. Strategic planning

                                          ANAO annual work program

                                          Policy

                                          3.1 Information to help with planning future audit coverage shall be collected on an ongoing basis in the course of conducting ANAO audits.

                                          3.2 The responsible teams for each portfolio shall hold joint meetings to identify risks and determine the preferred way to address the risks in the ANAO’s Annual Audit Work Program.

                                          Guidance

                                          3.3 The Annual Audit Work Program is published annually in July and presents information on financial statement audits, performance audits in progress, a rolling program of potential performance audits and assurance engagements for each government portfolio. The performance audit program also includes cross-entity and whole-of-system performance audits that involve some entities.

                                          3.4 The ANAO’s Annual Audit Work Program is accessible on the ANAO’s website.

                                          3.5 Information that can be useful to collect during an audit for strategic planning purposes includes:

                                          1. entity corporate documents such as Corporate Plans, Risk Management Plans, Internal Audit Programs, audit committee papers, annual reports and other publicly available reports;
                                          2. Joint Committee of Public Accounts and Audit and other parliamentary committee reports;
                                          3. Hansards, including of parliamentary debates, question time, parliamentary committee inquiries and Senate Estimates hearings;
                                          4. media reports, ministerial statements and entity press releases, newspaper and journal articles;
                                          5. external stakeholders, such as relevant peak bodies’ policy submissions; and
                                          6. Budget papers, including Portfolio Budget Statements.

                                            3.6 Other sources of information include meetings with entities, between Service Groups and with the ANAO Executive.

                                            4. Leadership responsibilities for quality

                                            Leadership responsibilities for quality

                                            Background

                                            4.1 Consistent with ASQC 1, ASA 220 and APES 320, the ANAO has policies and procedures to promote an internal culture based on the recognition that quality is essential in performing engagements.

                                            Policy

                                            4.2 The Auditor-General is ultimately responsible for the system of quality control in place for all assurance and related activities undertaken by the ANAO. From an operational perspective, the Deputy Auditor-General is responsible for ensuring that the system of quality control satisfies the requirements of the ANAO Auditing Standards and is helped by the GEDs of PSRG, AASG and PASG and the SED of SADA with this role.

                                            4.3 The PSRG GED is responsible for the design, execution and maintenance of the QAF and for monitoring compliance with that Framework and reporting to the Executive and Audit Committee on the results of such monitoring activities. The PSRG GED is also responsible for the audit methodology applied by the ANAO which supports compliance with the ANAO Auditing Standards. This includes the development of policies and procedures to support that audit methodology.

                                            4.4 The AASG GED, PASG GEDs and SADA SED are responsible for the delivery of services to the required level of quality within their respective business units.

                                            4.5 The AASG and, PASG Engagement Executives and the SADA Executives are responsible for quality within their portfolio of audits and supporting the GED and the SEDs in the delivery and management of quality audit services.

                                            4.6 The CMG SED is responsible for the design, execution and maintenance of policies supporting the Quality Framework in respect of Human Resources, IT security and support, External Communications and Learning and Development.

                                            4.7 The ANAO Quality Committee is responsible for monitoring the implementation of the ANAO quality framework and reporting to the Executive Board of Management (EBOM) on this implementation.

                                            4.8 All ANAO staff shall have regard to the following definition of audit quality in the conduct of their work:

                                            Audit quality is the provision of timely, accurate and relevant audits, performed independently consistent with the A-G Act, ANAO auditing standards and methodologies, which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

                                            Guidance

                                            4.9 The Auditor-General assigns responsibility for quality of audit delivery to the AASG GED, PASG GEDs and SADA SED. To meet this responsibility AASG, PASG and SADA need to manage their audits and business so that all AASG, PASG and SADA staff appreciate that:

                                            1. all team members are expected to maintain a high level of quality in all assigned tasks;
                                            2. quality will not be compromised by budgetary or timing considerations on assignments;
                                            3. ANAO policies need to be consistently followed by all team members;
                                            4. team members’ annual performance reviews consider performance against the ANAO Capability Framework which includes the capabilities of Trusted Expertise and Rigorous Analysis and Sound Judgement that demonstrate commitments to quality (including training);
                                            5. training, and attendance at appropriate training, is recognised as a key component to ensuring quality is maintained; and
                                            6. sufficient resources will be devoted for the support and execution of quality control policies and procedures.
                                              Promoting an internal culture of quality

                                              4.10 EBOM’s leadership, and the example it sets, significantly influences the internal culture of the ANAO. The promotion of a quality-oriented internal culture depends on clear, consistent and frequent actions and messages from all levels of ANAO management, including Audit Managers, which emphasise quality control policies and procedures, and the requirement to:

                                              1. perform work that complies with applicable auditing and professional standards and legal and regulatory requirements; and
                                              2. issue reports that are appropriate in the circumstances.

                                                4.11 Such actions and messages encourage a culture that recognises and rewards high quality work. These actions and messages may be communicated by, but are not limited to, training seminars, meetings, formal or informal dialogue or internal minutes. They may be incorporated in internal documentation and training materials, and in Executive and staff appraisal procedures such that they will support and reinforce the ANAO view on the importance of quality and how, practically, it is to be achieved.

                                                4.12 EBOM recognises that the ANAO’s business strategy requires achievement of quality in all engagements. Promoting such an internal culture includes:

                                                1. application of ANAO policies and procedures that address performance evaluation, compensation, and promotion (including incentive systems) of personnel, to demonstrate commitment to quality;
                                                2. assignment of a volume of work to Engagement Executives and Audit Managers which will not adversely affect the quality of work performed; and
                                                3. provision of sufficient and appropriate resources for the support and execution of quality control policies and procedures.

                                                  5. Professional, ethical and independence requirements

                                                  Professional ethical and independence requirements

                                                  Background

                                                  5.1 The ANAO Auditing Standards incorporate all standards issued by the AUASB according to paragraph 227B(1)(a) of the ASIC Act and section 336 of the Corporations Act; relevant standards formulated by the AUASB according to paragraph 227B(1)(b) of the ASIC Act; and relevant auditing and assurance standards issued by standard-setting bodies other than the AUASB as appropriate. ASQC 1 is included as a standard issued by the AUASB according to paragraph 227B(1)(a) of the ASIC Act and section 336 of the Corporations Act. In addition, compliance with the AUASB standards formulated according to paragraph 227B(1)(b) of the ASIC Act, including ASAE 3000 and ASAE 3500, requires compliance with ASQC 1.

                                                  5.2 Adoption of ASQC 1 requires the ANAO to create policies and procedures designed to provide reasonable assurance that the ANAO and its personnel comply with relevant ethical requirements. Relevant ethical requirements is defined in the ANAO Auditing Standards and include the applicable requirements of APES 110 Code of Ethics for Professional Accountants issued by the APESB, applicable provisions of the Corporations Act 2001 and other applicable law or regulation.

                                                  5.3 The application of ASQC 1 in the context of the ANAO is that the ANAO is a ‘firm’ that performs audits and reviews of financial statements and other historical financial information and other assurance engagements. The requirements of ASQC 1 are firm-wide and all ANAO audit staff and contractors are required to comply with the relevant ethical requirements.

                                                  Policy

                                                  5.4 The requirements of APES 110 and ASQC 1 apply to assurance work conducted by the ANAO, except to the extent, if any, that these requirements conflict with legislative requirements.

                                                  5.5 If a possible conflict between the requirements of APES 110 or ASQC 1 and relevant legislation is identified, the matter shall be referred to the responsible GED and the PSRG GED.

                                                  5.6 All ANAO staff and contractors shall comply with the ANAO Independence Policy.

                                                  Guidance

                                                  5.7 The ethical requirements of APES 110 apply in addition to the ethical requirements that apply to ANAO staff as members of the Office and as Commonwealth public servants. ANAO staff are bound by the ANAO Values and Behaviours and the Australian Public Service (APS) Values and Code of Conduct made under the Public Service Act 1999. The Values and Code of Conduct are promoted through the publication: Guide to Conduct in the Australian National Audit Office. ANAO staff are also bound by the General Duties of Officials under Division 3 of the PGPA Act.

                                                  Ethical requirements relevant to assurance engagements

                                                  5.8 ASA 102 requires the auditor to comply with relevant ethical requirements, including those pertaining to independence, when performing audits, reviews and other assurance engagements. ASA 102 explains that ethical requirements relating to assurance engagements include the requirements of the APES 110. The fundamental principles of professional ethics in APES 110 include:

                                                  1. integrity;
                                                  2. objectivity;
                                                  3. professional competence and due care;
                                                  4. confidentiality; and
                                                  5. professional behaviour.

                                                    5.9 The concept of Independence is fundamental to compliance with the principles of integrity and objectivity. The Independence section of APES 110 applies in addition to requirements in legislation (e.g. the Corporations Act). The policies in this Manual and the ANAO Independence Policy cover the various requirements.

                                                    5.10 It is also important to note that the ANAO, on occasion, may impose requirements that go beyond the requirements of APES 110; for example, the ANAO may take a stricter line on the provision of other services by audit contractors to an ANAO auditee on which the contractor is engaged.

                                                    6. Human resources

                                                    Assignment of engagement teams

                                                    Background

                                                    6.1 Under ASA 220, ASQC 1, APES 320 and ASAE 3500, the ANAO is required to have policies and procedures to assign appropriate personnel to assurance engagements to enable the ANAO to issue reports that are appropriate in the circumstances.

                                                    Policy

                                                    6.2 The GED or the GED’s nominee shall allocate Engagement Executives, audit managers and other key personnel to assurance engagements, taking into account the appropriate skill level and their capability, competence and time available to perform the engagement.

                                                    6.3 The Engagement Executive and audit manager shall assess and document, for each engagement, the need to get specialist skills, including engaging Systems Assurance and Data Analytics (SADA).

                                                    6.4 For engagements where it has been determined that SADA will be involved, the SED SADA or the Executive Director SADA shall be the SADA Executive, unless an alternative person is approved by the SED SADA to fulfil the SADA Executive role. An alternative person will only be able to fulfil the SADA Executive role for low or moderate risk engagements.

                                                    6.5 The Engagement Executive shall monitor the allocation of personnel to engagements throughout the audit cycle. Any concerns are to be raised immediately with the responsible SED or GED.

                                                    Guidance

                                                    Assignment of engagement teams

                                                    6.6 The AASG Resourcing Officer provides a draft allocation to the AASG SES for review and discussion before the beginning of each audit cycle. This process is necessary to ensure that personnel are matched to jobs which meet their capabilities in the appropriate numbers.

                                                    6.7 The PASG Practice Manager allocates audit team members to audits following appropriate consultation to ensure the most efficient use of capability across the service group.

                                                    6.8 When allocating personnel to engagements with the potential to uncover challenging content, the HR Team should be consulted to arrange additional support for audit team members.

                                                    Engaging SADA

                                                    6.9 The extent of SADA involvement in any audit engagement can vary significantly. Therefore, engagement with SADA is a highly consultative process. Audit Managers and SADA Managers need to consult with each other during both the planning and execution phases of the audit.

                                                    6.10 The Engagement Executive and Audit Manager should assess the following factors when determining whether to engage SADA:

                                                    1. the client has a moderate or high complexity IT environment;
                                                    2. audit procedures over IT General controls or applications are required to get sufficient appropriate evidence, or in the most efficient manner;
                                                    3. possible risks arise from information that is processed using significant processing systems;
                                                    4. the audit identified for the current period or for prior periods that it may not be possible or practicable to get sufficient appropriate evidence from substantive procedures alone;
                                                    5. the audit team is planning to rely on system-generated reports to complete audit testing; and
                                                    6. the client has undertaken, or is planning to undertake, a major change to the IT environment.
                                                      Managing and Responding to Threats

                                                      6.11 Staff who receive threats of self-harm or suicide from a person, threats to others or threats to property either during the course of an engagement or outside the course of an engagement should consult the ANAO Managing and Responding to Threats policy. Advice and support should also be sought from the HR Team.

                                                      Continuing professional development

                                                      Background

                                                      6.12 Under ASQC 1, the ANAO ‘shall establish policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with the competence, capabilities, and commitment to ethical principles necessary to:

                                                      1. Perform engagements consistent with AUASB Standards, relevant ethical requirements, and applicable legal and regulatory requirements; and
                                                      2. Enable the firm or engagement partners to issue reports that are appropriate in the circumstances.’ (para 29)

                                                        Policy

                                                        6.13 All staff shall complete a minimum of 20 hours of professional development per financial year.

                                                        6.14 All audit staff are expected to fulfil the professional development requirements of the professional bodies of which they are members.

                                                        Guidance

                                                        6.15 Competence is developed through a variety of methods such as continuing professional development, including training. Continuing professional development is an essential means of staff maintaining their knowledge and capabilities.

                                                        6.16 Technical training can be in the form of formal presentations, such as technical updates, conferences, e-learning or time spent in preparation of presentations of technical training. Typically Continuing Professional Development (CPD) hours for the preparation of technical training equals three hours per one hour of presented material, e.g. a two hour presentation equals six hours of eligible preparation CPD hours. Table 1 outlines activities that are recognised as qualifying professional development activities (adapted from CAANZ Regulations). This can be used by all staff as a guide for professional development activities that are acceptable under ANAO policy, provided they relate directly to relevant auditing, accounting or Australian Government legal frameworks.

                                                        Table 1: Activities which will be recognised as qualifying for formal Training and Development include the following:

                                                        As a guide, formal CPD would normally include the following activities:

                                                        (a)

                                                        Congresses, Business Forums and conventions presented by a professional accounting body;

                                                        (b)

                                                        Courses, seminars, workshops, lectures and other professional educational activities presented by a professional body (1 hour or more).

                                                        (c)

                                                        Meetings of professional body technical discussion groups (1 hour or more). Formal meetings of professional body discussion groups which provide a structured forum for exchange of technical information relevant to individual and Affiliate Members with a common interest;

                                                        (d)

                                                        “In-house” courses, or similar activity provided or arranged by the ANAO related to the development, maintenance or expansion of professional competence. Training involving purely administrative tasks of a non- professional nature such as completing employer time sheets would not count towards CPD;

                                                        (e)

                                                        Tertiary courses presented by educational institutions. Courses conducted by tertiary institutions leading to a Degree, Diploma, or Post Graduate qualification. Contact time (lectures, exams and tutorials) may be claimed, as well as time spent in the research and writing of essays;

                                                        (f)

                                                        Appropriate educational and developmental activities presented under the auspices of academic institutions, commercial establishments or other professional bodies (1 hour or more). Extramural courses presented by tertiary institutions, seminars, courses, lectures, residential schools, conventions or other technical activities presented independently or jointly by tertiary institutions, commercial educational establishments or professional bodies;

                                                        (g)

                                                        Researching and writing technical publications, preparation and delivery of technical papers. Actual time engaged in researching material and writing technical publications may be claimed, whether the final product is in the form of a text book, an article in a professional journal or the presentation of an address. This should not include time devoted to layout, artwork, design or similar issues.

                                                        Time spent in preparation and presentation of lectures, courses and seminars and at workshops and discussion groups, may be claimed except for repeats of presentations which are substantially similar in form and content. The preparation and presentation of an address on a topic relevant to the auditing profession may also be claimed. As a guide, three hours preparation may be claimed for each presentation hour, although this will obviously vary according to the complexity of the subject matter and the presenter’s familiarity with the topic;

                                                        (h)

                                                        Service on technical or research committees under the auspices of professional bodies or organisations. Membership of technical or research committees or study groups where objectives are defined and specific contributions required of individual members, usually involving both independent and collective study, review and analysis of designed material. For instance, Boards and Committees of the Australian or international standard-setting bodies; government sponsored advisory panels required to submit recommendations on issues about accountancy or finance; or course advisory committees created by educational institutions;

                                                        (i)

                                                        Programmed self-study through a third party provider, including self-study video or audio packages. Structured study programs designed for the individual which may or may not involve interaction with tutors or other individuals and may or may not include assignments, exercises or tests, whether these are submitted for assessment. Structured self-study courses may include several learning media or distance learning aids, e.g. notes combined with audio or video tapes; computerised or other electronic links;

                                                        (j)

                                                        Reading of Technical Literature. Reading of professional journals, technical bulletins and releases and research projects to the extent of 30 hours per triennium may be claimed as Training and Development but not exceeding 10 hours in any one year; Reading of new accounting and audit standards; All of the aforesaid activities, except the reading of technical literature, would be regarded as formal Training and Development.

                                                           

                                                        7. Communication and relationship with the auditee

                                                        Attending audit committee meetings

                                                        Policy

                                                        7.1 The ANAO shall attend11, as observers, audit committee meetings of Commonwealth entities and Commonwealth companies as are reasonably practicable, taking into account the following factors:

                                                        1. the extent and nature of governance, system, risk or program issues under consideration by the Committee;
                                                        2. the importance of the ANAO’s attendance in maintaining effective relationships;
                                                        3. the extent and nature of the ANAO’s performance audit coverage; and
                                                        4. in some cases, the role of the ANAO’s contract auditor.

                                                          7.2 As a minimum, the AASG Engagement Executive, or nominated AASG representative, will plan to attend the audit committee meetings of all Commonwealth entities and Commonwealth companies at which the committee reviews the entity’s annual financial statements.

                                                          7.3 Priority will be given to an ANAO representative(s) attending meetings of the audit committee of Commonwealth entities and Commonwealth companies that are material to the preparation of the Consolidated Financial Statements of the Australian Government.12

                                                          7.4 Attendance at audit committee meetings of non-material entities will be determined on a case by case basis by the responsible AASG Engagement Executive, in consultation as required, with the responsible PASG Engagement Executive.

                                                          7.5 The responsible AASG Engagement Executive shall take the lead role in representing the ANAO at audit committee meetings. A representative of PASG shall attend the audit committee meeting on a case by case basis. At a minimum, the responsible PASG representative will provide a briefing to the AASG representative, sufficient to enable the audit committee to be informed about the progress of any performance audits, including cross-entity audits, in progress in the entity, and on key issues arising from the audits at the time of the audit committee meeting.

                                                          7.6 It is expected that the ANAO will have a standing invitation to attend all audit committee meetings for all agenda items.13 In circumstances where this is not the case, and where agreement cannot be reached through discussions between the responsible Engagement Executive and GED and the entity, the Auditor-General shall be advised.

                                                          Guidance

                                                          7.7 Audit committees of Commonwealth entities and Commonwealth companies are an important element of an entity’s governance arrangements and are a key point of contact for the ANAO.

                                                          7.8 As an observer, the ANAO representative should speak to matters relating to the ANAO and provide such other help to the committee as required.

                                                          7.9 The ANAO attends audit committee meetings:

                                                          1. to meet our obligations under the auditing standards, including:
                                                            1. about fraud in relation to an audit, formally raising for discussion the risk of fraud and material misstatement at one or more audit committee meetings and, where possible, have the minutes record the discussion (ASA 240.21-22)14; and
                                                            2. communicating an overview of the planned scope and timing of the financial statement audit, via the Audit Strategy Document (ASA 260.15).
                                                          2. ANAO attendance at audit committee meetings is an opportunity to brief committees on entity-specific financial statement and performance audit coverage and assurance reviews where applicable, as well as to make a ‘value-added’ contribution by bringing an APS wide perspective obtained through our work across the public sector. The nature and extent of our interaction with committees needs to recognise the role that individual committees have in reviewing an entity’s financial statements and recommending their signing by the entity’s accountable authority and any role that they have been requested by the accountable authority to have about individual performance audits;
                                                          3. contribute our knowledge and experience to the agenda of the meeting;
                                                          4. inform, and be informed, of any significant issues arising which have the potential to have an untoward effect on the integrity of financial reporting or administration of the entity; and, to the extent practicable, agree on steps to overcome such issues, or to minimise their effect;
                                                          5. encourage open discussion on issues affecting the performance of entities through the mature handling of information from the entity, considered as part of the audit of the entity;
                                                          6. advise the committee of the auditor’s responsibilities about the financial statements audit and of any scheduled performance audits and their objectives;
                                                          7. enable an unrestricted, frank and confidential exchange (the audit committee members and the ANAO representative only should meet with independent members at least annually);
                                                          8. discuss the effectiveness of the internal controls structure and risk management;
                                                          9. present emerging accounting policy, accounting and auditing issues for consideration;
                                                          10. provide ongoing assurance on independence where sub-contract arrangements have changed; and
                                                          11. enable feedback on the effectiveness of communication and reporting between the ANAO and the committee.

                                                            7.10 The AASG Engagement Executive usually attends the audit committee as the ANAO representative, however where necessary, another senior officer may attend as a replacement. It is important that ANAO representatives read committee papers in advance of committee meetings and be prepared, to the extent practicable, to respond to questions and issues that arise from agenda items. This may require consultation with other areas of the ANAO before committee meetings. Where a question or issue is taken on notice, it is important that a response, through the committee Chair or committee secretariat, be provided in a timely manner. Where possible, the Chair should be advised, directly or via the committee secretariat, of ANAO attendance at each meeting.

                                                            7.11 In circumstances where a committee seeks to limit ANAO attendance at some or all committee meetings, a senior ANAO representative should discuss with the committee Chair the ANAO’s expectation that the ANAO will have a standing invitation to attend all meetings as an observer. Having a standing invitation at audit committee meetings is considered important so that the ANAO is aware of issues potentially impacting the entity’s control environment and to help in maintaining effective relationships with the committee.

                                                            7.12 The content of reports to audit committees will vary depending on the phase of the audit cycle. Examples of content are as follows:

                                                            1. Summary Corporate activity update prepared by PSRG.
                                                            2. Status of financial statements audit activity within the entity.
                                                            3. Status of relevant performance or other audits in progress.
                                                            4. Any issues that will be reported to the Minister or Parliament must be advised to the audit committee.
                                                            5. Non-trivial findings arising from the audit.
                                                            6. Depending on the timing of the audit committee meeting, provide and discuss the draft closing report.
                                                            7. Advise on final reports to the Minister and Parliament.

                                                              7.13 Information included in a committee briefing should have been discussed or formally communicated to entity management. Committee briefings will be at a relatively high level and consistent with the periodic briefings provided to senior management of the entity. Where further detail is sought on a particular audit, such as cross-entity audits or audits that are sensitive, it may be appropriate to offer the committee a separate briefing from the responsible audit team so that the committee is aware of the potential exposure of the entity to any significant risks or issues.

                                                              7.14 It is a matter of good practice for the accountable authority to consider draft and proposed reports, the recommendations and the position it will take in responding. The Auditor-General has agreed that accountable authorities of entities may decide to disclose on a confidential basis, draft and proposed reports provided under section 19 of the Act to their audit committees. This consent was given because audit committees have a key role in monitoring entity risks and the implementation of any changes proposed in audit reports. The ANAO advises those who receive draft and proposed reports to treat the material as confidential and the provision of proposed reports to an audit committee is made on the condition that the report will continue to be treated as confidential.

                                                              7.15 Most or all members of the audit committees of corporate Commonwealth entities will be members of the corporate Commonwealth entity’s Board, and these Board members will have an interest in reviewing a section 19 draft report given their overall responsibility for the operation of the entity.

                                                              7.16 The accountable authority of a corporate Commonwealth entity who is provided the section 19 report (generally the Chair of the Board) can disclose the contents of the report to other Board members15, while advising the accountable authority to restrict distribution of the report to those with a ‘need to know’.

                                                              7.17 It is important that when reports are finalised, audit committees are briefed about the conclusions and that the organisational implications are discussed.

                                                              Management and those charged with governance

                                                              Policy

                                                              7.18 The Engagement Executive shall determine the identity of TCWG, with whom audit matters are to be communicated where required by the auditing standards, ANAO policy or legislation.

                                                              7.19 Such communications may be made with a subgroup of TCWG. In these cases, the Engagement Executive shall consider whether there is a need to communicate also with the whole group.

                                                              7.20 The Engagement Executive shall communicate with TCWG the form, timing and expected general content of communications.

                                                              7.21 The Engagement Executive shall be satisfied that all persons charged with governance receive any written auditor’s communications intended for TCWG on a timely basis.

                                                              7.22 The Engagement Executive shall evaluate whether the two-way communication with TCWG has been adequate for the purposes of the audit. If it has not, the Engagement Executive shall determine if there is any effect on the assessment of the risks of material misstatement and ability to get sufficient appropriate audit evidence and take appropriate action.16

                                                              Guidance

                                                              7.23 TCWG is defined as the person(s) or organisation(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting process. For some entities, those charged with governance may include management personnel, for example, executive members of a governance board of a corporate commonwealth entity.

                                                              7.24 Management is defined as the person(s) with executive responsibility for the conduct of the entity’s operations. For some entities, management includes some or all of those charged with governance, for example, executive members of a governance board.

                                                              7.25 For Commonwealth entities under the PGPA Act, the accountable authority is charged with governance. The accountable authority of a non-corporate Commonwealth entity is the Secretary of the Department or Parliamentary Department, or for a listed entity the person prescribed in the Act or the rules to be the accountable authority (refer to PGPA Act subsection 12(2)).17 In the case of a corporate Commonwealth entity the accountable authority is the governing body of the entity, usually a board of directors (however described), unless otherwise prescribed by an Act or the rules.

                                                              7.26 The concept of an accountable authority applies only to Commonwealth entities. In a Commonwealth company or a subsidiary company the board of directors are TCWG.

                                                              7.27 In addition to departmental secretaries, members of the audit committees of Commonwealth entities, companies and subsidiaries are, in the absence of conflicting information, presumed to be persons charged with governance. Refer to the extracts at paragraphs 7.32 and 7.33 of the legislative requirements for audit committees for Commonwealth entities under the PGPA Act.

                                                              7.28 There may be other persons charged with governance within Commonwealth entities.

                                                              7.29 The auditing standards permit communication with a sub-group of TCWG where appropriate, and the intention of ASA 260 Communication with Those Charged with Governance is to cater for the wide variety of governance structures that exist throughout the world, including those applying in public sector entities. In deciding with whom to communicate, the auditor’s understanding of an entity’s governance structure and processes is relevant. The appropriate person(s) with whom to communicate may also vary depending on the matter to be communicated.

                                                              7.30 For corporate Commonwealth entities and Commonwealth companies the audit committee is usually a subset of the board. Guidance in ASA 260 provides that while “the specific authority and functions of audit committees may differ, communication with the audit committee, where one exists has become a key element in the auditor’s communication with those charged with governance” (ASA 260.A7).

                                                              7.31 ANAO policy on matters to be communicated to TCWG and the timing of those communications are in paragraphs 7.18 to 7.22. This policy should be read in conjunction with the policy on Attending Audit Committee meetings.

                                                              7.32 Refer to PGPA Act 2013, section 45 Audit committee for Commonwealth entities and PGPA Rule 2014 Division 3---Audit Committee for Commonwealth entities, Section 17 Audit committee for Commonwealth entities for the legislative requirements of audit committees.

                                                              8. Engagement performance

                                                              Direction, supervision and review

                                                              Background

                                                              8.1 ASA 220 and ASQC 1 require policies and procedures for direction, supervision and performance and reviews of audit staff and work.

                                                              Policy

                                                              8.2 Auditors shall be provided with levels of direction, supervision and on the job training appropriate to their skills and experience. It is the responsibility of the Engagement Executive to ensure that this is provided to all auditors working on an engagement.

                                                              8.3 Review responsibilities shall be allocated on the basis that the more experienced auditors, including Engagement Executives, review work performed by the less experienced members of the engagement team.18

                                                              8.4 In performing reviews of audit work:

                                                              1. all work performed shall be reviewed in full;
                                                              2. the Engagement Executive shall review a sufficient quantity of the work performed to ensure that the work has been properly performed and appropriate conclusions reached, given the evidence referenced;
                                                              3. reviews shall be conducted in a timely fashion at appropriate stages during the audit;
                                                              4. where agreed by the Engagement Executive, review can occur as a peer review. Audit Managers may examine IT work performed by a more senior auditor for integration into the audit work;
                                                              5. all reviews shall be evidenced by signature and date (electronic or otherwise) on relevant working papers; and
                                                              6. at the end of the audit, review notes shall be removed from the working paper file. Accordingly, information provided as a result of requests in review notes needs to be documented in working papers.

                                                                Guidance

                                                                8.5 As a general rule, the more experienced and senior the officer, the less supervision and direction is required.

                                                                8.6 Direction of the engagement team involves informing team members of:

                                                                1. their responsibilities, including the need to comply with relevant ethical requirements and exercise professional scepticism;
                                                                2. the responsibilities of the Engagement Executive, Signing Officer (SO) (if applicable) and Engagement Quality Control Reviewer (EQCR) (if applicable);
                                                                3. the objectives of the work to be performed;
                                                                4. the nature of the entity’s business and associated risks, problems that may arise and the detailed approach to performance of the audit; and
                                                                5. relationship management techniques for ensuring a positive professional relationship with audited entities is maintained.

                                                                  8.7 Supervision includes the following:19

                                                                  1. tracking the progress of the audit engagement;
                                                                  2. consideration of the capabilities and competence of the individual members of the engagement team, whether they have sufficient time to carry out their work, whether they understand their instructions and whether the work is being carried out in accordance with the planned approach to the engagement, and the time and budget allocated;
                                                                  3. addressing significant matters and risks arising during the audit engagement, considering their significance and modifying the audit plan accordingly;
                                                                  4. identifying matters for consultation or consideration by more experience engagement team members during the engagement; and
                                                                  5. identifying instances which require rapid escalation to ensure audit timeframes are met and relationships are maintained.

                                                                    8.8 The ANAO Core Capability Framework provides guidance to auditors on the role of supervision for their level.

                                                                    8.9 Review of work completed, by reference to the working papers and other documentation, is a fundamental part of the audit process. Reviewers consider whether:

                                                                    1. the audit work is performed consistent with the professional standards including the ANAO Auditing Standards, regulatory and legal requirements and the policies of the ANAO;
                                                                    2. significant matters have been raised with the Audit Manager or Engagement Executive for further consideration;
                                                                    3. appropriate consultations have taken place with the resulting conclusions documented and implemented (see Consultation policy);
                                                                    4. the planned nature, timing and extent of audit procedures have been revised where required;
                                                                    5. the work performed supports the conclusions reached and are appropriately documented;
                                                                    6. the audit evidence is sufficient and appropriate to support the audit report; and
                                                                    7. the objectives of the audit engagement have been achieved. 20

                                                                      8.10 It is the responsibility of the Engagement Executive to ensure that audit work, including procedures in the electronic working papers, are reviewed and evidenced as having been reviewed consistent with the ANAO policies in this Manual21. However, this does not require that the review is only performed by the Engagement Executive or the Audit Manager. The level of review depends on the risk of the items and the complexity of the audit work being performed. For example, the Audit Manager or the Engagement Executive may allocate lower risk items, completed by less experienced members of the engagement team (e.g. junior auditor) to be reviewed by a more experienced engagement team member (e.g. Team Leader or Senior Auditor). In particular the Engagement Executive should review:

                                                                      1. critical areas of judgment, especially those relating to difficult or contentious matters;
                                                                      2. significant risks; and
                                                                      3. any other areas the Engagement Executive considers important.

                                                                        8.11 Quality control of IT aspects of audits is the responsibility of the Senior Executive Director of SADA. The SADA Manager would, however, review the work of the IT team members where such a team was involved. Further, the Engagement Executive and Audit Manager should also conduct sufficient review of IT aspects of the audit so as to enable those auditors to have a sufficient understanding of all components of the audit.

                                                                        Consultation

                                                                        Background

                                                                        8.12 Auditors often have to deal with accounting or auditing issues that are difficult or contentious. ASQC 1 requires policies and procedures that give the ANAO reasonable assurance that appropriate consultation takes place in these circumstances, and that the outcomes are appropriately documented and implemented.

                                                                        8.13 The standards also make the Engagement Executive responsible for ensuring that consultation is undertaken and appropriate, and that it is concluded, documented, agreed and implemented.

                                                                        Policy

                                                                        8.14 The engagement team shall bring to the attention of the Engagement Executive all matters they believe are difficult or contentious.

                                                                        8.15 The Engagement Executive shall ensure appropriate consultation on difficult or contentious matters is undertaken (whether on an in-house or contracted out audit). Where a difficult or contentious matter is identified, the Engagement Executive shall consult with:

                                                                        1. the EQCR and Second Reviewer, if appointed to the audit;
                                                                        2. the responsible GED; and
                                                                        3. where appropriate, with PSRG.

                                                                          8.16 The following matters are deemed to be difficult or contentious:

                                                                          1. any matter required to be referred to the Qualifications and Technical Advisory Committee (QTAC);
                                                                          2. a proposed material restatement of the previous period’s financial statements (including note disclosure), refer to ANAO Audit Manual — AASG Specific, paragraph 113.1622;
                                                                          3. a financial statement accounting or reporting policy change that is not the result of a change in an accounting standard or other reporting requirement;
                                                                          4. deferrals of departmental appropriation revenue;
                                                                          5. situations where facts become known after the auditor’s report has been signed which would have changed the financial statements or the auditor’s report had they been known at the time;
                                                                          6. situations where the financial statements or auditor’s report which have been made public are not the same as the ANAO audit file versions;
                                                                          7. situations where a serious lack of corporate governance is apparent;
                                                                          8. actual or suspected criminal acts, including bribery of a foreign public official and fraud (particularly of a large or systematic nature). The Engagement Executive shall seek direction from a GED without delay when this is identified (whether by the engagement team or by the entity);
                                                                          9. when requested to conduct an assurance review;
                                                                          10. when the relevant minister has requested a briefing;
                                                                          11. sensitive matters that may affect a performance audit’s key findings or overall conclusion;
                                                                          12. when requested to not disclose sensitive information on the grounds of Cabinet or commercial confidentiality, or under subsection 37(1)(a) of the A-G Act; or
                                                                          13. if advised orally or in writing of a possible referral to the Attorney-General under subsection 37(1)(b) of the A-G Act.

                                                                            8.17 The Engagement Executive shall consult with PSRG on the following financial statement audit matters:

                                                                            1. auditor report on ceasing Commonwealth entities23;
                                                                            2. auditor reporting of non-compliance with section 83 of the Constitution;
                                                                            3. correspondence with a regulator (e.g. responding to regulator comments following a file inspection by APRA or ASIC);
                                                                            4. breaches of the Corporations Act 2001 requiring reporting to ASIC, including under sections 311 and 990K; and
                                                                            5. issues where external advice is being sought. Audit teams shall consult PSRG in the first instance to see if similar advice has been received in the past.

                                                                              8.18 A copy of any external advice on any matter relevant to the interpretation of an accounting standard, the financial framework (including legal opinions) or audit methodology shall be provided to PSRG when received. This includes advice provided by the client to the audit team.

                                                                              8.19 The Engagement Executive shall, on an annual basis:

                                                                              1. review consultations, relevant to current year’s audit, sought on previous years’ difficult and contentious matters, including matters required by paragraph 8.18; and
                                                                              2. determine whether re-consultation is required to ensure that conclusions reached remain relevant and appropriate.

                                                                                8.20 Where the Engagement Executive determines that re-consultation is required on previous year’s difficult and contentious matters, the Engagement Executive shall re-consult with:

                                                                                1. the EQCR and Second Reviewer, if appointed to the audit;
                                                                                2. the GED; and
                                                                                3. where appropriate, with PSRG.

                                                                                  8.21 Where the Engagement Executive determines that re-consultation is required on matters required by paragraph 8.17, the Engagement Executive shall re-consult with PSRG.

                                                                                  8.22 Those consulted shall be given all the relevant facts that will enable them to provide informed advice on technical, ethical or other matters.

                                                                                  8.23 The engagement team shall:

                                                                                  1. document the nature and scope of, and conclusions resulting from, such consultations;
                                                                                  2. confirm the documentation with the party consulted; and
                                                                                  3. implement the conclusions resulting from consideration of the consultation.

                                                                                    Guidance

                                                                                    AASG communication protocols

                                                                                    8.24 AASG protocols require topical issues to be communicated to a GED on a timely basis and to be reported promptly to the ANAO Executive in AASG’s Weekly Operational Report. The list of topical issues is to include difficult or contentious matters identified by Engagement Executives and all other matters on which consultation is required.

                                                                                    8.25 In addition, the Signing Officer Technical Forum provides an opportunity to communicate new or unusual accounting and auditing matters. This will raise awareness of the matter and allow for the exchange of views.

                                                                                    PASG communication protocols

                                                                                    8.26 PASG protocols require performance audit issues to be communicated to a GED through regular progress review meetings. Issues of high sensitivity should be reported promptly to the responsible GED, and to the ANAO Executive in PASG’s Weekly Operational Report.

                                                                                    When to consult

                                                                                    8.27 Engagement teams should take advantage of opportunities to consult with others within the ANAO (without breaching confidentiality or security requirements) when forming views or opinions and taking actions for reaching decisions.

                                                                                    8.28 Other than matters on which consultation is required by ANAO Policy, it is a matter of judgement as to whether consultation should be sought. If in doubt, it is prudent to err on the side of caution.

                                                                                    8.29 There will generally be greater need to consult in the early years of a new financial reporting (standard or rule), auditing or legal requirement than after most teams have obtained substantial experience applying the requirement.

                                                                                    8.30 A consultation can be differentiated from an enquiry. A consultation (which may also be referred to as a formal consultation) is a discussion in which the engagement team wants to get an objective view or receive guidance regarding a specific set of facts and circumstances. There are certain requirements that both the engagement team and the consultant need to satisfy for the consultation to be effective, including appropriate documentation and implementation of conclusions resulting from consideration of the consultation.

                                                                                    8.31 Enquiries are other types of discussions which are not consultations; for example a ‘point me in the right direction’ or ‘have you seen’ type of question. Often the team may wish for example, to be informed about, or clarify their understanding of, a matter before deciding whether formal consultation is necessary. This dialogue is a normal part of the audit process. Whether such enquiry needs to be documented is a matter of judgement.

                                                                                    Who to consult

                                                                                    8.32 Appropriate consultation requires consulting with those having appropriate knowledge, seniority and experience within the ANAO or, where applicable, outside the ANAO on significant technical, ethical and other matters.

                                                                                    8.33 In addition to formal requirements to consult with the GED, Engagement Executives should, where appropriate, use the SEDs and GEDs as ‘sounding boards’ on matters arising on their audits. It will not be unusual for these interactions to result in a formal consultation in due course.

                                                                                    8.34 When consulting with an EQCR, both the engagement team and the EQCR should take care to maintain the EQCR’s objectivity so as not to compromise the EQCR’s ability to perform the role.

                                                                                    8.35 An important part of the role of PSRG is to provide expert advice on accounting and auditing issues, such as the items in sub-paragraphs 8.16 b) to f). The e-mail addresses PSRGAccounting@anao.gov.au and PSRGAudit@anao.gov.au should be used for sending e-mail queries.

                                                                                    Guidance on matters where consultation is required

                                                                                    8.36 Specific matters that require consultation include an apparent lack of corporate governance. A lack of governance may be revealed about only one major and readily apparent matter. For example, deliberate misapplication of appropriations. It may also be a series of single, but apparently unrelated events. For example, no Audit Committee meetings for an extended period, together with issues relating to trust moneys and other instances suggesting a lack of governance.

                                                                                    Documentation

                                                                                    8.37 Where consultation has occurred, the standards require audit documentation which enables a reviewer to understand, among other things, the significant matters that arose during the audit, the consultation and the conclusions reached thereon.

                                                                                    8.38 Accordingly, when an Engagement Executive concludes that it should consult on a matter, the team should prepare documentation setting out:

                                                                                    1. the matter or issue;
                                                                                    2. all relevant facts and circumstances, including significant aspects of the audit evidence obtained if relevant;
                                                                                    3. the client’s preliminary point of view and justification, where applicable;
                                                                                    4. the audit team’s preliminary point of view and justification; and
                                                                                    5. the analysis of accounting, auditing or other relevant literature, including implication(s) of the matter.

                                                                                      Engagement quality control review

                                                                                      Background

                                                                                      8.39 The professional accounting and auditing standards require internal policies and procedures which provide reasonable assurance that auditing engagements and other assurance reviews are conducted according to the relevant standards, ethical and legal requirements.

                                                                                      8.40 The ANAO’s QAF addresses these requirements by providing a system of quality control for the ANAO to have reasonable assurance that auditing staff are complying with the relevant professional standards, regulatory requirements and ANAO policies and procedures.

                                                                                      8.41 ASA 220, and ASQC1 require that an EQCR be appointed to audits of listed entities. ANAO policy extends this requirement to all high risk engagements.

                                                                                      Policy

                                                                                      8.42 An EQCR shall be assigned to:

                                                                                      1. all high risk engagements conducted by Performance Audit Services Group;
                                                                                      2. all high risk engagements conducted by Assurance Audit Services Group determined to require an EQCR in accordance with ANAO Audit Manual — AASG Specific, Engagement risk rating and public interest entity assessment;

                                                                                      3. all Assurance Audit Services Group engagements of listed entities or other public-interest entities; and
                                                                                      4. any other engagement at the discretion of the relevant GED, the Deputy Auditor-General or the Auditor-General.

                                                                                        8.43 The AASG GED shall consider assigning an EQCR to all financial audit engagements of outsourced material entities that transitions back in-house. This requirement applies to the transitional year only.

                                                                                        8.44 Exceptions to this policy require the approval of the Auditor-General.

                                                                                        Criteria for eligibility as a EQCR

                                                                                        8.45 The EQCR for an in-house audit shall be approved by the Auditor-General on recommendation from the GED, at the start of the audit cycle, or as soon as possible afterwards.

                                                                                        8.46 When recommending the appointment of an EQCR, the GED shall have regard to:

                                                                                        1. the technical qualifications required to perform the role, including the necessary experience and authority; and
                                                                                        2. any other considerations that may threaten the EQCR’s objectivity.

                                                                                          8.47 The EQCR shall at all times maintain their objectivity.

                                                                                          8.48 To maintain the EQCR’s objectivity, the EQCR shall not:

                                                                                          1. be involved in the decision making process on the audit; and
                                                                                          2. otherwise participate in the engagement during the period of the review.

                                                                                            8.49 If, during the engagement, it is determined that the EQCR’s objectivity may have become impaired, the GED shall recommend to the Auditor-General the appointment of a new EQCR to the audit.

                                                                                            Nature and extent of the quality review

                                                                                            8.50 The EQCR shall fulfil the responsibilities outlined in the Australian Auditing Standards or assigned to them by legislation.

                                                                                            8.51 For in-house appointments, the EQCR shall:

                                                                                            1. discuss significant matters with the Engagement Executive and Signing Officer (if applicable);
                                                                                            2. review the proposed audit report or financial report/statements (if applicable);
                                                                                            3. review selected engagement documentation relating to significant judgements the engagement team made and the conclusions it reached;
                                                                                            4. evaluate the conclusions reached in formulating the audit report and consider whether the proposed audit report is appropriate;
                                                                                            5. consider the Engagement Executive’s evaluation of independence about the specific audit engagement;
                                                                                            6. consider whether appropriate consultation has taken place on matters involving differences of opinion, or other difficult or contentious matters and the conclusions arising from those consultations; and
                                                                                            7. consider whether documentation reflects the work performed about significant judgements made and supports the conclusions reached.
                                                                                              Documentation

                                                                                              8.52 Before the issue of the audit report, an in-house EQCR shall document the review work done consistent with ANAO Auditing Standards and policy, including:

                                                                                              1. completing the applicable EQCR template at the planning and final stages of the audit; and
                                                                                              2. evidencing their review of the Signing Officer Review Memorandum (SORM) (when applicable).

                                                                                                Guidance

                                                                                                8.53 The EQCRs are usually appointed at the beginning of an audit. Appointments may be made later if circumstances on an audit change so that appointing an EQCR becomes appropriate.

                                                                                                8.54 The policy has scope for an EQCR to be appointed from outside the ANAO should the need arise. This includes the appointment of an EQCR by the ANAO contractor on a contracted out audit.

                                                                                                8.55 The AASG GED, at the start of each audit cycle, is responsible for determining whether an entity is a Public Interest Entity. Refer to Chapter 109 Engagement risk rating and Public Interest Entity assessment of the ANAO Audit Manual — AASG Specific for policy and guidance on assessing if an entity is, or is to be classified as, a Public Interest Entity.

                                                                                                8.56 The Engagement Executive may consult with the EQCR during the engagement, for example, to confirm that a judgement made by the Engagement Executive will be acceptable to the EQCR. Such consultation avoids identification of differences of opinion at a later stage of the engagement and need not compromise the EQCR’s eligibility to perform the role. Where the nature and extent of the consultations become significant the EQCR’s objectivity may be compromised unless care is taken by both the engagement team and the EQCR to maintain the EQCR’s objectivity. Where this is not possible, another individual may be appointed to take on the role of either the EQCR or the person to be consulted on the engagement.

                                                                                                8.57 Significant matters arising on an engagement should be considered by the Engagement Executive (and the Signing Officer if applicable), in consultation with the GED as appropriate, before consultation with the EQCR to minimise compromising the EQCR’s objectivity. Differences of opinion between the Engagement Executive (or the Signing Officer if applicable) and the EQCR should be dealt with consistent with the ANAO policy Differences of Opinion.

                                                                                                8.58 The extent of the review may depend on, among other things, the complexity of the engagement and the risk that the auditor’s report may not be appropriate in the circumstances. The review should be performed on a real time basis and completed before the issue of the auditor’s report. Where applicable, the EQCR should use the normal review mechanisms, so that the completed audit will reflect the effect of the review without recourse to review notes.

                                                                                                8.59 The EQCR is required to document the quality control review. The EQCR should record which audit documentation was examined and the procedures followed in conducting the review, so that an external reviewer of the audit file can determine the review work done. The review results should also be discussed with the audit team, and a brief written report, outlining work undertaken and the results, provided to the audit team.

                                                                                                8.60 Any issues raised by the EQCR must be addressed by the audit team. When providing the audit report to the GED, the audit team is required to indicate the action taken to address the issues raised by the review, and to advise of any issues or review comments not addressed.

                                                                                                8.61 In financial statement audits, to evaluate the significant judgements made by the team, the EQCR reviews and considers:

                                                                                                1. significant risks identified during the engagement and the responses to those risks including the engagement team’s assessment of, and response to, the risk of fraud;
                                                                                                2. judgements made, particularly those underlying the materiality assessment;
                                                                                                3. the significance and disposition of corrected and uncorrected misstatements identified during the audit; and
                                                                                                4. the matters to be communicated to management and those charged with governance, including the Audit Strategy, Closing Letter and Management Letters and any other communications highlighting significant findings from the audit, and, where applicable, communications to other parties such as regulatory bodies.

                                                                                                  8.62 In performance audits, to evaluate the decisions made by the audit team, the EQCR reviews and considers:

                                                                                                  1. whether there is sufficient audit evidence to support the key audit findings, and, by extrapolation, the audit conclusion;
                                                                                                  2. whether there is evidence that there has been an adequate review of the work of the audit team;
                                                                                                  3. whether there has been adequate consideration of comments/views received from the audited entity(s) and other stakeholders (where relevant);
                                                                                                  4. whether the audit addresses the audit objective, and there is a clear link between the audit objective and audit conclusion, and that the audit adequately addresses the audit criteria; and
                                                                                                  5. whether the audit recommendations address the cause of the significant issues identified by the audit, they are realistic and achievable, and they are understandable on their own.

                                                                                                    Differences of opinion in ANAO engagements

                                                                                                    Background

                                                                                                    8.63 Policies and procedures about differences of opinions are required by:

                                                                                                    • ASQC 1 Quality Control for Firms that Perform Audits and Reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Service Engagements; and
                                                                                                    • ASA 220 Quality Control for an Audit of a Financial Report and other Historical Information.

                                                                                                    Policy

                                                                                                    8.64 An auditor’s report shall not be issued if there is an unresolved significant difference of opinion within the ANAO.

                                                                                                    8.65 A difference of opinion within the engagement team shall be referred for advice to a more senior member of the team (including the Engagement Executive). If the difference of opinion involves the Engagement Executive, then it shall be referred to the GED.

                                                                                                    8.66 An unresolved difference of opinion occurring between any two or more of the following parties shall be referred to the Qualifications and Technical Advisory Committee, Deputy Auditor-General or Auditor-General as appropriate:

                                                                                                    1. the Engagement Executive;
                                                                                                    2. the Second Reviewer;
                                                                                                    3. the EQCR;
                                                                                                    4. an SED;
                                                                                                    5. an AASG or PASG GED; and
                                                                                                    6. the GED, PSRG.

                                                                                                      8.67 The Engagement Executive shall ensure conclusions reached regarding a difference of opinion are documented and implemented. The conclusions reached shall be communicated to the engagement team.

                                                                                                      8.68 For every difference of opinion the documentation required shall present the relevant facts and includes:

                                                                                                      1. the various professional considerations raised;
                                                                                                      2. the alternatives considered; and
                                                                                                      3. the conclusions reached.

                                                                                                        Guidance

                                                                                                        8.69 The ANAO promotes a culture of collaboration and consensus building which encourages and values critical thinking. Because auditing requires the use of professional judgement, differences of opinion can arise. A difference of opinion may be expressed without fear of reprisal. Engagement Executives should be actively involved in resolving accounting or auditing problems encountered by professional staff in the course of audit engagements.

                                                                                                        8.70 The audit engagement team comprises professionals with varying levels of experience and expertise, and differences in professional views between members may arise. These differences, particularly those involving personnel at senior levels, generally involve a high degree of professional judgement and technical accounting and auditing questions. Each professional staff member of the ANAO is expected to form their own conclusions and be responsible for ensuring that those views receive adequate consideration.

                                                                                                        8.71 This policy applies where differences of opinion arise about matters that (i) could cause financial statements to be misleading (ii) may impact on the audit conclusion of a performance audit or the audit review opinion or conclusion for an assurance review (iii) could cause us to modify the auditor’s report or (iv) could involve an apparent inconsistency in the reporting of a matter between AASG and PASG. Although differences over matters of this degree of significance are expected to be infrequent, they may arise in such areas as:

                                                                                                        1. selection and application of accounting principles or auditing standards;
                                                                                                        2. financial statement presentation and disclosure;
                                                                                                        3. nature, timing, and extent of auditing procedures;
                                                                                                        4. interpretation of authoritative pronouncements, both ANAO and professional; or
                                                                                                        5. circumstances resulting in a departure from the standard audit report.

                                                                                                          8.72 This policy provides a means to enable such differences being expressed and resolved.

                                                                                                          Role of the qualifications and technical advisory committee

                                                                                                          Policy

                                                                                                          The qualifications and technical advisory committee (QTAC)

                                                                                                          8.73 QTAC shall comprise for financial statements audit matters:

                                                                                                          1. DAG (Chair);
                                                                                                          2. GED – PSRG;
                                                                                                          3. GED – AASG;
                                                                                                          4. Engagement Executive responsible for CFS audit; and
                                                                                                          5. Additional on-going member appointed by the Chair.

                                                                                                            8.74 QTAC shall comprise, for performance and other audit matters:

                                                                                                            1. DAG (Chair);
                                                                                                            2. GED – PSRG;
                                                                                                            3. GED – AASG; and
                                                                                                            4. GED – PASG who is not the engagement GED.

                                                                                                              8.75 The Deputy Auditor-General is authorised by this policy to appoint additional members to the QTAC on an on-going or temporary basis.

                                                                                                              8.76 PSRG shall provide technical advice and secretariat services to QTAC. This responsibility includes:

                                                                                                              1. scheduling QTAC meetings;
                                                                                                              2. reviewing, collating and distributing meeting papers to QTAC members;
                                                                                                              3. preparing a PSRG position in respect of the issue and including in the QTAC papers;
                                                                                                              4. preparing minutes from the QTAC meetings, including the recommendation to the Auditor-General arising from the meeting, and sending to QTAC members for review and approval before issuing to the Auditor-General. These minutes shall record any dissenting views; and
                                                                                                              5. formally notifying the Engagement Executive of the outcome of QTAC discussions and the recommendation made to the Auditor-General.

                                                                                                                8.77 The following matters shall be referred to QTAC:

                                                                                                                1. Audit reports where the following are / were:
                                                                                                                  1. proposed for the current year;
                                                                                                                  2. considered in the current year but not proposed; or
                                                                                                                  3. reported in the previous year and not proposed in the current year:
                                                                                                                    • A modified opinion or conclusion (except for performance audits – refer 8.80) – this includes a qualified opinion, an adverse opinion or a disclaimer of opinion; and
                                                                                                                    • An emphasis of matter or other matter paragraph. This excludes emphasis of matter paragraphs required for special purpose reporting frameworks.
                                                                                                                2. Differences of opinion between the Engagement Executive and:
                                                                                                                  1. the PSRG GED;
                                                                                                                  2. the EQCR; or
                                                                                                                  3. a firm undertaking a contract out audit.
                                                                                                                3. Where any of the following events or conditions have been identified that cast significant doubt on the entity’s ability to continue as a going concern:
                                                                                                                  1. net liability or net current liability position;
                                                                                                                  2. inability to comply with the terms of loan agreements;
                                                                                                                  3. fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment;
                                                                                                                  4. indications of withdrawal of financial support by creditors;
                                                                                                                  5. negative operating cash flows indicated by historical or prospective financial report;
                                                                                                                  6. substantial operating losses or significant deterioration in the value of assets used to generate cash flows;
                                                                                                                  7. inability to pay creditors on due dates;
                                                                                                                  8. change from credit to cash-on-delivery transactions with suppliers;
                                                                                                                  9. inability to obtain financing for essential new product development or other essential investments;
                                                                                                                  10. management intentions to liquidate the entity or to cease operations;
                                                                                                                  11. loss of key management without replacement;
                                                                                                                  12. loss of a major market, key customer(s), franchise, licence, or principal supplier(s);
                                                                                                                  13. pending legal or regulatory proceedings against the entity that may, if successful, result in claims that the entity is unlikely to be able to satisfy;
                                                                                                                  14. changes in law or regulation or government policy expected to adversely affect the entity;
                                                                                                                  15. situations where government support is reduced or withdrawn, through privatisation, lack of funding or when policy decisions are made that affect the services provided by the entity; and
                                                                                                                  16. any other events that cast significant doubt on the entity’s ability to continue as a going concern.

                                                                                                                    Events or conditions that arise when a Commonwealth entity ceases are not captured by paragraph 8.77(c). For the going concern policy on ceasing Commonwealth entities refer to paragraphs 8.96 to 8.99.. QTAC consultation will be required for ceasing Commonwealth entities where the Engagement Executive or the PSRG determine it is necessary.
                                                                                                                4. Accounting or audit matters which are likely to attract significant parliamentary or public attention.
                                                                                                                5. Accounting or related matters that are material to the Commonwealth’s Consolidated Financial Statements where there is, or there is significant potential for, differing professional opinions.
                                                                                                                6. Proposal to not comply with an ANAO Auditing Standard or the ANAO Audit Manual policies.
                                                                                                                7. Where an Engagement Executive determines that a matter is appropriate to report as additional “important” information to the Minister under subsection 26(1) of the A-G Act.

                                                                                                                  8.78 The policy requirement 8.77(a) does not apply where a material prior year error has been corrected and adequately disclosed in the financial statements and the EE, GED and PSRG agree that an emphasis of matter paragraph is not necessary after consideration of all relevant factors outlined in ANAO Audit Manual — AASG Specific, Evaluating misstatements, paragraph 113.51.

                                                                                                                  8.79 The Auditor General may refer any other matter to QTAC for consideration. To enable consideration of whether a matter will be referred to QTAC, the Auditor-General shall be advised in a timely manner when the Engagement Executive becomes aware that a performance audit may fall into one of the following categories:

                                                                                                                  1. Audits where there are highly contentious findings or issues, or engagement risk has been elevated to high during the course of the audit;
                                                                                                                  2. Audits where the draft conclusion is:
                                                                                                                    1. adverse (for example, the conclusion against the objective is not effective, not value-for-money, not efficient);
                                                                                                                    2. disclaimed (for example, I have not been able to form a conclusion against the objective); or
                                                                                                                    3. qualified in respect of the majority of criteria (this would be a case where judgment is required to determine if the conclusion should be “except for” or “adverse”); or
                                                                                                                  3. Audits where a significant amount of judgement is required to determine the appropriate form of conclusion.

                                                                                                                    8.80 A formal submission to QTAC shall be prepared by the responsible Engagement Executive. The views of the EQCR or Second Reviewer, where appointed, shall also be included in the submission.

                                                                                                                    8.81 Submissions to the QTAC shall be provided to the Auditor-General by PSRG.

                                                                                                                    8.82 The Auditor-General shall be invited to attend the QTAC meeting and may do so at the Auditor-General’s discretion.

                                                                                                                    8.83 A quorum for a meeting/resolution is any four members (all members having been notified of the item for resolution). A member who has an interest in a matter under consideration must disclose that interest to the committee. If the Chair is unable to attend a meeting, they may nominate an alternative chair for the meeting.

                                                                                                                    8.84 When a matter has been considered by the QTAC, a memorandum shall be provided to the Auditor-General summarising the views and recommendations of the committee. The Auditor-General makes the final decision after considering the recommendations of the QTAC.

                                                                                                                    8.85 Where a QTAC referral results in a delay to the audit timeframes, the delay is to be agreed by the Auditor-General or DAG as part of the referral process.

                                                                                                                    8.86 Where the Engagement Executive or members of the committee dissent from the overall view of the committee, these views shall be including in the memorandum provided to the Auditor-General under paragraph 8.84.

                                                                                                                    Guidance

                                                                                                                    8.87 Situations will arise where Engagement Executives have to deal with difficult or contentious matters or unresolved differences of professional opinion. The QTAC is a mechanism providing for Engagement Executives to consult on certain difficult or contentious matters and, where necessary, for dealing with and resolving differences of opinion. PSRG provides guidance to Engagement Executives on the application of this policy.

                                                                                                                    Submission process

                                                                                                                    8.88 Engagement Executives are expected to provide their submissions for QTAC referral to PSRG allowing seven days’ notice to be given to members and allow time for PSRG to review the submission and schedule a QTAC meeting. The final QTAC submission is expected to be provided to QTAC members three days before the scheduled QTAC meeting. Engagement with the QTAC should occur as early as possible in the audit cycle. Potential issues should be flagged with PSRG and the GED when first identified.

                                                                                                                    8.89 In the case of performance audits and limited assurance reviews, where one or more of the circumstances in 8.79 exist, the Auditor-General is to be notified as soon as the relevant circumstance arises to allow for a decision to be made as to whether referral will be made to QTAC.

                                                                                                                    8.90 The QTAC process may be fast-tracked at the discretion of the Chair of the QTAC Committee.

                                                                                                                    8.91 Submissions to the QTAC should include only material that is relevant to the matter to be considered, including:

                                                                                                                    1. an outline of the matter;
                                                                                                                    2. details and analysis of relevant accounting or auditing standards impacted;
                                                                                                                    3. the Engagement Executive’s view as to the appropriate form of the audit report or resolution of the matter; and
                                                                                                                    4. any potential delays to the schedule of the audit arising from the QTAC process.

                                                                                                                      8.92 In the case of financial statements audits, a copy of the most recent draft of the financial statements is also to be included.

                                                                                                                      8.93 The QTAC meets on an as needed basis, with all the meetings being minuted. The QTAC may resolve matters out of session.

                                                                                                                      Matters to be referred to the QTAC

                                                                                                                      8.94 Sub-paragraphs 8.77 (d) & (e) above require accounting or related matters that are material to the CFS where there is, or there is significant potential for, differing professional opinions to be referred to the QTAC, as well as matters which are likely to attract significant parliamentary or public attention. Such matters may affect one or more Australian Government entities, may be raised by the Department of Finance, or may involve a different treatment under the rules for the preparation of Government Finance Statistics or the Australian Government Budget.

                                                                                                                      Going concern

                                                                                                                      8.95 In the public sector it is common for restructures of administrative arrangements to occur. This involves the reallocation or reorganisation of functions and responsibilities among government controlled entities. This can result in Commonwealth entities ceasing to exist or merging with other Commonwealth entities. The transfer of functions, merging and cessation of non-corporate Commonwealth entities with other non-corporate Commonwealth entities does not create Going Concern considerations as non-corporate Commonwealth entities form one legal entity that is the ‘Commonwealth’.

                                                                                                                      8.96 Corporate Commonwealth entities and Commonwealth companies and their subsidiaries are separate legal entities from the ‘Commonwealth’ and going concern risks can arise from situations where government support is reduced or withdrawn, through privatisation, lack of funding or when policy decisions are made that affect the services provided by the entity. If events or conditions are identified that cast significant doubt on the entity’s ability to continue as a going concern, the audit team is required to get sufficient appropriate audit evidence to determine whether a material uncertainty exists consistent with ASA 570. Audit teams are required to refer these situations to the QTAC to help them in concluding whether a material uncertainty exists. The conclusion made, in consultation with the QTAC, will have implications for the entity’s financial statements disclosures and our auditor’s report.

                                                                                                                      8.97 When a government decision is made to abolish a corporate Commonwealth entity and legislation is required to be passed to cease the entity, the entity is treated as a going concern until the legislation is enacted.

                                                                                                                      8.98 These principles were used to form the following ANAO position endorsed by the QTAC which is to be applied where a Commonwealth entity ceases, in consultation with PSRG. This approach does not apply to ceasing Commonwealth companies as specific circumstances of a ceasing Commonwealth company will drive a decision and a general approach cannot be applied.

                                                                                                                      Type of Commonwealth entity

                                                                                                                      Legislation is required to cease entity

                                                                                                                      C: Legislation NOT required to cease entity

                                                                                                                       

                                                                                                                      A: Not enacted

                                                                                                                      B: Enacted

                                                                                                                       

                                                                                                                      Non-corporate Commonwealth entity – any functions transfer to another non-corporate Commonwealth entity

                                                                                                                      Going Concern

                                                                                                                      (no Material Uncertainty paragraph )

                                                                                                                      Going Concern

                                                                                                                      (no Material Uncertainty paragraph)

                                                                                                                      Going Concern (no Material Uncertainty paragraph) [AAO changes]

                                                                                                                      Non-corporate Commonwealth entity – all other cases (e.g. all functions cease, functions transfer to a corporate Commonwealth entity or Commonwealth company)

                                                                                                                      Going Concern

                                                                                                                      (no Material Uncertainty paragraph)

                                                                                                                      Not Going Concern

                                                                                                                      (Material Uncertainty paragraph)

                                                                                                                      Not Going Concern (Material Uncertainty paragraph)

                                                                                                                      Corporate Commonwealth entity

                                                                                                                      Going Concern

                                                                                                                      (no Material Uncertainty paragraph)

                                                                                                                      Not Going Concern

                                                                                                                      (Material Uncertainty paragraph)

                                                                                                                      -

                                                                                                                             

                                                                                                                      8.99 Exceptional circumstances may arise in individual cases that require a treatment different to the position above. Engagement Executives, in consultation with PSRG, will need to assess if the approach can be sensibly applied in their individual circumstances. Where exceptional circumstances are apparent, the matter must be referred to QTAC for consideration. If management’s view does not accord with the audit view, consult with the responsible GED and PSRG in the first instance.

                                                                                                                      9. Documentation

                                                                                                                      Audit documentation

                                                                                                                      Background

                                                                                                                      9.1 Documentation requirements are set out in ASA 230, ASAE 3000 and ASAE 3500.

                                                                                                                      Policy

                                                                                                                      9.2 ANAO auditors and contractors shall comply with the documentation requirements of the ANAO auditing standards, policies and audit methodology.

                                                                                                                      9.3 Documentation shall be prepared which enables an experienced auditor with no connection to the audit to understand the nature, timing and extent of audit procedures, the results of audit procedures, audit evidence obtained, significant matters arising during the audit and conclusions reached.24

                                                                                                                      9.4 The work papers shall contain sufficient detail to enable re-performance of the testing and demonstrate an adequate basis for the documented conclusions.25

                                                                                                                      9.5 Work papers shall identify who performed the work and the date the work was completed as well as who reviewed the work and the date and extent of the review.26

                                                                                                                      9.6 The auditor shall document the overall audit strategy and the audit plan, including any significant changes made during the audit engagement.

                                                                                                                      9.7 Documentation of the planned approach to the audit, and any major changes to that planned approach, shall be reviewed by the Engagement Executive or Audit Manager before audit work commencing.

                                                                                                                      9.8 For financial statement audits, the Engagement Executive or the Audit Manager shall review and sign-off all procedure summaries in folder A ‘Understand and Plan the Audit’ of the relevant TeamMate library prior to commencement of the interim audit work.

                                                                                                                      9.9 Audit documentation shall be evidenced as reviewed before the date of the auditor’s report.

                                                                                                                      9.10 For performance audits, working papers shall contain the following specific documents:

                                                                                                                      1. planning documents, approvals, any variation(s) to the AWP;
                                                                                                                      2. evidence of briefing the ANAO Executive and entity management;
                                                                                                                      3. records to show the management of the audit budget, timelines, audit staff and contractor/experts; and
                                                                                                                      4. evidence of review and other quality control requirements, including the completed Audit Clearance Form – Policy Compliance Certification, Independence declarations and consideration of feedback from the entity.

                                                                                                                        9.11 For financial statements audits, files27 shall be complete and ready for finalisation by the earlier of 31 October or 60 days after the date of signing of the auditor’s report. Extensions beyond 31 October (up to a maximum of 60 days after the date of signing of the auditor’s report) shall be approved in writing by the GED, AASG. The consideration of approval shall have regard to the corporate need for timely completion of the Audit Inspection program required by APES 320 and the policy at paragraph 10.14. All files in the electronic file management system (E-Hive) that contain audit documentation, shall be closed and retained as formal records by the earlier of 31 October or 60 days after the date of signing of the auditor’s report.

                                                                                                                        9.12 For performance audit engagements28, and limited assurance reviews, after the tabling of the audit report, audit files and working papers shall be completed and finalised within ten working days. All files in the electronic file management system (E-Hive), including correspondence between entities and individuals outside the ANAO, shall be closed and retained as formal records.

                                                                                                                        9.13 For all other engagements files shall be complete and ready for finalisation within 60 days after the date of signing of the auditor’s report.

                                                                                                                        9.14 If, in exceptional circumstances, new or additional audit procedures are performed or new conclusions drawn after the date of the auditor’s report, the circumstances, procedures performed, evidence obtained and conclusions reached and their effect on the auditor’s report, as well as when and by whom the resulting changes to audit documentation were made and reviewed shall be documented.

                                                                                                                        9.15 In circumstances other than these where the auditor finds it necessary to modify existing documentation or add new documentation after the assembly of the final audit file, the specific reasons for making the modifications or additions and when and by whom they were made and reviewed shall be documented.

                                                                                                                        Guidance

                                                                                                                        Content and extent of audit documentation

                                                                                                                        9.16 Audit documentation is the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor has reached. The term ‘work papers’ is also used when referring to audit documentation. The extent of the audit documentation will be influenced by considerations such as the nature, size, complexity and risk of the auditee or engagement.

                                                                                                                        9.17 Audit file means one or more folders or other storage media, in physical or electronic form, containing records that comprise the audit documentation for a specific engagement. This includes audit documentation recoded on TeamMate and E-Hive.

                                                                                                                        9.18 In order for documentation to support the conclusions drawn and work performed a degree of detail is necessitated. For example, when completing risk assessment procedures under ASA 315 to get evidence about the design and implementation of internal controls the auditor may use enquiry, observation, inspection and tracing transactions. The standard notes that enquiry alone is not sufficient. To properly evidence that the auditor has complied with this requirement the documentation must include details of with whom discussions took place, what specifically was observed and what documents were inspected or traced to provide evidence that the control was implemented. Similarly when using analytical procedures it is not sufficient to conclude that a variance is immaterial without stating the basis on which the conclusion is drawn.

                                                                                                                        9.19 Audit documentation is to be recorded in the electronic working papers (TeamMate/E-Hive). In some circumstances, it is useful to have a file to record general background documentation on the client (e.g. policy manuals, budget papers, legislation). This information may be referred to as necessary during the audit, but any information on a file that needs to be documented for the purposes of the audit must be included in the official records (E-Hive).

                                                                                                                        9.20 TeamMate audit files shall reference the exact file location of audit documentation contained in E-hive. This can be achieved by inserting a functioning URL link into TeamMate to the audit documentation in E-hive or referencing audit documentation E-hive’s file and document numbers.

                                                                                                                        9.21 In the case of performance audits, the following should be documented:

                                                                                                                        1. the identifying characteristics of the specific items or matters being tested, for example, for an entity Business Plan, the year to which it refers and the date on which it was approved, and for minutes of meetings, the date of minutes of meetings and who approved them;
                                                                                                                        2. discussions of significant matters with entity management and other stakeholders;
                                                                                                                        3. the key judgments made and the rationale for these judgments;
                                                                                                                        4. how any contradictions or inconsistencies with the final conclusion drawn by the audit team on any significant matter(s) were addressed in forming that conclusion; and
                                                                                                                        5. any limitations to audit coverage, that is, in certain rare circumstances, where factors outside the audit team’s control prevent relevant audit work being undertaken, including access to relevant information, records or data. The limitations should be documented and consideration given to including details of the limitation to audit coverage in the audit report.
                                                                                                                          Planning

                                                                                                                          9.22 The ANAO audit methodology includes mandatory steps that ensure the planning requirements under the standards are met. Evidence of review by the Audit Manager and Engagement Executive, as appropriate, before the performance of further audit procedures provides assurance that the planning has reduced the audit risk to an acceptably low level and that the audit approach is efficient.

                                                                                                                          9.23 For financial statement audits, the Engagement Executive or the Audit Manager is required to sign-off procedure summaries in folder A ‘Understand and Plan the Audit’ of the relevant TeamMate library prior to commencement of the interim audit work. In some cases the Engagement Executive or the Audit Manager’s review procedures may identify deficiencies or areas for improvement in the planning procedures and documentation. In these cases, despite the existence of open review comments (coaching notes) on planning procedures, recording of the approval of these procedures in the file by the Engagement Executive or the Audit Manager, subject to subsequent timely resolution of individual open review comments, will satisfy the requirement of paragraph 9.8 if the recording of the approval is completed before the commencement of interim audit work.

                                                                                                                          9.24 The Engagement Executive retains overall responsibility for ensuring that open review points have been satisfactorily addressed before the completion of the audit. The Engagement Executive or the Audit Manager should not record approval of planning procedures if significant deficiencies exist which may cause doubt about the suitability of the planned overall audit approach. The Audit Manager or the Engagement Executive should not allow any interim audit work to commence until these matters are resolved.

                                                                                                                          9.25 Where there have been changes to the planned audit approach subsequent to commencement of the interim audit work, the Engagement Executive or the Audit Manager should ensure that the audit file accurately reflects the changes made to the audit approach.

                                                                                                                          Completion of the audit file

                                                                                                                          9.26 Work done after the date of the Auditor-General’s report should not involve the performance of new audit procedures or the drawing of new conclusions.

                                                                                                                          9.27 Work done to complete the audit file after the signing or tabling of the audit report should be of an administrative nature only, for example deleting superseded documentation, sorting, collating and cross referencing work papers, signing of checklists relating to the audit file assembly process. Audit documentation which has been superseded or is not relevant to the audit opinion or report must be removed from the audit file.

                                                                                                                          9.28 It is possible that before the audit report being signed or tabled the auditor has obtained evidence that is not yet fully documented in the audit file. To meet the requirement of the standard this evidence must be discussed and agreed with the relevant members of the audit team before the date of the audit report and evidence of this prior discussion and agreement must be included within the audit documentation. Completion of the audit file may result in a review date being recorded electronically in the audit file which is after the date of the audit report. To evidence compliance with the standards, it is important that the nature of post-signing or post-tabling audit work is described in the audit file.

                                                                                                                          9.29 A performance audit file should retain all audit evidence that informs the preparation of the audit report, supports the conclusions against the audit criteria, and any other evidence relevant to audit findings.

                                                                                                                          9.30 Instructions for the finalisation of TeamMate files are located on Audit Central.

                                                                                                                          9.31 Instructions for the finalisation of E-Hive files are located on Audit Central.

                                                                                                                          Management and retention of audit information

                                                                                                                          Background

                                                                                                                          9.32 ASQC 1 requires the ANAO to create policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility, retrievability and retention of engagement documentation.

                                                                                                                          9.33 This policy should be read with the legislative, regulatory requirements and policy on audit documentation, including the:

                                                                                                                          1. Archives Act 1983;
                                                                                                                          2. Procedure Security Policy (AGID); and
                                                                                                                          3. Information Security Manual (ASD).

                                                                                                                            Policy

                                                                                                                            9.34 ANAO staff and contractors shall make themselves familiar with and apply ANAO policies on records management and security.

                                                                                                                            9.35 TeamMate and E-Hive audit files shall be finalised consistent with the Audit Documentation policy.

                                                                                                                            9.36 Audit managers shall ensure that audit documentation is archived consistent with the ANAO’s Recordkeeping Framework.

                                                                                                                            Guidance

                                                                                                                            Records management and security

                                                                                                                            9.37 ANAO general record keeping and information management policies are the responsibility of the ANAO’s Chief Information Officer. These policies are available on Audit Central and include:

                                                                                                                            1. ANAO Recordkeeping Framework;
                                                                                                                            2. ANAO Records Authority;
                                                                                                                            3. ANAO Security Policy Manual; and
                                                                                                                            4. E-Hive policies and procedures.

                                                                                                                              9.38 Collectively, these policies are designed to meet the requirements of the Archives Act 1983, the Protective Security Policy Framework issued by the Attorney-General’s Department and the Information Security Manual issued by the Australian Signals Directorate.

                                                                                                                              9.39 ANAO staff and contractors should be aware particularly of those aspects of these policies that affect their daily work, including classification of information under National Security and Non-National Security regimes; and the holding, transmission or transporting of such information:

                                                                                                                              1. by Email;
                                                                                                                              2. in Electronic Working Papers (Team Mate / E-Hive);
                                                                                                                              3. on ANAO Standard Laptop and Desktop computers;
                                                                                                                              4. in physical storage;
                                                                                                                              5. on the ANAO Network; and
                                                                                                                              6. when physical and electronic classified documents are in use both within the ANAO premises and outside the Office.

                                                                                                                                9.40 Refer to Laptop & Mobile Device Security Policy on Audit Central for requirements on storage of ANAO’s laptops or devices when working outside of ANAO’s office.

                                                                                                                                External correspondence

                                                                                                                                9.41 External correspondence (both issued and received) must be maintained in E-Hive. External correspondence should be declared as a record in E-Hive. This includes confirmations received from third parties such as bank confirmations or solicitors representation letters.

                                                                                                                                Access to working papers

                                                                                                                                Background / legislative requirements

                                                                                                                                9.42 Subsection 36(1) of the A-G Act provides:

                                                                                                                                If a person has obtained information in the course of performing an Auditor-General function, the person must not disclose the information except in the course of performing an Auditor-General function or for the purpose of any Act that gives functions to the Auditor-General.

                                                                                                                                Penalty: Imprisonment for 2 years.

                                                                                                                                Note: Chapter 2 of the Criminal Code sets out the general principles of criminal responsibility.

                                                                                                                                Policy

                                                                                                                                9.43 Working papers (including audit evidence obtained from auditees) and associated audit documentation shall only be made available to ANAO staff and contractors on a ‘need to know’ basis. Where information about an audit is required for purposes other than an audit or a quality assurance review, the permission of the relevant Engagement Executive shall be obtained.

                                                                                                                                9.44 Requests by a court or tribunal for access to working papers shall be referred to the Auditor-General.

                                                                                                                                9.45 Should the need arise to provide working papers to a court or tribunal, ANAO Legal Services shall be consulted on the process to be followed.

                                                                                                                                9.46 Authorisation for the release of working papers to a third party or to the Parliament or its members shall be obtained from the Auditor-General.

                                                                                                                                Guidance

                                                                                                                                Access by ANAO staff and contractors

                                                                                                                                9.47 Officers with a need to know would generally be members of the audit team as well as other ANAO officers who become involved in the audit from time to time (e.g. members of PSRG who may be called on to provide technical advice, or staff undertaking quality assurance programs).

                                                                                                                                9.48 In the case of information with a national security classification, access would be restricted to members of the audit team with an appropriate security clearance.

                                                                                                                                Access by courts or tribunals

                                                                                                                                9.49 If courts or tribunal request access to audit working papers through a subpoena or discovery process, the Auditor-General may decide, on a case by case basis, to argue that subsection 36(1) of the A-G Act, relating to the confidentiality of information, prevents the ANAO from complying with a subpoena or a discovery process.

                                                                                                                                9.50 Parliamentary Privilege also attaches to the working papers of audits and such privilege could also prevent the release of audit working papers to courts or tribunals.

                                                                                                                                Access by third parties

                                                                                                                                9.51 Third parties include internal auditors, regulators, external auditors of joint venturers where ANAO audits the joint venture, advisors to prospective purchasers, investors or lenders to entities audited by the ANAO and successor auditors where ANAO auditees leave the Auditor-General’s mandate. Such third parties may request access to our working papers in order to evaluate the suitability of our work to be relied upon for their professional duties.

                                                                                                                                9.52 ANAO audit working papers are the property of the ANAO, including the audit work papers of contractors performing audit work on our behalf. Subject to law, the ANAO has the right to decline or restrict access to third parties.

                                                                                                                                9.53 In deciding on whether to release working papers to a third party, the implications of legal advice about the operation of subsection 36(1) of the A-G Act need to be considered.

                                                                                                                                9.54 If the Auditor-General has given permission for the release of working papers to a third party then before release the Engagement Executive will consider the guidance provided in the AUASB Guidance Statement GS 011 Third Party Access to Audit Working Papers.

                                                                                                                                9.55 General considerations to providing access to working papers to third parties should be given to:

                                                                                                                                1. client confidentiality;
                                                                                                                                2. client indemnity from any legal claims;
                                                                                                                                3. indemnities from third parties from any legal claims;
                                                                                                                                4. compliance with the ANAO Security Policy;
                                                                                                                                5. ANAO control over access to audit working papers;
                                                                                                                                6. whether the audit and working papers are complete; and
                                                                                                                                7. whether the working papers are subject to any legal professional privilege, which should not form part of the audit working papers released to third parties.

                                                                                                                                  9.56 All conditions, scopes and indemnities should be obtained in writing from all parties before the release of any working papers to third parties. Example letters are contained within AUASB GS 011.

                                                                                                                                  Access to our working papers by the Parliament

                                                                                                                                  9.57 As the primary users of the ANAO’s audit reports it is usual practice for the Auditor-General and other ANAO officials to attend parliamentary committees including the JCPAA to give evidence about the conduct of our work. In that context the evidence provided by the ANAO is normally specifically drawn out of the audit report or is contextual factual information that supports the interpretation of information provided in the auditor’s report.

                                                                                                                                  9.58 Members of the Parliament or its committees may request that the ANAO provide documents obtained during the auditing process that have not been included in the ANAO’s performance audit report.

                                                                                                                                  9.59 The Auditor-General considers that it is generally not in the public interest that audit evidence not included in the performance audit report should be provided in response to such requests for a number of reasons, including:

                                                                                                                                  1. The A-G Act and APES110 impose obligations and principles of confidentiality on our work;
                                                                                                                                  2. The Auditor-General and the ANAO are exempt from the Freedom of Information Act 1982 to stop the ANAO being an alternate option for documents that should be more properly requested from the document owner;
                                                                                                                                  3. Providing such information outside of the established report preparation papers and section 19 processes may circumvent ANAO’s natural justice obligations and the operation of the Attorney-General’s authority to require removal of information that is contrary to the public interest to include in a public report.

                                                                                                                                    9.60 Under our auditing framework, audited entities and others can trust that the Auditor-General and the ANAO will treat them fairly and will protect the confidentiality of specific items of audit evidence. The Auditor-General considers that it would be contrary to the public interest if the ANAO is frustrated in its ability to obtain information from auditees and report to Parliament. Audited entities may perceive a risk that they could lose control of specific items of audit evidence provided to the ANAO because the Auditor-General may release that information outside of an audit report.

                                                                                                                                    9.61 Because of these considerations, audit evidence obtained from entities should not be provided to the Parliament outside of the normal audit reporting processes unless approved by the Auditor-General.

                                                                                                                                    Copies of report preparation papers and section 19 proposed reports

                                                                                                                                    9.62 ANAO papers created for the purposes of preparing a proposed report under section 19 and proposed reports issued under section 19 of the A-G Act are subject to the confidentiality obligation in subsection 36(3) of the A-G Act. Subsection 36(3) applies very broadly and a person commits an offence if they receive any report or extract created for the purposes of preparing a proposed report under section 19 (including report preparation papers and ANAO working papers) or a proposed report or extract under section 19 of the A-G Act and they disclose any information in the report or extract. The penalty for an offence against subsection 36(3) is imprisonment for two years.

                                                                                                                                    9.63 Subsection 36(4) provides that the Auditor-General may consent to a disclosure. Accountable Authorities wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants and Ministers, must seek the consent of the Auditor-General. The Auditor-General has delegated to the Deputy Auditor-General the power to consent to disclosure of information under subsection 36(4).

                                                                                                                                    9.64 The Auditor-General has agreed that the Accountable Authorities of entities may decide to disclose, on a confidential basis, relevant papers (including report preparation papers and proposed reports provided under section 19) to entity officials as well as members of the entity’s audit committee. The consent to provide relevant papers to entity officials was given to allow Accountable Authorities discretion to determine which of their officials require access to papers, provided that the confidentiality of the papers is maintained. The consent to provide relevant papers to members of the entity’s audit committee was given to allow Accountable Authorities to use their audit committee to monitor entity risks and the implementation of any changes proposed in audit reports

                                                                                                                                    9.65 Accountable Authorities wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants and Ministers, must seek the consent of the Auditor-General as required by section 2.17 of this Manual.

                                                                                                                                    9.66 Where a relevant paper is addressed to an officer of an entity, instead of an Accountable Authority, the Auditor-General has agreed that the officer to whom the paper has been addressed may decide to disclose, on a confidential basis, that paper to relevant officers of the entity or members of the entity’s audit committee.

                                                                                                                                    9.67 Entities may, of course, provide those persons with information such as the objectives and criteria of an audit (which are published on the ANAO’s website) and factual material on the audit process, such as what stage an audit is at (consistent with what is published on the ANAO’s website).

                                                                                                                                    Use of TeamMate

                                                                                                                                    Background

                                                                                                                                    9.68 The respective AASG and PASG TeamMate library files are the ANAO audit methodology for financial statements and performance audits. The AASG TeamMate library file is released each financial year and contains mandatory procedures addressing auditing standards requirements and ANAO Audit Manual – AASG Specific policy. The PASG TeamMate library file is released as required and contains mandatory procedures addressing performance assurance standards requirements and ANAO Audit Manual – PASG Specific policy.

                                                                                                                                    9.69 The use of TeamMate and the library file is a vital element in assuring the responsible GEDs and the ANAO Executive that the ANAO’s audits comply with the ANAO Auditing Standards, ANAO Audit Manual policies, and other requirements while also promoting consistency in the quality of engagement performance.

                                                                                                                                    Policy

                                                                                                                                    9.70 TeamMate shall be used to document all financial statements audit, performance audits and other assurance engagements unless prior approval to use an alternative has been given by the responsible GED to an engagement team29.

                                                                                                                                    9.71 The relevant TeamMate library file shall be used for all audits (or parts thereof) including audits that are undertaken under project-management arrangements. Where an engagement has been approved to be documented outside of TeamMate, the Engagement Executive shall ensure that all relevant procedures from the TeamMate library file have been conducted.

                                                                                                                                    9.72 Where an audit team rolls over a previous year’s TeamMate file to document the current year’s financial statement audit, the Engagement Executive shall ensure that the rolled over TeamMate file meets the requirements of the current year’s TeamMate library file by having regard to the documentation released by PSRG annually when the updated TeamMate library file is released.

                                                                                                                                    9.73 A separate TeamMate file shall be created for each engagement, except where the use of a file for multiple assurance reports is approved by the responsible GED, taking into consideration: the planned signing date of each opinion or conclusion; the consistency of audit approach; and the ability to get sufficient appropriate audit evidence for both engagements.

                                                                                                                                    9.74 All procedure summaries in the relevant TeamMate library file are mandatory and shall be completed for all financial statements or performance audits. The audit procedure steps under the heading ‘Audit Procedures’ of each procedure summary shall be completed. Where a procedure summary or audit procedure step is not relevant to the audit, the team shall document that it is not relevant and shall not delete it.

                                                                                                                                    9.75 The procedure summaries indicate if an attached TeamMate template is mandatory, conditional or optional. Conditional templates are required to be downloaded from TeamStore or obtained from Audit Central and completed where the engagement meets the condition. The format of mandatory and conditional TeamMate templates is required to be maintained and shall not be amended without written approval from the responsible GED.

                                                                                                                                    Guidance

                                                                                                                                    9.76 The ‘Guidance’ in each procedure summary is not mandatory, but is intended to help in the completion of mandatory steps.

                                                                                                                                    9.77 The TeamMate library file is not intended to include all ANAO Audit Manual – AASG or PASG Specific policy requirements in the procedure summaries. However, where they are included they are identified by reference to the specific policy.

                                                                                                                                    9.78 The TeamMate library file can be adapted for use on other assurance engagements, considering the applicable ANAO Auditing Standards and ANAO Audit Manual policy.

                                                                                                                                    9.79 In some cases, the ANAO conducts an audit or assurance engagement for an auditee in addition to the financial statements audit, such as an audit of reports prepared consistent with special purpose frameworks or single financial statements (grant acquittals). It is expected that a separate file is created for these additional engagements due to:

                                                                                                                                    1. the difference in timing of the engagements and the impact on finalising each audit file as required by ANAO Audit Manual - Shared Content, paragraph 9.10;
                                                                                                                                    2. the difference in audit approach, including setting of materiality parameters; and
                                                                                                                                    3. the different levels of sufficient and appropriate audit evidence required for each engagement.

                                                                                                                                      9.80 Where documentation from the financial statements audit file is relevant to the additional engagement(s), it is acceptable for the same audit team to cross reference documentation of work performed in the financial statements audit file on the basis there has been appropriate review of the work for the purposes of the additional engagement.

                                                                                                                                      9.81 The scope of performance audits may change significantly during the course of the audit due to amendments to the audit criteria, the addition or removal of audited entities or other events. Performance audit teams should consider the impact in the change of scope to audit procedures and templates already completed in the TeamMate file. For example, a change in criteria approved by the Auditor-General may mean that the Audit Test Plan is no longer complete or may require additional involvement by SADA specialists requiring an update to the SADA engagement procedures. Depending upon the nature of the change in scope, performance audit teams may consider directly updating the affected parts of the TeamMate file or alternatively preparing an overarching working paper summarising the necessary changes to the previously completed aspects of the audit.

                                                                                                                                      9.82 The Auditor-General may decide to divide a performance audit into parts that report separately, creating multiple performance audits. Performance audit engagement teams may consider requesting approval from the responsible GED to allow both audits to be completed in a single TeamMate file. This approach may promote efficient audit documentation by avoiding the need to repeat documentation of procedures that are common to both audits, however where the multiple performance audits will not be tabled in the Parliament at the same time the audit team should consider whether this approach will prevent compliance with the archiving requirements.

                                                                                                                                      9.83 Applying to financial reporting periods commencing on or after 1 July 2019, the audit team should use the relevant TeamMate library file to document the project-managed financial statement audit unless the relevant TeamMate library file was unavailable prior to commencement of the project-managed audit. In this situation, the audit team should use the EEPIR template to document the project-managed financial statement audit.

                                                                                                                                      9.84 The audit team should ensure that procedure summaries and templates contained in the rolled over TeamMate library file are meet the requirements of the the current audit cycle’s TeamMate library file.

                                                                                                                                      10. Monitoring quality control policies and procedures

                                                                                                                                      Monitoring– inspection of ANAO assurance products

                                                                                                                                      Policy

                                                                                                                                      10.1 The Deputy Auditor-General has overall responsibility for the quality assurance review program of AASG and PASG assurance products (QARP). The results and conclusions of the QA Review are reported to EBOM.

                                                                                                                                      10.2 The objectives of the QARP is to form an opinion on whether each engagement file inspected:

                                                                                                                                      1. complies with the A-G Act, professional requirements, auditing standards and other legal and regulatory requirements;
                                                                                                                                      2. complies with the ANAO’s policies and procedures, including quality control; and
                                                                                                                                      3. evidences sufficient and appropriate assurance procedures to support conclusions reached.

                                                                                                                                        10.3 The GED PSRG has responsibility for the design, conduct and reporting of the QARP.

                                                                                                                                        10.4 An annual QARP program for each service group, designed consistent with this policy, shall be provided to the Deputy Auditor-General for approval.

                                                                                                                                        10.5 The annual QARP for each service group may be designed and approved in multiple phases throughout the year. Where this is the case the PSRG GED is responsible for ensuring that those stages taken collectively address at least the minimum requirements of this policy.

                                                                                                                                        10.6 The annual QARP for AASG includes:

                                                                                                                                        1. quality assurance review (QAR) of at least one in-house assurance engagement for each Engagement Executive over a three-year cycle; and
                                                                                                                                        2. QAR of at least one project managed assurance engagement for each firm engaged by the ANAO to conduct project managed assurance engagements every three years.

                                                                                                                                          10.7 For the purposes of paragraph 10.6 a QAR may be any one of the following:

                                                                                                                                          1. inspection by ANAO staff or contractors of completed engagement files according to an approach approved by the PSRG GED;
                                                                                                                                          2. inspection by ANAO staff or contractors of in-process engagement files according to an approach approved by the PSRG GED; or
                                                                                                                                          3. inspection by the Australian Securities and Investments Commission (ASIC) of completed engagement files in accordance with ASIC’s methodology.

                                                                                                                                            10.8 Despite paragraph 10.7(b) each Engagement Executive must have at least one completed engagement file inspected every six years. The annual QARP for PASG includes at least one completed engagement for each Engagement Executive over a three year cycle.

                                                                                                                                            10.9 In addition, the annual QARPs for AASG and PASG may include:

                                                                                                                                            1. the selection of one or more audits conducted under section 20 of the A-G Act (‘audits by arrangement’);
                                                                                                                                            2. special monitoring programs, including across the board inspections that look at specific aspects of auditing or professional standards, regulatory or legal requirements or the ANAO methodology;
                                                                                                                                            3. the selection of some engagements without prior notification to the engagement team.

                                                                                                                                              10.10 When selecting audits for inspection, considerations shall include:

                                                                                                                                              1. the level of engagement risk;
                                                                                                                                              2. seniority and experience of staff conducting the engagement;
                                                                                                                                              3. findings from previous inspections and other indicators of potential audit quality deficiencies;
                                                                                                                                              4. coverage of audit partners within firms for project-managed audit reviews; and
                                                                                                                                              5. coverage of Engagement Executives for project-managed audit reviews.

                                                                                                                                                10.11 Inspections of audits shall be conducted and supervised by suitably qualified individuals who have not been a member of the audit team or performed an engagement quality review on the audit.

                                                                                                                                                10.12 All matters raised during the QAR shall be discussed with the relevant Engagement Executive and evaluated as to their significance. At the conclusion of the process, a written summary of the matters arising from the QAR shall be provided to the Engagement Executive for written comments and formal acknowledgement

                                                                                                                                                10.13 The results of the QARP will be advised to the responsible AASG or PASG GED before reporting to EBOM. PSRG, in discussion with the responsible GED, will evaluate the findings of the QARP and conclude whether the deficiencies found, if any, are one-off occurrences or indicative of systemic, repetitive deficiencies. The GED, in consultation with PSRG, will determine what corrective action (if any) is required. Any recommendations for corrective action or improvements to practices will be provided in a report to EBOM for endorsement.

                                                                                                                                                10.14 Where a QAR of an individual engagement indicates that an inappropriate audit report may have been issued or that procedures were omitted such that sufficient and appropriate evidence may not have been obtained on a material item, the responsible GED shall consult with PSRG to determine what further corrective action is necessary. The matter shall then be advised to the Deputy Auditor-General and the Auditor-General.

                                                                                                                                                10.15 Where a serious deficiency or extensive significant deficiencies are found in an engagement, PSRG will consider whether the Engagement Executive responsible should be reviewed again the following year.

                                                                                                                                                10.16 Responsibility for the implementation of recommendations from the QARP process shall be agreed between the GED PSRG and the relevant GED. The Quality committee is responsible for monitoring the implementation of recommendations.

                                                                                                                                                10.17 Results of the QARP shall be communicated to all audit staff in a timely manner The Engagement Executive is responsible for ensuring that the detailed results of the QARP at the individual audit level are communicated to the engagement team.

                                                                                                                                                10.18 The results of each review shall be considered by supervisors in applying the ANAO Performance Assessment Scheme.

                                                                                                                                                Guidance

                                                                                                                                                10.19 The monitoring process, including the inspection and evaluation of completed audits, is an important component of the QAF. The QAF comprises the ANAO’s policies and procedures designed to provide reasonable assurance that, in the conduct of assurance engagements, applicable auditing and professional standards and legal and regulatory requirements are met and the audit report issued is appropriate in the circumstances.

                                                                                                                                                10.20 The scope of the QARP encompasses all aspects of the audit or engagement process. The program is designed to contribute to continuous improvement by creating the opportunity for audit teams and the ANAO to learn from experience. Each audit team is expected to consider whether their audit is impacted by communicated findings and to adopt appropriate responses.

                                                                                                                                                10.21 The QARP will be conducted using a test program which is designed to provide assurance for each engagement reviewed, that the audit has been conducted in accordance with the ANAO auditing standards and ANAO policies and procedures.

                                                                                                                                                10.22 An audit may involve arrangements to rely on work conducted by another ANAO auditor as provided for in auditing standards ASA 402, ASA 600 and ASAE 3500. In such cases, the file review may also include review of relevant work conducted on the other audit.

                                                                                                                                                10.23 When evaluating whether an audit has complied with a specific requirement as set out in the test program, the reviewer will indicate either that the audit complies or does not comply. Where file reviews are conducted by ASIC, ASIC’s rating system will be used. For all other reviews, if the audit does not comply, the finding will be rated consistent with the following system for rating audit files and individual findings. Overall audit file rating:

                                                                                                                                                Rating

                                                                                                                                                Abbreviation

                                                                                                                                                Description

                                                                                                                                                Satisfactory

                                                                                                                                                S

                                                                                                                                                Not unsatisfactory

                                                                                                                                                Unsatisfactory

                                                                                                                                                USat

                                                                                                                                                As a result of a significant finding or multiple moderate findings:

                                                                                                                                                1. An inappropriate conclusion has been issued under the circumstances; or
                                                                                                                                                2. A conclusion was issued for which there was no reasonable basis, or for which the documentation did not support the conclusion that was issued.
                                                                                                                                                     

                                                                                                                                                Individual findings rating:

                                                                                                                                                Rating

                                                                                                                                                Description

                                                                                                                                                A. Significant

                                                                                                                                                These findings pose a high risk to the ANAO’s reputation (including its independence, objectivity, and professionalism). Finding in respect of a material balance, transaction or disclosure (financial audits) or material element of the subject matter (performance audits) resulting in a determination that:

                                                                                                                                                • an inappropriate conclusion has been issued under the circumstances; or
                                                                                                                                                • a conclusion was issued for which there was no reasonable basis, or for which the documentation did not support the conclusion that was issued.

                                                                                                                                                B. Moderate

                                                                                                                                                These findings pose a moderate risk to the ANAO’s reputation (including its independence, objectivity, and professionalism).

                                                                                                                                                • Finding in respect of a significant balance, transaction or disclosure (financial audits) or significant element of the subject matter (performance audits) which is categorised as:
                                                                                                                                                  1. Not fully performing or documenting significant mandatory audit procedures
                                                                                                                                                  2. Planned procedures have not been performed or do not adequately address relevant assertion or criteria
                                                                                                                                                  3. Failing to identify, adequately assess or respond to a significant risk
                                                                                                                                                  4. Reliance placed on internal controls without adequate testing
                                                                                                                                                  5. Reliance placed on documents or reports of the auditee without testing the completeness and reliability of those documents and reports;
                                                                                                                                                • Independence standards have not been complied with
                                                                                                                                                • Other ANAO policies relevant to the engagement have not been complied with

                                                                                                                                                C. Minor

                                                                                                                                                These findings pose a low risk to the ANAO’s reputation (including its independence, objectivity, and professionalism). Non-compliance with ANAO Auditing Standards, ANAO audit methodology or other ANAO policies which is not categorised as A. or B. above.

                                                                                                                                                   

                                                                                                                                                Complaints and allegations

                                                                                                                                                Background

                                                                                                                                                10.24 During the course of ANAO work, complaints and allegations may be made from time to time. Many of these are dealt with through the ANAO’s normal management and communication channels. This policy deals with the formal management of any complaints or allegations that the work performed by the ANAO does not comply with applicable standards, requirements, systems of quality control or independence policies.

                                                                                                                                                Policy

                                                                                                                                                10.25 Complaints and allegations made by ANAO personnel shall be handled consistent with the ANAO’s Principal Officer’s Procedures for managing disclosable conduct under the Public Interest Disclosure Scheme – ANAO Principal Officer’s Procedures.

                                                                                                                                                10.26 Formal complaints and allegations from external parties, including entities and ANAO contractors, about any of the matters listed at paragraph 5 of the Principal Officer’s Procedures, in the above link, shall be referred promptly to a GED or SED not involved in the audit. Where the matter is not resolved to the satisfaction of the complainant by the responsible GED, or where a formal complaint and allegation involves a GED, the complaint shall be referred to the Deputy Auditor-General.

                                                                                                                                                10.27 A confidential record of all formal complaints and allegations and their resolution shall be kept.

                                                                                                                                                10.28 If during the investigations into complaints and allegations, deficiencies in the design or operation of the ANAO’s quality control policies and procedures or non-compliance with the ANAO’s system of quality control by an individual or individuals are identified, remedial actions shall include, as appropriate, one or more of the following:

                                                                                                                                                1. taking appropriate remedial action about an individual engagement or member of personnel;
                                                                                                                                                2. the communication of the findings, via the Quality Committee, to EBOM Learning and Development Committee;
                                                                                                                                                3. changes to the quality control policies and procedures; or
                                                                                                                                                4. disciplinary action against those who fail to comply with the policies and procedures of the ANAO, especially those who do so repeatedly.

                                                                                                                                                  Guidance

                                                                                                                                                  10.29 Under the Public Interest Disclosure Scheme, the identity of the person making the disclosure will remain confidential as far as practicable. It is a criminal offence to take or threaten to take a reprisal, such as discriminatory treatment, termination of employment or injury, against someone because they make a disclosure.

                                                                                                                                                  Fraud and related matters in the conduct of audits

                                                                                                                                                  Background

                                                                                                                                                  10.30 This policy deals with the formal management of reporting any potential fraud or other wrongdoing identified during the conduct of an audit.

                                                                                                                                                  10.31 Australian Auditing Standard ASA 240 provides requirements for dealing with fraud or potential fraud in a financial statement audit. These requirements can also be applied to other types of assurance engagement, including performance audits30.

                                                                                                                                                  Policy

                                                                                                                                                  10.32 On becoming aware of a potential fraud or other wrongdoing, the audit team shall report the matter, as soon as possible and in accordance with the fraud reporting procedures outlined in the ANAO Fraud Control Plan 2019-20, to the responsible Engagement Executive so that a decision can be made on the appropriate course of action to be taken. Judgments about how to proceed will be made on a case by case basis, with the following considerations applying:

                                                                                                                                                  1. The ANAO has a responsibility under the auditing standards to communicate to the entity concerned any material instances of deficiencies in systems or controls identified by an audit.
                                                                                                                                                  2. Audit teams shall not conduct an investigation into instances of potential fraud or other wrongdoing, unless requested to do so by the Auditor-General.

                                                                                                                                                    10.33 The Auditor-General may consider whether it is appropriate to refer a matter to the Commissioner of the Australian Federal Police according to subsection 36(2) of the A-G Act. The Auditor-General must be satisfied it is in the public interest to take this course of action.

                                                                                                                                                    10.34 The audit file shall document all instances of fraud and potential fraud of which the audit team is made aware and the management decisions taken in regards to it, including: what was decided; by whom; and the reasons for the decisions.

                                                                                                                                                    Guidance

                                                                                                                                                    10.35 From time to time audit teams may become aware of, or identify potential fraud or other wrongdoing. Audit teams may also receive allegations of such a nature, sometimes anonymously, from members of the public via correspondence or electronically through email, or the citizens’ contribution facility. In such circumstances it is important that the actions of the audit team do not inadvertently affect any future investigation by the entity or other body of the potential fraud or wrongdoing. The audit team should retain original copies of relevant documents, which may assist any future investigations, when they become aware of, or identify potential fraud or wrongdoing. Such original documents should be retained, in the relevant E-hive file, regardless of whether the ANAO Auditing Standards require retention of such documents.

                                                                                                                                                    10.36 All ANAO staff or contractors who become aware of a potential fraudulent activity should refer to the ANAO Fraud Control Plan 2019-20 for additional guidance.

                                                                                                                                                    Glossary and footnotes

                                                                                                                                                    Glossary

                                                                                                                                                    The Manual

                                                                                                                                                    The Australian National Audit Office Audit Manual

                                                                                                                                                    AASG

                                                                                                                                                    Assurance and Audit Services Group

                                                                                                                                                    ANAO

                                                                                                                                                    Australian National Audit Office

                                                                                                                                                    A-G Act

                                                                                                                                                    Auditor-General Act 1997 (Cth)

                                                                                                                                                    AGID

                                                                                                                                                    Aging Integrated Database (Procedure Security Policy)

                                                                                                                                                    AGS

                                                                                                                                                    Australian Government Solicitors

                                                                                                                                                    APES 110

                                                                                                                                                    Code of Ethics for Professional Accountants

                                                                                                                                                    APES 320

                                                                                                                                                    Quality Control for Firms

                                                                                                                                                    APP

                                                                                                                                                    Australian Privacy Principle

                                                                                                                                                    APRA

                                                                                                                                                    Australian Prudential Regulatory Authority

                                                                                                                                                    APS

                                                                                                                                                    Australian Public Service

                                                                                                                                                    ASA

                                                                                                                                                    Australian Auditing Standard

                                                                                                                                                    ASA 102

                                                                                                                                                    Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements

                                                                                                                                                    ASA 210

                                                                                                                                                    Agreeing the Terms of Audit Engagements

                                                                                                                                                    ASA 220

                                                                                                                                                    Quality Control for an Audit of a Financial Report and Other Historical Financial Information

                                                                                                                                                    ASA 240

                                                                                                                                                    The Auditor's Responsibilities Relating to Fraud in an Audit of a Financial Report

                                                                                                                                                    ASA 260

                                                                                                                                                    Communication with Those Charged with Governance

                                                                                                                                                    ASA 315

                                                                                                                                                    Identifying and Assessing the Risks of Material Misstatement through Understanding the Entity and Its Environment

                                                                                                                                                    ASA 320

                                                                                                                                                    Materiality in Planning and Performing an Audit

                                                                                                                                                    ASA 402

                                                                                                                                                    Audit Considerations Relating to an Entity Using a Service Organisation

                                                                                                                                                    ASA 570

                                                                                                                                                    Going Concern

                                                                                                                                                    ASA 600

                                                                                                                                                    Special Considerations – Audits of a Group Financial Report

                                                                                                                                                    ASAE 3000

                                                                                                                                                    Assurance Engagements Other than Audits or reviews of Historical Financial Information

                                                                                                                                                    ASAE 3500

                                                                                                                                                    Performance Engagements

                                                                                                                                                    ASD

                                                                                                                                                    Audit Strategy Document

                                                                                                                                                    ASRE 2410

                                                                                                                                                    Review of a Financial Report Performed by the Independent Auditor of the Entity

                                                                                                                                                    ASQC 1

                                                                                                                                                    Quality Control for Firms that Perform Audits and reviews of Financial Reports and Other Financial Information, Other Assurance Engagements and Related Services Engagements

                                                                                                                                                    ASIC

                                                                                                                                                    Australian Securities and Investments Commission

                                                                                                                                                    AWP

                                                                                                                                                    Audit Work Plan

                                                                                                                                                    AUASB

                                                                                                                                                    Australian Auditing Standards Board

                                                                                                                                                    AUASB Guidance Statement GS 011

                                                                                                                                                    Third Party Access to Audit Working Papers

                                                                                                                                                    CMG

                                                                                                                                                    Corporate Management Group

                                                                                                                                                    Corporations Act

                                                                                                                                                    Corporations Act 2001 (Cth)

                                                                                                                                                    CPD

                                                                                                                                                    Continued Professional Development

                                                                                                                                                    DAG

                                                                                                                                                    Deputy Auditor-General

                                                                                                                                                    EBOM

                                                                                                                                                    Executive Board of Management

                                                                                                                                                    EQCR

                                                                                                                                                    Engagement Quality Control Review

                                                                                                                                                    GBE

                                                                                                                                                    Government Business Entity

                                                                                                                                                    GED

                                                                                                                                                    Group Executive Director

                                                                                                                                                    IAP

                                                                                                                                                    Inspection of AASG/PASG Assurance Products

                                                                                                                                                    JCPAA

                                                                                                                                                    Joint Committee of Public Accounts and Audit

                                                                                                                                                    PASG

                                                                                                                                                    Performance Audit Services Group

                                                                                                                                                    PGPA Act

                                                                                                                                                    Public Governance, Performance and Accountability Act 2013 (Cth)

                                                                                                                                                    PID Act

                                                                                                                                                    Public Interest Disclosure Act 2013 (Cth)

                                                                                                                                                    PSRG

                                                                                                                                                    Professional Services and Relationships Group

                                                                                                                                                    QAF

                                                                                                                                                    Quality Assurance Framework

                                                                                                                                                    QARP

                                                                                                                                                    Quality Assurance Review Program

                                                                                                                                                    QTAC

                                                                                                                                                    Qualifications and Technical Advisory Committee

                                                                                                                                                    RG

                                                                                                                                                    Regulatory Guidance

                                                                                                                                                    SADA

                                                                                                                                                    Systems Assurance and Data Analytics

                                                                                                                                                    SED

                                                                                                                                                    Senior Executive Director

                                                                                                                                                    SES

                                                                                                                                                    Senior Executive Service

                                                                                                                                                    SO

                                                                                                                                                    Signing Officer

                                                                                                                                                    TCWG

                                                                                                                                                    Those Charged with Governance

                                                                                                                                                       

                                                                                                                                                    Footnotes

                                                                                                                                                    1 The roles and responsibilities of an Engagement Executive are set out, for AASG in Financial Statement and other Historical Financial Information Assurance Engagements-General, policy 60.1, for PASG in Engagement Performance-General, paragraph 13.2.

                                                                                                                                                    2 Records that are obtained from entities or other parties do not attract Parliamentary privilege.

                                                                                                                                                    3 Section 55 of the A-G Act provides that the Commonwealth must indemnify a person for any liability that the person incurs for an act or omission of the person in the course of performing an Auditor-General function. The indemnity does not apply if the liability arose from an act or omission in bad faith. The indemnity does not cover a liability of a person who is indemnified by a person other than the Commonwealth. This may be under a contract of insurance or otherwise.

                                                                                                                                                    4 Refer to the Auditor-General Bill 1996, Explanatory Memorandum, paragraphs 25-26.

                                                                                                                                                    5 Those assurance reviews designated by the JCPAA as priority assurance reviews under section 19A(5) of the A-G Act are required to be tabled in the Parliament under section 19A(6) of the A-G Act.

                                                                                                                                                    6 No conflicts have come to notice.

                                                                                                                                                    7 Specifically, section 10 of the PGPA Act establishes two ways that bodies corporate can be Commonwealth entities. Under subsection 10(d) it includes a body corporate established by law of the Commonwealth and under subsection 10(3) it also includes a body corporates established under a law of the Commonwealth (other than a Commonwealth companies) or a body corporate prescribed by an Act or the PGPA Rules to be a Commonwealth entity.

                                                                                                                                                    8 The term ‘Commonwealth subsidiary’ is used in this policy as a short hand for referring to both a subsidiary of a Commonwealth company and a subsidiary of a corporate Commonwealth entity.

                                                                                                                                                    9 Note that subsection 14(4) of the Act requires the Auditor-General, in the annual report under section 46 of the PGPA Act 2013, to include details of the basis on which the Auditor-General determined the audit fees that applied during the financial year concerned.

                                                                                                                                                    10 Subsection 20(2) of the A-G Act says “An arrangement may provide for the payment of fees to the Auditor-General. The fees are to be received by the Auditor-General on behalf of the Commonwealth.”

                                                                                                                                                    11 Attendance can be in person, or via teleconference or video link, to be determined in consultation with the Chair of the committee or committee secretariat.

                                                                                                                                                    12 Material and non-material entities can be identified from the Department of Finance flip chart accessible from https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-list.

                                                                                                                                                    13 This does not include member-only meetings of the Committee.

                                                                                                                                                    14 A copy of the Audit Committee minutes recording the discussion of fraud needs to be put on the TeamMate file or, if that record is incomplete, the ANAO representative needs to document the discussion in a file note or in the Fraud Work Program in TeamMate.

                                                                                                                                                    15 These will include members who are members of the entity’s audit committee.

                                                                                                                                                    16 Refer to ASA 260 A42 to A44 for guidance regarding observations during the audit that may indicate that the two-way communication between the audit team and TCWG is inadequate for the purposes of the audit, and actions that can be taken if the situation cannot be resolved.

                                                                                                                                                    17 Schedule 1 of the PGPA Act Rule prescribes certain bodies to be listed entities and specifies the name of the accountable authority. Other bodies, persons, groups of persons or organisations that are not prescribed by the Schedule may be listed entities because they are prescribed by an Act to be a listed entity. For example, the ANAO is not prescribed in Schedule 1 of the PGPA Act Rule, however subsections 38(a) and (b) of the Act states that the ANAO is a listed entity and the Auditor-General is prescribed as the Accountable Authority of the ANAO.

                                                                                                                                                    18 ASA 220 Paragraph A17 and APES 320 Paragraph 63.

                                                                                                                                                    19 APES 320 Paragraph 61.

                                                                                                                                                    20 APES 320 Paragraph 62.

                                                                                                                                                    21 The Role and Responsibilities of the Engagement Executive policy in the AASG Specific content outline the responsibilities of Engagement Executives.

                                                                                                                                                    22 Refer to ANAO Audit Manual – AASG Specific, Evaluating Misstatements Policy for guidance regarding evaluating prior period errors and the matters that need to be considered and consulted with the EQCR, Second Reviewer, GED and PSRG.

                                                                                                                                                    23 Refer to Role of the Qualifications and Technical Advisory Committee for the QTAC endorsed policy approach on ceasing Commonwealth entities to be applied in consultation with PSRG.

                                                                                                                                                    24 ASA 230 para 8.

                                                                                                                                                    25 Ibid.

                                                                                                                                                    26 ASA 230 para 9.

                                                                                                                                                    27 The policy at paragraph 9.10 also covers contractor firm files – the policy has been copied to paragraph 106.10 in AASG specific Project-Managed Audits.

                                                                                                                                                    28 The policy at paragraph 9.11 also covers contractor firm files – the policy has been copied to paragraph 201.9 in PASG specific Project-Managed Audits.

                                                                                                                                                    29 While this policy mandates the use of TeamMate for each audit, it does not prevent audit teams storing some audit evidence in E-hive. All evidence stored in this manner should be linked directly from the TeamMate file to E-hive and is considered to be part of the overall audit file.

                                                                                                                                                    30 Refer to ASAE 3500, paragraph 51 which requires the auditor to determine whether there is a responsibility or legislative requirement to report the occurrence or suspicion of fraud or other misconduct to a party outside the entity, including the Parliament, a regulator or government agency.
                                                                                                                                                    Any such reporting shall be in accordance with the relevant legislation and the ANAO Fraud Control Plan.