1. Authority and maintenance

Authority and maintenance of the ANAO audit manual

Background legislation and standards

1.1 The Australian National Audit Office (ANAO) Audit Manual (the Manual) sets ANAO policies and guidance applying specifically to the audits and other assurance work performed by or on behalf of the Auditor-General consistent with ANAO Auditing Standards.

1.2 The Manual forms part of the ANAO quality management framework which demonstrates compliance with the requirements of Auditing Standard on Quality Management ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements for policies and procedures which promote quality audits and for monitoring the application of those policies and procedures.

Policy

1.3 The Manual is issued under the authority of the Auditor-General.

1.4 Material within the Manual that is ANAO policy is displayed in bold type under the heading ‘Policy’ and is binding in respect of audits or other assurance work undertaken by the ANAO. Policies relevant to audits contracted out to an audit firm (contract out audits) are communicated to the audit firm via tender or contract documentation or as notified by the Engagement Executive1 under paragraph 105.2 of the ANAO Audit Manual - FSASG Specific and paragraph 201.2 of the ANAO Audit Manual - PASG Specific.

1.5 In rare and exceptional circumstances, substantive departures from policy may need to be considered. In these circumstances, approval by the Auditor-General, through the Qualifications and Technical Advisory Committee (QTAC), is required.

1.6 The Professional Services and Relationships Group (PSRG) shall monitor and analyse developments in applicable auditing and professional standards and legal and regulatory requirements. This includes consulting with service Group Executive Directors (GED) on applicable developments and their impact on the work of the ANAO and how they are incorporated into the ANAO’s policies, procedures and audit methodology.

1.7 PSRG shall communicate changes to audit methodology to audit staff through technical updates and other staff meetings such as Financial Statements Audit Services Group (FSASG), Performance Audit Services Group (PASG), Performance Statement Audit Service Group (PSASG) and Systems Assurance and Data Analytics (SADA) Senior Executive Service (SES) meetings and other forums.

1.8 The Manual shall be subject to an annual review by PSRG, to be completed in accordance with timeframes set out in the ANAO Quality Management Framework and Plan, published on the ANAO website annually. The annual review shall be supported by an annual assessment of ANAO quality objectives and quality risks.

1.9 The ANAO Quality Committee shall be responsible for:

  1. considering amendments to the Manual that substantially impact the conduct of an audit; and
  2. making a recommendation to the Auditor-General for approval of the amendments.

1.10 Any amendments to the Manual, other than those which are clearly trivial, outside the annual review shall be referred for endorsement to the ANAO Quality Committee if the changes result in substantial impacts on the conduct of an audit. Administrative changes and changes to guidance made by PSRG outside of the annual review do not require approval.

Guidance

1.11 The Manual addresses performance audit, financial statements audit, performance statements audit and other assurance work policy and guidance. As such, it comprises a shared content section applicable to all ANAO assurance engagements and separate chapters for specific content.

1.12 The Manual is organised as follows:

ANAO shared content

1. Authority and maintenance of the ANAO audit manual

2. Auditor-General’s mandate

3. Strategic planning

4. Governance and leadership responsibilities for quality

5. Professional, ethical and independence requirements

6. Resources

7. Information, communication and relationship with the auditee

8. Engagement performance

9. Documentation

10. Monitoring quality management policies and procedures

11. Evaluation of the Quality Management Framework

FSASG specific content

101. Engagement performance – general

107. Engagement performance – planning

110. Engagement performance – execution

116. Engagement performance – reporting

PASG specific content

201. Engagement performance – general

205. Engagement performance – planning

210. Engagement performance – execution

224. Engagement performance – reporting

PSASG specific content

301. Engagement performance – general

311. Engagement performance – planning

321. Engagement performance – execution

331. Engagement performance – reporting

1.13 The Manual forms part of the ANAO Quality Management Framework (QMF). It contains ANAO policy and guidance in respect of ANAO audit and assurance work. Other elements of the ANAO QMF are contained in the policy and procedures manuals and documents of the Corporate Management Group (CMG). ANAO staff are bound by these other ANAO policies where they are relevant to audit and assurance activities. Some policies within this Manual allude to these other policies.

1.14 The policies and procedures that make up the QMF respond to quality risks that arise in respect to the nature and circumstances of the ANAO and the engagements conducted. An annual review of the quality objectives and risks ensures that additional or modified quality objectives and risks are identified and modifications and additions to the QMF are designed and implemented as necessary.

1.15 The performance audit specific part of the Manual applies to performance audits. Application Guidance for Limited Assurance Reviews has been developed for guidance when applying the Manual to a Limited Assurance Review under section 19A of the Auditor-General Act 1997.

1.16 The Manual has been developed for use by ANAO executives and staff. In-house contractors must also comply with the policies in the Manual. Where audit and other assurance work has been contracted out, relevant sections of the Manual are to be made known to the contractor firm (refer to paragraph 1.4).

1.17 The Manual enables the achievement of ANAO business objectives. Audit service group executives and senior staff should raise with PSRG any conflicts between the delivery of ANAO business objectives and the Manual.

1.18 The Manual does not seek to re-express, as ANAO policy, material that is binding under other authorities (e.g. in respect of the mandatory requirements of ANAO Auditing Standards). However, the Manual does seek to enunciate the relationship between various authorities and provide guidance on their application in the ANAO. Refer to Diagram 1.

1.19 PSRG has overall responsibility for the Manual and any amendments to it. This is to ensure that ANAO policy and procedures for audit and other assurance work remain consistent with the authorities governing the ANAO’s work. Amendments, other than those that are clearly trivial, will involve consultation with ANAO GEDs, Chief Operating Officer (COO) or their nominees and oversight by the ANAO Quality Committee.

1.20 An annual review of the Manual is needed to keep policies current. Minor editorial or technical amendments (e.g. updating legislative references) will be made as required by PSRG.

1.21 Each section of the Manual will be subject to version control. Major changes will restart the number sequence (e.g. v1.0, v2.0). Minor changes will be designated as amendments to the previous major change (e.g. v1.2, v2.4).

1.22 All changes to the Manual, other than those that are clearly trivial, will be notified to ANAO audit staff and contractors through mechanisms such as direct email, the issue of a PSRG Announcement or discussion at PSRG Technical Updates and service group forums.

1.23 Material in the Manual that is superseded is archived consistent with the ANAO Information Management Framework.

1.24 In the ANAO wide aspects of this Manual, the term Engagement Executive is used to describe the leader of the assurance engagement. For financial statement audits, performance statements audits and other assurance engagements conducted by FSASG or PSASG, this means the Engagement Executive assigned to the engagement consistent with the Auditor-General’s delegations and may be a GED, Senior Executive Director (SED), Executive Director or Senior Director. For performance audits and other assurance engagements conducted by PASG, this means the Executive Director assigned to the engagement consistent with the Auditor-General’s delegations.

Diagram 1: Relationship between ANAO audit manual and authorities governing ANAO work

ANAO audit manual relationships

2. Auditor-General’s mandate

The Auditor-General’s mandate and work of the ANAO

Background

2.1 The Auditor-General Act 1997 (Cth) (A-G Act) creates the Auditor-General’s mandate, the ANAO and the requirement for ANAO Auditing Standards. It also sets out the relationship with the Parliament and the Joint Committee of Public Accounts and Audit (JCPAA), and requires the appointment of the Independent Auditor.

Policy

2.2 All ANAO audit staff shall familiarise themselves with the A-G Act and other legislation or authorities governing ANAO audits and other engagements.

2.3 Engagement Executives shall ensure at the beginning of each audit or assurance engagement that the legislative basis and requirements of the engagement are documented in the current audit file.

2.4 Audit reports shall not include particular sensitive information that in the Auditor-General’s opinion is not in the public interest. Where references to sensitive information are considered to be necessary to explain or support the audit findings, this shall be discussed with the relevant GED and the Executive during the audit and, where included, the relevant documents (for example Report Preparation Papers) shall have the appropriate security markings.

Use of Information-Gathering Powers

2.5 The Auditor-General makes all decisions to formally2 invoke information-gathering powers under section 32 of the A-G Act by:

  1. issuing a section 32 notice;
  2. providing a section 32 delegation;3 or
  3. authorising an authorised official to exercise section 32 powers.4

2.6 The Auditor-General also authorises officials to exercise powers under section 33 of the A-G Act by issuing a written authority signed by the Auditor-General (commonly known as a warrant card). While authorised officials may exercise their authorised power in their own right, they must have regard to the fact that the section 33 powers are rarely used and it is a significant decision to use the powers. All authorised officials shall produce their written authority when specifically requested to do so by an official of an audited entity.

2.7 Authorised officials shall notify their Engagement Executive when invoking section 33 powers to obtain access to premises, documents or property when the audited entity is not cooperating and access is required. This shall be performed before the powers are exercised, unless the official considers it necessary to use the powers before the Engagement Executive can be contacted, in which case the official shall notify the Engagement Executive as soon as possible subsequent to the use.

2.8 Authorised officials shall notify their responsible GED before invoking section 33 powers to obtain access to premises, documents or property when an entity that is not being audited is not cooperating and access is required.

Use of section 32

2.9 Where entities request that the Auditor-General formally invoke the section 32 information-gathering powers, this shall be discussed with the Auditor-General. The Engagement Executive shall provide a brief in advance of the discussion. Drafting of a formal section 32 delegation instrument or authorisation shall be performed by PSRG Legal Services, with the final signed by the Auditor-General. In preparing the briefing, the Engagement Executive shall have regard to the Auditor-General’s need to have confidence that the information-gathering approach will assist with the completeness, accuracy and relevance of evidence to meet the ANAO Auditing Standards.

2.10 Any other requests by audit teams to invoke the formal section 32 information-gathering powers shall be made through the Engagement Executive and discussed with the Auditor-General. A brief setting out the Engagement Executive’s recommendation shall be provided prior to the discussion with the Auditor-General. Where a direction to attend and give evidence under subsection 32(1)(b) is contemplated, the Engagement Executive shall identify the person(s) to be directed, and the nature of evidence being sought from them. Drafting of formal section 32 delegation instrument or authorisation shall be performed by PSRG Legal Services, with the final signed by the Auditor-General.

2.11 Delegations made under section 29 of the A-G Act for the purposes of a formal use of the section 32 information-gathering powers shall be temporary and limited to the events specified in it. If the person(s) to be directed include Ministers, members of Parliament or their staff, the arrangements to conduct interviews shall take account of Parliamentary privilege in consultation with PSRG Legal Services and be set out in the minute.

2.12 At the time of any request to formally use the section 32 information-gathering powers, the Engagement Executive shall review the engagement risk in light of the proposal (whether auditee or ANAO driven) to assess whether engagement risk has increased and then respond in accordance with the relevant financial statement or performance audit policy. Evidence of the review of engagement risk shall be kept on the audit file.

2.13 For audits where the formal use of information-gathering powers is being considered or has occurred, the use of evidence or other information obtained from that process shall be considered during the subsequent quality review points for the audit which, for a performance audit, shall include the section 19 Workshop meeting. PSRG Legal Services shall be invited to attend the relevant meetings.

2.14 When formal information-gathering powers are used in a performance audit, their use shall be included in the audit report in the audit methodology section of Chapter One, unless the Auditor-General approves an alternative approach.

2.15 The Engagement Executive for the audit in which the formal information-gathering powers have been used shall certify to the Auditor-General that the powers have been used in accordance with this manual at the time that the draft section 19 report is provided to the Auditor-General in accordance with Chapter 224 of the PASG Specific volume.

Directions to attend and give evidence at a judicial proceeding

2.16 Where a direction under subsection 32(1)(b) of the A-G Act is required, the direction to attend and provide information shall be made in writing and signed by the delegated official. The direction shall be drafted in consultation with PSRG Legal Services.

2.17 The likely questions to be asked of the witness(es) shall be provided in the form of a draft proceeding outline to the Auditor-General for information following consultation with PSRG Legal Services. The purpose of the consultation with PSRG Legal Services is to ensure that the likely questions remain within the jurisdiction of the A-G Act. The proceeding outline shall include identification of the documents, if any, that will be shared with the interviewee during the course of the interview.

2.18 The likely questions shall include questions related to identifying all communication channels used by the auditee in the conduct of its audited activities (including, but not limited to, emails, text messages and instant messaging applications), unless such questions are not relevant to the interview.

2.19 In accordance with procedures developed by PSRG Legal Services, all interviews using the formal section 32 information-gathering powers shall have the following features:

  1. conducted in person with at least two ANAO officials present;
  2. have at least one ANAO Senior Executive Service official present;
  3. recording devices shall be used and interviewees to be informed of the use of such devices;
  4. oaths and affirmations shall be administered;
  5. confidentiality requirements shall be reiterated at the commencement and conclusion of the interview process;
  6. rights and responsibilities of the interviewee shall be made clear at the commencement of the process and reiterated at the conclusion;
  7. any documents used by interviewees shall be recorded and copied during the interview; and
  8. any documents provided to interviewees shall be recorded in the audit file.

2.20 The record of interview shall be included in the audit file. Consideration shall be given to limiting access to the record, even within the audit team, depending on the nature of the evidence and the position/role of the interviewee.

2.21 In the event that evidence gathered using the formal information-gathering powers under section 32 is used in the draft section 19 report, consideration shall be given to whether the person(s) from whom the information is gathered is a person who, in the Auditor-General’s opinion, has a special interest in the report or the content of an extract (under sections 17(5) or 19(6) of the A-G Act). This shall occur during discussion on the proposed report, at which time the Auditor-General’s decision shall be sought, and agreement reached on what extract, if any, will be provided to the person(s) from whom the information was gathered.

Guidance/legislative requirements

Introduction to the Auditor-General Act 1997 (Cth)

2.22 An outline of these matters is set out below and staff should refer to the A-G Act itself. A copy of the A-G Act is available on https://www.legislation.gov.au/.

2.23 The A-G Act is in eight parts.

  1. Preliminary: Deals with the start of the A-G Act, its application to things outside Australia and its application to the Crown.
  2. Interpretation: Contains definitions of terms that are frequently used throughout the A-G Act.
  3. The Auditor-General: Creates the office of Auditor-General. Schedule 1 deals with administrative matters relating to the office of Auditor-General, such as the Auditor-General’s appointment, conditions, resignation and removal.
  4. Main functions and powers of the Auditor-General: Sets out the functions and powers of the Auditor-General.
  5. Information-gathering powers and secrecy: Gives the Auditor-General various powers to gather information. It also places restrictions on the disclosure or publication of information.
  6. The ANAO: Establishes the ANAO.
  7. Audit of the ANAO: Establishes the Independent Auditor. The functions of the Independent Auditor are to audit the financial statements of the ANAO and to carry out performance audits of the Office. Schedule 2 deals with administrative matters relating to the Independent Auditor, such as the Independent Auditor’s appointment, conditions, resignation and removal.
  8. Miscellaneous: Deals with miscellaneous matters such as a Commonwealth indemnity for people carrying out Auditor-General functions.

2.24 The A-G Act creates the statutory position of the Auditor-General as an independent officer of the Parliament (sections 7, 8). It also creates the ANAO (section 38).

2.25 The Auditor-General has complete discretion in the performance or exercise of his or her functions or powers, limited only by the A-G Act and other laws of the Commonwealth. In particular, the Auditor-General is not subject to direction from anyone about:

  1. whether a particular audit is to be conducted; or
  2. how a particular audit is to be conducted; or
  3. the priority to be given to any particular matter (section 8(4)).

2.26 Section 40(2) of the A-G Act further protects statutory independence by providing that directions to ANAO staff relating to the performance of the Auditor-General’s functions may only be given by the Auditor-General or ANAO staff authorised to give such directions by the Auditor-General.

2.27 The Auditor-General’s main functions include financial statement audits (sections 11 and 12), annual performance statement audits (section 15), performance audits (sections 17, 18, 18A and 18B), and assurance reviews (section 19A).

2.28 The Auditor-General may also enter into an arrangement with any person or body to conduct a financial statements audit or performance audit of that body or to provide services that are commonly provided by auditors (section 20). The Auditor-General shall not perform functions under section 20 for a purpose that is outside the Commonwealth’s legislative power. Further, an audit may not be done by arrangement under this section where a law already mandates the Auditor-General to do an audit. Further policy and guidance about section 20 audits is available in the section on Audits and Audit Related Services by Arrangement.

2.29 In addition, the Auditor-General can provide advice and disseminate information relevant to the Auditor-General’s responsibilities (section 23) and may at any time report to the Parliament or a Minister on any matter (sections 25 and 26).

2.30 The Auditor-General is required to set auditing standards. All staff must comply with the ANAO Auditing Standards determined by the Auditor-General from time to time when performing the auditing functions for which the standards are specified (section 24). The auditing standards applying to other work are a matter of policy. Further guidance is available in the section on Applicable Auditing Standards.

The Auditor-General’s information-gathering powers

2.31 To help in fulfilling audit functions, the A-G Act provides the Auditor-General with wide-ranging information-gathering powers. In practice, information is gathered through cooperation with audited entities and the information-gathering powers are treated by the ANAO as ‘reserve’ powers. These information-gathering powers are balanced by strict confidentiality provisions, which are explained in the section on Confidentiality of audit evidence. More information about the information-gathering powers is available in Supplementary Guidance titled The Auditor-General’s information-gathering powers.

2.32 Section 32 of the A-G Act provides the Auditor-General with the ability to direct a person to provide information or documents that the Auditor-General requires, as well as the ability to direct that a person attend a judicial proceeding to give evidence before the Auditor-General, or an authorised official. The Auditor-General may direct that the information or answers given as oral evidence in a judicial proceeding, or as written evidence, be collected or verified under oath or affirmation. Formal procedures that must be followed in accordance with paragraph 2.19 have been developed by PSRG Legal Services and are available at Procedures for Conducting ANAO Judicial Proceedings.

2.33 Legal advice confirms that the direction‐making powers can extend to a person who is a member of Parliament or their staff. In practice, the principal focus is on Ministers and their staff undertaking executive government functions. Based on that advice, the Auditor‐General takes care, in the rare cases that the powers are used, to ensure that any direction does not interfere with the proceedings of Parliament. Relevant considerations including the timing of a direction (to have regard to sitting days) and the location of an interview conducted under oath (to ensure it is outside the parliamentary precincts).

2.34 The nature of the information collected and how it is reported must also be considered. The A-G Act recognises that information‐gathering powers are limited by laws relating to the powers, privileges and immunities of the Parliament, its members and committees. Typically, information‐gathering conducted in the course of an audit is focused on the entity whose activities are under review. In some audits, information gathering may also extend to relevant Ministers’ offices where information relating to the activities of the executive government may be held. The information sought by the ANAO tends to relate to Ministerial decisions or actions in the conduct of resource management activities such as procurement and grants administration but is not necessarily limited to this type of information.

2.35 Section 33 provides authorised officials with full and free access to audited entity premises and any documents or property on those premises. All ANAO auditors should be authorised officials and carry a written authorisation from the Auditor-General when attending audited entity premises.

2.36 The following table summarises circumstances where escalation may be required in respect to use of warrant cards in exercising section 33 information-gathering powers.

Situation

Who should be consulted?

An authorised official is asked to produce their warrant card by an official of an audited entity.

No need to consult. Authorised officials should produce their warrant card and can choose to remain on audit entity premises as they see appropriate. Authorised officials should inform their Executive Director that they were asked to produce their warrant card.

An audited entity is not cooperating to provide authorised officials with access to premises, documents or property.

Authorised officials should consult with their ED before proactively using their section 33 powers on the audited entity.

An entity that is not currently being audited, is not cooperating to provide access to premises, documents or property (for example, a portfolio agency is being audited and documents are required from the portfolio department; or an audit is being planned and documents are required for planning before an entity is designated).

Authorised officials should consult with their GED before proactively using their section 33 powers on the entity that is not currently being audited.

   

2.37 Self-incrimination cannot be used as a reason by a person to refuse to supply information (section 35). Penalty provisions exist for non-compliance.

2.38 The Auditor-General’s preference is for the ANAO to obtain audit evidence through cooperation with audited entities. Cooperative information-gathering means that the audit team and the audited entity cooperate to ensure that the audit team receives the information that it requires in a timely manner. When auditing cooperatively, the information-gathering powers in the A-G Act are either not exercised, or are only exercised, including at the request of audited entities, to avoid a particular legal or other impediment such as a statutory secrecy provision.

2.39 Where there is a genuine legal impediment preventing an audited entity from providing audit evidence, the Audit Manager or the Engagement Executive should engage with the audited entity and seek Group Executive Director agreement to either request that the Auditor-General consider using section 32 to direct that the evidence be provided, or that an authorised official will attend the audited entity’s premises and take evidence using section 33.

2.40 If an audited entity or person is unwilling to cooperate to provide audit evidence or wishes to impose conditions on providing information, the issue should be first escalated to the Engagement Executive. Engagement Executives should not agree to any conditions that could impinge on the Auditor-General’s mandate such as:

  1. non-disclosure agreements or conditions preventing the ANAO from using information in an audit report;
  2. agreements that the ANAO will not copy or remove documents from audited entity premises;
  3. unreasonable requirements to complete the audited entity’s pre-employment checks; and
  4. unreasonable requirements to attend the audited entity’s mandatory training.

2.41 Issues that cannot be resolved should be escalated to Group Executive Director level to consider the ANAO’s options, which may include consideration of whether evidence can be taken using section 33 or whether it will be necessary to request that the Auditor-General consider issuing a section 32 notice.

2.42 There may also be situations where the Auditor-General determines that use of a judicial proceeding is necessary, for example to obtain verbal interview evidence under oath to lift the robustness of the evidence. More detailed guidance on the conduct of judicial proceedings is available in the PSRG Guidance Document.

Confidentiality of audit evidence

2.43 Audits must comply with the confidentiality requirements of the A-G Act. A person performing an Auditor-General function must not disclose any information except in the course of performing an Auditor-General functions (see subsection 36(1)) or where it is in the Commonwealth’s interest to provide advice or information (see section 23) and the provision of information is within the scope of the person’s assigned duties and responsibilities.

2.44 The confidentiality obligations in the A-G Act are generally limited to ANAO staff and other persons performing Auditor-General functions (such as ANAO contractors). However, the A-G Act imposes a confidentiality obligation on staff of an audited entity or other persons who receive proposed section 19 audit reports and working papers created for the purposes of preparing a proposed report under section 19, including the Report Preparation Papers.

2.45 Section 23A also allows a person performing an Auditor-General function to provide information to a person to assist in conducting a performance audit or assurance review and for this information to be protected by section 36(2B). Section 23A and section 36(2B) can be used to protect sensitive information about performance audits, such as if a support person is attending a judicial proceeding or where further consultation about a performance audit report is required after the section 19 process is complete. In these situations, the recipient of the sensitive information should be informed of their obligations under section 36(2B) and ANAO Legal Services can assist with this.

2.46 A person provided with a copy of a proposed report (including a draft) created for the purposes of preparing a proposed report, or extract provided for comment, must not disclose any information from that report before a final report being tabled in the Parliament (section 36(3)). Section 36(4) provides that the Auditor-General may consent to a disclosure otherwise prohibited by subsection 36(3).

2.47 The Auditor-General has agreed that the Accountable Authorities of Commonwealth entities or Chairpersons of Commonwealth companies may decide to disclose, on a confidential basis, relevant papers (including report preparation papers and proposed reports provided under section 19) to entity officials as well as members of the entity’s audit committee. The Auditor-General’s consent treats a range of secondees, as well as some specific types of contractors and consultants as entity officials. More information about the Auditor-General’s consents is set out in Supplementary Guidance titled Confidentiality of Report Preparation Papers and Proposed Reports.

2.48 Where a relevant paper is addressed to an officer of an entity, instead of an Accountable Authority, the Auditor-General has agreed that the officer to whom the paper has been addressed may decide to disclose, on a confidential basis, that paper to relevant officers of the entity or members of the entity’s audit committee.

2.49 Accountable Authorities and Officers wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants (who are not entity officials) and Ministers, must seek the consent of the Auditor-General.

2.50 Note that proposed reports under section 19, should, unless agreed by the Auditor-General, only be addressed to the Accountable Authority (the Secretary, Chief Executive, or governing board), or in the case of Commonwealth companies, subsidiaries and Commonwealth partners (which do not have an accountable authority of their own), a director or member of the governing body of the entity. Relevant papers other than proposed reports, such as report preparation papers, will usually be sent to an officer that is not an accountable authority, director or member of the governing body of the entity. For example, a report preparation paper will often be sent to an SES Band 2 officer. For further information about the practicalities of issuing report preparation papers and proposed reports, refer to the PASG Workflow and the Supplementary Guidance titled Confidentiality of Report Preparation Papers and Proposed Reports.

2.51 These confidentiality provisions do not prevent the Auditor-General from disclosing particular information to the Commissioner of the Australian Federal Police if the Auditor-General is of the opinion that the disclosure is in the public interest (subsection 36(2)).

Sensitive information not to be included in public reports

2.52 The Auditor-General must not include particular sensitive information in public reports that in the Auditor-General’s opinion would be contrary to the public interest (section 37).

2.53 The Auditor-General may consider that disclosure of information would be contrary to the public interest for the following reasons:

  1. it would prejudice the security, defence or international relations of the Commonwealth;
  2. it would involve the disclosure of deliberations or decisions of the Cabinet or of a Committee of the Cabinet;
  3. it would prejudice relations between the Commonwealth and a State;
  4. it would divulge any information or matter that was communicated in confidence by the Commonwealth to a State, or by a State to the Commonwealth;
  5. it would unfairly prejudice the commercial interests of any body or person; and
  6. any other reason that could form the basis for a claim by the Crown in right of the Commonwealth in a judicial proceeding that the information should not be disclosed.
Application of other relevant legislation

2.54 The Parliamentary Privileges Act 1987 (Cth) confers exemption from legal recrimination to a certain range of documents and activities that relate to transacting the business of the Parliament. This means that ANAO audit documentation and reports cannot be the subject of legal action. In the context of audits, Parliamentary privilege is accorded to:

  1. reports tabled in the Parliament;
  2. an audit report as it is being prepared — privilege is not compromised by the fact that the draft report is first provided to the entity before tabling;
  3. section 19 reports, working papers, report preparation papers and draft management reports that are created during the course of an audit, as necessary steps in the completion of a final audit report for presentation to Parliament, to comply with the A-G Act and relevant auditing standards;5 and
  4. audit reports that are tabled in the Parliament.

2.55 Legal Services Directions (Directions) are issued by the Attorney-General under section 55ZF of the Judiciary Act 1903 (Cth). The Directions outline a range of matters that non-corporate Commonwealth entities (that is, entities with the legal persona of the Commonwealth, such as the ANAO) must comply with about litigation and legal services generally. In particular, Clause 10 of the Directions imposes obligations on non-corporate Commonwealth entities about sharing legal advice and consulting with other entities when getting legal advice. The ANAO has been granted an exemption from Clause 10, subject to the following condition:

  1. if the ANAO receives legal advice indicating an ambiguity or other issue in legislation that should be addressed by remedial action to be taken by the administering non-corporate Commonwealth entity, then the ANAO is required to advise the administering non-corporate Commonwealth entity of the issue. This must be done as soon as practicable, having regard to the circumstances in which the ANAO has sought the advice.

2.56 The ANAO will cooperate with relevant non-corporate Commonwealth entities to address any legal interpretation issues. ANAO Legal Services can help with discussing these issues with audited entities.

2.57 Very few audited entities would be aware that the ANAO is exempt from Clause 10 of the Legal Services Directions and audited entities are likely to be concerned if the ANAO does not consult consistent with Clause 10. Despite being exempt, the ANAO should endeavour to consult in a manner consistent with Clause 10 of the Directions unless there is an audit reason that it would not be appropriate to consult. Where consultation is not possible, the ANAO should explain to audited entities, at the first suitable opportunity, that the ANAO is exempt from Clause 10 of the Directions. ANAO Legal Services can help with discussing these issues with audited entities.

2.58 In recognition of the Auditor-General’s independent status, the Auditor-General is exempt from the application of the Freedom of Information Act 1982 (Cth) (FOI Act). However, to the extent appropriate, the ANAO provides information on request in the spirit of the FOI Act, about the administration of the ANAO. As a general rule, information about the findings of an audit in progress is not made public. The release under FOI of records created by another entity, which have been collected by the ANAO for an audit purpose, is usually a matter for the entity that created the records.

2.59 The Auditor-General is also exempt from the application of the Australian Privacy Principles (APPs) set out in Schedule 1 of the Privacy Act 1988 (Cth). However, consistent with the ANAO’s policy relating to the FOI Act, the ANAO complies with the intent and spirit of the APPs to the extent appropriate.

Statutory whistleblower regimes

2.60 The Public Interest Disclosure Act 2013 (Cth) (PID Act), Corporations Act 2001 and Taxation Administration Act 1953 (Tax Act) contain whistleblower regimes which on occasion impact on audit processes. The PID Act clearly applies to suspected wrongdoing by ANAO staff but has limited application to audit processes. The Corporations Act whistleblower regime applies to ANAO staff auditing companies and the Tax Act regime could apply if auditors discover possible tax avoidance or non-compliance with tax laws.

2.61 The PID Act is designed to enable disclosure and investigation of wrongdoing in the Commonwealth public sector. The primary mechanism to achieve this is by protecting ‘whistleblowers’ from reprisal action to encourage public officials to report suspected wrongdoing.

2.62 The operation of the PID Act does not impact the way the ANAO conducts its auditing and related responsibilities that are governed by the A-G Act. In particular, where during the performance of an Auditor-General function, matters such as breaches of legislation and deficiencies in aspects of public administration are identified and reported to ANAO’s staff member’s supervisor, the ANAO’s audit and related policies, and procedures and practices continue to apply including those procedures set out in this audit manual. All staff must also continue to comply with the confidentiality and other provisions of the A-G Act. The reporting of disclosable conduct and the processes involved in dealing with the disclosure of such conduct, that are outlined in the PID Act, are separate from, and should not impact directly on, the way ANAO staff perform an Auditor-General function.

2.63 In rare situations, auditors may require information from an audited entity about a public interest disclosure involving that entity. Information about the public interest disclosure will likely be covered by the general secrecy provision in section 65 of the PID Act, which carries a penalty of two years imprisonment or 120 penalty units, or both. The information-gathering power in section 32 of the A-G Act prevails over the PID Act. However, the A-G Act will only prevail if section 32 is used, and an audited entity that voluntarily provides information covered by section 65 of the PID Act exposes itself to risk of breaching section 65. For this reason, the information-gathering powers in the A-G Act should be used if an auditor requires information that relates to a public interest disclosure. ANAO Legal Services can help with discussing these types of issues with the audited entity.

2.64 The Corporations Act whistleblower regime provides protection to whistleblowers in companies who disclose misconduct in the Commonwealth company to ANAO auditors. An example of a whistleblower disclosure would be if a staff member of a Commonwealth company alleged, in an informal private conversation, that a senior company officer was defrauding the company. ANAO auditors who receive a disclosure may face criminal penalties if they divulge the identity of the whistleblower or engage in conduct to the detriment of the whistleblower. ANAO auditors who suspect that they may have received a whistleblower disclosure should consider seeking advice from ANAO Legal Services, as the Corporations Act allows disclosure to legal advisers.

Legal professional privilege

2.65 Legal professional privilege is a rule of law that protects the confidentiality of certain communications between legal advisers and clients. Legal professional privilege applies to a communication where the dominant purpose of the communication is to provide legal advice to the client. Section 30 of the A-G Act provides that auditees cannot claim legal professional privilege to refuse access to information for audit purposes. In addition, subsection 30(2) provides protection to auditees to ensure that disclosure within the audit of otherwise privileged information does not waive that privilege for purposes outside the audit. Subsection 30(2) applies in addition to the fact that information is not considered to be disclosed when it is provided between different non-corporate Commonwealth entities. This is because those entities are all considered to be legally the same entity (i.e. the Commonwealth). ANAO Legal Services has developed Supplementary Guidance which provides further information about legal professional privilege.

The work of the ANAO

2.66 The ANAO is a statutory body exercising defined functions and powers. It is important that audit staff and contractors understand the basis in law for each engagement they are to undertake. Furthermore, the absence of legal authority to conduct an audit is likely to jeopardise the indemnity provided under section 55 of the A-G Act6 for a liability that might be incurred by a person undertaking an Auditor-General function.

2.67 Financial statement, performance audits, performance statements audits and other assurance reviews must be carried out consistent with the Auditor-General’s mandate having regard to any exclusions relating to particular persons or bodies. The Auditor-General is responsible for financial, performance audits and assurance reviews of all Commonwealth entities, companies and subsidiaries, with the exception that performance audits and an audit of performance measures of Government Business Entities (GBE) can only be undertaken if they are requested by the JCPAA (subsection 17(2)). In addition, a performance audit of a Commonwealth partner that is part of, or controlled by, a state or territory government cannot be undertaken unless it is requested by the responsible minister or the JCPAA (paragraph 18B (1)(a)).

2.68 The relevant legislation for conducting annual financial statement audits comes under Part 4, Division 1 of the A-G Act, which provides for the audits of:

  • Commonwealth entities consistent with the Public Governance, Performance and Accountability Act 2013 (PGPA Act) (section 11(a));
  • Commonwealth companies consistent with the A-G Act (section 11(b));
  • subsidiaries of corporate Commonwealth entities and Commonwealth companies consistent with the A-G Act (section 11(c)); and
  • annual consolidated financial statements of the Commonwealth (section 12).

2.69 Financial statements audits can also be undertaken under other Acts. The Auditor-General’s functions include any functions given to the Auditor-General by any other Act (section 22). For example, the authority for the audit of the financial statements of the High Court is section 47 of the High Court of Australia Act 1979.

2.70 In the case of audits that are conducted under the authority of an Act other than the A-G Act or the PGPA Act, there may be specific provisions in the particular Act requiring a report to a Minister, typically the Minister responsible for the particular Act. For example, subsection 43(1) of the High Court Act requires the Auditor-General to inspect and audit the accounts and records of the Court and under subsection 43(3), to report the results to the Attorney-General. The High Court Act also requires a report to the Attorney-General on the results of the financial statements audit under section 47.

2.71 Regular reports to Ministers on the results of interim and final financial statements audit work are provided under the authority of subsection 26(2) of the A-G Act which provides that the Auditor-General may at any time give a report to any Minister on any matter. Reports to the Parliament on the results of interim and final financial statements audit work are provided under the authority of section 25(1), which provides that the Auditor-General may at any time cause a report to be tabled in either House of the Parliament on any matter.

2.72 There are other provisions dealing with situations where a report to a Minister (other than the audit report on the financial statements) must be provided.

  • Section 26(1) of the A-G Act provides that the Auditor-General bring to the attention of the responsible Minister any important matter that comes to the attention of the Auditor-General while (a) conducting an audit referred to in Division 1 or (b) performing functions as an auditor under the Corporations Act 2001. For this purpose, what is an ‘important matter’ is a matter for the Auditor-General’s judgement.
  • A provision similar to subsection 26(1) exists in some other Acts. For example, section 43(1) of the High Court Act provides that the Auditor-General shall draw the attention of the Attorney-General to any irregularity disclosed by the inspection and audit that, in the opinion of the Auditor-General, is of sufficient importance to justify his or her so doing.

2.73 Persons performing a financial statements audit under section 49 of the PGPA Act (the Annual consolidated financial statements of the Commonwealth) are required by the A-G Act to comply with the ANAO auditing standards. Standards applying to other work (audits or services by arrangement or audits under Acts other than the A-G Act) are not required by law and are a matter of ANAO policy.

2.74 Performance audits are conducted under sections 17, 18, 18A and 18B of the A-G Act. Section 17 refers to performance audits of a single Commonwealth entity, Commonwealth company or the subsidiary of a corporate Commonwealth entity or a Commonwealth company. Section 18 refers to general performance audits, otherwise known as cross-entity audits, which are conducted to review a particular aspect of Commonwealth public sector operations across more than one entity. Section 18A refers specifically to the auditing of entity performance measures and the reporting against those measures. Section 18B refers to the conduct of a performance audit of a Commonwealth partner. Other sections in the A-G Act refer to performance statement audits (sections 15-16), assurance reviews (section 19A), priority assurance reviews (section 19A(5)) and audits by arrangement (section 20).

2.75 The Auditor-General’s functions do not extend to examining and reporting on the appropriateness of government policy. This differs from reviewing and reporting on:

  • the timeliness and evidence base of policy advice provided to government to help inform the development of government policy; or
  • policy settings or guidance relating to implementation of the PGPA Act and Rule.

2.76 The Auditor-General cannot audit the performance of Ministers of State about the exercise of their constitutional duties. This prohibition extends to judicial and quasi-judicial officers and Royal Commissioners about performing their statutory duties but may allow examination where the duties involve the management of an entity.7

2.77 The Auditor-General can audit the functions of statutory office holders who have administrative functions in addition to their statutory functions. When conducting audits under sections 17 or 18, the Auditor-General’s mandate extends to the actions of Ministers who discharge responsibilities under specific legislation relating to the subject matter of each particular audit. For example, the administrative function of grant approval or the approval of proposed expenditure by a Minister under section 71 of the PGPA Act.

Relationship with the Parliament and the JCPAA

2.78 The Parliament is the ANAO’s primary client and the A-G Act provides that audit reports be tabled in the Parliament, except for reports on assurance reviews under section 19A(4) of the A-G Act.8 The JCPAA is the ANAO’s primary point of contact with the Parliament and the ANAO’s oversight committee.

2.79 The JCPAA is a joint statutory committee of the Parliament that has a special relationship with the ANAO. The JCPAA is formed under the Public Accounts and Audit Committee Act 1951 (PAAC Act) and is empowered to scrutinise the moneys spent by Commonwealth entities from funds appropriated to them.

2.80 The JCPAA’s duties as set out in section 8 of the PAAC Act include to:

  1. examine all reports of the Auditor-General (including reports of the results of performance audits) (section 8(c));
  2. consider the operations and resources of the ANAO and the reports of the ANAO’s Independent Auditor (section 8(g)) and to report to both Houses of the Parliament on any matters arising from this consideration (section 8(h));
  3. report to both Houses of the Parliament on the performance of the ANAO at any time (section8(i));
  4. consider the ANAO budget (subsection 8(j));
  5. consider the level of fees determined by the Auditor-General under subsection 16(1) of the A-G Act (subsection 8(ka)); and
  6. determine the audit priorities of the Parliament for audits of the ANAO by the Independent Auditor (subsection 8(n)).

2.81 Other Parliamentary Committees, particularly the Senate Finance and Public Administration Committee, also review ANAO audit reports and conduct enquiries that draw on the ANAO’s work and scrutinise the ANAO’s administration.

Independent auditor

2.82 The A-G Act provides for the appointment of an independent auditor for the ANAO. The independent auditor can undertake both financial and performance audits of the ANAO and has powers and functions similar to those provided to the Auditor-General under the A-G Act. Reports of audits undertaken by the independent auditor must be tabled in the Parliament and the JCPAA can review these reports (the A-G Act, Part 7).

Applicable auditing standards

Background

2.83 The ANAO Auditing Standards set by the Auditor-General under section 24 of the A-G Act must be applied by all persons performing the Auditor-General functions specified in that section of the A-G Act.

2.84 These functions include:

  1. auditing of the annual financial statements of:
    1. Commonwealth entities and Commonwealth companies consistent with the PGPA Act,
    2. subsidiaries of Commonwealth entities and Commonwealth companies consistent with the PGPA Act, and
    3. the Commonwealth under section 49 of the PGPA Act (Commonwealth consolidated financial statements);
  2. auditing of annual performance statements of Commonwealth entities consistent with the PGPA Act;
  3. performance audits of Commonwealth entities, Commonwealth companies and subsidiaries and Commonwealth partners;
  4. general performance audits under section 18 of the A-G Act;
  5. auditing of performance measures under section 18A of the A-G Act; and
  6. assurance reviews of Commonwealth entities, Commonwealth companies and subsidiaries of a corporate Commonwealth entity or a Commonwealth company.

2.85 This Manual (at paragraph 2.83) mandates that the ANAO Auditing Standards will apply to all assurance engagements conducted by the ANAO despite the fact that section 24 of the A-G Act does not require the ANAO Auditing Standards to apply to audits conducted under other Acts (except the annual audit of the Commonwealth Financial Statements under the PGPA Act) or audit-related services undertaken by arrangement under section 20.

Policy

2.86 Unless otherwise determined by the Auditor-General, the ANAO Auditing Standards shall apply to all ANAO assurance engagements, including those within the scope of section 24 of the A-G Act as well as those:

  1. authorised by section 22 of the A-G Act (a function given to the Auditor-General by an Act other than the PGPA Act); or
  2. entered into consistent with section 20 of the A-G Act (by arrangement).

2.87 The engagement letter shall identify the auditing standards that apply.

Guidance

2.88 The ANAO Auditing Standards set by the Auditor-General are registered legislative instruments and are publicly available on the Federal Register of Legislation.

2.89 It is ANAO practice to incorporate into the ANAO Auditing Standards, by reference, the standards made by the Australian Auditing and Assurance Standards Board (AUASB). The only constraint on the application of AUASB standards is that should an AUASB standard(s) conflict with a legal requirement, the legal requirements prevail.9

2.90 The operation of the ANAO Auditing Standards is fully explained in an Explanatory Statement which is also on the Legislation Register.

2.91 Some Commonwealth entities are audited under provisions in Acts other than Part 4 Division 1 of the A-G Act and are not therefore within the scope of the section 24 Standards. It is nevertheless appropriate for such bodies to be audited under the ANAO Auditing Standards. For example, the High Court of Australia is not a Commonwealth entity (refer to subsection 10(2) of the PGPA Act). The audit requirements are in the High Court Act 1979.

2.92 Some ANAO engagements are undertaken by arrangement under section 20 of the A-G Act. Such an engagement may be with an Australian body not wholly within the Commonwealth’s jurisdiction (for example, a body set up jointly by the Commonwealth and State Governments) or with an international or foreign body.

Relationship between the Public Governance, Performance and Accountability Act 2013 and the Corporations Act 2001

Background

2.93 Section 11 of the A-G Act states that the Auditor-General’s functions include auditing the financial statements of:

  1. Commonwealth entities;
  2. Commonwealth companies; and
  3. subsidiaries of corporate Commonwealth entities and Commonwealth companies.

2.94 Section 21 of the A-G Act allows the Auditor-General to accept appointment as an auditor of Commonwealth companies and Commonwealth subsidiaries under the Corporations Act 2001 (Corporations Act).

2.95 A Commonwealth company or a Commonwealth subsidiary may choose not to appoint the Auditor-General as their auditor under the provisions of the Corporations Act. However, the Auditor-General is still required by section 11 of the A-G Act and sections 44(3), 97(3) and 99(3) of the PGPA Act to audit their financial statements in addition to the audit done by the appointed auditor under the Corporations Act. Refer to paragraph 2.91 for exceptions to this requirement.

Policy

2.96 An Engagement Executive shall endeavour to have the Auditor-General appointed as auditor under the Corporations Act of all entities captured by section 21 of the A-G Act which are within the Engagement Executive’s area of responsibility.

2.97 Where an entity seeks to appoint another auditor under the Corporations Act, the Auditor-General shall be notified immediately.

Guidance

Commonwealth Entities

2.98 Audit teams performing engagements consistent with the Corporations Act need to be aware of the relationship between the Corporations Act, the PGPA Act and its impact on the Auditor-General’s mandate about companies controlled by the Commonwealth.

2.99 As defined in section 10 of the PGPA Act, Commonwealth entities include: Departments of State; Parliamentary Departments; listed entities; and bodies corporate.10 Commonwealth companies are not Commonwealth entities. The High Court and the Future Fund Board of Guardians are also excluded from the definition of Commonwealth entities, under section 10 of the PGPA Act (refer to Diagram 2 PGPA Act structure).

2.100 There are two types of Commonwealth entity:

  1. corporate Commonwealth entities – a Commonwealth entity that is a body corporate; and
  2. non-corporate Commonwealth entities – a Commonwealth entity that is not a body corporate.

2.101 Corporate Commonwealth entities are legally separate from the Commonwealth, whereas non-corporate Commonwealth entities are legally part of the Commonwealth. The Department of Finance maintains the Flipchart of Commonwealth entities and companies which provides a quick reference to which Commonwealth entities are corporate and which are non-corporate Commonwealth entities.

2.102 Most bodies that meet the definition of bodies corporate are incorporated for a public purpose by an Act and hold money on their own account. Whether a Commonwealth entity is a body corporate can usually be determined from the provisions in the legislation forming the body. Money is taken to be held on a corporate Commonwealth entity’s own account unless it is relevant money as defined in section 8 of the PGPA Act. The Finance Minister also has the power to make rules that form bodies corporate under section 87 of the PGPA Act.

2.103 There are a small number of entities that have a body corporate status but are prescribed as non-corporate Commonwealth entities, for example the Australian Competition and Consumer Commission.

2.104 There are also a small number of bodies which are corporate Commonwealth entities but whose enabling legislation states that the PGPA Act applies but only in certain respects. For example, section 4A of the Australian National University Act 1991 modifies the application of the PGPA Act.

The particular definitions of ‘Commonwealth ‘company’ and ‘subsidiary’ in the PGPA Act

2.105 Section 89(1) of the PGPA Act defines a ‘Commonwealth company’ as a Corporations Act company that the Commonwealth controls. However, an entity that is controlled by a corporate Commonwealth entity or a Commonwealth company is referred to in the Act as a ‘subsidiary’, even if it is a company under the Corporations Act.

2.106 The distinction is important because the provisions of the PGPA Act applying to Commonwealth companies are sometimes different to those applying to subsidiaries.

Application of the Corporations Act

2.107 The Corporations Act applies under its own terms to Commonwealth companies and Commonwealth subsidiaries;11 that is, nothing in the PGPA Act detracts from the application of the Corporations Act.

2.108 There are provisions in the Corporations Act which allow certain companies not to prepare annual financial statements. A Commonwealth subsidiary that meets those requirements can use them not to report under the Corporations Act. However, section 97(1) of the PGPA Act requires all Commonwealth companies to give to their responsible Minister a copy of the financial report, directors’ report and auditor’s report that the company would be required to prepare if they were a public company, even if they are exempt under the Corporations Act from preparing annual financial statements.

The nature and application of the Auditor-General’s mandate in respect of Commonwealth companies and Commonwealth subsidiaries

2.109 An exception to the Auditor-General’s legislative mandate for the audit of the financial statements of a subsidiary exists when the subsidiary is incorporated or formed in a place outside Australia and certain other conditions are met (refer sections 44(3) and 99(3) of the PGPA Act).

Diagram 2: PGPA Act structure

PGPA Act structure

Diagram 3: Decision Tree - ANAO financial statements audit mandate under the PGPA Act

Decision tree

Audits and Audit Related Services by arrangement under section 20 of the A-G Act

Policy

2.110 The Auditor-General shall determine whether to accept or continue an audit or audit related service by arrangement under section 20.

2.111 The responsible GED shall make a written recommendation to the Auditor-General covering, at a minimum:

  1. the name of the organisation and the position of the person making the request;
  2. the reason for requesting the engagement;
  3. the nature, engagement risk rating12 and duration of the proposed engagement;
  4. whether, and on what terms, to accept the request, with supporting rationale;
  5. the proposed fee to be charged for the engagement, with supporting basis. For ongoing engagements, propose the arrangement for determining fees to be charged in future periods;
  6. the ANAO has the competence and capabilities, including available time and resources to conduct the engagement; and
  7. how any significant matters identified from the considerations in the guidance to this policy will be managed.

2.112 The letter of engagement shall reflect the specific terms and conditions approved by the Auditor-General, including the auditing standards that the engagement will be performed under.

2.113 The Auditor-General’s powers to get information under section 32 and ‘to access premises’ under section 33 are not available for arrangements made under section 20. The Auditor-General’s ability to get information shall be agreed in the engagement letter.

2.114 An arrangement cannot be entered into unless the person responsible for the subject matter of the proposed engagement personally acknowledges the terms of the engagement in writing.

Managing the engagement

2.115 If information is obtained that would have caused the responsible GED to recommend declining the engagement, had that information been available earlier, the responsible Engagement Executive shall communicate that information promptly to the Auditor-General with a recommended course of action.

2.116 Section 20(2) provides for the Auditor-General to charge fees for an engagement entered into under arrangement. The Auditor-General shall determine the fee at the time of entering into the arrangement. The Auditor-General has delegated the power to determine the fees to be charged for an engagement entered into under section 20 to the Deputy Auditor-General. If the engagement by arrangement covers more than one period, the recommendation shall propose the arrangement for determining the fees to be charged for future periods.

2.117 Information obtained when deciding whether to accept or continue a section 20 engagement may be relevant to identifying risks of material misstatement. If relevant, the Engagement Executive shall ensure the information is communicated to the audit team for inclusion in risk assessment procedures.

2.118 If the Auditor-General determines that it is appropriate to withdraw from an engagement, the responsible Engagement Executive shall discuss the withdrawal with the appropriate level of the entity’s management and those charged with governance (TCWG). The discussion shall include the reasons for withdrawal, and consideration of whether the withdrawal should be reported to regulatory authorities.

Guidance

Approving the engagement

2.119 This policy deals with the matters to be considered when making a recommendation whether to accept a request to undertake an audit, or audit related service by arrangement, under section 20 of the A-G Act.

2.120 An audit by arrangement is an assurance-related service performed by the ANAO of a kind normally performed by auditors (including financial statement and performance audits) that is conducted under an agreement between the ANAO and another party.

2.121 Following a proposal or request to enter into an audit or audit related service by arrangement, the FSASG/PASG GED should consider and document the following in forming a view as to whether to recommend the request:

  1. Is the proposed arrangement a mandated Auditor-General function?
  2. Does the proposed arrangement involve the Auditor-General performing a function that is outside of the Commonwealth’s legislative power?
  3. Will the preconditions for the engagement be met, as required by the ANAO Auditing Standards?
  4. Who within the organisation is responsible for the preparation of the report? If the responsibility is not at the accountable authority or Director level, is the signatory appropriate and is there appropriate governance over the report?
  5. Who are the intended users of the ANAO report?
  6. Does the proposed arrangement provide the Auditor-General with the ability to report to the responsible Minister and Parliament on the results of the audit?
  7. Will the ANAO have satisfactory access to information, premises and relevant individuals?
  8. Are there any questions or concerns over the integrity of the client (key management and TCWG)?
  9. Will the ANAO have the competence and capabilities, including available time and resources to conduct the engagement?
  10. Does the engagement pose any risks to compliance with ethical requirements?
  11. Are there any possible legislative or public interest considerations that impact the recommendation?
Legislative requirements

2.122 Under section 20(1) of the A-G Act the Auditor-General may enter into an arrangement with any person or body to:

  1. audit financial statements of the person or body; or
  2. conduct a performance audit of the person or body; or
  3. provide services to the person or body that are of a kind commonly performed by auditors.

2.123 The Auditor-General does not delegate the power to enter into arrangements under section 20.

2.124 The Explanatory Memorandum of the original Auditor-General Bill states that audits by arrangement under section 20 may include:

  1. audits of Commonwealth Corporations Act companies where the audit is not otherwise permitted or required under the A-G Act;
  2. audits of international organisations of which the Commonwealth is a member;
  3. provision of services normally performed by auditors and accounting firms including workers’ compensation certificates, comfort letters, investigating accountants’ reports and help in matters of financial administration; and
  4. audits of organisations or people who are the recipients of Commonwealth grants or benefits.

2.125 Section 20 allows the Auditor-General to undertake engagements outside of engagements otherwise mandated by the A-G Act or other legislation, but section 20(3) specifies that the Auditor-General must not perform functions for a purpose that is outside of the Commonwealth’s legislative power. The Commonwealth’s legislative powers are set out in section 51 of the Australian Constitution.

2.126 When forming the recommendation, if in doubt, the GED should consult with ANAO Legal Services to confirm that a particular matter falls within the Commonwealth’s legislative powers.

2.127 Section 20(4) allows the Auditor-General to enter into an arrangement with a GBE under section 20.

Duration

2.128 Requests to conduct engagements by arrangement may be for a specified time period or on an ongoing basis. The Auditor-General’s approval will cover the duration of the engagement as specified in the recommendation. If an approval is limited to a specific time period, extension for a further period will require a further approval from the Auditor-General.

Preconditions and acceptance and continuance

2.129 The preconditions for the engagement are specified in:

  1. ASA 210 for an audit of historical financial information;
  2. ASRE 2410 for a review of a financial report where the ANAO is also the auditor of the annual financial reports; and
  3. ASAE 3000 for assurance engagements other than audits or reviews of historical financial information. For performance audits, this is complemented by ASAE 3500.

2.130 Where information is obtained on an existing engagement that would have caused the GED to recommend declining the engagement, the following procedures should be undertaken:

  1. consider whether there is a professional, legal or regulatory requirement for the ANAO to continue the engagement, or public interest considerations;
  2. discuss with the appropriate level of the entity’s management and those charged with governance the appropriate action that the ANAO might take based on the relevant facts and circumstances; and
  3. document significant matters, consultations, conclusions and the basis for the conclusions.
Reporting powers

2.131 The Auditor-General has powers in sections 25 and 26 of the A-G Act to provide extra reports to responsible Ministers and the Parliament.

Responding to audit requests

Policy

2.132 Each external audit request received shall be considered by the responsible GED and a recommendation shall be made to the Auditor-General who shall determine the course of action to be taken.

2.133 Once the course of action is determined, a response shall be provided to the requestor in a timely manner.

Guidance

2.134 From time-to-time, the Auditor-General receives an external request to examine a matter related to public administration. Such requests commonly originate from parliamentary committees, individual parliamentarians or community groups.

2.135 The available options for responding to a request for a performance audit are:

  1. agree to undertake an audit of the matter(s) outlined in the request (objectives and scope of the audit should be expressed consistent with the ANAO’s mandate and policies, which may mean that the objectives and scope are different from that requested);
  2. agree to take the request into account in the conduct of an audit in progress or a planned audit;
  3. conduct an assurance review of the matters covered by the request. Such reviews can provide limited or reasonable assurance and do not constitute an audit;
  4. agree to inquire into the matters and respond by correspondence;
  5. agree to take the request into account in future planning for the ANAO’s work program; or
  6. take no further action.

2.136 Responses to audit requests from members and senators of Parliament are signed by the Auditor-General and published on the ANAO Website - Requests for Audits.

2.137 Where it is intended to proceed to the conduct of an audit or a review, the response should outline the proposed focus of the audit or review (the formal objectives will generally be determined at the time a plan is prepared and approved) and clearly indicate any matters raised in the original request that will not be within the scope of the proposed audit or review.

Audit delegations and authorisations

Background

2.138 Section 29 of the A-G Act allows the Auditor-General to delegate by written instrument the Auditor-General functions and powers.

Policy

2.139 ANAO audit personnel responsible for the performance of an Auditor-General function shall ensure they have a formal delegation or authorisation to perform that function.

2.140 ANAO audit personnel shall exercise the responsibilities of a delegation or authorisation consistent with any conditions attaching.

Guidance

2.141 The A-G Act and other legislation specify the Auditor-General’s functions and powers.

2.142 Section 29 of the A-G Act allows the Auditor-General to delegate, by written instrument, these functions and powers to an official of a non-corporate Commonwealth entity, who must comply with any directions the Auditor-General gives.

2.143 The Auditor-General has delegated some of his functions and powers. They have also given authorisations about their powers to direct staff about the performance of an Auditor-General function and to the access of premises and documents etc.

2.144 An official of a non-corporate Commonwealth entity, as defined in the PGPA Act, means an individual who is in, or forms part of, the entity. Section 38(3) of the A-G Act lists the following persons as officials of the Audit Office: the Auditor-General; the staff referred to in section 40; and persons engaged under contract as referred to in section 27.

2.145 The delegations made and authorisations given can be found on MyANAO. Responsibility for maintaining the currency of delegations and authorisations on MyANAO rests with CMG, while responsibility for advising when the delegations and authorisations need to be updated rests with FSASG and PASG respectively.

Nature of delegations and authorisations

2.146 There is a difference in law between exercising a function as a delegate rather than under authorisation. A delegate exercises a function in their own right, whereas a person authorised to perform a function does so for and on behalf of the person to whom the function belongs. This distinction has some implications.

  1. Subject to any directions accompanying the delegation, the delegate is given autonomy in performing the function, whereas the person acting for and on behalf of the Auditor-General must perform the function in the way the Auditor-General would, which implies consultation with the Auditor-General.
  2. It is appropriate for the person exercising the function to indicate the capacity in which they sign. A delegate states they sign as ‘delegate of the Auditor-General’; a person authorised to perform the functions signs ‘for and on behalf of the Auditor-General’.

2.147 The delegation of a function or power does not prevent the Auditor-General exercising the function or power personally. General guidance on delegations and authorisations can be found in Australian Government Solicitor Legal Briefing - Delegations, authorisations and the Carltona principle.

Audit delegations specific to ANAO personnel

2.148 The Auditor-General’s audit delegations (under the A-G Act unless otherwise indicated) to specified ANAO personnel are listed below and can be found here: Delegations and Authorisations.

  • Section 11 - conduct and sign reports for audits of annual financial statements of Commonwealth entities, Commonwealth companies and subsidiaries.
  • Section 15 – Conduct and sign reports for audits of annual performance statements of Commonwealth entities agreed to by the Auditor-General.
  • Subsection 20(1) – Conduct and sign reports for arrangements agreed to by the Auditor-General to audit financial statements of a person or body; conduct a performance audit of the person or body; or provide services to the person or body that are of a kind commonly performed by auditors.
  • Section 22 – all powers and functions of the Auditor-General under s313 of the Bankruptcy Act 1965 and all powers and functions to conduct and sign financial statements audit reports under any other Commonwealth Act.
  • Section 27 – Engaging any person under contract to help in the performance of any Auditor-General Function.

2.149 These delegations are made subject to the general conditions that in ‘exercising any power or function, a delegate must have due regard to ANAO and Services Group policies and procedures’.

Delegations and the Corporations Act

2.150 Section 1281 of the Corporations Act deems the Auditor-General to be taken to be registered as a company auditor under the Act. Subsection 1281(2) also deems a person to whom the Auditor-General delegates the function of conducting an audit or the power to conduct an audit, to be taken to be registered as a company auditor for the purposes of applying Chapter 2M to the audit. It is important to note that subsection 1281(2) is limited to Chapter 2M of the Corporations Act, and as such, for any audits performed outside of Chapter 2M (e.g. Chapter 7 audits of Regulated Funds and AFSL audits) only the Auditor-General is taken to be registered as auditor.

Appointment and resignation as auditor under the Corporations Act

Background

2.151 The appointment and resignation of auditors for companies is governed by Division 6 of Part 2M.4 of the Corporations Act.

2.152 The directors of a public company must appoint an auditor within one month after the day the company is registered, unless an auditor was appointed at a general meeting (section 327A).

2.153 The directors of a proprietary company may appoint an auditor for the company if an auditor has not been appointed by the company in a general meeting (section 325).

2.154 A company must not appoint an auditor unless the auditor has consented to appointment by written notice to the company, or the directors of the company, before the appointment is made (section 328A).

Policy

2.155 The Auditor-General shall personally exercise his/her power under section 21 of the A-G Act to accept an appointment as auditor under the Corporations Act. This power shall not be delegated. The appointment shall be accepted in writing consistent with the requirements of the A-G Act.

2.156 Before recommending that the Auditor-General accept appointment as a company auditor under the Corporations Act, the Engagement Executive for the engagement shall ensure that the entity is captured by section 21 of the A-G Act.

2.157 When the audit of a company for which the Auditor-General is the appointed auditor under the Corporations Act ceases to be within the Auditor-General’s mandate, the Engagement Executive shall make the necessary arrangements to effect the Auditor-General’s resignation with effect at the time the mandate ceases. The Auditor-General’s resignation as appointed auditor shall be notified in writing, by the Auditor-General, consistent with the requirements of the Corporations Act.

2.158 If it is not possible for the resignation to take effect at the time the mandate ceases, the Engagement Executive shall advise the Auditor-General promptly and shall consider consulting with ANAO Legal Services as to the effect on the indemnity under section 55 of the A-G Act.

Guidance

The Auditor-General must accept and resign appointment

2.159 Proforma letters for the request to appoint (to be sent by the company) and for the Auditor-General’s consent to act are available in TeamStore.

Conditions for resignation

2.160 The Auditor-General may act as an auditor under the Corporations Act only while the audit is within the Auditor-General’s mandate. If the Auditor-General were to operate outside his/her mandate, the indemnity provided by section 55 of the A-G Act would not operate.

2.161 An audit may come to fall outside the Auditor-General’s mandate for many reasons, such as the Commonwealth selling the company to a private investor.

2.162 Should it appear not to be possible for the Auditor-General to resign as company auditor at the time of loss of mandate, legal advice may be needed to protect the indemnity under section 55 and the Engagement Executive should consult with ANAO Legal Services.

Processes for resignation

2.163 Subdivision B of Division 6 of Part 2M.4, of the Corporations Act, deals with removal and resignation of company auditors. Some provisions differ according to whether the company is a public or proprietary company. Sections 329(5) to (9) are especially relevant.

2.164 ASIC publishes Regulatory Guides (RGs) and other information relevant to the appointment and resignation of company auditors. RG 26 Resignation of auditors should be referred to.

2.165 Matters dealt with in legislation or in the RG include:

  1. the auditor stating reasons for resigning;
  2. the consent of ASIC to resignation;
  3. the date of effect of resignation, including at other than the company’s annual general meeting;
  4. the use of prescribed forms; and
  5. fees.

2.166 ASIC consent is not required for an auditor to resign from a proprietary company unless it holds an Australian Financial Services licence. For a proprietary company that does not hold such a licence, the auditor can resign by giving the company a notice of resignation. The company is then required to lodge a Form 315 Notification of resignation, removal or cessation of auditor (available from ASIC’s website) within 14 days after receiving the notice of resignation from the auditor.

Authority to charge fees

Policy

2.167 Fees for an ANAO engagement shall only be charged where legal authority to do so exists.

2.168 The Engagement Executive shall consider, at the time of first undertaking an engagement, whether authority exists for the ANAO to charge a fee. The authority for charging a fee shall be documented at that time.

2.169 Where the existence of authority to charge a fee is not clear, ANAO Legal Services shall be consulted.

Guidance

2.170 The ANAO may charge a fee for work that it is required to do by law only when the law expressly provides for a fee to be charged or it is implied necessarily that a fee may be charged.

Fee charging under the Auditor-General Act

2.171 Section 14(1) of the A-G Act provides that:

A person or body (other than a non-corporate Commonwealth entity) whose annual financial statements are audited as mentioned in section 11 of the A-G Act; or subsection 30(3) of the Governance of Australian Government Superannuation Schemes Act 2011; is liable to pay audit fees for the audit, based on a scale of fees determined by the Auditor-General.13

2.172 Section 14 provides authority for the ANAO to charge audit fees for auditing the financial statements of corporate Commonwealth entities and their subsidiaries and Commonwealth companies and their subsidiaries consistent with the PGPA Act.

2.173 There is no authority under the A-G Act for the ANAO to charge fees for performance auditing or for auditing the financial statements of: non-corporate Commonwealth entities; or a corporate Commonwealth entity that was an Agency under the Financial Management and Accountability Act 1997 as at 30 June 2014, consistent with the Public Governance, Performance and Accountability (Consequential and Transitional Provisions) Act 2014 Schedule 4, Part 2 section 57(2). However, there are a small number of Commonwealth entities which are audited under their own legislation rather than consistent with the PGPA Act. The authority to charge a fee for the audit of their financial statements rests with their particular legislation (see below).

2.174 Section 16(1) of the A-G Act provides authority for the ANAO to charge audit fees for annual performance statement audits of corporate Commonwealth entities consistent with the PGPA Act.

2.175 Subsection 20(1) of the A-G Act also provides for the ANAO to enter into audits or other services by arrangement. Fees may be charged in these cases.14 Refer to the policy on Audits and Audit Related Services by Arrangement, which notes that audits by arrangement are not Budget-funded and require the recovery of costs to be considered when entering into these arrangements.

Fee charging in other circumstances

2.176 There are some audits undertaken by the ANAO under legislation other than the PGPA Act.

3. Strategic planning

ANAO annual work program

Policy

3.1 Information to help with planning future audit coverage shall be collected on an ongoing basis in the course of conducting ANAO audits.

3.2 The responsible teams for each portfolio shall hold joint meetings to identify risks and determine the preferred way to address the risks in the ANAO’s Annual Audit Work Program.

Guidance

3.3 The Annual Audit Work Program is published annually in July and presents information on financial statement audits, performance statements audits, performance audits in progress, a rolling program of potential performance audits and assurance engagements for each government portfolio.15 The performance audit program also includes cross-entity and whole-of-system performance audits that involve some entities.

3.4 The ANAO’s Annual Audit Work Program is accessible on the ANAO’s website.

3.5 Information that can be useful to collect during an audit for strategic planning purposes includes:

  1. entity corporate documents such as Corporate Plans, Risk Management Plans, Internal Audit Programs, audit committee papers, annual reports and other publicly available reports;
  2. Joint Committee of Public Accounts and Audit and other parliamentary committee reports;
  3. Hansards, including of parliamentary debates, question time, parliamentary committee inquiries and Senate Estimates hearings;
  4. media reports, ministerial statements and entity press releases, newspaper and journal articles;
  5. external stakeholders, such as relevant peak bodies’ policy submissions; and
  6. Budget papers, including Portfolio Budget Statements.

3.6 Other sources of information include meetings with entities, between Service Groups and with the ANAO Executive.

4. Governance and leadership responsibilities for quality

Governance and leadership responsibilities for quality

Background

4.1 Consistent with ASQM 1 and ASA 220, the ANAO has established a system of quality management that promotes an internal culture that is committed to quality based on the recognition that quality in the delivery of the ANAO’s audit services is critical in supporting the integrity of our audit reports and maintaining the confidence of the Parliament and public sector entities.

Policy

4.2 The Auditor-General is ultimately responsible and accountable for the system of quality management in place for all assurance and related activities undertaken by the ANAO.

4.3 From an operational perspective, the Deputy Auditor-General is responsible for ensuring that the system of quality management satisfies the requirements of the ANAO Auditing Standards and is helped by the GEDs of PSRG, FSASG, PASG, PSASG and SADA and the COO with this role.

4.4 The PSRG GED is responsible for the design, implementation and operation of the QMF and for monitoring compliance with that Framework and reporting to the Executive and Audit Committee on the results of such monitoring activities. The design, implementation and operation of the QMF shall be informed by a risk assessment process to establish quality objectives, identify and assess quality risks and design and implement responses to address the quality risks. Professional judgment shall be exercised in designing, implementing and operating a QMF which is designed to meet ANAO quality objectives.

4.5 The PSRG GED is responsible for the audit methodology applied by the ANAO which supports compliance with the ANAO Auditing Standards. This includes the development of policies and procedures to support that audit methodology. The PSRG GED is responsible for compliance with independence requirements, including ANAO independence policies included in this Audit Manual and the approval of non-audit services. The PSRG GED reports directly to the Auditor-General on quality and audit methodology matters.

4.6 The FSASG, PASG, PSASG and SADA GEDs are responsible for the delivery of services to the required level of quality within their respective business units.

4.7 The FSASG, PASG and PSASG Engagement Executives and the SADA Executives are responsible for quality within their portfolio of audits and supporting the GEDs in the delivery and management of quality audit services. Engagement Executives are also responsible to collaborate and exchange information across service groups as appropriate and allowable under the Auditor-General Act.

4.8 The COO is responsible for the design, execution and maintenance of policies supporting the Quality Framework in respect of Human Resources, IT security and support, External Communications and Learning and Development.

4.9 The PSRG GED and COO are jointly responsible for the ANAO Academy.

4.10 The ANAO Quality Committee is responsible for monitoring the implementation of the ANAO quality framework and reporting to the Executive Board of Management (EBOM) on this implementation.

4.11 All ANAO staff shall demonstrate a commitment to quality through their actions and behaviours and have regard to the following definition of audit quality in the conduct of their work:

Audit quality is the provision of timely, accurate and relevant audits, performed independently consistent with the A-G Act, ANAO auditing standards and methodologies, which are valued by the Parliament. Delivering quality audits results in improved public sector performance through accountability and transparency.

4.12 The ANAO Integrity Advisor is responsible for matters associated with integrity. This includes increasing integrity awareness across the organisation, supporting the effective and ongoing application of the Integrity Framework, and annual reporting to EBOM on actions taken under the framework.

Guidance

4.13 The Auditor-General assigns responsibility for quality of audit delivery to the FSASG GED, PASG GEDs, PSASG GED and SADA GED. To meet this responsibility FSASG, PASG, PSASG and SADA need to manage their audits and business so that all FSASG, PASG, PSASG and SADA staff appreciate that:

  1. all team members are expected to maintain a high level of quality in all assigned tasks;
  2. quality will not be compromised by budgetary or timing considerations on assignments;
  3. ANAO policies need to be consistently followed by all team members;
  4. team members’ annual performance reviews consider performance against the ANAO Capability Framework which includes the capabilities off Trusted Expertise and Rigorous Analysis and Sound Judgement that demonstrate commitments to quality (including training);
  5. training, and attendance at appropriate training, is recognised as a key component to ensuring quality is maintained; and
  6. sufficient resources will be devoted for the support and execution of quality management policies and procedures.
Promoting an internal culture committed to quality

4.14 The ANAO’s culture is an important factor in influencing the behaviour of personnel. Relevant ethical requirements ordinarily establish the principles of professional ethics, and are further addressed in the relevant ethical requirements component of ASQM 1 and chapter 5 of the ANAO Audit Manual. Professional values and attitudes include:

  1. Professional manner, for example, timeliness, courteousness, respect, accountability, responsiveness and dependability;
  2. A commitment to teamwork;
  3. Maintaining an open mind to new ideas or different perspectives in the professional environment;
  4. Pursuit of excellence;
  5. A commitment to continual improvement (e.g., setting expectations beyond the minimum requirements and placing a focus on continual learning, including learning from findings raised through the Quality Assurance Review Program16); and
  6. Social responsibility.

4.15 The ANAO’s leadership establishes tone at the top through their actions and behaviour. Additionally, clear, consistent and frequent actions and communications at all levels within the ANAO collectively contribute to the ANAO’s culture and demonstrates a commitment to quality. The importance of quality is communicated regularly through ANAO town hall meetings, the Auditor-General’s monthly messages, service group all staff meetings and technical updates. The responsibility of all personal for quality is recognised and reinforced by the incorporation of quality into individual performance agreements, discussion and assessment.

4.16 The ANAO’s strategic decision-making process, including the establishment of a corporate strategy, and its financial and operational priorities may directly or indirectly affect its commitment to quality. Additionally, the ANAO’s leadership seeks to ensure that resources are obtained, allocated and assigned in a manner that is consistent with their commitment to quality. This includes:

  1. Allocating resources that are prioritised by the nature and circumstances of the audit, including the engagement risk rating and need for experienced audit staff; and
  2. an assignment of a volume of work to Engagement Executives and Audit Managers which will not adversely affect the quality of work performed.

4.17 The ANAO Academy supports the ANAO Workforce Plan 2022–25. The ANAO Workforce Plan outlines how the ANAO will attract, develop and retain the capability of its workforce, to ensure that it is suitably skilled to deliver on its purpose to Parliament. It includes a considered and comprehensive approach to professional development. The ANAO Academy is the ANAO’s hub for professional learning, bringing together high-quality systems, programs and tools for an integrated learning experience.

5. Professional, ethical and independence requirements

Professional ethical and independence requirements

Background

5.1 The ANAO Auditing Standards incorporate ASQM117 and ASA 102.18 ASQM 1 requires the ANAO to establish policies and procedures designed to provide reasonable assurance that the ANAO and its personnel fulfil responsibilities in accordance with relevant ethical requirements, including those related to independence. Relevant ethical requirements is defined in ASA 102 paragraph 5(e) and includes the applicable requirements of APES 110 Code of Ethics for Professional Accountants (including Independence Standards) issued by the APESB, the applicable provisions of the Corporations Act 200119 and other applicable law or regulation.

5.2 The application of ASQM 1 in the context of the ANAO is that the ANAO is a ‘firm’ that performs audits and reviews of financial statements and other historical financial information and other assurance engagements. The requirements of ASQM 1 are firm-wide and all ANAO audit staff and contractors are required to comply with the relevant ethical requirements. ASA 102 applies to the ANAO as an office and applies to an audit or review of a financial report or complete set of financial statements, an audit or review of other information and other assurance engagements. ASAE 3000, ASAE 3100 and ASAE 3500 also require compliance with relevant ethical requirements set out in ASA 102.

5.3 The Auditor-General is an independent officer of the Parliament. As an independent officer of the Parliament and subject to the law, the Auditor-General has complete discretion in the performance or exercise of the functions or powers. In exercising the mandated and discretionary functions and powers, the Auditor-General is not subject to direction from anyone in relation to:

  1. whether a particular audit is to be conducted;
  2. the way a particular audit is to be conducted; or
  3. the priority to be given to any particular matter.20

The Auditor-General Act 1997 includes provisions defining the scope of an Auditor-General’s mandate, the appointment and removal of an Auditor-General and the performance of his or her responsibilities.

Policy

5.4 The requirements of APES 110 and ASQM 1 apply to assurance work conducted, and information reports work conducted, by the ANAO, except to the extent that these requirements conflict with legislative requirements, including the Auditor-General’s mandate and responsibilities.

5.5 If a possible conflict between the requirements of APES 110 or ASQM 1 and relevant legislation is identified, the matter shall be referred to the responsible GED and the PSRG GED.

5.6 The Auditor-General, Deputy Auditor-General, ANAO staff, in-house contractors and contract out auditors21 undertaking audit and other engagements and other auditee-related activities22 shall understand and fulfill their responsibilities to comply with relevant ethical requirements including the independence requirements in APES 110 and any relevant legislation, including the Corporations Act 2001 when applicable to the engagement.

5.7 Independence shall be maintained during both the engagement period and the period covered by the financial statements, performance audit report, performance statements or the subject matter information.23

5.8 Except for the circumstances in paragraphs 5.9 and 5.10 discussed below, the Auditor-General, Deputy Auditor-General, ANAO audit staff and in-house audit contractors shall complete a declaration of independence prior to participating in an audit, review, other assurance engagement or information report. The declaration of independence shall be saved in the audit file and reviewed by the responsible Engagement Executive in the audit file.

5.9 Where ANAO staff or in-house contractors conduct an audit-related project without participating in an engagement, the relevant GED may approve that ANAO staff or in-house contractors complete a declaration of independence for the audit-related project that covers all auditees related to the project. If approved, the ANAO staff or in-house contractors shall complete an audit-related project declaration of independence that covers all auditees related to the project and provide it to the GED responsible for the project. Independence documentation related to this audit-related project is to be held in the project records. Audit-related projects under this paragraph may include data analytics tool design, NUIX champion assistance and peer review programs.

5.10 PSRG staff and in-house PSRG contractors shall complete an Individual Declaration of Independence that covers all ANAO auditees and provide it to the GED PSRG on commencement and on an annual basis thereafter. PSRG independence documentation is to be held in PSRG records.

5.11 ANAO staff and in-house contractors shall declare any actual or perceived threat to the responsible Engagement Executive for audits, reviews and other engagements, or to the GED responsible for audit-related projects, or PSRG GED for PSRG staff, without delay. An independence threat involving an Engagement Executive is to be declared to the responsible FSASG, PASG, PSASG, PSRG or SADA GED. A threat involving a GED is to be declared to the Deputy Auditor-General.

5.12 The person to whom a threat is declared under paragraph 5.11 shall evaluate whether the threat is at an acceptable level.24 Any actual or perceived threat to independence that is not at an acceptable level must be eliminated or safeguards applied to reduce the threat to an acceptable level. Where an ANAO staff member or in-house contractor declares a threat to independence that is not at an acceptable level, an Independence Resolution Memorandum shall be prepared by the person to whom the threat is declared that details the threat and how the threat is to be reduced to an acceptable level. The Independence Resolution Memorandum is to be saved in the relevant audit file, project records or PSRG records. Where an ANAO staff member or in-house contractor declares a threat to independence that is evaluated as being at an acceptable level, the evaluation shall be documented and saved in the relevant audit file, project records or PSRG records.

5.13 Situations where a threat cannot be reduced to an acceptable level must not be entered into or allowed to continue. If a threat creates a conflict with the ANAO’s legislative mandate, the mandate prevails but the threat should be reduced where possible to the extent practicable and the matter referred to the responsible GED and the PSRG GED.

5.14 Suspected or actual contraventions of the independence requirements of legislation, APES 110 or ANAO independence policies must be reported without delay to the responsible GED and the PSRG GED. Action must be taken to eliminate the cause and to address the consequences of the contravention and, if applicable, in accordance with the requirements of the legislation.25

5.15 APES 110 sets rotation requirements for financial statements audits of Public Interest Entities (PIEs) including “time-on” and “cooling-off” periods for the Engagement Executive, Engagement Quality Reviewer (EQR) and a Key Audit Person,26 including when a person performs a combination of roles across cumulative years. The FSASG SED responsible for resourcing shall consult with PSRG when allocating key audit persons on the financial statements audits of PIEs to ensure allocation and rotation is in compliance with APES 110.

5.16 For financial statements audits of non-PIE auditees, the ANAO sets a cumulative “time-on” period for a Key Audit Person as five years and the “cooling-off” period as two years. Unless prohibited by legislation,27 the responsible GED may approve an involvement up to a total of seven years if the threat to independence is at, or can be reduced to, an acceptable level. A decision in respect of a GED shall be made by the Deputy Auditor-General. In particular circumstances, the Auditor-General or Deputy Auditor-General may approve an involvement beyond seven years.

5.17 Familiarity threats from long association may arise in all ANAO audits and other assurance engagements. ANAO staff members and in-house contractors shall consider if a familiarity threat arises when completing their declaration of independence if they are involved in an engagement of a recurring nature greater than five years.

5.18 An ANAO staff member, in-house contractor or contract out auditor shall, without delay, notify the Engagement Executive for the audit should they apply for employment with an auditee they are assigned to the audit team of. If the ANAO staff member, in-house contractor or contract out auditor is a key person on the audit and the position involved is that of director or officer, or a position with significant influence over the subject matter or information of the audit, the person shall notify the Deputy Auditor-General without delay. This policy requirement also applies if the proposed engagement with the auditee is other than by employment (e.g. by joining a firm that contracts to the auditee).

5.19 An ANAO staff member, in-house contractor or contract out auditor shall not be a member of a selection advisory committee for a vacant senior management position in the auditee they are assigned to.

5.20 An ANAO staff member, in-house contractor or contract out auditor shall not take part in the conduct of a quality assurance review where the staff member in-house contractor or contract out auditor was a member of the audit team.28

5.21 For audits or reviews under the Corporations Act 2001, an Independence Declaration in the prescribed form must be provided to the company’s directors in accordance with section 307C of the Corporations Act 2001.

5.22 Suspected or actual contraventions of the independence requirements of legislation, APES 110 or other requirements of this policy chapter must be reported without delay to the responsible GED. Action must be taken to eliminate the cause and to address the consequences of the contravention and, if applicable, in accordance with the requirements of the legislation.

5.23 Prior to a FSASG or PSASG auditor’s report being signed, or a PASG auditor’s report being submitted to the ANAO Executive for final approval, the Engagement Executive shall confirm in writing that the audit has complied with the ANAO’s independence policies.29 Where a contracted firm performs an audit, the Engagement Executive shall obtain confirmation in writing from the firm that the firm has complied with the independence requirements of applicable legislation, ANAO policies and APES 110. Independence confirmations are to be saved on the audit file.

Guidance

5.24 Refer to the ANAO Internal Application Guidance document for further guidance on the application of the requirements set in this policy and APES 110.

5.25 The fundamental principles of professional ethics in APES 110 are:

  1. integrity;
  2. objectivity;
  3. professional competence and due care;
  4. confidentiality; and
  5. professional behaviour.

The concept of Independence is fundamental to compliance with the principles of integrity and objectivity.

5.26 It is also important to note that the ANAO, on occasion, may impose requirements that go beyond the requirements of APES 110; for example, the ANAO may take a stricter line on the provision of other services by audit contractors to an ANAO auditee on which the contractor is engaged or to the requirements regarding employment with an auditee. Refer to Provision of other services by ANAO contractors to ANAO auditees for policy requirements, beginning at paragraph 5.37 below.

5.27 Part 4A of APES 110 sets out the independence requirements applicable to audit and review engagements related to historical financial information, which typically covers the audits and other assurance engagements undertaken by FSASG. Part 4B of APES 110 sets out the independence requirements for assurance engagements that are not audits and review engagements of historical financial information, which includes performance audits, performance statements audits and other assurance engagements.

5.28 In the ANAO context, threats to independence are more likely to arise through employment and personal relationships, through familiarity with ANAO auditees and its employees and sometimes through financial and business or commercial relationships. ANAO staff should refer to the following APES 110 requirements when considering threats to independence:

Potential threats to Independence

APES 110 references in Part 4A

APES 110 references in Part 4B

Family and personal relationships

Section 521

Section 921

Recent service with an auditee

Section 522

Section 922

Employment with an auditee

Section 524

Section 924

Temporary personnel assignments to auditees (secondments)

Section 525

-

Long association of personnel (including rotation) with an auditee

Section 540

Section 940

Financial interests

Section 510

Section 910

Business relationships

Section 520

Section 920

     

5.29 The ethical requirements of APES 110 apply in addition to the ethical requirements that apply to ANAO staff as members of the Office and as Commonwealth public servants. ANAO staff are bound by the ANAO Values and Behaviours and the Australian Public Service (APS) Values and Code of Conduct made under the Public Service Act 1999. ANAO staff are also bound by the General Duties of Officials under Chapter 2, Part 2-2, Division 3 of the PGPA Act.

5.30 In addition to the requirements of this policy, ANAO Senior Executives and others determined by the Auditor-General to have similar decision-making responsibilities, including staff with financial statement audit delegations, are required to comply with the ANAO’s Declaration of Personal Interests Policy.30

5.31 Where a conflict arises, the Auditor-General Act 1997 takes precedence and a departure from a provision of APES 110 may be necessary to enable the Auditor-General to perform mandated functions. A departure from the independence requirements of APES 110 may impact the assertions which the ANAO make of compliance with the independence requirements of the ANAO Auditing Standards.

5.32 The policy on rotation of key audit persons in paragraphs 5.15 and 5.16 does not apply where it conflicts with the Auditor-General’s mandate. Accordingly, it does not apply to the Auditor-General (a statutory 10-year appointment) or, in respect of the audit of the Commonwealth’s Consolidated Financial Statements (CFS), it cannot be applied to the Engagement Executives in FSASG as a group. It is, however, a requirement to rotate the individual Engagement Executives for the audit of CFS and other financial statements audits, except where the Auditor-General or Deputy Auditor-General determines that an exception to the policy is needed to enable the performance of the Auditor-General’s responsibilities. The rotation policy is not intended to prevent the FSASG GED from participating in the Qualifications and Technical Advisory Committee (QTAC) or from acting as a “sounding board” or formal consultation point for any audit.

5.33 An individual’s “time on” period resets to zero only once they have completed the required “cooling off” period, which must be continuous: shorter gaps in service do not affect the “time on” counter. The specified lengths of the “time on” and “cooling off” periods depend on the type of entity being audited, and the role(s) undertaken by the individual during their “time on” period.

5.34 Audits conducted under legislation other than the PGPA Act may be subject to independence requirements particular to that legislation, such as those conducted under the Corporations Act 2001 or Superannuation legislation. Auditors should be familiar with and ensure they comply with those requirements.

5.35 In respect of companies incorporated under the Corporations Act 2001, section 307C(1) requires the auditors of financial reports to provide an Independence Declaration to the Directors of the company. Guidance on this requirement including the declarations made, the timing of the issue of the declaration and a proforma declaration is available in TeamStore and the ANAO contractor extranet page.

5.36 Legal advice may be necessary if situations arise where the requirements of the Corporations Act 2001 or other specific legislation appear to conflict with the Auditor-General’s mandate.

Provision of other services by ANAO contractors to ANAO auditees

5.37 This policy applies to individuals or firms contracted by the ANAO to provide external audit services as an in-house contractor or undertake a contract out audit. It applies when a potential ANAO audit contractor tenders for an ANAO audit, and also when an existing ANAO audit contractor wishes to provide other services to an ANAO auditee.

5.38 ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements requires compliance with relevant ethical requirements when performing audits, reviews and other assurance engagements, which is defined and includes APES 110 Code of Ethics for Professional Accountants (including Independence Standards).

5.39 APES 110 applies to all ANAO engagements except to the extent, if any, of a conflict between APES 110 and legislative requirements.

5.40 ANAO engagements may be subject to independence requirements in legislation (e.g. the Corporations Act has requirements in addition to mandating compliance with APES 110). Compliance with APES 110 is not a substitute for compliance with legislation, and the audit teams should refer to such legislation to determine any further obligations.

5.41 An important part of independence requirements involves consideration of the provision by an auditor of other services to an auditee.31 While the ANAO itself does not provide other non- assurance services to its auditees, firms or individuals contracting to the ANAO may seek to do so.

Policy

Application

5.42 This policy shall apply to tenderers for ANAO audit work and existing contractors engaged to perform ANAO audit work.

5.43 The requirements of this policy shall be made available to actual and prospective audit contractors.

Approach

5.44 Subject to applicable legislation and the other requirements of ANAO policy, the conceptual approach to resolving threats to independence in APES 110 shall be applied to:

  1. identify threats to independence;
  2. evaluate the significance of the threats identified; and
  3. apply safeguards, when necessary, to eliminate the threats or reduce them to an acceptable level.

5.45 In some circumstances, a threat may be so significant that no safeguard can reduce it to an acceptable level and the other service shall be refused or the contract not awarded.

Prohibited services – where a financial statement audit is conducted

5.46 In addition to the other services expressly prohibited by APES 110, the following services are not permitted:

  1. taxation advice of a strategic or tax planning nature;
  2. accounting and bookkeeping services, or preparing financial statements, on which the auditor will express an opinion or financial information which forms the basis of the financial statements, except for compilation engagements where no accounting or management functions are performed by the ANAO;32 and
  3. Internal audit services involving the contractor personnel assuming a management responsibility, or that relate to internal controls over financial reporting, financial accounting systems or the financial statements.
Prohibited services – where a performance audit is conducted

5.47 In addition to the other services expressly prohibited by APES 110, the contractor firm or a network firm33 is not permitted to provide consultancy services, including the provision of professional or technical advice, which relates to the criteria and recommendations of the performance audit.

Request by existing contractors and tenderers to provide other services

5.48 ANAO contracts with audit contractors shall provide that no other services may be tendered for or provided by the contractor to the ANAO auditee during the period of the audit engagement without the express agreement in writing of the ANAO.

5.49 Tenderers for ANAO contracts shall disclose all services previously and currently provided to the ANAO auditee when submitting their tender or request for quote. The tender evaluation team shall evaluate whether services previously provided are prohibited services or services that create a threat to independence that cannot be safeguarded against. If services currently provided to the ANAO auditee exceed the proposed contract fee the services must be approved by the PSRG GED. Any additional services requested by the auditee for which the contractor is tendering for audit services between submitting the tender and being contracted by the ANAO shall be approved following the processes in paragraphs 5.50-5.55.

5.50 Requests to provide other services shall be supported by formal documentation providing detail of the other services, associated fees and a description of the procedures for monitoring conflict management. This documentation is to be prepared or endorsed by the audit contractor’s independence panel or independence partner.

5.51 The contractor shall bring the proposed request to the attention of the Chair of the auditee’s Audit Committee for advice as to any conflict of interest perceived by the Committee. The view of the Audit Committee Chair shall be included in the proposed request to the ANAO.

5.52 The Engagement Executive for an audit shall ensure the following information is documented34 about any proposal for the provision of other services by an ANAO audit contractor with the ANAO auditee:

  1. other services proposed;
  2. nature of the threat posed by the proposal;
  3. safeguards considered to reduce the threat to an acceptable level;
  4. decision whether the threat can be reduced to an acceptable level;
  5. consultation undertaken in reaching decision;
  6. anticipated fee;
  7. ANAO contract-out audit fee over existing or proposed contract term;
  8. other services previously approved over the existing or proposed ANAO contract-out audit term, including the total fee of approved other services; and
  9. description of procedures for monitoring conflict management.

5.53 Where consultation is undertaken, this information shall be provided to those consulted.

5.54 The Engagement Executive for the audit shall review the proposals for other services and provide a documented assessment with a recommendation to the Group Executive Director (GED) of PSRG for approval.

5.55 The PSRG GED approval is valid for the term specified in the approval document. For other services approved on a recurring basis, the contractor must notify the ANAO of any increase in fee on an annual basis. If the nature, timing or extent of other services is extended beyond the approved services, reapproval from the PSRG GED is required.

5.56 In respect of contracted-out audits or parts thereof, before the signing of the auditor’s report on which a contractor has been engaged, the Engagement Executive for the audit shall obtain the following from the audit contractor in the Contractor’s Representation Letter:

  1. a complete listing of other services provided, to be provided or currently being tendered for by the contractor from the beginning of the period under audit;
  2. the remuneration paid or payable for those services;
  3. a declaration that the contractor has not entered into arrangements for, or provided, other services without the prior written approval of the ANAO; and
  4. a declaration that the contractor has met the independence requirements of applicable legislation, APES 110 and ANAO policy, and that their independence has not otherwise been impaired.
Reporting

5.57 The PSRG GED shall report annually to the Executive Board of Management (EBOM):

  1. the nature and amount of each type of other services provided by audit contractors to each affected ANAO auditee;
  2. the amount of the fees paid or payable by the ANAO auditee to the contractor under each engagement; and
  3. the total fees paid or payable by the ANAO to the contractor.
Reporting to the auditee’s audit committee

5.58 The Engagement Executive shall disclose to the auditee’s Audit Committee at least annually the nature of the other services provided by the contractor to the auditee and the fees paid or payable to the contractor for those services.

Guidance

5.59 As part of the tender process for prospective contractors, the contractor is required to declare any conflicts of interest and any other services that they are providing to auditees. The tender evaluation team is responsible for evaluating if the conflicts of interest and any other services create threats to independence that cannot be safeguarded against and the prospective contractor should not be awarded the contract. Consultation with PSRG may be necessary in the evaluation process to ensure that the ANAO independence policies and requirements of APES 110 are considered.

Approach

5.60 APES 110 categorises threats to independence as follows:

  1. self-interest threat – the threat that a financial or other interest will inappropriately influence the audit contractors (and ANAO staff) judgement or behaviour;
  2. self-review threat – the threat that audit contractors (and ANAO staff) will not appropriately evaluate the results of a previous judgement made, or an activity performed by the audit contractors (and ANAO staff) or another individual within the firm (or employing organisation) on which the audit contractors (and ANAO staff) will rely when forming a judgement as part of providing a current activity;
  3. advocacy threat – the threat that audit contractors (and ANAO staff) will promote an auditee’s or employer’s position to the point that the audit contractors (and ANAO staff) objectivity is compromised;
  4. familiarity threat – the threat that due to a long or close relationship with an auditee or employer, audit contractors (and ANAO staff) will be too sympathetic to their interests or too accepting of their work; and
  5. intimidation threat – the threat that audit contractors (and ANAO staff) will be deterred from acting objectively because of actual or perceived pressures, including attempts to exercise undue influence over the audit contractors (and ANAO staff).
Non-assurance services considered in APES 110

5.61 APES 110 considers the provision of non-assurance services to auditees in the following types:

  1. management responsibilities;
  2. accounting and bookkeeping services;
  3. administrative services;
  4. valuation services;
  5. taxation services;
  6. internal audit services;
  7. information technology (IT) systems services;
  8. litigation support services;
  9. legal services;
  10. recruiting services; and
  11. corporate finance services.
Non-assurance services prohibited by APES 110

5.62 There are some non-assurance services identified in APES 110 that shall not be provided as the threats created would be so significant that no safeguards could reduce the threats to an acceptable level. APES 110 prohibits a firm or network firm from providing the following services to any auditee:

  1. assuming a management responsibility;
  2. valuation services if the valuation involves a significant degree of subjectivity and will have a material effect on the financial statements;
  3. tax planning and other tax advisory services advice where the effectiveness of the advice depends on a particular accounting treatment or presentation in the financial statements and:
    1. the audit team has reasonable doubt over the appropriateness of the accounting treatment or presentation; and
    2. the outcome or consequences of the tax advice will have a material effect on the financial statements.
  4. a taxation service involving acting as an advocate for the auditee before a public tribunal or court in the resolution of a tax matter and the amounts involved are material to the financial statements;
  5. acting in an advocacy role for an auditee in resolving a dispute or litigation when the amounts involved are material to the financial statements;
  6. IT systems services involving the design or implementation of IT systems that (a) form a significant part of the internal controls over financial reporting, or (b) generate information that is significant to the auditee’s accounting records or financial statements, unless appropriate policies and procedures are in place to ensure that the client retains management responsibility;
  7. the appointment of a Partner or an employee of the firm or network firm as General Counsel for the legal affairs of an Audit Client;35
  8. corporate financial services that involve promoting, dealing in, or underwriting the auditee’s shares;
  9. corporate finance advice where the effectiveness of that advice depends on a particular accounting treatment or presentation in the financial statements and:
    1. the audit team has reasonable doubt over the appropriateness of the accounting treatment or presentation; and
    2. the outcome or consequences of the tax advice will have a material effect on the financial statements; and
  10. the following recruiting services with respect to a Director or Officer in the Audit Client or senior management in a position to exert significant influence over the preparation of the accounting records or the financial statements:
    1. searching for or seeking out candidates; and
    2. undertaking reference checks of prospective candidates.

5.63 For auditees that are public interest entities (PIEs), in addition to those listed above, the following services should not be provided:

  1. valuation services that would have a material effect, separately or in aggregate, on the financial statements;
  2. internal audit services that (a) would be a significant part of the internal controls over financial reporting; (b) financial accounting systems that generate information that is, individually or in the aggregate, material to the auditee’s accounting records or financial statements on which the auditee will express an opinion; or (c) amounts or disclosures that are, individually or in the aggregate, material to the financial statements on which the auditee will express an opinion;
  3. preparation of tax calculations of current and deferred tax liabilities (as assets) for the purpose of preparing accounting entries that are material to the financial statements; and
  4. IT systems services involving the design or implementation of IT statements that (a) form a significant part of the internal controls over financial reporting or (b) generate information that is significant to the auditee’s accounting records or financial statements.
Other services

5.64 For services other than those prohibited by APES 110 or ANAO policy, the threat created by the provision of another service may be able to be reduced to an acceptable level by applying safeguards including:

  1. arranging for other services to be performed by an individual who is not a member of the audit team; and
  2. if such services are performed by a member of the audit team, using a partner or senior staff member with appropriate expertise who is not a member of the audit team to review the work performed.

5.65 APES 110 provide examples of safeguards that may eliminate or reduce threats to an acceptable level, such as:

  1. using different partners and engagement teams with separate reporting lines for the provision of non-assurance services to the ANAO auditee;
  2. discussing ethical issues with those charged with governance, such as the audit committee;
  3. disclosing to those charged with governance, such as the audit committee, the nature of services provided and extent of fees charged;
  4. rotating senior assurance team personnel;
  5. the ANAO auditee implementing internal procedures that ensure objective choices in commissioning non-assurance engagements; and
  6. the ANAO auditee’s corporate governance structure that provides appropriate oversight and communications regarding the contractor’s services.

5.66 In addition to the examples in APES 110 Part 4A, ANAO auditors should consider the threat posed and appropriate safeguards where a contractor provides services relating to fundamental aspects of the entity’s business and strategic planning, including information technology and the provision of services, such as actuarial evaluations.

5.67 While taxation advice of a strategic or tax planning nature is not permitted by ANAO policy, tax services of a compliance nature are not automatically excluded.

5.68 Dialogue regarding the application of accounting standards or policies that does not constitute advice is considered to be a normal part of the audit process and does not generally create threats to independence.

Fee considerations

5.69 The ANAO needs to consider the perception of independence where the proposed value of other services performed and requested to be performed by the contractor exceeds the value of the ANAO contract. The objectivity of the contractor may be impaired if they are dependent on the auditee for other services income as concern about losing the other services can create a self-interest or intimidation threat, particularly when that income is greater than the value of the ANAO audit contract.

5.70 A significant threat to contractor independence may arise where, over the period of a proposed or existing ANAO contract, the value of other services provided or to be provided by the ANAO contractor to the ANAO auditee would exceed the value of the ANAO contract to the contractor.

5.71 For a proposed contract, the tender evaluation team and, for an existing contract, the Engagement Executive, are required to seek approval from the PSRG GED where the fees for proposed or existing other services exceeds the audit fee. The fee parity policy requires consideration of the fees over the life of the audit contract. This may allow some flexibility to approve ‘one-off’ other services that exceed the audit fee in a single year, provided that the value of the total contract is not exceeded.

5.72 If the fee for other services is a contingent fee, this may create a self-interest threat that APES 110 requires to be evaluated and safeguards applied to eliminate the threat or reduce it to an acceptable level (refer to APES 110 paragraphs 330.4 A2 to 330.4 A4 for further guidance on contingent fees).

Network firms

5.73 Network firms are required to be independent of the contractor’s auditee. A Network is defined in APES 110 as ‘a larger structure that is aimed at co-operation; and that is clearly aimed at profit or cost sharing or shares common ownership, control or management, common quality management policies and procedures, common business strategy, the use of a common brand-name, or a significant part of professional resources.’

5.74 Requests to provide other services by ANAO contractors should include relevant information in respect of their network firms.

6. Resources

Human resources - Assignment of engagement teams and individuals who perform activities within the system of quality management

Background

6.1 Under ASA 220, ASQM 1 and ASAE 3500, the ANAO is required to have policies and procedures to assign appropriate personnel to assurance engagements to enable the ANAO to issue reports that are appropriate in the circumstances. ASQM 1 also includes an objective to ensure that individuals are assigned to perform activities within the system of quality management who have appropriate competence and capabilities, including sufficient time, to perform such activities, that include individuals within PSRG and CMG.

Policy

6.2 The GED or the GED’s nominee shall allocate Engagement Executives, audit managers and other engagement team members to assurance engagements, taking into account the appropriate skill level and their capability, competence and time available to consistently perform quality engagements.

6.3 The GEDs and COO shall assign individuals to perform activities within the system of quality management taking into account the appropriate skill level and their capability, competence and time available to perform such activities. Any concerns regarding allocations are to be raised immediately with the responsible GED or the COO.

6.4 The Engagement Executive and audit manager shall assess and document, for each engagement, the need to get specialist skills, including engaging Systems Assurance and Data Analytics (SADA).

6.5 For engagements where it has been determined that SADA will be involved, the GED SADA or the Executive Director SADA shall be the SADA Executive, unless an alternative person is approved by the GED SADA to fulfil the SADA Executive role. An alternative person will only be able to fulfil the SADA Executive role for low or moderate risk engagements.

6.6 The Engagement Executive shall monitor the allocation of personnel to engagements throughout the audit. Any concerns are to be raised immediately with the responsible GED.

Guidance

Assignment of engagement teams

6.7 The FSASG Resourcing Officer provides a draft allocation to the FSASG SES for review and discussion before the beginning of each audit cycle. This process is necessary to ensure that personnel are matched to jobs which meet their capabilities in the appropriate numbers.

6.8 The PASG Practice Manager allocates audit team members to audits following appropriate consultation to ensure the most efficient use of capability across the service group.

6.9 The PSASG Business Manager allocates audit team members to audits following consultation and approval with PSASG SES before the beginning of each audit cycle. This process is necessary to ensure continuity across audits and that personnel are matched to jobs which meet their capabilities in the appropriate numbers.

6.10 When allocating personnel to engagements with the potential to uncover challenging content, the HR Team should be consulted to arrange additional support for audit team members.

Engaging SADA

6.11 The extent of SADA involvement in any audit engagement can vary significantly. Therefore, engagement with SADA is a highly consultative process. Audit Managers and SADA Managers need to consult with each other during both the planning and execution phases of the audit.

6.12 The Engagement Executive and Audit Manager should assess the following factors when determining whether to engage SADA:

  1. the client has a moderate or high complexity IT environment;
  2. audit procedures over IT General controls or applications are required to get sufficient appropriate evidence, or in the most efficient manner;
  3. possible risks arise from information that is processed using significant processing systems;
  4. the audit identified for the current period or for prior periods that it may not be possible or practicable to get sufficient appropriate evidence from substantive procedures alone;
  5. the audit team is planning to rely on system-generated reports to complete audit testing; and
  6. the client has undertaken, or is planning to undertake, a major change to the IT environment.
Managing and Responding to Threats

6.13 Staff who receive threats of self-harm or suicide from a person, threats to others or threats to property either during the course of an engagement or outside the course of an engagement should consult their supervisor. Advice and support should also be sought from the appropriate CMG team.

Assignment of individuals who perform activities within the system of quality management

6.14 Activities within the system of quality management are assigned to individuals in all business groups of the ANAO, including PSRG and CMG, such as:

  1. People services, including supporting recruitment, workforce planning, learning and development and performance management;
  2. Information services, ensuring that appropriate technological resources are developed, implemented and maintained to enable the ANAO Quality Management Framework and performance of engagements;
  3. Practice management, supporting the processes and procedures that implement the ANAO audit manual policies and identification of need for contracted resources;
  4. PSRG activities including audit methodology support, technical training, technical accounting, audit or legal advice, monitoring activities and development of audit policies.

Continuing professional development

Background

6.15 Under ASQM 1, the ANAO ‘shall establish policies and procedures designed to provide it with reasonable assurance that it has sufficient personnel with the competence, capabilities, and commitment to ethical principles necessary to:

  1. perform engagements consistent with AUASB Standards, relevant ethical requirements, and applicable legal and regulatory requirements; and
  2. enable the firm or engagement partners to issue reports that are appropriate in the circumstances’ (paragraph 29).

Policy

6.16 All staff shall complete a minimum of 20 hours of professional development per financial year.

6.17 All audit staff are expected to fulfil the professional development requirements of the professional bodies of which they are members.

Guidance

6.18 Competence is developed through a variety of methods such as continuing professional development, including training. Continuing professional development is an essential means of staff maintaining their knowledge and capabilities.

6.19 Technical training can be in the form of formal presentations, such as technical updates, conferences, e-learning or time spent in preparation of presentations of technical training. Typically, Continuing Professional Development (CPD) hours for the preparation of technical training equals three hours per one hour of presented material, e.g. a two hour presentation equals six hours of eligible preparation CPD hours. Table 1 outlines activities that are recognised as qualifying professional development activities (adapted from CAANZ Regulations). This can be used by all staff as a guide for professional development activities that are acceptable under ANAO policy, provided they relate directly to relevant auditing, accounting or Australian Government legal frameworks.

Table 1 – Activities which will be recognised as qualifying for formal Training and Development include the following:

As a guide, formal CPD would normally include the following activities:

(a)

Congresses, Business Forums and conventions presented by a professional accounting body;

(b)

Courses, seminars, workshops, lectures and other professional educational activities presented by a professional body (1 hour or more).

(c)

Meetings of professional body technical discussion groups (1 hour or more). Formal meetings of professional body discussion groups which provide a structured forum for exchange of technical information relevant to individual and Affiliate Members with a common interest;

(d)

“In-house” courses, or similar activity provided or arranged by the ANAO related to the development, maintenance or expansion of professional competence. Training involving purely administrative tasks of a non-professional nature such as completing employer time sheets would not count towards CPD;

(e)

Tertiary courses presented by educational institutions. Courses conducted by tertiary institutions leading to a Degree, Diploma, or Post Graduate qualification. Contact time (lectures, exams and tutorials) may be claimed, as well as time spent in the research and writing of essays;

(f)

Appropriate educational and developmental activities presented under the auspices of academic institutions, commercial establishments or other professional bodies (1 hour or more). Extramural courses presented by tertiary institutions, seminars, courses, lectures, residential schools, conventions or other technical activities presented independently or jointly by tertiary institutions, commercial educational establishments or professional bodies;

(g)

Researching and writing technical publications, preparation and delivery of technical papers. Actual time engaged in researching material and writing technical publications may be claimed, whether the final product is in the form of a text book, an article in a professional journal or the presentation of an address. This should not include time devoted to layout, artwork, design or similar issues.

Time spent in preparation and presentation of lectures, courses and seminars and at workshops and discussion groups, may be claimed except for repeats of presentations which are substantially similar in form and content. The preparation and presentation of an address on a topic relevant to the auditing profession may also be claimed. As a guide, three hours preparation may be claimed for each presentation hour, although this will obviously vary according to the complexity of the subject matter and the presenter’s familiarity with the topic;

(h)

Service on technical or research committees under the auspices of professional bodies or organisations. Membership of technical or research committees or study groups where objectives are defined and specific contributions required of individual members, usually involving both independent and collective study, review and analysis of designed material. For instance, Boards and Committees of the Australian or international standard-setting bodies; government sponsored advisory panels required to submit recommendations on issues about accountancy or finance; or course advisory committees created by educational institutions;

(i)

Programmed self-study through a third party provider, including self-study video or audio packages. Structured study programs designed for the individual which may or may not involve interaction with tutors or other individuals and may or may not include assignments, exercises or tests, whether these are submitted for assessment. Structured self-study courses may include several learning media or distance learning aids, e.g. notes combined with audio or video tapes; computerised or other electronic links;

(j)

Reading of Technical Literature. Reading of professional journals, technical bulletins and releases and research projects to the extent of 30 hours per triennium may be claimed as Training and Development but not exceeding 10 hours in any one year; Reading of new accounting and audit standards; All of the aforesaid activities, except the reading of technical literature, would be regarded as formal Training and Development.

   

Technological resources – Use of TeamMate

Background

6.20 The respective FSASG, PSASG and PASG TeamMate library files are the ANAO audit methodology for financial statements, performance statements and performance audits. The FSASG and PSASG TeamMate library files are released annually and contain mandatory procedures addressing auditing standards requirements and ANAO Audit Manual policy. The PASG TeamMate library file is released as required and contains mandatory procedures addressing performance assurance standards requirements and ANAO Audit Manual policy.

6.21 The use of TeamMate and the library file is a vital element in assuring the responsible GEDs and the ANAO Executive that the ANAO’s audits comply with the ANAO Auditing Standards, ANAO Audit Manual policies, and other requirements while also promoting consistency in the quality of engagement performance.

Policy

6.22 TeamMate shall be used to document all financial statements audit, performance statements audits, performance audits and other assurance engagements unless prior approval to use an alternative has been given by the responsible GED to an engagement team.

6.23 The relevant TeamMate library file shall be used for all audits (or parts thereof) including audits that are undertaken under contract arrangements. Where an engagement has been approved to be documented outside of TeamMate, the Engagement Executive shall ensure that all relevant procedures from the TeamMate library file have been conducted.

6.24 Where an audit team rolls over a previous year’s TeamMate file to document the current year’s financial or performance statements audit, the Engagement Executive shall ensure that the rolled over TeamMate file meets the requirements of the current year’s TeamMate library file by having regard to the documentation released by PSRG annually when the updated TeamMate library file is released.

6.25 A separate TeamMate file shall be created for each engagement, except where the use of a file for multiple assurance reports is approved by the responsible GED, taking into consideration: the planned signing date of each opinion or conclusion; the consistency of audit approach; and the ability to get sufficient appropriate audit evidence for both engagements.

6.26 All procedure summaries in the relevant TeamMate library file are mandatory and shall be completed for all financial statements, performance statements or performance audits. The audit procedure steps under the heading ‘Audit Procedures’ of each procedure summary shall be completed. Where a procedure summary or audit procedure step is not relevant to the audit, the team shall document that it is not relevant and shall not delete it.

6.27 The procedure summaries indicate if an attached TeamMate template is mandatory, conditional or optional. Conditional templates are required to be downloaded from TeamStore or obtained from MyANAO and completed where the engagement meets the condition. The format of mandatory and conditional TeamMate templates is required to be maintained and shall not be amended without written approval from the responsible GED.

Guidance

6.28 The ‘Guidance’ in each procedure summary is not mandatory but is intended to help in the completion of mandatory steps.

6.29 The TeamMate library file is not intended to include all ANAO Audit Manual – FSASG, PSASG or PASG Specific policy requirements in the procedure summaries. However, where they are included, they are identified by reference to the specific policy.

6.30 The TeamMate library file can be adapted for use on other assurance engagements, considering the applicable ANAO Auditing Standards and ANAO Audit Manual policy.

6.31 In some cases, the ANAO conducts an audit or assurance engagement for an auditee in addition to the financial statements audit, such as an audit of reports prepared consistent with special purpose frameworks or single financial statements (grant acquittals). It is expected that a separate file is created for these additional engagements due to:

  1. the difference in timing of the engagements and the impact on finalising each audit file as required by ANAO Audit Manual - Shared Content, paragraph 9.11 to 9.14;
  2. the difference in audit approach, including setting of materiality parameters; and
  3. the different levels of sufficient and appropriate audit evidence required for each engagement.

6.32 Where documentation from the financial statements audit file is relevant to the additional engagement(s), it is acceptable for the same audit team to cross reference documentation of work performed in the financial statements audit file on the basis there has been appropriate review of the work for the purposes of the additional engagement.

6.33 The scope of performance audits may change significantly during the course of the audit due to amendments to the audit criteria, the addition or removal of audited entities or other events. Performance audit teams should consider the impact in the change of scope to audit procedures and templates already completed in the TeamMate file. For example, a change in criteria approved by the Auditor-General may mean that the Audit Test Plan is no longer complete or may require additional involvement by SADA specialists requiring an update to the SADA engagement procedures. Depending upon the nature of the change in scope, performance audit teams may consider directly updating the affected parts of the TeamMate file or alternatively preparing an overarching working paper summarising the necessary changes to the previously completed aspects of the audit.

6.34 The Auditor-General may decide to divide a performance audit into parts that report separately, creating multiple performance audits. Performance audit engagement teams may consider requesting approval from the responsible GED to allow both audits to be completed in a single TeamMate file. This approach may promote efficient audit documentation by avoiding the need to repeat documentation of procedures that are common to both audits, however where the multiple performance audits will not be tabled in the Parliament at the same time, the audit team should consider whether this approach will prevent compliance with the archiving requirements.

6.35 The audit team should ensure that procedure summaries and templates contained in the rolled over TeamMate library file meet the requirements of the current audit cycle’s TeamMate library file.

Technological resources – Use of detailed electronic auditee data and data analytics solutions

Background

6.36 Data analytics may provide a means of analysing large volumes of detailed data in a manner not easily achievable through manual procedures.

6.37 The use of detailed data in audit procedures may enhance the effectiveness and efficiency of audits. Other situations where the use of detailed data can be beneficial include when:

  1. there are computations done by a system with high audit risk;
  2. computations are done by a system that is known to be error prone;
  3. computations are done by a newly implemented system;
  4. data migration has occurred between legacy and new systems;
  5. functionality of the systems includes extensive interfacing between systems;
  6. it is necessary to examine how data is collected or used for monitoring, compliance or management reporting;
  7. there are repetitive business processes;
  8. more complex systems are in place;
  9. there is a large volume of transactions/calculations; and
  10. understanding and visualising complex data is critical to the audit.

6.38 Efficiency may be further enhanced by the use of a ‘standardised solution’, which is a data analytics solution that is designed for use by multiple audits, with minimal SADA time required to adapt to it an additional audit, and has been approved by PSRG.

Policy

6.39 A data analytics solution designed for use by multiple audits shall be approved by PSRG for it to be deemed a standardised solution.

6.40 Where there have been significant changes to a standardised solution, re-approval from PSRG shall be obtained for it to continue to be deemed a standardised solution.

6.41 For each data analytics procedure performed using a standardised solution, the audit team shall:

  1. Confirm and document that each assertion, balance and objective align with the design documentation associated with the solution as approved by PSRG; or
  2. Document the justification for any departure from the design documentation.

6.42 For each data analytics procedure performed that is not approved by PSRG (i.e., not a standardised solution), the audit team shall document the nature of the procedure, specifically:

  1. The objective of the procedure (alignment with audit criteria, audit assurance or audit insights);
  2. The category of the procedure (risk assessment, controls procedure or substantive procedure);
  3. Thresholds/definitions of outliers or differences; and
  4. The quality assurance processes performed by suitably experienced staff as to the integrity of the operation of each data analytics solution used.

6.43 For procedures other than risk assessment or controls procedures, the audit team shall document:

  1. The balance/transaction/attribute/business process being tested; and
  2. The assertion(s) or audit criteria/sub-criteria addressed by the procedure.

Guidance

Approval and quality assurance of standardised solutions

6.44 In some contexts, solutions developed by SADA will be expected to be used routinely in the conduct of multiple engagements (for example, risk assessment dashboards supporting financial statement audits) and on a more bespoke basis in other audits (for example, for performance audits). Some data analytics solutions may be developed for bespoke needs but then have applications that support the transition of the solution to a standardised solution.

6.45 Where a solution is expected to be used routinely, it is likely to be efficient for SADA to obtain PSRG approval for that solution to be a standardised solution so that individual audit files do not need to include comprehensive documentation about the quality management processes over the solution.

6.46 PSRG’s approval process would not seek to replicate SADA’s internal quality assurance processes but would provide an independent assessment of the appropriateness of those processes to demonstrate the integrity of the standardised solution and may consider (but are not limited to):

  1. The sufficiency and appropriateness of SADA’s documentation of the operation of the standardised solution, including the evidence of appropriate internal SADA review and supervision and rectification of identified issues;
  2. The appropriateness of any assurance or accounting assumptions (implicit or explicit) associated with the operation of the standardised solution (that is, are there relevant accounting or auditing issues that the standardised solution will fail to detect or alternatively may the standardised solution unreasonably identify false positives);
  3. The extent to which the documented operation of the standardised solution may not be suitable for particular purposes for which it might be used (that is, are there assumptions or limitations in the standardised solution that prevents it from being appropriate for particular audit purposes); and
  4. The extent to which ongoing development/monitoring will be required for the standardised solution.
Nature of data analytics procedures

6.47 When using a data analytics solution to obtain audit evidence, audit teams need to perform procedures to validate the reliability of the underlying information. See PwC Audit Guide 5107.4.2 for examples of report testing with and without ITGC reliance.

6.48 Data analytics may also be used to collect data for other ANAO objectives, such as collecting and analysing data to report on insights across the Commonwealth as part of the annual Interim Report on Key Financial Controls of Major Entities report.

Documentation requirements

6.49 The primary principle guiding documentation of audit procedures is that an experienced auditor should be able to understand the nature, timing and extent of the audit procedures performed. This principle applies to procedures performed using data analytics in the same way it does for other audit procedures.

6.50 Data analytics procedures should be designed such that they support the archiving of sufficient appropriate audit evidence with the audit file.

6.51 The ANAO Auditing Standards and ANAO Data Governance Framework do not require the auditor to retain all of the information used in selecting items to test, or to retain all datasets used in data analytics procedures on the audit file. However, they require the auditor to document the identifying characteristics of the specific items or matter tested. The guiding principle to determine the extent to which data should be retained is to ensure that the audit file includes enough details to enable obtaining the same dataset from the audited entity and the reperformance of the procedure.

6.52 Audit data analytics are often run in tools separate from the audit file. The audit team determines what inputs and outputs to evidence on the audit file. Sufficient appropriate audit evidence may include:

  1. Variables and criteria input to data analytics solutions;
  2. Screenshots of interactive data analytics relating to the test parameters; and
  3. Evidence produced by data analytics specialists.

6.53 The documentation requirements may be achieved in each circumstance through a combination of:

  1. The relevant required templates and documentation standards that apply to the related procedure category under the relevant policy manual;
  2. To the extent not covered by (a) above, ANAO standard work papers developed specifically to document compliance with policies set out in this data analytics methodology; and/or
  3. Workpapers developed by audit teams for individual audits.

6.54 Flowcharts and diagrams that aid the understanding of bespoke (i.e., not standardised) solutions used are to be rolled forward onto each audit file in years where the solution is run.

6.55 Audit documentation is also required to demonstrate the integrity of the operation of a solution. Where a standardised solution has been used, it is sufficient for the audit file to document that the solution used is a standardised solution.

7. Information, communication and relationship with the auditee

Attending audit committee meetings

Policy

7.1 The ANAO shall attend,36 as observers, audit committee meetings of Commonwealth entities and Commonwealth companies as are reasonably practicable, taking into account the following factors:

  1. the extent and nature of governance, system, risk or program issues under consideration by the Committee;
  2. the importance of the ANAO’s attendance in maintaining effective relationships;
  3. the extent and nature of the ANAO’s performance audit coverage; and
  4. in some cases, the role of the ANAO’s contract auditor.

7.2 As a minimum, the FSASG Engagement Executive, or nominated FSASG representative, will plan to attend the audit committee meetings of all Commonwealth entities and Commonwealth companies at which the committee reviews the entity’s annual financial statements.

7.3 Priority will be given to an ANAO representative(s) attending meetings of the audit committee of Commonwealth entities and Commonwealth companies that are material to the preparation of the Consolidated Financial Statements of the Australian Government.37

7.4 Attendance at audit committee meetings of non-material entities will be determined on a case-by-case basis by the responsible FSASG Engagement Executive, in consultation as required with the responsible PASG Engagement Executive.

7.5 As a minimum, the PSASG Engagement Executive, or nominated PSASG representative, will plan to attend the audit committee meetings of the Commonwealth entities at which the committee reviews the entity’s annual performance statements that are subject to ANAO audit.

7.6 The responsible FSASG Engagement Executive shall take the lead role in representing the ANAO at audit committee meetings. A representative of PASG and PSASG shall attend the audit committee meeting on a case-by-case basis. At a minimum, the responsible PASG and PSASG representative will provide a briefing to the FSASG representative, sufficient to enable the audit committee to be informed about the progress of any performance statements audits, performance audits, including cross-entity audits, in progress in the entity, and on key issues arising from the audits at the time of the audit committee meeting.

7.7 It is expected that the ANAO will have a standing invitation to attend all audit committee meetings for all agenda items.38 In circumstances where this is not the case, and where agreement cannot be reached through discussions between the responsible Engagement Executive and GED and the entity, the Auditor-General shall be advised.

Guidance

7.8 Audit committees of Commonwealth entities and Commonwealth companies are an important element of an entity’s governance arrangements and are a key point of contact for the ANAO.

7.9 As an observer, the ANAO representative should speak to matters relating to the ANAO and provide such other help to the committee as required.

7.10 The ANAO attends audit committee meetings to:

  1. meet our obligations under the auditing standards, including:
    1. about fraud in relation to an audit, formally raising for discussion the risk of fraud and material misstatement at one or more audit committee meetings and, where possible, have the minutes record the discussion (ASA 240 paragraphs 21-22);39 and
    2. communicating an overview of the planned scope and timing of the financial statement audit, via the Audit Strategy Document (ASA 260 paragraph 15);
  2. communicate about how the ANAO’s system of quality management supports the consistent performance of quality audit engagements;40
  3. brief committees on entity-specific financial statements, performance statements and performance audit coverage and assurance reviews where applicable, as well as to make a ‘value-added’ contribution by bringing an APS-wide perspective obtained through our work across the public sector. The nature and extent of our interaction with committees needs to recognise the role that individual committees have in reviewing an entity’s financial and performance statements and recommending their signing by the entity’s accountable authority and any role that they have been requested by the accountable authority to have about individual performance audits;
  4. contribute our knowledge and experience to the agenda of the meeting;
  5. inform, and be informed, of any significant issues arising which have the potential to result in an untoward effect on the integrity of financial or performance reporting or administration of the entity; and, to the extent practicable, agree on steps to overcome such issues, or to minimise their effect;
  6. encourage open discussion on issues affecting the performance of entities through the mature handling of information from the entity, considered as part of the audit of the entity;
  7. advise the committee of the auditor’s responsibilities about the financial statements audit, performance statements audit and of any scheduled performance audits and their objectives;
  8. enable an unrestricted, frank and confidential exchange (the audit committee members and the ANAO representative only should meet with independent members at least annually);
  9. discuss the effectiveness of the internal controls structure and risk management;
  10. present emerging accounting policy, accounting and auditing issues for consideration;
  11. provide ongoing assurance on independence where sub-contract arrangements have changed; and
  12. enable feedback on the effectiveness of communication and reporting between the ANAO and the committee.

7.11 The FSASG Engagement Executive usually attends the audit committee as the ANAO representative, however another senior officer may attend as a replacement where necessary. It is important that ANAO representatives read committee papers in advance of committee meetings and be prepared, to the extent practicable, to respond to questions and issues that arise from agenda items. This may require consultation with other areas of the ANAO before committee meetings. Where a question or issue is taken on notice, it is important that a response, through the committee Chair or committee secretariat, be provided in a timely manner. Where possible, the Chair should be advised, directly or via the committee secretariat, of ANAO attendance at each meeting.

7.12 In circumstances where a committee seeks to limit ANAO attendance at some or all committee meetings, a senior ANAO representative should discuss with the committee Chair the ANAO’s expectation that the ANAO will have a standing invitation to attend all meetings as an observer. Having a standing invitation at audit committee meetings is considered important so that the ANAO is aware of issues potentially impacting the entity’s control environment and to help in maintaining effective relationships with the committee.

7.13 The content of reports to audit committees will vary depending on the phase of the audit cycle. Examples of content are below.

  1. Summary Corporate activity update prepared by PSRG.
  2. Status of financial statements audit activity within the entity.
  3. Status of performance statements audit activity within the entity (as relevant).
  4. Status of relevant performance or other audits in progress.
  5. Any issues that will be reported to the Minister or Parliament, as they must be advised to the audit committee.
  6. Non-trivial findings arising from the audit.
  7. Depending on the timing of the audit committee meeting, provision and discussion of the draft closing report.
  8. Advice on final reports to the Minister and Parliament.

7.14 Information included in a committee briefing should have been discussed or formally communicated to entity management. Committee briefings will be at a relatively high level and consistent with the periodic briefings provided to senior management of the entity. Where further detail is sought on a particular audit, such as cross-entity audits or audits that are sensitive, it may be appropriate to offer the committee a separate briefing from the responsible audit team so that the committee is aware of the potential exposure of the entity to any significant risks or issues.

7.15 It is a matter of good practice for the accountable authority to consider draft and proposed reports, the recommendations and the position it will take in responding. The Auditor-General has agreed that accountable authorities of entities may decide to disclose, on a confidential basis, draft and proposed reports provided under section 19 of the Act to their audit committees. This consent was given because audit committees have a key role in monitoring entity risks and the implementation of any changes proposed in audit reports. The ANAO advises those who receive draft and proposed reports to treat the material as confidential and the provision of proposed reports to an audit committee is made on the condition that the report will continue to be treated as confidential.

7.16 Most or all members of the audit committees of corporate Commonwealth entities will be members of the corporate Commonwealth entity’s Board, and these Board members will have an interest in reviewing a section 19 draft report given their overall responsibility for the operation of the entity.

7.17 The accountable authority of a corporate Commonwealth entity who is provided the section 19 report (generally the Chair of the Board) can disclose the contents of the report to other Board members,41 while advising the accountable authority to restrict distribution of the report to those with a ‘need to know.’

7.18 It is important that when reports are finalised, audit committees are briefed about the conclusions and that the organisational implications are discussed.

Management and those charged with governance

Policy

7.19 The Engagement Executive shall determine the identity of TCWG, with whom audit matters are to be communicated where required by the auditing standards, ANAO policy or legislation.

7.20 Such communications may be made with a subgroup of TCWG. In these cases, the Engagement Executive shall consider whether there is a need to communicate also with the whole group.

7.21 The Engagement Executive shall communicate with TCWG the form, timing and expected general content of communications.

7.22 The Engagement Executive shall be satisfied that all persons charged with governance receive any written auditor’s communications intended for TCWG on a timely basis.

7.23 The Engagement Executive shall evaluate whether the two-way communication with TCWG has been adequate for the purposes of the audit. If it has not, the Engagement Executive shall determine if there is any effect on the assessment of the risks of material misstatement and ability to get sufficient appropriate audit evidence and take appropriate action.42

Guidance

7.24 TCWG is defined as the person(s) or organisation(s) with responsibility for overseeing the strategic direction of the entity and obligations related to the accountability of the entity. This includes overseeing the financial reporting process. For some entities, those charged with governance may include management personnel; for example, executive members of a governance board of a corporate commonwealth entity.

7.25 Management is defined as the person(s) with executive responsibility for the conduct of the entity’s operations. For some entities, management includes some or all of those charged with governance; for example, executive members of a governance board.

7.26 For Commonwealth entities under the PGPA Act, the accountable authority is charged with governance. The accountable authority of a non-corporate Commonwealth entity is the Secretary of the Department or Parliamentary Department, or for a listed entity the person prescribed in the Act or the rules to be the accountable authority (refer to PGPA Act section 12(2)).43 In the case of a corporate Commonwealth entity, the accountable authority is the governing body of the entity, usually a board of directors (however described), unless otherwise prescribed by an Act or the rules.

7.27 The concept of an accountable authority applies only to Commonwealth entities. In a Commonwealth company or a subsidiary company, the board of directors are TCWG.

7.28 In addition to departmental secretaries, members of the audit committees of Commonwealth entities, companies and subsidiaries are, in the absence of conflicting information, presumed to be persons charged with governance. Refer to the extracts at paragraph 7.33 of the legislative requirements for audit committees for Commonwealth entities under the PGPA Act.

7.29 There may be other persons charged with governance within Commonwealth entities.

7.30 The auditing standards permit communication with a sub-group of TCWG where appropriate, and the intention of ASA 260 Communication with Those Charged with Governance is to cater for the wide variety of governance structures that exist throughout the world, including those applying in public sector entities. In deciding with whom to communicate, the auditor’s understanding of an entity’s governance structure and processes is relevant. The appropriate person(s) with whom to communicate may also vary depending on the matter to be communicated.

7.31 For corporate Commonwealth entities and Commonwealth companies, the audit committee is usually a subset of the board. Guidance in ASA 260 provides that while the specific authority and functions of audit committees may differ, communication with the audit committee, where one exists has become a key element in the auditor’s communication with those charged with governance (ASA 260 paragraph A7).

7.32 ANAO policy on matters to be communicated to TCWG and the timing of those communications are in paragraphs 7.19 to 7.23. This policy should be read in conjunction with the policy on Attending Audit Committee meetings.

7.33 Refer to PGPA Act 2013, section 45 Audit committee for Commonwealth entities and PGPA Rule 2014 section 17 Audit committee for Commonwealth entities for the legislative requirements of audit committees.

Publication and communication of Audit Quality documents

Background

7.34 The ANAO’s Quality Management Framework (QMF) is the system of quality management for all assurance and related activities undertaken by the ANAO. The QMF provides assurance that:

  1. the ANAO complies with the ANAO auditing standards, regulatory requirements and ANAO policies and procedures; and
  2. reports issued by the ANAO are appropriate in the circumstances.

7.35 The ANAO Quality Management Framework and plan document demonstrates the processes, policies, and procedures that make up the ANAO system of quality management. The Quality management strategy and deliverables component of the document identifies the key activities that the ANAO conducts to provide the Auditor-General with confidence that the controls established within the Quality Management Framework are implemented and operating effectively.

7.36 The ANAO Audit Quality Report captures the ANAO evaluation of the implementation and operating effectiveness of the elements of the ANAO Quality Management Framework. The report outlines audit quality indicators measuring ANAO performance against target benchmarks and includes the achievement of the quality management strategy and deliverables set out in the Quality Management Framework and Plan.

Policy

7.37 The QMF and Plan shall be published on an annual basis after the publication of the ANAO Corporate Plan.

7.38 The QMF and Plan shall set out the ANAO’s quality management strategy and deliverables for the year. The QMF Plan shall be informed by priorities identified in the ANAO Corporate Plan, the result of prior period monitoring activities and better practice insights from engagement with peers and wider auditing profession.

7.39 The Audit Quality Report shall be published on an annual basis after the publication of the ANAO Annual Report.

7.40 The Audit Quality Report shall include the ANAO evaluation and conclusion on whether the QMF provides reasonable assurance that the ANAO’s quality objectives are being achieved as set out in Chapter 11.

Guidance

7.41 The ANAO is not required to communicate the Audit Quality Report to external parties under ANAO Auditing Standards, legislation or regulations. The ANAO chooses to publish the ANAO QMF and Plan and the Audit Quality Report on the ANAO website to demonstrate transparency over how the ANAO system of quality management supports the consistent performance of quality engagements. The achievement of the quality management strategy and deliverables is reported on externally to enhance accountability.

Communication with the ANAO Audit Committee

7.42 The Auditor-General has established an ANAO Audit Committee in compliance with section 45 of the PGPA Act and section 17 of the PGPA Rule – Audit committee for Commonwealth entities.

7.43 The ANAO Audit Committee’s role is to provide independent assurance to the Auditor-General on the ANAO’s financial and performance responsibilities, risk oversight and management, and system of internal control.

Policy

7.44 The ANAO shall communicate with the ANAO Audit Committee with respect to the following matters:

  1. The ANAO’s system of quality management, including the QMF and Plan;
  2. The ANAO internal audit work plan and internal audit reports, and how the ANAO proposes to address findings and recommendations arising; and
  3. Reports arising from parliamentary committee reports, external reviews and evaluations of the ANAO, and how the ANAO proposes to address findings and recommendations arising.

Guidance

7.45 The ANAO Audit Committee’s functions are set out in the ANAO Audit Committee Charter. The policy requirements in paragraph 7.44 above are in respect of its functions relating to providing assurance to the Auditor-General on audit quality. The ANAO may be required to communicate with respect to matters additional to those in paragraph 7.44 to support the ANAO Audit Committee in discharging its other functions.

8. Engagement performance

Direction, supervision and review

Background

8.1 ASA 220 and ASQM 1 require policies and procedures for direction, supervision and performance and reviews of audit staff and work.

Policy

8.2 Auditors shall be provided with levels of direction, supervision and on the job training appropriate to their skills and experience. It is the responsibility of the Engagement Executive to ensure that this is provided to all auditors working on an engagement.

8.3 Review responsibilities shall be allocated on the basis that the more experienced auditors, including Engagement Executives, review work performed by the less experienced members of the engagement team.44

8.4 In performing reviews of audit work:

  1. all work performed shall be reviewed in full;
  2. the Engagement Executive shall review a sufficient quantity of the work performed to ensure that the work has been properly performed and appropriate conclusions reached, given the evidence referenced;
  3. timely reviews shall be conducted at appropriate stages during the audit;
  4. where agreed by the Engagement Executive, review can occur as a peer review. Audit Managers may examine IT work performed by a more senior auditor for integration into the audit work;
  5. all reviews shall be evidenced by signature and date (electronic or otherwise) on relevant working papers; and
  6. at the end of the audit, review notes shall be removed from the working paper file. Accordingly, information provided as a result of requests in review notes needs to be documented in working papers.

Guidance

8.5 As a general rule, the more experienced and senior the officer, the less supervision and direction is required.

8.6 Direction of the engagement team involves informing team members of:

  1. their responsibilities, including the need to comply with relevant ethical requirements and exercise professional scepticism;
  2. the responsibilities of the Engagement Executive, Signing Officer (SO) (if applicable) and Engagement Quality Reviewer (EQR) (if applicable);
  3. the objectives of the work to be performed;
  4. the nature of the entity’s business and associated risks, problems that may arise and the detailed approach to performance of the audit; and
  5. relationship management techniques for ensuring a positive professional relationship with audited entities is maintained.

8.7 Supervision includes the following:45

  1. tracking the progress of the audit engagement;
  2. consideration of the following with respect to members of the engagement team: whether they understand their instructions; and whether the work is being carried out in accordance with the planned approach to the engagement;
  3. addressing significant matters arising during the audit engagement, considering their significance and modifying the audit plan accordingly; and
  4. identifying matters for consultation or consideration by more experienced engagement team members during the engagement.

8.8 The ANAO Core Capability Framework provides guidance to auditors on the role of supervision for their level.

8.9 Review of work completed, by reference to the working papers and other documentation, is a fundamental part of the audit process. A review of work performed may include considering whether:

  1. the work has been performed in accordance with the ANAO’s policies or procedures, the ANAO Auditing Standards and applicable legal and regulatory requirements;
  2. significant matters have been raised with the Audit Manager or Engagement Executive for further consideration;
  3. appropriate consultations have been undertaken and the resulting conclusions have been documented and implemented (see Consultation policy);
  4. the audit team has exercised appropriate professional judgement and professional scepticism;
  5. the planned nature, timing and extent of audit procedures have been revised where required;
  6. the work performed supports the conclusions reached and are appropriately documented;
  7. the audit evidence is sufficient and appropriate to support the audit report; and
  8. the objectives of the audit engagement have been achieved.46

8.10 It is the responsibility of the Engagement Executive to ensure that audit work, including procedures in the electronic working papers, are reviewed and evidenced as having been reviewed consistent with the ANAO policies in this Manual.47 However, this does not require that the review is only performed by the Engagement Executive or the Audit Manager. The level of review depends on the risk of the items and the complexity of the audit work being performed. For example, the Audit Manager or the Engagement Executive may allocate lower risk items, completed by less experienced members of the engagement team (e.g. junior auditor) to be reviewed by a more experienced engagement team member (e.g. Team Leader or Senior Auditor). In particular, the Engagement Executive should review:

  1. critical areas of judgment, especially those relating to difficult or contentious matters;
  2. significant risks; and
  3. any other areas the Engagement Executive considers important.

8.11 Quality management of IT aspects of audits is the responsibility of the Group Executive Director of SADA. The SADA Manager would, however, review the work of the IT team members where such a team was involved. Further, the Engagement Executive and Audit Manager should also conduct sufficient review of IT aspects of the audit so as to enable those auditors to have a sufficient understanding of all components of the audit.

Consultation

Background

8.12 Auditors often have to deal with accounting or auditing issues that are difficult or contentious. ASQM 1 requires policies and procedures that give the ANAO reasonable assurance that appropriate consultation takes place in these circumstances, and that the outcomes are appropriately documented and implemented.

8.13 The standards also make the Engagement Executive responsible for ensuring that consultation is undertaken and appropriate, and that it is concluded, documented, agreed and implemented.

Policy

8.14 The engagement team shall bring to the attention of the Engagement Executive all matters they believe are difficult or contentious.

8.15 The Engagement Executive shall ensure appropriate consultation on difficult or contentious matters is undertaken (whether on an in-house or contracted out audit). Where a difficult or contentious matter is identified, the Engagement Executive shall consult with:

  1. the EQR and Second Reviewer, if appointed to the audit;
  2. the responsible GED; and
  3. where appropriate, with PSRG.

8.16 The following matters are deemed to be difficult or contentious:

  1. any matter required to be referred to the Qualifications and Technical Advisory Committee (QTAC);
  2. a proposed material restatement of the previous period’s financial statements (including note disclosure), refer to ANAO Audit Manual - FSASG Specific, paragraph 111.16;48
  3. a financial statement accounting or reporting policy change that is not the result of a change in an accounting standard or other reporting requirement;
  4. deferrals of departmental appropriation revenue;
  5. situations where facts become known after the auditor’s report has been signed which would have changed the financial statements or the auditor’s report had they been known at the time;
  6. situations where the financial statements, performance statements or auditor’s report which have been made public are not the same as the ANAO audit file versions;
  7. situations where a serious lack of corporate governance is apparent;
  8. actual or suspected criminal acts, including bribery of a foreign public official and fraud (particularly of a large or systematic nature). The Engagement Executive shall seek direction from a GED without delay when this is identified (whether by the engagement team or by the entity);
  9. when requested to conduct an assurance review;
  10. when the relevant minister has requested a briefing;
  11. sensitive matters that may affect a performance audit’s key findings or overall conclusion;
  12. being advised orally or in writing that an entity plans to seek legal advice on any aspect of the Auditor-General Act 1997;
  13. when the engagement team is proposing a new interpretation of legislation or government policy or rules and/or expects an auditee may challenge the engagement team’s interpretation of legislation or government policy or rules;
  14. when requested to not disclose sensitive information on the grounds of Cabinet or commercial confidentiality, or under subsection 37(1)(a) of the A-G Act; or
  15. if advised orally or in writing of a possible referral to the Attorney-General under subsection 37(1)(b) of the A-G Act.

8.17 The Engagement Executive shall consult with PSRG on the following financial statement audit matters:

  1. auditor report on ceasing Commonwealth entities;49
  2. auditor reporting of non-compliance with section 83 of the Constitution;
  3. correspondence with a regulator (e.g. responding to regulator comments following a file inspection by APRA or ASIC);
  4. breaches of the Corporations Act 2001 requiring reporting to ASIC, including under sections 311 and 990K; and
  5. issues where external advice is being sought. Audit teams shall consult PSRG in the first instance to see if similar advice has been received in the past.

8.18 A copy of any external advice on any matter relevant to the interpretation of an accounting standard, the financial framework (including legal opinions) or audit methodology shall be provided to PSRG when received. This includes advice provided by the client to the audit team.

8.19 The Engagement Executive shall, on an annual basis:

  1. review consultations, relevant to current year’s audit, sought on previous years’ difficult and contentious matters, including matters required by paragraph 8.18; and
  2. determine whether re-consultation is required to ensure that conclusions reached remain relevant and appropriate.

8.20 Where the Engagement Executive determines that re-consultation is required on previous year’s difficult and contentious matters, the Engagement Executive shall re-consult with:

  1. the EQR and Second Reviewer, if appointed to the audit;
  2. the GED; and
  3. where appropriate, with PSRG.

8.21 Where the Engagement Executive determines that re-consultation is required on matters required by paragraph 8.17, the Engagement Executive shall re-consult with PSRG.

8.22 Those consulted shall be given all the relevant facts that will enable them to provide informed advice on technical, ethical or other matters.

8.23 The engagement team shall:

  1. document the nature and scope of, and conclusions resulting from, such consultations;
  2. confirm the documentation with the party consulted; and
  3. implement the conclusions resulting from consideration of the consultation.

Guidance

FSASG communication protocols

8.24 FSASG protocols require topical issues to be communicated to a GED on a timely basis and to be reported promptly to the ANAO Executive in FSASG Weekly Operational Report. The list of topical issues is to include difficult or contentious matters identified by Engagement Executives and all other matters on which consultation is required.

8.25 In addition, the Signing Officer Technical Forum provides an opportunity to communicate new or unusual accounting and auditing matters. This will raise awareness of the matter and allow for the exchange of views.

PASG communication protocols

8.26 PASG protocols require performance audit issues to be communicated to a GED through regular progress review meetings. Issues of high sensitivity should be reported promptly to the responsible GED, and to the ANAO Executive in PASG’s Weekly Operational Report.

PSASG communication protocols

8.27 PSASG protocols require topical issues to be communicated to a GED on a timely basis and to be reported promptly to the ANAO Executive in PSASG Weekly Operational Report. The list of topical issues is to include difficult or contentious matters identified by Engagement Executives and all other matters on which consultation is required.

8.28 In addition, the Senior Officer Technical Forum provides an opportunity to communicate new or unusual auditing matters. This will raise awareness of the matter and allow for the exchange of views.

When to consult

8.29 Engagement teams should take advantage of opportunities to consult with others within the ANAO (without breaching confidentiality or security requirements) when forming views or opinions and taking actions for reaching decisions.

8.30 Other than matters on which consultation is required by ANAO Policy, it is a matter of judgement as to whether consultation should be sought. If in doubt, it is prudent to err on the side of caution.

8.31 There will generally be greater need to consult in the early years of a new financial reporting (standard or rule), auditing or legal requirement than after most teams have obtained substantial experience applying the requirement.

8.32 A consultation can be differentiated from an enquiry. A consultation (which may also be referred to as a formal consultation) is a discussion in which the engagement team wants to get an objective view or receive guidance regarding a specific set of facts and circumstances. There are certain requirements that both the engagement team and the consultant need to satisfy for the consultation to be effective, including appropriate documentation and implementation of conclusions resulting from consideration of the consultation.

8.33 Enquiries are other types of discussions which are not consultations; for example a ‘point me in the right direction’ or ‘have you seen’ type of question. Often, the team may wish for example to be informed about, or clarify their understanding of, a matter before deciding whether formal consultation is necessary. This dialogue is a normal part of the audit process. Whether such enquiry needs to be documented is a matter of judgement.

Who to consult

8.34 Appropriate consultation requires consulting with those having appropriate knowledge, seniority and experience within the ANAO or, where applicable, outside the ANAO on significant technical, ethical and other matters.

8.35 In addition to formal requirements to consult with the GED, Engagement Executives should, where appropriate, use the GEDs as ‘sounding boards’ on matters arising on their audits. It will not be unusual for these interactions to result in a formal consultation in due course.

8.36 When consulting with an EQR, both the engagement team and the EQR should take care to maintain the EQR’s objectivity so as not to compromise the EQR’s ability to perform the role.

8.37 An important part of the role of PSRG is to provide expert advice on accounting and auditing issues, such as the items in paragraphs 8.16 b) to f). The e-mail addresses PSRGAccounting@anao.gov.au and PSRGAudit@anao.gov.au should be used for sending e-mail queries.

Guidance on matters where consultation is required

8.38 Specific matters that require consultation include an apparent lack of corporate governance. A lack of governance may be revealed about only one major and readily apparent matter. For example, deliberate misapplication of appropriations. It may also be a series of single, but apparently unrelated events. For example, no Audit Committee meetings for an extended period, together with issues relating to trust moneys and other instances suggesting a lack of governance.

Documentation

8.39 Where consultation has occurred, the standards require audit documentation which enables a reviewer to understand, among other things, the significant matters that arose during the audit, the consultation and the conclusions reached thereon.

8.40 Accordingly, when an Engagement Executive concludes that it should consult on a matter, the team should prepare documentation setting out:

  1. the matter or issue;
  2. all relevant facts and circumstances, including significant aspects of the audit evidence obtained if relevant;
  3. the client’s preliminary point of view and justification, where applicable;
  4. the audit team’s preliminary point of view and justification; and
  5. the analysis of accounting, auditing or other relevant literature, including implication(s) of the matter.

Engagement quality review

Background

8.41 The professional accounting and auditing standards require internal policies and procedures which provide reasonable assurance that auditing engagements and other assurance reviews are conducted according to the relevant standards, ethical and legal requirements.

8.42 The ANAO’s QMF addresses these requirements by providing a system of quality management for the ANAO to have reasonable assurance that auditing staff are complying with the relevant professional standards, regulatory requirements and ANAO policies and procedures.

8.43 ASQM 1 requires that an EQR be appointed to audits of listed entities. ANAO policy extends this requirement to all high risk engagements. ASQM 2 and ASA 220 deal with the requirements related to the eligibility of the EQR and the Engagement Executive and EQR’s responsibilities relating to the performance and documentation of the engagement quality review.

Policy

8.44 An EQR shall be assigned to:

  1. all high risk engagements conducted by Performance Audit Services Group;
  2. all high risk engagements conducted by Financial Statements Audit Services Group determined to require an EQR in accordance with ANAO Audit Manual - FSASG Specific, Engagement risk rating and public interest entity assessment;
  3. all Financial Statements Audit Services Group engagements of listed entities or other public-interest entities;
  4. all high risk engagements conducted by Performance Statements Audit Services Group;
  5. any other engagements conducted by Performance Statements Audit Services Group where the PSASG GED assesses as having a need for additional quality oversight;
  6. any other engagement for which an engagement quality review is required by law or regulation; and
  7. any other engagement at the discretion of the relevant GED, the Deputy Auditor-General or the Auditor-General.

8.45 The FSASG GED shall consider assigning an EQR to all financial audit engagements of outsourced material entities that transition back in-house. This requirement applies to the transitional year only.

8.46 Exceptions to this policy require the approval of the Auditor-General.

Criteria for eligibility as an EQR

8.47 The EQR for an audit, including contract out audits, shall be approved by the Auditor-General on recommendation from the GED, at the start of the audit cycle, or as soon as possible afterwards.

8.48 When recommending the appointment of an EQR, the GED shall ensure that the proposed EQR has the technical qualifications required to perform the role, including the necessary experience and authority, and shall have regard to any considerations that may threaten the EQR’s objectivity. The recommendation to the Auditor-General shall explain the processes in place to ensure that the proposed EQR has the required technical qualifications and objectivity.

8.49 The EQR has the overall responsibility for the performance of the engagement quality review, and determining the nature, timing and extent of the review. In performing their responsibilities the EQR shall be allocated sufficient time and resources.

8.50 The EQR and persons assisting in undertaking the engagement quality review, if any, shall at all times maintain their objectivity.

8.51 To maintain their objectivity:

  1. the EQR and persons assisting in undertaking the review shall not:
    1. be involved in the decision making process on the audit; or
    2. otherwise participate in the engagement during the period of the review; and
  2. care must be taken by both the engagement team and the EQR or persons assisting the EQR to ensure that the nature and extent of consultations between them do not give rise to a threat to the objectivity of the EQR or persons assisting the EQR.

8.52 When persons assisting in undertaking the engagement quality review become aware of circumstances that impair their objectivity or otherwise impair their eligibility to perform the review, that person shall notify the EQR and discontinue their involvement in the review.

8.53 If, during the engagement quality review, it is determined that the EQR’s eligibility to perform the review may have become impaired, the EQR shall inform the PSRG GED who shall recommend to the Auditor-General the appointment of a new EQR to the audit.

Nature and extent of the quality review

8.54 In carrying out the engagement quality review, the EQR shall:

  1. fulfil the responsibilities outlined in the Australian Auditing Standards or assigned to them by legislation, including performing procedures in accordance with paragraphs 8.55 to 8.61 below, at appropriate points in time during the engagement to provide an appropriate basis for an objective evaluation of the significant judgements made by the engagement team and the conclusions reached thereon;
  2. comply with relevant ethical requirements;
  3. exercise professional scepticism.

8.55 For in-house appointments, the EQR shall in accordance with ASQM 2:

  1. read, and obtain an understanding of:
    1. information communicated by the engagement team regarding the nature and circumstances of the engagement and the entity; and
    2. any findings arising from the Quality Assurance Review Program that may relate to, or affect, the areas involving significant judgements made by the engagement team; and
  1. discuss with the Engagement Executive and, if applicable, the Signing Officer and other members of the engagement team significant matters and significant judgements made in planning, performing and reporting on the engagement;
  2. based on the information obtained in (a) and (b), review selected engagement documentation relating to the significant judgements made by the engagement team and evaluate:
    1. the basis for those significant judgements, including, when applicable to the type of engagement, the exercise of professional scepticism by the engagement team;
    2. whether the engagement documentation supports the conclusions reached; and
    3. whether the conclusions reached are appropriate;
  1. evaluate the basis for the Engagement Executive’s determination that relevant ethical requirements relating to independence have been fulfilled;
  2. evaluate whether appropriate consultation has taken place on matters involving differences of opinion, or other difficult or contentious matters and the conclusions arising from those consultations;
  3. evaluate the basis for the Engagement Executive’s determination that their involvement has been sufficient and appropriate throughout the engagement such that they have the basis for determining that the significant judgements made and the conclusions reached are appropriate given the nature and circumstances of the engagement; and
  4. review:
    1. for audits of financial reports, the financial reports and the auditor’s report thereon, including, if applicable, the description of the key audit matters; and
    2. for other assurance and related services engagements, the engagement report, and, when applicable, the subject matter information.

8.56 For in-house appointments, the EQR shall also determine the nature, timing and extent of the direction and supervision of the individuals (if any) assisting in the review, and the review of their work.

8.57 In determining the procedures to be undertaken during the engagement quality review, the EQR shall take into account quality risks, remedial actions for deficiencies, inspection findings, responses to risk of material misstatement and the engagement team’s cooperation with the EQR.

8.58 The EQR shall discuss with the relevant Engagement Executive any matters arising from the engagement quality review.

8.59 The EQR shall notify the Engagement Executive if the EQR has concerns that significant judgements made by the engagement team, or the conclusions reached thereon, are not appropriate. If such concerns are not resolved to the EQR’s satisfaction, the EQR shall notify the Qualifications and Technical Advisory Committee (QTAC), the Deputy Auditor-General or the Auditor-General, as appropriate, and the differences of opinion be resolved in accordance with the requirements of this Audit Manual (see Differences of Opinion in ANAO Engagement section below).

8.60 The EQR shall determine whether the requirements in ASQM 2 and the ANAO Audit Manual with respect to the performance of the engagement quality review have been fulfilled, and whether the engagement quality review is complete. If so, the EQR shall notify the Engagement Executive that the engagement quality review is complete.

Documentation

8.61 The EQR is responsible for the documentation of the engagement quality review.

8.62 Before the issue of the audit report, the EQR shall determine that:

  1. the documentation of the engagement quality review is sufficient to enable an experienced practitioner, having no previous connection with the engagement, to understand the nature, timing and extent of the quality review procedures performed and the conclusions reached in performing the review; and
  2. the documentation includes:
    1. the names of the EQR and the individuals who assisted the EQR;
    2. an identification of the engagement documentation reviewed, including documentation of their review of the Signing Officer Review Memorandum (SORM) when applicable;
    3. the basis for the EQR’s determination in accordance with paragraph 8.60;
    4. the notifications required in accordance with paragraphs 8.59 and 8.60; and
    5. the date of completion of the engagement quality review; and
  3. the applicable EQR template has been completed at the planning and final stages of the audit.

Guidance

8.63 The EQRs are usually appointed at the beginning of an audit. Appointments may be made later if circumstances on an audit change so that appointing an EQR becomes appropriate.

8.64 The policy has scope for an EQR to be appointed from outside the ANAO should the need arise. This includes the appointment of an EQR by the ANAO contractor on a contracted out audit.

8.65 The policy also has scope for persons to be assigned to assist the EQR. This may be appropriate where highly specialised knowledge, skills or expertise may be useful for understanding certain transactions undertaken by the entity to help the EQR evaluate the significant judgements made by the engagement team related to those transactions. The option of appointing assistants to the EQR does not diminish the overall responsibility of the EQR for the engagement quality review. In particular, the EQR is expected to consider whether the assistants understand their instructions and whether the work is being carried out in accordance with the planned approach to the review; and to address matters raised by assistants, considering their significance and modify the planned approach appropriately.

8.66 The FSASG GED, at the start of each audit cycle, is responsible for determining whether an entity is a Public Interest Entity. Refer to Chapter 107 Engagement risk rating and Public Interest Entity assessment of the ANAO Audit Manual - FSASG Specific for policy and guidance on assessing if an entity is, or is to be classified as, a Public Interest Entity.

8.67 The Engagement Executive may consult with the EQR during the engagement; for example, to confirm that a judgement made by the Engagement Executive will be acceptable to the EQR. Such consultation avoids identification of differences of opinion at a later stage of the engagement and need not compromise the EQR’s eligibility to perform the role. Where the nature and extent of the consultations become significant, the EQR’s objectivity may be compromised unless care is taken by both the engagement team and the EQR to maintain the EQR’s objectivity. Where this is not possible, another individual may be appointed to take on the role of either the EQR or the person to be consulted on the engagement.

8.68 Significant matters arising on an engagement should be considered by the Engagement Executive (and the Signing Officer if applicable) in consultation with the GED as appropriate before consultation with the EQR to minimise compromising the EQR’s objectivity. Differences of opinion between the Engagement Executive (or the Signing Officer if applicable) and the EQR should be dealt with consistent with the ANAO policy Differences of Opinion.

8.69 The extent of the review may depend on, among other things, the complexity of the engagement and the risk that the auditor’s report may not be appropriate in the circumstances. The review should be performed on a real time basis and completed before the issue of the auditor’s report. Where applicable, the EQR should use the normal review mechanisms, so that the completed audit will reflect the effect of the review without recourse to review notes.

8.70 The EQR is required to document the engagement quality review. The review results should also be discussed with the audit team, and a brief written report, outlining work undertaken and the results, provided to the audit team.

8.71 Any issues raised by the EQR must be addressed by the audit team. When providing the audit report to the GED, the audit team is required to indicate the action taken to address the issues raised by the review, and to advise of any issues or review comments not addressed.

8.72 In financial statement audits, to evaluate the significant judgements made by the team, the EQR reviews and considers:

  1. significant risks identified during the engagement and the responses to those risks including the engagement team’s assessment of, and response to, the risk of fraud;
  2. judgements made, particularly those underlying the materiality assessment;
  3. the significance and disposition of corrected and uncorrected misstatements identified during the audit; and
  4. the matters to be communicated to management and those charged with governance, including the Audit Strategy, Closing Letter and Management Letters and any other communications highlighting significant findings from the audit, and, where applicable, communications to other parties such as regulatory bodies.

8.73 In performance audits, to evaluate the decisions made by the audit team, the EQR reviews and considers:

  1. whether there is sufficient audit evidence to support the key audit findings, and, by extrapolation, the audit conclusion;
  2. whether there is evidence that there has been an adequate review of the work of the audit team;
  3. whether there has been adequate consideration of comments/views received from the audited entity(s) and other stakeholders (where relevant);
  4. whether the audit addresses the audit objective, and there is a clear link between the audit objective and audit conclusion, and that the audit adequately addresses the audit criteria; and
  5. whether the audit recommendations address the cause of the significant issues identified by the audit, they are realistic and achievable, and they are understandable on their own.

Differences of opinion in ANAO engagements

Background

8.74 Policies and procedures about differences of opinions are required by:

  • ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements; and
  • ASA 220 Quality Management for an Audit of a Financial Report and other Historical Information.

Policy

8.75 An auditor’s report shall not be issued if there is an unresolved significant difference of opinion within the ANAO.

8.76 A difference of opinion within the engagement team shall be referred for advice to a more senior member of the team (including the Engagement Executive). If the difference of opinion involves the Engagement Executive, then it shall be referred to the GED.

8.77 An unresolved difference of opinion occurring between any two or more of the following parties shall be referred to the Qualifications and Technical Advisory Committee, Deputy Auditor-General or Auditor-General as appropriate:

  1. the Engagement Executive;
  2. the Second Reviewer;
  3. the EQR;
  4. an SED;
  5. a FSASG or PASG GED; and
  6. the PSRG GED.

8.78 The Engagement Executive shall ensure conclusions reached regarding a difference of opinion are documented and implemented. The conclusions reached shall be communicated to the engagement team.

8.79 For every difference of opinion, the documentation required shall present the relevant facts and includes:

  1. the various professional considerations raised;
  2. the alternatives considered; and
  3. the conclusions reached.

Guidance

8.80 The ANAO promotes a culture of collaboration and consensus building which encourages and values critical thinking. Because auditing requires the use of professional judgement, differences of opinion can arise. A difference of opinion may be expressed without fear of reprisal. Engagement Executives should be actively involved in resolving accounting or auditing problems encountered by professional staff in the course of audit engagements.

8.81 The audit engagement team comprises professionals with varying levels of experience and expertise, and differences in professional views between members may arise. These differences, particularly those involving personnel at senior levels, generally involve a high degree of professional judgement and technical accounting and auditing questions. Each professional staff member of the ANAO is expected to form their own conclusions and be responsible for ensuring that those views receive adequate consideration.

8.82 This policy applies where differences of opinion arise about matters that (i) could cause financial statements to be misleading; (ii) may impact on the audit conclusion of a performance audit or the audit review opinion or conclusion for an assurance review; (iii) could cause us to modify the auditor’s report; or (iv) could involve an apparent inconsistency in the reporting of a matter between FSASG and PASG. Although differences over matters of this degree of significance are expected to be infrequent, they may arise in such areas as:

  1. selection and application of accounting principles or auditing standards;
  2. financial statement presentation and disclosure;
  3. nature, timing, and extent of auditing procedures;
  4. interpretation of authoritative pronouncements, both ANAO and professional; or
  5. circumstances resulting in a departure from the standard audit report.

8.83 This policy provides a means to enable such differences being expressed and resolved.

Role of the qualifications and technical advisory committee

Policy

The qualifications and technical advisory committee (QTAC)

8.84 QTAC shall comprise for all matters:

  1. DAG (Chair);
  2. GED – PSRG;
  3. GED – FSASG;
  4. GED – PASG Practice Management;
  5. GED – PSASG;
  6. Engagement Executive responsible for CFS audit;
  7. at least one additional member appointed by the Chair on an ongoing basis; and
  8. additional members as determined necessary by the Chair on an ongoing or non-ongoing basis. This would include situations where the Chair is the signing officer on a matter before QTAC.

8.85 PSRG shall provide technical advice and secretariat services to QTAC. This responsibility includes:

  1. scheduling QTAC meetings;
  2. reviewing, collating and distributing meeting papers to QTAC members;
  3. preparing a PSRG position in respect of the issue and including in the QTAC papers;
  4. preparing minutes from the QTAC meetings, including the recommendation to the Auditor-General arising from the meeting, and sending to QTAC members for review and approval before issuing to the Auditor-General. These minutes shall record any dissenting views; and
  5. formally notifying the Engagement Executive of the outcome of QTAC discussions and the recommendation made to the Auditor-General.

8.86 The following matters shall be referred to QTAC:

  1. audit reports where the following are/were:
    1. proposed for the current year;
    2. considered in the current year but not proposed; or
    3. reported in the previous year and not proposed in the current year:
    • a modified opinion or conclusion (except for performance audits – refer 8.88) – this includes a qualified opinion, an adverse opinion or a disclaimer of opinion; and
    • an emphasis of matter or other matter paragraph. This excludes emphasis of matter paragraphs required for special purpose reporting frameworks;
  2. differences of opinion between the Engagement Executive and:
    1. the PSRG GED;
    2. the EQR; or
    3. a firm undertaking a contract out audit;
  3. where any of the following events or conditions have been identified that may cast significant doubt on the entity’s ability to continue as a going concern for financial statements audits:
    1. net liability or net current liability position;
    2. inability to comply with the terms of loan agreements;
    3. fixed-term borrowings approaching maturity without realistic prospects of renewal or repayment;
    4. indications of withdrawal of financial support by creditors;
    5. negative operating cash flows indicated by historical or prospective financial report;
    6. substantial operating losses or significant deterioration in the value of assets used to generate cash flows;
    7. inability to pay creditors on due dates;
    8. change from credit to cash-on-delivery transactions with suppliers;
    9. inability to obtain financing for essential new product development or other essential investments;
    10. management intentions to liquidate the entity or to cease operations;
    11. loss of key management without replacement;
    12. loss of a major market, key customer(s), franchise, licence, or principal supplier(s);
    13. pending legal or regulatory proceedings against the entity that may, if successful, result in claims that the entity is unlikely to be able to satisfy;
    14. changes in law or regulation or government policy expected to adversely affect the entity;
    15. situations where government support is reduced or withdrawn, through privatisation, lack of funding or when policy decisions are made that affect the services provided by the entity; and
    16. any other events that cast significant doubt on the entity’s ability to continue as a going concern.

Events or conditions that arise when a Commonwealth entity ceases are not captured by paragraph 8.86 (c). For the going concern policy on ceasing Commonwealth entities refer to paragraphs 8.109 to 8.118. QTAC consultation will be required for ceasing Commonwealth entities where the Engagement Executive or PSRG determine it is necessary.

  1. accounting or audit matters which are likely to attract significant parliamentary or public attention, including performance reporting matters;
  2. accounting or related matters that are material to the Commonwealth’s Consolidated Financial Statements where there is, or there is significant potential for, differing professional opinions;
  3. proposal to not comply with an ANAO Auditing Standard or the ANAO Audit Manual policies; and
  4. where an Engagement Executive determines that a matter is appropriate to report as additional “important” information to the Minister under subsection 26(1) of the A-G Act.

8.87 The policy requirement 8.86(a) does not apply where a material prior year error has been corrected and adequately disclosed in the financial statements and the EE, GED and PSRG agree that an emphasis of matter paragraph is not necessary after consideration of all relevant factors outlined in ANAO Audit Manual - FSASG Specific, Evaluating misstatements, paragraph 111.51.

8.88 The Auditor-General may refer any other matter to QTAC for consideration. To enable consideration of whether a matter will be referred to QTAC, the Auditor-General shall be advised in a timely manner when the Engagement Executive becomes aware that a performance audit may fall into one of the following categories:

  1. audits where there are highly contentious findings or issues, or engagement risk has been elevated to high during the course of the audit;
  2. audits where the draft conclusion is:
    1. adverse (for example, the conclusion against the objective is not effective, not value-for-money, not efficient);
    2. disclaimed (for example, I have not been able to form a conclusion against the objective); or
    3. qualified in respect of the majority of criteria (this would be a case where judgment is required to determine if the conclusion should be “except for” or “adverse”); or
  3. audits where a significant amount of judgement is required to determine the appropriate form of conclusion.

8.89 A formal submission to QTAC shall be prepared by the responsible Engagement Executive. The views of the separate Signing Officer (other than the Auditor-General), EQR or Second Reviewer, where appointed, shall also be included in the submission.

8.90 Submissions to the QTAC shall be provided to the Auditor-General by PSRG.

8.91 The Auditor-General shall be invited to attend the QTAC meeting and may do so at the Auditor-General’s discretion.

8.92 Where there is an EQR assigned to the engagement, the Chair shall be consulted on whether the EQR should attend the QTAC meeting.

8.93 A quorum for a meeting/resolution is any five members (all members having been notified of the item for resolution). A member who has an interest in a matter under consideration must disclose that interest to the committee. If the Chair is unable to attend a meeting, they may nominate an alternative chair for the meeting.

8.94 When a matter has been considered by the QTAC, a memorandum shall be provided to the Auditor-General summarising the views and recommendations of the committee. The Auditor-General makes the final decision after considering the recommendations of the QTAC.

8.95 Where a QTAC referral results in a delay to the audit timeframes, the delay is to be agreed by the Auditor-General or DAG as part of the referral process.

8.96 Where the Engagement Executive or members of the committee dissent from the overall view of the committee, these views shall be included in the memorandum provided to the Auditor-General under paragraph 8.94.

Guidance

8.97 Situations will arise where Engagement Executives have to deal with difficult or contentious matters or unresolved differences of professional opinion. QTAC is a mechanism providing for Engagement Executives to consult on certain difficult or contentious matters and, where necessary, for dealing with and resolving differences of opinion. PSRG provides guidance to Engagement Executives on the application of this policy.

Submission process

8.98 Engagement Executives are expected to provide their submissions that have been reviewed by the responsible GED for QTAC referral to PSRG allowing seven days’ notice to be given to members and allow time for PSRG to review the submission and schedule a QTAC meeting. The final QTAC submission is expected to be provided to QTAC members three days before the scheduled QTAC meeting. Engagement with QTAC should occur as early as possible in the audit cycle. Potential issues should be flagged with PSRG and the GED when first identified. Exceptions to the above timeframes will be subject to the discretion of the Chair.

8.99 In the case of performance audits and limited assurance reviews, where one or more of the circumstances in 8.77 exist, the Auditor-General is to be notified as soon as the relevant circumstance arises to allow for a decision to be made as to whether referral will be made to QTAC.

8.100 The QTAC process may be fast-tracked at the discretion of the Chair of the QTAC Committee.

8.101 Submissions to QTAC should include only material that is relevant to the matter to be considered, including:

  1. an outline of the matter;
  2. details and analysis of relevant accounting or auditing standards impacted;
  3. the Engagement Executive’s view as to the appropriate form of the audit report or resolution of the matter; and
  4. any potential delays to the schedule of the audit arising from the QTAC process.

8.102 In the case of financial statements audits, a copy of the most recent draft of the financial statements is also to be included.

Meeting process

8.103 QTAC meets on an as needed basis, with all the meetings being minuted. QTAC may resolve matters out of session.

8.104 In addition to QTAC members, Engagement Executive, PSRG secretariat staff and Auditor-General (where the Auditor-General chooses to attend the meeting), the EQR or second reviewer (if appointed), other ANAO staff and external contractors engaged on contract-out audits or engaged as auditor’s experts may also attend the meeting as observers.

8.105 Ordinarily, senior members of the Engagement Team, including audit managers and team leaders, should be invited as observers. Inviting such team members should not be regarded as diminishing the Engagement Executive’s overall responsibility for the conduct of QTAC consultation, however their attendance at the meeting provides an opportunity for these staff to be aware of the considerations of the committee and may also be able to provide support to the Engagement Executive.

8.106 Other ANAO staff that should be considered to attend the meeting as observers may include:

  1. Engagement Executives and other senior staff of audits affected by the matter being considered, including other financial statements, performance statements audits and relevant performance audits; and
  2. SADA Executives and other senior ANAO staff from outside the engagement team whose work contributes to the matter being considered.

8.107 Attendance at QTAC of non-ANAO staff is rare but may be suitable in some circumstances. Auditee attendance is not anticipated because QTAC is an internal ANAO consultation, but contractors engaged by ANAO to assist its audit activities may be invited where it is helpful to the deliberations of the committee. The Chair should be consulted on contractor involvement in each case. This may include circumstances where there is a difference of opinion between the contract-out audit partner and key ANAO personnel or where the matter being considered relates to the work of an external auditor’s expert.

Matters to be referred to QTAC

8.108 Paragraphs 8.86(d)-(e) above require accounting or related matters that are material to the CFS where there is, or there is significant potential for, differing professional opinions to be referred to QTAC, as well as matters which are likely to attract significant parliamentary or public attention. Such matters may affect one or more Australian Government entities, may be raised by the Department of Finance, or may involve a different treatment under the rules for the preparation of Government Finance Statistics or the Australian Government Budget.

Going concern

8.109 In the public sector, it is common for restructures of administrative arrangements to occur. This involves the reallocation or reorganisation of functions and responsibilities among government-controlled entities. This can result in Commonwealth entities ceasing to exist or merging with other Commonwealth entities. The transfer of functions, merging and cessation of non-corporate Commonwealth entities with other non-corporate Commonwealth entities does not create Going Concern considerations, as non-corporate Commonwealth entities form one legal entity that is the ‘Commonwealth’.

8.110 Corporate Commonwealth entities and Commonwealth companies and their subsidiaries are separate legal entities from the ‘Commonwealth’ and going concern risks can arise from situations where government support is reduced or withdrawn through privatisation, lack of funding or when policy decisions are made that affect the services provided by the entity. If events or conditions are identified that cast significant doubt on the entity’s ability to continue as a going concern, the audit team is required to get sufficient appropriate audit evidence to determine whether a material uncertainty exists consistent with ASA 570. Audit teams are required to refer these situations to QTAC to help them in concluding whether a material uncertainty exists. The conclusion made, in consultation with QTAC, will have implications for the entity’s financial statements disclosures and our auditor’s report.

8.111 When a government decision is made to abolish a corporate Commonwealth entity and legislation is required to be passed to cease the entity, the entity is treated as a going concern until the legislation is enacted.

8.112 These principles were used to form the following ANAO position endorsed by QTAC which is to be applied where a Commonwealth entity ceases, in consultation with PSRG. This approach does not apply to ceasing Commonwealth companies as specific circumstances of a ceasing Commonwealth company will drive a decision and a general approach cannot be applied.

Type of Commonwealth entity

Legislation is required to cease entity

 

C: Legislation NOT required to cease entity

 

 

A: Not enacted

B: Enacted

Non-corporate Commonwealth entity – any functions transfer to another non-corporate Commonwealth entity

Going Concern

(no Material Uncertainty paragraph)

Going Concern

(no Material Uncertainty paragraph)

Going Concern (no Material Uncertainty paragraph)

[AAO changes]

Non-corporate Commonwealth entity – all other cases (e.g. all functions cease, functions transfer to a corporate Commonwealth entity or Commonwealth company)

Going Concern

(no Material Uncertainty paragraph)

Not Going Concern

(Material Uncertainty paragraph)

Not Going Concern (Material Uncertainty paragraph)

Corporate Commonwealth entity

Going Concern

(no Material Uncertainty paragraph)

Not Going Concern

(Material Uncertainty paragraph)

-

       

8.113 Exceptional circumstances may arise in individual cases that require a treatment different to the position above. Engagement Executives, in consultation with PSRG, will need to assess if the approach can be sensibly applied in their individual circumstances. Where exceptional circumstances are apparent, the matter must be referred to QTAC for consideration. If management’s view does not accord with the audit view, consult with the responsible GED and PSRG in the first instance.

9. Documentation

Audit documentation

Background

9.1 Documentation requirements are set out in ASA 230, ASAE 3000 and ASAE 3500.

Policy

9.2 ANAO auditors and contractors shall comply with the documentation requirements of the ANAO auditing standards, policies and audit methodology.

9.3 Documentation shall be prepared which enables an experienced auditor with no connection to the audit to understand the nature, timing and extent of audit procedures, the results of audit procedures, audit evidence obtained, significant matters arising during the audit and conclusions reached.50

9.4 The work papers shall contain sufficient detail to enable re-performance of the testing and demonstrate an adequate basis for the documented conclusions.51

9.5 Work papers shall identify who performed the work and the date the work was completed as well as who reviewed the work and the date and extent of the review.52

9.6 The auditor shall document the overall audit strategy and the audit plan, including any significant changes made during the audit engagement.

9.7 Documentation of the planned approach to the audit, and any major changes to that planned approach, shall be reviewed by the Engagement Executive or Audit Manager before audit work commencing.

9.8 For financial statement audits, the Engagement Executive or the Audit Manager shall review and sign-off all procedure summaries in the A folder of the relevant TeamMate library file prior to commencement of the interim audit work.53 In circumstances where the planning and interim phases of the audit are undertaken concurrently, it may not be practicable to review and sign off all planning procedures prior to commencing interim procedures. In these circumstances, the planning procedures shall be reviewed and signed off before the interim audit phase is concluded.

9.9 In all circumstances noted in paragraph 9.8, the auditor is permitted to commence testing on a particular balance or financial statement line item (FSLI) where the relevant audit approach and plan for that balance or FSLI has been reviewed and signed off, irrespective of whether the audit approaches and plans for other balances or FSLIs are reviewed and signed-off.

9.10 Audit documentation shall be evidenced as reviewed before the date of the auditor’s report.

9.11 For performance audits, working papers shall contain the following specific documents:

  1. planning documents, approvals, any variation(s) to the AWP;
  2. evidence of briefing the ANAO Executive and entity management;
  3. records to show the management of the audit budget, timelines, audit staff and contractor/experts; and
  4. evidence of review and other quality control requirements, including the completed Audit Clearance Form – Policy Compliance Certification, Independence declarations and consideration of feedback from the entity.

9.12 For financial statements audits, files54 shall be complete and ready for finalisation by the earlier of 31 October or 60 days after the date of signing of the auditor’s report. Extensions beyond 31 October (up to a maximum of 60 days after the date of signing of the auditor’s report) shall be approved in writing by the GED, FSASG.55 The consideration of approval shall have regard to the corporate need for timely completion of the Audit Inspection program required by ASQM 1 and the policy at paragraph 10.6. All files in the electronic file management system (E-Hive) that contain audit documentation, shall be closed and retained as formal records by the earlier of 31 October or 60 days after the date of signing of the auditor’s report.

9.13 For performance audit engagements56 and limited assurance reviews, audit files and working papers shall be completed and finalised within 60 days after the tabling of the audit report. All files in the electronic file management system (E-Hive), including correspondence between entities and individuals outside the ANAO, shall be closed and retained as formal records within 60 days after the tabling of the audit report.

9.14 For performance statements audits, files shall be complete and ready for finalisation by the earlier of 30 November or 60 days after the date of signing of the auditor’s report. Extensions beyond 30 November (up to 60 days after the date of signing of the auditor’s report) shall be approved in writing by the PSASG GED. The consideration of approval shall have regard to the corporate need for timely completion of the Quality Assurance Program. All files in the electronic file management system (E-Hive) that contain audit documentation, shall be closed and retained as formal records by the earlier of 30 November or 60 days after the date of signing of the auditor’s report.

9.15 For all other engagements, files shall be complete and ready for finalisation within 60 days after the date of signing of the auditor’s report.

9.16 If, in exceptional circumstances, new or additional audit procedures are performed or new conclusions drawn after the date of the auditor’s report, the circumstances, procedures performed, evidence obtained and conclusions reached and their effect on the auditor’s report, as well as when and by whom the resulting changes to audit documentation were made and reviewed shall be documented.

9.17 In circumstances other than these where the auditor finds it necessary to modify existing documentation or add new documentation after the assembly of the final audit file, the specific reasons for making the modifications or additions and when and by whom they were made and reviewed shall be documented.

Guidance

Content and extent of audit documentation

9.18 Audit documentation is the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor has reached. The term ‘work papers’ is also used when referring to audit documentation. The extent of the audit documentation will be influenced by considerations such as the nature, size, complexity and risk of the auditee or engagement.

9.19 Audit file means one or more folders or other storage media, in physical or electronic form, containing records that comprise the audit documentation for a specific engagement. This includes audit documentation recorded on TeamMate and E-Hive.

9.20 In order for documentation to support the conclusions drawn and work performed, a degree of detail is necessitated. For example, when completing risk assessment procedures under ASA 315 to get evidence about the design and implementation of internal controls, the auditor may use enquiry, observation, inspection and tracing transactions. The standard notes that enquiry alone is not sufficient. To properly evidence that the auditor has complied with this requirement, the documentation must include details of with whom discussions took place, what specifically was observed and what documents were inspected or traced to provide evidence that the control was implemented. Similarly, when using analytical procedures, it is not sufficient to conclude that a variance is immaterial without stating the basis on which the conclusion is drawn.

9.21 Audit documentation is to be recorded in the electronic working papers (TeamMate/E-Hive). In some circumstances, it is useful to have a file to record general background documentation on the client (e.g. policy manuals, budget papers, legislation). This information may be referred to as necessary during the audit, but any information on a file that needs to be documented for the purposes of the audit must be included in the official records (E-Hive).

9.22 TeamMate audit files shall reference the exact file location of audit documentation contained in E-hive. This can be achieved by inserting a functioning URL link into TeamMate to the audit documentation in E-hive or referencing audit documentation E-hive’s file and document numbers.

9.23 In the case of performance audits, the following should be documented:

  1. the identifying characteristics of the specific items or matters being tested; for example, for an entity Business Plan, the year to which it refers and the date on which it was approved, and for minutes of meetings, the date of minutes of meetings and who approved them;
  2. discussions of significant matters with entity management and other stakeholders;
  3. the key judgments made and the rationale for these judgments;
  4. how any contradictions or inconsistencies with the final conclusion drawn by the audit team on any significant matter(s) were addressed in forming that conclusion; and
  5. any limitations to audit coverage, that is, in certain rare circumstances, where factors outside the audit team’s control prevent relevant audit work being undertaken, including access to relevant information, records or data. The limitations should be documented and consideration given to including details of the limitation to audit coverage in the audit report.
Planning

9.24 The ANAO audit methodology includes mandatory steps that ensure the planning requirements under the standards are met. Evidence of review by the Audit Manager and Engagement Executive, as appropriate, before the performance of further audit procedures provides assurance that the planning has reduced the audit risk to an acceptably low level and that the audit approach is efficient.

9.25 For financial statement audits, the Engagement Executive or the Audit Manager is required to sign-off procedure summaries in folder A ‘Understand and Plan the Audit’ of the relevant TeamMate library prior to commencement of the interim audit work. Policy at paragraph 9.8 outlines the requirement when the planning and interim audit phases are scheduled to be undertaken concurrently. In some cases, the Engagement Executive or the Audit Manager’s review procedures may identify deficiencies or areas for improvement in the planning procedures and documentation. In these cases, despite the existence of open review comments (coaching notes) on planning procedures, recording of the approval of these procedures in the file by the Engagement Executive or the Audit Manager, subject to subsequent timely resolution of individual open review comments, will satisfy the requirement of paragraph 9.8 if the recording of the approval is completed before the commencement of interim audit work.

9.26 The Engagement Executive retains overall responsibility for ensuring that open review points have been satisfactorily addressed before the completion of the audit. The Engagement Executive or the Audit Manager should not record approval of planning procedures if significant deficiencies exist which may cause doubt about the suitability of the planned overall audit approach. The Audit Manager or the Engagement Executive should not allow any interim audit work to commence until these matters are resolved.

9.27 Where there have been changes to the planned audit approach subsequent to commencement of the interim audit work, the Engagement Executive or the Audit Manager should ensure that the audit file accurately reflects the changes made to the audit approach.

Completion of the audit file

9.28 Work done after the date of the Auditor-General’s report should not involve the performance of new audit procedures or the drawing of new conclusions.

9.29 Work done to complete the audit file after the signing or tabling of the audit report should be of an administrative nature only; for example, deleting superseded documentation, sorting, collating and cross referencing work papers, signing of checklists relating to the audit file assembly process. Audit documentation which has been superseded or is not relevant to the audit opinion or report must be removed from the audit file.

9.30 It is possible that before the audit report being signed or tabled, the auditor has obtained evidence that is not yet fully documented in the audit file. To meet the requirement of the standard, this evidence must be discussed and agreed with the relevant members of the audit team before the date of the audit report and evidence of this prior discussion and agreement must be included within the audit documentation. Completion of the audit file may result in a review date being recorded electronically in the audit file which is after the date of the audit report. To evidence compliance with the standards, it is important that the nature of post-signing or post-tabling audit work is described in the audit file.

9.31 A performance audit file should retain all audit evidence that informs the preparation of the audit report, supports the conclusions against the audit criteria, and any other evidence relevant to audit findings.

9.32 Instructions for the finalisation of TeamMate files are located here.

9.33 Instructions for the finalisation of E-Hive files are located here.

Management and retention of audit information

Background

9.34 ASQM 1 requires the ANAO to create policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility, retrievability and retention of engagement documentation.

9.35 This policy should be read with the legislative, regulatory requirements and policy on audit documentation, including the:

  1. Archives Act 1983;
  2. Procedure Security Policy (AGID); and
  3. Information Security Manual (ASD).

Policy

9.36 ANAO staff and contractors shall make themselves familiar with and apply ANAO policies on records management and security.

9.37 TeamMate and E-Hive audit files shall be finalised consistent with the Audit Documentation policy.

9.38 Audit managers shall ensure that audit documentation is archived consistent with the ANAO Information Management Framework.

Guidance

Records management and security

9.39 ANAO general record keeping and information management policies are the responsibility of the ANAO’s Chief Information Officer. These policies are available on MyANAO and include:

  1. ANAO Information Management Framework;
  2. ANAO Records Authority;
  3. ANAO Security Policy Manual; and
  4. E-Hive policies and procedures.

9.40 Collectively, these policies are designed to meet the requirements of the Archives Act 1983, the Protective Security Policy Framework issued by the Attorney-General’s Department and the Information Security Manual issued by the Australian Signals Directorate.

9.41 ANAO staff and contractors should be aware particularly of those aspects of these policies that affect their daily work, including classification of information under National Security and Non-National Security regimes; and the holding, transmission or transporting of such information:

  1. by Email;
  2. in Electronic Working Papers (Team Mate / E-Hive);
  3. on ANAO Standard Laptop and Desktop computers;
  4. in physical storage;
  5. on the ANAO Network; and
  6. when physical and electronic classified documents are in use both within the ANAO premises and outside the Office.

9.42 Refer to Laptop & Mobile Device Security Policy on MyANAO for requirements on storage of ANAO’s laptops or devices when working outside of ANAO’s office.

External correspondence

9.43 External correspondence (both issued and received) must be maintained in E-Hive. External correspondence should be declared as a record in E-Hive. This includes confirmations received from third parties such as bank confirmations or solicitor’s representation letters.

Access to working papers

Background / legislative requirements

9.44 Section 36(1) of the A-G Act provides:

If a person has obtained information in the course of performing an Auditor-General function, the person must not disclose the information except in the course of performing an Auditor-General function or for the purpose of any Act that gives functions to the Auditor-General.

Penalty: Imprisonment for 2 years.

Note: Chapter 2 of the Criminal Code sets out the general principles of criminal responsibility.

Policy

9.45 Working papers (including audit evidence obtained from auditees) and associated audit documentation shall only be made available to ANAO staff and contractors on a ‘need to know’ basis. Where information about an audit is required for purposes other than an audit or a quality assurance review, the permission of the relevant Engagement Executive shall be obtained.

9.46 Requests by a court or tribunal for access to working papers shall be referred to the Auditor-General.

9.47 Should the need arise to provide working papers to a court or tribunal, ANAO Legal Services shall be consulted on the process to be followed.

9.48 Authorisation for the release of working papers to a third party or to the Parliament or its members shall be obtained from the Auditor-General.

Guidance

Access by ANAO staff and contractors

9.49 Officers with a need to know would generally be members of the audit team as well as other ANAO officers who become involved in the audit from time to time (e.g. members of PSRG who may be called on to provide technical advice, or staff undertaking quality assurance programs).

9.50 In the case of information with a national security classification, access would be restricted to members of the audit team with an appropriate security clearance.

Access by courts or tribunals

9.51 If courts or tribunal request access to audit working papers through a subpoena or discovery process, the Auditor-General may decide, on a case by case basis, to argue that subsection 36(1) of the A-G Act, relating to the confidentiality of information, prevents the ANAO from complying with a subpoena or a discovery process.

9.52 Parliamentary Privilege also attaches to the working papers of audits and such privilege could also prevent the release of audit working papers to courts or tribunals.

Access by third parties

9.53 Third parties include internal auditors, regulators, external auditors of joint venturers where ANAO audits the joint venture, advisors to prospective purchasers, investors or lenders to entities audited by the ANAO and successor auditors where ANAO auditees leave the Auditor-General’s mandate. Such third parties may request access to our working papers in order to evaluate the suitability of our work to be relied upon for their professional duties.

9.54 ANAO audit working papers are the property of the ANAO, including the audit work papers of contractors performing audit work on our behalf. Subject to law, the ANAO has the right to decline or restrict access to third parties.

9.55 In deciding on whether to release working papers to a third party, the implications of legal advice about the operation of subsection 36(1) of the A-G Act need to be considered.

9.56 If the Auditor-General has given permission for the release of working papers to a third party then before release, the Engagement Executive will consider the guidance provided in the AUASB Guidance Statement GS 011 Third Party Access to Audit Working Papers.

9.57 General considerations to providing access to working papers to third parties should be given to:

  1. client confidentiality;
  2. client indemnity from any legal claims;
  3. indemnities from third parties from any legal claims;
  4. compliance with the ANAO Security Policy;
  5. ANAO control over access to audit working papers;
  6. whether the audit and working papers are complete; and
  7. whether the working papers are subject to any legal professional privilege, which should not form part of the audit working papers released to third parties.

9.58 All conditions, scopes and indemnities should be obtained in writing from all parties before the release of any working papers to third parties. Example letters are contained within AUASB GS 011.

Access to our working papers by the Parliament

9.59 As the primary users of the ANAO’s audit reports, it is usual practice for the Auditor-General and other ANAO officials to attend parliamentary committees including the JCPAA to give evidence about the conduct of our work. In that context, the evidence provided by the ANAO is normally specifically drawn out of the audit report or is contextual factual information that supports the interpretation of information provided in the auditor’s report.

9.60 Members of the Parliament or its committees may request that the ANAO provide documents obtained during the auditing process that have not been included in the ANAO’s performance audit report.

9.61 The Auditor-General considers that it is generally not in the public interest that audit evidence not included in the performance audit report should be provided in response to such requests for a number of reasons, including:

  1. the A-G Act and APES110 impose obligations and principles of confidentiality on our work;
  2. the Auditor-General and the ANAO are exempt from the Freedom of Information Act 1982 to stop the ANAO being an alternate option for documents that should be more properly requested from the document owner; and
  3. providing such information outside of the established report preparation papers and section 19 processes may circumvent ANAO’s natural justice obligations and the operation of the Attorney-General’s authority to require removal of information that is contrary to the public interest to include in a public report.

9.62 Under our auditing framework, audited entities and others can trust that the Auditor-General and the ANAO will treat them fairly and will protect the confidentiality of specific items of audit evidence. The Auditor-General considers that it would be contrary to the public interest if the ANAO is frustrated in its ability to obtain information from auditees and report to Parliament. Audited entities may perceive a risk that they could lose control of specific items of audit evidence provided to the ANAO because the Auditor-General may release that information outside of an audit report.

9.63 Because of these considerations, audit evidence obtained from entities should not be provided to the Parliament outside of the normal audit reporting processes unless approved by the Auditor-General.

Copies of report preparation papers and section 19 proposed reports

9.64 ANAO papers created for the purposes of preparing a proposed report under section 19 and proposed reports issued under section 19 of the A-G Act are subject to the confidentiality obligation in section 36(3) of the A-G Act. Section 36(3) applies very broadly and a person commits an offence if they receive any report or extract created for the purposes of preparing a proposed report under section 19 (including report preparation papers and ANAO working papers) or a proposed report or extract under section 19 of the A-G Act and they disclose any information in the report or extract. The penalty for breaching section 36(3) is imprisonment for two years.

9.65 Section 36(4) provides that the Auditor-General may consent to a disclosure. Accountable Authorities wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants and Ministers, must seek the consent of the Auditor-General. The Auditor-General has delegated to the Deputy Auditor-General the power to consent to disclosure of information under subsection 36(4).

9.66 The Auditor-General has agreed that the Accountable Authorities of entities may decide to disclose, on a confidential basis, relevant papers (including report preparation papers and proposed reports provided under section 19) to entity officials as well as members of the entity’s audit committee. The consent to provide relevant papers to entity officials was given to allow Accountable Authorities discretion to determine which of their officials require access to papers, provided that the confidentiality of the papers is maintained. The consent to provide relevant papers to members of the entity’s audit committee was given to allow Accountable Authorities to use their audit committee to monitor entity risks and the implementation of any changes proposed in audit reports.

9.67 Accountable Authorities wishing to disclose information from relevant papers and reports to other persons, such as external legal advisers, contractors, consultants and Ministers, must seek the consent of the Auditor-General as required by paragraph 2.46 of this Manual.

9.68 Where a relevant paper is addressed to an officer of an entity, instead of an Accountable Authority, the Auditor-General has agreed that the officer to whom the paper has been addressed may decide to disclose, on a confidential basis, that paper to relevant officers of the entity or members of the entity’s audit committee.

9.69 Entities may, of course, provide those persons with information such as the objectives and criteria of an audit (which are published on the ANAO’s website) and factual material on the audit process, such as what stage an audit is at (consistent with what is published on the ANAO’s website).

10. Monitoring quality management policies and procedures

Monitoring – inspection of ANAO assurance products

Background

10.1 Consistent with ASQM 1, the ANAO has designed and performs monitoring activities to provide a basis for the identification of deficiencies in the ANAO’s system of quality management.

10.2 In determining the nature, timing and extent of the monitoring activities, the ANAO takes into account:

  1. The reasons for the assessments given to the quality risks;
  2. The design of the responses;
  3. The design of the firm’s risk assessment process and monitoring and remediation process;
  4. Changes in the system of quality management;
  5. The results of previous monitoring activities, whether previous monitoring activities continue to be relevant in evaluating the firm’s system of quality management and whether remedial actions to address previously identified deficiencies were effective; and
  6. Other relevant information, including complaints and allegations (see paragraphs 10.33–10.38 below), information from external inspections and information from service providers.

Policy

10.3 The Deputy Auditor-General has overall responsibility for the quality assurance review program of FSASG, PSASG and PASG assurance products (QARP). The results and conclusions of the QA Review are reported to EBOM.

10.4 The objectives of the QARP are to form an opinion on whether each engagement file inspected:

  1. complies with the A-G Act, professional requirements, auditing standards and other legal and regulatory requirements;
  2. complies with the ANAO’s policies and procedures, including quality management;
  3. provides relevant, reliable and timely information about the design, implementation and operation of the system of quality management; and
  4. evidences sufficient and appropriate assurance procedures to support conclusions reached.

10.5 The GED PSRG has responsibility for the design, conduct and reporting of the QARP.

10.6 An annual QARP program for each service group, designed consistent with this policy, shall be provided to the Deputy Auditor-General for approval.

10.7 The annual QARP for each service group may be designed and approved in multiple phases throughout the year. Where this is the case, the PSRG GED is responsible for ensuring that those stages taken collectively address at least the minimum requirements of this policy.

10.8 The annual QARP for FSASG includes:

  1. quality assurance review (QAR) of at least one in-house assurance engagement for each Engagement Executive over a three-year cycle; and
  2. QAR of at least one contract out assurance engagement for each firm engaged by the ANAO to conduct assurance engagements every three years.

10.9 For the purposes of paragraph 10.8, a QAR may be any one of the following:

  1. inspection by ANAO staff or contractors of completed engagement files according to an approach approved by the PSRG GED;
  2. inspection by ANAO staff or contractors of in-process engagement files according to an approach approved by the PSRG GED; or
  3. inspection by ASIC of completed engagement files in accordance with ASIC’s methodology.

10.10 Despite paragraph 10.9(b), each Engagement Executive must have at least one completed engagement file inspected every six years.

10.11 The annual QARP for PASG includes at least one completed engagement for each Engagement Executive over a three year cycle.

10.12 The annual QARP for PSASG includes quality assurance review (QAR) of at least one in-house assurance engagement for each Engagement Executive over a three-year cycle.

10.13 For the purposes of paragraph 10.12, a QAR may be any one of the following:

  1. inspection by ANAO staff or contractors of completed engagement files according to an approach approved by the PSRG GED; or
  2. inspection by ANAO staff or contractors of in-process engagement files according to an approach approved by the PSRG GED.

10.14 Despite paragraph 10.13(b), each Engagement Executive must have at least one completed engagement file inspected every six years.

10.15 When Engagement Executives are responsible for audits in multiple service groups, the quality assurance review coverage of the Engagement Executive over a three year cycle will include consideration of in-house assurance engagements reviewed across all service group QARPs.

10.16 In addition, the annual QARPs for FSASG, PSASG and PASG may include:

  1. the selection of one or more audits conducted under section 20 of the A-G Act (‘audits by arrangement’);
  2. special monitoring programs, including across the board inspections that look at specific aspects of auditing or professional standards, regulatory or legal requirements or the ANAO methodology; and
  3. the selection of some engagements without prior notification to the engagement team.

10.17 When selecting audits for inspection, considerations shall include:

  1. the level of engagement risk57;
  2. seniority and experience of staff conducting the engagement;
  3. findings from previous inspections and other indicators of potential audit quality deficiencies;
  4. any complaints and allegations made by ANAO personnel or third parties including auditees or ANAO contractors;
  5. coverage of audit partners within firms for contract out audit reviews; and
  6. coverage of Engagement Executives for contract out audit reviews.

10.18 Inspections of audits shall be conducted with sufficient time and supervised by suitably qualified individuals who have not been a member of the audit team or performed an engagement quality review on the audit.

10.19 All matters raised during the QAR shall be discussed with the relevant Engagement Executive and evaluated as to their significance. At the conclusion of the process, a written summary of the matters arising from the QAR shall be provided to the Engagement Executive for written comments and formal acknowledgement.

10.20 PSRG will evaluate the severity and pervasiveness of identified deficiencies by investigating the root cause of significant findings and selected thematic findings and observations. The root cause analysis will also evaluate the effect of identified deficiencies on the system of quality management.

10.21 The results of the QARP and associated root cause analysis will be advised to the responsible FSASG, PSASG or PASG GED before reporting to EBOM. PSRG, in discussion with the responsible GED, will evaluate the findings of the QARP and conclude whether the deficiencies found, if any, are one-off occurrences or indicative of systemic, repetitive deficiencies. The PSRG GED, in consultation with the responsible GED, will determine what corrective action (if any) is required in response to the QARP and root cause analysis. Any recommendations for corrective action or improvements to practices will be provided in a report to EBOM for endorsement.

10.22 Where a QAR of an individual engagement indicates that an inappropriate audit report may have been issued or that procedures were omitted such that sufficient and appropriate evidence may not have been obtained on a material item, the responsible GED shall consult with PSRG to determine what further corrective action is necessary. This consultation will consider the need to obtain legal advice. The matter shall then be advised to the Deputy Auditor-General and the Auditor-General.

10.23 Where a serious deficiency or extensive significant deficiencies are found in an engagement, PSRG will consider whether the Engagement Executive responsible should be reviewed again the following year.

10.24 Responsibility for the implementation of recommendations from the QARP process shall be agreed between the GED PSRG and the relevant GED. The Quality committee is responsible for monitoring the implementation of recommendations and other corrective actions. Any recommendation or corrective action resulting from the QARP or root cause analysis that the Quality Committee considers is not effective or appropriately designed shall be modified by the GED PSRG, in consultation with the responsible GED, and presented to EBOM for endorsement.

10.25 Results of the QARP shall be communicated to all audit staff in a timely manner. The Engagement Executive is responsible for ensuring that the detailed results of the QARP at the individual audit level are communicated to the engagement team.

10.26 The results of each QAR shall be considered by supervisors in applying the ANAO Performance Assessment Scheme. In particular, supervisors shall take into account any deficiencies identified through the QAR.

Guidance

10.27 The monitoring process, including the inspection and evaluation of completed audits, is an important component of the QMF. The QMF comprises the ANAO’s policies and procedures designed to provide reasonable assurance that, in the conduct of assurance engagements, applicable auditing and professional standards and legal and regulatory requirements are met and the audit report issued is appropriate in the circumstances.

10.28 The scope of the QARP encompasses all aspects of the audit or engagement process. The program is designed to contribute to continuous improvement by creating the opportunity for audit teams and the ANAO to learn from experience. Each audit team is expected to consider whether their audit is impacted by communicated findings and to adopt appropriate responses.

10.29 The QARP will be conducted using a test program which is designed to provide assurance for each engagement reviewed, that the audit has been conducted in accordance with the ANAO auditing standards and ANAO policies and procedures.

10.30 An audit may involve arrangements to rely on work conducted by another ANAO auditor as provided for in auditing standards ASA 402, ASA 600 and ASAE 3500. In such cases, the file review may also include review of relevant work conducted on the other audit.

10.31 When evaluating whether an audit has complied with a specific requirement as set out in the test program, the reviewer will indicate either that the audit complies or does not comply. Where file reviews are conducted by ASIC, ASIC’s rating system will be used. For all other reviews, if the audit does not comply, the finding will be rated consistent with the following system for rating audit files and individual findings.

Overall audit file rating:

Rating

Abbreviation

Description

Satisfactory

S

Not unsatisfactory

Unsatisfactory

USat

As a result of a significant finding or multiple moderate findings:

  • (i) An inappropriate conclusion has been issued under the circumstances; or
  • (ii) A conclusion was issued for which there was no reasonable basis, or for which the documentation did not support the conclusion that was issued.
     

Individual findings rating:

Rating

Description

A. Significant

These findings pose a high risk to the ANAO’s reputation (including its independence, objectivity, and professionalism). Finding in respect of a material balance, transaction or disclosure (financial audits) or material element of the subject matter (performance audits) resulting in a determination that:

  • an inappropriate conclusion has been issued under the circumstances; or
  • a conclusion was issued for which there was no reasonable basis, or for which the documentation did not support the conclusion that was issued.

B. Moderate

These findings pose a moderate risk to the ANAO’s reputation (including its independence, objectivity, and professionalism).

  • Finding in respect of a significant balance, transaction or disclosure (financial and performance statements audits) or significant element of the subject matter (performance audits) which is categorised as:
    1. Not fully performing or documenting significant mandatory audit procedures
    2. Planned procedures have not been performed or do not adequately address relevant assertion or criteria
    3. Failing to identify, adequately assess or respond to a significant risk
    4. Reliance placed on internal controls without adequate testing
    5. Reliance placed on documents or reports of the auditee without testing the completeness and reliability of those documents and reports;
  • Independence standards have not been complied with
  • Other ANAO policies relevant to the engagement have not been complied with

C. Minor

These findings pose a low risk to the ANAO’s reputation (including its independence, objectivity, and professionalism). Non-compliance with ANAO Auditing Standards, ANAO audit methodology or other ANAO policies which is not categorised as A. or B. above.

   

10.32 In addition to the QARP, the ANAO undertakes further internal and external reviews to monitor and gain assurance over the effective operation of its system of quality management. These include:

  1. Real time quality assurance reviews of a selection of in-progress financial statements and performance statements audits;
  2. An annual internal audit of compliance with components of the ANAO Audit Manual;
  3. An annual review of the ANAO Quality Management Framework and financial statements audit files by ASIC;
  4. Biennial peer reviews of a selection of completed performance audits performed by the Office of the Auditor General of New Zealand; and
  5. Other external reviews of the ANAO Quality Management Framework and a selection of completed audits, as considered appropriate.

Complaints and allegations

Background

10.33 During the course of ANAO work, complaints and allegations may be made from time to time. Many of these are dealt with through the ANAO’s normal management and communication channels. This policy deals with the formal management of any complaints or allegations that the work performed by the ANAO does not comply with applicable standards, requirements, systems of quality management or independence policies.

Policy

10.34 Complaints and allegations made by ANAO personnel shall be handled consistent with the ANAO’s Principal Officer’s Procedures for managing disclosable conduct under the Public Interest Disclosure Scheme – ANAO Principal Officer’s Procedures.

10.35 Formal complaints and allegations from external parties, including entities and ANAO contractors, about any of the matters listed at paragraph 5 of the Principal Officer’s Procedures, in the above link, shall be referred promptly to a GED not involved in the audit or the COO. Where the matter is not resolved to the satisfaction of the complainant by the responsible GED or COO, or where a formal complaint and allegation involves a GED or COO, the complaint shall be referred to the Deputy Auditor-General.

10.36 A confidential record of all formal complaints and allegations and their resolution shall be kept.

10.37 If, during the investigations into complaints and allegations, deficiencies in the design or operation of the ANAO’s quality management policies and procedures or non-compliance with the ANAO’s system of quality management by an individual or individuals are identified, remedial actions shall include, as appropriate, one or more of the following:

  1. taking appropriate remedial action about an individual engagement or member of personnel;
  2. the communication of the findings, via the Quality Committee, to EBOM Learning and Development Committee;
  3. changes to the quality management policies and procedures; or
  4. disciplinary action against those who fail to comply with the policies and procedures of the ANAO, especially those who do so repeatedly.

Guidance

10.38 Under the Public Interest Disclosure Scheme, the identity of the person making the disclosure will remain confidential as far as practicable. It is a criminal offence to take or threaten to take a reprisal, such as discriminatory treatment, termination of employment or injury, against someone because they make a disclosure.

Fraud and related matters in the conduct of audits

Background

10.39 This policy deals with the formal management of reporting any potential fraud or other wrongdoing identified during the conduct of an audit.

10.40 Australian Auditing Standard ASA 240 provides requirements for dealing with fraud or potential fraud in a financial statement audit. These requirements can also be applied to other types of assurance engagement, including performance audits.58

Policy

10.41 On becoming aware of a potential fraud or other wrongdoing, the audit team shall report the matter, as soon as possible and in accordance with the fraud reporting procedures outlined in the ANAO Fraud Control Framework 2019-2020, to the responsible Engagement Executive so that a decision can be made on the appropriate course of action to be taken. Judgments about how to proceed will be made on a case by case basis, with the below considerations applying.

  1. The ANAO has a responsibility under the auditing standards to communicate to the entity concerned any material instances of deficiencies in systems or controls identified by an audit.
  2. Audit teams shall not conduct an investigation into instances of potential fraud or other wrongdoing, unless requested to do so by the Auditor-General.

10.42 The Auditor-General may consider whether it is appropriate to refer a matter to the Commissioner of the Australian Federal Police according to subsection 36(2) of the A-G Act. The Auditor-General must be satisfied it is in the public interest to take this course of action.

10.43 The audit file shall document all instances of fraud and potential fraud of which the audit team is made aware and the management decisions taken in regards to it, including: what was decided; by whom; and the reasons for the decisions.

Guidance

10.44 From time to time, audit teams may become aware of, or identify potential fraud or other wrongdoing. Audit teams may also receive allegations of such a nature, sometimes anonymously, from members of the public via correspondence or electronically through email, or the citizens’ contribution facility. In such circumstances it is important that the actions of the audit team do not inadvertently affect any future investigation by the entity or other body of the potential fraud or wrongdoing. The audit team should retain original copies of relevant documents, which may assist any future investigations, when they become aware of, or identify potential fraud or wrongdoing. Such original documents should be retained, in the relevant E-hive file, regardless of whether the ANAO Auditing Standards require retention of such documents.

10.45 All ANAO staff or contractors who become aware of a potential fraudulent activity should refer to the ANAO Fraud Control Framework 2019-2020 for additional guidance.

11. Evaluation of the Quality Management Framework

Background

11.1 Consistent with ASQM 1, the ANAO has established and maintains a system of quality management. The Auditor-General is ultimately responsible for the quality of all assurance and related activities undertaken by the ANAO. From an operational perspective, the Auditor-General is assisted by the Deputy Auditor-General in ensuring that the ANAO’s system of quality management satisfies the requirements of the ANAO Auditing Standards. The Auditor-General and the Deputy Auditor-General are helped by the GEDs of PSRG, FSASG, PASG, PSASG and SADA and the COO with this role.

11.2 The ANAO Quality Committee is responsible for monitoring and reporting to EBOM on the implementation of the QMF.

Policy

11.3 The Auditor-Gweneral, based on advice and recommendations from the PSRG GED and the ANAO Quality Committee, shall evaluate and conclude whether the QMF provides reasonable assurance that the ANAO’s quality objectives are being achieved.59

11.4 The evaluation and conclusion shall be made on an annual basis and is reported in the ANAO Quality Report. The Quality Report shall describe the basis on which the Auditor-General conclusion is made.

11.5 If the evaluation identifies deficiencies that do not allow the Auditor-General to conclude that the QMF provides reasonable assurance that the ANAO quality objectives are being achieved, the PSRG GED, in consultation with the responsible GED(s) or the COO, shall determine what corrective action is required. Any recommendations for corrective action or improvements to the QMF will be provided to EBOM for endorsement. The Quality Committee shall monitor the implementation of recommendations and other corrective actions.

11.6 The results of the evaluation shall be considered by supervisors of individuals responsible for elements of the quality framework in the ANAO Performance Assessment Scheme.

Guidance

11.7 The evaluation and conclusion on the QMF will be informed by:

  1. the results of the annual QARPs for FSASG, PSASG and PASG, including an evaluation of:
    1. The severity and pervasiveness of identified deficiencies, and the effect on the achievement of the objectives of the system of quality management;
    2. Whether remedial actions have been designed and implemented, and whether the remedial actions taken up to the time of the evaluation are effective; and
    3. Whether the effect of identified deficiencies on the system of quality management have been appropriately corrected;
  2. the ANAO’s performance against audit quality indicators (AQIs). AQIs are reliable quantitative measures which when considered with relevant qualitative information provide insights into factors that may influence audit quality and the operating effectiveness of the system of quality management.

Glossary and footnotes

Glossary

The Manual

The Australian National Audit Office Audit Manual

ANAO

Australian National Audit Office

A-G Act

Auditor-General Act 1997 (Cth)

AGID

Aging Integrated Database (Procedure Security Policy)

AGS

Australian Government Solicitors

APES 110

Code of Ethics for Professional Accountants

APP

Australian Privacy Principle

APRA

Australian Prudential Regulatory Authority

APS

Australian Public Service

ASA

Australian Auditing Standard

ASA 102

Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements

ASA 210

Agreeing the Terms of Audit Engagements

ASA 220

Quality Management for an Audit of a Financial Report and Other Historical Financial Information

ASA 240

The Auditor’s Responsibilities Relating to Fraud in an Audit of a Financial Report

ASA 260

Communication with Those Charged with Governance

ASA 315

Identifying and Assessing the Risks of Material Misstatement

ASA 320

Materiality in Planning and Performing an Audit

ASA 402

Audit Considerations Relating to an Entity Using a Service Organisation

ASA 570

Going Concern

ASA 600

Special Considerations – Audits of a Group Financial Report

ASAE 3000

Assurance Engagements Other than Audits or Reviews of Historical Financial Information

ASAE 3500

Performance Engagements

ASD

Audit Strategy Document

ASRE 2410

Review of a Financial Report Performed by the Independent Auditor of the Entity

ASQM 1

Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, Other Assurance or Related Services Engagements

ASQM 2

Engagement Quality Reviews

ASIC

Australian Securities and Investments Commission

AWP

Audit Work Plan

AUASB

Australian Auditing Standards Board

AUASB Guidance Statement GS 011

Third Party Access to Audit Working Papers

CMG

Corporate Management Group

COO

Chief Operating Officer

Corporations Act

Corporations Act 2001 (Cth)

CPD

Continued Professional Development

DAG

Deputy Auditor-General

EBOM

Executive Board of Management

EQR

Engagement Quality Reviewer

FSASG

Financial Statements Audit Services Group

GBE

Government Business Entity

GED

Group Executive Director

IAP

Inspection of FSASG/PASG/PSASG Assurance Products

JCPAA

Joint Committee of Public Accounts and Audit

PASG

Performance Audit Services Group

PGPA Act

Public Governance, Performance and Accountability Act 2013 (Cth)

PID Act

Public Interest Disclosure Act 2013 (Cth)

PSASG

Performance Statements Audit Services Group

PSRG

Professional Services and Relationships Group

QARP

Quality Assurance Review Program

QMF

Quality Management Framework

QTAC

Qualifications and Technical Advisory Committee

RG

Regulatory Guidance

SADA

Systems Assurance and Data Analytics

SED

Senior Executive Director

SES

Senior Executive Service

SO

Signing Officer

TCWG

Those Charged with Governance

   

Footnotes

1 The roles and responsibilities of an Engagement Executive for Financial Statement and other Historical Financial Information Assurance Engagements-General are set out in ANAO Audit Manual – FSASG Specific, Chapter 102. The roles and responsibilities of an Engagement Executive for Performance Audit Engagements-General are set out in ANAO Audit Manual – PASG Specific, Chapter 203.

2 As noted in 2.31, ordinarily information is obtained by ANAO officials through cooperation with audited entities without the use of information-gathering powers but in the knowledge that those powers are available if necessary for an audit. In this manual, the ‘formal’ use of the powers refers to circumstances where the Auditor-General or a suitably empowered ANAO official exercises those powers by actively invoking the authority provided by the A-G Act.

3 A delegation of an Auditor-General power or function may be ongoing or limited to specific times or events.

4 The Auditor- General is able to delegate or authorise the information-gathering powers under the A-G Act. While functionally similar, there are some differences that are described in the PSRG Legal Procedures for Conducting ANAO Judicial Proceedings.

5 Records that are obtained from entities or other parties do not attract Parliamentary privilege.

6 Section 55 of the A-G Act provides that the Commonwealth must indemnify a person for any liability that the person incurs for an act or omission of the person in the course of performing an Auditor-General function. The indemnity does not apply if the liability arose from an act or omission in bad faith. The indemnity does not cover a liability of a person who is indemnified by a person other than the Commonwealth. This may be under a contract of insurance or otherwise.

7 Refer to the Auditor-General Bill 1996, Explanatory Memorandum, paragraphs 25-26.

8 Those assurance reviews designated by the JCPAA as priority assurance reviews under section 19A(5) of the A-G Act are required to be tabled in the Parliament under section 19A(6) of the A-G Act.

9 No conflicts have come to notice.

10 Specifically, section 10 of the PGPA Act establishes two ways that bodies corporate can be Commonwealth entities. Under section 10(d) it includes a body corporate established by law of the Commonwealth and under section 10(e) it also includes a body corporates established under a law of the Commonwealth (other than a Commonwealth companies) or a body corporate prescribed by an Act or the PGPA Rules to be a Commonwealth entity.

11 The term ‘Commonwealth subsidiary’ is used in this policy as a short hand for referring to both a subsidiary of a Commonwealth company and a subsidiary of a corporate Commonwealth entity.

12 Policy and guidance on risk assessment and management with respect to financial statements audits are set out in the ANAO Audit Manual – FSASG Specific Content at paragraphs 107.1 to 107.41. Policy and guidance with respect to performance audits are set out in the ANAO Audit Manual – PASG Specific Content at paragraphs 206.1 to 206.29.

13 Note that section 14(4) of the Act requires the Auditor-General, in the annual report under section 46 of the PGPA Act 2013, to include details of the basis on which the Auditor-General determined the audit fees that applied during the financial year concerned.

14 Section 20(2) of the A-G Act says “An arrangement may provide for the payment of fees to the Auditor-General. The fees are to be received by the Auditor-General on behalf of the Commonwealth.”

15 Further information on the ANAO’s information and communication to external parties is set out in the ANAO Audit Manual Shared Content, Chapter 7 - Information, communication and relationship with the auditee.

16 Refer to Chapter 10 Monitoring quality management policies and procedures for policy in relation to quality assurance reviews and the Quality Assurance Review Program.

17 Auditing Standard ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements.

18 ASA 102 Compliance with Ethical Requirements when Performing Audits, Reviews and Other Assurance Engagements.

19 Corporations Act requirements related to independence include Section 307C requiring a written independence declaration to be provided to the directors of a company, registered scheme or disclosing entity; Part 2M.4 Division 3 deals with Auditor Independence; and Part 2M.4 Division 5 deals with auditor rotation for listed companies.

20 Auditor-General Act section 8(4).

21 In this chapter of the ANAO Audit Manual:

  • in-house contractors are considered to be contractors performing their day-to-day work directly under the ANAO quality framework, including conducting work using ANAO methodology and software; and
  • contract out auditors are considered to be contractors and audit firms performing their work in the first instance under a firm’s quality framework, including conducting work using firm methodology and systems for documenting compliance with independence requirements.

22 Auditee-related activities includes the provision of accounting, auditing and legal advice and undertaking of quality assurance reviews by the Professional Services and Relationships Group (PSRG).

23 Subject matter information (or the subject matter) is the activity which is evaluated or measured against the identified criteria. If an engagement covers a specified period, independence shall be maintained for this period as well as the period that the engagement is conducted.

24 APES 110 refers to the reasonable and informed third party test to assist in exercising professional judgement when evaluating if a threat is at an acceptable level.

25 For example, the Corporations Act requires the auditor to notify ASIC if a contravention is not addressed within seven days.

26 A key person on the audit is:

  • on financial statement audits, the ANAO Signing Officer, Engagement Executive (if different), IT Executive (when assigned), Second Reviewer and Quality Review Executive (if appointed), and a contractor firm’s engagement partner, quality review partner (if appointed) and any other partners making key decisions on an audit, including significant subsidiaries, and
  • in PASG audits and engagements, the Executive Director, the Group Executive Director and IT Executive (when assigned) for the audit.

27 Proposals for approvals must have regard to the independence requirements of the Corporations Act 2001, the Australian Prudential Regulatory Authority, and to any applicable professional standard or code of professional conduct.

28 Quality assurance reviews are reviews under the ANAO Quality Assurance Review Program set out in the ANAO Audit Manual chapter 10, Monitoring quality management policies and procedures.

29 Auditor’s report in this policy requirement is to be read as any assurance or information report.

30 The Commonwealth’s financial framework is governed by the Public Governance, Performance and Accountability Act 2013 (PGPA Act). The General Duties of Officials (s. 29 Duty to Disclose Interests) apply.

31APES 110 addresses the provision of non-assurance services to assurance clients at paragraphs 601-610.

32 This policy applies to all ANAO auditees (previously these services were only prohibited to entities material to the CFS). For existing contractors who have previously been approved by the ANAO to provide accounting and bookkeeping services, there is a transitional period for those services to be allowed until the contract with the auditee or the ANAO ends.

33 Network firm is defined in APES110.

34 Non-Audit Services Approval Form, located in the TeamStore.

35 To ensure consistency with the terminology in APES 110, this policy uses the term ‘Audit Client’ instead of ‘Auditee’. The term ‘Audit Client’ and ‘Auditee’ should be regarded as equivalent.

36 Attendance can be in person, or via teleconference or video link, to be determined in consultation with the Chair of the committee or committee secretariat.

37 Material and non-material entities can be identified from the Department of Finance flip chart accessible from https://www.finance.gov.au/government/managing-commonwealth-resources/structure-australian-government-public-sector/pgpa-act-flipchart-list.

38 This does not include member-only meetings of the Committee.

39 A copy of the Audit Committee minutes recording the discussion of fraud needs to be put on the TeamMate file or, if that record is incomplete, the ANAO representative needs to document the discussion in a file note or in the Fraud Work Program in TeamMate.

40 Paragraph 34(e)(i) requires that ‘The firm establishes policies or procedures that: (i) Require communication with those charged with governance when performing an audit of a financial report of listed entities about how the system of quality management supports the consistent performance of quality audit engagements’. The ANAO does not audit any listed entities (as defined in ASQM 1, entities ‘whose shares, stock or debt or listed on a recognised stock exchange, or are marketed under the regulations of a recognised stock exchange or other equivalent body’). However, it is considered good practice for ANAO representatives to communicate to audit committees about the ANAO’s system of quality management.

41 These will include members who are members of the entity’s audit committee.

42 Refer to ASA 260 paragraphs A42 to A44 for guidance regarding observations during the audit that may indicate that the two-way communication between the audit team and TCWG is inadequate for the purposes of the audit, and actions that can be taken if the situation cannot be resolved.

43 Schedule 1 of the PGPA Act Rule prescribes certain bodies to be listed entities and specifies the name of the accountable authority. Other bodies, persons, groups of persons or organisations that are not prescribed by the Schedule may be listed entities because they are prescribed by an Act to be a listed entity. For example, the ANAO is not prescribed in Schedule 1 of the PGPA Act Rule, however sections 38(3)(a) and (b) of the A-G Act state that the ANAO is a listed entity and the Auditor-General is prescribed as the Accountable Authority of the ANAO.

44 ASA 220 paragraph A17.

45 ASQM 1 Paragraph A76.

46 Ibid.

47 The Role and Responsibilities of the Engagement Executive policy in the FSASG, PASG and PSASG Specific content manuals outline the responsibilities of Engagement Executives.

48 Refer to ANAO Audit Manual – FSASG Specific, Evaluating Misstatements Policy for guidance regarding evaluating prior period errors and the matters that need to be considered and consulted with the EQCR, Second Reviewer, GED and PSRG.

49 Refer to Role of the Qualifications and Technical Advisory Committee for the QTAC endorsed policy approach on ceasing Commonwealth entities to be applied in consultation with PSRG.

50 ASA 230 paragraph 8.

51 Ibid.

52 ASA 230 paragraph 9.

53 Folder A is entitled ‘Understand and Plan the Audit’ in the TeamMate library file for audits performed in-house and ‘Planning Phase’ in the TeamMate library file for contract-out engagements. This policy applies equally to both resourcing models for financial statement audits.

54 The policy at paragraph 9.12 also covers contractor firm files – the policy has been copied to paragraph 105.10 in FSASG specific Project-Managed Audits.

55 This requirement applies to audits that have not been completed at 31 October and GED approval for extension is required.

56 The policy at paragraph 9.13 also covers contractor firm files – the policy has been copied to paragraph 201.9 in PASG specific Contract out audits.

57 This includes consideration of risks posed by the formal use of information-gathering powers in the performance of audits.

58 Refer to ASAE 3500, paragraph 51 which requires the auditor to determine whether there is a responsibility or legislative requirement to report the occurrence or suspicion of fraud or other misconduct to a party outside the entity, including the Parliament, a regulator or government agency.

Any such reporting shall be in accordance with the relevant legislation and the ANAO Fraud Control Plan.

59 ASQM 1 paragraph 54 sets outs the three conclusions available to be made.