- Error
- There was an error while resolving the tile https://www.oag.parliament.nz/2023/annual-report/appendices/appendix-5/@@oagannualreportnav/6f441f7077b04262877267107ca15bf6
Report on the quality of annual audits
This describes how the Office of the Auditor-General monitors the quality of annual audit work.
The way we operate
The Auditor-General appoints auditors to carry out annual audits of public organisations. These auditors are appointed from Audit New Zealand (the Auditor-General’s in-house audit service provider) and from about 25 private sector audit service providers. There are about 160 auditors with the authority to issue audit reports for the public organisations they have been appointed to audit.
Because of the way we operate, the main elements that need to operate effectively are:
- the appointment of auditors considered to be independent to carry out audits;
- the Auditor-General’s auditing standards that auditors are required to apply;5 and
- the quality of the work that auditors perform.
Our system of quality
Professional and ethical standards6 require us to operate a system of quality management. That system has to provide reasonable assurance that we comply with standards and applicable legal and regulatory requirements, and issue appropriate reports in the circumstances arising from our work. The system of quality management is based around seven components that manage the quality of our work.7 These are:
- governance and leadership;
- our risk assessment process;
- relevant ethical requirements;
- engagement performance;
- resources;
- information and communication; and
- monitoring and remediation.
We report below on the processes, policies, and procedures that support each component of audit quality, as it applies to the Office of the Auditor-General, including Audit New Zealand and other audit service providers who carry out audits on behalf of the Auditor-General. We also include some quality indicators, which measure performance for 2022/23.
Governance and leadership responsibilities
Our governance and reporting structure contributes to audit quality
The Auditor-General is ultimately responsible for the system of quality management for all audits carried out on his behalf.
Audit quality is governed through the Office’s Audit Performance and Quality Governance Committee. The role of the committee is to monitor audit delivery and quality. The Auditor-General and Deputy Auditor-General are committee members. The committee meets six times each year and its remit includes:
- monitoring the strategic and operational risks associated with audit quality;
- monitoring the operating effectiveness and efficiency of the quality framework against the audit quality indicators;
- monitoring the findings of internal and external reviews of audit quality; and
- monitoring progress in addressing the findings and recommendations made in internal and external reviews.
The committee met six times during 2022/23.
We also have an Audit and Risk Committee that provides independent advice to the Auditor-General (see Appendix 1 for that committee’s report).
Our values underpin audit quality
The Auditor-General relies on all staff acting with integrity, so that there will be trust and confidence in the work that we do. Integrity is about consistently adhering to strong and moral ethical principles.
The Auditor-General is the Office’s Integrity Officer and has taken on this role to reinforce the importance of integrity in our work. The Integrity Officer leads the integrity work, which includes:
- increasing awareness of integrity matters across the organisation;
- ensuring integrity is regularly on the agenda at senior leadership meetings;
- supporting work to progress and implement the matters identified in the Office’s Integrity Strategy; and
- identifying and ensuring alignment of progress on integrity matters with other work currently under way across the Office.
We updated our integrity framework in November 2022. Our framework includes the building blocks a public organisation should have in place for a strong and effective integrity system and is consistent with the good practice material we have published for use by public organisations.8
We measure and report progress internally to staff.
We obtain independent views about audit quality
In addition to our internal monitoring of audit quality, we obtain external independent views about audit quality. The Financial Markets Authority reviews audit files of public organisations operating in capital markets, including some public sector organisations audited by private sector audit service providers. We also periodically invite the Financial Markets Authority and the New Zealand Institute of Chartered Accountants to carry out quality reviews of Audit New Zealand. Both organisations were invited to perform their reviews of Audit New Zealand in 2022.
The Financial Markets Authority reviewed both the system of quality control and a sample of audit files. The report identified only low-rated findings about the system of quality control. It also identified low- and medium-rated findings for the sample of audit files. This means there is nothing that would change the audit reports that were issued.
The New Zealand Institute of Chartered Accountants reviewed a sample of audit files. Its report noted it was evident that Audit New Zealand applies high quality standards in its audits. The report identified some findings, none of which would change the audit reports that were issued.
We have considered the findings in each report to identify improvements that can be made to our system of quality management.
Our risk assessment processes
Our risk management processes for audit quality operate at two levels: at the strategic level and within our system of quality management.
Strategic risks are those risks that affect the Office achieving its strategic objectives. Audit failure that leads to a loss of trust and confidence is one of our strategic risks. Such a failure could occur if an audit report was issued with an incorrect audit opinion, or a report was issued containing a significant error that undermined the credibility of our work.
Within our system of quality management, we have identified risks related to our quality objectives and the systems, processes, and responses designed to mitigate the risks. We identified some improvements to policies and procedures that will enhance our risk mitigation. We have set up a work programme to address these.
Ethical requirements
Our policies, procedures, and methods promote an ethical workplace
Independence is fundamental to our ability to act with integrity, be objective, and maintain an attitude of professional scepticism. Professional and ethical standards require auditors to be independent of the organisation they are auditing. The Auditor-General’s auditing standards, which incorporate these professional and ethical standards, set a high standard for independence, both of mind and in appearance.
The Auditor-General’s auditing standard on independence applies to all staff, including Audit New Zealand and the private sector audit service providers that carry out public sector audits. The standard is based on the requirements of the New Zealand standard issued by the External Reporting Board, to the extent there is not a conflict with the Auditor-General’s legislated mandate and responsibilities. The Auditor-General’s standard goes further and restricts the work auditors can carry out for an organisation they audit to work of an assurance nature only.
We monitor compliance with audit independence requirements
We monitor compliance with the Auditor-General’s auditing standard on independence in a several ways.
For staff, including Audit New Zealand, the work that can be done is limited by the Public Audit Act 2001. The independence of those involved in annual audits is closely monitored, including as part of our quality assurance review program for annual audits.
For private sector audit service providers, we monitor the other services they carry out for public organisations they audit on behalf of the Auditor-General. We also pre-approve or decline work they propose carrying out where independence might be questioned, and we consider independence as part of our quality assurance review program for annual audits.
In 2022/23, 51 independence queries about proposed non-audit work were referred for approval. Of these, we approved 45 and declined the other six. There were three instances where we identified a threat to independence and took action to manage or mitigate the threat.
For 2022/23, we were satisfied that independence standards were upheld.
We monitor how long key audit staff audit the same organisation
The Auditor-General’s auditing standards limit the number of years that key audit staff can carry out the same annual audit. This is to safeguard against the threat to independence that might arise from auditing an organisation for a long time. The standard specifies the length of time that key audit staff can be assigned to the annual audit before being rotated off the audit.
For 2022/23, we complied with the Auditor-General’s standard.
Resources
All audits are allocated either to Audit Directors in Audit New Zealand or to partners in private sector audit service providers. Therefore, recruiting, hiring, retaining, and promoting qualified audit staff is performed by audit service providers. Our expectation is that audit work is completed by staff with the right skills and experience. We monitor the skills of audit teams as part of our quality assurance reviews.
For 2022/23, we were generally satisfied with the skills and experience of staff allocated to audits based on our quality assurance reviews.
There have been challenges throughout the auditing profession to recruit and sometimes retain sufficient auditor capacity (particularly for our in-house provider, Audit New Zealand) due to border closures and the subsequent re-opening of those borders. This has affected the timing of completion of annual audits.
Performing our audit work
We establish, maintain, and communicate audit expectations
The Office of the Auditor-General requires all audit service providers to have their own audit methodology and to apply the professional quality standards. This typically results in multiple levels of review of audit files. Auditors carry out audits based on the Auditor-General’s auditing standards and requirements and guidance provided through an audit brief.
In December 2022, we published and communicated the mandatory quality requirements we place on providers carrying out audits or other engagements on behalf of the Auditor-General.9
We also revised our standard for when we require an Engagement Quality Review. The changes were made to reflect the new quality standards. We require our auditor service providers to consider a wide range of quality risk factors as part of assessing whether to appoint an engagement quality reviewer. The intent of these changes is to better assess and respond to risks to quality.
We require auditors to consult about matters that could affect an audit report
The Auditor-General’s auditing standards require auditors to consult on specific matters that could result in a non-standard audit report. The Office has an Opinions Review Committee that meets as required to determine the modifications to be included in audit opinions and other matters to be highlighted in audit reports. For 2022/23, the committee met on 45 occasions (compared to 40 in 2021/22).
We analyse the nature of matters considered by the committee and communicate to auditors so that they can maintain an awareness for these in their audit work. In 2022/23, potential probity matters were considered during eight meetings (compared to seven in 2021/22) and uncertainties with estimates were considered during ten meetings (compared to eight in 2021/22).
We require auditors to inform us of issues discovered in audited information
Sometimes during an audit an auditor discovers, or is made aware of, an error or misstatement in the prior year’s financial statements or performance information. If known at the time, this would have resulted in changes to the financial statements or performance information, or a qualification of the opinion in the auditor’s report. The number and impact of these errors or misstatements can signal potential problems with the audit.
Such errors or misstatements in financial information require the previous year’s financial statements to be restated, and information included in the current year’s financial statements about the error or misstatement and its impact.
During the past year, there were 33 errors reported to us, which is 1.16% of the total number of audit reports issued in the year. Most of the errors related to incorrect classification or measurement of financial instruments, error in recognition or derecognition of property, plant, and equipment, and incorrect accounting entries recorded in the prior years.
In 2021/22 there were 49 errors reported to us (1.8% of the total number of audit reports issued in the financial year). In 2020/21, 31 errors were reported (0.9% of the total number of audit reports issued in the financial year).
We follow up the errors with auditors as necessary to understand why the error was not identified during the audit and whether improvements can be made in future audits.
We also incorporate the findings of our analysis in our future Quality Assurance reviews.
We have engagement quality review for complex and large audits
The Auditor-General’s auditing standards require an engagement quality review for large and high-risk audits and the audits of issuers and councils’ long-term plans.
Engagement quality review provides an objective evaluation of the significant judgements made by the auditor and the conclusions reached, before the auditor signs the audit opinion.
We assess compliance of engagement quality review as part of our quality assurance reviews, including evidence that the review met the requirements of the standard. For 2022/23, based on our quality reviews we were satisfied that all audits that required an engagement quality review had had one. We noted in some instances that the evidence and timing of the review needed to be improved.
Monitoring the quality of audit work and remediating deficiencies
Quality reviews and findings
Monitoring compliance with the Auditor-General’s auditing standards is a key element of our system of quality. Our quality reviews are in addition to audit service providers monitoring their own system of quality and complying with professional ethical standards.
Our quality reviews of annual audits are designed to determine whether audit engagements comply with the Auditor-General’s Auditing Standards, relevant regulatory and legal requirements, and our policies.
During 2022/23 we monitored 31 auditors (34 in 2021/22). Our monitoring covers all auditors appointed to carry out audits on a cyclical basis. The frequency of reviews is informed based on quality risk and other monitoring information. We choose the audit files we want to review in accordance with our quality assurance policy, which considers the size and complexity of the audit.
Our monitoring activities in 2022/23 included:
- quality reviews of 47 completed audits (79 in 2021/22); and
- quality reviews of 11 in-process audits (six in 2021/22).
Of the 47 audit files reviewed, 14 contained deficiencies (compared to 14 in 2021/22). There were no deficiencies that put into question the appropriateness of the opinion included in the audit report.
We will monitor the remediation of the deficiencies or perform further quality reviews of audits carried out by that auditor.
A high number of findings from quality reviews indicate issues with audit quality, particularly when these are repetitive. Timely identification and appropriate remediation of issues is needed to support improvements in audit quality.
We evaluate findings identified in internal and external quality reviews and determine any repetitive issues. We ask our auditors to carry out “root cause analysis” for repetitive issues to understand the underlying drivers of quality deficiencies and address them with targeted action plans.
The repetitive issues where we want audit improvement include procedures to test fair value and other estimates, evaluating the design of internal controls for information technology systems, assessing completeness of revenue, and testing performance information.
How we determine the cause of quality review findings
We asked audit service providers to perform root cause analysis for the significant findings from our quality reviews. This analysis provides a deeper understanding of improvements that are needed, including improvements to audit methodologies.
We are monitoring the planned interventions that audit service providers are implementing to help prevent the significant findings from recurring. Where necessary, we have agreed a monitoring programme.
How we assess timely and effective remediation of quality review findings
In each report to the Office’s Audit Performance and Quality Governance Committee on quality reviews, we report on the follow-up actions for audit files with significant deficiencies.
We require our auditors to remediate all significant deficiencies and, where necessary, make changes to the audit approach for subsequent audits. For 2022/23, auditors are responding to our quality review findings and remediating where necessary. Our follow-up work to assess remediation will be part of our 2023/24 quality review programme.
5: The Public Audit Act 2001 requires the Auditor-General to set auditing standards for carrying out audits. These are referred to as the Auditor-General’s auditing standards. These standards incorporate the New Zealand auditing standards and include professional and ethical standards specific to independence and audit quality.
6: The relevant Professional and Ethical standard is PES 3:Quality Management for Firms that Perform Audits and Reviews of Financial Statements, or Other Assurance or Related Service Engagements issued by the New Zealand Auditing and Assurance Board of the External Reporting Board.
7: PES 3 has eight components. The component Acceptance and Continuance of Client Relationships and Specific Engagements in not directly relevant to us because we cannot refuse to be the auditor of a public organisation. We require our audit services providers to tell us about issues that might lead them to decline performing an audit, so we can manage the situation.
8: See Putting integrity at the core of how public organisations operate: An integrity framework for the public sector, at oag.parliament.nz.
9: The quality requirements are set out in one of the Auditor-General’s Auditing Standards, AG PES 3: Quality management for Firms that Perform Audits or Other Engagements on Behalf of the Auditor-General.