AG-1
Introduction
Scope of this Standard
- This Auditor-General’s Auditing Standard establishes the Auditor-General’s requirements for reporting to the OAG.
Application
- Compliance with this Standard is mandatory for Appointed Auditors who carry out annual audits on behalf of the Auditor-General.
- This Statement applies to audits of financial statements and/or performance information that have been prepared for reporting periods beginning on or after 1 April 2023, although earlier application is encouraged.
- Audit briefs or any other direct correspondence to the Appointed Auditor may require specific information (either information required by, or in addition to, this Standard) to be returned to the OAG on specified dates. This information shall be returned to the OAG by the date specified in that audit brief or other direct correspondence.
Background
- The effectiveness of the Auditor-General is largely dependent on the Appointed Auditor keeping the OAG informed of significant issues affecting public entities in a timely manner. The Appointed Auditor is the Auditor-General’s “eyes and ears” on the ground and is expected to freely communicate to the OAG any significant information, including that of a sensitive or confidential nature.
- The reporting requirements outlined in this Standard are the minimum requirements, and the Appointed Auditor should not feel constrained in communicating any issues to the OAG as the minimum requirements are intended to ensure that the Auditor-General is:
- adequately apprised, in a timely way, of significant matters related to the annual audit in respect of the public entities;
- able to plan and ensure that the requisite audit activities are carried out through the annual audit or engagements other than the annual audit, on a timely basis; and
- able to monitor the Appointed Auditor’s performance.
Objectives
- The objectives of the Appointed Auditor are to:
- immediately report to the OAG the occurrence of any of the significant issues identified in Appendix 1;
- formally report the results of annual audits to the OAG as outlined in Appendix 2;
- formally report the results of engagements other than the annual audit to the OAG as outlined in Appendix 3; and
- provide certifications, where appropriate, on behalf of their Audit Service Provider (ASP), declaring the circumstances or occurrence of any events or situations that could lead to a potential claim against the ASP or the Auditor-General as outlined in Appendix 4.
Definitions
- For the purpose of this Auditor-General’s Auditing Standard, the defined term listed below has the following meaning:
- Appointed Auditor
- means the person or persons appointed by the Auditor-General to carry out the annual audit or other engagement on behalf of the Auditor-General, and who are supported by other members of the audit team. Where an Auditor-General’s Statement or Standard expressly intends that a requirement be fulfilled by the Appointed Auditor personally, the requirement will indicate that the Appointed Auditor shall personally satisfy the requirement.
Requirements
- The OAG’s reporting requirements are classified into a number of different categories, each with different reporting deadlines and information that shall be sent to the OAG. The Appointed Auditor shall report to the OAG in keeping with the requirements outlined in each of the following Appendices:
Appendix 1: Immediate reporting
This Appendix covers the following topics:
- Introduction
- Advising the OAG about public-entity-specific issues
- Advising the OAG about professional indemnity insurance issues
- Making submissions to the Auditor-General’s Opinions Review Committee
- Notifying the OAG about significant changes to public entities.
Introduction
Immediate reporting covers those situations where an issue is of such significance or risk that the Appointed Auditor shall advise the OAG about it as soon as it comes to their attention. Examples of immediate reporting fall into six categories:
- where an ASP or an Appointed Auditor has identified a breach, or there is reason to believe that a breach may arise in the future, of the independence requirements of the Auditor-General’s Code of Ethics;
- where any public-entity-specific issues arise that are considered significant, including certain non-compliance with laws and regulations, the existence of fraud or suspected fraud, and/or any issues surrounding effectiveness and efficiency, waste, or a lack of probity or financial prudence;
- where any limitations or material circumstances occur that could affect the ASP’s professional indemnity insurance over the period of the engagement, or circumstances that could lead to a potential claim against the ASP or the Auditor-General;
- where the Appointed Auditor wants to access legally privileged documents or information that may be subject to terms and conditions affecting access;
- where the Appointed Auditor makes a submission to the Auditor-General’s Opinions Review Committee (the ORC); and
- where the Appointed Auditor identifies any significant changes to a public entity, such as:
- an entity has been established that is a public entity;
- a public entity has been disestablished or ceased operating;
- an existing entity has become a public entity;
- an existing entity has ceased being a public entity; and
- a public entity has transferred aspects of its operations into another entity or vehicle that is not subject to the same level of scrutiny or audit.
Advising the OAG about public-entity-specific issues
The Appointed Auditor shall immediately inform the OAG about the following public-entity-specific issues:
- Where the acceptance and continuance procedures carried out by the Appointed Auditor before planning the annual audit, as required by AG PES 3, indicate the presence of circumstances and/or risks that would have caused the engagement to be declined. The Appointed Auditor shall contact the Assistant Auditor-General – Audit Quality.
- Details of all suspected or actual fraud. Guidance is provided in AG ISA (NZ) 240: The auditor’s responsibilities relating to fraud in an annual audit.
- Any information that is requested by a third party that was obtained while carrying out work on behalf of the Auditor-General (guidance is provided in the Guide supporting the Auditor-General’s Code of Ethics). The Appointed Auditor shall contact the OAG at independence@oag.govt.nz.
- Details of any significant issues of effectiveness and efficiency, waste, or a lack of probity or financial prudence. Guidance is provided in AG-3: The approach to issues arising from section 16(1) of the Public Audit Act 2001. The Appointed Auditor shall contact either the Assistant Auditor-General – Parliamentary Group or the Assistant Auditor-General – Local Government Group.
- Details or information of any non-compliance with laws and regulations that:
- is material and for which the OAG has not provided guidance;
- calls into question the ethics or behaviour of management and/or those charged with governance, or where fraud is suspected; or
- where management and/or those charged with governance are suspected of being involved in any deliberate non-compliance with a law or regulation.
Guidance is provided in AG ISA (NZ) 250: Consideration of laws and regulations. The Appointed Auditor shall contact either the Assistant Auditor-General – Audit Quality or the Assistant Auditor-General – Legal, Policy and Inquiries.
- Details of the findings of any substantial or significant internal reviews conducted over the activities of the public entity. The Appointed Auditor shall contact either the Assistant Auditor-General – Parliamentary Group or the Assistant Auditor-General – Local Government Group.
- For government departments, details of any actual or potential breach of an appropriation or expenditure incurred not for lawful purposes. Guidance is provided in AG-2: The Appropriation Audit and the Controller Function. The Appointed Auditor shall contact the Assistant Controller (the Auditor-General’s designated officer responsible for the Controller function).
- Details of any news media enquiries that the Appointed Auditor should refer to the OAG. Information is included in the Guide supporting the Auditor-General’s Code of Ethics. The Appointed Auditor shall contact the OAG using the independence@oag.parliament.nz email address.
- Any other matters specified in the other time-bound categories of information that, because of their sensitivity, should be reported to the OAG earlier. An example would be where the entity is exhibiting early warning signs that if, individually or in combination, are left unchecked would be likely to cause a failure in the entity’s ability to meet its objectives or functions. The Appointed Auditor shall contact either the Assistant Auditor-General – Parliamentary Group or the Assistant Auditor-General – Local Government Group.
- Details of any prior period error that is material. The Appointed Auditor shall contact the Assistant Auditor-General – Audit Quality.
- When a Group or Component Appointed Auditor has difficulties applying the requirements of AG ISA (NZ) 600. In this situation, the Group or Component Appointed Auditor shall contact the Assistant Auditor-General – Audit Quality.
- When a Group or a Component Appointed Auditor identifies that the work of a Group Appointed Auditor, a Component Appointed Auditor, or a component auditor may be insufficient in accordance with paragraph 43 in ISA (NZ) 600. In this situation, the Group or Component Appointed Auditor shall contact the Assistant Auditor-General – Audit Quality.
- Where a Group Appointed Auditor is considering communicating with management or those charged with governance concerns about the quality of a component auditor’s work in accordance with paragraph 49(c) in ISA (NZ) 600. In this situation, the Group or Component Appointed Auditor shall contact the Assistant Auditor-General – Audit Quality.
- Where the Appointed Auditor has concerns about the performance report of the public entity, including whether the Appointed Auditor is concerned about the appropriateness of the content or the verification of the content of the performance report. Guidance is provided in AG-4: The Audit of Performance Reports.
Advising the OAG about professional indemnity insurance issues
The Appointed Auditor shall immediately inform the Assistant Auditor-General – Legal, Policy, and Inquiries about any limitations or material circumstances that occur that could affect the ASP’s professional indemnity insurance over the period of the engagement or circumstances that could lead to a potential claim against the ASP or the Auditor-General. These could include (but are not limited to):
- details of any limitations or circumstances that could reduce the level of cover;
- details of limitations or circumstances that could cause the insurance policy to be defective or voidable by the insurers;
- details of limitations or circumstances that could cause the policy coverage to be no longer effective during the period of the engagement with the Auditor-General;
- details of circumstances that materially affect the insurance policy excess (or any related self-insurance or personal coverage arrangements) that could reduce or limit the effectiveness of cover;
- details of any claim made against the Auditor-General or ASP (when acting for the Auditor-General) received by the ASP; or
- details, after becoming aware, of information or knowledge that could give rise to a claim against the Auditor-General or ASP (as an agent for the Auditor-General), including:
- details of frauds or suspected frauds identified in the public entity;
- details of possible litigation arising out of any sale, takeover, or capital restructuring of the public entity;
- details of failure of public entity investees or major debtors;
- details of receipt of notice from, or information as to any intention by, another party to claim against the Auditor-General or the ASP (either verbally or in writing); and
- details of the discovery of reasonable cause to suspect any dishonest, fraudulent, or malicious act(s) or omission(s) of any past or present ASP(s), Appointed Auditor, or staff employed by the ASP that have been associated with the audit of the public entity.
Making submissions to the Auditor-General’s Opinions Review Committee
The Appointed Auditor shall comply with the requirements of AG ISA (NZ) 700 that require certain matters to be referred to the Audit Quality team at the OAG that may need to be reported in the auditor’s report. Depending on their severity, such matters may require approval from the ORC.
Notifying the OAG about significant changes to public entities
The Appointed Auditor shall immediately notify the OAG about significant changes to a public entity through the OAG Portal. These changes could include:
- details of an entity that has been established that is a public entity (using the new entity button in the entity screen);
- details of a public entity that has or is ceasing operations or is being disestablished (using the entity ceasing button in the entity screen);
- details of changes in management or those charged with governance (in the officer details panel in the entity screen); or
- details of changes in public entity address details (in the contact details panel in the entity screen).
Appendix 2: Reporting the results of the annual audit
This appendix covers the following topics:
Introduction
This Appendix covers the formal reporting obligations of the Appointed Auditor to the OAG immediately following the issue of the audit report(s) signed by the Appointed Auditor on behalf of the Auditor-General. The formal reporting obligations apply where the engagement(s) are being carried out in keeping with the requirements of the Audit Engagement Agreement (otherwise known as the annual audit contract).
Reporting completed annual audits
The Auditor-General manages the audit completion returns of all public entities through the Audit Management System (the AMS). The AMS is an internal database that allows the Appointed Auditor and their delegates (for example, Audit Managers and administration staff) to enter information relating to an audit through an interface called the OAG Portal.
The Appointed Auditor shall use the OAG Portal to report the results of all completed annual audits. Annual audits that are due are listed in each Appointed Auditor’s individual portfolio list.
The Appointed Auditor shall use their email address and a password to access the OAG Portal. The Appointed Auditor can request a password through the OAG Portal login screen if they have forgotten their previous one. The Appointed Auditor may change their password at any time.
The Appointed Auditor shall input the date of the audit report in the OAG Portal within 24 hours of issuing the audit report.
The OAG Portal updates the Appointed Auditor’s portfolio list when each audit completion return is entered and also outlines the reporting requirements for each public entity. The portfolio list will identify and list what information needs to be sent to the OAG and when. The information needs are usually determined by the sector requirements listed in the applicable audit brief.
The audit completion return shall be sent to the OAG within the time frames referred to above. We recommend that the Appointed Auditor keep a copy of the audit return on each individual audit file.
Documents summarising the audit conclusions
The Appointed Auditor shall complete a document that summarises the audit conclusions for each annual audit in accordance with the requirements in paragraph 8(c) in ISA (NZ) 230: Documentation.
Appointed Auditors shall use the OAG template in all situations where they are required to upload a document that summarises the audit conclusions in the OAG Portal. In all other cases, the use of the OAG template is optional.
ISA (NZ) 230 outlines that, where an auditor is applying significant amounts of professional judgement in their audit, they should prepare and retain in their audit file a summary that describes the significant matters identified during the audit and how they were addressed. It is the Auditor-General’s opinion that Appointed Auditors working on behalf of the Auditor-General should always prepare a document that summarises the audit conclusions because of the high degree of judgement that is required to carry out an annual audit engagement.
As part of delivering on the requirements contained in ISA (NZ) 230, Appointed Auditors are also expected to meet the requirements in paragraph 6 in ISA (NZ) 520: Analytical Procedures, which require analytical procedures to be completed near the end of the audit to assist the forming of the overall conclusion about whether the audited information is consistent with the Appointed Auditor’s understanding of the public entity.
In addition, Appointed Auditors shall ensure that each document that summarises the audit conclusions reports on the adjusted and unadjusted audit differences (in keeping with the requirements in paragraph 15 in ISA (NZ) 450), the key audit matters (including the audit procedures performed), subsequent events procedures and results, and the responses to significant risks against those that were identified in audit plan.
Appointed Auditors shall also ensure that each document that summarises the audit conclusions reports summarises the results their audit work done in accordance with:
- AG-2: The Appropriation Audit and the Controller Function (where appropriation information was required to be audited);
- AG-3: The Approach to Issues Arising from section 16(1) of the Public Audit Act 2001; and
- AG-4: The Audit of Performance Reports (where performance information was required to be audited).
The Appointed Auditor shall not make the document that summarises the audit conclusions available to the public entity for review or comment or clearance.
Appendix 3: Reporting on engagements other than the annual audit
This appendix covers the following topics:
- Introduction
- Accepting and reporting on engagements of possible media or political interest or of a sensitive nature
- Reporting on work in addition to the annual audit.
Introduction
For the purposes of reporting on engagements other than the annual audit, “other work” engagements means all other work that has been carried out by staff of the Auditor-General or by an ASP in relation to a public entity (audited by the ASP). Other work excludes annual audits, performance audits, and inquiries.
The Appointed Auditor shall ensure that they follow the Auditor-General’s Code of Ethics and the supporting Guide when carrying out engagements other than the annual audit. The Guide to the Auditor-General’s Code of Ethics requires the Appointed Auditor to consult with the OAG before accepting any engagement other than the annual audit where uncertainty exists about an independence matter.
Accepting and reporting on engagements of possible media or political interest or of a sensitive nature
Acceptance of, and reporting on, engagements of possible media or political interest or of a sensitive nature, requires careful consultation with the OAG. The requirements covering this category of engagements are set out in the Guide to the Auditor-General’s Code of Ethics. These requirements include:
- consulting with the OAG before accepting any engagement;
- sending a copy of the draft report to the relevant OAG sector manager for clearance before the report is sent to the public entity; and
- sending a copy of the final report to the OAG sector manager within 24 hours of signing the report.
Reporting on work in addition to the annual audit
The Appointed Auditor shall provide the following information through the OAG Portal as part of reporting completed annual audits:
- a copy of the report issued for the engagement or a statement advising that the report has yet to be issued;
- if applicable, a copy of the information on which the report has been issued – for example, if there is a report prepared by the entity on which the ASP has issued an opinion;
- the total fee for the engagement and the actual fees billed to the public entity during the period covered by the annual audit; and
- a reconciliation of the fees paid to the auditor for engagements other than the annual audit (as disclosed to the OAG in accordance with this standard) to the fees paid to the auditor for engagements other than the annual audit (as disclosed in the entity’s financial statements).
Appendix 4: Reporting biannually on events or situations that could lead to a potential claim
ASPs shall send to the OAG, biannually in May and November each year, a certification declaring the circumstances or occurrence of any events or situations that could lead to a potential claim against the ASP or the Auditor-General.
This certificate should confirm the advice previously supplied by the ASP to the OAG at the time the circumstances, events, or situations occurred.
A copy of the certification is not included in this Standard because the OAG will send a copy of the appropriate certification for each biannual period to each Appointed Auditor before each due date. The reporting requirements and contact details for each certification is outlined on the certification.