Part 4: Managing in a changeable operating environment
The Auditor-General, in his overview, set out the strategic environment within which the Office operates. He noted that significant changes in the accounting and auditing profession and in the legislative and operating environments of public entities continue to have a major effect on our work. The effect of these changes is increasing complexity for those preparing financial reports and those auditing them. This puts pressure on both the quality and the cost of the audit work carried out. These changes have also generated an environment in which financial and audit assurance expertise are in high demand.
Our risk management framework is the set of elements of our management system concerned with managing risk. It is aligned to our business outcomes and the strategies designed to achieve these outcomes.
Identifying and managing risk is a crucial part of our annual planning process. While our strategic planning process defines plans and allocates resources to achieve objectives, we also identify, assess, and evaluate the risk to achieving the objectives.
The risks we are exposed to can be categorised as strategic, professional operational, and business operational risks. While we manage all risks within the same framework, experience shows that inadequately managed professional operational risks and business operational risks can escalate in the form of issues that affect our strategic risks.
Strategic risks
Identifying and managing risk is integral to our business. In our view, we face four main strategic risks:
- loss of independence - the risk that we lose the independence that underpins the value of the Auditor-General’s products in fact or appearance;
- audit failure - the risk that we issue an incorrect audit opinion with material effects, or a report that is significantly wrong in nature or process;
- loss of capability - the risk that we are unable to retain, recruit, or access people with the technical and other skills our audit work requires; and
- loss of reputation - the risk that we may lose reputation or credibility, which would affect our relationships with stakeholders.
These risks will always be present, but much of the way we do our work reduces them.
Actions to reduce strategic risks
The main actions we use to reduce strategic risks are:
- the Auditor-General’s independence standards - the Auditor-General sets a high standard for independence for both his employees and the auditors he appoints from private sector accounting firms;
- monitoring the independence of the two statutory officers, employees, and appointed auditors - the system includes regular declarations of interest and, where necessary, implementation of measures to avoid conflicts of interest;
- adhering to professional auditing standards;
- quality assurance regimes - including implementing and complying with New Zealand Institute of Chartered Accountants’ revised quality control standards;
- peer review and substantiation procedures - these include annual independent evaluation of our audit allocation and tendering processes, independent external review of two performance audits each year, and stakeholder feedback studies;
- an independent Audit and Risk Committee - comprising three external members and the Deputy Controller and Auditor-General; and
- ongoing training and development of our staff - including talent and capability management programmes, leadership development initiatives, and professional development programmes.
Operational risks
Identifying more specific risks is also an important part of our annual planning process. We review the environment in which we operate. We consider economic, legal, social, environmental, and technological developments, and changes in the accounting and auditing professions, that might affect us. We look too at the effect such matters might have on our stakeholders and the entities that we audit.
Our audit work has had to focus more heavily on entities’ financial statements because of demands created by changes within the public sector and, in particular, in the accounting and auditing profession as a result of the adoption of New Zealand equivalents to International Financial Reporting Standards, together with the continuing difficulty in finding and retaining suitably qualified and experienced staff. This has been at the expense of fuller consideration of the risks and challenges that entities face in their strategic, governance, and operational contexts.
We are therefore working to rebalance our audit e ort so that it takes this fuller perspective into account for each individual entity, to the extent deemed appropriate by each entity’s appointed auditor. The areas of strategic focus outlined in Appendix 2 are areas we have identified through environmental scanning that we believe require stronger emphasis in our audit work.
This should result in a stronger emphasis on non-financial reporting, waste, probity, and accountability. It may over time affect how we cost, resource, carry out, and report our audits.
Part 5 sets out the e orts we are making to maintain and build our organisational health and capability to equip us to deal with the increased demands of our environment. However, in the short to medium term, we expect to see trends such as increasing levels of arrears in issuing public entities’ audit reports.
In the coming year, we will continue to develop our processes for managing strategic and operational risks, to ensure that all significant risks are identified, that we put mitigation measures in place where appropriate, and that responsibility for implementing those measures is clearly allocated. We will also ensure that we clearly document all such activity.
page top