Part 4: Assessment of the SAI’s environment, capability, and performance

Assessing the performance of the Office of the Auditor-General against International Standards.

Assessment against the seven domains of SAI performance (evidence-based indicator scores)

Domain A: Independence and legal framework

Independence is essential for the effective operation of an SAI. The Lima Declaration33 states that independence can only be achieved if the SAI is independent of the public entity and protected against outside influence. SAI-1 measures the independence of the SAI by assessing key aspects of independence identified by the Lima and Mexico34 declarations. These declarations state financial independence, operational autonomy, and an independent head of the SAI as a minimum to obtain the required level of independence. This should be reflected in the legal framework, as well as in the practice of the SAI.

As the institution responsible for the audit of government financial resources, the SAI needs to be sufficiently empowered by a legal framework that clearly describes the public financial operations for which it has the responsibility to audit.

Indicator Domain Dimensions Score35 Overall score
A. Independence and Legal Framework
SAI-1 Independence of the SAI
  1. Appropriate and effective constitutional framework
  2. Financial independence/autonomy
  3. Organisational independence/autonomy
  4. Independence of the Head of SAI and its Officials
  1. 1
  2. 4
  3. 4
  4. 4
SAI-2 Mandate of the SAI
  1. Sufficiently broad mandate
  2. Access to information
  3. Right and obligation to report
  1. 4
  2. 4
  3. 2

SAI 1: Independence of the SAI

Dimension 1: Appropriate and effective constitutional framework

The foundation for the SAI’s existence needs to be recognised in the state’s legal framework. The Lima declaration highlights that the SAI should be anchored in the country’s supreme law to ensure its appropriate sustainability and authority.

Although New Zealand does not have a single constitutional document, it does have a collection of legislation, legal documents, common law derived from court decisions, and conventions. The Office is established by the Public Audit Act 2001. This Act sits in a comprehensive public finance framework, which includes the Public Finance Act 1989, the Crown Entities Act 2004, and others. As a result there is no constitutional protection for the Office because Parliament can repeal the relevant Acts by a simple majority vote.

The Public Audit Act 2001 provides a strong framework establishing the independence of the Office. However, the lack of constitutional protection prevents us from giving a maximum score in this dimension.

The High Court has the jurisdiction to enforce the standard set by section 9 of the Public Audit Act 2001: the duty to act independently through either judicial review or declaratory judgment. If the executive attempted to direct the Auditor-General, this would be in breach of section 9. The Auditor-General would be able to take legal action in the High Court to seek a declaratory judgment that the direction was unlawful.

Section 39 of the Public Audit Act 2001 specifies that obstructing, hindering, resisting, or misleading the Auditor-General is an offence and punishable by a fine.

The Office regularly considers whether there have been issues or events that would indicate a need to review the Public Audit Act 2001. This assessment is completed by an independent expert in conjunction with Australian SAIs. At this point in time no change to the Public Audit Act 2001 has been identified as necessary.

4.9 We determine there is no need for the Auditor-General to seek a change to these arrangements because the independence framework under the Public Audit Act 2001 is as strong as it can be in the absence of a constitutional document.

Dimension 2: Financial independence/autonomy

The Office benefits from the highest degree of financial independence and autonomy. The Auditor-General has the necessary resources and freedom to manage the Office’s budgets without interference from the executive. This independence covers the entire budget process, from proposal to operations after the budget has been adopted by the legislature.

The salary of the Auditor-General and Deputy Auditor-General are appropriated through legislative authority and may not be reduced during the term of appointment. The operations of the Office are provided for by charging public entities a reasonable fee for financial audit work. The Crown has no power to influence or set these fees. There is an established criteria for setting audit fees, and the Public Audit Act 2001 allows for arbitration if there is disagreement between the public entity and the Auditor-General.

Parliament must approve annual appropriations for funding other duties and powers. The Responsible Minister is the Speaker of the House of Representatives. The process for including funding in the Officers of Parliament budget is different from other departments. As stated in section 26E of the Public Finance Act 1989, rather than being mediated by Crown Ministers, the Officers of Parliament Committee receive funding requests directly from the Office. They scrutinise these requests (with advice from the Treasury), and ask the Crown to include the funding in the Estimates and Appropriation Bill. By constitutional convention, the Crown complies with the Committee's request without question.

Vote Audit is included in the Estimates and Appropriation Bill and enacted in the Appropriation Act in the same way as other appropriations.

The Office’s funding is under the Auditor-General's control in Vote Audit. It is in the form of a multi-category appropriation, meaning the Auditor-General can vary the allocation as they see fit. The Auditor-General reports to Parliament annually on the financial year-end, and is subject to an annual review hearing with the Officers of Parliament Committee to raise any concerns about the sufficiency of resources to enable the Office to fulfil its mandate.

The only limits on the Office’s financial freedom are a restriction on the ability to borrow, to give a guarantee, or to establish a subsidiary without ministerial approval. These are not considered material limitations to the Office’s financial independence.

There have been no instances where the Office has experienced interference from the executive regarding the setting, access, or allocation of its budget.

Dimension 3: Organisational independence/autonomy

The Office benefits from the highest degree of organisational independence and autonomy, enabling it to effectively implement its mandate.

The Public Audit Act 2001 states that the Auditor-General is an Officer of Parliament, appointed by the Governor-General on the recommendation of the House of Representatives. There are some reasonable limitations on the Auditor-General – they cannot be a member of Parliament or a local authority, nor can they hold any other office or occupation without the Speaker's approval. The Act requires the Auditor-General to act independently in the exercise of their functions, duties, and powers. It also states that the Auditor-General is a corporation sole with perpetual succession and a seal of office, and can incur all the liabilities and obligations of a body corporate of full capacity.

The Auditor-General has complete autonomy to employ staff as necessary and on appropriate terms. The Public Audit Act 2001 binds the Auditor-General by the principle of being a good employer.

The Auditor-General is obliged by the Public Audit Act 2001 to produce a work plan each year. The Annual Plan fulfils this requirement. The Speaker, select committees, and individual members of Parliament can comment on the proposed plan, but they have no power to enforce changes.

Dimension 4: Independence of the head of SAI and its officials

The Public Audit Act 2001 establishes the independence of the Auditor-General as the head of the Office, and provides appropriate protection for all of its officials. The Auditor-General's term is limited to seven years, with no allowance for reappointment. The Deputy Auditor- General's term is limited to five years, with allowance for reappointment. These terms are considered long enough to allow the mandate of the Office to be carried out effectively.

The Public Audit Act 2001 provides the Auditor-General and the Deputy Auditor-General similar protections to those that apply to a High Court Judge, with removal from their positions only possible through a process that ensures independence from the executive. We are satisfied that this allows them to carry out their mandate without fear of retaliation.

The Auditor-General, Deputy Auditor-General, and all persons employed by them are protected from personal liability when performing a function, duty, or power under the Public Audit Act 2001 in good faith.

SAI 1 Conclusion

Although New Zealand does not have a single constitutional document that protects the Public Audit Act 2001 from being repealed, New Zealand benefits from a very strong framework that gives independence to the Auditor-General and allows for the autonomy of the Office.

SAI 2: Mandate of the SAI

Dimension 1: Sufficiently broad mandate

The Public Audit Act 2001 establishes the Auditor-General as the auditor of all public entities. The financial audit mandate covers financial statements, accounts, and other information that the public entity is required to have audited. The Public Audit Act 2001 enables performance audits, and any services other than financial audit,36 to consider all aspects of public entities, except for the Reserve Bank of New Zealand. The Public Audit Act 2001 also enables the Auditor-General to inquire, either on request or on their own initiative, into any matter that concerns a public entity's use of its resources.

The Public Audit Act 2001 states that the Auditor-General has a duty to act independently, exercise all functions, duties and powers, and report on whatever they consider is relevant. The Act also states it is an offence to intentionally obstruct, hinder, or resist the Auditor- General exercising their powers. As a result, all audits are conducted free from interference. This includes the selection of audit issues, planning of the audit approach, and the approach to the conduct, reporting, and follow-up of all audits required by the Mexico Declaration (ISSAI 10:3).

Dimension 2: Access to information

The Public Audit Act 2001 requires the chief executive and the governing body of a public entity to ensure that the Auditor-General has access at all times to the relevant documents. The Public Audit Act 2001 also gives the Auditor-General power to get all the required information and access to a public entity’s premises. It is an offence under the Public Audit Act 2001 to keep information from the Auditor-General. A warrant can be issued by a district court judge to gain access to the premises of any public entity if there are reasonable grounds to suspect that documents, information, or other evidence is held at those premises.

Dimension 3: Right and obligation to report

The Public Audit Act 2001 requires the Auditor-General to report annually to the House of Representatives on the performance and exercise of the Auditor-General's functions, duties, and powers. The Public Audit Act 2001 also enables the Auditor-General to report to a Minister, committee of the House of Representatives, a public entity, or any person, regarding the performance and exercise of the Auditor-General's functions duties and powers.

A lot of time and effort is put into natural justice processes, before the Auditor-General’s reports are published. However, the decision on what, when, and how to report, following comment, rests with the Auditor-General.

It is important to note the Public Audit Act 2001 is not in a formal constitution. Therefore the Act can be repealed by a simple majority vote of the legislature, which is a risk to the mandate of the Auditor-General. As a fundamental criteria of this dimension is for the audit mandate to be a part of the constitution, the score cannot be higher than two. We do, however, believe the Public Audit Act 2001 provisions are as strong as they can be in the current constitutional context.

SAI 2 Conclusion

New Zealand does not have a single constitutional document that protects the Public Audit Act 2001 from being repealed. In all other respects the Office benefits from a very strong framework that allows an extensive mandate, with full access to information and no limitations on its ability to report.

Domain B: Internal governance and ethics

One of the aims of ISSAI 12 (The value and benefits of SAIs – making a difference to the lives of citizens) is that SAIs should lead by example and be model organisations. A SAI should advance transparency and accountability through good governance and ethical conduct. Domain B assesses the important elements of the SAI’s internal operations and governance approach in order to obtain a full understanding of its strengths and weaknesses at the organisational level. The indicators measure the foundations the SAI has established for conducting its activities.

IndicatorDomainDimensionsScoreOverall score
B. Internal Governance and Ethics
SAI-3 Strategic Planning Cycle
  1. Content of the Strategic Plan
  2. Content of the Annual Plan/Operational Plan
  3. Organisational Planning Process
  4. Monitoring and Performance Reporting
  1. 3
  2. 3
  3. 4
  4. 3
SAI-4 Organisational Control Environment
  1. Internal control environment – Ethics, Integrity and Organisational Structure
  2. Systems of internal control
  3. Quality Control System
  4. Quality Assurance System
  1. 3
  2. 2
  3. 4
  4. 2
SAI-5 Outsourced Audits
  1. Process for Selection of Contracted Auditor
  2. Quality Control of Outsourced Audits
  3. Quality Assurance of Outsourced Audits
  1. 4
  2. 4
  3. 4
SAI-6 Leadership and Internal Communication
  1. Leadership
  2. Internal Communication
  1. 4
  2. 4
SAI-7 Overall Audit Planning and Follow-Up
  1. Overall Audit Planning Process
  2. Overall Audit Plan Content
  3. Existence of Effective Follow-up Mechanisms
  1. 4
  2. 3
  3. Not rated

SAI 3: Strategic planning cycle

Dimension 1: Content of the strategic plan

The Auditor-General’s strategy 2013-17 (the Office’s Strategy) was developed in 2012 after an assessment focusing on how the Office can positively influence the changing public sector environment, particularly with respect to accountability and the quality of services. The assessment was tested with external stakeholders. It was also used to perform a gap analysis to determine the strategic goals of the Office. The strategy was focused on outcomes desirable within three years.

The Office’s Strategy includes a framework and a set of measures that assess services, internal capabilities, and the operating environment. The Office’s Strategy also points to annual planning documents for more specific measures and targets. There is room for the Office’s Strategy indicators to be refined to more effectively demonstrate the impact and outcomes of the Office.

The Office’s Strategy does not include an implementation matrix, prioritisation information, or other corporate documentation to explain how its goals will be achieved. There is also no mention of risks in achieving the strategic goals and how to mitigate them. Although there is an overall annual and business unit planning process, there is no clear flow between the documents. This is because the Annual Plan is product-focused whereas the Office’s Strategy presents high-level outcome and impact goals. A prioritisation tool would enable the links between these processes, and the resulting documents, to be clearer.

Dimension 2: Content of the annual plan/operational plan

The Annual Plan defines the Office’s activities as the financial audits, performance audits, inquiries, and other work. The Annual Plan states that appointed auditors are responsible for annual audits and associated compliance audits, and the Assistant Auditor-General for the Performance Audit Group is responsible for the performance audit programme. The Auditor-General is responsible for all audits.

There are no specific timetables in the Annual Plan for the financial audits. However, they are expected to be completed within the statutory deadlines. Where there is no statutory deadline specified, five months after balance date is standard practice. These statutory deadlines drive the annual audit work. Due to the varying duration of planned performance audits, which can range from 6-18 months, there is no timetable for the completion of these audits. The plan clearly sets out the audits to be started during the year.

Each business unit’s business plan addresses operational matters and how the work set out in the Annual Plan will be completed. However, it is not always clear how business plans link to the Annual Plan. The Annual Plan is linked to the budget estimates by Vote documents, which set the budget and resourcing information for the year and form part of Parliament’s annual budget documentation.

An effective Annual Plan is expected to include clear links to the Office’s Strategy and an assessment of the risks connected to achieving its objectives. The current Annual Plan does not meet these criteria, as there is no addressing of risks and there is a lack of clarity beyond a broad conceptual link to Strategic Plan goals.

Dimension 3: Organisational planning process

Ownership of the planning process is critical to the Office’s success. There is clear ownership of the Office’s Strategy goals. A variety of staff and stakeholders were engaged in the strategy and development of the Annual Plan and annual work programme processes. This engagement, which involved a large selection of staff, featured successful cross-office workshops. Before Parliament is formally consulted on the Annual Plan and annual work programme, there are informal consultations with a broad range of stakeholders. These less formal consultations continue to develop each year and are evaluated to assess their value.

There is a document that outlines the timeline and responsibilities for the completion of planning processes. The annual planning and work programme processes (to plan the performance audit and other discretionary work programmes) are evaluated every year. As a result, the process, particularly the initial proposal, engagement and consultation, is being refined on an ongoing basis.

There were meetings with senior leadership team members to identify and agree the strategy monitoring and reporting processes. The Office’s Strategy is subject to periodic monitoring and a traffic light system is used to simply communicate progress against the goals. The Annual Plan is subject to monthly assessment by the leadership team. Business plans are monitored more informally at a team level.

Overall the processes are strong and robust and there is an on-going effort made to further refine them each year.

Dimension 4: Monitoring and performance reporting

The Office reports annually to Parliament in its Annual Report. This includes reporting against the strategic objectives, service performance outputs, organisational health and capability, and financial performance. Reporting against the high-level outcomes set out in the Office’s Strategy is supported by surveys completed by the State Services Commission and Transparency International. Reporting against performance measures includes annual and independent survey work assessing public entities’ views of the audit work carried out. Currently there is no survey to evaluate the public’s view of the audit work. This is an area that warrants further consideration.

ISSAI 12 requires the Auditor-General to make the standards and methodologies that they apply public. The Office publishes its auditing standards and makes them available on its website. All appointed auditors are required to complete audits based on these standards and to apply the New Zealand version of International Standards on Auditing (ISAs), which are publicly available on the XRB website. The appointed auditors’ work, completed on behalf of the Auditor-General, is evaluated against these standards.

The Office publishes the results of any performance evaluation undertaken by peer review. The most recent independent peer review of the Office was completed and published in 2008. Quality assurance results of all of the Office’s appointed auditors are disclosed in the annual report. The report states, "All appointed auditors have a quality assurance grade of at least ‘satisfactory’, based on our most recent quality assurance review."

The Office does not evaluate the impact of its audit activity on public entities’ cost savings or operational efficiency improvements.

SAI 3 Conclusion

The Office is guided by a Strategic Plan that was developed through a robust and inclusive process. However, there is room to improve future versions of the Strategic Plan by ensuring that there are clear evaluation tools included to assess the outcome and impact goals. There is also a need to clearly prioritise and better link the Office’s Strategy goals and objectives to the Annual Plan. There is also a need for a risk assessment tool and for clarity around approaches to mitigate identified risks in both strategic and annual planning.

The operational planning processes are strong and robust. The monitoring and reporting against the strategic and annual planning frameworks is sound overall. However, there is room to include an evaluation of public’s view of audit effectiveness. The Office does not evaluate the savings achieved and/or efficiencies gained as a result of audit input into the activities of public entities.

SAI 4: Organisational control environment

Dimension 1: Internal control environment – ethics, integrity, and organisational structure

The Auditor-General developed a set of professional ethical standards that must be followed by all auditors of public entities. The standards are based on the XRB ethical standards, which are based on the standards established by the International Federation of Accountants (IFAC). The Auditor-General’s ethical standards are accessible on the Office’s website.

Whether employed by the Office or contracted to complete work for the Office, the standard applies to every auditor completing audits, or other work, for the Auditor-General. All staff are provided training on the professional ethical standards as part of the Office’s professional development programme. Employees are also obligated to comply with the standards as part of their employment contract.

The Office uses a comprehensive Employee Independence Declaration system in order to mitigate potential risks, support ethical behaviour, and address any breach in ethical values. Each staff member must formally review this either every six months or immediately on the change in nature of any independence matter.

The Office’s organisational structure clearly sets out job descriptions for individual roles. This ensures that responsibility for work carried out is clearly defined and reporting lines are clear.

The Office does not use a formal tool to assess its vulnerability to integrity violations, as it is not considered necessary. The Office’s ethical standards, which all staff must follow, address integrity of behaviour.

Dimension 2: System of internal control

This framework considers the systems of internal control that are central to many of the Office’s operations. The focus of this dimension is on parts of the control system that are required to effectively manage the risk and control of SAI operations. The Office has reasonable processes for identifying, mitigating, and monitoring major operational risks. These current processes are under review, with the aim of improving the monitoring of operational risks. An appropriately formalised quarterly monitoring process is in place relating to the operations of Audit New Zealand. However, processes in the whole Office are not currently consistent. There is no annual declaration process for senior management to provide assurance they have carried out their risk management responsibilities. Although there are some monthly declarations completed by Audit New Zealand’s appointed auditors for the purposes of meeting indemnity insurance reporting requirements, these processes do not address the intentions of the INTOSAI GOV 9100 – Guidelines for internal control standards for the Public Sector. As risk management is an important part of internal control framework good practice, the weaknesses in the Office’s current processes have reduced its overall score for this dimension.

The Office documents internal control policies and procedures. These processes are applied in all of the Office’s operations. The Auditor-General signs a statement of responsibility that is published in the Office Annual Report. The statement declares that the Auditor-General ensures that the Office has established and maintained systems of internal control designed to provide ongoing assurance of the integrity and reliability of financial reporting. Leadership team members support this with letters of representation to the Auditor-General. The Office has an internal audit programme that is carried out by an independent and appropriate external auditor. Recommendations from the audit contractors are monitored and the progress of implementation is reported to the Audit and Risk Committee.

However, this programme has not consistently or comprehensively addressed all key aspects of internal controls during the last five years. The reporting of internal audit findings is compromised as the auditor reports to the Assistant Auditor-General – Corporate Services, who is responsible for appointing them and is part of the senior management team. As an independent and comprehensive internal audit program is a fundamental component of internal control framework good practice, the weaknesses in the Office’s current processes have reduced the overall score for this dimension.

The Office has a “whistle blower” policy that provides staff guidance on how to report suspected violations of policies and processes. Although INTOSAI GOV 9100 recommends a job rotation policy to manage possible conflicts of interest, we were unable to identify any areas of the Office’s operations that would benefit from this..

Dimension 3: Quality control system

The Office completes all of its work (financial audits, performance audits, and other work) within a comprehensive framework of standards that require all auditors to have quality control systems in place to ensure independence. The Office promotes quality and good practice through guidance to public entities, which is published on its website.

Overall responsibility for the quality of audit and other work lies with the Auditor-General. Functionally, this responsibility is delegated to the Assistant Auditor-General - Accounting and Auditing Policy to perform the role of Chief Quality Officer and to the Director of Quality Assurance to oversee and carry out the quality assurance programme.

A comprehensive system of a cyclical auditor quality assurance review is in place to mitigate the risks to audit and other work quality, as described in dimension 4.

The annual financial audit cycle for all public entities is well established in New Zealand law, leading to systems that ensure this work is appropriately resourced. These audits are all carried out under the Auditor-General’s standards to ensure that quality is maintained. The performance audit and other work programme is reviewed on an on-going basis to ensure that capable and competent staff are able to complete all work in appropriate time frames and meet quality standards.

Dimension 4: Quality assurance system

The Office has a strong quality assurance (QA) system. Responsibility for the QA programme lies with the Director of Quality Assurance, a senior employee with relevant expertise and independent of the completion of all audit work. An annual work programme for the QA team is approved by the Leadership Team. The results of the work are reported to both the Leadership Team and the Audit and Risk Committee. The appointed auditors, whose work is subject to quality assurance, are provided with information about the plan and the approach.

Following the completion of QA reviews, findings are notified to the appointed auditor whose files are sampled and summarised annually in a report to the Leadership team. Summary findings are subsequently shared with all auditors.

Performance audits are also subject to QA review. This happens less frequently than the annual review and what is recognised as good practice by ISSAI 40 – Quality Control for SAIs. Internal QA is completed every three years and an external peer review is completed by the Australian National Audit Office every two years. Performance audit reports are reviewed by a panel of readers each year, but this review is not technical and does not extend beyond the performance audit report. The QA team also completes reviews of other Office products. At present this does not formally include a cyclical review of compliance audits, although some of these audits have been reviewed in 2016. As a result of issues with the frequency of QA reviewing of performance and compliance audits, the score for this dimension has been reduced.

SAI 4 Conclusion

The Office has robust professional and ethical standards, and the application of the standards is effectively monitored. There are some weaknesses in the system of operational internal control. The risk management systems are not as well developed or formalised as recommended. The processes and procedures for internal control have been well established. However, internal audit testing to ensure all systems are operating effectively is not as comprehensive as it could be. The lack of independent reporting by the internal auditor is also a weakness. The quality assurance system is comprehensive, however it is not applied annually to all non-annual audit work.

SAI 5: Outsourced audits

Dimension 1: Process for selection of contracted auditors

The Office has sound policies and procedures to help with the selection of contracted auditors. These policies and procedures provide the Office with reasonable assurance of the competence and capability, and legal and regulatory requirements, of contracted auditors to complete the financial audit. The arrangements between the Auditor-General and each contracted auditor and public entity are set out in the Audit Engagement Agreement. This agreement sets the specific standards to be met, the required ethical behaviours, confidentiality, and requirements to manage conflicts of interest. The Office provides resources, such as annual audit briefs and other material posted on its website, to support the contracted auditor’s public sector knowledge. The Auditor-General’s requirements for quality control by contracted auditors are available on the Office’s website and in the Audit Engagement Agreement.

The contracted auditor must sign the Audit Engagement Agreement as confirmation they are able to meet the required standards.

Dimension 2: Quality control of outsourced audits

The Office applies the same system of quality control to financial audits carried out by Audit New Zealand and financial audits carried out by other contracted auditors. This system has been assessed at SAI-4 (iii) and is found to be strong and meets all the relevant criteria. The Audit Engagement Agreement specifies that all audit work papers remain the property of the Auditor-General.

Contracted auditors have the authority to issue standard audit reports in the name of the Auditor-General, provided they follow the internal quality control procedures. Where an audit report is non-standard, and there is no precedent on how the issue should be addressed, the Auditor-General’s Accounting and Auditing Policy team needs to lead a review process.37

Dimension 3: Quality assurance of outsourced audits

The Auditor-General’s quality assurance system is applied to all financial audits, whether carried out by Audit New Zealand as the Office’s own business unit or as outsourced audits. This is further discussed in SAI 4 dimensions (iii) and (iv) above.

All audit firms doing work for the Auditor-General must also complete an annual declaration regarding their compliance with the Auditor-General’s auditing and ethical standards, and the standards of the relevant professional bodies. The Auditor-General expects all Audit Service providers to have their own quality assurance processes in place. The audit firms must disclose to the Auditor-General the results of any practice review completed by the New Zealand Institute of Chartered Accountants (NZICA) or Quality Review by the Financial Markets Authority.

SAI 5 Conclusion

The Office outsources a significant proportion of its financial audits. A robust system is in place to manage the selection of contracted auditors and set the quality standards which those auditors must follow. The approach to managing all aspects of outsourced audits meets all the criteria set out in the ISSAIs.

SAI 6: Leadership and internal communication

Dimension 1: Leadership

The Office has clear leadership groups that cover the varying aspects of the management and operations of the organisation. The roles, accountabilities, and services of each group are set out in the Auditor-General’s leadership team charter. These groups meet regularly, and decisions from these meetings are communicated to staff in monthly staff meetings, briefings to teams by members of the leadership team, emails, and updates from the Auditor-General published on the intranet. However, there is room for the minutes of leadership team meetings to more clearly include what needs to be communicated to staff.

The Office values of independence, integrity, and professionalism are stated in the one page summary of its strategy. They are largely accepted as implicit values and emphasised in staff gatherings such as OAG communications meetings and the end of the financial year celebrations. Audit New Zealand has recently revised its core values and essential behaviours, which are consistent with the strategy values. Executive Leadership Team roadshows and supporting publications have promoted these revised values and essential behaviours.

The Office has a well-documented delegation system and also a formalised performance review process. The policies and procedures include actions to be taken to address poor performance. There are a variety of formal (such as performance review and remuneration frameworks) and informal (such as local office awards, wall of recognition, “praise and impact” acknowledgements to staff from weekly leadership team meetings, and recognition in the Audit New Zealand internal staff magazine Straightforward) incentive programmes to encourage better performance and reward behaviours that align with the Office’s values. The informal recognition schemes are more developed and regularly used in Audit New Zealandthan in the OAG.

The Office has not taken any recent initiatives to improve the “tone from the top” or strengthen organisational culture. These are not considered necessary, because the Office is in a “steady state” with strong leadership and a sound organisational culture. The overarching policies in the Auditor-General’s Professional and Ethical Standards set the tone and expectations from which all actions are measured. These policies are supported by various initiatives emphasising the importance of audit quality, such as Audit New Zealand’s Audit Quality Improvement Plan (AQIP), which formed the basis of an ongoing audit quality plan.

Dimension 2: Internal communication

The Office clearly communicates its mandate, vision, and values to staff through corporate documents such as the Office’s Strategy and the Annual Plan. These documents are published on the Office’s website.

The Offices uses a range of communication methods to keep staff informed of issues and decisions. These include monthly communications meetings, the Auditor-General’s “Keep up” weekly intranet update, and one-off meetings to inform staff on important or sensitive matters. Depending on the size and nature of the team, local offices and teams use different approaches to pass on leadership team messages and information. The Source (the Office’s document and records management system) and the intranet are the main online communication tools. The Auditor-General and Deputy Auditor-General do annual visits to each office and the Executive Leadership Team of Audit New Zealand complete several visits each year.

The annual staff engagement survey asks staff if they agree “at work my opinion seems to count”. In the 2016 survey, 66% of staff responded with “agree” or “strongly agree”.

SASI 6 Conclusion

The leadership team of the Office communicates clearly with staff on a regular basis. The communication effectively sets the tone and organisational culture, and provides appropriate incentives to focus on achieving high standards of ethics, professionalism, and quality work.

SAI 7: Overall audit planning and follow-up

Dimension 1: Overall audit planning process

All public sector entities are subject to a financial audit on an annual basis, so prioritisation decisions are not required in this area of work.38 Decisions about the prioritisation of resources, therefore, centre on performance audits and other discretionary work. Care is taken during the selection process of a performance audit and other work topics so they:

  • are within mandate:
  • address the highest risk areas for the public sector based on a thorough scanning and risk assessment process; and
  • take account of stakeholder feedback on the proposed programme.

After the completion of the annual planning process, responsibilities for monitoring and delivery of the work programme are assigned. For financial audits, this responsibility rests with the appointed auditors. For performance audits, responsibility rests with the Assistant Auditor-General - Performance Audit. The responsibility for other work is assigned to a relevant leader on a case-by-case basis.

Dimension 2: Overall audit plan content

The Office’s Annual Plan presents the content of the annual work programme. This is a public document that provides a high-level description of the annual financial audit work, and a description of each part of the other planned work programme. Along with this public document is a work programme plan that considers audit timing and resource allocations, as well as more detailed plans for each piece of work.

There is no risk assessment process for delivery constraints of financial audits, but appointed auditors are obligated to communicate risks and issues to the Office in an “eyes and ears” capacity. Delivery constraints and timeliness issues are part of regular audit service provider meetings and Leadership Team meetings for performance audits.

Dimension 3: Existence of effective follow-up mechanisms

We have decided to not score this dimension. We have addressed the follow-up systems for financial audits (SAI-11), performance audits (SAI-14), and compliance audits (SAI 17) elsewhere in the framework. We also note that this dimension has been removed from the updated version of the SAI PMF that superseded v3.2, reflecting that this dimension is effectively a “double-up” of other measures.

SAI 7 Conclusion

The overall annual planning process is robust and thorough. Responsibility for monitoring delivery of the work programme is appropriately assigned. The completion of the work programme is reported in the Office’s Annual Report, including performance against statutory time frames. The details of the work programme conform to best practice recommendations, although there is scope to address any delivery constraint risks in the corporate planning documents.

Domain C: Audit quality and reporting

There are a number of ways to carry out public sector auditing. The mandate of the SAI defines its responsibilities for conducting various types of audits. ISSAI 100 defines the fundamental principles of public sector auditing. These principles apply to all types of audits. ISSAIs 200, 300, and 400 address the specific standards and guidance applying to financial audit, performance audit, and compliance audit respectively. The focus and approach to each type of audit is set out in summary below.

Financial audits focus on whether an entity’s financial information is presented in accordance with the financial reporting and regulatory framework. The auditor accomplishes this by obtaining sufficient and appropriate audit evidence. This evidence will enable them to express a reasonable assurance-based opinion on whether the financial information is free from material misstatement whether due to fraud or error.

Performance audits focus on whether interventions, programmes, and institutions are performing in accordance with the principles of economy, efficiency, and effectiveness, and whether there is room for improvement. This is accomplished by examining performance against suitable criteria and analysing causes of deviations from criteria. The aim is to answer key audit questions and provide recommendations for improvement.

Compliance audits focus on whether a particular subject matter is in compliance with criteria identified by the applicable authorities. Compliance auditing assesses whether activities, financial transactions, and information are, in all material respects, in compliance with the authorities that govern the entity.

The focus of this domain is to assess the quality as well as outputs of the audit work that is the core business of the SAI.

IndicatorDomainDimensionsScoreOverall score
C. Audit Quality and Reporting
SAI-8 Audit Coverage
  1. Financial Audit Coverage
  2. Performance Audit Coverage
  3. Compliance Audit Coverage
  1. 4
  2. 4
  3. 1
SAI-9 Financial Audit Standards and Quality Management
  1. Financial Audit Standards and policies
  2. Financial Audit Team Management and Skills
  3. Quality Control in Financial Audit
  1. 4
  2. 4
  3. 4
SAI-10 Financial Audit Process
  1. Planning Financial Audits
  2. Implementing Financial Audits
  3.  Evaluating Audit Evidence, Concluding and Reporting in Financial Audits
  1. 3
  2. 3
  3. 3
SAI-11 Financial Audit Results
  1. Timely Submission of Financial Audit Results
  2. Timely Publication of Financial Audit Results
  3. SAI Follow-up on Implementation of Financial Audit Observations and Recommendations
  1. 4
  2. Not applicable
  3. 2
SAI-12 Performance Audit Standards and Quality Management
  1. Performance Audit Standards and Policies
  2. Performance Audit Team Management and Skills
  3. Quality Control in Performance Audit
  1. 3
  2. 4
  3. 4
SAI-13 Performance Audit Process
  1. Planning Performance Audits
  2. Implementing Performance Audits
  3. Reporting on Performance Audits
  1. 2
  2. 3
  3. 2
SAI-14 Performance Audit Results
  1. Timely Submission of Performance Audit Reports
  2. Timely Publication of Performance Audit Reports
  3. SAI Follow-up on Implementation of Performance Audit Observations and Recommendations
  1. 4
  2. 4
  3. 4
SAI-15 Compliance Audit Standards and Quality Management
  1. Compliance Audit Standards and Policies
  2. Compliance Audit Team Management and Skills
  3. Quality Control in Compliance Audit
  1. 4
  2. 1
  3. 4
SAI-16 Compliance Audit Process
  1. Planning Compliance Audits
  2. Implementing Compliance Audits
  3. Evaluating Audit Evidence, Concluding and Reporting in Compliance Audits
  1. 2
  2. 2
  3. 3
SAI-17 Compliance Audit Results
  1. Timely Submission of Compliance Audit Results
  2. Timely Publication of Compliance Audit Results
  3. SAI Follow-up on Implementation of Compliance Audit Observations and Recommendations
  1. Not rated
  2. Not applicable
  3. 0
Not rated

SAI 8: Audit coverage

Dimension 1: Financial audit coverage

The Auditor-General is required to complete the annual financial audit of all public sector entities. The requirement to complete the audit is set out in section 15 of the Public Audit Act 2001. It states that these audits must include the financial statements, accounts, and other information that a public entity is required to have audited. This is further outlined in an array of legislation that specifically establishes and defines the audit requirements for different types of public entities.

The Office conducts the annual financial audits of all financial statements received for auditing. Where financial statements are not received on a timely basis, there is active follow-up. This follow-up is primarily the responsibility of the appointed auditor but they are supported by the relevant OAG staff.

In 2015, the Office presented to Parliament a one-off report detailing the timeliness of receiving financial statements for audit and the extent and reason for delays. Timeliness of reporting is in the annual results reports, covering the most significant entities in the local government and central government sectors.

Timeliness is also covered in the Office’s Annual Report, which includes information and reasons on audit reports not signed within the statutory time frame. In the 2015/16 Annual Report, it was reported that 76% of audits were completed within the statutory time frame and that the five-year average was 70%. The Annual Report also presents statistics for why the statutory time frame was not met. In 2015/16, it found that only 11% of the audits not completed on time were attributed to auditor inactivity; in the remaining 89% of cases, the auditors were waiting for information to be provided by the public entity.

Dimension 2: Coverage, selection, and objective of performance Audit

The mandate for performance audits is set out in section 16 of the Public Audit Act 2001. The mandate covers efficiency and effectiveness, compliance with statutory obligations, and acts or omissions to determine whether waste has occurred, or whether there is a lack of probity or financial prudence by a public entity. All performance audit topics considered by the Office are tested against this mandate.

In the process of developing the annual work programme, the Office carries out an assessment of risks and issues (including an assessment of relative significance) in the public sector. These are captured through sector-based environmental scans and tested through a thorough and collaborative process involving a wide range of staff. After this process, the draft work programme is developed, giving consideration to auditability and impact of suggested topics. Stakeholders across the public sector are asked to comment on the draft work programme. Feedback from the comment phase of the Draft Annual Plan is considered and, where appropriate, the draft work programme is changed or added to before being finalised and published in the Annual Plan presented to Parliament.

Performance audits carried out in the past five years have covered a wide range of entities and issues across the public sector.

Dimension 3: Coverage, selection, and objective of compliance audit

Compliance audits are a very small part of the total work of the Office. Therefore, there is no process in place to determine what compliance engagements are carried out on behalf of the Auditor-General, or to assess risk and materiality. The annual work programme does not refer to compliance audits and there is no separate collation or analysis of compliance-based audit work. However, where applicable, there is information on how to conduct compliance audits in the relevant sector brief issued by the OAG to appointed auditors.

SAI 8 Conclusion

The identification and coverage of financial and performance audits is highly structured and well planned, meeting all of the criteria to the highest level set out in the PMF. Compliance audits are a very small part of the audit work carried out by the Office. Some compliance audit work is done in conjunction with financial and performance audits. There is no process co-ordinating compliance audits carried out as separate engagements.

SAI 9: Financial audit standards and quality management

Dimension 1: Financial audit standards and policies

ISSAI 200 sets out the fundamental principles of financial auditing. It is critical that the SAI has policies and procedures in place to assist its auditors to interpret its more generic standards. In New Zealand, all auditors completing financial audits on behalf of the Auditor-General are required to apply New Zealand equivalents of International Standards on Auditing (NZ ISA) and, where applicable, the Auditor-General’s Auditing Standards.

The NZ ISA addresses all the key elements of the financial audit process.

Additionally, Audit New Zealand has an Audit Manual and a Quality Control Manual that provides guidance on how to implement the auditing standards. These manuals address policies and procedures on how to determine materiality, audit documentation requirements, and the nature, extent, and timing of audit procedures.

Dimension 2: Financial audit team management and skills

ISSAI 200 also sets out the professional competencies and skills that the audit team must have to carry out an audit to a sufficiently high standard. Audit New Zealand has a system to ensure that the engagement team has the appropriate competencies and capabilities. This system is contained in the Audit New Zealand Leadership Framework, which outlines the competencies required at each level, from Assistant Auditor 1 to Audit Director. Audit New Zealand’s professional development training programme also links to this competency framework. The Audit New Zealand Performance Planning and Review Policy is used to monitor staff performance against the competencies in the Leadership Framework.

The Leadership Framework addresses all areas that are considered fundamental skills, knowledge, and expertise.

The Office supports all audit service providers to supplement their in-house training programmes. This is done by issuing annual sector briefs that provide information about sector-specific issues and risks for auditors, and specific training where appropriate.

Audit New Zealand also provides guidance in its Audit Manual on developing the audit strategy and audit plan, evaluating the internal control environment, and assessing the risk of material misstatements.

Dimension 3: Quality control in financial audit

The auditing standards require the reviewing of less-experienced team members’ work. In the case of Audit New Zealand, its Quality Control Manual has specific review procedures to support the reviewing. The Office also has a technical team providing support to all appointed auditors. This is a supplementary resource to the technical support functions operated by each audit service provider. Audit New Zealand has an expert technical team as part of its Professional Practices Group (PPG). These technical services enable auditing and financial reporting standard requirements on complex and contentious matters to be met. They also help resolve any technical disagreements in the engagement team.

The Auditor-General’s Statement on Quality Control (AG PES 3) sets out the requirements for engagement quality control review (EQCR), and when these additional review procedures must be carried out. Appointed auditors must follow these policies. This standard also sets out the requirements for clearance of audit reports, including clearance by the Auditor-General of non-standard audit reports. Audit New Zealand’s Quality Control Manual has processes to be followed by the audit team before progressing a non-standard audit report through the Auditor-General’s Opinion Review Committee process.

SAI 9 Conclusion

The Office, in the approach of the OAG to support appointed auditors and policies and sprocedures in place within Audit New Zealand, meets all of the ISSAI standards and best practice requirements in relation to financial audit standards and policies, audit team management and skills, and audit quality control systems.

SAI 10: Financial audit process

The OAG’s QA programme assigns appointed auditors a grade ( “excellent”, “very good”, “good”, “satisfactory” and “re-review”) after reviewing a sample of their work every three years. In 2015/16, 97% of appointed auditors were graded at least “satisfactory” (up from 95% in 2014/15). The 3% who were graded below satisfactory were school auditors working in small auditing firms. This shows that the standard of financial audits performed on behalf of the Office is high.

The most recent independent assessment of Audit New Zealand’s audit practice was the New Zealand Institute of Chartered Accountants’ Practice Review in 2012. The next review is currently in progress, along with a Financial Markets Authority’s quality review. Because the most recent assessment was not in the last three years, all dimensions in SAI-10 can only be scored a maximum of three.

Dimension 1: Planning financial audits

In 2014/15, the OAG’s QA programme found that financial audits are generally well planned and in accordance with good practice. There are, however, exceptions:

  • Auditors’ work on understanding the public entity is not always done in a focused and purposeful way. Evidence of understanding of the public entity and its environment was sometimes insufficient, both in quality and extent, and the link to audit planning unclear.
  • On many school audit files, appointed auditors tested the implementation of key controls by enquiry alone, rather than through observation and inspection.
  • Some weaknesses were identified in controls’ testing. Some audit procedures claiming to test the operational effectiveness of controls were tests of detail. Sample sizes for control tests were often too small or did not cover the entire period. Where controls testing identified exceptions, auditors sometimes concluded that controls were reliable without explaining the basis of their judgment. They did not also assess whether there was an increased risk of fraud.
  • Some auditors did not adequately consider material accounting estimates and assess their risks of material misstatement at the planning stage of the audit, including evaluating the degree of estimation uncertainty associated with accounting estimates, and determining whether high estimation uncertainty gives rise to significant audit risks.
  • Some auditors did not sufficiently cover the risk of management override of controls and the risk of fraud in revenue recognition as part of their audit risk assessment and planning.

The planning of the 2014/15 FSG audit met all relevant ISSAI criteria.

Dimension 2: Implementing financial audits

The OAG’s QA programme (2014/15) found that financial audits are generally well simplemented and in accordance with good practice. There are, however, the following exceptions:

  • The QA team noted weaknesses in how some analytical review procedures were designed and conducted.
  • Sampling was not always done in accordance with the Audit Service Provider’s methodology and the requirements of ISA (NZ) 530. Sample sizes for testing journals, in particular, varied significantly and were often too small. The rationale for sample sizes and selecting items for testing was not always documented on the audit file. Where exceptions were found in sample testing, the appointed auditor’s response to misstatements identified was often insufficient and poorly documented.
  • ISA (NZ) 540 requires auditors to carry out specific audit procedures when auditing material estimates. These requirements were not met on some audits, in particular:
    • retrospective review of the outcome of accounting estimates included in the prior period financial statements and, where applicable, their subsequent re-estimation for the purpose of the current period;
    • determining whether the methods for making the accounting estimates are appropriate and have been applied consistently, and whether any changes are appropriate in the circumstances;
    • assessing management’s consideration of whether the accounting estimate is consistent with the operational plans of the entity;
    • where management’s expert is used for estimates, assessing the expert’s objectivity and competence; and
    • specified additional procedures where an estimate or fair valuation represents a significant audit risk.

The implementation of the 2014/15 FSG audit was found to be in line with good practice. We found it difficult to confirm that all planned audit responses to identified fraud risks had been performed, as the planning document was not cross-referenced to where the work was done. However, we were able to locate the relevant pieces of audit work in the audit file and confirmed that the identified fraud risks had been adequately addressed. Documentation could be improved in this area.

Dimension 3: Evaluating audit evidence, concluding and reporting in financial audits

The OAG’s QA programme (2014/15) found that financial audits are generally well recorded in audit documentation, misstatements were evaluated in accordance with good practice, conclusions were well supported, and the auditors properly reported their findings to management, those charged with governance, and the OAG.

SAI 10 Conclusion

Overall, the financial audit work of the Office substantially meets the criteria to score at the highest level within the PMF. However, as Audit New Zealand has not been subject to an independent quality review since 2012, the maximum score we can give is three. An NZICA practice review is currently in progress, along with a Financial Markets Authority’s quality review. There are a number of areas where practice, in particular the schools sector and some appointed auditors, needs to improve. These areas are subject to ongoing monitoring by the Office’s quality assurance programme and Audit New Zealand’s internal quality assurance system, including its Audit Quality Improvement Programme.

SAI 11: Financial audit results

It is important that the auditor communicates the audit results with the public entity and other relevant stakeholders in a timely way, and follows-up on audit findings and recommendations so that the auditor’s work can achieve its greatest value.

Dimension 1: Timely submission of financial audit results

The focus of this dimension is on reporting the auditor’s opinion. The Office achieves the highest score against the criteria. The Annual Report of the Office reports on the timeliness of audit opinions. This measure includes the timely delivery of the draft financial statements and supporting information by the public entity, and timely completion of the audit by the appointed auditor.

In 2015/16, 76% of audit reports were signed within the statutory time frame compared to 83% in 2014/15. Schools transitioning to new accounting standards, and the ongoing delayed production of year-end payroll reports, contributed to the late completion of school audits and, consequently, to the decline in 2015/16. However, timeliness overall has improved since 2012/13.

Another measure of the auditor’s timely delivery included in the Office’s Annual Report is the percentage of audit reports not signed within the statutory time frame due to auditor inaction. The target for this area is less than 30% but performance was ahead of this target at 7% for the 2015/16 year.

Dimension 2: Timely publication of financial audit results

In some jurisdictions, the SAI has the mandate to publish its audit reports. In New Zealand, the Auditor-General does not have a mandate to make the audit report available to the public; instead responsibility for publication rests with the public entity. The pieces of legislation governing the accountability arrangements of public entities set the publication timelines soon after providing the audit report to the public entity. Although the Office does not publish its audit reports, the Office’s annual report provides information summarising audit results, as does other sector-based reporting.

Dimension 3: SAI Follow-up on implementation of financial audit observations and recommendations

ISSAI 10 and ISSAI 20 recommend that a SAI should have a process for following-up on the observations and recommendations made to audited entities. However, the New Zealand auditing standards do not specifically require auditors to follow-up and report on whether audited entities have addressed recommendations. As a result, this is not formally monitored by the Office’s quality assurance processes, nor is it reported on publicly or to the legislature.

However, as standard procedure, appointed auditors monitor the entities’ responses to their recommendations. In the case of Audit New Zealand, this practice is built into audit processes, and following-up on recommendations is part of the management report template. The public entity has the opportunity to comment on corrective action taken or explain why it has not been taken.

The Office reports in its Annual Report a performance measure that seeks to assess the acceptance of recommendations and action taken by public entities. In 2014/15, 73% of recommendations were accepted by public entities. This is based on a small sample of audits as this is not monitored throughout the Auditor-General’s mandate on a systematic basis.

The Office does not formally monitor or report on the follow-up by entities of recommendations made to them by other agencies.

SAI 11 Conclusion

The timeliness of Financial Audit reporting is achieved to a high standard. This is due to a robust statutory framework for the delivery of financial statements for audit, as well as a strong performance by the Office. There is no process for the Auditor-General to monitor the response of audited entities to the auditors’ recommendations. However, monitoring does occur at the public entity level.

SAI 12: Performance audit standards and quality management

Dimension 1: Performance audit standards and policies

ISSAI 300 sets out the fundamental principles of performance auditing. It is critical that the SAI has policies and procedures in place to assist its auditors to interpret the more generic standards in the context of its environment. Our review found that the New Zealand Performance Audit Manual has all the key elements of the performance audit process set out in the relevant ISSAIs and establishes policies and procedures that meet all the requirements, with one exception.

The ISSAIs recommend that the auditor should consider the approach of the audit: being a result, problem, or system-oriented approach. The Office’s Performance Audit Manual does not include a requirement to consider the type of audit approach at the design planning stage.

Dimension 2: Performance audit team management and skills

The Office has established a training and professional development system to ensure that sperformance auditors have the necessary knowledge, skills, and expertise required for conducting a performance audit. This includes an understanding in research design, social science methods, investigation and evaluation techniques, government organisations, programmes, and functions. Furthermore, performance auditors need to have strengths in analysis, writing and communication, and the ability and experience to exercise professional judgement.

The Office also ensures the training and professional development programme supports the performance auditor to develop their professional skills.

There are no requirements of the ISSAIs that are not in place.

Dimension 3: Quality control in performance audit

The Performance Audit Manual requires a quality control review throughout the performance audit process. These requirements are designed to build quality, promote learning, and improve personal development. It also ensures quality and assists with resolving difficult or contentious matters and differences of opinion. The quality control process also ensures all quality control review work is satisfactorily resolved before formal authorisation of the report is issued.

SAI 12 Conclusion

There are robust performance standards and policies in place, documented in the Performance Audit Manual. There is a system to ensure that all performance auditors are well trained and have the appropriate professional competencies and skills to perform their work. The quality control system over performance audits is robust. Refinements and improvements are made on an ongoing basis.

SAI 13: Performance audit process

Dimension 1: Planning performance audits

We found that the planning of performance audits met best practice requirements. However, in the areas below we identified inconsistent practice or lack of evidence of compliance with the aspects of planning considered critical in the ISSAIs:

  • Materiality should be considered at all stages of the audit process, considering both financial materiality but also social and political significance.
  • The audit objective should be clearly defined and should relate to the principles of economy, efficiency, and effectiveness.
  • The auditor should identify the audit approach as being result, problem, or systemoriented or a combination of these, to facilitate a sound audit design approach.
  • The auditor should establish criteria that correspond to the audit question and are related to the principles of economy, efficiency, and effectiveness.
  • Audit criteria should be discussed with the audited entities, although the ultimate responsibility to select suitable criteria rests with the auditor.
  • Assessment of the risk of fraud.
  • Evaluation of whether, and in what areas, external expertise is required and, where needed, the necessary arrangements to facilitate sourcing the expertise.

Dimension 2: Implementing performance audits

Our review found that all the performance audits in our sample were in accordance with ISSAI requirements and best practice. However, we can only give the score for this dimension a maximum of three because no independent assessment of the performance audit function has been conducted in the last three years.

Dimension 3: Reporting in performance audits

We found that the reporting of performance audits aligned with best practice requirements. However, in the following areas we identified inconsistent practice or lack of documented evidence of compliance required by the ISSAIs:

  • The audit reporting includes findings on the economy, efficiency, and effectiveness with which the audit objectives are met.
  • The audit reporting should include information about the audit criteria.
  • The audit reporting should state which standards have been applied in completing the audit.

SAI 13 Conclusion

There has not been an independent assessment of the Office’s performance audit practice in the last three years. Other than this requirement, the implementation and conduct of performance audits meets all of the criteria. However, there are aspects of planning and reporting where the criteria are either not completed or are not adequately documented in the audit files. This inconsistency is primarily attributed to the Office’s broad and flexible approach to performance auditing. This means that, in some cases, the Office’s reporting provides an overview and observations on a subject matter area and, therefore, a number of the ISSAI audit criteria are not relevant to its audit approach.

SAI 14: Performance audit results

Dimension 1: Timely submission of performance audit reports

Based on ISSAI 20, the recommended time frame for submission of performance audit reports is within 30 days of completing the audit. In New Zealand, performance audit reports are tabled in Parliament and publicly released immediately on completion.

Dimension 2: Timely publication of performance audit reports

ISSAI 300 emphasises the importance of making performance audits widely accessible, including to the general public. In New Zealand, the reporting and publication of performance audit reports happens at the same time. Immediately following the report being tabled in Parliament, it is published on the Office’s website and hard copies are distributed to relevant parties and made available on request.

Dimension 3: SAI Follow-up on implementation of performance audit observations and recommendations

Performance audits are subject to follow-up procedures. The specific nature of the follow-up is considered on a case-by-case basis. It can range from no formal follow-up to a selfassessment by the public entity or a full follow-up audit. This decision depends on how significant the issues and the findings were in the first audit. Where relevant, the follow-up report states the corrective actions taken by the public entity. Regardless of the extent of the follow-up audit, public entities have the opportunity to provide information on the corrective actions taken or explanations why they were not taken.

Follow-up reports are all tabled in Parliament, published on the Office’s website, and made available to the public. They are usually standalone reports but are sometimes published in a consolidated follow-up report.

SAI 14 Conclusion

Performance Audit results are reported and published in a timely manner and made widely available. Follow-up reports are completed appropriately.

SAI 15: Compliance audit standards and quality management

Dimension 1: Compliance audit standards and policies

Auditors carrying out compliance audits on behalf of the Auditor-General must apply the relevant standards issued by the XRB as well as the Auditor-General’s standards and general policies. The relevant XRB standards are ISAE (NZ) 3000 and SAE 3100. The relevant Auditor-General’s standard is AG 5: Performance audits, other services and other work. The key criteria of ISSAI 400 are all covered in these standards and policies.

The Office has not established any additional policies and procedures related to the implementation of a compliance audit (to cover matters such as the application of professional judgement relating to materiality levels, and the requirements for audit documentation and the nature, timing, and extent of audit procedures), although documentation requirements set out in AG 5 apply to all other services carried out by appointed auditors.

Dimension 2: Compliance audit team management and skills

We found that the Office does not have a process to ensure that the necessary compliance audit training takes place regularly. As a result, the following key elements of the recommended training system are not in place:

  • The understanding and practical experience of the type of audit being undertaken.
  • The understanding of the applicable standards and authorities.
  • The ability and experience to exercise professional judgement.

In practice, the necessary professional competencies and skills are passed to auditors while they are completing compliance audits. However, there is no official training for this work.

The OAG issues sector briefs annually to guide the performance of audit work. For sectors that require compliance audits (such as tertiary education, local government, and energy) the brief includes the mandate and the criteria for evaluating audit evidence, developing audit findings, and concluding. Standard audit reports for regularly completed compliance audits are provided. However, no specific guidance is provided on:

  • determining the elements relevant to the level of assurance to be provided;
  • approaches to considering the relevant dimensions of audit risk;
  • understanding the control environment and the relevant internal controls and assessing the risk that internal controls may not prevent or detect material instances of noncompliance;
  • assessing fraud risk factors and exercising due care and caution when coming across instances of non-compliance, which may be indicative of fraud;
  • determining the nature, timing, and extent of audit procedures to be performed;
  • developing the audit strategy and audit plan; and
  • gathering sufficient appropriate audit evidence to provide a basis for concluding and providing an opinion.

Dimension 3: Quality control in compliance audit

It is essential to ensure that each audit product is of high quality, therefore quality control should be part of the compliance audit process. The key criteria of ISSAI 400, relating to quality control, are covered by the standards and policies the Office requires its appointed auditors to follow (referred to in dimension 1 above). In most cases, they are also covered by the Audit New Zealand Quality Manual that guides the audit work carried out by Audit New Zealand.

SAI 15 Conclusion

Standards and policies and the quality control approach for compliance audits are appropriate, as they are based on international standards and the Auditor-General’s Auditing Standards. However, there is no process to ensure that the compliance audit team collectively possess the competencies and skills necessary to do these audits. In practice, auditors receive the required competencies and skills by doing financial audits, but there is no corporately administered training for compliance audit work.

SAI 16: Compliance audit process

Dimension 1: Planning compliance audits

We found that the planning of compliance audits met best practice requirements. However, in the following areas we identified inconsistent practice or lack of recorded evidence of compliance:

  • considering audit risk throughout the audit process;
  • considering materiality at all stages of the audit process;
  • identifying the subject matter and suitable audit criteria based on the applicable authorities as a basis for evaluating audit evidence;
  • understanding the public entity in light of the authorities governing it; and
  • assessing the risk of fraud.

Dimension 2: Implementing compliance audits

For the audits in our sample we found auditors had appropriately determined the nature, extent, and timing of audit procedures to be performed and all planned audit procedures were performed. If they were not performed, the change in plan was adequately explained and approved.

None of the audits we reviewed met the requirement to gather sufficient and appropriate audit evidence for the conclusion or opinion. In most audits sampled, there were shortcomings in the evidence on the audit files.

The requirements of the ISSAI to exercise professional care and caution when fraud is detected during the audit, and relating to the use of the work of external experts, were not relevant to any of the audits in our sample; therefore, these criteria were not rated.

Dimension 3: Evaluating audit evidence, concluding and reporting in Compliance Audits

We found that the reporting of compliance audits met best practice requirements.

SAI 16 Conclusion

We identified a mix of strengths and weaknesses in the planning of compliance audits, with no particular trend in the compliance audit types we sampled. However, there were consistent weaknesses in gathering and documenting audit evidence for all compliance audits. The evaluation, concluding, and reporting on compliance audits meets all the criteria

SAI 17: Compliance audit results

Dimension 1: Timely submission of compliance audit results

The Office has no system for collating information about the timeliness of compliance audit report submissions. As a result, the data to make a formal assessment on this dimension is not available. The Office is aware of this issue and is considering solutions. Therefore, this dimension has not been rated. However, we are aware that, generally, these audits and reviews are completed within the time frames set by the applicable regulations or requirements.

Dimension 2: Timely publication of compliance audit results

As with financial audits (SAI 11), the Auditor-General does not have a mandate to publish the audit report. Responsibility for publication rests with the public entity. The legislation governing the accountability arrangements of public sector entities sets timelines for publication soon after providing the audit report to the public entity. These requirements may or may not also apply to compliance audit reports, depending on their nature. Therefore, this dimension has been assessed as not applicable.

Dimension 3: SAI Follow-up on implementation of compliance audit observations and recommendations

As with SAI 11, the New Zealand auditing standards do not specifically require auditors to follow-up and report on whether audited entities have addressed their recommendations. As a result, this is not formally monitored by the Office’s quality assurance processes nor is it reported on publicly or to the legislature.

However, as a standard procedure, appointed auditors follow-up on the audited entities’ responses to recommendations. In the case of Audit New Zealand, this practice is built into audit processes and follow-up is in the management report template. The public entity is provided the opportunity to comment on corrective action taken or explain why it has not been taken.

We note that in the Debenture Trust Deed and PBRF, compliance work management reports are not issued given the nature of the compliance being assessed. Management reporting for such engagements is not required by SAE 3100 and ISAE (NZ) 3000.

The results of compliance audits are not reported in the Office’s Annual Report.

SAI 17 Conclusion

The timeliness of the completion of compliance audits is not tracked, so it is unable to be measured. There is no requirement in the New Zealand auditing standards to publish compliance audit reports. There is also no specific requirement for follow-up, although it does happen in practice. There is no formal external reporting on compliance audit work in the Office’s Annual Report. This is reflective of the small part of the total audit work of the Office that is compliance audit.

Domain D: Financial management, assets, and support services

Principle 6 of ISSAI 20 requires a SAI to manage its operations economically, efficiently, effectively, and in accordance with laws and regulations. Each SAI should have appropriate organisational management and support structures so it can implement and apply good governance processes. Therefore, a SAI must apply good management practices, including appropriate internal controls over its financial management and operations.

IndicatorDomainDimensionsScoreOverall score
D. Financial Management, Assets and Support Services
SAI-22 Financial Management, Assets and Support Services
  1. Financial Management
  2. Planning and Effective Use of Assets and Infrastructure
  3. Administrative Support Services
  1. 4
  2. 3
  3. 3

SAI 22: Financial management, assets, and support services

Dimension 1: Financial management

The internal control environment of a SAI should provide assurance that its resources are safeguarded against loss due to waste, abuse, mismanagement, errors, fraud, or other irregularities. It should also provide assurance that the SAI adheres to laws, regulations, and management directives, and develops and maintains reliable financial data.

The Office has a clearly defined organisational chart that sets out the staff roles in the Finance Department. This is supported by detailed job descriptions for each role and a delegations schedule. Although there is currently no delegations policy, the delegations schedule effectively performs this function. The intranet provides staff guidance on the financial systems, along with a full suite of financial policies.

The finance staff are able to meet the requirements of the various roles set out in the department’s job descriptions. On-going training is provided to maintain the currency of their skills. There is a comprehensive financial management system used to capture and record financial transactions, including a linked (soon to be integrated) timesheet-based cost recording system. Performance information is captured in a number of systems and collated annually before reporting in the Office’s annual report.

The budget preparation timetable sets out the responsibilities for the preparation of the budget and the required timeline. There has been no significant deviation from budgets in the last three years.

The Office publishes an Annual Report each year in accordance with the accounting standards and legislation. This report includes financial and non-financial reporting and is subject to external audit. The Annual Report and associated audit report are tabled in Parliament and published on the Office’s website. The audit report has been, and remains, a standard audit report with an unmodified opinion. The auditor’s management report included a number of recommendations, which have all been addressed and cleared promptly.

Dimension 2: Planning and effective use of assets and infrastructure

The Office’s risks and responsibilities in relation to the ownership of significant infrastructure is limited as all of its premises are leased. The Office does not have an accommodation strategy; lease renewals are when re-evaluation of premise size and location needs to take place. Despite the comprehensive evaluation processes that have been carried out to consider safety, commuter impacts, and cost-benefit business cases, it is acknowledged that having an overarching strategy would improve the robustness and transparency of these processes.

The Office owns significant Information Technology (IT) infrastructure and assets. These assets are managed by an Information Systems Strategic Plan that sets out to meet the information service needs of the Office over the three years from 2014. This is supported by an Information Services Group Annual business plan. The achievement of the IS Strategic Plan is monitored by the Combined Leadership Team on a regular basis to ensure the service provided by IT assets continue to adequately meet the business needs.

When necessary, Parliament has been notified of infrastructure issues through the Office’s annual reporting. For example, after the 2011 Canterbury earthquakes the Office reported deficiencies in the available temporary accommodation.

The Office has adequate and appropriate arrangements for the retention of records, both physical and digital. However, the offsite physical records storage contract has expired and has yet to be formally renewed.

Dimension 3: Administrative support services

The Office has qualified people assigned to handle the oversight and maintenance of IT and leased assets such as premises, vehicles, and printing and copying machines.

The Chief Information Officer (CIO) role and the Service Desk Manager role are clearly defined in the position descriptions and qualified people hold these roles. The responsibility for file management and archiving is also assigned to a qualified person.

INTOSAI GOV 9100 recommends that all administrative support functions should be reviewed every five years. Although a review of the IS/IT function was completed in 2012, resulting in the creation of the CIO role, other administrative services have not been subject to comprehensive review at the frequency recommended. However, reviews of specific functions have been completed as necessary.

SAI 22 Conclusion

The Office has robust financial management systems and reports on financial and nonfinancial results in a timely and transparent manner. There is an IS Strategic Plan in place to guide the management of the Office’s significant IT infrastructure. The strategy is monitored regularly. However, there is no overarching strategy in place for the management of the Office’s remaining physical infrastructure. The risk, however, is somewhat mitigated because the Office’s premises are leased. Lease renewals prompt the evaluation of size and location needs. The Office records are adequately and appropriately stored. However, the contract for the physical records storage has not been actively managed.

The key administrative and support services roles are filled by qualified people. However, regular review of support functions does not happen with sufficient frequency.

Domain E: Human resources and training

The Lima Declaration (ISSAI 1) recognises that an effective SAI is dependent on its capacity to recruit, retain, and effectively deploy highly-skilled, hard-working, and motivated staff. ISSAI 40 acknowledges the importance of effective human resources management in achieving service excellence and quality. It also emphasises the need for human resource policies and procedures to adequately deal with qualifications and ethics.

This domain considers the Office’s performance in the management and development of human resources. It looks at the Office’s overall strategic approach, and the policies and practices used to implement this strategy.

IndicatorDomainDimensionsScoreOverall score
E. Human Resources and Training
SAI-23 Human Resources Management
  1. Human Resources Function
  2. Human Resources Strategy
  3. Human Resources Recruitment
  4. Remuneration, Promotion and Staff Welfare
  1. 4
  2. 0
  3. 4
  4. 4
SAI-24 Professional Development and Training
  1. Plans and Processes for Professional Development and Training
  2. Financial Audit Professional Development and Training
  3. Performance Audit Professional Development and Training
  4. Compliance Audit Professional Development and Training
  1. 3
  2. 4
  3. 4
  4. 1

SAI 23: Human resource management

Dimension 1: Human resources function

A strong human resources management team is key to a successful human resources function. The Office’s human resources team is responsible for the management of all human resources issues in the whole Office. The human resources team have all the skills, experience, and resources to do the roles required. The attributes are in the team roles’ job descriptions.

The job descriptions set out all the responsibilities of the team and include recommendations by the INTOSAI Capacity Building Committee Human Resources Manual Guide:

  • development and maintenance of human resources strategy and policies;
  • development and maintenance of a competency framework;
  • ability to provide guidance and consultancy on human resource related matters;
  • maintenance of performance evaluation appraisal system;
  • scheduling of professional development; and
  • maintenance of personnel files.

Dimension 2: Human resources strategy

It is important to have a human resources strategy to guide the approach to human resources management. The strategy should include recruitment, remuneration, performance appraisal, and professional development. It should also consider the number and type of staff required, and provide baselines and indicators for turnover, vacancies, sickness rates, and other relevant matters. The strategy should be given to all staff, monitored annually, and be reviewed and updated. Although the Office does not have an overall human resources strategy, there is one under development along with a workforce development plan. Audit New Zealand has completed some workforce planning.

The human resources annual business plan covers recruitment, remuneration, performance appraisals, and professional development. It sets some performance objectives and measures, but does not provide any baselines or targets. Turnover rates and vacancies are tracked through the Organisational Business Plan.

Dimension 3: Human resources recruitment

The Office carries out recruitment based on its recruitment policy, which outlines the procedures to be followed. These procedures are made clear and are publicly available. Recruitment is based on the Office’s identified needs, which can be a result of vacancies or an analysis of movement projections and future needs. Job advertisements include a description of the skills and experience needed for the role.

The Office recruits on merit. However, advertising used for recruitment purposes promotes the diversity of the current staffing complement and the desire to maintain this diversity. The recruitment policy requires all interviews to be done by a panel of at least two people, including the recruiting manager. Additional resources are used in the Office as needed, particularly by Audit New Zealand during peak times. Contracts are entered into with audit service providers to use such staff. Additional staff are integrated with Audit New Zealand teams to ensure appropriate supervision and quality control standards are maintained. Feedback on performance is provided to the audit service providers.

Dimension 4: Remuneration, promotion, and staff welfare

The Office has a performance appraisal process for all staff every six months. The appraisal includes a review against the job description and annually established performance goals. In the case of Audit New Zealand, staff are assessed against the Leadership Framework and relevant aspects of the current year’s Annual Plan goals. Remuneration is based on the Remuneration and Benefits Policy, which includes regularly updated market information. Promotions are in accordance with the Office policy and occur when a staff member has developed the higher level skills, or through a recruitment process where a staff member applies for a vacancy.

Staff welfare is primarily managed through the Health and Safety Policy, which is available on the intranet. The policy has recently been revised to align with new legislation and an extensive staff consultation process. An annual survey provides the opportunity for staff to express their views on workplace culture. There are also other surveys carried out periodically. There is evidence of action taken by management to respond to the survey results.

SAI 23 Conclusion

The Human Resources Function is appropriately resourced and maintains the recommended SAI human resource processes. There are sound policies in place to manage recruitment, remuneration, promotion, and staff welfare. A human resources strategy and workforce development plan is in development.

SAI 24: Professional development and training

Dimension 1: Plans and processes for professional development and training

ISSAI 40 requires each SAI to have in place policies and procedures to provide reasonable assurance it has the competence, capabilities, and commitment to ethical principles to carry out its work and it is able to issue appropriate audit reports. Professional development and training plans contributes to individual, team, and organisational excellence. Although the Office does not have a single document that sets out the professional development and training plan, it does have an induction process for new staff, whether they are interns, graduates, or other new appointments.

Audit New Zealand’s professional development approach is different from the OAG/CST’s approach. At Audit New Zealand, the programme is a progression from junior to senior grades, with grade-specific training set out in the Professional Development programme and module training matrix. The programme covers technical, ethical, and soft skills training, and is targeted to the level of experience. Staff can also request additional training through their annual individual development plan.

Audit New Zealand also offer specialised training such as the Aspiring Managers programme. There are also local office and sector specific training programmes to reinforce national training programmes and address local issues.

The OAG and CST professional development programme is more strongly linked to individual needs. They are identified through the individual development plan and reflect the broader range of professions, skill sets, and levels of experience in this part of the Office. In some instances, when development opportunities cannot be extended to all staff an “expression-of-interest” process identifies the staff that would obtain the greatest value from the opportunity. Setting annual performance goals and individual development plans is compulsory and is linked to the performance appraisal system.

The Office’s Strategy includes having capable staff. However, there is no explicit link between this goal and the professional development and training programmes. There is no Human Resources Strategy currently in place and there is no overall learning and development plan for the OAG. The professional development and training of non-professional staff lacks structure. There is room to improve post-training evaluation in order to see the impact of the professional development and training programmes.

Dimension 2: Financial audit professional development and training

Audit New Zealand has an effective and structured financial audit professional development and training programme. The programme is the responsibility of the General Manager - Professional Practices, and is based on the competency requirements set out in the Audit New Zealand leadership development framework. The training programme also covers internal standards and procedures, uses formal and on-the-job training approaches, and meets the requirements of the Chartered Accountants Australia and New Zealand academic and professional training programmes. It also continues professional development requirements.

Dimension 3: Performance audit professional development and training

The Office has an effective and structured performance audit professional development and training programme. Responsibility for the programme rests with the Assistant Auditor-General - Performance Audit. The competency requirements at each level are set out in the job descriptions and tailored, where needed, through the individual development plan process. The programme is particularly detailed at the Assistant Performance Auditor level. The performance audit development framework, which is part of the Performance Audit Learning and Development Plan, is being updated for the Assistant Performance Auditor level and is due for completion at the beginning of 2017. The Learning and Development Plan ensures that staff are trained to apply the methodology and meet the requirements of the relevant New Zealand and international auditing standards. The approach to learning and development includes an appropriate mix of training programmes and on-the-job learning.

Dimension 4: Compliance audit professional development and training

There is no effective professional development and training programme to address the specific skills and competencies required for a compliance audit in the Office. The Audit New Zealand leadership development framework addresses some of the relevant competencies, but there is no programme specifically tailored to compliance audit work to ensure that quality standards are maintained.

SAI 24 Conclusion

The overall professional development and training framework is robust although, due to the lack of an overall Human Resources Strategy, it is not well linked to the Office’s staff capability goals in the Office Strategy. Responsibility for the financial and performance auditor programmes is assigned to qualified people. The programmes are well linked to the individual development plan assessment and performance appraisal processes.

There is a lack of structure around the training of non-professional staff and for auditors who are required to complete compliance audits. There is room to improve post-training evaluation and monitoring.

Domain F: Communication and stakeholder management

ISSAI 12 identifies that one of a SAI’s main objectives is to demonstrate its relevance to its stakeholders. In order to achieve the goal of communicating the value and benefits of the SAI’s work, it is important to identify the relevant stakeholders and establish and maintain good working relationships with them. Using appropriate language and format in communications and stakeholder management is critical to the SAI’s effectiveness.

IndicatorDomainDimensionsScoreOverall score
F. Communication and Stakeholder Management
SAI-25 Communication with the Legislature, Executive and Judiciary, Prosecuting and Investigating Agencies
  1. Communications Strategy
  2. Good Practices regarding Communication with the Legislature
  3. Good Practices regarding Communication with the Executive
  4. Good Practices regarding communication with the Judiciary, prosecuting and investigating agencies
  1. 3
  2. 4
  3. 4
  4. Not rated
SAI-26 Communication with the Media, Citizens and Civil Society Organisations
  1. Good practices for communication with the Media
  2. Good practices regarding communication with Citizens and Civil Society Organisations
  1. 3
  2.  4

SAI 25: Communication with the legislature, executive and judiciary, prosecuting, and investigating agencies

Dimension 1: Communications strategy

The Office has a Communications Strategy that was established in 2011 and intended to be reviewed in 2014. The review of this Communications Strategy is ongoing and, although not fully completed, has resulted in a number of changes to the overall communications approach. The Communications Strategy is aligned to the Office’s Strategy goals. In addition to the overall Communications Strategy, the Reports and Communications Team Business Plan captures the goals of the strategy and the current year’s focus areas. These are complemented by the Office product communications plans, which are developed and tailored to the specific needs and goals of each report and significant public event. These set out the specific stakeholders, the key messages of the product, and the best approach to communicating with the relevant stakeholders.

The Communications Strategy has not yet been communicated across the Office, because the review is incomplete. The proposed approach for monitoring the strategy is quarterly reporting to the Combined Leadership Team. External views on the quality of the Office’s communications are obtained as part of the annual stakeholder and client surveys. In 2014, some research was carried out to gain an understanding of the views and knowledge of the public about the Office and its functions.

Dimension 2: Good practices regarding communication with the legislature

Section 20 of the Public Audit Act 2001 requires the Auditor-General to report their work to the House of Representatives at least once a year. The annual results reports on Central Government and Local Government audits, supplemented by additional, and more detailed, sector reporting on a cyclical and issues-focused basis. These reports are at a high level and reflect the themes and trends of annual audit work, specific investigations, performance audits, and interactions of Office staff with audited entities and stakeholders.

The Office also provides briefings to select committees on the central government entities they select for annual review. Letters are sent to responsible Ministers and summarise the results of selected central government entities audited. Where an entity is not selected for annual review, the ministerial letter is provided to the relevant Committee. When requested by select committees, the Office assists with investigations and consideration of changes to laws.

An agreed code of practice governs the communications and interactions of the Office with Parliament. There are quality control processes that are also followed. For the staff responsible for communications with Parliament, the responsibilities and performance expectations are included in their job descriptions.

In order to ensure that Parliamentarians understand the role of the Auditor-General, a briefing session is provided after the formation of each new Parliament. The Office publishes a document called The Members of Parliament Guide to the Auditor-General. The role and mandate of the Office is also regularly explained in other reports and on the website.

The Office sets various performance goals to ensure communications with Parliament happen in a timely manner and are aligned to the reporting timelines of the House and select committees. All annual review briefings are provided to the select committee a minimum of 48 hours before the briefing session in order to be scrutinised by the committee. This performance target is publicly reported in the Office’s Annual Report and has been consistently achieved at 100%.

A regular stakeholder survey measures satisfaction with the communications of the Office with Parliament. The survey includes interviews with select committee chairs and several senior public managers. In 2016, the following summary was provided in the report of the external survey company:

The committee chairs were uniformly positive about the role of the Office of the
Auditor-General in helping Parliament hold public sector agencies to account. They
were complimentary about the quality and usefulness of the OAG’s reports and
services, the capability and level of understanding of its staff and the professionalism
and effectiveness with which OAG staff engage with committee chairs and members.

Dimension 3: Good practices regarding communications with the executive

It is important that the Office raises awareness among the executive and audited entities of the importance of good governance in the public sector. Much of this communication occurs directly with the public entity and this is addressed in Domain C. However, reporting more broadly to the executive needs to happen to ensure that there are strong mechanisms to encourage an appropriate response and follow-up of audit findings. The integrity and independence of audit work from the management of the public entity is critical. In New Zealand, this is governed by the Public Finance Act 1989 and covered by the New Zealand auditing standards and the Auditor-General’s Auditing Standards. These set clear requirements on auditors to maintain independence from the management of audited entities.

To assist audited entities in understanding the audit process, Audit New Zealand publishes information on its website. This supports the public entity’s Audit Engagement letter, which sets out information about the overall audit process and the annual Audit Arrangements Letter setting out the specific areas of audit focus for that year.

Providing audit findings is managed through the ministerial letter and select committee annual review and briefing process for selected central government agencies. It provides information to the select committees on public entities at a detailed level. Additionally, the central government and local government annual results reports gives a wide range of sector information drawn from the annual audit work to Parliament. These reports are given to the relevant select committees for further scrutiny. The OAG staff appear before the select committees and provide briefings and respond to questions on these reports.

The Office seeks feedback in annual surveys of public entities and select committee chairs. The surveys cover a range of focus areas, including the quality of reporting about audit issues.

Dimension 4: Good practices regarding communication with the judiciary, prosecuting and investigating agencies

It is important that SAIs communicate relevant audit findings effectively with other agencies to ensure further investigation if necessary. In New Zealand, the focus of the Office is in monitoring fraud in public entities and evaluating if other agencies should be informed. The favoured approach is to encourage the public entity subject to the fraud to notify the prosecuting agencies directly. However, if the public entity does not inform appropriate authorities, the OAG decides whether the incident is significant enough to report the fraud itself. This process is described on the OAG website, and the requirement to report all fraud is contained in the Audit Engagement Agreement. There has been one recent instance where the OAG reported a fraud to a prosecuting agency.

The OAG maintains relationships with other agencies, such as the Serious Fraud Office, and communicates with them on a periodic to maintain a general awareness of issues, work programmes, and focus areas, and also co-operate as needed.

Because most of the criteria in this dimension are focused on an SAI based on the court model, no rating has been attributed to this dimension.

SAI 25 Conclusion

The Office has a sound communications approach managed by a good practice Communications Strategy, business plans of the responsible teams, and project plans at the product level. The monitoring of the revised communications strategy is still to be finalised and implemented. Communications processes for interacting with the legislature and the executive are well-developed and enable effective two-way communication. Communications with other agencies happen where needed in established parameters.

SAI 26: Communication with the media, citizens, and civil society organisations

Dimension 1: Good practices regarding communication with the media

4.219 T
he media is an important channel for communication with the public, therefore it must be used appropriately to circulate the results of audits. The Office does not use press conferences and media releases as standard procedure, although both have been used in exceptional circumstances. The Office liaises effectively with media before, during, and after the publication of audit results to ensure it is covering the Office’s work from an informed viewpoint. Sufficient and appropriate publicity of the Office’s work, including the results of audits, can reach target audiences through methods other than press conferences and media releases. The Office has a subscription system that notifies subscribers when a report is completed. Anyone can subscribe.

Every report that is published has a separate, short, and accessible summary. The summary is used as an alternative to press releases. The Office’s approach to the media is set out in the Media Policy. Generally, the same approach is applied for each publication, however it is also tailored to address the particular risks and issues of each publication. Likewise, a group of senior staff are trained and approved to be a media spokesperson for the Office. The Office assigns a staff member for each publication based on their risk and topic expertise. The Reports and Communications team works with the spokesperson to ensure they are well prepared before any direct contact with the media.

An approved draft policy is currently being consulted on with staff. It is designed to provide guidance to all staff on how to manage interactions with the media and their personal use of social media.

The Office has a contract with an external provider to identify all media coverage related to its work. This is provided daily to relevant staff in the Office.

Dimension 2: Good practices regarding communication with citizens and civil society organisations

Society has an increasing awareness of the importance of holding governments to account. The Office has a role to stimulate this behaviour and therefore it needs to develop a relationship with the public and provide them appropriate and accessible information.

The Office has a high-quality website that complies with New Zealand’s e-government guidelines. The website includes information about the Office’s mandate. It also contains reports and summaries to increase accessibility to the public. The Auditor-General and the Deputy Auditor-General complete various speaking engagements with civil society groups. These events are used to raise the profile of the Office and to increase the public’s knowledge about current reports, and topics such as good governance and public financial management. “Staff as Ambassadors” is a recent initiative which is intended to encourage and equip staff to promote the work of the Office in the community. The Office acknowledges that there remain challenges to access, generating interest and effectively informing citizens about its work, and managing the audit expectation gap about the role of the Office.

The Office has a presence across a range of social media platforms, including a number of websites (OAG, Audit New Zealand, schools audit education site, and the Audit Blog), Facebook, Twitter, LinkedIn, Instagram and YouTube. These media platforms are used to contact journalists and promote the Office, its mandate and products and, increase the audience for its work.

A recent initiative has been the establishment of a citizen panel. This panel was used to inform the development of the 2016-17 work programme theme of information. The focus of work with the group was to identify gaps in information currently provided to the public and accessibility issues in the public sector. The Office intends to use the panel to inform work programme development and other projects in the future. The Office has also contacted other citizen groups, primarily through the use of surveys, to gain information for specific reports.

SAI 26 Conclusion

The Office has effective policies and practices in place for working with the media. Staff are appropriately equipped to be media spokespeople for the Office. Good mechanisms are in place to provide information to the media about the work of the Office and also to inform staff of media coverage. The Office endeavours to make information readily available to the public and uses multiple media platforms to achieve this. This is a challenging area but there are developing initiatives, such as increased use of the citizen panel, to enable the views of the community to be more easily heard by the Office.

33: The Lima Declaration is reflected in ISSAI 1.

34: The Mexico Declaration is reflected in ISSAI 10.

35: The Framework assigns a score to each dimension based on the results of assessing each of the criteria. The score range is 0 to 4 with 4 being the highest possible score. The overall indicator score is a function of the scores for each dimension within the indicator.

36: The Public Audit Act 2001 does not explicitly use the term compliance audit that is used in the ISSAIs, however this type of audit is provided for by section 17 of the Act.

37: Except in the case of established precedents.

38: Although decisions about the timing of the audit within the statutory time frames and staff resources applied are needed.