Appendix 6: Report on the quality of annual audits 2020/21
This report outlines how the Office of the Auditor-General monitors the quality of annual audits.
The way we operate
The Auditor-General appoints auditors to carry out annual audits of public organisations. These auditors are appointed from Audit New Zealand (the Auditor-General's in-house audit provider) and more than 25 private sector audit firms. About 150 auditors in all have the authority to audit and issue audit reports for the public organisations they have been appointed to audit.
Because of the way we operate, the key elements that need to operate effectively are:
- the appointment of auditors and their independence to carry out audits;
- the Auditor-General's auditing standards that auditors are required to apply;10 and
- the quality of the work that auditors perform.
Our system of quality
Specific quality standards require us to establish and maintain a system of quality control designed to provide reasonable assurance that we comply with standards and applicable legal and regulatory requirements, and issue appropriate reports. The system of quality control is based on five elements and the policies and procedures that address each element:
- leadership responsibilities;
- ethical requirements;
- human resources;
- performing audit work; and
- monitoring the quality of audit work
We report below on the processes, policies, and procedures that support each element of audit quality as it applies to the Office of the Auditor-General.
Leadership responsibilities
Our governance and reporting structure contributes to audit quality
The Auditor-General is ultimately responsible for the system of quality control for all audits carried out on their behalf.
Audit quality is governed through the Office's Audit Performance and Quality Governance Committee. The role of the committee is to monitor audit delivery and quality. Membership of the committee includes the Auditor-General and Deputy Auditor-General. The committee meets six times each year, and its remit includes monitoring:
- the strategic and operational risks associated with audit quality;
- the operating effectiveness and efficiency of the quality framework against the audit quality indicators;
- the findings of internal and external reviews of audit quality; and
- progress in addressing the findings and recommendations made in internal and external reviews.
The committee met six times during 2020/21.
We also have an Audit and Risk Committee that provides independent assurance and advice to the Auditor-General. Appendix 1 includes a separate report from that committee.
Our values emphasise audit quality
Our values guide us to perform our audit work objectively and impartiality, in the best interests of Parliament and the public. We hold ourselves to high standards to ensure independence and accountability throughout our organisation.
We obtain independent views about audit quality
In addition to our internal monitoring of audit quality, we obtain external independent views about audit quality. The Financial Markets Authority reviews audit files of organisations operating in capital markets, including some public sector organisations audited by private sector audit firms on behalf of the Auditor-General.
We also periodically invite the Financial Markets Authority and the New Zealand Institute of Chartered Accountants practice review to carry out quality reviews of Audit New Zealand. These organisations last carried out independent reviews in late 2016, and both organisations have reviews scheduled during 2021/22.
Ethical requirements
Our policies, procedures, and methods promote an ethical workplace
Independence is fundamental to our ability to act with integrity, be objective, and maintain an attitude of professional scepticism. Auditing standards require auditors to be independent of the organisation they are auditing. Independence is both independence of mind and independence in appearance.
The Auditor-General's auditing standard on independence applies to all staff, including Audit New Zealand, and the private sector audit firms that carry out public sector audits. The standard is based on the requirements of the New Zealand standard to the extent there is not a conflict with the Auditor-General's legislated mandate and responsibilities.
The Auditor-General's standard goes one step further and restricts the work auditors can carry out for an organisation they audit to work of an assurance nature.
We monitor compliance with audit independence requirements
We monitor compliance with the Auditor-General's auditing standard on independence in a few ways.
For staff, including at Audit New Zealand, the work that can be done is limited by the Public Audit Act 2001, and we closely monitor the independence of those involved in annual audits, including as part of our quality assurance review program for annual audits.
For private sector audit firms, we monitor the other services they carry out for organisations they audit on behalf of the Auditor-General, and we consider independence as part of our quality assurance review program for annual audits.
For 2020/21, we were satisfied that independence standards were upheld.
We monitor how long key audit staff audit the same organisation
The Auditor-General's auditing standards limit the number of years that key audit staff, including those from contracted audit service providers can carry out the same annual audit. This is to safeguard against the threat to independence that may arise from auditing an organisation for a long time. The standard specifies the length of time that key audit staff can be assigned to the annual audit.
For 2020/21, we complied with our standard.
Human resources
All audits are allocated either to senior staff in Audit New Zealand or partners from private sector audit firms. They are responsible for recruiting, hiring, retaining, and promoting qualified audit staff to complete the audits that they have been appointed to by the Auditor-General. Our expectation is that audit work is completed by staff with the right skills and experience. We monitor the skills of audit teams as part of our quality assurance reviews.
For 2020/21, we noted a need for some upskilling of auditors due to deficiencies we found through our quality assurance reviews. Other than the upskilling, we were satisfied with the skills and experience of staff allocated to audits.
Performing audit work
We establish, maintain, and communicate audit expectations
The Office of the Auditor-General requires all audit service providers to have their own audit methodology and to apply the professional quality standards. Auditors are expected to carry out audits based on the Auditor-General's auditing standards and requirements, and guidance provided through an audit brief.
We require auditors to consult about particular matters that could affect an audit report
The Auditor-General's auditing standards require auditors to consult on specific matters that could result in a modified audit report. The Office of the Auditor-General has an Opinions Review Committee that meets, as required, to determine the modifications to be included in audit reports.
For 2020/21, the committee considered the appropriateness of 112 audit reports, including 39 audit reports on councils' long-term plans and 59 audit reports on councils' consultation documents on those plans. We analyse the nature of matters considered by the committee and communicate to auditors so that they can maintain an awareness of these in their audit work.
We require auditors to inform us of issues discovered in audited information
Sometimes during an audit, an auditor discovers or is made aware of an error or misstatement in the prior year's financial statements. If this had been known at the time, it would have resulted in changes to the financial statements or a qualification of the audit opinion in the auditor's report. The number and impact of these errors or misstatements can signal potential problems with the audit.
Such errors or misstatements require the previous year's financial statements to be restated and information included in the current year's financial statements about the error or misstatement and its impact.
Our analysis of the nature of the prior period errors shows no common trend. We have followed up with the auditors of these entities to ensure any audit quality concerns have been addressed.
We have engagement quality review for complex and large audits
The Auditor-General's auditing standards require an engagement quality review for large and high-risk audits, and the audits of issuers and councils' long-term plans.
Engagement quality review provides an objective evaluation of the significant judgements made by the auditor and the conclusions reached.
We assess compliance with engagement quality review as part of our quality assurance reviews, including evidence that the review met the requirements of the standard. For 2020/21, based on our quality reviews, we were satisfied that all audits that were required to have an engagement quality review had one, but we noted in some instances that the evidence of the review needed to be improved.
Monitoring the quality of audit work
Quality reviews and findings
Monitoring compliance with the Auditor-General's auditing standards is a key element of our system of quality assurance. Our quality assurance reviews are in addition to audit service providers monitoring their own system of quality control and complying with professional and ethical standards.
Our quality assurance reviews of annual audits are designed to determine whether audit engagements comply with the Auditor-General's auditing standards, relevant regulatory and legal requirements, and our policies.
During 2020/21, we monitored 44 auditors, which is line with the policy requirements. Our monitoring covers, on a cyclical basis, all auditors appointed to carry out audits. We choose the audit files we want to review in accordance with our quality assurance policy, which considers the size and complexity of the audit.
Our monitoring activities in 2020/21 included:
- annual quality assurance reviews of 76 completed audits; and
- real time quality assurance reviews of 13 in-process audits.
Where we identify significant deficiencies in an audit file we monitor the remediation of each deficiency or perform further quality assurance reviews of audits carried out by that auditor. A deficiency does not mean the audit opinion is incorrect, rather it is a finding relating to the audit file, where the evidential support or quality process could be improved.
A high number of findings from quality reviews, particularly when these are repetitive, indicate issues with audit quality. Timely identification and appropriate remediation of issues is necessary to facilitate improvements in audit quality.
We evaluate findings identified in internal and external quality assurance reviews and determine the repetitive issues. We ask our auditors to carry out root cause analysis for repetitive issues to understand the underlying drivers of quality deficiencies and address them with targeted action plans.
The repetitive issues where we want audit improvement include procedures to test fair value and other estimates, evaluating the design of internal controls for information technology systems, procedures to assess completeness of revenue, and testing non-financial information.
How we determine the cause of findings
In 2020/21, we asked audit service providers to perform root cause analysis for the significant findings from our quality assurance reviews. Such analysis provides a deeper understanding of improvements that are needed, including improvements to audit methodologies. By gaining a deeper understanding of the drivers of quality deficiencies identified, targeted changes and follow-up actions can be developed.
We are monitoring the planned interventions audit firms are implementing to help prevent these recurring. We will assess these in our 2021/22 quality assurance review programme.
How we assess timely and effective remediation of findings
In each report to the Audit Performance and Quality Governance Committee on quality assurance reviews, we report on the follow-up actions for audit files with significant deficiencies.
We require our auditors to remediate all significant deficiencies and, where necessary, make changes to the audit approach for subsequent audits. Our follow up to assess remediation will occur as part of our 2021/22 quality assurance review programme.
10: The Public Audit Act 2001 requires the Auditor-General to set auditing standards for carrying out audits. These are referred to as the Auditor-General's auditing standards. These standards incorporate the New Zealand auditing standards and include standards specific to audit quality.