Accountability requirements to consider when establishing a new “public entity”

Who is this document for?

This document is for people making policy decisions about establishing a new public entity. It sets out questions to help you consider what accountability requirements a new public entity should have. The document also discusses:

  • what a public entity is;
  • accountability requirements for public entities; and
  • what it means for a public entity to be audited by the Auditor-General.

The Appendix discusses the role of the Auditor-General and auditing and auditor independence.

What is a public entity?

Public entities include government departments, State-owned enterprises, Crown research institutes, defence forces, district health boards, city and district councils, ports, schools, and tertiary education institutions.

Often legislation that creates a new public entity will specifically say the organisation is a public entity and make a consequential amendment to the Public Audit Act 2001. However, sometimes policy makers unintentionally create new public entities – see Appendix for more information about this.

Accountability requirements for new public entities

Accountability requires public entities to report useful and timely information about what they have achieved with the resources they have used, so that Parliament and the public can hold them to account for their performance. Auditors look at this reported information and give Parliament and the public assurance that the information fairly reflects what that public entity did.

The Public Audit Act 2001 does not specify what information a public entity is required to report or have audited. This means that, if a new public entity is established, the legislation that governs it needs to specify its accountability requirements (if any).

We set out some questions to consider when you are creating a new public entity and deciding what its reporting and assurance requirements should be.

Reporting requirements

  • What information should the public entity have to report? Just financial information or something more?
  • Will the public entity have to comply with generic reporting requirements in other legislation (for example, the Public Finance Act 1989 or the Crown Entities Act 2004)? Will these requirements be enough, and will they be appropriate? Do you want specific or additional reporting requirements?
  • How will the new reporting requirements fit alongside the generic reporting requirements in other legislation?
  • Will the public entity’s reported information have to comply with any recognised framework or set of criteria? Usually, the information is required to comply with generally accepted accounting practice (which means standards set by the External Reporting Board).
  • What will the reporting period be?
  • What will the time frame be for completing the report?
  • If the public entity is established part way through a financial year, will it still have to report information for the whole year?
  • What will happen if the public entity is disestablished? Do you want specific final reporting requirements? How will the final reporting requirements fit alongside the generic reporting requirements in other legislation (for example, the Public Finance Act or the Crown Entities Act)?
  • Will the public entity be able to establish subsidiary entities? If so, will the reporting requirements for the subsidiary entities be the same as for the parent entity? Will the subsidiary entities be required to prepare separate reports at all? Or will it be enough for the parent entity to provide group information?

Assurance requirements

  • What information do you want assurance on? For example, financial statements and/or non-financial performance information.
  • What level of assurance do you want? Will an audit be required or will a lower level of assurance (such as a review) be enough?
  • Will the public entity’s information be capable of being audited? Remember, there needs to some reporting framework or other standard that the auditor can objectively assess the information against.
  • When will the public entity need to provide the information to the auditor?
  • What will the time frame be for completing the audit or the review?
  • What are the assurance requirements for subsidiary entities?
  • What if the public entity is disestablished? Will it need to be audited on disestablishment?

The Treasury provides guidance on financial reporting for public entities at

See also the External Reporting Board’s “A guide for prescribers of assurance engagements” at

Having your public entity audited by the Auditor-General

If the public entity is required to have its financial statements, accounts, or any other information audited:

  • the audit must be carried out by the Auditor-General or an auditor appointed by the Auditor-General (see section 15 of the Public Audit Act); and
  • the audit will be carried out in accordance with the Auditor-General’s auditing standards.1

The public entity will also be subject to other provisions in the Public Audit Act. These provisions, for example, require the public entity to provide information to the Auditor-General and permit the Auditor-General to carry out performance audits2 and inquiries into its activities.

For more information about the Auditor-General, public entities, and the audit process, see the Appendix.

We strongly encourage you to consult with the Auditor-General when setting up a new public entity. Please contact

Appendix – About auditing

About the Auditor-General

The Auditor-General is an Officer of Parliament.3 The Public Audit Act and the Public Finance Act set out the Auditor-General’s current role and functions. The Auditor-General is responsible for auditing all of New Zealand’s public entities.

Public entities are accountable to Parliament and the public for their performance and use of resources. The Auditor-General’s work gives assurance to Parliament, public entities, and the public that public entities have fairly described the results of their activities in their annual reports.

The Auditor-General also keeps an eye on:

  • whether public entities are carrying out their activities effectively and efficiently; and
  • matters of waste, integrity, legislative compliance, and financial prudence in the public sector.

What is a public entity?

Section 5 of the Public Audit Act defines a public entity. Public entities include government departments, State-owned enterprises, Crown research institutes, defence forces, district health boards, city and district councils, ports, schools, and tertiary education institutions.

Often legislation that creates a new public entity will specifically say the organisation is a public entity and make a consequential amendment to the Public Audit Act.

However, an organisation (X) is also a public entity when it is controlled by one (Y) or more (Y and Z) other public entities. Section 5 of the Public Audit Act sets out three stand-alone tests for determining whether X is a public entity:

  • X is a subsidiary of Y.
  • Y or Y and Z together control X within the meaning of the relevant financial reporting standard.
  • Y or Y and Z can together control directly or indirectly the composition of the board of X.

These tests can be difficult to apply. Policy makers need to be aware of these tests, because sometimes people unintentionally create new public entities.

Main features of an audit

Most (but not all) public entities are required to publish an annual report, and parts of that annual report (for example, the financial statements) are required to be audited. If an audit is required, the auditor examines the financial statements, compares them with the recognised framework (normally, generally accepted accounting practice), gathers appropriate evidence, and forms and expresses an opinion on whether the financial statements:

  • comply with the recognised framework; and
  • fairly reflect the public entity’s financial performance and financial position.

The public entity publishes the auditor’s opinion with the financial statements. This allows readers of the financial statements to know the auditor’s independent perspective on those statements.

In all audits, the auditor:

  • must be independent;
  • plans the audit to enable them to form and report their conclusion;
  • maintains an attitude of professional scepticism;
  • as well as gathering evidence, makes a record of other considerations that they need to take into account when forming the audit conclusion;
  • forms the audit conclusion on the basis of the assessments drawn from the evidence, taking the other considerations into account; and
  • expresses the conclusion clearly and comprehensively.

What auditors do to carry out an audit

Auditors carry out much of the audit on the public entity’s premises. This is so they can readily access the public entity’s systems and information and talk to staff. This helps them understand the information they’re looking at.

An auditor’s work generally includes:

  • obtaining an understanding of the public entity’s internal control environment;
  • verifying samples of transactions and account balances;
  • performing analysis to identify anomalies in reported data;
  • reviewing significant estimates and judgements made by the public entity’s governing body/senior management;
  • confirming year-end balances; and
  • assessing whether the public entity has complied with the relevant reporting framework and made appropriate disclosures.

In the public sector, depending on what the relevant legislation specifies, an auditor’s work might include additional work such as:

  • assessing the appropriateness of the service performance framework, including the performance measures that the public entity will report externally;
  • reviewing and assessing controls over performance reporting; and
  • verifying reported performance for important performance measures.

What assurance does an audit aim to provide?

An audit aims to provide a high, but not absolute, level of assurance.

In a financial report audit, the auditor gathers evidence on a “test” basis because of the large volume of transactions and other events being reported on. The auditor then uses their professional judgement to assess the impact of the evidence gathered on their audit opinion.

Materiality is implicit in a financial report audit. Auditors only report material errors or omissions – that is, errors or omissions that are of a size or nature that would affect a third party’s conclusion about the matter.

The auditor does not:

  • examine every transaction (this would be prohibitively expensive and time consuming);
  • guarantee the absolute accuracy of a financial report (although an unmodified audit opinion does imply that no material errors exist); or
  • iscover or prevent all frauds (the public entity is responsible for ensuring that internal controls are adequate to minimise the risk of fraud).

In other types of audit (such as a performance audit), the auditor can provide assurance that, for example, the public entity’s systems and procedures are effective and efficient or that the public entity has acted with due probity in a particular matter.

The auditor reports their findings in the audit opinion. Depending on the findings, the auditor might issue any one of the opinions in the table.

Type of opinion What the opinion means
Unmodified opinion In the auditor’s view, the information they looked at is a fair reflection of what actually happened and that they didn’t spot anything that raised an eyebrow or needed pointing out to the reader.
Qualified opinion The auditor disagrees with something that matters but that is not “pervasive”. This means that the information overall fairly reflects what the public entity has been doing, but some of the information isn’t correct, or is missing.
Adverse opinion There’s a serious disagreement between the auditor and the public entity about something in the information the auditor has been asked to audit.
Disclaimer of opinion The auditor can’t give the information a clean bill of health, because they couldn’t do everything they needed to do. For example, the public entity might not have been able to provide the auditor with enough evidence about something, and that lack of evidence has limited the scope of the audit.

Audits compared to other types of assurance engagement

For auditors, the term “audit” has a specific meaning. It means an assurance engagement that requires the auditor to provide “reasonable assurance” about the information that is being audited.

Auditors can carry out other types of assurance that provide a lower level of assurance, such as a review.

It is important to be clear about what type of assurance engagement and what level of assurance you want. This will determine the level of work the auditor needs to do and the cost of that work.

The table summarises the different types of assurance engagement and the level of assurance they provide.4

Information type Assurance level Type of assurance engagement
Historical financial information Reasonable Audit
Limited Review
Information other than historical financial information Reasonable Reasonable assurance engagement
Limited Limited assurance engagement

Auditor independence

The auditor must be independent and be seen to be independent. This means that the auditor must avoid situations that would:

  • make people question their objectivity; or
  • create personal bias that could influence, or be seen to influence, their judgement.

Relationships that could affect the auditor’s independence include:

  • personal relationships (such as between family members);
  • financial involvement with the public entity (for example, the auditor has a financial investment in the public entity);
  • provision of other services to the public entity (such as carrying out valuations); and
  • dependence on fees from one source.

Another aspect of auditor independence is the separation of the role of the auditor from that of the entity’s governing body.

The roles of governors and management

From an accountability perspective, managers report to their public entity’s governing body. Governors are ultimately responsible for their public entity’s performance. For example, in a Crown entity, the Board of the Crown entity is responsible for the public entity’s performance – not the chief executive or leadership team.

Governors are responsible for:

  • maintaining adequate accounting records;
  • maintaining internal controls to prevent or detect errors or irregularities, including fraud; and
  • preparing the financial information in accordance with statutory requirements (normally generally accepted accounting practice) so that the information fairly reflects the public entity’s financial performance and financial position.

1: The Auditor-General’s auditing standards are aligned to the auditing and assurance standards issued by the External Reporting Board. However, they include some amendments and additions to take account of the public sector context.

2: A performance audit typically examines a public entity’s function, operation, or management systems and procedures to assess whether it is using its available resources efficiently and effectively.

3: There are three Officers of Parliament: the Ombudsman, the Parliamentary Commissioner for the Environment, and the Auditor-General (called the Controller and Auditor-General in the Public Audit Act). They help Parliament hold Government to account.

4: For more information on different types of assurance engagements, the level of assurance they provide, and how to describe them in legislation, see the External Reporting Board’s website,