Part 3: Application of the code, fundamental principles and conceptual framework

The Public Audit Act 2001 places expectations on the Auditor-General that exceed the minimum requirements of PES 1, particularly in the area of independence. Those expectations apply to all those who carry out work on behalf of the Auditor-General. In some instances, those expectations also apply to the firm, and network firm, of those who carry out work on behalf of the Auditor-General.

Where the Auditor-General places different requirements on those who carry out work on their behalf, those requirements and associated application material should be read in conjunction with the relevant paragraphs in PES 1.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

The Public Audit Act 2001 places expectations on the Auditor-General that exceed the minimum requirements of PES 1, particularly in the areas of independence.

As a matter of principle, the Auditor-General’s independence requirements apply equally to all public entities and to all work carried out by, or on behalf of, the Auditor-General. The two main exceptions to this principle are:

1. Under section 540 Long association of personnel (including partner rotation) with an audit client, the Auditor-General recognises the distinction between public entities that are “public interest entities” and other public entities. The Auditor-General’s rotation requirements are specified in section 540.
2. Under subsection 601 Accounting and bookkeeping services, the Auditor-General recognises that the provision of temporary accounting assistance or conducting compilation engagements is appropriate, in the interests of accountability, for small public entities within the parameters specified by the Auditor-General in subsection 601.

The Code has been developed assuming that those charged with the governance of an entity are either required to act in the public interest or do so through moral obligation. In the New Zealand public sector, those charged with governance have a legal responsibility to act in the best interests of the public entity. This is a different, and narrower, responsibility than the requirement for the auditor to act in the public interest.

The implications of this situation for the Auditor-General and those who carry out work on their behalf are that the Auditor-General cannot subordinate their public interest responsibilities to a public entity. For instance, the Auditor-General or those who carry out work on their behalf cannot carry out an activity or accept a situation that is contrary to the fundamental principles in the Auditor-General’s Code and this Guide because the activity or situation is deemed to be acceptable to those charged with the governance of an entity. Similarly, the presence of an effective corporate governance structure or operating environment within an entity subject to audit does not relieve the auditor from exercising professional judgement in the public interest.

The Auditor-General requires that compliance with the fundamental principles is achieved from two perspectives:

1. actual compliance; and
2. perceived compliance. The reasonable and informed third party test is applied to establish whether perceived compliance has been achieved. The reasonable and informed third party test requires a high acceptable level to be met in that the third party would likely reach the same conclusions about compliance as the assurance practitioner.

Further direction in addressing perceived compliance is provided in paragraphs AG R120.5 A6.1 and AG R120.5 A6.2.

Several of the examples of safeguards in paragraph 300.8 A2 do not address perceived compliance and, therefore, do not reduce the threat to compliance with the fundamental principles to an acceptable level.

For the avoidance of doubt, the Auditor-General does not consider the internal separation of activities within a firm to be an adequate safeguard that reduces the threat to compliance with the fundamental principles to an acceptable level. Internal separation is sometimes used by firms as a safeguard to permit different (and sometimes incompatible) activities to be carried out for an entity. An example of internal separation is where different partners and engagement teams within the same firm provide non-assurance services for an entity that is also audited by the firm.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

Most of the examples in paragraph 310.4 A1 do not involve the provision of assurance services by an assurance practitioner and are unlikely to arise in connection with work carried out by, or on behalf of, the Auditor-General.

Other particular examples identified in paragraph 310.4 A1 (and repeated below in italics) are unacceptable conflicts of interest that would, as a minimum, not satisfy perceived compliance with the fundamental principle of objectivity under the reasonable and informed third party test. This is because of the Auditor-General’s responsibilities to Parliament under the Public Audit Act 2001.

Examples of circumstances that would create an unacceptable conflict of interest include:

• Providing a transaction advisory service to a client seeking to acquire an audit client, where the firm has obtained confidential information during the course of the audit that might be relevant to the transaction.
• In relation to a license agreement, providing an assurance report for a licensor on the royalties due while advising the licensee on the amounts payable.
• Providing strategic advice to a client on its competitive position while having a joint venture or similar interest with a major competitor of the client.

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an assurance engagement to eliminate threats to independence. This situation is recognised in paragraph NZ1.3 of PES 1, which states: “The Code is not intended to detract from responsibilities that may be imposed by law or regulation.”

In a conflict between PES 1 and legislation relating to the statutory appointment of the Auditor-General, the following steps shall be taken:

1. The threat to independence will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report.
2. Safeguards will be introduced, which will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report. Safeguards may include the selection of an individual and/or firm with suitable credentials, the imposition of specific terms and conditions of appointment, the assignment of audit staff with particular skills and experience, and additional quality control processes to mitigate the threat to independence.

The Auditor-General is an officer of Parliament and has a statutory responsibility to assist Parliament to hold the government to account. The Auditor-General works exclusively in the public interest. The Auditor-General’s role demands that the results of the work carried out by the Auditor-General or on their behalf is, in all but exceptional instances, made publicly available. The Auditor-General must be independent, and must be seen to be independent, to carry out their role.

It is acknowledged that, in most conflicts of interest that affect the Auditor-General, the conflict will threaten the independence (real and/or perceived) of the Auditor-General.

It is unacceptable for the Auditor-General and those who carry out work on their behalf to obtain the consent of affected parties to “waive” a conflict of interest that might otherwise constitute an unacceptable threat to independence. Such a “waiver” can never satisfy the reasonable and informed third party test that is applied to assess independence in appearance. Such arrangements are contrary to the public interest.

The Auditor-General works exclusively in the public interest. As a consequence, it is not possible to disclose a conflict of interest and the related safeguards to the parties or potential parties affected by the conflict, in advance of the work being carried out.

Instead, the Auditor-General and those working on their behalf shall apply the reasonable and informed third party test in accordance with paragraphs AG R120.5 A6.1 and AG R120.5 A6.2.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an assurance engagement to eliminate threats to independence. This situation is recognised in paragraph NZ1.3 of PES 1, which states: “The Code is not intended to detract from responsibilities that may be imposed by law or regulation.”

In a conflict between PES 1 and legislation relating to the statutory appointment of the Auditor-General, the following steps shall be taken:

1. The threat to independence will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report.
2. Safeguards will be introduced, which will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report. Safeguards might include the selection of an individual and/or firm with suitable credentials, the imposition of specific terms and conditions of appointment, the assignment of audit staff with particular skills and experience, and additional quality control processes to mitigate the threat to independence.

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an engagement to eliminate threats to the fundamental principles.

Those who carry out work on behalf of the Auditor-General shall remain alert to changes in circumstances that might threaten compliance with the fundamental principles and disclose any such changes in circumstances to the OAG (using the Independence@oag.parliament.nz email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation. The OAG will assess the measures to be applied to mitigate any unacceptable threats to the fundamental principles that arise from the changes in circumstances.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

The Auditor-General and those who carry out work on their behalf shall not recommend services or products to a public entity – irrespective of whether referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and the network firm, of those who carry out work on behalf of the Auditor-General.

Similarly, the Auditor-General and those who carry out work on their behalf shall not enter into a relationship with the public entity to recommend services or products of that public entity to third parties – irrespective of whether referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and the network firm, of those who carry out work on behalf of the Auditor-General.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

An inducement is an object, situation, or action that is used as a means to influence another individual’s behaviour but not necessarily with the intent to improperly influence that individual’s behaviour. Inducements, either given or received, have no place in the conduct of effective audits.

A matter quite separate from the notion of an inducement is when the provision or receipt of gifts and hospitality by an auditor might be a necessary step to carrying out an effective audit.

Auditors are required to establish and maintain effective two-way communication with those charged with governance under ISA (NZ) 260 and to obtain an understanding of the entity and its environment under ISA (NZ) 315 (Revised 2019). Measures taken to establish and maintain communication with those charged with governance and to obtain an understanding of the entity and its environment might include the provision or receipt of gifts and hospitality by an auditor. The provision or receipt of gifts and hospitality that are limited to those that are “trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal” (see paragraphs AG R340.2.1 and AG R340.2.2), might be necessary to an effective audit.

The provision or receipt of gifts and hospitality, described in paragraph AG R340.2.1 as “trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal”, might be necessary to an effective audit. However, it is essential that the offer or acceptance of a gift or hospitality does not, in fact and in appearance, place an obligation on one party or the other.

It is not possible or appropriate to establish specific rules on what is considered to be “trivial and inconsequential” in the context of audits carried out on behalf of the Auditor-General. However, auditors need to maintain an awareness of how the provision or receipt of gifts and hospitality in the context of an audit might be perceived under the reasonable and informed third party test. Auditors should be prepared to justify the provision or receipt of gifts and hospitality as being appropriate, in the context of the particular entity they audit on behalf of the Auditor-General.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

The Auditor-General and those who carry out work on their behalf shall comply with:

1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

The Auditor-General and those who carry out work on their behalf can have numerous and separate interactions with a public entity where non-compliance or suspected non-compliance with laws and regulations might be identified. Those interactions include:

1. the annual audit carried out by the Appointed Auditor;
2. other work carried out by the Appointed Auditor or their firm;
3. performance audits or inquiries carried out by, or on behalf of, the Auditor-General;
4. other auditing services carried out by Audit New Zealand for a public entity that is audited by another Audit Service Provider; and
5. the audit of a subsidiary of a public entity group by a private sector auditor when the subsidiary is not required to be separately audited by the Auditor-General.

The Appointed Auditor must be kept informed of any other interactions with the public entity to ensure that they:

1. are made aware of matters of audit significance, including non-compliance or suspected non-compliance with laws and regulations that might have been identified; and
2. can assess whether any non-compliance or suspected non-compliance with laws and regulations has been appropriately:

• communicated to the public entity; and
• resolved by public entity personnel.

The OAG will ensure that Appointed Auditors are kept informed of matters arising from other initiatives or processes of the Auditor-General that are not carried out by the Appointed Auditor.

Unless OAG guidance has been provided that enables an Appointed Auditor to determine if non-compliance or suspected non-compliance has occurred or might occur, the non-compliance or suspected non-compliance shall be reported to the OAG (using the Independence@oag.parliament.nz email address). Advice will be provided, in consultation with the affected parties, on:

1. whether non-compliance or suspected non-compliance has occurred or might occur; and
2. how to address the non-compliance or suspected non-compliance.

Assessing the appropriateness of the entity’s response to non-compliance or suspected non-compliance that has been brought to the entity’s attention by those who carry out work on behalf of the Auditor-General will be made in the context of:

1. advice prescribed by the OAG – such as in an audit brief; or
2. other advice provided by the OAG.

Where the entity’s response is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the Independence@oag.parliament.nz email address). Advice will be provided by the OAG, in consultation with the affected parties, on what further action is needed.

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an engagement to eliminate threats to the fundamental principles, including a self-interest or intimidation threat that might arise when those who carry out work on behalf of the Auditor-General become aware of non-compliance or suspected non-compliance with laws and regulations.

If the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, the OAG shall be informed (using the Independence@oag.parliament.nz email address). The OAG, in consultation with the affected parties, shall assess the measures to be applied, if any, to mitigate any unacceptable threats to the fundamental principles that arise from the entity’s failure to appropriately respond to its non-compliance or suspected non-compliance.

This section should apply to “professional services” other than audits or reviews. Therefore, it applies to:

1. other work carried out by the Appointed Auditor or their firm;
2. performance audits or inquiries carried out on behalf of the Auditor-General; and
3. other auditing services carried out by Audit New Zealand for a public entity that is audited by another Audit Service Provider.

The Appointed Auditor must be kept informed of any other interactions with the public entity to ensure that they:

1. are made aware of matters of audit significance, including non-compliance or suspected non-compliance with laws and regulations that might have been identified; and
2. can assess whether any non-compliance or suspected non-compliance with laws and regulations has been appropriately:
   • communicated to the public entity; and
   • resolved by public entity personnel.

The OAG will ensure that Appointed Auditors are kept informed of matters arising from other initiatives or processes of the Auditor-General that are not carried out by the Appointed Auditor.

When the Appointed Auditor becomes aware of “professional services” being carried out by another assurance practitioner within a public entity or public entity group, they should encourage the other assurance practitioner to report all instances of non-compliance or suspected non-compliance that come to their attention to the Appointed Auditor.

Determining the materiality of non-compliance or suspected non-compliance with laws and regulations in the context of the audit of a public entity or public entity group can be difficult. This decision is best left to the Appointed Auditor of the public entity or public entity group.

The Appointed Auditor, or those who carry out work on behalf of the Auditor-General, will assess whether further action is needed in the public interest by referring to advice prescribed by the OAG – such as in an audit brief.

Otherwise, the Appointed Auditor, or those who carry out work on behalf of the Auditor-General, shall consult with the OAG (using the Independence@oag.parliament.nz email address). Advice will be provided by the OAG on how to report the non-compliance or suspected non-compliance.