Part 3: Application of the code, fundamental principles and conceptual framework

Section 300: Applying the conceptual framework

Introduction

Auditor-General’s commentary
AG 300.1

The Public Audit Act 2001 places expectations on the Auditor-General that exceed the minimum requirements of PES 1, particularly in the area of independence. Those expectations apply to all those who carry out work on behalf of the Auditor-General. In some instances, those expectations also apply to the firm, and network firm, of those who carry out work on behalf of the Auditor-General.

Where the Auditor-General places different requirements on those who carry out work on their behalf, those requirements and associated application material should be read in conjunction with the relevant paragraphs in PES 1.

Requirements and application material

Auditor-General's requirement
AG R300.4

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

Identifying threats

Auditor-General's requirement
AG R300.6 A1(a) When setting the audit fee for an engagement to be carried out on behalf of the Auditor-General, an assurance practitioner shall take account of the additional requirements of the Auditor-General’s auditing standards and relevant legislation when setting audit fees. This is in addition to taking account of the current standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board, and the New Zealand Accounting Standards Board.

Evaluating threats

Auditor-General’s commentary
AG 300.7 A3

The Public Audit Act 2001 places expectations on the Auditor-General that exceed the minimum requirements of PES 1, particularly in the areas of independence.

As a matter of principle, the Auditor-General’s independence requirements apply equally to all public entities and to all work carried out by, or on behalf of, the Auditor-General. The two main exceptions to this principle are:

  1. Under section 540 Long association of personnel (including partner rotation) with an audit client, the Auditor-General recognises the distinction between public entities that are “public interest entities” and other public entities. The Auditor-General’s rotation requirements are specified in section 540.
  2. Under subsection 601 Accounting and bookkeeping services, the Auditor-General recognises that the provision of temporary accounting assistance or conducting compilation engagements is appropriate, in the interests of accountability, for small public entities within the parameters specified by the Auditor-General in subsection 601.
AG 300.7 A4

The Code has been developed assuming that those charged with the governance of an entity are either required to act in the public interest or do so through moral obligation. In the New Zealand public sector, those charged with governance have a legal responsibility to act in the best interests of the public entity. This is a different, and narrower, responsibility than the requirement for the auditor to act in the public interest.

The implications of this situation for the Auditor-General and those who carry out work on their behalf are that the Auditor-General cannot subordinate their public interest responsibilities to a public entity. For instance, the Auditor-General or those who carry out work on their behalf cannot carry out an activity or accept a situation that is contrary to the fundamental principles in the Auditor-General’s Code and this Guide because the activity or situation is deemed to be acceptable to those charged with the governance of an entity. Similarly, the presence of an effective corporate governance structure or operating environment within an entity subject to audit does not relieve the auditor from exercising professional judgement in the public interest.

Addressing threats

Examples of safeguards

Auditor-General’s commentary
AG 300.8 A2.1

The Auditor-General requires that compliance with the fundamental principles is achieved from two perspectives:

  1. actual compliance; and
  2. perceived compliance. The reasonable and informed third party test is applied to establish whether perceived compliance has been achieved. The reasonable and informed third party test requires a high acceptable level to be met in that the third party would likely reach the same conclusions about compliance as the assurance practitioner.

Further direction in addressing perceived compliance is provided in paragraphs AG R120.5 A6.1 and AG R120.5 A6.2.

AG 300.8 A2.2

Several of the examples of safeguards in paragraph 300.8 A2 do not address perceived compliance and, therefore, do not reduce the threat to compliance with the fundamental principles to an acceptable level.

For the avoidance of doubt, the Auditor-General does not consider the internal separation of activities within a firm to be an adequate safeguard that reduces the threat to compliance with the fundamental principles to an acceptable level. Internal separation is sometimes used by firms as a safeguard to permit different (and sometimes incompatible) activities to be carried out for an entity. An example of internal separation is where different partners and engagement teams within the same firm provide non-assurance services for an entity that is also audited by the firm.

Auditor-General's requirement
AG R300.8 A2.3 The Auditor-General and those who carry out work on their behalf shall not recommend services or products to a public entity – irrespective of whether or not referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and network firm, and all of those who carry out work on behalf of the Auditor-General.

Appropriate reviewer

Auditor-General's requirement
AG R300.8 A4 Other than in the capacity of an engagement quality reviewer, an “appropriate reviewer” shall not be used as a safeguard if that individual is a member or an employee of the firm that is carrying out the work on behalf of the Auditor-General. This is not a safeguard because it does not satisfy perceived compliance under the reasonable and informed third party test.

Section 310: Conflicts of interest

Introduction

Auditor-General's requirement
AG R310.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

Requirements and Application Material

General

Auditor-General’s commentary
AG 310.4 A1

Most of the examples in paragraph 310.4 A1 do not involve the provision of assurance services by an assurance practitioner and are unlikely to arise in connection with work carried out by, or on behalf of, the Auditor-General.

Other particular examples identified in paragraph 310.4 A1 (and repeated below in italics) are unacceptable conflicts of interest that would, as a minimum, not satisfy perceived compliance with the fundamental principle of objectivity under the reasonable and informed third party test. This is because of the Auditor-General’s responsibilities to Parliament under the Public Audit Act 2001.

Examples of circumstances that would create an unacceptable conflict of interest include:

  • Providing a transaction advisory service to a client seeking to acquire an audit client, where the firm has obtained confidential information during the course of the audit that might be relevant to the transaction.
  • In relation to a license agreement, providing an assurance report for a licensor on the royalties due while advising the licensee on the amounts payable.
  • Providing strategic advice to a client on its competitive position while having a joint venture or similar interest with a major competitor of the client.

Conflict identification

General
Auditor-General's requirement
AG R310.5.1

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an assurance engagement to eliminate threats to independence. This situation is recognised in paragraph NZ1.3 of PES 1, which states: “The Code is not intended to detract from responsibilities that may be imposed by law or regulation.”

In a conflict between PES 1 and legislation relating to the statutory appointment of the Auditor-General, the following steps shall be taken:

  1. The threat to independence will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report.
  2. Safeguards will be introduced, which will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report. Safeguards may include the selection of an individual and/or firm with suitable credentials, the imposition of specific terms and conditions of appointment, the assignment of audit staff with particular skills and experience, and additional quality control processes to mitigate the threat to independence.

Auditor-General’s application material
AG 310.5.2 Before entering into a relationship with a public entity, the OAG will identify employees and/or third parties who could carry out work on behalf of the Auditor-General. The Auditor-General requires those employees and/or third parties to declare all interests and relationships that might have a bearing on the work to be carried out. The OAG will assess whether those interests or relationships might amount to an unacceptable threat to the fundamental principles and, in particular, the fundamental principle of objectivity. In making this assessment, the Auditor-General will refer to paragraphs AG R120.15 A1.2 to AG R120.15 A1.4 and the application material in paragraph AG 120.15 A1.5 concerning independence in appearance.

Changes in circumstances

Auditor-General's requirement
AG R310.6 The Auditor-General, their employees, and those who carry out work on their behalf shall remain alert to changes in interests and relationships that might create a conflict of interest. The Auditor-General’s employees, and those who carry out work on behalf of the Auditor-General, shall immediately declare all changes in interests and relationships that might have a bearing on the work to the OAG (using the [email protected] email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation. The OAG will assess whether those interests or relationships might amount to an unacceptable threat to the fundamental principles and, in particular, to the fundamental principle of objectivity. In making this assessment the OAG will refer to the requirements in paragraphs AG R120.15 A1.2 to AG R120.15 A1.4 and the associated application material in paragraph AG 120.15 A1.5 concerning independence in appearance.

Network firms

Auditor-General's requirement
AG R310.7 Those who carry out work on behalf of the Auditor-General who are members or employees of a firm that is part of a network firm shall disclose any interests and relationships, due to interests and relationships of the network firm, that might have a bearing on the work of the Auditor-General to the OAG (using the [email protected] email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation.

Threats created by conflicts of interest

Auditor-General’s commentary
AG 310.8 A3.1 For the avoidance of doubt, the Auditor-General does not consider the internal separation of activities within a firm to be an adequate safeguard that reduces the threat to compliance with the fundamental principles to an acceptable level. Internal separation is sometimes used by firms as a safeguard to permit different (and sometimes incompatible) activities to be carried out for an entity. An example of internal separation is where different partners and engagement teams within the same firm provide non-assurance services for an entity that is also audited by the firm.
Auditor-General's requirement
AG R310.8 A3.2 Other than in the capacity of an engagement quality reviewer, an “appropriate reviewer” shall not be used as a safeguard if that individual is a member or an employee of the firm that is carrying out the work on behalf of the Auditor-General. This is not a safeguard because it does not satisfy perceived compliance under the reasonable and informed third party test.

Disclosure and consent

General
Auditor-General’s commentary
AG 310.9.1

The Auditor-General is an officer of Parliament and has a statutory responsibility to assist Parliament to hold the government to account. The Auditor-General works exclusively in the public interest. The Auditor-General’s role demands that the results of the work carried out by the Auditor-General or on their behalf is, in all but exceptional instances, made publicly available. The Auditor-General must be independent, and must be seen to be independent, to carry out their role.

It is acknowledged that, in most conflicts of interest that affect the Auditor-General, the conflict will threaten the independence (real and/or perceived) of the Auditor-General.

It is unacceptable for the Auditor-General and those who carry out work on their behalf to obtain the consent of affected parties to “waive” a conflict of interest that might otherwise constitute an unacceptable threat to independence. Such a “waiver” can never satisfy the reasonable and informed third party test that is applied to assess independence in appearance. Such arrangements are contrary to the public interest.

Auditor-General's requirement
AG R310.9.2 When assessing a conflict-of-interest situation, the Auditor-General and those working on their behalf shall apply the reasonable and informed third party test in accordance with paragraphs AG R120.5 A6.1 and AG R120.5 A6.2. In the context of the Auditor-General’s role, the reasonable and informed third party test assessment shall only be made based on publicly available information.

Auditor-General’s commentary
AG NZ 310.9.1

The Auditor-General works exclusively in the public interest. As a consequence, it is not possible to disclose a conflict of interest and the related safeguards to the parties or potential parties affected by the conflict, in advance of the work being carried out.

Instead, the Auditor-General and those working on their behalf shall apply the reasonable and informed third party test in accordance with paragraphs AG R120.5 A6.1 and AG R120.5 A6.2.

AG 310.9 A2 An Appointed Auditor, or their firm, might be active in a sector such as the energy sector. For example, a firm might be the auditor of more than one entity in a sector that are in competition with one another. This situation does not threaten audit independence. However, it is normal practice for the auditor to disclose to an entity they are proposing to engage with their and/or their firm’s relationships with other entities in the sector. Such disclosure might result in the entity requesting a change to an auditor from another firm. Usually, such a request is accepted on the basis that the relationship between the entity and the Appointed Auditor and their firm must be based on mutual trust.

Section 320: Professional appointments

Introduction

Auditor-General's requirements
AG R320.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.
AG R320.2.1

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an assurance engagement to eliminate threats to independence. This situation is recognised in paragraph NZ1.3 of PES 1, which states: “The Code is not intended to detract from responsibilities that may be imposed by law or regulation.”

In a conflict between PES 1 and legislation relating to the statutory appointment of the Auditor-General, the following steps shall be taken:

  1. The threat to independence will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report.
  2. Safeguards will be introduced, which will, as a minimum, be disclosed to those responsible for governance of the public entity and publicly disclosed in the auditor’s report. Safeguards might include the selection of an individual and/or firm with suitable credentials, the imposition of specific terms and conditions of appointment, the assignment of audit staff with particular skills and experience, and additional quality control processes to mitigate the threat to independence.
Auditor-General’s application material
AG 320.2.2 Before entering into a relationship with a public entity, the OAG will identify employees and/or third parties who could carry out work on behalf of the Auditor-General. The Auditor-General requires those employees and/or third parties to declare all interests and relationships that might have a bearing on the work to be carried out. The OAG will assess whether those interests or relationships might amount to an unacceptable threat to the fundamental principles and, in particular, the fundamental principle of objectivity. In making this assessment, the Auditor-General will refer to paragraphs AG R120.15 A1.2 to AG R120.15 A1.4 and the application material in paragraph AG R120.15 A1.5 concerning independence in appearance.

Requirements and application material

Client and engagement continuance

Auditor-General's requirement
AG R320.9

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an engagement to eliminate threats to the fundamental principles.

Those who carry out work on behalf of the Auditor-General shall remain alert to changes in circumstances that might threaten compliance with the fundamental principles and disclose any such changes in circumstances to the OAG (using the [email protected] email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation. The OAG will assess the measures to be applied to mitigate any unacceptable threats to the fundamental principles that arise from the changes in circumstances.

Section 325: Objectivity of an engagement quality reviewer and other appropriate reviewers

Introduction

Auditor-General's requirements
AG R325.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.
AG R325.4 Other than in the capacity of an engagement quality reviewer, an “appropriate reviewer” shall not be used as a safeguard if that individual is a member or an employee of the firm that is carrying out the work on behalf of the Auditor-General. This is not a safeguard because it does not satisfy perceived compliance under the reasonable and informed third party test.

Section 330: Fees and other types of remuneration

Introduction

Auditor-General's requirement
AG R330.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

Application material

Level of fees

Auditor-General's requirement
AG R330.3 A2 When setting the audit fee for an engagement to be carried out on behalf of the Auditor-General, an assurance practitioner shall take account of the additional requirements of the Auditor-General’s auditing standards and relevant legislation when setting audit fees. This is in addition to taking account of the current standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board, and the New Zealand Accounting Standards Board and relevant legislation.

Contingent fees

Auditor-General's requirement
AG R330.4 A1 Those who carry out work on behalf of the Auditor-General shall not set contingent or success fees in respect of any work carried out in relation to a public entity. The setting of such fees creates a “self-interest” threat to independence that could not be reduced to an acceptable level by the application of any safeguards.

Referral fees or commissions

Auditor-General's requirement
AG NZ R330.5

The Auditor-General and those who carry out work on their behalf shall not recommend services or products to a public entity – irrespective of whether referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and the network firm, of those who carry out work on behalf of the Auditor-General.

Similarly, the Auditor-General and those who carry out work on their behalf shall not enter into a relationship with the public entity to recommend services or products of that public entity to third parties – irrespective of whether referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and the network firm, of those who carry out work on behalf of the Auditor-General.

Section 340: Inducements, including gifts and hospitality

Introduction

Auditor-General's requirement
AG R340.1.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

Auditor-General’s commentary
AG 340.1.2

An inducement is an object, situation, or action that is used as a means to influence another individual’s behaviour but not necessarily with the intent to improperly influence that individual’s behaviour. Inducements, either given or received, have no place in the conduct of effective audits.

A matter quite separate from the notion of an inducement is when the provision or receipt of gifts and hospitality by an auditor might be a necessary step to carrying out an effective audit.

Auditors are required to establish and maintain effective two-way communication with those charged with governance under ISA (NZ) 260 and to obtain an understanding of the entity and its environment under ISA (NZ) 315 (Revised 2019). Measures taken to establish and maintain communication with those charged with governance and to obtain an understanding of the entity and its environment might include the provision or receipt of gifts and hospitality by an auditor. The provision or receipt of gifts and hospitality that are limited to those that are “trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal” (see paragraphs AG R340.2.1 and AG R340.2.2), might be necessary to an effective audit.

Auditor-General's requirement
AG R340.2.1 The Auditor-General and those working on their behalf shall not offer or accept, or encourage others to offer or accept, any inducement – irrespective of intent. Gifts and hospitality are acceptable only to the extent they are trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal.

Auditor-General’s application material
AG 340.2.2

The provision or receipt of gifts and hospitality, described in paragraph AG R340.2.1 as “trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal”, might be necessary to an effective audit. However, it is essential that the offer or acceptance of a gift or hospitality does not, in fact and in appearance, place an obligation on one party or the other.

It is not possible or appropriate to establish specific rules on what is considered to be “trivial and inconsequential” in the context of audits carried out on behalf of the Auditor-General. However, auditors need to maintain an awareness of how the provision or receipt of gifts and hospitality in the context of an audit might be perceived under the reasonable and informed third party test. Auditors should be prepared to justify the provision or receipt of gifts and hospitality as being appropriate, in the context of the particular entity they audit on behalf of the Auditor-General.

Section 350: Custody of client assets

Introduction

Auditor-General's requirements
AG R350.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.
AG R350.2 The Auditor-General and those working on their behalf shall not hold entity assets.

Section 360: Responding to non-compliance with laws and regulations

Introduction

Auditor-General's requirement
AG R360.1

The Auditor-General and those who carry out work on their behalf shall comply with:

  1. the fundamental principles set out in section 110 and apply the conceptual framework set out in section 120; and
  2. the Auditor-General’s additional requirements that are specified in relation to the fundamental principles in section 110 and that apply to the conceptual framework in section 120.

Auditor-General’s commentary
AG 360.3

The Auditor-General and those who carry out work on their behalf can have numerous and separate interactions with a public entity where non-compliance or suspected non-compliance with laws and regulations might be identified. Those interactions include:

  1. the annual audit carried out by the Appointed Auditor;
  2. other work carried out by the Appointed Auditor or their firm;
  3. performance audits or inquiries carried out by, or on behalf of, the Auditor-General;
  4. other auditing services carried out by Audit New Zealand for a public entity that is audited by another Audit Service Provider; and
  5. the audit of a subsidiary of a public entity group by a private sector auditor when the subsidiary is not required to be separately audited by the Auditor-General.

The Appointed Auditor must be kept informed of any other interactions with the public entity to ensure that they:

  1. are made aware of matters of audit significance, including non-compliance or suspected non-compliance with laws and regulations that might have been identified; and
  2. can assess whether any non-compliance or suspected non-compliance with laws and regulations has been appropriately:
  • communicated to the public entity; and
  • resolved by public entity personnel.

The OAG will ensure that Appointed Auditors are kept informed of matters arising from other initiatives or processes of the Auditor-General that are not carried out by the Appointed Auditor.

Audits and reviews of financial statements

Obtaining an understanding of the matter

Auditor-General's requirements
AG R360.10 A3

Unless OAG guidance has been provided that enables an Appointed Auditor to determine if non-compliance or suspected non-compliance has occurred or might occur, the non-compliance or suspected non-compliance shall be reported to the OAG (using the [email protected] email address). Advice will be provided, in consultation with the affected parties, on:

  1. whether non-compliance or suspected non-compliance has occurred or might occur; and
  2. how to address the non-compliance or suspected non-compliance.
AG R360.12 Unless guidance on how to report the non-compliance or suspected non-compliance is prescribed by the OAG – such as in an audit brief – the discussion with those charged with governance shall only take place following prior consultation with the OAG (using the [email protected] email address).

Addressing the matter

Auditor-General's requirement
AG NZ R360.15.1 Unless guidance on how to report the non-compliance or suspected non-compliance is prescribed by the OAG – such as in an audit brief – the non-compliance or suspected non-compliance shall be reported to the OAG (using the [email protected] email address). Advice will be provided, in consultation with the affected parties, on how to address the non-compliance or suspected non-compliance.

Determining whether further action is required

Auditor-General's requirements
AG R360.19

Assessing the appropriateness of the entity’s response to non-compliance or suspected non-compliance that has been brought to the entity’s attention by those who carry out work on behalf of the Auditor-General will be made in the context of:

  1. advice prescribed by the OAG – such as in an audit brief; or
  2. other advice provided by the OAG.

Where the entity’s response is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the [email protected] email address). Advice will be provided by the OAG, in consultation with the affected parties, on what further action is needed.

AG R360.20 Where the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the [email protected] email address). Further action, if any, will be determined by the OAG, in consultation with the affected parties.
AG R360.21 Where the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the [email protected] email address). Further action, if any, to escalate the matter will be determined by the OAG, in consultation with the affected parties.
AG R360.21 A2

The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an engagement to eliminate threats to the fundamental principles, including a self-interest or intimidation threat that might arise when those who carry out work on behalf of the Auditor-General become aware of non-compliance or suspected non-compliance with laws and regulations.

If the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, the OAG shall be informed (using the [email protected] email address). The OAG, in consultation with the affected parties, shall assess the measures to be applied, if any, to mitigate any unacceptable threats to the fundamental principles that arise from the entity’s failure to appropriately respond to its non-compliance or suspected non-compliance.

Determining whether to disclose the matter to an appropriate authority

Auditor-General's requirements
AG R360.26 The OAG will determine whether non-compliance or suspected non-compliance will be disclosed to an appropriate authority. Such disclosure shall be made by the OAG.

Imminent breach

Auditor-General's requirements
AG R360.27 Where a determination is made to disclose an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees, or the general public to an appropriate authority, the disclosure shall be made by the OAG.

Documentation

Auditor-General's requirements
AG NZ R360.28 A1.1 In addition to the current standards issued by the New Zealand Auditing and Assurance Standards Board and relevant legislation, those who carry out work on behalf of the Auditor-General shall also take account of any additional requirements in the Auditor-General’s auditing standards when documenting non-compliance or suspected non-compliance with laws and regulations.

Assurance services other than audits and reviews of financial statements

Obtaining an understanding of the matter and addressing it with management and those charged with governance
Auditor-General’s commentary
AG 360.30

This section should apply to “professional services” other than audits or reviews. Therefore, it applies to:

  1. other work carried out by the Appointed Auditor or their firm;
  2. performance audits or inquiries carried out on behalf of the Auditor-General; and
  3. other auditing services carried out by Audit New Zealand for a public entity that is audited by another Audit Service Provider.

The Appointed Auditor must be kept informed of any other interactions with the public entity to ensure that they:

  1. are made aware of matters of audit significance, including non-compliance or suspected non-compliance with laws and regulations that might have been identified; and
  2. can assess whether any non-compliance or suspected non-compliance with laws and regulations has been appropriately:
    • communicated to the public entity; and
    • resolved by public entity personnel.

The OAG will ensure that Appointed Auditors are kept informed of matters arising from other initiatives or processes of the Auditor-General that are not carried out by the Appointed Auditor.

Relevant factors to consider
Auditor-General’s application material
AG R360.34 A1

When the Appointed Auditor becomes aware of “professional services” being carried out by another assurance practitioner within a public entity or public entity group, they should encourage the other assurance practitioner to report all instances of non-compliance or suspected non-compliance that come to their attention to the Appointed Auditor.

Determining the materiality of non-compliance or suspected non-compliance with laws and regulations in the context of the audit of a public entity or public entity group can be difficult. This decision is best left to the Appointed Auditor of the public entity or public entity group.

Considering whether further action is needed
Auditor-General's requirements
AG R360.36

The Appointed Auditor, or those who carry out work on behalf of the Auditor-General, will assess whether further action is needed in the public interest by referring to advice prescribed by the OAG – such as in an audit brief.

Otherwise, the Appointed Auditor, or those who carry out work on behalf of the Auditor-General, shall consult with the OAG (using the [email protected] email address). Advice will be provided by the OAG on how to report the non-compliance or suspected non-compliance.

AG R360.37 Where a determination is made to disclose the non-compliance or suspected non-compliance to an appropriate authority, the disclosure shall be made by the OAG.

Imminent breach

Auditor-General's requirement
AG R360.38 Where a determination is made to disclose an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees, or the general public to an appropriate authority, the disclosure shall be made by the OAG.

Seeking advice

Auditor-General's requirements
AG R360.39.A1 Unless guidance on how to report the non-compliance or suspected non-compliance is prescribed by the OAG – such as in an audit brief – the non-compliance or suspected non-compliance shall be reported to the OAG (using the [email protected] email address). Advice will be provided on how to report the non-compliance or suspected non-compliance.