Part 3: Application of the code, fundamental principles and conceptual framework
Section 300: Applying the conceptual framework
Introduction
Auditor-General’s commentary | |
---|---|
AG 300.1 |
The Public Audit Act 2001 places expectations on the Auditor-General that exceed the minimum requirements of PES 1, particularly in the area of independence. Those expectations apply to all those who carry out work on behalf of the Auditor-General. In some instances, those expectations also apply to the firm, and network firm, of those who carry out work on behalf of the Auditor-General. Where the Auditor-General places different requirements on those who carry out work on their behalf, those requirements and associated application material should be read in conjunction with the relevant paragraphs in PES 1. |
Requirements and application material
Auditor-General's requirement | |
---|---|
AG R300.4 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
Identifying threats
Auditor-General's requirement | |
---|---|
AG R300.6 A1(a) | When setting the audit fee for an engagement to be carried out on behalf of the Auditor-General, an assurance practitioner shall take account of the additional requirements of the Auditor-General’s auditing standards and relevant legislation when setting audit fees. This is in addition to taking account of the current standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board, and the New Zealand Accounting Standards Board. |
Evaluating threats
Auditor-General’s commentary | |
---|---|
AG 300.7 A3 |
The Public Audit Act 2001 places expectations on the Auditor-General that exceed the minimum requirements of PES 1, particularly in the areas of independence. As a matter of principle, the Auditor-General’s independence requirements apply equally to all public entities and to all work carried out by, or on behalf of, the Auditor-General. The two main exceptions to this principle are:
|
AG 300.7 A4 |
The Code has been developed assuming that those charged with the governance of an entity are either required to act in the public interest or do so through moral obligation. In the New Zealand public sector, those charged with governance have a legal responsibility to act in the best interests of the public entity. This is a different, and narrower, responsibility than the requirement for the auditor to act in the public interest. The implications of this situation for the Auditor-General and those who carry out work on their behalf are that the Auditor-General cannot subordinate their public interest responsibilities to a public entity. For instance, the Auditor-General or those who carry out work on their behalf cannot carry out an activity or accept a situation that is contrary to the fundamental principles in the Auditor-General’s Code and this Guide because the activity or situation is deemed to be acceptable to those charged with the governance of an entity. Similarly, the presence of an effective corporate governance structure or operating environment within an entity subject to audit does not relieve the auditor from exercising professional judgement in the public interest. |
Addressing threats
Examples of safeguards
Auditor-General’s commentary | |
---|---|
AG 300.8 A2.1 |
The Auditor-General requires that compliance with the fundamental principles is achieved from two perspectives:
Further direction in addressing perceived compliance is provided in paragraphs AG R120.5 A6.1 and AG R120.5 A6.2. |
AG 300.8 A2.2 |
Several of the examples of safeguards in paragraph 300.8 A2 do not address perceived compliance and, therefore, do not reduce the threat to compliance with the fundamental principles to an acceptable level. For the avoidance of doubt, the Auditor-General does not consider the internal separation of activities within a firm to be an adequate safeguard that reduces the threat to compliance with the fundamental principles to an acceptable level. Internal separation is sometimes used by firms as a safeguard to permit different (and sometimes incompatible) activities to be carried out for an entity. An example of internal separation is where different partners and engagement teams within the same firm provide non-assurance services for an entity that is also audited by the firm. |
Auditor-General's requirement | |
---|---|
AG R300.8 A2.3 | The Auditor-General and those who carry out work on their behalf shall not recommend services or products to a public entity – irrespective of whether or not referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and network firm, and all of those who carry out work on behalf of the Auditor-General. |
Appropriate reviewer
Auditor-General's requirement | |
---|---|
AG R300.8 A4 | Other than in the capacity of an engagement quality reviewer, an “appropriate reviewer” shall not be used as a safeguard if that individual is a member or an employee of the firm that is carrying out the work on behalf of the Auditor-General. This is not a safeguard because it does not satisfy perceived compliance under the reasonable and informed third party test. |
Section 310: Conflicts of interest
Introduction
Auditor-General's requirement | |
---|---|
AG R310.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
Requirements and Application Material
General
Auditor-General’s commentary | |
---|---|
AG 310.4 A1 |
Most of the examples in paragraph 310.4 A1 do not involve the provision of assurance services by an assurance practitioner and are unlikely to arise in connection with work carried out by, or on behalf of, the Auditor-General. Other particular examples identified in paragraph 310.4 A1 (and repeated below in italics) are unacceptable conflicts of interest that would, as a minimum, not satisfy perceived compliance with the fundamental principle of objectivity under the reasonable and informed third party test. This is because of the Auditor-General’s responsibilities to Parliament under the Public Audit Act 2001. Examples of circumstances that would create an unacceptable conflict of interest include:
|
Conflict identification
General
Auditor-General's requirement | |
---|---|
AG R310.5.1 |
The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an assurance engagement to eliminate threats to independence. This situation is recognised in paragraph NZ1.3 of PES 1, which states: “The Code is not intended to detract from responsibilities that may be imposed by law or regulation.” In a conflict between PES 1 and legislation relating to the statutory appointment of the Auditor-General, the following steps shall be taken:
|
Auditor-General’s application material | |
---|---|
AG 310.5.2 | Before entering into a relationship with a public entity, the OAG will identify employees and/or third parties who could carry out work on behalf of the Auditor-General. The Auditor-General requires those employees and/or third parties to declare all interests and relationships that might have a bearing on the work to be carried out. The OAG will assess whether those interests or relationships might amount to an unacceptable threat to the fundamental principles and, in particular, the fundamental principle of objectivity. In making this assessment, the Auditor-General will refer to paragraphs AG R120.15 A1.2 to AG R120.15 A1.4 and the application material in paragraph AG 120.15 A1.5 concerning independence in appearance. |
Changes in circumstances
Auditor-General's requirement | |
---|---|
AG R310.6 | The Auditor-General, their employees, and those who carry out work on their behalf shall remain alert to changes in interests and relationships that might create a conflict of interest. The Auditor-General’s employees, and those who carry out work on behalf of the Auditor-General, shall immediately declare all changes in interests and relationships that might have a bearing on the work to the OAG (using the [email protected] email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation. The OAG will assess whether those interests or relationships might amount to an unacceptable threat to the fundamental principles and, in particular, to the fundamental principle of objectivity. In making this assessment the OAG will refer to the requirements in paragraphs AG R120.15 A1.2 to AG R120.15 A1.4 and the associated application material in paragraph AG 120.15 A1.5 concerning independence in appearance. |
Network firms
Auditor-General's requirement | |
---|---|
AG R310.7 | Those who carry out work on behalf of the Auditor-General who are members or employees of a firm that is part of a network firm shall disclose any interests and relationships, due to interests and relationships of the network firm, that might have a bearing on the work of the Auditor-General to the OAG (using the [email protected] email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation. |
Threats created by conflicts of interest
Auditor-General’s commentary | |
---|---|
AG 310.8 A3.1 | For the avoidance of doubt, the Auditor-General does not consider the internal separation of activities within a firm to be an adequate safeguard that reduces the threat to compliance with the fundamental principles to an acceptable level. Internal separation is sometimes used by firms as a safeguard to permit different (and sometimes incompatible) activities to be carried out for an entity. An example of internal separation is where different partners and engagement teams within the same firm provide non-assurance services for an entity that is also audited by the firm. |
Auditor-General's requirement | |
---|---|
AG R310.8 A3.2 | Other than in the capacity of an engagement quality reviewer, an “appropriate reviewer” shall not be used as a safeguard if that individual is a member or an employee of the firm that is carrying out the work on behalf of the Auditor-General. This is not a safeguard because it does not satisfy perceived compliance under the reasonable and informed third party test. |
Disclosure and consent
General
Auditor-General’s commentary | |
---|---|
AG 310.9.1 |
The Auditor-General is an officer of Parliament and has a statutory responsibility to assist Parliament to hold the government to account. The Auditor-General works exclusively in the public interest. The Auditor-General’s role demands that the results of the work carried out by the Auditor-General or on their behalf is, in all but exceptional instances, made publicly available. The Auditor-General must be independent, and must be seen to be independent, to carry out their role. It is acknowledged that, in most conflicts of interest that affect the Auditor-General, the conflict will threaten the independence (real and/or perceived) of the Auditor-General. It is unacceptable for the Auditor-General and those who carry out work on their behalf to obtain the consent of affected parties to “waive” a conflict of interest that might otherwise constitute an unacceptable threat to independence. Such a “waiver” can never satisfy the reasonable and informed third party test that is applied to assess independence in appearance. Such arrangements are contrary to the public interest. |
Auditor-General's requirement | |
---|---|
AG R310.9.2 | When assessing a conflict-of-interest situation, the Auditor-General and those working on their behalf shall apply the reasonable and informed third party test in accordance with paragraphs AG R120.5 A6.1 and AG R120.5 A6.2. In the context of the Auditor-General’s role, the reasonable and informed third party test assessment shall only be made based on publicly available information. |
Auditor-General’s commentary | |
---|---|
AG NZ 310.9.1 |
The Auditor-General works exclusively in the public interest. As a consequence, it is not possible to disclose a conflict of interest and the related safeguards to the parties or potential parties affected by the conflict, in advance of the work being carried out. Instead, the Auditor-General and those working on their behalf shall apply the reasonable and informed third party test in accordance with paragraphs AG R120.5 A6.1 and AG R120.5 A6.2. |
AG 310.9 A2 | An Appointed Auditor, or their firm, might be active in a sector such as the energy sector. For example, a firm might be the auditor of more than one entity in a sector that are in competition with one another. This situation does not threaten audit independence. However, it is normal practice for the auditor to disclose to an entity they are proposing to engage with their and/or their firm’s relationships with other entities in the sector. Such disclosure might result in the entity requesting a change to an auditor from another firm. Usually, such a request is accepted on the basis that the relationship between the entity and the Appointed Auditor and their firm must be based on mutual trust. |
Section 320: Professional appointments
Introduction
Auditor-General's requirements | |
---|---|
AG R320.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
AG R320.2.1 |
The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an assurance engagement to eliminate threats to independence. This situation is recognised in paragraph NZ1.3 of PES 1, which states: “The Code is not intended to detract from responsibilities that may be imposed by law or regulation.” In a conflict between PES 1 and legislation relating to the statutory appointment of the Auditor-General, the following steps shall be taken:
|
Auditor-General’s application material | |
---|---|
AG 320.2.2 | Before entering into a relationship with a public entity, the OAG will identify employees and/or third parties who could carry out work on behalf of the Auditor-General. The Auditor-General requires those employees and/or third parties to declare all interests and relationships that might have a bearing on the work to be carried out. The OAG will assess whether those interests or relationships might amount to an unacceptable threat to the fundamental principles and, in particular, the fundamental principle of objectivity. In making this assessment, the Auditor-General will refer to paragraphs AG R120.15 A1.2 to AG R120.15 A1.4 and the application material in paragraph AG R120.15 A1.5 concerning independence in appearance. |
Requirements and application material
Client and engagement continuance
Auditor-General's requirement | |
---|---|
AG R320.9 |
The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an engagement to eliminate threats to the fundamental principles. Those who carry out work on behalf of the Auditor-General shall remain alert to changes in circumstances that might threaten compliance with the fundamental principles and disclose any such changes in circumstances to the OAG (using the [email protected] email address). Those consulting with the OAG shall consider the flowchart in Appendix 1 and provide the reasoning to support their recommendation. The OAG will assess the measures to be applied to mitigate any unacceptable threats to the fundamental principles that arise from the changes in circumstances. |
Section 325: Objectivity of an engagement quality reviewer and other appropriate reviewers
Introduction
Auditor-General's requirements | |
---|---|
AG R325.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
AG R325.4 | Other than in the capacity of an engagement quality reviewer, an “appropriate reviewer” shall not be used as a safeguard if that individual is a member or an employee of the firm that is carrying out the work on behalf of the Auditor-General. This is not a safeguard because it does not satisfy perceived compliance under the reasonable and informed third party test. |
Section 330: Fees and other types of remuneration
Introduction
Auditor-General's requirement | |
---|---|
AG R330.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
Application material
Level of fees
Auditor-General's requirement | |
---|---|
AG R330.3 A2 | When setting the audit fee for an engagement to be carried out on behalf of the Auditor-General, an assurance practitioner shall take account of the additional requirements of the Auditor-General’s auditing standards and relevant legislation when setting audit fees. This is in addition to taking account of the current standards issued by the External Reporting Board, the New Zealand Auditing and Assurance Standards Board, and the New Zealand Accounting Standards Board and relevant legislation. |
Contingent fees
Auditor-General's requirement | |
---|---|
AG R330.4 A1 | Those who carry out work on behalf of the Auditor-General shall not set contingent or success fees in respect of any work carried out in relation to a public entity. The setting of such fees creates a “self-interest” threat to independence that could not be reduced to an acceptable level by the application of any safeguards. |
Referral fees or commissions
Auditor-General's requirement | |
---|---|
AG NZ R330.5 |
The Auditor-General and those who carry out work on their behalf shall not recommend services or products to a public entity – irrespective of whether referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and the network firm, of those who carry out work on behalf of the Auditor-General. Similarly, the Auditor-General and those who carry out work on their behalf shall not enter into a relationship with the public entity to recommend services or products of that public entity to third parties – irrespective of whether referral fees or commission arrangements are earned for recommending such services or products. This prohibition extends to the firm, and the network firm, of those who carry out work on behalf of the Auditor-General. |
Section 340: Inducements, including gifts and hospitality
Introduction
Auditor-General's requirement | |
---|---|
AG R340.1.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
Auditor-General’s commentary | |
---|---|
AG 340.1.2 |
An inducement is an object, situation, or action that is used as a means to influence another individual’s behaviour but not necessarily with the intent to improperly influence that individual’s behaviour. Inducements, either given or received, have no place in the conduct of effective audits. A matter quite separate from the notion of an inducement is when the provision or receipt of gifts and hospitality by an auditor might be a necessary step to carrying out an effective audit. Auditors are required to establish and maintain effective two-way communication with those charged with governance under ISA (NZ) 260 and to obtain an understanding of the entity and its environment under ISA (NZ) 315 (Revised 2019). Measures taken to establish and maintain communication with those charged with governance and to obtain an understanding of the entity and its environment might include the provision or receipt of gifts and hospitality by an auditor. The provision or receipt of gifts and hospitality that are limited to those that are “trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal” (see paragraphs AG R340.2.1 and AG R340.2.2), might be necessary to an effective audit. |
Auditor-General's requirement | |
---|---|
AG R340.2.1 | The Auditor-General and those working on their behalf shall not offer or accept, or encourage others to offer or accept, any inducement – irrespective of intent. Gifts and hospitality are acceptable only to the extent they are trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal. |
Auditor-General’s application material | |
---|---|
AG 340.2.2 |
The provision or receipt of gifts and hospitality, described in paragraph AG R340.2.1 as “trivial and inconsequential in value, quantity, nature, and frequency, and are not illegal”, might be necessary to an effective audit. However, it is essential that the offer or acceptance of a gift or hospitality does not, in fact and in appearance, place an obligation on one party or the other. It is not possible or appropriate to establish specific rules on what is considered to be “trivial and inconsequential” in the context of audits carried out on behalf of the Auditor-General. However, auditors need to maintain an awareness of how the provision or receipt of gifts and hospitality in the context of an audit might be perceived under the reasonable and informed third party test. Auditors should be prepared to justify the provision or receipt of gifts and hospitality as being appropriate, in the context of the particular entity they audit on behalf of the Auditor-General. |
Section 350: Custody of client assets
Introduction
Auditor-General's requirements | |
---|---|
AG R350.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
AG R350.2 | The Auditor-General and those working on their behalf shall not hold entity assets. |
Section 360: Responding to non-compliance with laws and regulations
Introduction
Auditor-General's requirement | |
---|---|
AG R360.1 |
The Auditor-General and those who carry out work on their behalf shall comply with:
|
Auditor-General’s commentary | |
---|---|
AG 360.3 |
The Auditor-General and those who carry out work on their behalf can have numerous and separate interactions with a public entity where non-compliance or suspected non-compliance with laws and regulations might be identified. Those interactions include:
The Appointed Auditor must be kept informed of any other interactions with the public entity to ensure that they:
The OAG will ensure that Appointed Auditors are kept informed of matters arising from other initiatives or processes of the Auditor-General that are not carried out by the Appointed Auditor. |
Audits and reviews of financial statements
Obtaining an understanding of the matter
Auditor-General's requirements | |
---|---|
AG R360.10 A3 |
Unless OAG guidance has been provided that enables an Appointed Auditor to determine if non-compliance or suspected non-compliance has occurred or might occur, the non-compliance or suspected non-compliance shall be reported to the OAG (using the [email protected] email address). Advice will be provided, in consultation with the affected parties, on:
|
AG R360.12 | Unless guidance on how to report the non-compliance or suspected non-compliance is prescribed by the OAG – such as in an audit brief – the discussion with those charged with governance shall only take place following prior consultation with the OAG (using the [email protected] email address). |
Addressing the matter
Auditor-General's requirement | |
---|---|
AG NZ R360.15.1 | Unless guidance on how to report the non-compliance or suspected non-compliance is prescribed by the OAG – such as in an audit brief – the non-compliance or suspected non-compliance shall be reported to the OAG (using the [email protected] email address). Advice will be provided, in consultation with the affected parties, on how to address the non-compliance or suspected non-compliance. |
Determining whether further action is required
Auditor-General's requirements | |
---|---|
AG R360.19 |
Assessing the appropriateness of the entity’s response to non-compliance or suspected non-compliance that has been brought to the entity’s attention by those who carry out work on behalf of the Auditor-General will be made in the context of:
Where the entity’s response is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the [email protected] email address). Advice will be provided by the OAG, in consultation with the affected parties, on what further action is needed. |
AG R360.20 | Where the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the [email protected] email address). Further action, if any, will be determined by the OAG, in consultation with the affected parties. |
AG R360.21 | Where the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, those who carry out work on behalf of the Auditor-General shall report the entity’s response to the OAG (using the [email protected] email address). Further action, if any, to escalate the matter will be determined by the OAG, in consultation with the affected parties. |
AG R360.21 A2 |
The Auditor-General is the auditor of all public entities. Unlike auditors in the private sector, the Auditor-General cannot always refuse to accept or refuse to continue an engagement to eliminate threats to the fundamental principles, including a self-interest or intimidation threat that might arise when those who carry out work on behalf of the Auditor-General become aware of non-compliance or suspected non-compliance with laws and regulations. If the entity’s response to the non-compliance or suspected non-compliance is not considered to be appropriate, the OAG shall be informed (using the [email protected] email address). The OAG, in consultation with the affected parties, shall assess the measures to be applied, if any, to mitigate any unacceptable threats to the fundamental principles that arise from the entity’s failure to appropriately respond to its non-compliance or suspected non-compliance. |
Determining whether to disclose the matter to an appropriate authority
Auditor-General's requirements | |
---|---|
AG R360.26 | The OAG will determine whether non-compliance or suspected non-compliance will be disclosed to an appropriate authority. Such disclosure shall be made by the OAG. |
Imminent breach
Auditor-General's requirements | |
---|---|
AG R360.27 | Where a determination is made to disclose an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees, or the general public to an appropriate authority, the disclosure shall be made by the OAG. |
Documentation
Auditor-General's requirements | |
---|---|
AG NZ R360.28 A1.1 | In addition to the current standards issued by the New Zealand Auditing and Assurance Standards Board and relevant legislation, those who carry out work on behalf of the Auditor-General shall also take account of any additional requirements in the Auditor-General’s auditing standards when documenting non-compliance or suspected non-compliance with laws and regulations. |
Assurance services other than audits and reviews of financial statements
Obtaining an understanding of the matter and addressing it with management and those charged with governance
Auditor-General’s commentary | |
---|---|
AG 360.30 |
This section should apply to “professional services” other than audits or reviews. Therefore, it applies to:
The Appointed Auditor must be kept informed of any other interactions with the public entity to ensure that they:
The OAG will ensure that Appointed Auditors are kept informed of matters arising from other initiatives or processes of the Auditor-General that are not carried out by the Appointed Auditor. |
Relevant factors to consider
Auditor-General’s application material | |
---|---|
AG R360.34 A1 |
When the Appointed Auditor becomes aware of “professional services” being carried out by another assurance practitioner within a public entity or public entity group, they should encourage the other assurance practitioner to report all instances of non-compliance or suspected non-compliance that come to their attention to the Appointed Auditor. Determining the materiality of non-compliance or suspected non-compliance with laws and regulations in the context of the audit of a public entity or public entity group can be difficult. This decision is best left to the Appointed Auditor of the public entity or public entity group. |
Considering whether further action is needed
Auditor-General's requirements | |
---|---|
AG R360.36 |
The Appointed Auditor, or those who carry out work on behalf of the Auditor-General, will assess whether further action is needed in the public interest by referring to advice prescribed by the OAG – such as in an audit brief. Otherwise, the Appointed Auditor, or those who carry out work on behalf of the Auditor-General, shall consult with the OAG (using the [email protected] email address). Advice will be provided by the OAG on how to report the non-compliance or suspected non-compliance. |
AG R360.37 | Where a determination is made to disclose the non-compliance or suspected non-compliance to an appropriate authority, the disclosure shall be made by the OAG. |
Imminent breach
Auditor-General's requirement | |
---|---|
AG R360.38 | Where a determination is made to disclose an imminent breach of a law or regulation that would cause substantial harm to investors, creditors, employees, or the general public to an appropriate authority, the disclosure shall be made by the OAG. |
Seeking advice
Auditor-General's requirements | |
---|---|
AG R360.39.A1 | Unless guidance on how to report the non-compliance or suspected non-compliance is prescribed by the OAG – such as in an audit brief – the non-compliance or suspected non-compliance shall be reported to the OAG (using the [email protected] email address). Advice will be provided on how to report the non-compliance or suspected non-compliance. |