Chapter 2 Legislative support for new functions
Introduction
2.1
Part 4 of the Auditor-General Act 1997 sets out the main
functions and powers of the Auditor-General. The main functions include
undertaking financial statement audits, performance audits, audits by
arrangement, and functions under other Acts.
2.2
Traditionally, the primary functions performed by the Auditor-General
have included the auditing of financial statements[1]
and performance audits.[2] More recently, however,
the Auditor-General has taken on a range of individual assurance activities (or
audits by arrangement).
2.3
These assurance activities generally consist of reviews undertaken by
agreement with the client, either at the request of the client or in response
to requests from stakeholders, including Ministers and parliamentary committees.[3]
These assurance activities may be handled through the publication of a formal
report or by correspondence as determined by the relevant arrangement.[4]
2.4
Currently the main assurance activity the ANAO is engaged in is the
annual assurance review of the Defence Major Projects Report (MPR). The MPR
reports on the status of selected Defence equipment acquisition projects.
2.5
From July 2008 to March 2010, the Auditor-General was also involved in
reviews of government advertising. The focus of these reviews was to allow the
Auditor-General to express a conclusion as to whether anything had arisen to
indicate that government advertising campaigns did not comply with the relevant
guidelines.
2.6
Assurance activities such as the MPR (and the reviews of government
advertising previously) are carried out under section 20 of the Act (Audits
etc. by arrangement) and in accordance with the ANAO’s Auditing Standards.
These standards include the Standard on Assurance Engagements ASAE 3000 Assurance
Engagements Other than Audits or Reviews of Historical Financial Information
issued by the Australian Auditing and Assurance Standards Board.
2.7
Assurance activities of this kind provide a different level of assurance
to that provided by financial statement, and performance audits.
[A]n audit provides reasonable assurance which is
defined as:
a high, but not absolute, level
of assurance. This is where the assurance practitioner’s objective is a
reduction in performance engagement risk to an acceptably low level in the
circumstances of the performance engagement as the basis for a positive form of
expression of the assurance practitioner’s conclusion.
Whereas, a review provides limited assurance. In a limited
assurance engagement the assurance practitioner’s objective is a reduction in
performance engagement risk to a level that is acceptable in the circumstances
of the assurance engagement, as the basis for a negative form of expression of
the assurance practitioner’s conclusion. The acceptable performance engagement
risk in a limited assurance engagement is greater than for a reasonable assurance
engagement.[7]
2.8
More straightforwardly, Mr Geoff Wilson, Independent Auditor of the ANAO,
explains:
The difference between limited assurance and reasonable
assurance is the amount of work that you actually do. In a limited review you
are doing certain discussions and reviewing certain documents. In terms of
reasonable assurance you are increasing the level of work that you are doing,
including reviewing and testing various systems. That is a choice that is part
of the engagement.[8]
2.9
There was some consensus in the evidence that the area of assurance
engagements was one that required attention. For example, as
Professor Wanna from the Institute of Public Administration Australia
(IPAA) states:
It seems clear now, from a decade of this act, that there are
areas where the mandate is unclear. I think one of the roles of this committee
should be to help clarify the audit mandate…in relation to their assurance
functions across government.[9]
Explicit recognition of assurance activities
2.10
As outlined above, assurance activities are currently carried out in
accordance with section 20 of the Act. This section, in part, states:
(1) The
Auditor-General may enter into an arrangement with any person or body:
(a) to audit financial
statements of the person or body; or
(b) to conduct a performance
audit of the person or body; or
(c) to provide services to the
person or body that are of a kind commonly performed by auditors.[10]
2.11
The submission from ACAG clarifies further:
Where the work negotiated is an audit, then Section 20 (1)
sub‑sections (a) or (b) apply. Where the work negotiated is a review,
then Section 20(1)(c) applies although the word review is not explicitly
included in this Section. Instead, reference is made to “services … of a kind
commonly performed by auditors”. Auditors commonly conduct “reviews”.[11]
2.12
A number of submissions to the inquiry suggest that rather than falling
under the auspices of section 20, the Act should make explicit provision for
these assurance activities.[12]
2.13
The Committee is in receipt of no direct evidence to suggest that the main
assurance activity currently being conducted by the Auditor-General under
section 20 of the Act (i.e., the MPR) is problematic. However, there is
evidence to suggest that assurance activities undertaken by agreement with agencies
could potentially create challenges.
2.14
This is because assurance activities conducted under section 20 of the
Act do not provide the Auditor-General with the formal information‑gathering
powers that normally apply to the conduct of financial statement or performance
audits.[13] This restriction is set
out in subsection 31(a) (Purpose for which information-gathering powers may be
used) as follows:
The powers under sections 32 and 33[[14]]
may be used for the purpose of, or in connection with, any Auditor-General
function, except:
(a) an audit or other function under section 20.[15]
2.15
Additionally, as outlined in ACAG’s submission below, the fact that
audits or reviews are conducted by arrangement significantly constrains the
role of the Auditor-General:
ACAG also notes that under Section 20, any such audits or
reviews are by arrangement (therefore negotiated) between the A-G and any
person or body. This must mean that the “person or body” could refuse to have
the audit or review conducted or seek to impose conditions with which the A-G
may, or may not, wish to comply. For example, the person or body could agree to
the conduct of an audit or review but limit the scope in such a way as to make
the audit or review meaningless.[16]
2.16
Professor Wanna from IPAA commented in a similar vein:
I am not fully aware of what the problems are with the
Defence reports but there seems to be a concern, certainly from the audit
community, that they do not have the same strength of powers…when they are
negotiating these. You must remember that the culture of the Audit Office is to
be very consensual and to get agreement. Of course, that then puts them in that
kind of bargaining position. One interpretation of that section of the act
would be that you can refuse to cooperate then. So an agency or a minister
would be within their powers to say, ‘No, I’m not cooperating.’[17]
2.17
At the hearing on 22 June 2009, the Auditor-General, Mr Ian McPhee PSM,
further explained the potential problems using the MPR as an example:
The importance of [assurance reviews] being treated specially
is that you can link up my normal powers to obtain evidence and to undertake
these reviews without the agreement of the other Commonwealth agency. So it
allows the Auditor General more authority. Take a position: conceivably, you
are doing the [MPR], and, hypothetically, the government has a change of heart
and thinks these...reviews are actually disclosing a bit too much information
and are not very satisfactory. At the moment, I rely on the agreement of the
DMO to provide me with access, to provide the necessary information to allow me
to do the audit. Under a provision that I have got in mind, I would have the
authority to undertake those reviews knowing it was important for the committee
no matter what.[18]
2.18
Both ACAG and the ANAO argue on the basis of the information set out
above, that assurance activities should be explicitly recognised in the Act.
2.19
ACAG proposes that the Act should be broadened in two respects: first,
in circumstances where the Parliament has sought audits or reviews, these
audits or reviews should be conducted at the discretion of the Auditor‑General
and not by arrangement; and, second, explicit provision should be included in
the Act for the Auditor-General to conduct reviews. ACAG also submits that any
requests for additional functions should be accompanied by appropriate
resourcing.[19]
2.20
Paragraph 1 of the appendix to the ANAO’s primary submission (no 3)
outlines the provisions that would need to be incorporated into the Act should
such an amendment be recommended by the Committee as follows:
- provide the
Auditor-General with the explicit authority to undertake assurance activities
consistent with his other functions,
- provide for the
coercive information-gathering powers in the Act to be used for the purpose of
carrying out assurance activities, and
- provide the
Auditor-General with the authority to determine arrangements, including
reporting arrangements to the Parliament, to be followed in the conduct of
assurance activities.[20]
2.21
While not specific about the form increased legislative backing should
take, the Defence Materiel Organisation (DMO) also provides some support for
explicitly recognising assurance activities in the Act as follows:
From a DMO perspective, I support the broadening of the Act
to give sufficient legislative backing for new functions such as reviews, eg
the “Major Projects Report”.[21]
Committee comment
2.22
On the basis of the evidence received, and there being no evidence to
the contrary, the Committee believes it is appropriate that the Auditor‑General
be provided with explicit authority to conduct assurance engagements.
2.23
In light of its experience with oversight of the MPR, the Committee
notes that these assurance activities, while not full performance audits, can
be an extremely effective way of monitoring public accountability.
2.24
The Committee expects that implementation of Recommendation 1 below
would not render section 20 of the Act redundant.
2.25
Additionally, the Committee also notes that any amendments to the Act to
provide explicit recognition of assurance engagements would result in
consequent amendments to reflect that change (for example, sub-section 8(4) and
section 24 would need to refer to audit and assurance activities).[22]
2.26
The Committee has an expectation that the Parliament and the Australian
public will continue to be informed of the outcomes of these assurance
activities.
Recommendation 1 |
2.27 |
That the Auditor-General Act 1997 be amended to
provide the Auditor‑General with explicit authority to conduct
assurance engagements. In circumstances where such assurance engagements
have been identified as priorities by the Parliament, they should be subject
to the same information-gathering powers that pertain to performance audits
undertaken by the Auditor-General. The Auditor‑General should have the
authority to determine arrangements, including reporting arrangements to the
Parliament, to be followed in the conduct of these assurance engagements. |
