Transparency report 2022–23

The Queensland Audit Office (QAO) is not required to prepare this report, but we do so to promote confidence in the quality of our audits to parliament, our public sector clients, and the public. It demonstrates our commitment to transparency and our determination to continuously improve.

This is the fourth such report we have prepared, and it is consistent with improving the culture and accountability across government that Professor Coaldrake highlighted in his June 2022 report Let the sunshine in: Review of culture and accountability in the Queensland public sector.

Jurisdictional audit offices, such as QAO, are independent of our audit clients and of government. Our enabling legislation and frameworks prevent us from providing non-audit services to our clients and limit our client base to government entities. Our legislation also prohibits us, and our audit service providers (ASPs), from disclosing audit information except in very limited circumstances. This substantially reduces the inherent risk of conflicts of interest that arise when a firm:

• provides advice and then audits the results of that advice
• uses information obtained from audit clients to solicit non-audit work from those clients or from third parties.

We review the independence and integrity of our ASPs both prior to and throughout their contracts with us, and we supervise the audit work they do for us. They are prohibited from providing non-audit services to their QAO clients without our prior written approval, as outlined on page 18.

We continue to identify and respond to new and revised regulations, standards, and expectations. The 2022–23 financial year has been characterised by:

• the continued resourcing challenges of a highly competitive labour market
• accelerating our use of audit analytics to drive more efficient, effective, and consistent audit testing
• changes to the Auditor-General Act 2009 to further strengthen our independence   
• embedding new quality management requirements, including assessing our ASPs’ systems of quality management.

Our staff benefit from well designed and maintained public sector audit methodologies and technology. We had already adopted many aspects of revised auditing standards regarding evidence requirements when the standards became mandatory, which positioned us strongly to deliver our audits. 

Our most valuable asset is our highly skilled workforce. QAO takes pride in its training program, and we continue to adapt it. In 2022–23, we commenced redesigning our approach to learning and development. Auditors will have more control over their own learning and we will deliver training when staff need it, in ways they find easy to use and understand.

Statement on the effectiveness of our quality management system

I have evaluated our system of quality management (SoQM), and the results provide me with a reasonable basis to conclude that in accordance with:

• section 332B of the Corporations Act 2001, our SoQM functioned effectively in 2022–23
• ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements, our SoQM’s objectives, as described in this transparency report, are being achieved.

The audits we deliver are supported by an effective internal quality management system.

This report describes the quality management framework and the controls that enable our staff to perform audits in accordance with the Auditor-General Auditing Standards. Our staff are required to adopt the standards issued by the Australian Auditing and Assurance Standards Board to the extent they are consistent with the requirements of the Auditor-General Act 2009.

Brendan Worrall
Auditor-General

October 2023

We are the Queensland Parliament’s independent auditor for the public sector and local government entities, accountable to the parliament and the wider community. Our financial audits deliver opinions on the accuracy and reliability of entities’ financial statements. We also deliver performance audits, which examine whether public money is being used well and government is meeting the community’s expectations for service delivery.

This transparency report covers our audit quality program for the year ended 30 June 2023. Its content is guided by the Corporations Act 2001. The report explains our quality program and results, shows how we seek to improve our audit and assurance practices, and describes our system of quality management.

Our quality results and what we learnt

Our audit quality program monitors all financial audits, performance audits, and assurance reviews. The results support our conclusion that our system of quality management is functioning effectively.

Our 2022–23 quality program

	Each year, we review one audit from each of our engagement leaders (senior staff responsible for the audits) and a selection of partners from our ASPs. Our reviewers are experienced auditors who are independent from the audit being reviewed.
	We undertook 27 closed file (post-audit) and 15 open file quality reviews. We also reviewed 9 of our ASPs’ systems of quality management.
	89 per cent of closed file reviews (24 of 27 files) had satisfactory results, with 2 files not meeting expected quality standards and one where we were unable to conclude. In our open file reviews of financial audits, 29 out of 34 targeted performance measures were met by a majority of files. We assessed that the ASP firms we reviewed have satisfactory systems of quality management in place.
	We work with our audit teams to identify and address the root causes of any significant negative findings from our quality program. This includes targeted training for individuals or relevant levels, changing staff composition on an audit, improving audit guidance, and sharing quality results with audit teams to address common themes.

Our quality reviews informed us that, while we have improved from the prior year, we can still improve in the following areas:

• assigning appropriate inherent risk ratings to audit assertions to ensure we develop or align an appropriate audit response
• ensuring we perform tests of controls and tests of detail in accordance with our methodology
• appropriately testing significant judgements and assumptions in high-risk balances
• mentoring less experienced staff and reviewing their work in a timely manner.

Our quality frameworks

Our internal systems of quality management were maintained in 2022–23, having embedded practices after we implemented the new Australian quality standards on 15 December 2022.

We continue to improve our training, on-the-job learning frameworks, methodology, and guidance. We value skills and capability, and promote them with strong leadership and clear frameworks. While engagement leaders are responsible for quality on their audits, all our staff play a role in ensuring audit quality remains high. Our Quality Management Group, and the independent members of our Audit and Risk Management Committee and Audit Quality Sub-Committee, provide support and oversight.

Snapshot

Our annual investment in quality reviews of audit engagement files

Our annual investment in performing quality reviews is a significant component of our commitment to audit quality. The results inform us about:

• the quality of the audit engagements our staff and ASPs undertake
• the nature and cause of common findings, and where our audit quality is not meeting expectations.

In turn, this informs our learning and development programs and approaches, the support materials and guidance we give to auditors, and how we resource our work. While we have substantially implemented the actions we said we would from our prior year’s transparency report, we know we can always do better.

Our annual quality assurance plan identifies the engagement files selected for review. Our Quality Management Group and Audit Quality Sub-Committee endorse the plan, and the Auditor-General approves it. The file selection process is a matter of judgement, with an emphasis on:

• higher-risk or more complex engagements, or on those where quality issues have recently occurred
• coverage of all QAO engagement leaders and a selection of engaged partners from our ASP firms. All engaged partners from our ASPs are part of a rolling 3-year program.

A greater number of financial audit files are reviewed than performance audit files, reflecting the volume and size of our financial audits relative to our performance audits. Accordingly, it is not appropriate to extrapolate the results across the different types of audits we undertake.

Scope of our quality reviews

Our quality reviews assess whether the audits followed our methodology and were undertaken in accordance with the relevant standards. They are compliance reviews and do not second-guess the engagement leaders’ judgements. In performing a quality review, the independent reviewer determines whether the engagement team obtained and documented a sufficient and appropriate level of audit evidence to support its judgements, conclusions, and the audit opinion, guided by:

• the Auditor-General Auditing Standards (which incorporate the Australian auditing standards)
• other relevant statutory and regulatory frameworks that govern QAO and our clients
• QAO’s audit methodology, policies, and procedures.

The reviewer does not examine all audit workpapers in an engagement file. Specific areas of an engagement file that they may review include:

• significant (higher) risks of material misstatement, including key audit matters (if applicable) and areas of audit focus that engagement leaders report in their external audit plans
• areas of focus established in the annual quality assurance plan, which may include material classes of transactions, balances, and disclosures; specific types of audit procedures (such as substantive analytical procedures, tests of control, or tests of detail); and other areas covered in recent training
• evidence to support adequate, effective, and timely engagement leader and engagement manager input and review of key judgements and significant matters.­­­

Closed file (post-audit) quality reviews

100 per cent of in-house engagement leaders and a selection of engaged partners from our ASPs receive quality reviews each year. Quality reviews focus on whether the engagement team obtained and documented a sufficient and appropriate level of audit evidence to support the audit opinion in the prior year’s engagement file. Our 2022–23 inspection program included reviews of 27 completed financial and performance audit engagements from 2021-22 (2021-22: 30) from 2020–21. This includes 12 financial audits our ASPs performed (2021–22: 14).

Figure 1A summarises the results of our closed file reviews, which relate to audits performed in the previous year. Criteria for satisfactory and unsatisfactory ratings are explained in Appendix E.  We were unable to conclude one 2022 file due to file integrity issues, and a follow-up open file review is scheduled.

Source: Queensland Audit Office.

Common findings from the 2022–23 program Weaknesses mostly related to insufficient risk responses for areas with significant judgements and estimates, such as the valuation of property, plant and equipment, and the valuation of provisions. We also observed instances of tests of controls and tests of detail not performed in accordance with our methodologies or the engagement leader’s risk rating, resulting in insufficient audit work and evidence. The root causes of these findings were mainly attributed to insufficient and/or untimely supervision and review, including in relation to engagement quality reviews in performance audits, and the auditor’s lack of understanding of how to perform the work. The 2 unsatisfactory 2022 audits, and the one review we were unable to conclude on, were undertaken by ASPs in the local government sector. Actions we are taking to improve audit quality in 2023–23 communicate common quality assurance themes to engagement leaders and all other audit staff and ASPs evaluate significant quality themes and focus our 2023–24 open file review program and training on addressing them enhance the readability and application of our audit methodology, including reviewing our approach to sampling review and reduce the number of reporting lines for audit staff, to further encourage and support on-the-job learning and mentoring improve how we undertake on-the-job coaching and mentoring, and how staff evidence their competency in different areas of an audit provide more e-learning and just-in-time courses to provide knowledge to staff when they need it most.

Open file quality reviews

100 per cent of in-house engagement leaders, and audit service providers with previous significant audit quality weaknesses, have a current year engagement file reviewed before the audit is finished. This provides the audit team with real-time feedback about what aspects of the audit approach and documentation it needs to consider and address before it finishes the audit. In 2022–23, we conducted open file reviews on 15 financial audit engagements (2021–22: 16) and no performance audit engagements (2021–22: one).

Our review program for open file reviews differs each year, as we respond to changes in our audit methods and templates and consider emerging audit issues. Additionally, the same file is generally not reviewed each year. This means a comparison between years is not always meaningful.

Figure 1B shows the number of performance measures we assessed in 2022–23 (34) and 2021–22 (33), divided into whether each measure was achieved by a high (80–100 per cent), moderate (50–79 per cent), or low (zero–49 per cent) number of files. Pleasingly, we had a decrease in the number of performance measures with low compliance, though these will still be a focus point for training and guidance material.

Source: Queensland Audit Office.

Common opportunities to improve audit quality Where a control approach is adopted, consistently identify all key controls for relevant assertions at risk that require testing. Improve consistency in audit approaches by referring to our library of common inherent risks when conducting risk assessments. Align risk response programs with risk assessments at the completion of planning, to ensure planned responses are executed at subsequent stages of the audit. Review all key planning documents in a timelier manner.

What are we doing to improve and maintain audit quality?

Quality assurance findings inform our improvement actions We undertake root cause analysis for all significant quality issues. These results, and the results of our quality reviews, inform us about areas we need to invest in to support and improve the capability of audit staff. Our 2023–24 training program will continue to focus on: better practice examples of using standardised workpapers in our audits the decision-making process when applying tests of controls assigning inherent risk ratings to audit assertions sample testing complex and high-risk balances. During the year, we introduced ‘catch-up’ days to reduce the amount of carry-over work staff take to other jobs, and provide time to invest in coaching staff and reviewing work. We have revised our approach to resourcing jobs to reduce the number of reporting lines to encourage better coaching and mentoring. The 2023–24 year will be the first year with this new approach.

Monitoring our indicators of audit quality Several measures indicate levels of audit quality and provide us with insights to help us adjust our practices and provide targeted training at the right time to the right people. The Australasian Council of Auditors-General (ACAG) includes measures in its annual benchmarking survey, providing comparable information for audit offices across Australia.   We use an established set of 11 measures to better monitor our performance and drive overall improvement in audit quality. Seven of these are derived from the ACAG survey. These audit quality indicators are shown in Appendix G.

Developing our existing practices to ensure audit quality We are implementing changes in 2023–24 following feedback from engagement leaders and ASPs who are under review, and from members of QAO’s governance committees that monitor audit quality. They are: redesigning how we teach and coach staff by improving the delivery methods of content and on-the-job learning rewarding in-house engagement leaders for 2 satisfactory closed file reviews by allowing them to miss a review in the third year expanding the quality assurance program to assess how efficiently and effectively teams are using new analytical solutions on their audits reviewing and updating our templates to make expectations clear, while supporting teams in making professional judgements.

Performing our first formal evaluation of our quality management system New Australia-wide quality management standards (ASQM 1 and 2) took effect on 15 December 2022. ASQM 1 requires systems of quality management to be designed, implemented, and operated, with firms identifying their quality objectives and the risks to achieving those objectives. We implemented all necessary changes to our audit quality framework to comply with ASQM 1 and 2 from their effective date, and have formally evaluated our system of quality management. Our evaluation is discussed in chapter 3.

Reviewing our audit service providers’ systems of quality management

We assess how our ASPs ensure they comply with the quality management standards expected of audit firms in Australia. We call these ‘firm reviews’. We performed these reviews in accordance with Auditing Standard ASQM 1 (effective from 15 December 2022). ASQM 1 sets standards for a firm’s system of quality management. It outlines a series of quality objectives that audit firms need to adopt, and requires firms to assess the risk of failing to achieve the quality objectives. Firms then need to develop treatment plans to address those risks.

In 2021–22 and earlier years, these reviews were performed against Auditing Standard ASQC 1 and the Accounting Professional and Ethical Standards Board’s APES 320 Quality Control for Firms. ASQC 1 was superseded by ASQM 1.

In 2022–23, we undertook detailed reviews into 6 firms’ systems of quality management as part of a rolling monitoring program. We undertook high-level reviews of 3 other firms that perform audits on our behalf.

We assessed that all firms reviewed have satisfactory systems of quality management in place.

Acquitting the commitments we made last year

Figure 1C provides an acquittal of the commitments we made in our 2021–22 transparency report.

Embedding a new quality management approach

A new quality management standard came into effect from 15 December 2022 and applies to all Australian firms and jurisdictional audit offices. The new approach requires us to identify and respond to risks to audit quality. In our last transparency report, we spoke about what we had done and were doing to implement a new quality management approach.

Since that time, we have:

	run further information and training sessions for staff to explain our approach and their role in maintaining our quality management system
	made minor improvements to our root cause analysis procedures, based on feedback from stakeholders
	reviewed the roles and responsibilities in executing audits undertaken by our ASPs
	reviewed a sample of our ASPs in 2022–23 to ensure that their systems of quality management were also compliant with ASQM 1 from the implementation date
	formally evaluated our system of quality management, and will do so annually.

ASQM 1 requires audit firms to design, implement, and operate a system of quality management that addresses the following 8 components:

This chapter describes these components of our system of quality management and concludes on its effectiveness. 

Our risk assessment process

We promote a culture of quality, risk awareness, and consultation. Risk discussions are a standing agenda item at monthly Executive Management Group (EMG) meetings and quarterly audit and risk committee meetings. Each quarter, we review our risks to determine if they still exist, if we have captured all relevant risks, and our approach to managing them.

In accordance with ASQM 1, we apply a risk-based approach in designing, implementing, and operating the components of our system of quality management, including:

• establishing quality objectives specified by ASQM 1
• assessing whether we need to establish any additional objectives to achieve the objectives of our system of quality management. Our evaluation has not identified the need to establish additional quality objectives
• identifying and assessing risks to the achievement of the quality objectives (‘quality risks’)
• designing and implementing responses to address the quality risks, including controls or treatments in place to prevent occurrences and/or minimise consequences.

In applying this approach, we consider:

• our role as Queensland’s independent public sector auditor
• the nature and circumstances of the engagements we perform.

To reduce audit quality risk, we promote a culture of learning from our quality findings. We summarise the common themes from our quality reviews and discuss them with our audit teams and ASPs. We update our methodologies, toolsets, and training materials annually, after considering the themes and any further root cause analysis. Experienced staff, who are independent of the engagement, perform the quality reviews.

The performance measures against which our staff are monitored include audit quality. We evaluate all audit staff annually for demonstrating a strong commitment to audit quality and risk management, excellence in client service, development of junior staff, and contribution to broader audit quality initiatives.

Governance and leadership

The Auditor-General Act 2009 states that the Auditor-General is responsible for all audit work undertaken. The EMG, comprising the Auditor-General and Assistant Auditors-General (AAGs), assumes operational responsibility for our system of quality management.

Our quality management structure is outlined in Figure 2A.

Governance and oversight bodies

Several committees have risk and quality responsibilities for overseeing and influencing our quality outcomes. Our annual report lists the names of external members, and the frequency and attendance of committee meetings. The annual report is available here.

The Audit and Risk Management Committee (ARMC) is an independent advisory committee to the Auditor-General, comprising 3 external members, 2 of whom have extensive audit experience in major audit practices. The ARMC provides effective oversight of risk, control, compliance frameworks, and fiscal responsibilities underpinning our corporate governance. As per the annual plan, it met 4 times in 2022–23.

The Audit Quality Sub-Committee of the ARMC provides external advice, guidance, and challenge regarding our audit quality activities. The sub-committee has 3 external members, all of whom have extensive experience in audit and audit quality practices. The sub-committee has access to all relevant information about the application of our audit quality framework and the processes that underpin it, including our quality assurance program. The sub-committee gives objective feedback and advice on how we can continue to improve the quality of our audits.

The Quality Management Group consists of 3 AAGs. The group meets quarterly to oversee completion of the quality assurance plan, consider quality findings, advise on any disputed findings, and determine appropriate action plans.

Complex financial accounting and audit issues are considered by the Technical Issues Panel. This committee includes members of the EMG and is supported by the Senior Director–Audit Practice and the Director–Technical. Members discuss issues before approval by the Assistant Auditor-General–Audit Practice. We consider actions arising from the committee’s views in our quality program and incorporate them into our training programs.

The Modified Opinions Panel reviews proposed audit qualifications, emphases of matter, and key audit matters. The panel also assesses complex material prior period errors reported in client financial statements. Its assessment includes reviewing a root cause analysis of why the prior period error occurred. This panel consists of all Client Services AAGs and the Audit Practice AAG, and is supported by the Senior Director–Audit Practice. Qualifications raised on significant public sector entities are escalated to the Auditor-General for approval.

Further information about our commitment to audit quality is outlined in Appendix A.

Leadership responsibilities for quality

The EMG is responsible for improvements to the quality assurance framework. The Assistant Auditor‑General–Audit Practice is responsible for implementing enhancements to our quality management framework and monitoring against policies and procedures.

Strong leadership and management are critical to audit quality. The EMG sets the tone for this and communicates our commitment to quality. It promotes an internal culture of integrity, independence, and professionalism, and recognises that quality is essential in performing engagements and issuing appropriate reports.

As audit engagement leaders, senior directors and directors are accountable and responsible for individual audit file quality. We appoint staff to these roles based on their audit experience and demonstrated audit ability. They are required to show they understand our policies, procedures, and appropriate quality management. We assess and evaluate the competencies of senior directors and directors regularly, in line with our performance management framework.

We appoint engagement quality reviewers (EQRs) to all high-risk or complex financial audits, assurance reviews, and performance audits. AAGs and, in limited circumstances, senior directors, act as EQRs. An engagement quality review is an objective evaluation of the significant judgements made by the engagement team and the conclusions reached thereon. The review by EQRs is performed in the context of auditing standards and applicable legal and regulatory requirements. They review the identified significant risks and audit responses, including key audit matters and areas of judgement and estimation. They also challenge our engagement leaders to ensure that all significant risks are identified and appropriately assessed. They review written communication to those charged with governance at the client. They also coach and mentor the engagement leader.

Our ASPs have established quality frameworks that ensure they comply with professional requirements and our quality expectations. We regularly review the application of their frameworks. Professional bodies and regulators also assess their quality frameworks and audit files. QAO managers have oversight of the work our ASPs perform. They regularly engage with them to monitor audit progression, stakeholder relationships, and emerging audit issues.

Relevant ethical requirements

We regularly communicate our expectations about audit quality, independence, objectivity, and professional scepticism at our team meetings and through our internal policies. We discuss these matters with our ASPs formally via our twice-yearly workshops. Our expectations of our ASPs are also managed through our contract managers and our firm quality assurance reviews, and in procuring ASPs for individual audits.

Our culture is expressed by our 4 core values, which set our expectations for performance and behaviour. These values enable us to achieve our vision for better public services through the delivery of audits. We regularly reflect on our culture and ensure our staff are living our values. The values are part of our performance discussions at the individual and team level, regardless of whether the team is an in-house or ASP team.

Our independence practices

The Auditor-General Act 2009 promotes the independence of the Auditor-General. This is demonstrated in both the conduct of our audits and in our reporting on them. However, our Act, and the independence of the Auditor-General, can be further strengthened. Professor Coaldrake made a series of recommendations to strengthen the Auditor-General’s independence in his June 2022 report Let the Sunshine in: Review of culture and accountability in the public sector.

One of the recommendations was to recognise the Auditor-General as an officer of the Queensland Parliament. This occurred on 1 March 2023, when amendments to the Auditor-General Act 2009 took effect. These amendments also required the Auditor-General to make an oath or affirmation of office before the Speaker. This occurred on 8 March 2023, further strengthening our independence from executive government.

Another recommendation was to require QAO staff to be employed under the Auditor-General Act 2009, not Queensland’s Public Sector Act 2022. This change improves our independence, as it separates QAO from the executive government and direction by the Public Sector Commission. The legislation has been passed and will likely become effective in December 2023. We are currently consulting with staff on the change.

Further changes to the Auditor-General Act 2009 are currently before the Queensland Parliament, in the form of the Integrity and Other Legislation Amendment Bill 2023, and were considered by the Economics and Governance Committee. They relate to strengthening the independence of the Auditor-General by involving our parliamentary oversight committee in:

• the appointment of the Auditor-General and setting the terms and conditions of employment
• the appointment of strategic reviewers and the scope of the 5-yearly review of the QAO
• the development of QAO’s annual budget and enhancing the transparency of the process.

The Auditor-General provided a written submission on the Bill to the Economics and Governance Committee. The submission stated that, while many aspects were positive steps forward, more could be done to implement Professor Coaldrake’s recommendations to improve the Auditor-General’s independence. The Economics and Governance Committee has recommended that the Bill be passed by parliament.

Independence standards

As an audit practice, we apply standards requiring independence, as issued by the Australian Auditing and Assurance Standards Board. These standards require auditors to establish policies and procedures designed to provide reasonable assurance that QAO maintains independence where required by relevant ethical requirements, laws, and regulation. It applies to QAO personnel and to others who are subject to independence requirements. These expectations are outlined in the Auditor-General Auditing Standards, which we revised and tabled in parliament in February 2023.

Our policies and procedures enable us to:

• communicate our independence requirements to our staff (including our ASPs)
• identify threats to independence, evaluate whether the identified threats are at an acceptable level and, if not, address them – by eliminating the circumstances that create the threats and applying safeguards to reduce threats to an acceptable level
• ensure we are notified of breaches of independence requirements, and take appropriate actions to resolve those breaches
• obtain annual written confirmation of compliance with policies and procedures on independence from all personnel who are required to be independent by relevant ethical requirements and applicable legal and regulatory requirements. 

Independence practices

The Auditor-General is required to provide a declaration of interests to the Speaker of the Queensland Parliament.

Under the Public Sector Commission’s policy Declaration of Interests – Senior Executive Service and Equivalent Employees including Statutory Office Holders, our AAGs and senior directors are required to submit an annual declaration of interests to the Auditor-General. These officers are responsible for fully disclosing their interests that may have a bearing, or be perceived to have a bearing, on their ability to discharge the duties of their office properly and impartially. In 2022–23, all declarations were received and assessed.

Our commitment to independence is reinforced through comprehensive independence policies, procedures, and monitoring.

All staff are required to demonstrate objectivity, integrity, and professional behaviour. We have independence policies and procedures to ensure compliance with professional standards, regulations, and ethical conduct. These apply equally to the Auditor-General.

The engagement leader is responsible for ensuring all staff involved in an audit engagement demonstrate independence of mind and independence of appearance throughout the audit. We monitor and consider familiarity threats when assigning QAO staff to audits.

Rotation of key audit staff helps provide a fresh perspective and reduces familiarity and self-interest threats to independence. We maintain a database that tracks auditor involvement on engagements to facilitate succession planning, monitor compliance with rotation requirements, and provide a seamless experience for our clients.

Where an actual or potential conflict of interest is identified, the engagement leader must propose how QAO will manage the issue. The Assistant Auditor-General–Audit Practice reviews and endorses proposals, and they are monitored by the Quality Management Group.

QAO maintains a register that records any gifts or benefits received as part of official duties. This is published online to avoid any perception of conflicts of interest or inappropriate influence.

Audit and assurance engagements – audit service providers

The independence and integrity of audit firms and their key personnel are key considerations in the selection of our ASPs. We review their independence before contracting them to undertake audits on our behalf, and review their independence yearly. We also do not allow our ASPs to provide non-audit services to their QAO clients without prior written approval from the Auditor-General or Assistant Auditor‑General–Audit Practice. Before granting the approval, we consider:

• the independence requirements of the Accounting Professional and Ethical Standards Board’s ethics standard APES 110
• whether it is likely the Auditor-General would undertake an assurance audit related to the non‑assurance service
• the perception of a lack of audit independence if we grant approval for the non-assurance service.

We approved 4 requests from our ASPs to undertake non-assurance services on their QAO clients in 2022–23. The services related to non-finance-related IT systems implementations, and advice on policy and procedures.

Acceptance and continuance of client relationships and specific engagements

We manage all engagements in accordance with a comprehensive framework of policies, procedures, and guidance.

The Auditor-General Act 2009 mandates that the Auditor-General undertakes financial audits of all Queensland public sector entities, including local governments and their controlled entities.

We do not have the right to decline these clients or discontinue these client relationships. We have developed approaches to manage this risk. We maintain an engagement risk register that captures all high- and moderate-risk clients, and most of our low-risk clients. The register addresses 6 key aspects of the client relationship. This information helps us with determining our resource mix, whether we assign an engagement quality reviewer to the audit, and whether we outsource the audit to a service provider. Engagement leaders update the register yearly, and the Senior Director–Audit Practice reviews it.

We have established a staff rotation policy to manage threats to undertaking a continuous audit. For example, most audit staff are unable to work on an audit for more than 5 years, and most engagement leaders rotate after 7 years. The rotation policy primarily addresses the threat of familiarity but also helps minimise other threats to delivering an independent audit.

Forward work plan

Each year, we develop a 3-year forward work plan that considers the strategic risks facing public sector entities and local governments. We identify the strategic risks by:

• scanning the environment that public sector entities and local governments operate in
• understanding the challenges in public sector administration
• consulting widely with stakeholders to identify and understand their concerns
• examining entities’ operations and performance
• analysing the results of our annual financial audits
• analysing the requests for audits we receive from members of the public, elected representatives, public sector employees, and other integrity offices.

Our environmental scanning is rigorous and our consultation process comprehensive. This allows us to focus on what matters to parliament and the public sector. The Auditor-General has the discretion to either approve or discontinue the conduct of each engagement, and cannot be directed on which audits to undertaken or prioritise.

Through our plan, we provide transparency to parliament on the work we intend to perform and why we consider it important.

Engagement performance

We have prepared audit methodologies to guide the work we undertake in financial audits, assurance reviews, and performance audits.

Our risk-based audit methodologies have been developed to ensure compliance with the Auditor-General Auditing Standards (which comply with Australian auditing standards). They require us to develop an understanding of each client’s business and risks and apply this to the design and execution of our audits. We adapt our audit methodologies to developments in professional standards and to findings from quality reviews. Our quality reviews evaluate how well we have applied our methodology.

Documenting our audits

We document our audits electronically using a template, which each audit team customises to address its risks and approach. The template enables planning, performance, documentation, and review of our work in accordance with auditing standards and professional, regulatory, and legal obligations. It also ensures we structure our audits to comply with the Auditor-General Auditing Standards and our methodology and guidance. We have prepared better practice files to guide staff in the level of audit documentation that is expected. This year, we began updating our financial audit better practice files to demonstrate more efficient early close procedures (bringing forward work to before the end of the financial year). We also developed a new performance audit file.

Delivering audits efficiently and effectively

2022–23 saw significant progress on our project to redesign the way we develop audit analytical tools. These tools aim to use clients’ data in a smarter way to allow audit teams to be more targeted and quicker in their work, while maintaining audit quality. This year, we launched a new model that puts our Client Services team in control of developing new analytical tools. We have launched 8 new tools since this program began last year, and developed support material for existing and new tools. We have also made it easier for teams to see what tools are available for their audit, and improved how we manage support requests.

At the end of 2022–23, we provided our auditors with an advanced analytical tool to document their walk‑throughs of processes, tests of controls, tests of detail, and analysis of financial statements. The tool uses optical character recognition to quickly highlight information, populate our worksheets, and compare versions of financial statements. Some of our auditors used the tool for the first time on their final audits for 2022–23, and we will analyse the results to determine if we are receiving the efficiency we expect, while maintaining audit quality.

Our technology platforms that host and deliver our tools are also being modernised to ensure they are secure and fit for our purposes. This program will run into late 2024.

Performance audits

This year, we updated our performance audit methodology, focusing on:

• planning processes
• client deliverables
• assessment of material matters
• quality assurance processes.

Financial audits

Australian Auditing Standard 315 Identifying and Assessing the Risks of Material Misstatement was revised and commenced last audit year. We updated our audit methodology to include the revised standard when we implemented our current audit documentation tool, and therefore were already compliant. We updated our approach to planning small audits, and our expectations for when to involve IT audit specialists in assessing IT risks and testing IT general controls and IT application controls.

Audit service providers

The audit methodology and quality assurance systems our ASPs adopt for contracted audits must benchmark favourably with QAO’s system of quality management. We assess these when we register a new firm and as part of our regular firm reviews. We took on no new firms in 2022–23.

Investigations

We investigate matters that other integrity agencies, elected officials, and the community refer to us. We have policies and detailed procedures to ensure consistency in undertaking these investigations. We have dedicated staff who address these requests and work with our audit teams to achieve efficiency. Our fact sheet on Requests for audits explains how we undertake these investigations.

Resources

To deliver high-quality audits, we must appoint and train people who can apply their experience, values, and professional judgement to support the conclusions in our audit reports.

We maintain a competent workforce, able to deliver outstanding service and quality to our clients. To do this, we have developed a detailed understanding of the skills and capabilities that individuals require at certain points in their career, and a structured approach to learning and development.

Skill and competency expectations

Our policy requires that sufficient personnel with the technical competence necessary for the work are appointed to each engagement. All financial audit managers and engagement leaders are required to have CPA/CA ANZ qualifications. We encourage and support all financial, performance, and information systems auditors in completing postgraduate study, and we offer them paid study time and financial assistance towards course fees and membership fees. Our information systems auditors are either qualified as Certified Information Systems Auditors or Certified Information Systems Security Professionals, or committed to working towards these certifications. We also encourage our engagement leaders and AAGs to complete the Australian Institute of Company Directors’ (AICD) company directors course.

Financial audit engagement leaders hold qualifications, skills, and experience equivalent to the Australian Securities and Investments Commission’s requirements to be a registered company auditor. The ASPs we engage are registered company auditors.

Audit teams incorporate specialist skills based on the audit risks and complexity. The teams are led by an engagement leader, who is responsible for the delivery of our audits. Engagement leaders determine the necessary extent of direction, supervision, and review of junior staff in accordance with the Australian auditing standards and our policies and guidance materials.

Training outcomes

All our staff are assessed for technical competence, work experience, and training throughout their engagements. Their capabilities, competence, development, and performance evaluations are managed in accordance with QAO technical competency frameworks and policies.

This audit year, we have refreshed our approach to learning and development by putting staff at the centre of their learning and development, through improving their on-the-job learning, and providing more flexibility in attending classroom-based sessions.

We have commenced developing more training that is just-in-time and self-paced, lessening the need for 2 dedicated training blocks each year. We have provided additional training to our managers and engagement leaders on coaching, mentoring, and having courageous conversations, equipping them with skills to provide better on-the-job coaching and mentoring.

The technical and non-technical courses reflect the competency frameworks and are intended to:

• provide staff with the right skills at the right time to deliver quality outcomes for clients – and rewarding career experiences for our people
• keep staff at the forefront of new developments in the accounting, auditing, and regulatory environment
• embed quality and risk appetite within our culture and leadership.

In 2022–23, we provided 8,956 hours of formal in-house training to auditors (2021–22: 9,614 hours). This averages to 61 hours per auditor (2021–22: 70 hours per auditor) on a full-time equivalent (FTE) basis. The higher hours in 2021–22 mainly reflected staff catching up on training opportunities missed in 2020–21 as a result of the COVID-19 pandemic.

We provided an average of 61 hours of formal in-house training per auditor.

We expect our audit professionals to maintain their professional memberships and participate in a minimum of 20 hours of continuing professional development (CPD) annually, and 120 hours in every 3‑year period. Our ASPs are members of professional bodies and have the same CPD expectations. Since 2018, QAO has partnered with CPA Australia in its Recognised Employer Program, joining a select group of organisations providing employees with the highest standard in professional development and support.

The training is based on the technical competencies required for each audit role and encompasses:

• current changes to either auditing or accounting standards
• specific areas of audit focus identified from internal or external sources
• internal quality assurance program observations
• using data analytics tools and tailoring them to client operations
• audit methodology, or transformation initiatives.

Graduate support

We have a comprehensive graduate program that builds technical and soft skills. Our graduates receive hands-on experience and extensive training. Mentors are assigned to support each graduate, and we hold monthly graduate forums to ensure that professional development occurs in their critical first year.

We are extending the graduate program to cover the auditors’ second and third years, and will be piloting the program with the current group of graduates. The extended program aims to provide a higher level of support as graduates build their skills and experiences through career development advice; networking, to learn from each other; and a focus on audit diversity, to build a breadth of experience.

On-the-job learning

In addition to the 8,956 hours of formal in-house training, a lot of learning takes place on the job – in fact, most of it does. Senior staff provide less experienced staff with coaching and mentoring. Performance evaluations are done throughout the year and provide an opportunity to deliver feedback to staff about audit quality and to offer further development opportunities. Staff are encouraged to complete targeted training for identified gaps.

We have revised our platform for documenting performance conversations, and it will undergo a deeper refresh next audit year. This will allow us to better document on-the-job performance, competencies, development needs, and achievements, to assist the auditors with positioning themselves for promotional opportunities.

Experience

We match the experience and skills of our engagement leaders to our clients’ industries and associated risks. We also aim to give staff new experiences to complement their existing skill sets.

We identify people with the right skills and experience to deliver on our quality commitments. Our resourcing team forecasts our people requirements and ensures we have sufficient resources available. We run a yearly graduate recruitment program and offer a mid-year and end-of-year intake. We also run targeted recruitment campaigns for staff with different levels of experience, supplemented by a continuous recruitment approach. This aims to recruit talented staff when they are available.

We monitor our audit and assurance staff profile, showing that we have sufficient senior staff involvement in our audits, as shown in the following staff headcount table and reflected in related audit quality indicators in Appendix G.

Note: *excludes staff on long-term leave and vacancies for engagement leaders and engagement managers.
¹ One AAG position was vacant at 30 June 2022.

Our ASPs are engaged under competitive tender processes. We assess the experience and skills of engagement partners and key team members as part of our assessment of their suitability to conduct audits on our behalf.

Using audit service providers to deliver audits

We use ASPs to deliver a significant component of our work. They delivered 42 per cent of our audit program in 2022–23. We engage ASPs to smooth our workload across the year to maintain quality and minimise costs, leverage their regional knowledge, or access specialist resources we do not have internally.

We prequalify ASPs to ensure they have the required experience and qualifications, to manage our risk to audit quality, and to manage our obligations under APES and ASQM 1.

To be eligible to undertake audits on our behalf, we require the ASPs to:

• be registered company auditors (RCA) with the Australian Securities and Investments Commission (ASIC)
• be a current member of CPA Australia or Chartered Accountants Australia New Zealand (CA ANZ)
• be authorised to sign financial statements on behalf of their firm
• be part of a firm with at least one other RCA, and their firm has a system of quality management that complies with ASQM 1
• be part of a firm that has recent public sector financial audit experience (within the last 2 years)
• have passed a criminal history check
• be part of a firm that complies with the Queensland Government supplier code of conduct and ethical supplier threshold policy.

A QAO director and manager work closely with each ASP to manage the audit delivery. They review client correspondence, engage on significant risk matters, and oversee the delivery of the audit in accordance with the audit plan. The QAO staff also engage with the client to share sector-wide knowledge. The QAO director signs the independent audit report, and is ultimately responsible for the quality of the audit, in accordance with ASA 220 Quality Management for an Audit of a Financial Report and Other Historical Financial Information.

At the conclusion of the audit year, we provide feedback to each of our ASPs from our clients about the audit process and engagement. We also provide them with our observations on the quality of the audit. We agree an action plan with our ASPs to improve performance where it is needed and discuss how to continue doing the things that work. As a group, we discuss the aggregate client survey feedback with all of our ASPs to help improve performance.

We improved how we get 360 degree feedback on our services and performance. We survey our ASPs on how they find working with QAO. This helps us to help our ASPs deliver quality audits.

Information and communication

Communicating effectively within the Queensland Audit Office

‘Engage’ is one of our 4 core values, and effective communication across our business is fundamental to achieving our OneQAO ethos and delivering on our vision of better public services. 

We have established procedures and practices to identify, capture, process, maintain, and communicate information throughout QAO. These procedures are supported by IT applications that provide accurate, complete, and timely information that supports decisions regarding QAO’s system of quality management. 

Each staffing level, from graduates through to AAGs, has regular meetings to share experiences and solve problems together. Auditors working across common industries, such as the local government, health, education, ports, and electricity industries, also meet to discuss planning approaches, testing outcomes, and responses to deliver the final phase of their audits. Our ASPs are invited to these forums and encouraged to participate.

Audit teams also use digital communication channels to informally share information and solve problems. This is an effective means to communicate when our audit teams are travelling across Queensland.

Digital records are maintained for all audit-related matters, using electronic audit software that allows engagement teams to share information with one another, the engagement quality reviewer, and those providing consultation. We have one source of truth for documenting our audits. Auditors are required to transfer all audit evidence and analysis from working sites into the audit file before the file is closed. This year we aimed for 15 days from the statutory reporting deadline, which is significantly less than the maximum 60 days outlined in the Australian standard on quality management.

Communicating effectively with stakeholders

Engaging with our stakeholders enables us to better align our business and audit practices with our stakeholders’ needs and expectations, helping to drive long-term benefits for QAO and the public sector. We have many stakeholders, but we primarily define them through who we serve:

• parliament
• state and local government entities.

We recognise that effective communication between audit teams, client management teams, audit committees, and boards is critical to excellence in reporting. Our communication covers the scope of audits, any threats to independence or objectivity, risk assessments, significant findings, and judgements. Our reports are structured to communicate clear and concise messages and allow readers to quickly understand key findings.

We regularly report the progress of audits and our findings to those charged with governance, including management and audit committees. We do this through informal meetings and through formal presentations of our external audit plans, progress updates, and management letters explaining our findings.

Those charged with governance can provide a positive influence on the quality of an audit by demonstrating an active interest in the auditor's work and acting when they do not consider that appropriate quality has been provided.

We also report publicly to parliament on the results of all our audits and on the most significant audit issues we identify. Our reporting includes providing parliament with an update on how entities are progressing with implementing our recommendations. This helps highlight whether control weaknesses still exist or performance gaps are not fully resolved.

The monitoring and remediation process

Our system of quality management identifies our quality objectives and assesses threats and risks to us achieving them. It includes key controls and any additional controls being implemented to reduce the risk to an acceptable level.

We have a senior manager dedicated to managing QAO’s risk process. That risk manager meets quarterly with our risk owners to ensure the risk register is complete, risks are accurately documented, and controls continue to operate effectively. The risk register includes strategic and operational risks across our audits and the operations of QAO.

The senior manager reports to the EMG quarterly and at each ARMC meeting on:

• changes in risk
• risk treatments
• where risks fall outside of our appetite or tolerances.

Where the residual risk falls outside of our appetite or tolerance, the EMG discusses mitigating actions, including a remediation plan.

Separately, the Senior Director–Audit Practice provides a status update on the progress of the quality assurance plan to the monthly EMG, quarterly Quality Management Group (QMG), and biannual Audit Quality Sub-Committee (AQSC) meetings. The QMG actively oversees the quality function and meets quarterly, and as needed, to review quality findings and moderate review outcomes. At the conclusion of the annual cycle, the senior director provides a final report summarising all quality assurance activity for the year to the EMG and QMG.

Improvement opportunities

We report improvement opportunities identified from the quality assurance reviews to the EMG, QMG, ARMC, and AQSC at the completion of each review cycle.

We report more frequently on the root cause analysis for material policy breaches, material prior period errors in financial statements, and unsatisfactory quality assurance reviews. The reporting includes proposed remediation, issues identified during the root cause analysis, and responses to new and changing risks.

The themes of the open review and closed review programs and root cause analysis (where appropriate), together with improvement recommendations, are shared with all audit staff. Teams are required to acquit in their audit files how they have addressed the findings and recommendations.

Review team, milestones, and duration of audit quality program

The Assistant Auditor-General–Audit Practice is accountable for the quality review program and for quality assurance, and active oversight of policies and procedures relating to quality assurance. They work closely with Client Services AAGs to share knowledge and provide advice on improvement opportunities arising from quality assurance activities. Client Services AAGs are accountable for the effectiveness of training programs and delivering on QAO’s learning and development plan. They also oversee the delivery of all audit services to all our clients.

We primarily use specialist contractors to deliver the quality review program. This helps us maintain the independence of the review function. Internal senior managers and directors assist in reviews of our ASPs’ files.

We develop an annual quality plan that establishes the files selected for:

• current (open) and post-audit (closed) reviews
• areas for deeper analysis
• the timing of quality reviews
• reporting milestones.

Each internal engagement leader is subject to one open and one closed file review each year. Reviews are completed in time for teams to undertake recommended improvement actions in their current year audit files.

Monitoring audit quality across our audits

Monitoring audit quality is an important aspect of identifying emerging risks and opportunities, and of ensuring standards are being adhered to and that staff are performing well.

We monitor a range of audit quality indicators that span our culture and values, independence, recruitment, employee performance assessment, audit allocation process, quality assurance, timely reporting, and interaction with stakeholders. We monitor both quantitative and qualitative measures, which are reviewed annually for continuing relevance. The measures are listed in Appendix G.

We have established technical support groups to provide in-depth and expert analysis of complex financial accounting and audit issues, reporting of key audit matters, and proposed audit qualifications. These groups meet throughout the audit year as required.

Managing audit quality on our audits

Managers and directors are provided with access to dashboards that help them identify risks to file progression and independence matters.

Our audit approach requires us to plan, supervise, and manage our audits so the work performed provides reasonable assurance they comply with our policies and methodologies. The engagement leader is responsible for:

• the overall management of staff and the audit process
• engagement quality throughout the audit
• ensuring engagement quality reviewers are promptly briefed on significant matters.

Engagement leaders are required to review all high-risk areas of their audits and to ensure that the audit manager or on-site team leader has performed a timely review of all audit working papers. We have a range of business intelligence reporting that helps engagement leaders to monitor the timely completion of audit phases. We continue to refine these reports to provide them with even more meaningful insights.

Our open file review program assesses the planning outcomes of each engagement leader’s higher-risk audits. We rotate which audits are reviewed to ensure good coverage of audits. The program is focused on ensuring the audit planning is in accordance with the Auditor-General Auditing Standards and whether appropriate risk response plans have been developed for public sector-specific matters.

The Auditor-General is assigned ultimate responsibility and accountability for QAO’s system of quality management (SoQM).

ASQM 1 requires this person to evaluate, on behalf of QAO, its SoQM. The evaluation shall be undertaken as of a point in time, and performed at least annually. The Corporations Act 2001, via the annual transparency reporting processes, requires the EMG to assess the effectiveness of the functioning of the internal quality control system.

The evaluation was undertaken as at 30 June 2023. It involved:

• reviewing our governance structure, policies, procedures, and guidelines for consistency and compliance with ASQM 1
• assessing the completeness and accuracy of our quality objectives, the risk to achieving them, and our risk treatments (controls)
• testing, on a sample basis, the effectiveness of our controls that address the identified risks.

We found that, while our SoQM is robust, we could improve how we:

• demonstrate our periodic ongoing review of the effectiveness of our quality controls
• plan to manage and replace our technology assets over the medium term
• identify and respond to our staff’s training needs.

We have determined responses to these improvement opportunities and expect to address them in full over the coming year.

While some audits had quality findings, the audit quality assurance program is effective in identifying audits at risk of quality issues and highlighting quality issues within files. The learnings are shared across the business and included in training programs.

Therefore, we concluded our SoQM provides us with reasonable assurance that:

• the objectives of the SoQM are being achieved
• the internal quality management system is effective.