Transparency report 2024–25

This report supports transparency about how we manage audit quality at the Queensland Audit Office. It outlines our approach to quality management practices and how we assess risks to audit quality. We report on areas of strength and where we can improve, supporting confidence in our work.

The Queensland Audit Office (QAO) is accountable to the Queensland Parliament as its independent auditor of all public sector and local government entities. We provide financial and performance audits, and report results and insights to parliament.

We apply the Auditor-General Auditing Standards and other relevant auditing standards to our work. We deliver more than just a financial or performance audit. Our work goes to the heart of delivering better public services; and focuses on value-for-money, probity and propriety of decision-making, and accountability to the public.

The transparency report covers our audit quality program for the year ended 30 June 2025. We choose to provide this report to:

• explain our quality program and results
• show how we seek to improve our audit and assurance practices
• describe our system of quality management.

The content of this transparency report is guided by the Corporations Act 2001 for auditors of listed entities. We have voluntarily adopted these requirements in the public sector to demonstrate and support transparency of our audit practices.

Transparency at a glance

Our system of quality management

Our system of quality management is designed to support consistent quality in all audits and assurance engagements. In line with ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (ASQM 1), we apply a risk-based approach to identify and address risks to achieving quality.

Our audit quality program monitors all financial audits, performance audits, and assurance reviews. The results support our conclusion that our system of quality management is functioning effectively. We perform reviews of systems of quality management, finalised engagement files and in-progress engagement file reviews, known as open file reviews.

The results of our monitoring include:

	Engagement file reviews – All 15 audits performed by in-house staff met our quality expectations, while 14 of 16 audits by audit service providers were satisfactory, with 2 requiring improvement and scheduled for further review in 2025–26.
	Open file reviews – We completed 16 open file reviews. For audits performed by in-house staff, there was an average compliance of 79 per cent across quality indicators. All audit service provider files reviewed were assessed as satisfactory with minor findings.
	Firm reviews – We assessed aspects of quality management systems at 14 audit service providers (ASPs). We found no significant issues at 13 ASPs, made improvement recommendations to most, and identified one firm requiring significant improvements in oversight and supervision.

Focus areas

Quality management is part of everything we do and reflects our commitment to delivering reliable and independent audits. It gives us confidence that our work supports better public services and sound financial management.

Through our quality reviews, we support our people to grow their professional skills and make informed judgements. By focusing on quality, we ensure trust in our reports and the advice we give to parliament and the public sector.

Our focus areas include:

	Accountability and governance – We continue to strengthen our systems and practices to support transparency, clear decision-making, and quality outcomes across all audit activities.
	Growing our staff – We continue to grow our staff by refining training, on-the-job learning, and methodology and guidance, while promoting skills and capability through strong leadership and clear frameworks.
	Commitment to quality – Engagement leaders and staff continue to meet high professional standards, demonstrating our commitment to quality. This includes providing them with contemporary, up-to-date methodologies, our teams applying it consistently and taking responsibility for the outcomes of each engagement.

Sustainability assurance engagements

Mandated sustainability reporting on climate-related disclosures comes into effect for the Queensland public sector’s larger government companies in 2025–26.

Entities within scope will be required to prepare a sustainability report that complies with Australian Sustainability Reporting Standards issued by the Australian Accounting Standards Board. They will also be required to obtain independent assurance of their climate-related financial disclosures.

QAO has been preparing to audit the new disclosures and reports by developing a specific sustainability methodology and training our staff. We have also worked with our in-scope clients to prepare for the first reports and audit process.

We will undertake quality reviews over sustainability audits as we provide them. This will support our continuous improvement.

Statement on the effectiveness of our system of quality management

The Australian Securities and Investments Commission (ASIC) Information Sheet 184 summarises the audit transparency report requirements under sections 322 to 332G of the Corporations Act 2001. These requirements do not apply to QAO. However, as a public sector equivalent of an audit firm, we choose to adopt them voluntarily where relevant and appropriate to our role.

I have evaluated our system of quality management, and the results provide me with reasonable assurance to conclude that:

• our system of quality management functioned effectively in 2024–25
• in accordance with ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements, we are achieving our quality management objectives, as described in this transparency report.

The audits we deliver are supported by an effective internal quality management system.

Rachel Vagg
Auditor-General

September 2025

Our system of quality management supports consistent quality in all audit and assurance engagements.

It is designed to meet the requirements of:

• ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (ASQM 1)
• ASQM 2 Engagement Quality Reviews (ASQM 2).

How we evaluate quality

We are committed to delivering audit quality and use our annual quality review program to assess audit engagements by our staff and audit service providers. The program helps us understand common findings and areas where quality does not meet expectations, and informs our learning, support materials, and resourcing.

Our annual quality assurance plan sets out the engagement files for review and key focus areas. We select files based on judgement, considering risk, complexity, and prior quality issues. We review more financial audit files than performance audit files due to their size and number. Due to our selection criteria, and our aim to not review the same file in consecutive years, it is not appropriate to extrapolate the results across audits or audit years. Our annual plan is endorsed by the Executive Leadership Team and approved by the Auditor-General.

Our quality results and what we learnt

Our audit quality program monitors all financial audits, performance audits, and assurance reviews. The results support our conclusion that our system of quality management is functioning effectively.

Engagement file reviews and open file reviews

The following table details the results of engagement reviews.

Evaluation of systems of quality management

ASQM 1 requires a risk-based approach to designing, implementing, and operating your system of quality management in a connected and coordinated way that supports proactive management of engagement quality. It also requires QAO to evaluate its system annually and conclude whether it provides reasonable assurance that quality objectives are met.

We found QAO’s system of quality management provided reasonable assurance it achieved its quality objectives. The evaluation confirmed that risks were managed appropriately, and the system was operating effectively.

Responding to audit quality findings

Compared to last year, we had a 34 per cent reduction in moderate and high-risk issues identified in our 31 engagement file reviews. Audits delivered by our audit service providers had 69 per cent of moderate and high-risk issues from these reviews, highlighting the need for more targeted support.

Most findings relate to appropriateness of the audit response, lack of sufficient documentation, limited supervision, and staff capability. These areas require continued focus to prevent repeat issues. These findings are most common in complex areas like property, plant and equipment; information systems; and revenue.

We performed a root cause analysis for the moderate and high-risk findings.

These findings can mostly be addressed through actions to improve individual engagement files, along with enhancing the mix of resources and capabilities on these engagements. The quality assurance team has focused one-on-one conversation with the engagement leader and team leader about the quality matters. The results of the root cause analysis are inputs into reviewing our training programs and audit work-program templates.

Strategic review of the Queensland Audit Office

A key accountability measure of the Queensland Audit Office is that an independent review of our organisation is conducted at least every 5 years. The Governor in Council appoints independent reviewers from outside our organisation and provides them with the terms of reference. The reviewers engage with us, our staff, our clients, and other key stakeholders to understand how well we are operating and fulfilling our mandate.

The last strategic review report, Strategic Review of the Queensland Audit Office 2023, tabled in parliament on 15 February 2024. It concluded that QAO’s functions are effective, efficient, economic, and valued. The review also identified opportunities for improvement. The review’s results and our response are published on our website at www.qao.qld.gov.au/about-us/external-reviews.

In our 2024–25 annual report, we discussed our progress in addressing the reviewers’ recommendations.

What are we doing to improve and maintain audit quality?

	Quality assurance findings inform our improvement actions We undertake root cause analysis for all significant quality issues, including material prior period errors. These results, and the results of our quality reviews, inform us about areas we need to invest in to support and improve the skills of our audit staff and audit service providers. Our 2025–26 training program will focus on: reinforcing the importance of supervision and timely review across all audit teams improving audit documentation quality for key areas like property, plant and equipment and information technology controls promoting consistent planning, risk assessment, and file completion practices supporting audit service providers with focused actions and ongoing feedback better estimating the required time to complete audit work, to reduce time pressure.
	Monitoring our indicators of audit quality We monitor audit quality using 11 key indicators. We use 7 indicators from the Australasian Council of Auditors-General (ACAG), which provide comparable information for audit offices across Australia. We monitor the measures throughout the audit year, either monthly, quarterly, or yearly. These measures help us track performance, guide targeted training and improvements, and inform our resource needs. This approach provides insights to adjust our practices and enhance audit outcomes. Details of the indicators are in Appendix B.
	Actions we are taking to improve audit quality in 2025–26 Based on the 2024–25 findings, we will deliver improvement actions to support our financial, performance, and assurance audits, and audit service providers. Key actions include: presenting engagement file reviews and root cause analysis findings to staff and audit service providers in audit update sessions updating training plans, templates, and methodology to address key issues delivering targeted QA workshops to audit service providers enhancing sector engagement and communication with audit service providers.

Our action on commitments from last year

Figure 1C provides an acquittal of the commitments we made in our 2023–24 transparency report.

Our system of quality management supports consistent quality in all audit and assurance engagements. This chapter describes the components of our system; Chapter 1 evaluates its effectiveness.

The Australian Standard on Quality Management (ASQM 1) requires audit firms to design, implement, operate, and regularly evaluate their system of quality management. A compliant system of quality management addresses the 8 components shown in Figure 2A.

Our risk assessment process

Our approach

In accordance with ASQM 1, we apply a risk-based approach in designing, implementing, and operating the components of our system of quality management, including:

1. establishing quality objectives specified by ASQM 1
2. assessing whether we need to establish any additional objectives to achieve the aims of our system of quality management
3. identifying and assessing risks to achieving the quality objectives (‘quality risks’). We review these risks regularly throughout the year
4. designing and implementing responses to address the quality risks, including controls or treatments in place to prevent occurrences and/or minimise consequences if a risk occurs.

In applying this approach, we consider the nature and circumstances of the engagements we perform and our role as Queensland’s independent public sector auditor.

Our culture of quality

We promote a culture of quality, risk awareness, and consultation. Quality and risk are regular agenda items at Executive Leadership Team meetings and Audit and Risk Management Committee meetings.

We undertake quarterly reviews to assess and adjust risk management. This ensures our approach to risk is contemporary with our operating environment.

Our culture encourages learning from quality review findings by sharing insights and updating methodologies and training annually. Performance assessments include audit quality, with staff evaluated annually on their commitment to quality, risk management, client service, mentoring, and contributions to audit quality initiatives.

The importance of quality to QAO was further reinforced by the re-titling of the Senior Director Audit Practice role to the Head of Quality.

Governance and leadership

Our structure is designed to support quality by providing clear leadership, defined roles, and effective oversight of our quality processes.

Our quality management structure is outlined in Figure 2B.

The Executive Leadership Team, which includes the Auditor-General, leads the system of quality management and is supported by committees and panels that offer guidance, review complex matters, and provide independent advice. This structure helps us apply a consistent approach to audit quality, support sound decisions, and respond to risks in a timely way.

Governance and oversight bodies

The Executive Leadership Team has responsibility for overseeing the quality assurance plan. They are supported by several committees which have responsibilities of overseeing our risk and audit quality outcomes. Our annual report lists the names of external members and the frequency and attendance of committee meetings. The annual report is available on our website: www.qao.qld.gov.au/about-us/our-annual-report-transparency-report.

Our committees and their responsibilities include:

• Audit and Risk Management Committee – Independent committee advising the Auditor-General. Provides oversight of risk, compliance, and governance. It includes 2 external members with strong backgrounds in audit, and one in information technology and cyber security. All 3 committee members are independent. The responsibilities of the former Audit Quality Subcommittee have been incorporated into the Audit and Risk Management Committee’s terms of reference.
• Quality Management Committee (QMC) – Reviews findings related to disputed matters and unsatisfactory engagement file reviews. It consists of the Deputy Auditor-General and the Auditor-General – Financial Audit. The former Quality Management Group had additional oversight responsibilities related to the quality assurance plan. These have been resumed by the Executive Leadership Team.
• Technical Issues and Major Transactions Panel – Reviews complex accounting and audit issues. It includes the Auditor-General, Deputy Auditor-General, Assistant Auditor-General – Financial Audit, and the Head of Quality. Technical specialists and engagement leaders have standing invites and lead the discussion on agenda items.
• Modified Opinions Panel – Reviews proposed audit modifications and key matters, and considers complex prior period errors. It escalates significant matters to the Auditor-General. It consists of the Deputy Auditor-General and the Assistant Auditor-General – Financial Audit.

Leadership responsibilities for quality

Strong leadership is key to maintaining and improving audit quality. Clear roles and responsibilities ensure accountability and support a consistent approach across the organisation.

These responsibilities are shared across key roles, including:

• Executive Leadership Team (ELT) – Oversees the quality assurance framework and promotes integrity, independence, and professionalism, setting the tone and commitment to quality.
• Head of Quality – Implements enhancements to the quality management system and monitors compliance with policies and procedures. Leads the development of the quality assurance plan, and implements it. Reviews and endorses all quality management outcomes.
• Engagement leaders – Senior directors and directors are our engagement leaders. They are accountable for the quality of individual engagements. They are appointed for their experience and skills, and regularly assessed against policies and performance frameworks.
• Engagement quality reviewers (EQRs) – Assigned to high-risk audits, they conduct reviews in accordance with Australian auditing standards. Our EQRs are senior directors or more senior staff with sufficient skills and experience. They are provided sufficient time to undertake this role.
• Audit service providers (ASPs) – Maintain quality frameworks that meet professional and QAO requirements. Their work is regularly reviewed and monitored for progress and emerging issues. They are responsible for the audit quality within their audit files.

Relevant ethical requirements

We regularly communicate our expectations about audit quality, independence, objectivity, and professional scepticism at our team meetings, community meetings, and through our internal policies. We discuss these expectations with our ASPs and reinforce them through contracts, our contract managers' oversight, and quality reviews.

Our culture is expressed by our 4 core values, which set our expectations for performance and behaviour. These values enable us to achieve our vision for better public services through the delivery of audits. We regularly reflect on our culture and ensure our staff are living our values. The values are part of our performance discussions at the individual and team level.

	Collaborating to achieve shared outcomes Listening to understand, and communicating clearly and openly Being balanced, objective and purposeful
	Appreciating and caring for others Sharing our knowledge and skills Recognising achievement
	Seeking and sharing better ways of doing things Embracing innovation and being progressive Encouraging and motivating others
	Taking responsibility and being accountable Ensuring our work is quality driven and acting with integrity Being action oriented and achieving results

Our training program includes ensuring that staff achieve the ethical education requirements set by the 2 key professional bodies – Chartered Accountants Australia and New Zealand (CA ANZ) and CPA Australia (CPA).

Our independence practices

In February 2024, parliament passed the Integrity and Other Legislation Amendment Act 2024, which introduced changes to the Auditor-General Act 2009. Many of these changes only took effect this year.

These changes increased the role of the parliamentary oversight committee in:

• appointing the Auditor-General (and terms and conditions of appointment)
• approving additional budget funding for QAO
• appointing strategic reviewers and determining the terms of reference for the 5-yearly review of QAO
• appointing the external auditor of QAO.

Other amendments included:

• clarifying the Auditor-General’s mandate for auditing public sector trusts
• providing for QAO’s annual report to be tabled in parliament by the chair of the parliamentary committee rather than the Premier.

Independence standards and practices

The Auditor-General Auditing Standards outline the independence standards that we apply. This includes those issued by the Australian Auditing and Assurance Standards Board, and the Accounting Professional and Ethical Standards Board. These standards apply to QAO staff and others subject to our independence requirements.

The Auditor-General and Deputy Auditor-General are required to provide a declaration of interests to the Speaker of the Queensland Parliament. The Auditor-General is appointed for a fixed 7-year term, and they cannot work in the public sector for 2 years after their term expires.

Our policies and procedures help us communicate independence requirements, identify and manage threats, respond to breaches, and obtain annual written confirmation of compliance from all personnel required to meet ethical and legal independence standards.

All staff are required to demonstrate objectivity, integrity, and professional behaviour. The engagement leader is responsible for ensuring all staff involved in an audit engagement demonstrate independence of mind and independence of appearance throughout the audit. We monitor and consider familiarity threats when assigning QAO staff to audits.

Rotation of key audit staff helps to provide a fresh perspective and reduces familiarity and self-interest threats to independence. We maintain a database that tracks auditor involvement on engagements to facilitate succession planning, monitor compliance with rotation requirements, and provide a seamless experience for our clients.

Where an actual or potential conflict of interest is identified, the engagement leader must propose how QAO will manage the issue. The Head of Quality reviews and endorses the proposal to the Deputy Auditor-General for approval. We consult the Queensland Integrity Commissioner where required.

We conducted an internal audit to assess the effectiveness of QAO’s independence and secondary employment processes. The review found both processes are well established and largely comply with requirements, with some areas for improvement in policy clarity, documentation and capturing information for decision-making.

QAO maintains a register that records gifts or benefits received as part of official duties. This is published online to avoid any perception of conflicts of interest or inappropriate influence.

Audit and assurance engagements – audit service providers

The independence and integrity of audit firms and their personnel are key considerations in the selection of our ASPs. We review their independence before contracting them to undertake audits on our behalf and review their independence yearly. We also do not allow our ASPs to provide non-audit services to their QAO clients without prior written approval from the Auditor-General or Deputy Auditor-General. Before granting the approval, we consider:

• the independence requirements of the Accounting Professional and Ethical Standards Board’s ethics standard APES 110
• whether it is likely the Auditor-General would undertake an assurance audit related to the non-assurance service
• the perception of a lack of audit independence if we grant approval for the non-assurance service.

Acceptance and continuance of client relationships and specific engagements

We manage all engagements in accordance with a framework of policies, procedures, and guidance.

The Auditor-General Act 2009 mandates that the Auditor-General undertakes financial audits of all Queensland public sector entities, including local governments and controlled entities.

We do not have the right to decline these clients or discontinue these client relationships. We have developed approaches to manage this risk. These include the following options:

• assigning an engagement quality reviewer
• restructuring the engagement team to ensure a better match of skills and experience
• outsourcing the audit or aspects of the audit if specialist skills are required
• rotating staff to manage threats to undertaking a continuous audit
• revising the audit program to address particular risks in the audit.

Forward work plan

Each year, we develop a 3-year forward work plan that considers the strategic risks facing public sector entities and local governments. We identify the strategic risks by:

• scanning the environment in which public sector entities and local governments operate
• understanding the challenges in public sector administration
• consulting widely with stakeholders to identify and understand their concerns
• examining entities’ operations and performance
• analysing the results of our annual financial audits
• analysing the requests for audits we receive from members of the public, elected representatives, public sector employees, and other integrity offices.

We focus on what we consider matters to parliament and the public sector. The Auditor-General cannot be directed about the priority given to audit matters or the way in which the audits are conducted.

Through our plan, we provide transparency to parliament on the work we intend to perform and why we consider it important. We also explain changes to our forward work plan to demonstrate independence in our decision-making.

Each year we receive requests from the public to undertake audits or reviews in matters that fall within our mandate that aren’t included in our forward work plan. We publish the requests we receive from local government councillors and members of parliament on our website. We also publish the Auditor-General’s response.

Engagement performance

We expect our engagement teams to understand and meet their responsibilities for each audit, including the engagement leader’s role in managing and achieving quality. Our engagement leaders apply appropriate direction, supervision, and review based on the nature of the audit and experience of team members. This helps ensure work is performed to a consistent standard.

We have prepared audit methodologies to guide the work we undertake in financial audits, assurance reviews, and performance audits.

Our risk-based audit methodologies have been developed and maintained to ensure compliance with the Auditor-General Auditing Standards (which incorporate the Australian auditing standards). They require us to develop an understanding of each client’s business and risks and apply this to the design and execution of our audits. We adapt our audit methodologies to developments in professional standards and to findings from quality reviews. Our quality reviews evaluate how well we have applied our methodologies.

Documenting our audits

We document our audits electronically using standardised templates, which each audit team customises to address each audit’s risks, complexity, and approach. The templates enable planning, performance, and documentation. They enable review of our work in accordance with auditing standards and professional, regulatory, and legal obligations. They also ensure we structure our audits to comply with the Auditor-General Auditing Standards and our methodology and guidance. We have prepared better practice files to guide staff in the expected level of audit documentation.

Delivering audits efficiently and effectively

We focus on delivering audits efficiently and effectively by applying consistent project management practices and monitoring progress throughout each engagement. Our audit teams use standardised tools, methodologies, and reporting templates to support quality and timeliness. We review key milestones and outcomes to ensure audits meet planned time frames and expectations.

We also engage with entities early to understand their operations and agree on audit timelines. This helps manage risks, avoid delays, and support effective communication.

We regularly assess our processes and look for ways to improve how we deliver audits across both financial and performance engagements.

Audit service providers

The audit methodology and quality assurance systems our ASPs adopt for QAO-contracted audits must benchmark favourably with QAO’s methodology and system of quality management. We assess these when we register a new firm and as part of our regular firm reviews.

Investigations

We may investigate matters that other integrity agencies, elected officials, and the community refer to us. We have policies and detailed procedures to ensure consistency in undertaking these investigations. We have dedicated staff who address these requests and work with our audit teams to achieve efficiency. Our fact sheet on Requests for audits explains how we undertake these investigations.

Resources

To deliver high-quality audits, we must appoint and train people who can apply their experience, values, and professional judgement to support the conclusions in our audit reports.

We maintain a competent workforce, able to deliver outstanding service and quality to our clients. To do this, we have developed a detailed understanding of the skills and capabilities that individuals require at certain points in their careers and a structured approach to learning and development.

Skill and competency expectations

Our policy requires that sufficient personnel with the technical competence necessary for the work are appointed to each engagement.

Audit teams incorporate specialist skills based on the audit risks and complexity. The teams are led by an engagement leader, who is responsible for the delivery of our audits. Engagement leaders determine the necessary extent of direction, supervision, and review of junior staff in accordance with the Australian auditing standards, our policies, and guidance materials.

We encourage and support all financial, performance, and information systems auditors to complete postgraduate study, and we offer them paid study time and financial assistance towards course fees and membership fees.

All financial audit managers and engagement leaders are required to have CA ANZ or CPA qualifications, or equivalent.

Our information systems auditors are either qualified as Certified Information Systems Auditors or Certified Information Systems Security Professionals, or are committed to working towards these certifications.

We also encourage our engagement leaders and assistant auditors-general to complete the company directors course with the Australian Institute of Company Directors (or equivalent) to improve their understanding of how to interact with those charged with governance at our clients.

Financial audit engagement leaders hold qualifications, skills, and experience equivalent to the Australian Securities and Investments Commission’s (ASIC’s) requirements to be a registered company auditor. The ASPs we engage are registered company auditors.

Training outcomes

We assess our staff for technical competence, work experience, and training throughout their engagements. Their capabilities, competence, development, and performance evaluations are managed in accordance with QAO’s technical competency frameworks and policies.

We continue to develop more training that is delivered just-in-time and offers self-paced learning. This is reducing the volume of learning we ask staff to complete in our dedicated training periods, and increasing the ability of staff to retain the knowledge and apply it to their work.

The technical and non-technical courses offered reflect the competency frameworks and are intended to:

• provide staff with the right skills at the right time to deliver quality outcomes for clients – and provide rewarding career experiences for our people
• keep staff at the forefront of new developments in the accounting, auditing, and regulatory environment
• embed quality and risk appetite within our culture and leadership.

Staff training

On-the-job training is a large part of ensuring auditors have the appropriate skills to undertake their work. Staff are encouraged to complete targeted training for identified gaps.

We provided an average of 71 hours of formal training and professional development per auditor.

In 2024–25, we provided 11,152 hours of formal training and professional development to auditors, which averages to 71 hours per auditor on a full-time equivalent basis. This exceeds the expectations of the professional organisations of which staff are members.

Staff qualifications

We expect our audit professionals to maintain their professional memberships and participate in a minimum of 20 hours of continuing professional development (CPD) annually, and 120 hours in every 3‑year period. Our ASPs are members of professional bodies and have the same CPD expectations.

Since 2018, QAO has partnered with CPA Australia in its Recognised Employer Program, joining a select group of organisations that provide employees with the highest standard in professional development and support.

The training is based on the technical competencies required for each audit role and encompasses:

• current changes to either auditing or accounting standards
• specific areas of audit focus identified from internal or external sources
• observations from our internal quality assurance program
• using data analytics tools and tailoring them to client operations
• audit methodology or transformation initiatives.

Experience

We match the experience and skills of our engagement leaders to our clients’ industries and associated risks. We also aim to give staff new experiences to complement their existing skill sets and assist with succession planning.

We identify people with the right skills and experience to deliver our quality commitments. Our resourcing team forecasts our people requirements and ensures we have sufficient resources available. We also run targeted recruitment campaigns for staff with different levels of experience, supplemented by a continuous recruitment approach. This aims to recruit talented staff when they are available.

We monitor our audit and assurance staff profile, ensuring we have sufficient senior staff involved in audits, as illustrated in the staff headcount table below.

Using audit service providers to deliver audits

We use ASPs to deliver a component of our work. ASPs delivered 44 per cent of our audit opinions in 2024–25 (2023–24: 45 per cent). We engage ASPs to support the delivery of audits, leverage their regional knowledge, and access specialist resources.

QAO’s sourcing strategy sets principles for how audits are allocated between in-house teams and audit service providers. It aims to maintain QAO’s operational capacity, sector knowledge and client relationships while balancing workload, budget and continuity of auditors. Decisions consider audit duration, partner rotation, regional efficiencies and the long-term use of providers where appropriate. We do not use our ASPs to undertake departmental audits, audits of integrity bodies, or performance audits.

Our ASPs are engaged under competitive tender processes. We assess the experience and skills of engagement partners and key team members and assess their suitability to conduct audits on our behalf.

We prequalify ASPs to confirm they have the required experience and qualifications, manage our risk to audit quality, and manage our obligations under independence and audit quality standards.

To be eligible to undertake audits on our behalf, we require ASPs to:

• be registered company auditors (RCA) with ASIC
• be a current member of CA ANZ or CPA
• be authorised to sign financial statements on behalf of their firm
• be part of a firm with at least one other RCA and a system of quality management that complies with ASQM 1
• be part of a firm that has recent public sector financial audit experience (within the last 2 years)
• have passed a criminal history check
• be part of a firm that complies with the Queensland Government supplier code of conduct and ethical supplier threshold policy.

Our ASPs are required to adhere to the confidentiality provisions applicable to all authorised auditors under the Auditor-General Act 2009. This prevents them from using or disclosing information they obtain in our audits to third parties, including within their firms, except where required by law.

A QAO senior director or director and manager work closely with each ASP to manage each audit. They review client correspondence, engage on significant risk matters, and oversee the delivery of the audit in accordance with the audit plan. The QAO staff also engage with the client to share sector-wide knowledge. The QAO senior director or director signs the independent audit report, and is ultimately accountable for the quality of the audit in accordance with ASA 220 Quality Management for an Audit of a Financial Report and Other Historical Financial Information. The firm’s engagement leader is responsible for quality on the audit.

At the conclusion of the audit year, we provide feedback from our clients to each of our ASPs about the audit process and engagement. We also provide them with our observations on their audit quality. We agree an action plan with our ASPs to improve performance where it is needed and discuss how to continue doing the things that work. As a group, we discuss the aggregate client survey feedback with all of our ASPs to help improve performance.

Information and communication

Communicating effectively within the Queensland Audit Office

We have established procedures and practices to identify, capture, process, maintain, and communicate information throughout QAO. These procedures are supported by IT applications that provide accurate, complete, and timely information that supports decisions regarding QAO’s system of quality management.

We share information across QAO through:

1. community groups – These are the primary way for staff to share industry knowledge and experiences, and solve problems together. Group members collaborate informally and in structured meetings, through which QAO also shares strategic messages.
2. cohort meetings – Graduates, junior auditors, engagement managers, and engagement leaders come together in cohort meetings. These meetings provide safe spaces for staff at the same level to share knowledge and experiences, receive coaching, tackle issues relevant to their role, and discuss how to implement strategic decisions.
3. quarterly all-staff seminars – These share information of strategic importance to QAO and provide a way for staff to ask questions of the ELT.

Audit teams use digital communication channels to informally share information and solve problems. This is an effective means of communication when our audit teams are travelling across Queensland.

Digital records are maintained for all audit-related matters, using electronic audit software that allows engagement teams to share information with each other, the engagement quality reviewer, and those providing consultation.

We have one source of truth for documenting our audits. Auditors are required to transfer all audit evidence and analysis from working sites into the audit file as evidence that it is completed and reviewed. This step is required before the file is closed.

Communicating effectively with stakeholders

Engaging with our stakeholders enables us to better align our business and audit practices with our stakeholders’ needs and expectations, helping to drive long-term benefits for QAO and the public sector. We have many stakeholders, but we primarily define them through who we serve:

• parliament
• state and local government entities.

We recognise that effective communication between audit teams, client management teams, audit committees, and boards is critical to excellence in reporting. Our communication covers the scope of audits, any threats to independence or objectivity, risk assessments, significant findings, and judgements. Our reports are structured to communicate clear and concise messages and allow readers to quickly understand key findings.

We regularly report the progress of audits and our findings to those charged with governance, including chief executive officers, board chairs and audit committees. We do this through meetings and through formal presentations of our external audit plans, progress updates, and management letters explaining our findings.

Those charged with governance can provide a positive influence on the quality of an audit by demonstrating an active interest in the auditor's work and acting when they do not consider that appropriate quality has been provided.

We invite the chairs of audit committees to a twice-yearly briefing where we explain the strategic priorities of the office and discuss common findings from our audits.

We report publicly to parliament on the results of all our audits and on the most significant audit issues we identify. Our reporting includes providing parliament with an update on how entities are progressing with implementing our recommendations. This helps to highlight whether control weaknesses still exist or performance gaps are not fully resolved.

The monitoring and remediation process

Our system of quality management identifies our quality objectives and assesses threats and risks to achieving them. It includes key controls and any additional controls being implemented to reduce risk to an acceptable level.

We have a senior manager dedicated to managing QAO’s risk process. The risk manager meets quarterly with our risk owners to ensure the risk register is complete, risks are accurately documented, and controls continue to operate effectively. The risk register includes strategic and operational risks.

The senior manager reports to the ELT quarterly and to each Audit and Risk Management Committee meeting on:

• changes in risk
• risk treatments
• where risks fall outside our appetite or tolerance.

Where the risk falls outside our appetite or tolerance, the ELT discusses mitigating actions, including a remediation plan.

Separately, the Head of Quality provides a status update on the progress of the quality assurance plan to monthly ELT meetings and quarterly to the Audit and Risk Management Committee meetings. The QMC meets as needed to review quality findings.

Improvement opportunities

We report improvement opportunities identified from the quality assurance reviews to the ELT and ARMC at the completion of each review cycle.

We report more frequently on the root cause analysis for material policy breaches, material prior period errors in financial statements, and unsatisfactory quality assurance reviews. The reporting includes proposed remediation, issues identified during the root cause analysis, and responses to new and changing risks.

The themes of the open file review and engagement file review programs and root cause analysis (where appropriate), together with improvement recommendations, are shared with all audit staff. Teams are required to acquit in their audit files how they have addressed the findings and recommendations.

Review team, milestones, and duration of the audit quality program

The Head of Quality is accountable for the quality review, quality assurance, and active oversight of policies and procedures relating to quality assurance. They work closely with assistant auditors-general to share knowledge and provide advice on improvement opportunities arising from quality assurance activities.

The Deputy Auditor-General, as QAO Chief Operating Officer is accountable for the effectiveness of training programs and delivering on QAO’s learning and development plan. The Head of Quality, Deputy Auditor-General, and assistant auditors-general collectively ensure the training program is appropriate.

We primarily use specialist contractors to deliver the quality review program. This helps us maintain the independence of the review function. Internal senior managers and directors who do not have audit engagements, or have very few engagements, assist in reviewing our ASPs’ files. These staff work across our technical team and learning and development team.

We develop an annual quality plan that establishes the files selected for:

• open file reviews and engagement file reviews
• areas for deeper analysis
• the timing of quality reviews
• assignment of engagement quality reviewers
• reporting milestones.

Each internal engagement leader is subject to one open and one engagement file review each year. However, engagement leaders with satisfactory ratings for each of their last 3 engagement file reviews, at least 2 of which are rated as Satisfactory with no or minor findings, do not have an engagement file review in the following year.

Engagement file reviews are rated as either:

• Satisfactory with no or minor findings.
• Satisfactory with findings that are more than minor but less that materially deficit. This means we raised some quality issues, but the engagement leader still had sufficient appropriate audit evidence to support their audit opinion.
• Unsatisfactory. This means that there was a systemic lack of supervision and review by the engagement leader, and/or the engagement leader did not have sufficient appropriate audit evidence to support their audit opinion.

We review our ASP engagement partners on a 3-year rotating basis. This approach reflects that our ASPs are also subject to quality reviews by their professional bodies, ASIC, and their in-house program. We request copies of all quality assurance reviews performed over our ASP engagement partners.

We aim to complete our reviews in time for teams to undertake recommended improvement actions in their current year audit files.

Remediation actions

Engagement leaders actively engage in the quality assurance process. They provide feedback and responses to questions we raise during the engagement file review process to ensure audit quality findings are fair and balanced. The engagement leader and QA reviewer discuss appropriate remediation action. This may include performing further audit work or change in practice going forward. A root cause analysis is undertaken for all unsatisfactory files.

If an audit file is rated as unsatisfactory, we undertake a follow-up targeted open file review prior to the subsequent independent audit report being signed. This ensures that the deficiencies identified in the cold review have been appropriately addressed. Depending on the quality matter, we may require the engagement leader to obtain sufficient and appropriate audit evidence for the audit that was rated unsatisfactory. We also will schedule a further cold review over an audit by the same engagement leader to ensure that the audit quality issues are not systemic across their audits.

Monitoring audit quality across our audits

Monitoring audit quality is an important aspect of identifying emerging risks and opportunities, ensuring standards are being adhered to, and ensuring staff are performing well.

We monitor a range of audit quality indicators that span our culture and values, independence, recruitment, employee performance assessment, audit allocation process, quality assurance, timely reporting, and interaction with stakeholders. We monitor both quantitative and qualitative measures, which are reviewed annually for continuing relevance. The measures are listed in Appendix B.

Our Technical Issues and Major Transactions Panel and Modified Opinions Panel provide in-depth and expert analysis of complex financial accounting and audit issues, reporting of key audit matters, and proposed audit qualifications. These groups meet throughout the audit year as required.

Managing audit quality on our audits

Engagement leaders and engagement managers are provided with access to business intelligence dashboards that help them identify independence matters and risks to completing their audit in time and on budget.

Our audit approach requires us to plan, supervise, and manage our audits so the work performed provides reasonable assurance they comply with our policies and methodologies. The engagement leader is responsible for:

• the overall management of staff and the audit process
• engagement quality throughout the audit
• ensuring engagement quality reviewers are promptly briefed on significant matters.

Engagement leaders are required to review all high-risk areas of their audits and to ensure the engagement manager or on-site team leader has performed a timely review of all other audit working papers.