4. Key findings, observations and conclusions arising from the independent review

133. The key findings, observations and conclusions from the review of the audits performed by Audit New Zealand are set out in the following sections of this report:

• Section 4.1: Key Findings and Observations – Audit of the Council’s Annual Report
• Section 4.2: Key Findings and Observations – Auditor’s Approach to Considering and Assessing the Council’s Compliance with Legislative Requirements
• Section 4.3: Key Findings and Observations – Audit of the Council’s Long Term Council Community Plan (LTCCP) and Long Term Plan (LTP)
• Section 4.4: Key Findings and Observations – Quality Control Systems, Processes and Procedures
• Section 4.5: Key Findings and Observations – Auditing of Council’s Rates Revenue
• Section 4.6: Key Findings and Observations – Audit Reporting, Conclusions and Communications

4.1 KEY FINDINGS AND OBSERVATIONS – AUDIT OF THE COUNCIL’S ANNUAL REPORT

Purpose and scope of the audit of the Council’s annual report:

134. The terms of reference require me to assess Audit New Zealand’s audits of the Council’s annual report between 2003 and 2012.

135. The background section of this report outlines the basis, objectives and requirements for annual report audits. In broad terms, the auditor must determine whether:

• the Council’s financial statements comply with generally accepted New Zealand accounting practice, reflect the Council’s financial position at balance date, and reflect the financial performance and cash flows for the financial year;
• the group of activity statements comply with generally accepted New Zealand accounting practice and fairly reflect the levels of service for the financial year; and
• the Council has complied with the requirements of Schedule 10 of the Local Government Act 2002, to the extent they apply to the preparation and disclosure of information in the Council’s annual report.

136. Any assessment of audit planning and performance must reflect the scope and objectives for each audit.

Important contextual considerations

137. In planning my review, I identified some important contextual matters that I needed to understand and respond to. They were likely to influence my review in several ways – how I would determine particular areas of focus, clarify benchmarks for measuring the adequacy of the auditor’s work at the time of the audit, ensure my review fits within the context of the broader OAG inquiry, and report my findings so as to meet the needs of a broad range of interested parties. These contextual considerations included:

137.1. Impact of the extended period covered by the review – This review encompasses 10 annual reporting cycles and the audit of 10 annual reports. It considers work undertaken by three different auditors, and a period in which there were several important changes to the underlying audit methodology and to auditing and professional standards. My review needed to acknowledge the benchmarks and expectations applying to the auditor, and the audit, at the time the audit was completed. Because my review extended over a considerable time period, I needed to focus on the documentation available on the audit files ‐ it was vital I understood how the auditor exercised their judgment at the time the audit was performed, and appropriately manage any risk of hindsight.

137.2. Matters relating to the auditor’s consideration of the wastewater project’s impact on the Council’s annual report – Taking into account the scope of the OAG inquiry and the significant public interest in the wastewater project, it is appropriate to focus my review on the auditor’s work on that project – including the auditor’s planning, audit risk assessments and test procedures. Without a doubt, the wastewater project was likely to have a significant impact on the Council’s annual report at some stage during the period 2003‐2012. But it is equally likely that the nature and extent of this impact would differ from year to year, and that the auditor’s response would change accordingly – as would the auditor’s assessment of risk associated with the project. My review examines these changes.

137.3. The auditing of rates revenue – With the Kaipara District Council (Validation of Rates and Other Matters) Bill currently before Parliament, and given that rates are such a significant component of the Council’s financial statements, my review considers the auditor’s work on rates. My findings on this matter appear separately in section 4.5 of this report, although I have integrated the key findings and observations into this section in order to provide a complete understanding and assessment of the work performed by the auditor on the Council’s annual report.

137.4. The need to ensure Council’s compliance with laws and regulations – Again, given the significance of this subject, my findings are reported separately in section 4.2 and referred to here where relevant.

137.5. Matters to consider in assessing the sufficiency and appropriateness of audit work on the Council’s annual reports – In planning and performing my review I intend to address the following aspects of the audit process:

• Methodology and approach to the planning and performance of the audit;
• The auditor’s planning consideration, how they developed an understanding of the Council’s activities and environment and the identification and assessment of key audit risks and areas of audit focus;
• The identification, planning and performance of audit test procedures; and
• Evaluating the impact of any issues or deficiencies in the planning and performance of the audit on whether the auditor has satisfied the objectives of the audit and, separately, on the audit opinion issued by the auditor.

137.6. Audit quality and industry practice – I am mindful that over the period of the review that the standards and benchmarks of what is reasonable and appropriate in the context of the planning and performance of the audit engagement has changed. In addition, Audit New Zealand has suggested to me that there has been a noticeable change in industry practice since 2003. They cite that expectations as to what was, or was not, sufficient by way of the standard of documentation to demonstrate compliance with the auditing standards, or as evidence of the professional judgement exercised by the auditor, has changed since 2003.

Without understating any of the findings and observations identified during this review I have found merit in the argument put forward by Audit New Zealand.

Information from publicly available reports and documents from standard setting bodies, regulatory and oversight bodies, from the results of independent quality assurance reviews performed on Audit New Zealand’s methodology and work practices as well as changes to the underlying methodology and guidance to auditors highlight a change in the expectations and standards that auditors were expected to demonstrate over time.

The challenge is to reconcile what may have been industry practice at a particular time with the underlying expectations set out in the auditing and professional standards. There is no single verifiable body of evidence to demonstrate what was considered to be industry practice at a point of time.

Over the period covered by the review there has been a noticeable improvement in audit quality, particularly around the practice of documentation and evidencing of work to support the conclusions reached by auditors. I intend to manage this issue through discussions with the auditor and by carefully considering the results of my review of individual files in relation to earlier and later files.

138. Because of these contextual considerations, I have chosen to organize my analysis and findings from the annual report audits in the following order of priority:

• First, where appropriate I have identified general findings and observations that apply broadly across all audits (2003‐2012);
• Second, I will identify key findings and observations that relate specifically to only one audit; and
• Where it is not appropriate to apply either of the previous two categories then I intend to identify those findings and observations across the following cluster of audit engagements:
• Audits performed during 2003 – 2005;
• Audits performed during 2006 – 2009; and
• Audits performed during 2010‐2012.

The auditor’s planning, understanding of Council operations and identification of audit risks: was it adequate?

139. The starting point for my review of the work performed by the auditor on the Council’s annual report is to understand and consider the nature and extent of the auditor’s planning of the audit engagement, the key audit risks identified and the areas of audit focus identified by the auditor.

140. Auditing standards require the auditor to plan the audit so that it will be performed effectively. This usually involves developing an overall audit strategy and plan which identify, among other things, what the auditor considers to be the most significant areas of audit risk and focus. More broadly, the auditor’s planning will include:

• an assessment of key issues affecting the Council’s functions and activities;
• an understanding of the Council’s overall management control environment;
• the identification and assessment of key audit risks, including risks of material misstatement of the annual report;
• the auditor’s response to past issues and deficiencies; and
• the auditor’s response to local government sector‐wide issues, or OAG areas of focus.

141. In planning the annual report audit, the auditor must demonstrate a high level of understanding of the Council’s business, operations and activities; adequately document the audit strategy and plan; and adequately document how they have exercised their professional judgment. The auditor is expected to design and implement audit procedures that respond to key audit risks or areas of focus.

142. I have reviewed each audit file in order to identify and assess how the auditor determined which matters were likely to be relevant and appropriate to the planning of the audit engagement. I have also considered whether the auditor has adequately responded to the identified audit risks by designing appropriate audit test procedures.

143. In the case of each audit planned during 2003‐2012, the audit files demonstrate a methodical and structured approach to planning. The methodology, approach and matters that the auditor is required to consider are reasonable. The audit methodology requires the auditor to document, among other things:

• Their knowledge of the Council’s business, operations and activities ;
• Their assessment of the Council’s management control environment – including its financial management environment and systems, service performance information systems, and systems for ensuring compliance with laws and regulations;
• The key audit risks and areas of audit focus they have identified.

I found that each of the audit files was structured in a way that demonstrated that the auditor had considered and addressed these areas of focus.

144. This methodology is supported by guidance and checklists which help the auditor exercise their professional judgment or plan the audit engagement. There is evidence on each file that these checklists and procedural steps were completed. The auditor has brought together and documented the key planning considerations and risk assessments into an Audit Planning Memorandum (APM). Each APM has been reviewed and approved by the auditor.

145. Audit New Zealand’s audit methodology was subject to independent quality assurance reviews by the New Zealand Institute of Chartered Accountants and the Australasian Council of Auditors‐General. No significant adverse findings were identified.

General findings and observations

146. In general, the documentation supporting the auditor’s consideration of key planning matters and the identification of key audit risks or areas of audit focus is reasonably consistent, year on year. The APMs identify anything that might affect significant disclosures in the annual report.

147. For the 2003‐2005 audits, the planning documentation shows the auditor has developed an audit strategy or plan that addresses risks and planning considerations (both Counciland sector‐specific) relevant to the annual report. The wastewater project is identified as an area of focus. As a minimum, the auditor kept a watching brief on the project as it was not assessed as having a significant impact on the annual report at that time. Project management and asset management were key planning considerations. The files contain evidence of early ratepayer complaints about the wastewater project. There is evidence that these complaints were considered by both the OAG and auditor at the time that the complaints were raised.

148. For the 2006‐2009 audits, the planning documentation considers general Council‐ or sector‐wide risks/areas of focus. These include the Council’s conversion to new IFRS accounting and financial reporting standards, transport and roading project funding, and general matters related to the annual report. While the auditor appears aware of the wastewater project’s current stage of development, no significant areas of audit risk or focus are identified. It follows that the auditor would not have designed or performed any specific audit test procedures relating to the project.

149. For the 2010‐2012 audits, the planning documentation largely supports the Council, sector and annual report risks identified by the auditor. Initial planning for the 2010 audit does not identify the wastewater project as a significant area of audit risk. The wastewater project had been completed, commercial acceptance had been agreed and the wastewater plant was now operational. There is evidence that the auditor reconsidered this initial risk assessment as the audit progressed and issues emerged with the project. Planning documentation for the 2011 and 2012 audit addresses key Council, sector and emerging issue risks and specifically addresses the wastewater project as a significant area of audit risk.

150. Overall, I am satisfied based on my review of the audit files that the auditor has identified general Council‐ or sector‐wide matters that were relevant to the planning of the Council’s annual report audit, or that were relevant to ensuring that the objectives of the audit would be satisfied. However, I am concerned that the planning documentation does not sufficiently or adequately identify the wastewater project as a significant area of audit risk or focus during the key period of development (2006 – 2009) until irregularities began emerging from 2010. While accepting that the auditor was generally aware of the progress of the project this has not been sufficiently translated into the auditor’s planning of the audit engagement during this period. As a consequence, planning documentation fails to outline any specific audit testing other than general ‘business as usual’ audit procedures that are conducted as part of the normal recognition and disclosure of items in the Council’s financial statements.

151. The audit files indicate that the auditor planned their response to each key component of the annual report (such as cash and bank, rates etc) and assessed the characteristics and inherent risks associated with those components. In the absence of any significant issues or risks, what the auditor planned to perform is to be expected. In general, the audit approach and response is consistent year on year.

152. The way the auditor documented the basis for their planning considerations, and when and how they exercised their professional judgment – for example, when bringing forward planning matters from one audit to the next – varied significantly over the review period, to the point that I cannot determine with sufficient certainty whether all key planning issues and audit risks were identified. Until 2007, the documentation of key planning meetings also varied.

153. Of particular concern is the lack of documentation to demonstrate the auditor’s understanding of the wastewater project and their professional judgment when assessing its likely impact on the Council’s annual report. For example, between 2006 and 2009 – when the project could be expected to have had an increasingly significant impact on the Council’s annual report – the auditor indicated that they were generally aware of project delays, changes to the scope of the project and cost escalations. However, the project was not identified as a significant planning consideration or area of focus. How the auditor 39 came to this decision, why no significant audit risks were identified and no audit test procedures developed are all insufficiently documented.

154. Audit New Zealand states that the documentation on the audit files is consistent with practice at the time, and also that evidence of planning decisions was effectively documented in the audit planning memorandum. Unfortunately, the insufficiency of the documentation makes it difficult to determine whether the auditor has sufficiently and appropriately taken into account all key planning considerations and risks. In particular, I found that there is insufficient documentation during the 2006 ‐ 2009 period to indicate why the auditor did not consider the wastewater project to be a significant audit or planning risk, or area of audit focus. Contrary to the position taken by the auditor, Audit New Zealand agrees the wastewater project should have been a significant area of focus between 2006 and 2009 but acknowledges that it clearly was not.

155. These deficiencies in documentation are evident in other areas. For example, there is insufficient documentation to show the extent to which the auditor relied on matters considered in previous audits, why the auditor did not connect such matters from one audit to the next, or why the auditor considered such a matter was no longer a significant risk.

156. Auditors are entitled to rely on the results of work performed in previous audits, to the extent they remain relevant. Determining their relevance involves exercising professional judgement. Similarly, it is reasonable to expect issues identified in previous annual report audits, or during the audit of Council’s planning documents, to be considered if they are also relevant to the current audit. Documentation provides evidence that the auditor has exercised professional judgment and scepticism.

157. Two matters stand out as particularly concerning. First, between 2003 and 2005, the wastewater project was recognised as a general planning consideration. In each of these audits the auditor completed a high level review of the project management. Given the current stage of the project, the work performed by the auditor is appropriate in order to sufficiently understand the impact of the wastewater project on the annual report at that time. However, my concern is that between 2006 and 2009, the wastewater project was not identified as a key planning consideration or audit risk, even though Audit New Zealand now concedes that it should have been. Discussions with the auditor suggest that they continued to rely on the project management assessment carried out in 2005 and on discussions with management. Unfortunately, the nature and extent of that reliance is insufficiently documented. Nor is there any documented evidence as to whether the auditor updated the original assessment to take account of new or changed circumstances and information.

158. The auditor’s failure to consider the changing nature and impact of the wastewater project between 2006 and 2009 is in itself a significant deficiency in the planning and performance of the audit engagement. But the failure to sufficiently document the professional judgment exercised at the time further compounds it.

159. The second area of major concern relates to how the auditor connected, or failed to connect, issues identified in Council’s planning document audits of 2006 and 2009 with the annual report audits.

160. As part of their audit work, the auditor reviewed the minutes from Council meetings (there was no specific Council audit committee) and has noted significant issues, discussions and decisions. The auditor identified several occasions when these Council meetings considered aspects of the wastewater project. Matters that were relevant to the auditor’s understanding of the Council’s operations, or that may have had an impact on the Council’s annual report audit, were documented on the audit file. The auditor’s notes build up a picture of the changing nature of the wastewater project over time, and confirm that the Council was regularly updated on significant issues (including those affecting the funding of the project).

161. All this documentation and evidence on file suggests the auditor was, or should have been, fully aware of the changing potential audit risks relating to the project. However, there is insufficient documentation to show how the auditor took account of the changing nature of the project, its risk or impact on the annual report or the other matters identified in the course of planning and performing the audit. For example, it would be reasonable to expect that information given to the Council about the increasing cost of the project between 2006 and 2009 would prompt the auditor to consider whether this was a significant audit risk or potential area of audit focus. Yet while the audit files indicate the auditor did consider and take into account in the audit important matters like this when they were raised in the Council minutes, there is a lack of documentation showing how such matters were taken into account.

162. By 2010, the methodology and approach to planning the Council audit had been further enhanced, resulting in a more comprehensive and integrated approach to identifying audit risk and areas of audit focus. These enhancements took account of changes to the auditing standards that applied to the audit.

163. From 2011, the irregularities relating to the wastewater project and the setting and assessment of rates were beginning to be known. The auditor was aware of them when planning the 2011 and 2012 audits, and took account of them in the risk assessment. There is also evidence that Audit New Zealand was working with the OAG to respond to the irregularities. Now that the asset is operational, concerns about the management of the project are largely historical from an audit perspective. However, the auditor continues to consider and assess the risk associated with the capitalised value of the asset.

What audit work was planned and performed on the Mangawhai Community Wastewater Project?

164. From my discussions with the auditors and examination of the audit files, I have sought answers to the following questions:

• What evidence or documentation is available on the audit file to demonstrate the auditor’s understanding of the wastewater project, its impact on the Council and community and how the progress and development of the project impacted the Council’s annual report?
• How did the auditor’s understanding of the project develop and change over time?
• What assessment did the auditor make of the Council’s overall project management?
• What significant audit risks or areas of audit focus did the auditor identify and how were they addressed in the planning and performance of the audit?
• What assessment did the auditor make of the project’s impact on the Council’s management control environment and on the preparation of the annual report?
• What specific audit work, or audit test procedures, did the auditor plan and perform during the development/construction period of and on the capitalization of the infrastructure asset in the Council’s financial statements?
• What issues, deficiencies or irregularities did the auditor identify and how were they communicated to the Council, intended users of the annual report and to the OAG?

165. As I have previously noted, by any measure the wastewater project was a significant undertaking for the Council. Its funding and financial implications were of significant public interest for the community. My discussions with the auditors, and examinations of the documentation and evidence available on the audit files, demonstrate that the auditor was generally aware of the project’s progress and development.

166. In the context of this review, the most important aspects of the wastewater project include:

166.1. The project was of strategic long‐term importance: it was a critical element of the Council’s strategy for managing and sustaining future population/development growth in the region, and the resulting demands on the Council’s core infrastructure assets.

166.2. The project’s scope, size and scale meant it had a significant impact on both the community and the Council’s operations (including its obligations to engage and consult with the community, and the financial impact of the development cost on current and future ratepayers). 

166.3. The project’s overall management and governance, including the method of procurement and funding, made it a significant and unique undertaking for the Council. It was not a normal ‘business as usual’ activity.

166.4. The project significantly impacted the Council’s funding and financial strategy in many ways – rates, development contributions and borrowings, the projected operating and capital expenditure requirements, and the Council’s assets and liabilities.

166.5. The impact of the funding and financial decisions associated with the project on the Council’s overall financial strategy was significant. Those decisions would continue to constrain the Council’s financial flexibility in the short to medium term. So significant were the funding implications that the Council needed to introduce a debt segmentation policy to allow the project to be funded within prudential borrowing limits. Moreover, the Council entered into highly complex financial instruments to manage the risk of fluctuating interest rates and development costs.

166.6. Council decisions regarding the scope and financial implications of wastewater project were reliant on robust growth and planning assumptions. These assumptions underpin the financial forecasts and revenue projections. They also directly influence any assessment of the prudence of Council’s financial strategy.

166.7. The Council did not possess all of the necessary skills and experience to manage the wastewater project internally. It was therefore heavily reliant on external advice, project management and consultants. Effectively, utilising the skills and expertise of external advisors and consultants while maintaining appropriate governance oversight and control was a significant challenge for the Council.

166.8. The outsourcing of the development, project management and funding of the wastewater project was considered to be essential in order to effectively manage the Council’s exposure to financial risk arising from cost and time overruns. Outsourcing the management of the project would also influence or affect the way that the project was accounted for in the Council’s financial statements.

166.9. Between 2006 and 2009, multiple issues and developments arose that changed the project’s impact on the Council. The auditor was, or should have been, aware of these emerging issues and the consequent changes in the project and financial risk – including the impact of updated forecasts, projections, timelines and financial planning assumptions that affected the project’s overall cost and funding implications.

167. In my view, the auditor’s understanding of the project was insufficient given its significance and scale, which should have alerted the auditor to matters of performance, waste, probity and authority. However, the extent to which this deficiency impacts the overall objective of the annual report audit – to obtain reasonable assurance – needs careful analysis. What is reasonable for the auditor to have addressed when planning and performing the audit must be considered relative to the potential impact or risk that the wastewater project would have for the annual report. It is accepted that the auditor did not need to completely understand every detailed aspect of the project. But they needed to have a sufficient understanding to recognize its impact on the annual report and respond appropriately – such as understanding the appropriate accounting treatment during and after construction or understanding the impact of funding decisions on the Council’s financial statements.

168. From the available evidence and documentation, I consider that the auditor did not have a sufficient and complete understanding of the wastewater project in order to effectively plan and perform the audit engagement. For example, I have found that in 2006‐2009, the auditor did not identify any key audit risks associated with the project. Nor did the auditor adequately consider whether the accounting treatment of the project was correct or whether the impact of changes to the size and scope of the project posed any significant issues for the funding of the project or on Council’s overall financial strategy.

169. The following summarises my key findings and observations for each cluster of audits:

2003 – 2005

169.1. Discussions with the auditor(s) suggest that the auditor(s) had a reasonable background understanding of the needs and drivers behind the wastewater project, and was also aware of issues with contract negotiations, potential contractors etc. Unfortunately, the audit files do not sufficiently document much of this understanding, nor the professional judgment exercised by the auditor(s) at the time. This means that it is not possible to fully assess the extent to which their background knowledge informed the planning of each audit engagement. However, given the project’s stage of development, it was unlikely to have significantly impacted the annual report at that time. In my view, the general understanding developed/obtained by the auditor(s) at that time was considered sufficient to assess the impact of the wastewater project on the annual report and therefore to effectively plan and perform the audit engagement.

169.2. Planning documentation identifies the wastewater project as an area of emphasis, reflecting the significance of the project for the Council.

169.3. Between 2003 ‐ 2005, the auditor performed an annual review and assessment of the overall management of the wastewater project. The work was undertaken as part of the auditor’s consideration of the Council’s management control environment, and with the aim of forming a high‐level understanding of the Council’s structures, systems and processes around the project. The assessment involved enquiry and discussion with key management (the Council’s asset manager and finance manager). Insufficient documentation means I cannot determine how far the auditor’s assessment extended or whether the matters discussed with the Council were explored further.

169.4. In the course of this work, the auditor appears to have identified the critical background reports used when the project was being set up, the nature and extent of community consultation to that point, risk management and the role of the project manager. These reports are not contained on the audit file but referred to by the auditor where appropriate.

169.5. The auditor considered that the Council had in place appropriate structures, systems and processes to manage the project.

169.6. In my view, the auditor’s assessment was not sufficient to support the specific conclusion reached in terms of the overall project management of the wastewater project. Further, it was too narrow to allow the auditor to assess the overall control and management of the project or to consider its impact on the Council’s operations.

169.7. Notwithstanding my view on this matter, the work completed was sufficient for the auditor to plan and perform the 2003 – 2005 audits, as the project was not then considered to have a material or significant impact on the annual report. However the review seems to have been intended as a broad assessment of the project management, and was not tightly focused on the annual report implications. The auditor’s conclusion appears to support this.

169.8. In response, Audit New Zealand asserts that the review was undertaken so that an audit opinion could be expressed. It was not intended to be a comprehensive review of the project’s management. It is correct that the review was planned as part of the 2003 – 2005 annual report audits. However, the work completed does not appear to be directly connected with assertions in the annual report. The auditor makes general conclusions or observations that the Council’s decision to outsource the project is indicative of the Council’s strategy to effectively manage risk. In general, it is difficult to determine from the documentation how the conclusions reached connect with the auditor’s planning of the audit or the identification of audit risks.

169.9. It is noticeable that the auditor’s annual review of the project between 2003 ‐ 2005 was narrowly focused and did not specifically consider a range of matters that would be relevant to a complete understanding of the impact of the wastewater project on the Council’s annual report:

• The effectiveness of the Council’s overall governance and control of the wastewater project;
• The effectiveness of the external developer’s project management;
• Council’s overall risk management strategy, framework and risk identification. The auditor’s consideration of whether it was appropriate for the Council to outsource the project to manage its financial risk was too narrow;
• The project’s funding and financial implications;
• The robustness or quality of project budgets and financial projections;
• The project’s impact on the Council’s funding and financial policies and financial strategy; and
• The appropriate accounting treatment for the project given the nature of the project management contract or approach.

I have queried this with Audit New Zealand who advise that any work completed at the time of the 2005 audit would only ever have been a preliminary assessment, given the early stages of the project and as a new contract was signed post‐balance date, and was therefore still subject to change at the time of the audit. Audit New Zealand suggests that much of the information required to undertake a comprehensive assessment of the matters identified above did not exist at the time of the 2003 – 2005 audits – as the contract was not signed until October 2005.

Between 2006 – 2009, Audit New Zealand agrees that the assessment should have been updated subsequently to reflect the different stages of the wastewater project once the final contract had been signed. I concur with Audit New Zealand’s general position on this matter. However, I remain concerned over the sufficiency of documentation on the file to support this. In my view, there is insufficient documentation on the file to indicate whether the work performed by the auditor was a preliminary assessment only. Second, in the context of the work performed, if in the auditor’s professional judgement the matters identified above were not matters that needed to be acted upon until after the contract was signed then it is reasonable to expect that this judgement would be documented. Third, with respect to the auditor’s consideration of the governance and oversight arrangements that the Council had in place, in my view, these are equally relevant to both the Council’s planning and set up of the project (pre‐contract signing) and during the period of development or construction (post‐contract signing) and therefore were matters that should have been considered by the auditor and documented on the file. Notwithstanding these limitations, I accept Audit New Zealand’s assertion that, based on the current stage of development, this would not have influenced the auditor’s planning and performance of the audit.

2006 ‐ 2009

169.10. The documentation available on the audit files for this period is deficient in multiple ways. It provides insufficient evidence that the auditor:

• identified any audit risks associated with the project or carried out any specific audit test procedures to assess the project and its impact on the Council’s annual report;
• was aware of the significant changes in the project’s nature, scope and financial implications that occurred over this period – nor that the auditor properly considered how these changes would affect the Council’s annual report;
• updated the 2005 (preliminary) assessment of the project at any point. As I have noted, the auditor acknowledges relying on that assessment during the 2006‐2009 audits, but this too is insufficiently documented.
• integrated their assessments and conclusions from the 2006 and 2009 planning document audits into the planning and performance of the 2006‐ 2009 annual report audits.

169.11. In this review, I have specifically considered irregularities in the setting and assessment of rates, including those used to fund the wastewater project. A separate analysis of these findings is set out in section 4.5.

169.12. In this period, the auditor did not identify any significant audit risks associated with the wastewater project. Thus, no detailed audit work or test procedures were ever performed on the project at this time, despite its implications for the annual report. If the project’s financial/transactional impact was considered during a particular audit, it was as part of the general audit test procedures performed on key components of the annual report (eg ongoing expenditure).

169.13. The auditor continued to rely on the 2005 preliminary project management assessment during the planning and performance of the 2006‐2009 audits. Audit New Zealand suggests the 2003 ‐ 2005 reviews were a preliminary assessment only and were appropriate in the context of the stage of development at that time. Given the significance of the wastewater project, the auditor should have reviewed, updated and reassessed that preliminary assessment (including consideration of the matters set out in paragraph 169.9) during 2006‐2009, as the project progressed and once the final contract position had been established. There is no evidence that the auditor ever did so.

169.14. Financial projections show that the cost of the project significantly increased over the 2006 – 2009 period. While the auditor appears aware of the escalating cost there is no evidence or documentation to indicate that the auditor was concerned or saw this as a risk to the Council, its financial strategy or sufficiently understood the impact on the Council’s annual report. In 2006 the project cost increased from $17.5m to $26m when the new contract was entered into and then to $35m in the LTCCP – (the final construction payment to Mangawhai Development Holdings Ltd (MDHL) in July 2009 was $45.756m and the carrying value of the entire asset at 30 June 2010 was $51.418m). As the method of procurement, funding implications and accounting treatment would have had major impact on the annual report, the wastewater project should have been a significant area of focus for the auditor in 2006‐ 2009. This was confirmed in the 2012 OAG quality assurance review, which found the risks associated with the project were not understood, adversely affecting the testing and resulting judgments made in the 2009 LTCCP, 2009 and 2010 annual audits. Audit New Zealand concurred with the OAG’s finding.

169.15. Because of the deficiencies in the planning and performance of the audit that I have outlined, the auditor failed to plan for, detect or appropriately consider numerous potentially material deficiencies in the Council’s 2006 – 2009 annual reports, including:

• accounting and disclosure of the Council’s contractual capital commitments related to the wastewater project were not adequately shown in the financial statements;
• accounting treatment of the asset during construction and development, and related disclosures, were not consistent with generally accepted accounting practice;
• on completion, the wastewater project was not capitalised in accordance with generally accepted accounting practice; and
• the basis on which the Council set and assessed the targeted rates for the wastewater project did not comply with the provisions of the LGRA.

169.16. In several of these areas, the Council amended the financial statements, or included additional disclosure about adjustments to comparative information to correct the original errors/omissions in previous financial statements. But every error or omission the Council made in preparing the annual report raises questions about whether the auditor issued the correct audit opinion.

2010 – 2012

169.17. By 2010, the wastewater project was complete and fully operational. Between 2010 and 2012, the auditor became aware of deficiencies in the way the annual report and planning documents recognised or accounted for the project and the resulting asset. The auditor adequately considered these matters when planning and performing the audit of the 2010‐2012 annual reports and planning documents. The auditor’s assessment of the impact of deficiencies, now identified on the auditor’s opinion, are supported by the documentation on file.

169.18. Initial planning for the 2010 audit identified certain business or audit risks associated with the project, concurrent with the handover of responsibilities from the previous auditor. No significant risks or planning issues were identified, although it is recognised that this initial assessment was based on the transfer/handover of information from the previous auditor. The incoming auditor updated their initial assessment as the audit progressed and irregularities relating to the project, and to the setting and assessment of rates, started to emerge.

169.19. Documentation on the 2011 and 2012 audit files shows the auditor was aware of the emerging issues related to the accounting treatment and funding of the wastewater project. The evidence indicates the auditor addressed and responded to these issues appropriately. For both audits, the audit report issued is unqualified but provides additional disclosure of issues related to the wastewater project, the setting of rates and the future financial viability of the Council. The audit report draws users’ attention to management’s disclosure of these issues in the annual report.

169.20. Deficiencies in the accounting for the wastewater project in 2009 had a carryover impact into 2010. In particular, the wastewater asset balances had not been correctly capitalised in accordance with generally accepted accounting practice.

169.21. Between 2010 and 2012 there is evidence of increasing communication between Audit New Zealand and the OAG over the emerging issues and irregularities. The opinion the auditor needed to issue was the subject of detailed consideration and discussion.

The auditor’s consideration and assessment of the management control environment

170. In planning the audit engagement the auditor is required to consider and assess the Council’s control environment. The overall objectives of the control environment assessment are to assist the auditor in:

• Identifying key audit risks or areas of audit focus that need to be addressed during the audit; and
• Effectively planning the approach to the audit to ensure that the overall objectives of the audit are satisfied.

171. In assessing the effectiveness of key aspects of the control environment, the auditor is not aiming to provide separate assurance over the entire Council‐wide control environment. However, the auditor’s assessment directly contributes to the identification of audit risks and areas to be focused on during the audit. It also influences the design of audit test procedures. Carrying out a control environment assessment involves exercising a high degree of professional judgment. It also requires the auditor to have a sound understanding of the Council’s operations and activities. An incorrect or inappropriate assessment may result in the auditor failing to identify key audit risks or failing to plan an audit approach to something that should be a key area of focus.

172. In reviewing the auditor’s work in this area, I was interested in both the breadth and depth of the auditor’s understanding and assessment. I also wanted to understand the auditor’s assessment of those aspects of the control environment that would have subsequently been considered when the auditor planned their audit approach to the wastewater project – for example, the auditor’s consideration of the Council’s planning and budgeting, risk management, performance monitoring etc. All these are matters which the auditor would consider when determining the appropriate audit approach.

173. The audit files demonstrate that the auditor assessed the Council’s control environment at an overall entity level and at the “significant underlying system level”. At an overall entity level the auditor considered the following components of the control environment:

• Control culture and values
• Organisation and governance structures
• Planning and budgeting
• Performance monitoring
• Compliance with laws and regulation
• Impact of external influences
• Other matters of relevance

174. Between 2003 and 2005, the auditor supplemented their assessment by looking at and considering the following additional control environment components – contract tendering and management, capital project management, reporting and communications and HR policies and practices.

175. In general, I am satisfied that these aspects were considered in a way that supported the planning of the annual report audit and the identification of key audit risk/areas of audit focus. However, as I go on to discuss, I question whether the auditor’s consideration of the planning, budgeting and performance monitoring aspects was sufficiently broad to allow a proper assessment of the Council’s financial management and governance.

176. The following summarises my key findings and observations for each cluster of audits:

2003 – 2005

176.1. Between 2003 and 2005, the auditor assessed the control environment as good or effective. This assessment is captured in the planning memorandum and the auditor’s approach/response is outlined in the risk analysis form.

176.2. The auditor completed a separate assessment of the Council’s project management control environment by specifically considering the wastewater project. This assessment found that, in the auditor’s assessment, the Council had appropriate structures, systems and processes to manage the wastewater project.

An assessment was made every year between 2003 and 2005. It remained largely unchanged from year to year, even though the auditor noted that it had been updated/discussed with management. The documentation indicates high level consideration only of aspects of the project management, largely by way of enquiry or discussion. In the context of forming a view on the overall control environment this high level approach is not unreasonable. However, the auditor did not perform a comprehensive assessment, or try to validate whether the processes, systems and structures were in fact operating effectively as described. Nonetheless, the auditor formed a conclusion that they were in fact effective. Audit New Zealand has indicated that this did not affect the planning of the audit, given the current state of the project and the fact that it would not have significantly impacted the annual report at that time. I am inclined to concur with this assessment, while still noting my concerns about documentation – especially the auditor’s documentation of their overall conclusion or assessment.

176.3. There are aspects of the completed assessment where the auditor drew conclusions about aspects of the control environment. In doing so, the auditor exercised professional judgment. However, there is insufficient documentation to demonstrate how certain conclusions were reached. For example, the auditor comments that no instances of management override have been noted, but provides no further documentation to support this conclusion nor how it was reached. Similarly, it is difficult to determine how broadly the auditor considered key aspects of the control environment – for example, the auditor cites the Council’s decision to outsource the wastewater project to support their view that the Council is risk averse.

176.4. I have separately considered and addressed the issue of documentation on the audit files between 2003 and 2005. I have accepted Audit New Zealand’s position that the sufficiency of the documentation was reasonable in respect of practice at that time. However, the fact remains that, as an independent reviewer, I have found it difficult to ascertain from the documentation on the audit file the completeness and sufficiency of the auditor’s understanding of key aspects of the control environment that resulted in an overall assessment of ‘good/effective’. What is documented on the checklist indicates a narrow assessment was made in a number of areas.

176.5. In general, audit files demonstrate an integration between the control environment assessment, the identification of audit risks or areas of audit focus, and the planned audit response. The auditor’s assessment of the control environment supports the planning and performance of audit test procedures that were reasonable for an annual report audit during this period.

2006 – 2009

176.6. Between 2006 and 2009, the auditor also assessed the control environment as good or effective. This was captured in the planning memorandum, along with the auditor’s planned audit approach to further testing or assessing the Council’s control systems. The auditor generally completed their assessment following discussions with Council management.

176.7. From 2006, the auditor’s assessment was narrower than in the previous cluster of audits. There was no separate or detailed assessment of the Council’s project management. There is no documentation or evidence on file indicating that the auditor specifically looked at the wastewater project in the context of the Council’s overall control environment at any stage between 2006 and 2009. This is in contrast to each of the previous three years’ assessments.

176.8. In discussions with the auditor, I was told that they continued to place reliance on the previous 2005 assessment. However there is no documentation on the audit file showing the nature and extent of their reliance, nor why an assessment made in 2005 continued to be relevant in each subsequent audit. It would also be reasonable to question whether the assessment made in 2005 was relevant and appropriate for the 2006‐2009 period given the project’s changing nature, scope and risk management over this period. It is noteworthy that the 2006 risk assessment form refers to completing a project management assessment, yet there is no documentation on file to indicate that this was completed. Similarly, the 2006 planning memorandum notes the wastewater project as a significant project but says in the auditor’s judgment that there are no concerns about how the Council is handling it. But when I reviewed the audit files, I could find no documentation showing how the auditor exercised their judgment in forming this conclusion.

176.9. In the design of the audit approach, the control environment assessment was integrated and linked with other planning considerations. This is detailed in the planning memorandum.

176.10. The auditor’s assessment of the management control environment includes a number of qualitative assessments. They relate particularly to the robustness of Council’s budgeting and reporting, and to the competence, attitude and experience of staff. In 2008 the auditor completed an ‘entities at risk’ assessment, including qualitative assessments of the competency and knowledge of management. Again, due to an absence of sufficient documentation on file, it is not possible for me to assess the sufficiency and appropriateness of the matters the auditor took into account in reaching such conclusions.

176.11. In reviewing the assessments completed between 2006‐2009, I found little change year‐to‐year in the auditor’s assessment. Nor did the matters documented when forming this judgment change significantly in nature or extent.

176.12. Between 2008 and 2009, the documentation shows planning meetings took place involving the Council and the auditor, and the audit team. There is no indication that the wastewater project was identified as a matter of concern or an area of audit risk/focus at these meetings.

176.13. Also between 2008 and 2009, the auditor noted that their assessment of the Council’s budgeting process relied on work performed as part of the LTCCP audit (which, in the case of the 2008 audit, was performed in 2006). This assessment was integral to the auditor deciding whether meaningful analytical review of budget‐actual could be conducted. However, there is insufficient documentation to demonstrate that the auditor had sufficiently considered whether the 2008 budgeting processes continued to operate as effectively as had been assessed in the 2006 LTCCP audit. Further, there is insufficient documentation to demonstrate how the auditor determined the relevance of the budgeting process for the 2009‐ 2019 LTCCP to the budgets set for the 2009 audit.

176.14. The auditor’s 2009 assessment of the management control environment noted that instances of fraud had been detected during the 2008 period. However, the documentation detailing the auditor’s discussions with the Chief Executive indicates no frauds. I found these conflicting statements difficult to reconcile. The documentation on file indicates that the auditor considered the nature of the frauds committed, and the quality of the control systems, before determining that those systems could continue to be relied upon.

2010 ‐ 2012

176.15. Between 2010 and 2012, the auditor’s assessment of the Council’s control environment was significantly more far‐reaching than in 2006‐2009. The nature and extent of the documentation supporting the auditor’s assessment is also significantly greater, and the auditor has more thoroughly recorded the basis on which they exercised their judgment.

176.16. In 2010, the auditor assessed the management control environment as effective. The reasons and rationale for this assessment are more extensively documented than in any of the previous audits. The auditor has relied on the work completed on budgeting and monitoring as part of the 2009 LTCCP audit, integrating this into the assessment. Acceptance and continuance assessments start to identify the emergence of issues and risks within the Council, and the documentation shows the auditor is considering how best to respond to these. The auditor identifies the wastewater project as needing consideration, given the significant debt that the Council has taken on. Other planning documents point to the emergence of financial and funding issues – a slow‐down of development contribution revenues, treatment of Ministry of Health subsidies etc. Overall, I found that the linkages between the entity‐ and activity‐level assessments were sufficient for the auditor to effectively plan the audit, and to identify areas of audit risk and focus.

176.17. In approaching the 2011 audit, the auditor initially assumed that the entity‐level control environment would be effective. The auditor subsequently decided to undertake a comprehensive reassessment of the management control 51 environment, on the basis of significant issues and concerns emerging around the Council’s management, governance and financial management practices: this is extensively documented. Based on this work, the auditor concluded that the Council’s control environment was now ineffective, citing poor financial management as the primary reason.

176.18. Towards the end of the 2011 audit, the auditor updated this assessment. More features of the control environment were now considered to be ineffective: risk management, planning and budgeting, performance monitoring and legislative compliance. It is clear from the documentation that the auditor had not, and would not, rely on the control environment in determining their audit approach. Significant planning issues and risks were identified, including the impact of the wastewater project on the Council’s financial strategy. Significantly, in September 2011, the auditor sought to revalidate the audit approach given the emergence of major financial and management concern. In particular, the auditor appeared troubled by findings from an independent financial health check, concerns about valuation of the wastewater asset, and the emergence of rating issues. The auditor considered it was appropriate to keep relying on certain controls at a system level, but overall, the auditor’s approach was to conduct a substantive‐based audit.

176.19. It is clear that the auditor chose not to rely on the management control environment in 2011, and that they revised their assessment of key components they now judged ineffective. However, I am uncertain from the documentation on file whether this was because certain aspects of the control environment had deteriorated or because the auditor had received additional, or new, information to indicate the possible existence of significant deficiencies. The independent assessment and health check of the Council’s financial management practices identified many issues which were not in fact new, and raised concerns about the Council’s budget management practices. The auditor’s updated assessment draws on the findings from this independent assessment, and it is clear that they influenced the auditor’s conclusion that the Council’s budget management and planning practices were ineffective. Discussions with the auditor suggest that while many of the issues that forced the reassessment of the control environment assessment arose in 2011, they were probably there in previous audits.

176.20. In 2012, the auditor’s assessment of the management control environment was that it remained ineffective. This was based on similar findings and observations as in the prior 2011 audit. In making their assessment, the auditor reviewed the Council’s progress in implementing the recommendations from the 2011 independent financial health check, particularly what steps the Council had taken in terms of its management of debt and borrowings. (The independent report had noted significant financial issues arising from the increased level of debt to fund the wastewater project, and the need for a clear strategy to deal with this).

Overall, the auditor’s judgment about components of the control environment is extensively analysed and documented. The auditor notes significant concerns with the integrity of the control environment, and with potential management override in previous periods. The auditor does not rely on the entity level controls, and has designed the audit approach on the basis that these controls are ineffective. The planning documentation highlights a number of key risks and the auditor’s response to them. The auditor’s assessment of the control environment, the assessment of risk and the auditor’s response are clearly integrated.

The auditor’s assessment of the Council’s financial management control environment

177. Here, the auditor considered matters relating to the integration of planning and budgeting within the Council, and to the regularity of performance monitoring. Between 2003 and 2005, the auditor also considered contract tendering and management, as well as capital project management: each of these encompass matters relevant to the financial management control environment.

178. In considering the auditor’s entity level assessment of the Council’s financial management environment, direction and control, I am concerned that it focused on matters that were too narrowly defined or scoped. I also question whether the assessment sufficiently considered some matters that are highly relevant to the Council’s financial management. Documentation on the audit files indicates that only limited attention was given to the Council’s overall financial management practices and financial strategy, to understanding the implications of significant funding and financial decisions, and to the Council’s management and adherence to its funding and financial policies.

179. In 2011, the Council sought an independent financial health and sustainability review, different in scope from the audit of the Council’s annual report by the auditor. The independent review’s findings highlighted weaknesses and deficiencies in the Council’s financial management practices and financial sustainability. It also identified weaknesses in the Council’s budgeting and performance reporting, and raised concerns about the Council’s financial sustainability due to the completion of the wastewater project.

180. The auditor considered this independent review as part of the 2011 and 2012 audit, and took into account some of its findings when assessing the Council’s control environment during each of these audits. Importantly, the independent review identified deficiencies that existed both at the time it was completed and in earlier periods. However, I have found that the documentation supporting the auditor’s assessment of the management control environment fails to identify, or highlight, any of the matters that had been identified as an area of concern as part of the independent review.

181. In examining the audit files for evidence of the nature and extent of the matters considered by the auditor, I have found that:

181.1. Between 2003 and 2010, the auditor judged the Council’s budget‐setting process to be effective. Whether this assessment included consideration of budget‐setting at an entity and project level is insufficiently documented. There is no documentation to indicate that the auditor ever specifically considered the sufficiency and appropriateness of the budget‐setting process for the wastewater project during their 2003‐2005 project management assessment. Nor could I could find any 2006‐2009 documentation to indicate if, or how, the auditor considered the project’s escalating construction and development costs in relation to the Council’s budgeting processes.

181.2. The funding of the wastewater project placed pressure on the Council’s funding and financial strategy, and therefore directly impacted current and future ratepayers. As part of its project funding decisions, Council expanded its Treasury policies and practices to allow it to enter into complex financial derivatives such as interest rates swaps. But the auditor made no assessment of the wastewater project’s impact on the Council’s overall financial health and management. There is no documentation showing that the auditor considered whether the Council had the financial management competencies, processes and controls necessary to manage these complex financial instruments and its current and future financial challenges.

181.3. Between 2005 and 2009, the audit files document the emergence of systemic concerns about accounting for asset development, capital and maintenance costs, as well as the capitalization and expensing of these costs. It appears that the auditor responded to this specific risk when planning the audit approach to property, plant and equipment. However, there appears to have been no overall analysis of whether the ongoing emergence of such issues indicated a more systemic deficiency in the overall financial management control environment – or whether they pointed to deficiencies in the underlying financial systems and processes, or in the skills, competencies and knowledge of key management and staff.

181.4. By 2010, the auditor was alert to significant funding and financial issues – for example, the slowing of revenue from development contributions. The potential audit risk associated with these planning considerations was assessed, and appropriate audit test procedures were designed. But between 2006 and 2009, there is no documentation to indicate that the auditor was aware of any such funding and financial issues when they assessed the Council’s entity level control environment.

182. My review of the audit files reveals that numerous issues, deficiencies and complexities associated with the financial management of the Council’s operations emerged over time. In my view, if the auditor had considered them, they would have directly influenced the auditor’s assessment of risk and therefore the audit test procedures that were designed. Asked to respond to this proposition, Audit New Zealand queries whether the audit approach or the design of test procedures would have been affected if in fact the auditor had identified these issues/deficiencies. Audit New Zealand suggests that the auditor’s work on controls at a system level, together with the substantive approach adopted, enabled them to obtain the reasonable assurance required to satisfy the objectives of the audit.

183. I have taken account of this argument when considering whether the objectives of the audit were satisfied. Notwithstanding its potential validity, I can find no reason why the auditor should not also have considered the issues, deficiencies and complexities when assessing the management control environment throughout the entire period under review. I have found that the auditor increasingly did so between 2010 and 2012, including by taking account of the results of the independent financial health check. In my view, the need to consider these matters applied equally in the 2006‐2009 period.

4.2 KEY FINDINGS AND OBSERVATIONS – AUDITOR’S APPROACH TO ASSESSING THE COUNCIL’S COMPLIANCE WITH LEGISLATIVE REQUIREMENTS

Introduction

184. The terms of reference require me to consider whether Audit New Zealand sufficiently and appropriately:

• planned the audits so that they addressed the required legislative matters; and
• performed the audits to ensure that these matters were sufficiently and appropriately addressed.

Responsibilities for ensuring compliance with applicable laws and regulations

185. Within the overall accountability framework for public entities, responsibility for ensuring compliance with applicable legislation rests with the Council. Within the Council itself, primary responsibility rests with management. The Council’s governing body provides oversight and governance.

186. As already stated, the auditor’s responsibility is to plan and perform each audit to ensure that the overall audit objective is met – that is, to obtain reasonable assurance that the annual report or planning document is free from any material misstatement, whether caused by fraud or error. The auditor is not responsible for preventing non‐compliance and cannot be expected to detect non‐compliance with all laws and regulations.

187. In planning an audit engagement, the auditor must take account of the legal and regulatory framework within which the Council operates. They must consider the potential impact of applicable laws and regulations on the Council’s annual report, planning document or any other matter the auditor is required to report on.

188. The extent to which individual laws and regulations can affect the annual report or planning documents varies considerably. Some may have a direct material impact on the Council’s annual report – for example, the Local Government Rating Act 2002 (LGRA) or the Goods and Services Tax Act 1985. Compliance with other laws (for example, the Building Act or Resource Management Act) may be required because of the specific nature of Council’s activities and operations, or because they relate generally to the conduct of business in New Zealand (for example, laws and regulation relating to employment, health and safety). Legislation or regulation of this kind may not have a direct material impact on the recognition and disclosure of matters in the annual report or planning documents, but the Council must comply with them if it is to avoid material penalties or liabilities.

189. The auditor’s specific responsibilities in respect of legislative compliance include:

• obtaining sufficient evidence of the Council’s compliance with whatever laws and regulations are generally recognised as directly impacting on the determination of amounts or disclosures in an annual report or planning document;
• performing audit test procedures to help identify instances of non‐compliance that may have a material effect on the annual report or planning document; and
• responding appropriately to any non‐compliance or suspected non‐compliance.

190. The OAG’s auditing standards prescribe the requirements against which the auditor must plan and perform the audit, and clarify the scope of the auditor’s responsibilities. Those standards reiterate that the auditor is not responsible for preventing or detecting noncompliance. They stress the important distinction between the auditor’s work and the advice provided by Council’s independent legal advisors. The auditor’s responsibility to consider the laws and regulations applicable to the audit engagement must not be misconstrued: it does not mean that the auditor provides a legal opinion on the Council’s compliance with relevant laws and regulations. Auditors must not provide opinions (in a legal sense) on a public entity’s compliance with laws and regulations, other than the general assurance provided as a result of the audit.

191. In discharging their obligations, auditors are required to remain alert to the possibility that any of the audit test procedures used to form an opinion on an annual report or planning document may reveal actual or suspected non‐compliance. It is therefore important to maintain professional scepticism throughout the audit, given the nature and extent of the laws and regulations that may affect a Council.

192. There is an inherent risk that intended users of an annual report or planning document may misconstrue the obligations that the auditor is operating under: in other words, an expectation gap may arise. In particular, users may mistakenly expect that the auditor will detect all instances of non‐compliance with all laws and regulations, regardless of their potential impact on the annual report or planning document. Similarly, management may incorrectly assume the auditor’s opinion removes the need for Council to obtain independent legal advice on its legislative compliance. The auditor needs to be aware of the risk of such expectation gaps, and take steps to manage or mitigate them.

Considering legislative compliance in the annual report audit

193. The standards applicable to the audit of the annual report required the auditor to obtain:

• A general understanding of the legal and regulatory framework applicable to the Council, and the local government sector as a whole. The auditor then assessed the Council’s compliance with that framework.
• Sufficient evidence of the Council’s compliance with whatever laws and regulations are generally recognised as directly impacting on the determination of amounts or disclosures in an annual report or planning document.

194. I have reviewed the audit files to assess whether the auditor has met these standards in the annual report audit, and found that: 

194.1. The laws and regulations directly affecting the Council were outlined in the audit planning memorandum and/or other planning documentation. Auditors were also given guidance, including OAG sector briefs, setting out the legislation affecting the local government sector and the overall legislative framework within which the Council undertakes its operations and activities. The auditor has further categorised those laws and regulations into three separate groups as a way of showing their potential impact on the annual report, and therefore provide a basis from which to determine the nature and extent of audit testing to be performed. Overall, the auditor’s schedule of legislative and regulatory requirements appears sufficient and appropriate, as does the categorization.

194.2. Throughout the period of the review the primary focus of the auditor’s work on legislative compliance involved considering the following key laws and regulations, identified as category 1 legislation:

• Local Government Act 2002;
• Local Government Rating Act 2002;
• Local Authorities (Members’ Interest) Act 1968; and
• Local Government Elected Members Determinations.

There is evidence on each audit file to show that the auditor considered and assessed these legislative requirements, including (where appropriate) their impact on the Council’s annual report. I address separately the sufficiency and appropriateness of this work.

194.3. The auditor’s approach to category 2 legislation (legislation that is considered to have a fundamental effect on Council operations) and category 3 legislation (legislation which may result in significant financial, operational or political exposure) is set out in the audit planning documentation. Legislation in these categories includes the Resource Management Act 1991, Building Act 1991, Goods and Services Tax Act 1985 and more. The auditor considers that while laws and regulations in these categories are unlikely to have a material impact on the annual report, a further risk assessment would be appropriate – potentially on a periodic or cyclical basis. A planned response for each category was identified.

194.4. However, except for 2006, I found no evidence that the auditor in fact assessed any of the category 2 and 3 legislative requirements, nor did they consider or assess the possible impact of non‐compliance on the annual report. As part of the 2006 audit, there is evidence of a general risk assessment performed on the “Other Legislation”: it addressed matters required under the auditing standards applicable at the time. The auditor considered the risk of non‐compliance was not high and no further testing was required.

194.5. Audit New Zealand states that the auditor’s primary focus was on category 1 legislative requirements. The sector briefs, audit engagement letters and audit arrangement letters all confirm this. I accept that this emphasis was reasonable, and was clearly communicated to the Council.

194.6. However, the auditor’s planned audit approach clearly indicates that an assessment of category 2 and 3 legislative requirements was also appropriate – regardless of their potential impact on the annual report – and would be carried out. I consider that this planned approach was reasonable and appropriate.

194.7. Yet, as I have noted, apart from in 2006, there is no documentation showing the auditor ever assessed the potential impact on the annual report of non‐compliance with category 2 and 3 legislation. I can only conclude that this assessment did not happen. Without it, at least on a cyclical basis, the auditor could not reasonably assess the potential for non‐compliance by Council or demonstrate their own compliance with the auditing standards or planned audit approach.

194.8. The general audit approach required the auditor to understand the Council’s overall legislative control environment – how the Council ensured it maintained compliance with legislative requirements. Based on my review of the audit files, the auditor’s planned approach was, first, to review Council’s minutes to determine whether any instances of non‐compliance were reported to the governing body. They then carried out separate substantive tests and assessments (usually by completing checklists) to determine Council compliance with legislative requirements. Principally, the focus was on category 1 legislation. Finally, the auditor obtained representations from management and the Council about its compliance. I am broadly satisfied that this general approach was consistent with the requirements set out in the auditing standards.

194.9. In each audit, the auditor sought to understand and assess the Council’s overall legislative control environment – usually through discussions with management. The auditor noted the key features of that environment, and how those features contributed to an overall assessment of the control environment’s effectiveness. At an overall entity level, the auditor was not expected to test or corroborate the key features of the Council’s overarching legislative compliance systems and framework. However, it is reasonable to expect the auditor to be able to demonstrate, by means of documentation on the audit file, how they assessed the effectiveness of the Council’s control environment and satisfied themselves that the Council was compliant with legislative requirements. As I have already stated, documentation of the auditor’s professional judgement forms part of the evidence required to support their conclusions.

194.10. In support of their overall assessment the auditor has noted that the Council’s primary control was a six‐monthly legislative compliance confirmation completed by senior management. In some audits, the Council also used independent legal advice. From this, the auditor assessed that the control environment was effective. However, there was insufficient documentation to indicate how this assessment was reached. For example, the documentation does not tell us whether the auditor:

• considered the sufficiency and appropriateness of the confirmations;
• considered whether management’s six‐monthly sign‐off addressed those legislative requirements identified by the auditor as category 1, 2 or 3, or whether there was sufficient confirmation of management’s assessment of the impact these legislative requirements would have on the annual report;
• discussed with management whether instances of non‐compliance had been noted; or
• understood how Council management completed and signed off the six monthly confirmation.

I consider that this lack of documentation was a weakness in the auditor’s planning and performance of the audit.

194.11. Audit New Zealand asserts that in forming a view on the overall effectiveness of the Council’s legislative compliance framework there is no requirement for the auditor to test the underlying legislative compliance systems. They also contend that the auditor’s subsequent testing and assessment of Council’s compliance with category 1 legislation was largely independent of their assessment of the overall legislative control environment or framework. Any deficiencies in this latter work would not have influenced the nature and extent of any substantive testing, as these test procedures were largely prescribed through the legislative compliance checklists.

194.12. While I accept this general view, it raises two important issues. First, assessing the overall control environment contributes to an understanding of the risk of noncompliance with all legislation, not just category 1 legislation. Any weaknesses found in the general control environment would influence the auditor’s view of whether more regular or detailed testing should be performed in respect of category 2 and 3 legislation. Second, regardless of whether substantive testing was already prescribed, the auditor performed an assessment of the control environment and assessed it as effective. It is therefore reasonable to expect that auditor has carried out sufficient appropriate work, and exercised appropriate professional judgement, to support the conclusion reached. In my view, the deficiencies noted in the auditor’s assessment remain valid observations, in spite of the position advanced by Audit New Zealand.

194.13. In each audit, the auditor carried out substantive testing to assess the Council’s compliance with the requirements of category 1 legislation. Such testing generally involves completing checklists that highlight key legislative requirements and requires the auditor to assess whether the Council has complied with them.

194.14. Usually, the auditor completes the checklist by answering ‘yes’ or ‘no’ (‘no’ answers generally require follow‐up or additional explanation). I found no, or only limited, documentation of how the auditor applied their professional judgment to form a conclusion on compliance on the basis of these responses. Sometimes, the auditor can determine with reasonable certainty whether a requirement has been complied with – for example, the requirement for the annual report to recognise or disclose a matter set out in Schedule 10 of the Local Government Act. In such cases, a checklist approach has minimal risk as a way of making an assessment. However, the checklist may require the auditor to confirm other matters or provisions that require a higher level of professional judgment – for example, whether the Council has complied with the LGRA in determining the basis of a targeted rate. In these instances, a completed checklist cannot reveal how the auditor exercised their professional judgment or arrived at a conclusion. This observation echoes observations I have made elsewhere about the sufficiency, appropriateness and quality of documentation.

194.15. Audit New Zealand acknowledges that the standard of documentation provided by the checklists could be better, particularly for 2007. However, it argues that documentation standards improved through the 2010‐2012 period. Audit New Zealand also says it now expects auditors to document the judgments they have made in reaching conclusions.

194.16. I acknowledge that documentation standards did improve over this period, consistent with the general shift in accepted practice underway in the audit industry since 2003. However, I continue to have reservations about the quality of documentation supporting the responses in the checklists. I accept that using checklists to carry out substantive testing may be an efficient way to plan and perform audit test procedures, and that the use of checklists is a reasonable practice within the audit industry. But there are inherent limitations in responding ‘yes’ or ‘no’ to questions about which the auditor must exercise professional judgment. Accordingly, the auditor needs to take great care about how their professional judgment is documented when completing checklists (even if a response is in the affirmative). In the course of this review, I have seen checklists where the auditor’s response is confusing as to what audit testing was carried out to support the conclusion reached. This is shown, for example, in the auditor’s use of such phrases as nothing has come to our attention to suggest that information in the annual report does not comply with the requirements of the Act. Such wording is generally considered to be at odds with the purpose or objective of the audit. It is unclear from the documentation what work was undertaken by the auditor to support this conclusion or why the auditor expressed/documented the conclusion in the form of negative assurance. Where an auditor is required to summarise their judgment using a prescriptive, narrow checklist, the result can be inappropriate or insufficient documentation being left on file.

194.17. Another risk is that a ‘yes’ response could be interpreted as the auditor having determined with certainty that the Council has complied with a legislative requirement. I have already noted the inherent limitations of any audit and the fact that performing audit test procedures cannot be construed as the auditor having formed an opinion, in a legal sense, about the Council’s compliance. Documenting the auditor’s professional judgement is an important way of managing the audit expectation gap and of ensuring no misunderstandings of the nature and extent of assurance the auditor has obtained.

194.18. To evaluate the merits of using checklists, I sought comment from Audit New Zealand about how it manages their use and inherent limitations. Audit New Zealand advised me that its “checklists have been designed such that affirmative answers to all questions on the checklist provide sufficient assurance to the auditor to issue an unmodified opinion”. Audit New Zealand also indicates that “for many of the questions, a ‘Yes/No/NA’ response is appropriate. However, Audit New Zealand’s expectation is that where judgements have been exercised in forming conclusions those judgements should be documented. This has been a key part of our professional development training since 2007”.

The auditor’s assessment of the Council’s compliance with the LGRA in setting and assessing rates

194.19. I have considered in detail the auditor’s work on Council rates, including its assessment of Council’s compliance with key provisions of the LGRA. My findings and observations are detailed in section 4.5. Several of them inform my view of the auditor’s assessment of the Council’s compliance with category 1 legislation, namely:

• Responsibility for the setting and assessment of rates, and therefore ensuring compliance with the provisions of the LGRA rests with the Council. The auditor is primarily concerned with obtaining reasonable assurance that the recognition and disclosure of rates revenue, assets and liabilities in the annual report are free from any material misstatement.
• Overall, based on the objectives for the audit of the Council’s annual report, I determined that the general methodology, approach and test procedures (including test procedures to assess the Council’s compliance with the LGRA) were a reasonable, and appropriate, basis from which to plan and perform the audit engagement.
• The auditor has obtained a general understanding of how the Council ensures compliance with the LGRA and has completed the legislative compliance checklist applicable to the LGRA. Between 2003 and 2010 the auditor’s completion of this checklist and the performance of substantive audit test procedures did not identify any instances of non‐compliance with the LGRA. This is despite the Bill currently before Parliament identifying a number of instances of non‐compliance between 2006 and 2012.
• It is reasonable to expect that on the basis of the audit test procedures performed by the auditor to assess the Council’s compliance with the LGRA over the period covered by the Bill, that the issues and irregularities identified in the Bill, as outlined in section 4.5, should have been within the focus of the auditor and, in most cases, those irregularities should have been detected by the auditor.
• The issues and deficiencies in the work performed by the auditor on rates constitute non‐compliance with the auditing and professional standards that the auditor is required to adhere to. These issues will contribute to an overall assessment as to whether the objectives of the audit have been met. Notwithstanding these deficiencies I am satisfied that the auditor’s failure to identify the instances of non‐compliance would have been unlikely to have affected the issuing of an unqualified opinion on the Council’s financial statements. However, had those irregularities been identified it is likely that both the annual report and auditor’s report would have set out additional disclosures in respect of those matters.

Other general findings and observations

194.20. The auditor obtained representations from the Council that it accepted responsibility for ensuring compliance with all applicable legislative and regulatory requirements, and that – to the best of the Council’s knowledge – it had complied with those requirements. Between 2003 and 2009, these representations were unqualified. From 2010, the Council’s representations acknowledged potential irregularities in the setting and assessment of rates, and in its compliance with the Act. The 2006 ‐ 2009 representations made no reference to non‐compliance, despite the Bill now identifying there were instances of non‐compliance during this period.

194.21. Although such written representations form part of the necessary evidence for the audit engagement, and are required under the auditing standards, they do not on their own provide sufficient evidence about any matters they mention. I am satisfied that the auditor did not rely solely on the Council’s written representations, but had put in place other audit test procedures to obtain the reasonable assurance required.

194.22. My discussions with the auditors highlighted the highly subjective nature of the auditor’s work in this area – especially the assessments they must make to reach a conclusion about the Council’s legislative compliance, the nature and extent of work required to achieve a reasonable level of assurance, and how to evaluate the impact of non‐compliance on the audit objective or opinion issued. Each auditor indicated that while auditing standards may clearly outline the auditor’s responsibilities and obligations, the auditor considered that they had little guidance to help them determine whether they have achieved the necessary qualitative threshold or whether further testing may be required. I queried this matter with Audit New Zealand. Its response was that the guidance in the Audit Manual is clear, fully complies with the professional requirements set out in the OAG’s auditing standards (AG‐208 and AG ISA (NZ) 250) and that it provides training on this aspect of the Audit Manual as part of its professional development programme. Audit New Zealand acknowledges that the matter does warrant further attention and it intends to look at what improvements can be made. Given the objectives of the audit, and the potential for an expectation gap to arise in this area of the auditor’s work, this matter needs further attention from Audit New Zealand.

Considering legislative compliance in the audit of the Council’s planning documents

195. The audit of the Council’s planning documents differs in scope from the audit of the annual report. The Local Government Act explicitly requires the auditor to report on the Council’s compliance with the Act’s requirements for preparing and presenting the planning documents.

196. The nature and extent of the auditor’s responsibilities also differs from those applicable to an audit of the Council’s annual report. Most information set out in the planning document is forecast or prospective in nature. Clearly, the auditor cannot assess the Council’s prospective compliance with laws and regulations in future periods, as the actions which the legislative requirement would affect are yet to happen.

197. Thus, the auditor’s responsibilities are primarily limited to assessing whether the Council has complied with the Act in preparing the planning document. This would also encompass, where appropriate, an assessment of Council’s compliance with the relevant provisions of the LGRA (insofar as the setting of Council’s rates affect material amounts and disclosures in the planning document). However, the audit of the planning document does not review the Council’s assessment of the rates in respect of each property, as this is carried out after the planning document has been adopted.

198. In general terms, the auditor is required to obtain:

• a general understanding of the legal and regulatory framework applicable to the preparation of the planning document, and then assess how the Council has complied with that framework;
• sufficient appropriate evidence of the Council’s compliance with the Act (and, where appropriate, the LGRA) insofar as compliance may have a direct material impact on the determination of matters and disclosures set out in the planning document.

Significant findings and observations

199. I have reviewed the audit files in order to assess whether the auditor has met the requirements of the auditing standards applicable to the Council’s planning documents, and found that:

199.1. The methodology, audit approach and audit modules were structured to clearly demonstrate that the audit encompassed all relevant legislative requirements affecting the development of the planning document. Audit work was planned and organized so that the auditor could express an opinion on the draft Statement of Proposal (accompanying the draft LTCCP or LTP) prepared for community consultation.

199.2. The audit files clearly show that the auditor assessed whether each planning document included the content required in the Act, and addressed the necessary matters of presentation. The auditor completed a contents and integration review for each audit of Council planning documents or Statements of Proposal. No significant instances of non‐compliance were identified.

199.3. The auditor then made a separate qualitative assessment of the matters and disclosures set out in the planning document (for example, the auditor assessed whether the assumptions underlying the forecasts were reasonable and appropriate).

199.4. From reviewing the audit files, and my discussions with each of the auditors, it is clear that the auditor was aware the Council had obtained independent legal advice on key matters relevant to the preparation of planning documents and the wastewater project. It also appears that the auditor relied on this independent legal advice, which in the context of the objectives of the auditor would be reasonable and acceptable. Whether this advice is sufficient on its own or should be considered in connection with other audit evidence is a matter of professional judgment for the auditor. Despite the auditor’s reliance on the independent legal advice, however, there was insufficient documentation to demonstrate the nature and extent of the auditor’s reliance on this advice, including whether the advice is sufficient for the auditor’s purposes. Without this, there was a risk of the auditor becoming over‐dependent on the advice of independent legal advisors.

199.5. For each planning document audit, a detailed assessment of how the Council intended to develop its planning document was made, and whether the underlying systems, processes and information supporting the disclosures in the planning document were in place. Audit New Zealand has noted that the assessment serves two purposes. First, it serves as a reminder to the Council of the focus areas and a prompt for action in preparing the planning document. Second, it provides an information source and is one basis for the risk assessment for the audit (along with other factors such as the environmental scan, knowledge of the Council, assessment of controls and preliminary analytical procedures). Audit New Zealand notes that the Council’s self‐assessment is generally an expression of intent from which we can take little comfort – especially with respect to legislative compliance, which is fundamentally assessed by the auditor based on a LTCCP document that is produced and the audit work is to test that document itself, not what the Council plans to do.

199.6. While I generally accept Audit New Zealand’s position on this matter I would note that, particularly in respect of the 2006 audit, the self‐assessment checklist was used by the auditor to identify areas of audit focus and to effectively plan the work to be performed during the audit – the auditor used the responses in the selfassessment checklist to focus on particular matters likely to be a focus or issue in preparing the LTCCP. In my view, it is directly relevant to the matters the Act requires to be included in the LTCCP and therefore assisting the auditor to identify potential areas of legislative non‐compliance.

199.7. As noted, I have separately considered the auditor’s work on Council rates, including their assessment of Council’s compliance with key provisions of the LGRA. The findings and observations relating to this work are detailed separately in section 4.5; those that are directly relevant to this discussion are, in summary:

• The Council is responsible for setting and forecasting its rates for the period covered by the planning document, and therefore for ensuring compliance with the provisions of the LGRA. The auditor is primarily concerned with obtaining reasonable assurance that the rates outlined for the period of the planning document have been set in accordance with the applicable legislative requirements.
• Overall, based on the objectives for the audit of the Council’s planning document, I determined that the general methodology, approach and test procedures (including test procedures to assess the Council’s compliance with the LGRA) were a reasonable, and appropriate, basis from which to plan and perform the audit engagement. In particular, in 2009 and 2012, the auditor was required to confirm the rates resolution had been appropriately set and the cap on uniform charges and fixed dollar targeted rates had not been exceeded.
• In 2006, there was no evidence or documentation on file to indicate whether the auditor considered or tested whether the matters set out in the Council’s rates resolution were consistent with the matters set out in the Council’s funding impact statement. However, the auditor has considered whether the funding impact statement has been set in accordance with the LGRA. Despite the Council’s subsequent acknowledgement of irregularities in the setting of rates for 2006/2007 the auditor has identified no errors, omissions or issues in the setting of the rates. The same deficiency is noted in the performance of audit work related to the 2009 planning document.
• In the case of the 2012 audit there is evidence and documentation on file to indicate that the auditor has considered the use and basis of general, differential and targeted rates. The auditor has placed reliance on the work performed by the Council’s independent legal advisor in determining whether the Council has complied with the requirements set out in the LGRA. While accepting that such reliance is reasonable in appropriate circumstances, there is insufficient documentation to demonstrate the extent of reliance the auditor placed on the independent advice or how the auditor exercised their professional judgement in determining whether the advice was sufficient and appropriate in the context of the objectives of the audit or the conclusions being reached by the auditor. Without such documentation it is difficult for me to assess how the auditor managed the potential risk of over‐reliance or over‐dependency on the advice of independent legal advisors, neither of which is desirable.

4.3 KEY FINDINGS AND OBSERVATIONS – AUDIT OF THE COUNCIL’S KEY PLANNING DOCUMENTS, LONG‐TERM COUNCIL COMMUNITY PLAN (LTCCP) AND LONG‐TERM PLAN (LTP)

Introduction

200. The terms of reference require me to assess Audit New Zealand’s audits of the Council’s principal planning documents – the 2006 and 2009 long‐term council community plans (LTCCP) and the 2012 long‐term plan (LTP).

201. For each planning document, the audit objective and scope was slightly different. When the Act was amended in 2010, the scope and content of the LTCCP was reorganized into what is now referred to as the LTP; there were also changes in the nature and extent of the auditor’s responsibilities to form an opinion on the planning document. For clarity, those responsibilities throughout the whole period were:

2006 and 2009 long‐term council community plans – in accordance with sections 84(4) and 94(1) of the Act, which applied at the time, the auditor was required to report on:

• the extent to which the Council complied with the requirements of the Act in respect of the LTCCP;
• the quality of the information and assumptions underlying the forecast information in the LTCCP; and
• the extent to which the forecast information and proposed performance measures in the LTCCP provided an appropriate framework for meaningful assessment of the actual levels of service provision.

2012 long‐term plan – following the 2010 amendment to the Act, the responsibilities of the auditor were limited to reporting on:

• the extent to which the Council complied with the requirements of the Act in respect of the LTP; and
• the quality of the information and assumptions underlying the forecast information in the LTP.

202. The Act makes it clear that the auditor shall not comment on the merits of any policy content in the planning documents. Responsibility for the policy content rests with the Council, in consultation with the wider community. The purpose of any audit is to enhance the degree of confidence that intended users can have in the information set out in the planning document, which is a basis for consultation, engagement and decision‐making between the Council and the community. The auditor’s objective is to obtain reasonable assurance that the planning document is free from any material misstatement and that the objectives of the audit, as set above, are met.

203. Any assessment of the adequacy of Audit New Zealand’s audit planning, performance and reporting must therefore take account of the scope and objective of the audit.

204. Where possible, this section draws together the findings and observations from each audit into one overall set of conclusions. Findings that are specific to one particular audit engagement are separately identified.

Development of the audit methodology and audit approach

205. The OAG developed the following methodologies for auditing the Council’s planning documents:

2006 LTCCP Audit

206. This was the first time this planning document was required to be audited. It was recognized across the sector that local authorities would take time to develop their systems, processes and procedures to the point that the information they included in their LTCCPs was of the standard expected by the Act. There was also considerable concern over the current state of asset management planning across the sector. From an audit perspective, one of the key risks was whether asset management plans adequately supported Council’s specification of services, and the quality and robustness of the Council’s long‐term financial forecasts.

207. The methodology developed by the OAG appears to have adequately addressed this evolving state of affairs. It strongly emphasised:

• the Council completing a self‐assessment checklist to ensure that the LTCCP adequately covered all matters required to be included in the planning document under the Act – covering community outcomes, decision‐making and consultation, the quality of underlying performance management systems and other matters;
• the assessment and testing of the control systems that produced information for inclusion in the LTCCP. Given the objectives of the audit and the nature, extent and source of information required to compile the LTCCP, the 2006 methodology acknowledged the limitations of a substantive approach to the auditing of these control systems at the time of the audit. There was a strong focus on ensuring adequate systems were in place to produce the information required for the LTCCP; and
• ensuring forecasts were based on the best possible estimates and best available knowledge, and were consistent with the Council’s policies.

208. Significantly, the methodology suggested that the decision to perform substantive tests would depend on the auditor’s preliminary planning and assessment of risk, and the results of any controls testing.

209. Compared to subsequent audits in 2009 and 2012, the 2006 methodology focused less on the need for the auditor to consider the financial prudence and affordability of the plans and forecasts set out in the LTCCP. However, it emphasised the need for the auditor to have a strong background understanding of the Council and its operations when planning and performing the audit.

210. There is clear evidence that the OAG liaised with Audit New Zealand and auditors in developing and rolling out the audit methodology. A number of checklists were developed to guide the auditor.

2009 LTCCP Audit

211. The methodology for this audit refined and updated that used for the 2006 audit. It recognised sector‐wide improvements had been made to the systems, processes and information supporting the information and content of the 2009 LTCCP.

212. Based on the lessons drawn from the 2006 audit, the 2009 methodology now placed more focus on:

• how individual Councils were implementing the principle of sustainable development;
• ensuring that the LTCCP provided clear information about the choices that the community had in regards the services and activities being provided;
• enhancing the information set out in the LTCCP regarding the Council’s financial management practice and financial prudence;
• performance frameworks and measures to assess the Council’s ongoing performance; and
• ensuring that the Council had adequate information to support the matters and disclosures set out in the LTCCP.

213. There was a greater focus on the need for the auditor to perform substantive audit test procedures, substantive analytical procedures and audit test procedures to confirm supporting information, forecasts and computations used by the Council. This methodology and approach was comprehensively documented and delivered to auditors.

214. In my view, these were significant enhancements that strengthened the link between the work expected of the auditor and that required to satisfy the objectives of the audit objectives. Compared with the 2006 methodology, the new audit test procedures required the auditor to apply greater focus and more effort to obtain reasonable assurance on the matters they needed to report on.

2012 LTP Audit

215. The methodology integrated all key aspects of the 2009 methodology, but was updated to reflect the 2010 amendment to the Act (see paragraph 2.2 above).

216. It continued to emphasise the need for the auditor to consider matters of financial prudence, affordability and the Council’s overall financial strategy when forming an opinion on the LTP and other matters. It also clearly directed auditors that Councils needed to ensure the LTP engaged the community in the right debate – that is, that the LTP needed to outline matters that were relevant and significant to the activities and challenges facing the Council.

Key Findings and observations

217. Clearly, the methodology developed by the OAG evolved considerably since the 2006 audit. In my view:

217.1. For each audit, the planned audit approach was consistent in all material respects with the audit methodology. The audit approach recognised the key areas of audit emphasis identified by the OAG and integrated them within the planning modules developed as part of the methodology.

217.2. Audit New Zealand and each auditor agreed that the methodology adopted for each of the three audits provided a reasonable basis from which to plan and perform the audit. It was also generally agreed that the auditor would be able to obtain reasonable assurance about the matters on which they were required to report if they carried out the audit in accordance with the methodology.

217.3. The methodology and approach developed for the 2009 audit, and subsequently updated for the 2012 audit, was more comprehensive and integrated than the 2006 methodology. Enhancements were made consistent with the sector‐wide evolution of the planning documents and their changing areas of focus since they were first audited in 2006. In particular, the enhancements acknowledged the evolving state of Council planning systems and the information required to support the preparation of the planning document. In 2006 there was a greater focus on ensuring legislative compliance and comparatively less on matters where there is now greater focus or emphasis – financial prudence, ensuring the right debate is outlined in the LTP from which to effectively engage the community etc. It was generally recognised at the time that the 2006 methodology appropriately reflected the fact that many Councils were struggling to develop the information and systems required to support the information required to be outlined in the LTCCP. In particular, during the 2006 audit, Audit New Zealand had a number of concerns regarding the quality of the Council’s asset management plans. Notwithstanding the evolving or changing nature of the audit methodology, the methodology developed in respect of each of the 3 planning document audits was reasonable and appropriate in respect of the objectives of the audit at that time.

217.4. In the 2006 audit, the auditor placed significant emphasis on the Council’s completion of the self‐assessment checklist. It served two main purposes. First, it reminded the Council of the audit’s likely key areas of focus so it could attend to them when preparing the LTCCP. Second, the checklist provided a basis for the auditor’s risk assessment by highlighting areas where more focus was required during testing. It supported other areas of the auditor’s work in planning audit test procedures – including assessing controls and the control environment, environmental scanning, and the preliminary performance of analytical review procedures.

217.5. The auditor and the OAG both reviewed the self‐assessment checklists. But when I examined the documentation on the audit file, I found it difficult to clearly see the linkages between (a) the Council’s responses to the matters set out in the checklist, (b) the auditor’s assessment of whether these responses were reasonable, (c) the auditor’s broader understanding of the Council’s operations, activities and management control environment, (d) the auditor’s resulting risk assessment, and therefore (e) the nature and extent of audit test procedures that would otherwise need to be performed by the auditor to satisfy the objectives of the audit.

217.6. Audit New Zealand asserts that, after the OAG and the auditor had reviewed the self‐assessment checklists, the risks they identified were recorded in the audit planning memorandum. It also suggests that the self‐assessment would not have resulted in reduced testing of the LTCCP, as the balance of the LTCCP audit contained minimum mandatory procedures. It says that the only area where the self‐assessment solely appears to be used for audit evidence was around the component of the LTCCP where the Council identified the community outcomes and decision‐making processes. In these areas, Audit New Zealand says that the self‐assessment was consistent with the expectations of the audit. Moreover, it notes that community outcomes were in fact outside the scope of the audit opinion, other than from a legislative compliance perspective.

217.7. In my view, there seems little doubt that the self‐assessment checklist effectively served the first of its intended objectives – to focus the Council on key aspects of the LTCCP and subsequent audit. The OAG’s review helped improve the consistency with which LTCCPs were prepared across the sector, and also enabled it to give direct and timely feedback to the Council.

217.8. However, I am concerned about the second of the two objectives – there is insufficient documentation on the audit file to show whether the Council’s selfassessments were a reasonable basis for this risk assessment: did the auditor consider the Council’s responses consistent with their own understanding and, if so, how did they exercise their professional judgment? There was an inherent risk that the Council’s responses to matters identified in the checklist might be more positive than was reasonable (and of course this risk applies to all audits across the sector, not just the Council’s LTCCP audit). Other than the fact that the selfassessment was reviewed by the OAG and the auditor, there is insufficient documentation as to whether, in the auditor’s professional judgement, the matters identified by the Council were sufficient, complete and appropriate in the context of the matters being commented on. If as, Audit New Zealand argues, the selfassessment checklist did not lead to a reduction in subsequent audit testing (see paragraph 217.6 above), then this would go some way to mitigating that risk. However, I would note that the auditing standards require auditors to assess the adequacy of information produced by the Council, or any independent third party, if they intend to rely on or use that information as part of their audit. The auditor asserts that the self‐assessment checklists were reviewed, and I accept this. However, I remain concerned about the insufficiency of the documentation. The audit files do not reveal the extent to which the auditor used the information to assist them in determining their risk assessment and, if they did, how, in the auditor’s professional judgment, the information the Council supplied was considered to be complete, sufficient and appropriate to use when identifying the audit risks associated with the 2006 LTCCP – and therefore the auditor’s subsequent areas of focus or testing.

217.9. In subsequent audits, the self‐assessment checklist was completed by the auditor, not the Council. In doing so, the auditor would have used their professional judgment about the matters identified and documented it on the checklist itself, thereby creating evidence of that judgment being exercised. But I have concerns about the quality of the 2006 audit, because there it was the Council who identified the matters reported in the checklist. However, I accept Audit New Zealand’s proposition that the issue was unlikely to have any consequential impact on the auditor’s work towards satisfying the audit objectives.

217.10. Finally, in assessing the methodology, I have considered its application to the wastewater project. Given the significance of the project to the community and the Council, did the methodology require the auditor to apply sufficient focus and effort to this project? I am satisfied it did, in the event that the wastewater project was found to have a significant impact on the planning document’s disclosures – even if that focus and effort was limited to the auditor documenting their judgment as to why the project did or did not form part of their testing.

The LTCCP audit – audit planning and risk assessments

218. At the time the 2006 LTCCP was developed, scoping and planning of the wastewater project had already commenced. By the time of the 2009 LTCCP, it was nearing completion, although its scope, funding and financial implications had changed significantly from that set out in the 2006 LTCCP. In 2007 the Council amended the 2006 LTCCP to reflect these changes, and to update the project’s cost and funding projections. By the time of the 2012 LTP audit, the wastewater project was finished and the resulting infrastructure asset had been commissioned. The plant and infrastructure asset were fully operational. However, between the 2009 LTCCP and the 2012 LTP, a number of irregularities relating to the wastewater project had been identified.

219. The terms of reference require me to consider whether, in planning and performing the audits, the auditor was sufficiently focused on significant material risks or financial matters, including those directly relevant to the wastewater project.

Audit Documentation – Knowledge and Understanding of the Wastewater Project

220. Each of the auditors responsible for the respective LTCCP audits told me they were generally aware of the project’s background, history and progress at the time the audits were underway.

221. In planning a LTCCP audit, the auditor draws on information obtained from the Council’s annual report and previous LTCCP audits. Similarly, the auditor is informed by professional judgment exercised in relevant previous audits. This is reasonable and appropriate, and consistent with Audit New Zealand’s philosophy of auditing the entity.

222. However, auditing standards require the auditor to document how they have used any earlier information, and why they consider it remains relevant to the current audit. Each audit file must contain sufficient appropriate audit evidence to stand on its own in support of the opinion issued.

223. I have no doubt that each auditor had some awareness and understanding of the wastewater project, much of it accumulated over the course of previous audits. However, I have identified deficiencies in how the auditor used this knowledge in planning and performing the 2006 and 2009 LTCCP audits. These include:

• Insufficient documentation on the audit files to show what information the auditor used, and/or the professional judgments they relied on from those previous audits when carrying out the current audit;
• Insufficient documentation of why the auditor considered it appropriate to rely on this previous information. During interviews and discussions with the auditor, they clearly considered a number of important matters had been dealt with in previous LTCCPs or amendments and therefore required no further work or update. There is insufficient documentation of whether and how the auditor exercised their professional judgment. (As a general observation, it has been a constant challenge throughout this review to establish the basis for the auditor’s judgment and work at a particular point in time, and to then effectively manage the risk of hindsight. Examining the documentation on the audit files has been an important means of managing this risk. However, on several occasions my discussions with the auditor revealed an understanding of the wastewater project that was not adequately reflected in the documentation.)
• An inherent risk that the auditor relied on an incomplete base level of knowledge and information about the wastewater project when planning subsequent audits.

The auditor’s identification of key planning/audit risks associated with the wastewater project, and their impact on the audit

224. The auditor did not identify the wastewater project as a key audit risk or area for focus in either the 2006 or 2009 LTCCP audits. No matters of concern were documented in the auditor’s consideration of the overall control environment. Further, I found no evidence that the LTCCP planning modules project included any specific consideration or testing of the project, or of its impact on the LTCCP.

225. Based on the significance of the wastewater project at the time of the LTCCP audit, the project – especially its future funding and financial impact – should have been a significant area of audit focus. This has been acknowledged by Audit New Zealand: they say that while the planning approach was consistent with the expectations of other audits, it is unclear why the sewerage activity was not selected for testing. Audit New Zealand also note that “In the financial year to 30 June 2006 the MEWS project increased from $17.5m to $26m when the contract was entered into, to $35m in the LTP. MEWS should have been an area of focus, but was not”.

226. Given the requirements for the preparing the LTCCP, and therefore the matters on which the auditor was required to report, it is reasonable to suggest that the wastewater project should have been considered significant. Factors that support this assertion include:

• the scope, size and scale of the project and its impact on both the Council’s operations and the wider community (including the obligations on the Council to engage and consult);
• the project’s strategic importance in managing future population and development growth within the region;
• the project’s funding and financial implications (including the impact on funding from rates, development contributions and borrowings, the projected operating and capital expenditure requirements, the impact of the project on the assets and liabilities of the Council, the impact on Council’s financial policies and, finally, the project’s significance within the Council’s overall funding and financial strategy);
• the significance of the Council’s planning assumptions in ensuring that future financial forecasts were robust, and that the Council would be able to keep assessing the affordability and financial impact on ratepayers;
• the auditor’s awareness of early problems with the contracting and awarding of the project, which would have prompted a wider interest in the project’s progress;
• the impact of updated forecasts, projections, timelines and financial planning assumptions that started to affect the overall cost and funding implications of the wastewater project before 2006, and then between 2006 – 2009. The auditor should have focused on the size and impact of these updated financial projections. The difference between the contracted value and the budgets forecast in the LTCCP should have been carefully examined to determine if the budget information was reasonable and appropriate; and
• the significance of the approach to project management and construction adopted by the Council.

227. In relation to this last factor, all the auditors agree that the Council’s decision to outsource the management and funding of the wastewater project was appropriate. The Council believed that it lacked sufficient capability, capacity and the technical expertise needed to appropriately manage the wastewater project. The auditor also noted that the Council had adopted a low‐risk strategy and wanted to avoid any significant exposure to financial overrun or cost blow-out on the project.

228. I am not required to form a view about whether the Council’s risk and project management strategy was reasonable or appropriate. However, it is clear that the auditor believed it was, and this professional judgment is significant. Unfortunately, the audit files provide insufficient documentation of the basis for that judgment and how it influenced subsequent audit planning and the identification of audit risks.

229. Any decision by Council to outsource the project would never absolve it from its ultimate responsibility to maintain appropriate project oversight and control. Such a decision would change, rather than eliminate, the auditor’s need to assess the impact on audit risk and testing. I was unable to find any documentation showing how the auditor assessed this risk and its possible impact on the overall management control environment, or what testing may have been helped the auditor evaluate the Council’s project management strategy. There is insufficient evidence to indicate whether the auditor developed a sufficient understanding of the governance and management arrangements by which the Council maintained appropriate oversight and ensured the right information was disclosed in the LTCCP.

230. Overall, the risks and implications of the wastewater project for the LTCCP were not clearly documented on the audit file. The extent of the auditor’s understanding of the wastewater project at the time the audit was carried out is thus unclear. Further, significant audit risks were not identified in respect of the wastewater project, nor their impact on the LTCCP. The documentation also shows little, if any, testing and consideration of the wastewater project. Yet the wastewater project should have been a significant part of the work the auditor was required to perform as part of the planning modules.

231. As revealed in subsequent financial periods, there were numerous problems associated with the management of the wastewater project. Some affected the way the project was disclosed and treated in the Council’s planning documents (for example, the accounting treatment of the asset, the robustness of the growth and funding forecasts etc.). The fact that the auditor gave insufficient consideration and focus to the wastewater project in the performance of audit test procedures meant that these financial and funding issues were not sufficiently and appropriately considered during the planning and performance of the audit.

The auditor’s understanding of the management control environment and how it determined the planning approach and areas of audit focus

232. The completion of the self‐assessment checklists, together with the auditor’s knowledge of the Council and its operations and activities, were the main ways the auditor built an understanding of the management control environment and its influence on the LTCCP.

233. As we have seen, in the 2006 audit, the self‐assessment checklist was completed by the Council, then considered by the auditor and the OAG (through a hot review process). In 2009, the self‐assessment questions were completed by the Council and returned to the auditor. The auditor then used this information to complete the template to assess the Council’s self‐assessment document. I discuss this in paragraphs 217.4‐217.9, including my view on the auditor’s subsequent reliance on the checklists in planning and performing the audit.

234. The documentation on the audit file indicates that the auditor’s analysis of the management control environment was reasonably high‐level and generic. The extent to which the auditor was drawing on previous knowledge of the client’s management control environment was not clear from the documentation. Similarly, it was not clear from the checklist how the auditor exercised their judgment to support the conclusions drawn. Consideration of the methodology and planning modules developed for both audits appears to envisage that the auditor would undertake a more comprehensive assessment and focus on key audit risks. It is reasonable to suggest that the auditor would follow‐up, verify or validate key matters before determining the approach and testing to be applied.

235. The self‐assessment and contextual risk review were key inputs into the auditor’s identification of planning issues and risks. In the case of the 2009 audit, they were also factors that influenced the decision on whether to adopt a controls‐ or substantive‐based audit approach. In general, I found it difficult to understand how the auditor established linkages between each of the audit planning modules. The auditor duly completed each module, but how they exercised their judgment when drawing on previously completed modules (such as the self‐assessment) was not always clear.

Audit work on the wastewater project as part of key LTCCP planning modules

236. The LTCCP planning modules guide the auditor on performing and conducting the audit. The auditor exercises professional judgment to determine the key audit risks or areas of focus, and the nature and extent of audit testing to be performed.

237. As noted previously, the auditor did not identify the wastewater project as a risk or a significant area of focus for testing in either the 2006 or 2009 audits. This is borne out by the lack of documentation, apart from minimal reference to the wastewater project, throughout the planning modules. There is no documentation showing that the auditor considered the financial forecasts, funding implications or assumptions underpinning either of these projections and forecasts. There is insufficient documentation to indicate how the auditor satisfied themselves that the LTCCP appropriately reflected the wastewater project, including its financial and funding implications – despite the strong likelihood that the project, underlying assets, service levels and implications on the financial strategy would significantly impact on the disclosures in the LTCCP.

238. In the 2009 audit, when the wastewater project was nearing completion, it was likely there would have been a significant focus on the project in the following planning modules:

• Asset and activity management
• Linkages to other documents
• Assumptions
• Financial prudence

239. In the 2009 audit, the auditor adopted a substantive approach to planning and performing audit test procedures. Based on the documentation available on the audit file, there is no evidence that the auditor identified or considered the wastewater project as an area of audit risk or focus. As a consequence, there is no evidence or documentation to indicate whether the auditor considered the impact of the wastewater project on the waste water activity or that there was any consideration or assessment of the basis of the financial projections and forecasts or the impact/implications of the project and resulting asset on the Council’s financial strategy (including consideration of the financial prudence).

240. Given the nature of my review, I need to carefully manage the risk of hindsight and speculation. As a consequence, I am not in position to conclude what would have been identified, and what conclusions the auditor would have reached, had testing of the project’s implications – a significant matter in the overall LTCCP – been carried out under the above modules.

241. Despite the auditor failing to consider the audit risks in the specific context of the 2009 LTCCP, there is evidence on other audit files that the auditor should have been on alert to risks associated with the planning assumptions and financial forecasts etc. Discussions and interviews with the auditors, and my review of the audit files, reveal the auditor performed analytical procedures that highlighted variances in funding and revenue streams related to the project: these should have alerted the auditor to potential problems. Why the auditor did not perceive this as an area of audit risk or focus, and why no consideration was given to further substantive testing of the robustness of these forecasts and planning assumptions in the 2009 LTCCP, is not documented. As a consequence, there is no evidence to demonstrate that the auditor sufficiently considered the implications of these forecasts on the Council’s financial strategy, or the general affordability and prudence of the wastewater project for the Council or community.

Other matters

Asset and Activity Management

242. In both the 2006 and 2009 audits, the OAG had identified the quality and robustness of AMPs as a key concern across the local government sector. Audit work was carried out during these audits to enable the auditor to consider and assess the sufficiency and quality of the Council’s AMPs.

243. Audit New Zealand considered the waste water AMP in 2006. However, the work it undertook was generic, dealing with the overall risk rather than specifically detailing the risk resulting from the Council’s management of the project. Audit New Zealand has indicated that the wastewater project was not contained within the five sections that made up the waste water AMP. I found no evidence that the auditor considered the impact of the wastewater project on the waste water AMP or the asset service levels over the period of the LTCCP. There is insufficient documentation to determine whether the auditor was satisfied that the financial projections set out in the LTCCP were appropriately supported by the service levels and financial forecasts set out in the AMP or other similar Council planning documents in respect of the wastewater project.

244. The auditor for the 2006 audit indicated that they were comfortable with the level of disclosure about the project throughout the draft LTCCP. They seemed to have no particular concerns about the project’s overall management. This level of comfort appears to derive from work previously performed as part of the Council’s annual report

245. On this basis, and given that the community had been given an opportunity to comment on the LTCCP, the auditor did not believe that specific testing or consideration was necessary. Instead, they focused much of their effort on roading, planning and policy activities in 2006 and roading, water and refuse in 2009.

246. I accept that roading constituted a significant activity in terms of the Council’s overall planning. It was therefore reasonable to expect that this activity would be a particular focus for the auditor, although – as I have repeatedly observed throughout this report – the potential audit risks associated with this activity were insufficiently documented when the audit was in the planning stages.

247. Notwithstanding, I find there were significant deficiencies in the planning and performance of the audit due to the lack of documentation of (a) how the auditor assessed the risks of the wastewater project in relation to the LTCCP, (b) what knowledge or information the auditor drew on from other audits or sources and (c) the view that no specific testing of the project was considered necessary. In my view, a review of the methodology clearly shows that the project would significantly impact many aspects of the LTCCP planning approach and modules.

Linkages to other documents

248. Funding the project was a significant consideration for the Council. The Council relied on targeted rates (including the one‐off targeted rate) and development contributions as the primary sources of income to fund the project. The receipt of development contributions is inextricably linked to current and future growth projections. The Council’s segmented debt policy was established, in part, to allow the Council to fund significant infrastructure by debt but to have this debt segmented away from the Council’s core debt. Without this segmentation, the Council would most likely breach its prudential borrowing limits.

249. Each of these policies formed a significant part of the LTCCP. The revenue and funding implications were material. Yet these policies were not subject to detailed testing or consideration by the auditor. Significantly, the Council’s development contributions policy was not correctly adopted as part of the adoption of the 2009 LTCCP: this was not identified by the auditor.

Assumptions and financial prudence

250. The 2009 methodology and audit approach required the auditors to focus to a greater extent on the Council’s forecasts and projections, the quality of the underlying assumptions and the financial prudence of the overall plan.

251. Based on my review of the audit file, I find:

• There was insufficient consideration, corroboration and/or challenging of the planning assumptions and the robustness of the information underpinning the financial forecasts;
• The auditor had reason to consider whether key growth assumptions remained valid and therefore their likely impact on the overall funding decisions for the project;
• Financial forecasts and projections are inherently sensitive to the underlying assumptions. As the wastewater project did not form part of the approach and testing performed by the auditor, subjecting the development contribution projections to any sensitivity analysis was not considered;
• There was no evidence or documentation to demonstrate how the auditor linked the AMPs, levels of service, key planning assumptions and financial forecasts;
• The auditor relied heavily on the external financial modelling of the project funding. There was little, if any, evidence to indicate how the auditor assessed the modelling output as adequate to support the LTCCP forecasts. As it was, the modelling needed to be significantly updated for the 2012 LTP audit.
• The financial prudence module was not properly completed because it failed to sufficiently integrate key matters from other planning modules so that the auditor could form an overall judgment of the LTCCP’s financial prudence.

Observations and Findings from a Review of the 2012 LTP Audit File

252. By contrast with the 2006 and 2009 audits, the key audit risks and issues affecting the Council were extensively documented and considered in the planning of this audit. There was a more comprehensive assessment of the risks associated with the operation of the asset and the overall financial situation that the Council now found itself in.

253. The audit file also demonstrates a more extensive analysis of the planning issues and risks relevant to the 2012 LTP and how these affected the planning and performance of test procedures. The audit file shows evidence of reasonable linkages and logic between the planning issues and the compliance, controls and substantive test procedures to be performed.

254. There is also evidence to indicate the auditor was alert to the significant issues that had emerged about the Council’s management and governance of the project, and had taken them into account in planning and performing the audit.

255. Significantly, the quality of the audit file and particularly the documentation indicates that many of the concerns identified in a review of the 2006 and 2009 audit files were rectified in 2012. Planning modules were sufficiently and appropriately completed.

256. Clearly, there was a significant increase in the level of effort and resources applied to the audit. Significantly more actual hours were spent on the audit than had been budgeted or spent in the previous two audits.

257. Audit New Zealand consider that the magnitude of the problems identified with the Council’s governance and financial management, and with the wastewater project generally, meant the audit team had to perform whatever work was necessary to ensure that the information set out in the LTP was robust, sufficient and appropriate.

258. From a public interest perspective, this is understandable. But it raises some important questions about the level of effort and resource required to satisfy the objectives for auditing an LTP. In the 2012 audit, the additional audit test procedures allowed the auditor to obtain reasonable assurance over the matters on which they were required to report, and to issue an unqualified audit opinion. Thus, the objectives of the audit were met. However, I note that the level of resource and work effort was significantly higher than that budgeted. The questions I have therefore are, first, whether the original budget was a reasonable basis for the planning and performance of the audit and, second, what can be regarded as the reasonable, or minimum, level of resourcing and effort required for the auditor to satisfy the objectives of the audit. In my view, these are important public interest considerations – ensuring that reasonable cost of auditor obtaining the required level of assurance is transparent and understood and ensuring that the auditor has sufficient appropriate resources to satisfy the objective of the audit.

4.4 KEY FINDINGS AND OBSERVATIONS – QUALITY CONTROLS SYSTEMS, PROCESSES AND PROCEDURES

259. The terms of reference require me to consider whether the auditors applied adequate quality control mechanisms, processes and procedures in planning and performing the audits.

260. The OAG’s standard on quality control requires Audit New Zealand to:

• Maintain a system of quality control at an organisational level that is designed to provide reasonable assurance that the organisation and staff comply with relevant professional and ethical standards, legal and regulatory requirements and ensure that reports issued by Audit New Zealand are appropriate; and
• Implement appropriate quality control procedures at an audit engagement level to ensure that the engagement complies with relevant professional and ethical standards, legal and regulatory requirements and that the audit report issued is appropriate in the circumstances

261. The OAG standard also sets out the requirements for quality control reviews of audit engagements. Engagement quality control reviews (EQCRs) are required for all audits over 500 hours or where the audit is considered high risk. In all but the 2009 annual report audit, and the 2006 and 2009 audit of the Council’s planning documents, the budgeted hours for the Council’s audit exceeded this 500 hour threshold.

262. I have reviewed the quality control mechanisms applied to each Council audit against these requirements and expectations, and make the following findings:

Overall system of quality control

263. The evidence shows that Audit New Zealand developed and maintained a system of quality control at an organisational level throughout the review period. Elements of this system include assigning leadership responsibilities, ensuring adherence with relevant ethical and professional requirements, accepting and maintaining relationships with clients, managing human resources within the organisation, maintaining engagement performance, and monitoring processes.

264. Over the period covered by this review Audit New Zealand also sought three independent reviews of its quality control system and its engagement performance. One review was conducted by the Australasian Council of Auditors‐General (ACAG) on invitation by the then Auditor‐General. There were also two independent reviews conducted by the New Zealand Institute of Chartered Accountants (NZICA). These reviews were similar in scope to those performed on other chartered accounting practices. In all three cases, the independent reviewers issued reports. No adverse findings were made.

Engagement Quality Control Review (EQCR)

265. Where an audit is less than 500 hours, Audit New Zealand’s system of quality control requires an auditor to assess, for the purpose of determining whether an EQCR¹³ is required, whether the client may be considered a high risk. This risk assessment is made against a broad set of risk‐based criteria. Auditors advise the General Manager, Professional Practices of their assessments annually, and it is decided whether to assign an EQCR to the particular client and/or auditor.

266. As it stands, the General Manager, Professional Practices relies on the fact that a detailed assessment has been appropriately made by the auditor. The observations and judgments that have informed those assessments are not immediately obvious to the General Manager, Professional Practices when making a final decision. The focus and scope of the matters brought to the attention of the decision‐maker, and the fact that the auditor does not necessarily outline the judgment exercised in making an individual assessment, together pose an inherent risk to the decision‐making process.

267. For the audit of the Council’s 2009 annual report, the budgeted hours were below the 500 threshold set by the OAG. A separate assessment of whether the Council was high risk was therefore required. The auditor prepared an EQCR assessment (by way of a summary question and answer checklist) and forwarded it to the General Manager, Professional Practices. The auditor’s assessment was that the Council was not considered a high risk and therefore a request for dispensation from an EQCR review was sought. The request was granted by the General Manager, Professional Practices. The process adopted by the auditor raises two concerns:

267.1. The auditor’s assessment noted that there were no weaknesses in the Council’s management control environment and that there were no significant issues noted in prior years. This reflected the auditor’s view at that time, and may in fact be consistent with the evidence available on file. However, as I have noted throughout this report, there are significant reasons to question whether that underlying assessment was reasonable and appropriate.

267.2. Audit New Zealand was contractually obliged to provide an EQCR reviewer for the 2009 audit. This was set out in the Council’s Letter of Undertaking, and provided for in the audit fees for this engagement. Yet this contractual obligation was either overlooked or was not given sufficient weighting in the auditor’s assessment of whether to request dispensation from an EQCR review. The contractual obligation to provide an EQCR review was not bought to the attention of the General Manager, Professional Practices at the time that the request for dispensation was being considered.

268. Regardless of any difference of opinion about the appropriateness of the auditor’s assessment (see 10.1 above), the EQCR dispensation should not have been granted. Audit New Zealand was obliged to perform an EQCR review for the entire 2009 audit.

269. In terms of timing, I note that the decision to grant a dispensation was made after the audit had been planned. During the planning process, the EQCR reviewer did review the planning document. However, once the dispensation was granted, there is no evidence of any further EQCR involvement. Importantly, the obligations outlined in the Letter of Undertaking covered the audit as a whole, not just the planning stages.

270. Of the audit files reviewed, EQCR reviews were performed in all but three audits. For one other audit, EQCR was completed over the audit’s planning component but not on the fieldwork and finalisation components. Evidence on file shows the EQCR reviews were completed.

271. No EQCR review was performed on either the 2006 or 2009 LTCCP audits. Audit New Zealand has advised that this was because the hours budgeted for these audits did not exceed the OAG threshold of 500 hours which automatically required the assignment of an EQCR. However, both Audit New Zealand and the auditors have noted that these audits were subject to the OAG’s Hot Review processes. There is evidence that matters relating to the wastewater project were considered as part of the Hot Review of the 2009 audit. However, it is important to note that the objective of a Hot Review differs from that performed as part of an EQCR review. The Hot Review does not examine the audit fieldwork or files prepared by the auditor. Accordingly, it is not intended to ensure compliance with relevant professional and ethical standards.

272. In considering the nature and extent of the OAG’s Hot Review process, it is important to note that this was introduced as part of the methodology and approach to the audit of the Council’s planning documents. There is no OAG Hot Review performed as part of the audit of the Council’s annual report. The Hot Review process was introduced in order to improve the quality and consistency of both the preparation of planning documents across the local government sector, and of the audits of those documents. There is evidence of the Hot Review process being performed in respect of each audit of the Council’s planning document.

273. In the case of each audit where an EQCR review was performed there is evidence that the EQCR reviewer considered and confirmed those matters that were relevant and appropriate to the planning and performance of the audit engagement. The EQCR reviewer has signed‐off the planning memorandum to this effect. The OAG’s standard outlines the matters that an EQCR/PSR reviewer would be expected to consider in completing their review. While the reviewer relies on the work performed by the auditor and the assessments of risk etc. that are made, they have satisfied themselves that all relevant matters have been appropriately considered in order for the auditor to effectively plan and perform the audit engagement.

Quality control/review of audit fieldwork at an engagement level

274. The evidence on file indicates that fieldwork was reviewed by senior audit staff. Generally, such reviews would be performed by the audit supervisor, manager or director.

275. It is impossible to know what matters were identified during these reviews as there is no remaining documentation of the review process: it is general practice that documentation of matters arising from a file review is not retained. However, matters identified during the file review must be addressed and actioned by the auditor before the audit is finalised. On this basis there should be no residual review matters outstanding: any necessary follow‐up action will have been completed, meaning the audit file can stand on its own in support of the opinion issued.

276. As this report has identified significant deficiencies in planning and performing the audits, it follows that the reviews of the fieldwork were also deficient by failing to detect or address these problems.

4.5 KEY FINDINGS AND OBSERVATIONS – THE AUDITING OF COUNCIL’S RATES

Introduction

277. While this review was underway, a local bill¹⁴ was introduced into Parliament to address irregularities in the setting and assessment of the Council’s rates. These irregularities relate to the way the Council purported to comply with certain provisions of the Local Government (Rating) Act 2002 (the LGRA) and the broader Local Government Act 2002.

278. The Council acknowledges irregularities in the setting and assessment of certain rates for the financial years 2006/2007 to 2011/2012 (inclusive). These irregularities raise questions about the validity of those rates, and are therefore of considerable concern to the local community. There is a strong public interest in understanding why the irregularities were not identified by the auditor 279. Accordingly, I have examined the sufficiency and appropriateness of the auditor’s work on rates, focusing primarily on the period covered by the Bill.

280. Throughout, I have attempted to clarify how the audit’s scope and objectives affected the auditor’s role, responsibilities and obligations to consider and audit particular components of the annual report or planning document. As already noted, the scope and objective of the audit of the Council’s planning documents were different from those of the Council’s annual financial statements audit. Consequently, the design and performance of audit test procedures for the audit of the planning document differed from those for the annual report audit.

281. My examination of the auditor’s work on the Council’s rates has focused on two issues. First, I have sought to determine whether the test procedures performed by the auditor were reasonable and appropriate for the scope and objectives of the engagement – and particularly whether they adequately addressed the risk that the annual report or planning document was not compliant with the LGRA. Second, I have considered whether those test procedures would have (or should have) given a reasonable level of assurance that irregularities – such as those subsequently identified in the Bill – would have been detected.

Responsibility for setting and assessing rates

282. The Council is responsible for setting and assessing rates, and for ensuring compliance with appropriate legislative requirements. The auditor is responsible for planning and performing the audit to ensure that the overall audit objectives are satisfied.

283. In the case of the Council’s annual report, the auditor is primarily seeking reasonable assurance that the recognition and disclosure of rates revenue, assets and liabilities are free from any material misstatement. In planning and performing the audit, the auditor is required to ensure the Council’s compliance with those provisions of the LGRA generally recognised as having a material impact on the determination of amounts and disclosures in the annual report.

284. In the case of the Council’s planning documents, the auditor is primarily seeking reasonable assurance that the Council has complied with those provisions of the LGRA that affect (a) the preparation of the long‐term plan and (b) the quality of the information and assumptions underlying the forecast information, including rates.

285. Because of the clearly defined objectives of the audit the auditor’s work on rates cannot be relied upon as a legal review of the Council’s compliance with the applicable legislative requirements. In circumstances where the Council requires some form of legal sign‐off or assurance, then it is reasonable to expect it to seek such assurance directly from appropriate independent legal counsel. Evidence on the audit files indicates that, during the period of this review, the Council did seek and obtain independent legal advice on its setting of rates.

Audit of the Council’s annual report

286. In broad terms, the auditing of rates involves test procedures that allow the auditor to:

• consider and assess the management control environment within which the Council sets and assesses rates;
• determine whether key controls are in place for the Council’s rating system, whether these controls are operating effectively, and whether they can be relied upon;
• have a reasonable level of assurance that rates revenue, rates debtors and other disclosures relating to rates are fairly reflected in the financial statements; and
• assess whether the Council has complied with applicable legislative requirements in setting and assessing rates for the financial period.

Assessment of legislative compliance

287. Overall, based on the audit objectives for the Council’s annual report, I consider that the auditor’s general methodology, approach and test procedures provided a reasonable and appropriate basis from which to plan and perform the audit engagement. In particular, the auditor’s work in assessing the Council’s compliance with the LGRA was sufficient to allow them to form a conclusion on whether rates revenue is fairly reflected in the financial statements of the Council. In addition, the methodology and test procedures were consistent with the auditing standards set by the OAG.

288. From examining the files relating to annual report audits, I found that:

288.1. The auditor’s focus on and attention to potential risks associated with the audit of rates significantly increased over the periods covered by my review, as did the guidance to the auditor, as set out in the audit methodology and approach, on these risks.

288.2. The audit test procedures that the auditor was required to perform were designed to ensure that the auditor could effectively satisfy the objectives of the audit engagement. Audit work is not intended to detect or prevent every instance of non‐compliance but to obtain reasonable assurance that the annual report is not materially misstated. For example, the audit approach requires the auditor to test a sample of the Council’s targeted rates and assess whether these rates have been set in accordance with the LGRA. There is no expectation that the auditor would review and test all targeted rates in all audits, unless the auditor considered it reasonable and appropriate to do so. However, it would be reasonable to expect that the auditor would outline the basis and judgment used to determine which targeted rates would be tested.

288.3. Throughout the audit engagement, the auditor has made clear that responsibility for ensuring compliance with legislative requirements remains with management. The auditor must communicate carefully the extent to which their work can be relied on, and the limitations on the audit opinion they provide. If these points are not fully understood, there is a risk that the auditor’s work and opinion may be wrongly assumed to provide a level of assurance on legislative compliance, and management may consider it unnecessary to seek appropriate independent legal advice. In fact, it is not the role and function of the auditor to provide such advice.

288.4. Overall, I consider that the auditor satisfactorily discharged their obligations to communicate the respective responsibilities of the Council and the auditor. The auditor did so in a way consistent with the auditing standards, audit methodology and general industry practice in place at the time the audit engagement was performed.

288.5. As I have already commented, the Council obtained extensive legal advice about potential irregularities identified in the setting and assessment of Council’s rates during 2010‐2012. The auditor was entitled to rely on that legal advice, but only after considering its sufficiency and appropriateness. In some cases, the auditor considered that the legal advice might be at odds with previous legal advice given to the Council. Despite the ex‐post nature of the legal advice obtained by the Council, the evidence shows the auditor did review and consider that advice in considering the impact of the irregularities on the conclusions and audit opinions the auditor provided during 2010‐2012.

288.6. Usually, the auditor plans and performs legislative compliance test procedures after the Council has set and assessed the rates for the financial year covered by the annual report. This means that if any issues or irregularities are identified, they can only ever be reported to management for corrective action in the next (or later) financial period. This is in contrast to the work performed by the auditor on the Council’s planning document where any irregularities identified during test procedures can be addressed on an ex‐ante basis before the Council sets and assesses rates for the first year of the long‐term plan.

288.7. In my view, the timing of the test procedures during audits of the annual reports and planning documents was reasonable and appropriate, given the objective for each audit engagement.

Assessment of the management control environment

289. The auditor is required to consider and assess the Council’s management control environment, including its system for ensuring compliance with legislative requirements when setting and assessing rates.

290. I found deficiencies in the auditor’s consideration of these issues. In general, the auditor relied heavily on discussions with management to understand how the Council was complying with the requirements of the LGRA. These discussions were, at times, narrow in focus. The auditor also appeared to rely heavily on the fact that finance and rates staff had knowledge and experience, in part because of their length of service. At an entity level, the auditor’s assessment of the Council’s systems for ensuring legislative compliance are limited by the fact that the auditor does not ordinarily test or corroborate what they have been advised by management. The auditor will generally rely on subsequent testing of control systems, or the performance of substantive audit test procedures on rates, to ensure that systems and procedures are operating effectively and that the Council has complied with applicable legislative requirements. Despite the limitations of their approach, the auditor nonetheless concluded that the management control environment was effective.

291. Any deficiencies in this area can have significant consequences. The auditor may become over‐reliant on the Council’s control environment and systems. The auditor may fail to design and carry out audit test procedures that would allow any instances of material fraud, error or non‐compliance on the Council’s annual report or planning document to be identified.

292. Audit New Zealand asserts there is no evidence to suggest that deficiencies in the auditor’s consideration of the management control environment or systems of internal control affected the subsequent testing carried out by the auditor on rates. Audit New Zealand considers there was limited opportunity for discretion in the design of test procedures. Apart from the auditor determining which targeted rates to select for testing, all other test procedures were largely defined or prescribed.

293. I have carefully considered Audit New Zealand’s position. I agree that the auditor was asked to carry out several test procedures that would be performed regardless of their assessment of the management control environment or system of internal control: for example, the auditor must consider whether the rates assessment notice contains all of the matters required by the LGRA. However, it is equally clear that the auditor must perform test procedures to determine whether the Council has complied with other legislative requirements where substantive testing alone would be insufficient. For example, the auditor needs to ensure that the Council’s rating database is up to date and complete. As a result, the auditor’s consideration of the management control environment remains an important consideration in the identification of any areas of audit risk or focus or in the nature and extent of test procedures to be performed. I am therefore of the view that the narrow consideration of matters relevant to the auditor’s assessment of the control environment are of concern. I accept that at the time that the auditor performed their assessment or the performance of audit test procedures there had been no instances of non‐compliance that would have, or should have, placed the auditor on alert. I deal separately with whether the performance of the audit test procedures themselves should have identified instances of non‐compliance.

Documentation

294. Throughout my review of the annual report audits, I have been concerned about the lack of sufficient appropriateness documentation on the audit file – to demonstrate performance of the audit test procedure or the exercise of the auditor’s professional judgement on a particular matter. This concern extends to the audit of Council’s rates. While I acknowledge a noticeable improvement in documentation during later audits (from 2009 onwards), the lack of sufficient appropriate documentation throughout the review period is still of concern as identified in the following areas:

• The auditor’s documentation of their professional judgment, particularly in determining which matters were, or were not, selected for testing. For example, it is unclear how the auditor selected which targeted rates would be tested. Nor is it clear why, during the 2009 audit, the auditor did not select and sample the wastewater scheme targeted rate that had been introduced in that financial period.
• The documentation of audit test procedures performed to support the auditor’s conclusions. For example, during the 2008 audit, the auditor indicated that the targeted rates were tested. However, there is no documentation showing whether all the rates were tested and, if not, which were tested. The nature and extent of test procedures carried out to support the auditor’s conclusions is not documented either.
• The performance of audit test procedures designed to assess the Council’s compliance with the provisions of the LGRA. In many instances, the auditor simply noted that the Council has complied with a particular provision of the LGRA without sufficiently demonstrating the nature and extent of work performed or the results of the audit test procedures.

295. I have noted that the Council obtained independent legal advice on various rating matters during the review period. These include potential irregularities in the setting of rates for the wastewater scheme, which the Council became aware of during the 2010 audit. The evidence indicates that the auditor appropriately considered the nature and extent of this advice, discussed the issues with the Council, and assessed the consequences for their opinion on the Council’s financial statements. However, the auditor’s documentation of the results of their audit test procedures and the conclusions they formed were at odds with the matters identified in the Council’s independent legal advice. Once the auditor had considered the independent legal advice given to the Council, they did not go back and review the work they had performed.

296. Once aware of the potential irregularities, the auditor brought the matter to the attention of the OAG in a reasonable and timely manner. The evidence also shows that the auditor and the OAG considered how the irregularities might affect the audit report. The auditor advised the Council to disclose the irregularities in its financial statements, which it did by way of a note to the financial statements that formed part of the annual report. This disclosure appears consistent with the auditor’s advice. The nature and extent of Council’s disclosures was sufficient to enable the auditor to issue and unqualified audit opinion in respect of the 2010 annual report.

297. In both the 2011 and 2012 audits, the auditor had access to more evidence. This helped them better understand and assess the nature, extent and impact of the irregularities on the annual report. The audit reports for these years explicitly draw attention to the Council’s disclosures.

298. Throughout all audits of 2010‐2012, I found that the auditor exercised reasonable judgment in determining the impact of the irregularities (in so far as they were known or understood at the time) on the audit opinion, and whether it was necessary to include additional information or disclosure in the audit report.

299. For each audit performed during these periods, the auditor’s work on rates was reviewed by the supervisor or manager.

Irregularities in the setting and assessment of rates, as identified in the Bill

300. The irregularities identified in the Kaipara District Council (Validation of Rates and Other Matters) Bill include the Council’s failure to:

• set specified rates on a basis authorised by the LGRA;
• assess specified rates in accordance with the LGRA;
• set specified rates in accordance with the provisions of the applicable Funding Impact Statement (FIS), as required by the LGRA; and
• include certain information required by the LGRA in the rates assessments issued to rate‐payers.

301. The irregularities occurred from 2006/2007 to 2012/2013 (inclusive). The audit files show the auditor first became aware of some of these irregularities during the 2010 audit of the Council’s annual report. The files also show the auditor considered the impact of those irregularities when carrying out audit test procedures and forming an opinion on the financial statements at that time. However, the audit files do not show that the auditor was aware of, or had identified, any of the irregularities before the 2010 audit.

302. In my review, I have sought to understand why this was the case. First, I looked at what rates‐related work was planned and performed by the auditor between 2006 and 2010. Second, I examined whether the auditor was aware at the time that they performed each of these audits, or ought to have been aware, of the irregularities subsequently identified in the Bill.

303. In considering these questions, I carefully examined the matters outlined in the Bill and also the irregularities disclosed by the Council itself. To effectively mitigate any risk of hindsight, I focused on the work the auditor was required to perform at the time the audit was conducted. Likewise, I referred only to those auditing standards that were applicable then.

304. At a high level, it is clear that the approach developed by Audit New Zealand to auditing rates – in particular, the design of audit test procedures to assess compliance with the LGRA – required the auditor to consider those areas of the Council’s rates setting and assessment process where irregularities were subsequently identified.

305. Having examined the auditor’s work in those areas between 2006 and 2010 in more detail, I found the following significant issues and deficiencies:

Assessing the basis of the differential and targeted rates

305.1. The audit approach required the auditor to sample selected differential and targeted rates, and to determine if the basis on which those rates were set was consistent with the LGRA. The auditor was not required to test all differential and targeted rates, unless they had reason to believe that this was necessary. However, in my view, it would be reasonable for the auditor to consider and document the basis on which particular differential or targeted rates were selected for testing. Thus, taking into account the scope and overall objective of the audit engagement, I consider the audit approach to be reasonable.

305.2. During the 2007 and 2008 audits, the auditor tested the basis of “key” differential and targeted rates. No issues of non‐compliance were identified. However, the audit file does not show which rates were selected and whether they included the specified rates subsequently identified in the Bill. Nor is there evidence or documentation showing how this test procedure was performed.

305.3. In relation to the sewerage rates which the Bill is seeking to validate, the auditor selected those rates for testing in at least two years (2008 and 2009). No instances of non‐compliance were identified.

305.4. In 2009, the Council introduced a new targeted rate to fund the wastewater scheme. However, the auditor did not select this targeted rate as part of the sample of rates to be tested. This decision must be questioned, given the significance of the project and its associated funding to the community and the Council, and given that the rate had been introduced for the first time in 2009: the auditor could reasonably have been expected to take these factors into account when deciding the sampling approach. There is no documentation on file showing how the auditor exercised their judgment in selecting the rates that were tested. When questioned on this matter, Audit New Zealand responded that “The contention that Mangawhai targeted rate should have been tested can be supported given the significance of the rate both financially and in the context of the Council’s environment”.

305.5. As for other irregularities identified in the Bill, the extent to which they should have been identified by the auditor depends on whether:

• the differential or targeted rate was selected for testing;
• there is sufficient reason to believe that the differential or targeted rate should have been sampled; or
• the results from audit test procedures carried out on other differential or targeted rates indicated a broader systemic level of non‐compliance that would warrant the auditor extending their sample selection.

I accept Audit New Zealand’s statement that: “Given a sample basis is applied, it is not a reasonable expectation that all targeted rates would have been tested”. However, had the auditor identified irregularities in the differential and targeted rates that were selected for testing, they might have been alert to the possibility and extent of additional non‐compliance in the setting of other differential or targeted rates.

305.6. As noted, the auditor became aware of doubts about the setting and assessment of certain rates during the 2010 audit. The evidence confirms that the auditor reviewed and considered the legal advice obtained by the Council at that time. The financial statements disclosed the issues identified, although the audit opinion does not refer to the disclosures made by management. The value of the problematic rates collected by the Council was also disclosed. As the amounts involved were material to the financial statements, the auditor was therefore required to consider whether the audit opinion should be qualified, or whether the opinion should refer to the disclosures by management in the financial statements.

305.7. The auditor decided not to issue a qualified opinion, apparently because they considered the Council had appropriately disclosed these irregularities in the annual report. While these disclosures were considered sufficient in 2010, in 2011 and 2012 the auditor included additional disclosure in their audit report. A decision was made in conjunction with the OAG that an unqualified audit report was appropriate.

Reconciling the rates resolution to the Funding Impact Statement (FIS)

305.8. The auditor was required to ensure that all rates in the rates resolution were as set out in the FIS to the planning document. All rates in the FIS must be included in the rates resolution.

305.9. Between the 2006/2007 to 2009/2010 financial periods, the auditor carried out the test procedure and confirmed that the Council’s rates resolution were correctly set on the basis of the rates set out in the FIS. No issues of noncompliance, and no differences, were identified by the auditor.

305.10. On each audit file, the auditor recorded that the test procedure had been performed. But in at least three of the four audits, there is insufficient documentation and evidence on file to indicate how the audit test procedure was performed and how the auditor’s conclusion was reached. It is therefore impossible to determine with sufficient certainty what the auditor completed and why the irregularities were not identified.

305.11. In the 2009/2010 audit, there is evidence and documentation on file to show how the auditor performed the audit test procedure. The auditor did not identify any inconsistency between the rates resolution and FIS. The documentation also suggests that certain elements of the rates resolution were not specifically confirmed, despite the test procedure requiring all rates to be consistent across the two documents. Towards the end of the 2010 audit the auditor became aware of a number of irregularities in the setting and assessment of rates. There is no evidence to suggest that the auditor went back to the original work performed to review or consider their conclusions in light of the new evidence. The work performed by the auditor, and the conclusions reached, were therefore at odds with the subsequent information considered by the auditor. This discrepancy should have been addressed by the auditor.

Ensuring that rates assessment notices contain all matters the LGRA requires to be disclosed

305.12. The auditor was required to ensure that the rates assessment notice contained all the elements and requirements set out in the LGRA.

305.13. For each financial period, the auditor recorded that they had compared the information set out in the rates assessment with the disclosure requirements set out in the LGRA. No instances of non‐compliance were identified in any financial period.

305.14. However, in three out of the five audits performed between 2006 ‐ 2010, there is insufficient documentation on file to indicate how the audit test procedure was performed and how the auditor’s conclusion was reached. It is therefore not possible to determine with sufficient certainty what work the auditor completed or why the irregularities were not identified.

305.15. For 2009/2010, there is sufficient evidence and documentation on file to support the performance of this test procedure. Notwithstanding, the auditor did not identify any of the irregularities referred to in the Bill.

305.16. By 2010/2011, the Council had obtained independent legal advice on the irregularities relating to the setting and assessing of rates – including irregularities in the rates assessment notices. Even though this legal advice was on file, the test procedure performed by the auditor did not identify any issues of non‐compliance.

Root Cause Analysis: understanding the reasons for the deficiencies identified in the auditor’s work

306. Based on the audit test procedures the auditor was required to perform, it is reasonable to expect the auditor to have detected the following rates‐related irregularities subsequently identified in the Bill:

• differences between the FIS and the Council’s rates resolution;
• uncertainties over whether the rates assessment notice correctly contained all matters required by the LGRA;
• uncertainties over the basis for “key” targeted rates selected by the auditor during the 2006/2007 and 2007/2008 audits;
• uncertainties over the basis for the targeted sewerage rates selected by the auditor for testing in the 2007/2008 and 2008/2009 financial periods; and
• uncertainties over the basis for the targeted rate to fund the wastewater scheme in 2009 (on the basis that the auditor could have been reasonably expected to select this particular rate as part of their sample testing).

307. In the case of all other targeted rates, the auditor was required to exercise professional judgment to determine which differential or targeted rates would be sampled. It does not necessarily follow that the auditor should have detected those irregularities identified in the Bill that relate specifically to other targeted rates.

308. The irregularities identified in the Bill raise questions about the legality of the rates levied by the Council. In turn, this has prompted the Council to reconsider the collectability of rates revenue from 2007 – 2009 in preparing the 2010 financial statements. The deficiencies noted in the auditor’s work are therefore significant. They create doubts about whether the auditor correctly performed the work required, and complied with the auditing standards and audit methodology developed by Audit New Zealand. The deficiencies also raise questions about whether the objective of the audit was met, and what impact the irregularities would have had on the auditor’s opinion had they been identified.

309. I have talked to both the auditor and Audit New Zealand about possible reasons for the audit deficiencies I have identified. Unfortunately, neither these discussions nor a root cause analysis clearly show why the audit test procedures failed to identify the irregularities. This is despite the auditor, at the time that the work was performed, having access to sufficient evidence from which to identify the irregularities.

310. Following discussions with the auditor, I have concluded that the primary reasons for the deficiencies outlined above were:

• a lack of understanding of the requirements of the LGRA
• a lack of understanding of the objective or purpose of the audit test procedures
• a failure to adequately identify the risks and significance of non‐compliance.

These lapses meant the auditor was not in a position to apply sufficient appropriate professional judgement when performing the audit test procedures, or to identify potential material non‐compliance, or irregularities, should they be present. The deficiencies noted in the auditor’s work were not identified or addressed through the engagement quality review processes.

Cumulatively, these deficiencies mean the rates‐related test procedures performed by the auditor did not comply with the auditing and professional standards applicable to the audit engagement, or to the audit of Council’s rates.

311. The auditor acknowledges that the auditing standards require them to prepare documentation that provides a sufficient record of the basis for the audit report. The auditor must also provide evidence that the audit was planned and performed in accordance with the auditing standards and audit approach applicable to the engagement. According to Audit New Zealand, some audit test procedures require 100 per cent substantive testing of the Council’s document(s).

312. I have closely examined the wording of the audit test procedure on the audit file. I consider that additional information about the context of the test, and more clarity about its objective, are needed. Such additional information would help the auditor better understand the risk of non‐compliance, the extent of the work required and the implications for the legality of the rates should irregularities in the Council’s compliance with the LGRA be identified – regardless of how small or insignificant those differences may appear.

313. From my enquiries, it seems that more senior, experienced auditors were more aware of the significance of legislative compliance requirements associated with the LGRA. Should the work have been performed by these more experienced auditors, it is possible that they would have been alert to the implications of any differences and therefore that the irregularities may have been identified. However, it is incumbent on the auditor and senior audit staff to direct and supervise all staff employed on the audit. They must ensure all staff are clear about what is expected from the test procedures they perform, make them aware of the risks associated with non‐compliance, and highlight the significance of the test procedures’ objective.

314. Audit New Zealand has accepted that certain work and test procedures were not completed correctly. The organisation has learned several lessons from the review which it continues to address. They include the need to:

• regularly train staff about auditing rates, in particular the legislative compliance aspects and the significance of relevant tests for assessing audit and assertion risks;
• clarify the importance of documenting the results of the audit test procedures, the standard of documentation expected, and the significance of the judgements that must be made;
• constantly review the assignment of staff to particular audit work, and the supervision of their work.

Overall conclusions

315. The auditor plans and performs test procedures to assess whether the Council has set and assessed its rates in accordance with the LGRA. However, the auditor does so with the broader purpose of forming an overall opinion of the Council’s financial statements. The auditor’s work is not intended to detect or prevent every instance of non‐compliance.

316. In planning and performing the audit, the auditor must make it clear that it is management’s responsibility to ensure compliance with all legislative requirements. Here, there is evidence on file showing that the Council exercised this responsibility by seeking independent legal advice on a range of rating matters throughout the period under review. But the auditor must take the greatest care to accurately communicate the extent to which the Council can rely on the auditor’s work. Otherwise, there is a risk that the auditor’s work and opinion is seen to provide such a level of assurance on legislative compliance that management may choose not to seek independent legal advice. It is not the role and function of the auditor to provide such advice.

317. Notwithstanding this caution, given the test procedures the auditor was required to perform, it is reasonable to expect the auditor to have identified most of the irregularities subsequently identified in the Bill.

318. I acknowledge that the timing of the audit test procedures may not have prevented noncompliance from occurring in a particular financial year. However, if the auditor had reported any non‐compliance and irregularities to the Council, management could have taken appropriate corrective action in future financial periods.

319. It is therefore reasonable for users of the Council’s financial statements to expect the auditor to have not only carried out the specified audit test procedures, but also to have identified many of the irregularities outlined in the Bill.

320. Based on the analysis of irregularities found during the 2010‐2012 audits and their potential impact on the audit opinion, it is highly unlikely that the auditor would have issued a qualified opinion in previous financial periods even if the auditor had identified those irregularities. Where the auditor should reasonably have detected an irregularity, it would most likely have resulted in them including an Emphasis of Matter paragraph in the audit opinion, and requesting the Council to include additional disclosure in the financial statements. In all cases, the nature and extent of the irregularities would have been significant enough for the auditor to communicate the matter to the Council and to the OAG.

321. The Council’s compliance with the LGRA in setting and assessing rates is fundamental to its statutory power to rate. Compliance with the LGRA is therefore fundamental to management’s assertions about its rates revenue in the Council’s financial statements. Overall, I therefore consider the deficiencies I have identified in the auditor’s work are significant. They directly influence whether the auditor has complied with the auditing and professional standards applicable to the audit engagement, and whether the auditor has satisfied the overall objectives of the audit.

4.6 KEY FINDINGS AND OBSERVATIONS – AUDIT REPORTING, CONCLUSIONS AND COMMUNICATIONS

Introduction

322. Having completed my review of the audit files and assessed the sufficiency and appropriateness of the auditor’s work, I am now in a position to consider and assess the impact of my key findings and observations on whether:

• the auditor has satisfied the overall objective of the audit;
• there is sufficient appropriate audit evidence to support the conclusions reached by the auditor; and
• the audit report and opinion issued by the auditor were appropriate

323. In the background section, I noted that the purpose of an audit is to enhance the confidence that intended users can have in a Council’s annual report or long‐term planning document. In planning and performing the audit, the auditor’s overall objective is to obtain reasonable assurance that these documents are:

• free from any material misstatement; and
• where appropriate or required, presented in a manner consistent with a recognised or prescribed reporting framework, or in accordance with applicable legislative requirements.

Importantly, the concept of reasonable assurance does not mean that the auditor has obtained absolute assurance or that they have tested every transaction or disclosure in the annual report or long‐term planning document. Nor does it mean that the auditor has looked at and assessed whether every aspect of the Council’s operations and activities complies with applicable laws and regulations. It is recognised that most of the audit evidence from which the auditor draws conclusions, and bases their opinion on, is persuasive rather than conclusive. 

324. Throughout my review, I have remained aware of the scope of the audit engagement – the nature and extent of the matters on which the auditor is required to express an opinion, and also what matters the auditor’s opinion does not address. The scope of the audit engagement is determined by the requirements and provisions of the Local Government Act 2002 (the Act).

325. Other matters that I have taken into account when reaching my overall conclusions include:

325.1. The limitations on the extent to which the audit engagement can, and should, be relied on. The concept of reasonable assurance does not mean that the auditor has obtained absolute assurance, or that they have tested every transaction or disclosure in the annual report/long‐term planning document. Nor does it mean that the auditor has assessed whether every aspect of the Council’s operations complies with applicable laws and regulations.

325.2. Whether the auditor has planned and performed the engagement in accordance with the professional and ethical standards applicable to each different type of audit engagement.

325.3. How the auditor took account of, or remained alert to, matters of direct interest or concern to the Auditor‐General. In broad terms, these concern the Council’s performance, authority, waste and probity.

326. At the conclusion of the audit, the auditor is required to form an opinion on the annual report or planning document. This opinion is based on the auditor’s evaluation of the audit evidence collected during the audit. The auditor’s report must clearly express that opinion and its basis. The auditor’s opinion must encompass all those matters which they are required to report on.

327. To form their opinion, the auditor must conclude whether they have obtained reasonable assurance that the annual report or planning document is free from material misstatement (whether due to fraud or error), and that they are in a position to conclude on any other matter which the auditor is required to form an opinion on. The auditor’s conclusion must take into account whether the audit evidence that has been obtained is sufficient and appropriate, and whether any uncorrected misstatements are material, individually or in aggregate.

328. Deciding whether errors or omissions may result in a material misstatement of the annual report or planning document is a matter of the auditor’s professional judgment. To help make judgment, the auditor sets a level of materiality against which errors or omissions can be considered individually or collectively.

329. Here, even though the auditor’s assessment of what is material may have been influenced by deficiencies I have noted in the audit planning and/or the identification of audit risks, I am nonetheless satisfied that the auditor’s general approach to determining the level of materiality – as set out in their planning memorandum – was reasonable and appropriate.

330. When considering or determining whether a matter is material, the auditor’s benchmark test is whether the misstatements would be expected to influence the economic decisions of users if those decisions were based on the annual report or planning document.

331. In this section, I have organised my analysis and findings as follows:

• First, I consider the impact that errors or omissions in the Council’s annual reports/planning documents may have had on the auditor’s reports;
• Second, I set out my general observations and findings on whether the objectives of the audits were satisfied. By ‘general’, I mean those observations and findings that can be reasonably applied to all the audits performed throughout the review period (2003‐2012);
• Third, I present findings and observations that apply specifically to the following clusters of audits:
• Audits performed 2003‐2005
• Audits performed 2006‐2009
• Audits performed 2010‐2012

Errors or omissions in the Council’s annual report/planning documents: What impact did they have on the auditor’s report?

332. My terms of reference do not require me to form an opinion on whether an individual annual report or planning document was materially correct, or materially misstated. It would not be possible for me to form an opinion on this without performing an independent audit of these documents.

333. However, the possibility that an annual report or planning document contained errors or omissions is directly relevant to my assessment of whether the auditor satisfied the objectives of the audit. During the period under review, a number of significant irregularities and deficiencies were brought to light. In some cases, they directly call into question whether Council annual reports or planning documents were materially correct at the time that they were prepared.

334. I have sought to understand whether the auditor adequately addressed these irregularities and deficiencies in the audit, and also to understand their potential impact on the auditor’s report. I acknowledge the need to avoid drawing conclusions with the benefit of hindsight, or on the basis of information and evidence that may not have been available to the auditor at the time that the audit was conducted. I have considered the risk of hindsight on a case by case basis.

335. Of the issues and irregularities brought to light recently, those that most significantly affect my overall conclusions and findings are:

• Whether the wastewater project was appropriately accounted for in the Council’s financial statements; and
• The irregularities identified in the Kaipara District Council (Validation of Rates and Other Matters) Bill introduced to Parliament in June 2013.

336. These recent disclosures have forced me to question whether the original assertions in the Council’s annual reports/planning documents may have been deficient, and whether those documents would have been amended if the deficiencies had been identified at the time of the audit. I have formed this view based on how both the Council and auditor dealt with these irregularities once they were brought to light, and in considering whether it was reasonable that this action would also have been taken had the irregularities been identified in previous financial periods or audits. I have separately considered the impact of each of these issues or irregularities below.

The Council’s accounting treatment of the wastewater project

337. In 2011 the Council reviewed the accounting treatment it had adopted during the period the wastewater scheme was under construction (2007‐2009) and at the date of commercial acceptance (July 2009). This was the date when ownership of the asset was transferred to the Council, and also when the Council paid Mangawhai Development Holdings Ltd (MDHL) for the cost of construction. There is evidence on the audit file to indicate that the auditor, and Audit New Zealand more generally, helped the Council to consider what accounting treatment was appropriate.

338. In March 2012, the auditor wrote to the Council outlining the issues which it needed to consider or agree on to determine the most appropriate correct accounting treatment. That advice set out the auditor’s views on:

• Whether it was appropriate for the Council to initially recognise the wastewater asset as property, plant and equipment at completion in July 2009, or whether the asset should have been recognised during the period of construction;
• Whether the arrangement between the Council, MDHL, ABN AMRO (ABN) and Earth Tec Engineering (ETE) constituted a service concession arrangement and, if so, how should that be properly accounted for; and
• Whether the Council had appropriately accounted for the following items in accordance with generally accepted accounting practice:
• Costs associated with connecting houses to the wastewater network;
• Interest costs accrued by MDHL during the period of construction; and
• Loan transaction costs incurred by MDHL.

Importantly, the auditor’s advice on this last matter (and on the accounting treatment of the three categories of cost identified) clearly indicated that several valid accounting options were available to the Council.

339. I have reviewed the auditor’s advice, together with the Council’s ultimate decision on the best course of action, to assess the potential impact these matters had on the Council’s financial statements and the final audit report. My key observations are:

339.1. In relation to whether the Council should have recognised the wastewater asset as property, plant and equipment during the period of construction, the auditor’s advice notes that “Consideration of the factors of control and the risks and rewards of ownership provide conflicting indicators about whether KDC should have recognised the MEWS during construction or at the point it formally accepted the MEWS in July 2009”. The auditor goes on to state that “On balance, the substance of the arrangement was that KDC was constructing the MEWS during the 2008 and 2009 financial years, and in our view, it should have recognised the asset and the associated liability as it was being constructed”.

339.2. This advice clearly indicates that the Council incorrectly accounted for the wastewater project during construction. The auditor says that the Council was incorrect to assume that as legal ownership did not transfer to the Council until commercial acceptance, then the wastewater project should not be recognised in the Council’s financial statements until this occurred. That assumption – that the project should be managed and accounted for off‐balance sheet – was incorrect. The auditor points out that this error affected the 2008 and 2009 annual reports and that, in each of those periods, the Council effectively understated its assets and liabilities. After commercial acceptance (July 2009), the resulting wastewater asset and borrowings to pay for its construction were recognised in the Council’s 2010 financial statements as an asset and liability respectively.

339.3. In 2010 the Council completed a revaluation of its infrastructure assets. The scope of this revaluation included the recently capitalised wastewater scheme asset. The valuation of this asset was assessed at $38.435million, $12.983 million lower than the carrying value of the asset (the value at which the assets had been capitalised at the time of commercial acceptance). The significant difference between the revaluation and carrying value related to the costs that the Council had capitalised in July 2009. On commercial acceptance the Council reimbursed MDHL for the full cost of construction, which included the cost of connecting houses to the network as well as the interest and loan transaction costs incurred as part of the development. In reviewing the accounting treatment, the Council decided that these costs should not have been capitalised but expensed, as they were incurred through the period of construction. In respect of the treatment of borrowing costs, the Council’s accounting policy was clear that these costs were to be expensed as they were incurred.

339.4. The 2011 annual report discloses, by way of a note to the financial statements, the Council’s decision to restate prior period comparative financial information to reflect the accounting treatment that should have correctly applied in the 2008‐ 2010 annual reports. I have set out below the overall effect that applying the correct accounting treatment would have had on the Council’s financial statements in each period:

2008

• The assets and liabilities of the Council were respectively understated by $6.431m and $6.749m, the cost of construction by MDHL at that time;
• The Council’s financing cost expenditure was understated by $318k – this being the borrowing and financing costs that should have been expensed during this period.

2009

• The Council’s property, plant and equipment and borrowings were understated by $27.273m and $36.120m respectively;
• Financing cost expenditure was understated by $1.919m;
• Other expenditure was understated by $10.493m –the cost of connecting houses to the network which the Council determined should not have been capitalised in July 2009 but expensed during the period of construction.

2010

• The Council’s property, plant and equipment and borrowings were understated by $375k and $432k respectively;
• Financing cost expenditure were understated by $704k;
• Depreciation expenditure was overstated by $535k.

339.5. I have already observed that the auditor told the Council it had options for determining the most appropriate accounting treatment for costs incurred in connecting houses to the network, and separately for borrowing and finance costs incurred during construction. The Council’s decision, as reflected in the 2011 annual report, was to expense these costs. The auditor’s advice indicates that a valid argument could be made to either capitalise or expense these costs, but that it was a decision that Council needed to make.

340. Having found that the Council incorrectly accounted for the wastewater project, I have attempted to understand why the auditor did not identify this error during the audit engagement. As noted in various sections of this report, it is my view that the auditor lacked a complete understanding of the project necessary to effectively plan and perform the audit. This lack extends to the auditors’ inadequate understanding of the appropriate accounting treatment. There is no evidence in the audit files to indicate that the auditor ever fully considered the appropriate accounting treatment for the wastewater project once the Council signed the final contract and scope in 2007, thus allowing the substance of the contract to be properly assessed.

341. My discussions with the auditor reveal their reliance on discussions with management. Council management understood that the nature of the contract was such that the construction of the asset would in effect be managed and accounted for off the Council’s balance sheet. The auditor says all financial information and forecasts prepared during 2006‐2009 support this understanding. I accept that auditor was aware that this was management’s perception. However, I consider it unreasonable for the auditor to rely solely on management’s advice or knowledge without independently considering whether it was consistent with the actual substance of the contract or arrangement.

342. There is no evidence from the 2006 ‐2009 files to suggest that the auditor ever independently reviewed and considered whether the accounting treatment was consistent with generally accepted accounting practice. No audit test procedures were ever completed during the construction period to determine the level of costs being incurred.

343. Overall, while I accept the auditor’s view that Council management may not have sufficiently or appropriately understood the accounting treatment implications of the wastewater project, I consider it was unreasonable for the auditor to regard discussions with management as the primary source of audit evidence on which to base a conclusion on the appropriateness of the accounting treatment adopted by the Council. In my view, it is reasonable to suggest that, in accordance with the auditing standards that applied at the time of the 2006‐2009 audits, the auditor should have independently reviewed or considered the substance of the contract and arrangement. Had they done so, the auditor would have been in a position to determine whether they agreed or disagreed with management’s assertion that the wastewater project should not be accounted for in the financial statements of the Council during the period of construction. Should the auditor have performed this independent assessment, it is highly likely that the auditor would have challenged management’s understanding. I consider this a serious deficiency in the planning and performance of the audit, and a failure to meet the applicable auditing standards. I am also concerned at whether sufficient professional scepticism has been applied to a matter that was likely to have had a significant or material impact on the Council’s annual report and the auditor’s own report, taking account of all of the information that was otherwise available to the auditor at the time of the audit – including contract documentation and arrangements, the auditor’s understanding that the nature of the arrangement for the project had changed from that originally intended, the limitations of the audit assessment of the management of the project performed during 2003 – 2005.

What impact do these errors have on the auditor’s report?

344. In answering this question, I have relied on the 2011 annual report disclosures about how the adopted accounting treatment would have impacted the 2008‐2010 annual reports. I am satisfied that the auditor reviewed and considered these disclosures as part of their audit of the 2011 annual report. I am also satisfied that the nature of the adjustments set out in the annual report disclosures is consistent with the auditor’s advice to the Council in March 2012. I have also noted that while the Council may have had options about how to treat household connections, borrowing and financing costs, it had decided that all of these costs should have been expensed in the period in which they were incurred.

345. With respect to the cumulative effect of the errors and misstatements in the 2008 and 2010 annual reports – which the Council acknowledged occurred because of the accounting treatment applied in these periods – in my view, they would be unlikely to materially affect users’ understanding or confidence in the overall financial statements. Had these errors been identified at the time of the audit it is highly unlikely that the auditor would have issued a qualified audit opinion on the Council’s annual report. Nonetheless, it is a significant concern that the auditor failed to identify these errors and why they occurred. This directly affects my view of whether the auditor effectively satisfied the objectives of the audit.

346. In the case of the 2009 annual report, the errors and misstatements arising from the application of the incorrect accounting treatment meant that the Council’s financial statements for that year were materially misstated. Thus, the individual and cumulative effect of the errors exceeded the materiality levels set by the auditor for the 2009 audit. As for whether it is reasonable to expect the auditor to have planned and performed the audit so that these material misstatements would have been revealed, I believe it is: the auditor should have identified the incorrect accounting treatment and the resulting material misstatements. As a consequence, I conclude that the auditor incorrectly issued an unqualified audit report in respect of the 2009 annual report.

The rating irregularities identified in the Kaipara District Council (Validation of Rates and Other Matters) Bill

347. As I have noted elsewhere, this local Bill addresses irregularities in the way the Council purported to comply with certain provisions of the Local Government (Rating) Act 2002 (the LGRA) and the broader Local Government Act 2002. They are directly relevant to the recognition and disclosure of rates revenue, and related assets or liabilities, in the Council’s financial statements in the year in which those rates had been set and assessed.

348. Section 4.5 details the work performed by the auditor on rates. There, I note significant deficiencies in the planning and performance of audit test procedures between 2006 and 2010, and conclude that it was reasonable to expect the auditor to have identified many of the irregularities addressed in the Bill.

349. The documentation in the audit files shows the Council became aware of irregularities in the setting and assessment of rates while the auditor was carrying out the 2010 audit. In its 2010 annual report, the Council included additional disclosures regarding the legality of the Mangawhai targeted rates. The disclosures clearly highlight potential irregularities in the setting and assessment of rates. The Council did not adjust the recognition and measurement of rates revenue in the annual report.

350. By the time of the 2011 and 2012 audits, the Council had undertaken further analysis of the nature, extent and impact of the irregularities. It made additional and more extensive disclosure of those irregularities, and their impact on the Council and the annual report. Again, no adjustment was considered necessary to the way rates revenue was recognised and measured. Both the Council and the auditor were satisfied that several courses of action were available to ensure the collectability of rates set and assessed.

351. The Council did take action between 2010‐2012. Had the Council identified the irregularities earlier – it is possible that the Council may have included additional disclosure of the irregularities, similar to that made in the 2010‐ 2012 annual reports. I have not sought comment from the Council on this matter. In my view, the potential impact on the auditor’s report issued these earlier periods can be reasonably assessed without further considering how these irregularities may have affected the Council’s annual report or planning document.

What impact do these irregularities have on the auditor’s report?

352. In the case of the 2010 annual report audit, the evidence indicates that once the auditor became aware of irregularities in the setting and assessment of Council rates, they brought it to the attention of the OAG. The documentation available at the time was carefully considered, and it was decided that the auditor’s report would not be qualified and that no additional explanation or commentary in the audit report was needed. The auditor considered that the Council had appropriately disclosed the irregularities in the annual report.

353. As noted above, by the time the 2011 and 2012 annual reports were audited, the Council had carried out more detailed analysis of the nature, extent and impact of the irregularities on the collectability of rates, and of their possible effect on the Council’s financial statements: this led to additional disclosure in these annual reports.

354. Again, the audit file shows that the auditor and the OAG carefully considered the impact of the irregularities and the additional action taken by the Council. The auditor determined that an unqualified audit opinion remained appropriate, but that additional explanatory paragraphs in the audit report were now required. This additional text drew attention to issues raised by the Council’s disclosures in the annual report, and assessed the impact on the Council’s ability to continue as a going concern, possible risks to the Council’s financial viability, and legal issues associated with targeted rates. The auditor’s course of action, and the decision not to issue a qualified opinion, appear reasonable and appropriate – particularly in light of the Council’s disclosures in the 2011 and 2012 annual report.

355. The auditor’s approach in 2011 and 2012 is relevant when considering the possible implications for earlier auditor’s reports had the rating irregularities been identified before 2010 (as they should have been).

356. In the 2011 and 2012 audit reports, the auditor noted the Council’s proposed course of action to ensure collectability of current and prior period rates (the Bill currently before Parliament effectively validates these rates, despite the acknowledged irregularities). In preparing those audit reports, the auditor clearly saw the Council’s additional disclosures as important to determining whether the financial statements were materially misstated. In the auditor’s view, those disclosures provided a sufficient basis on which to form a conclusion on the annual report and issue an unqualified opinion. However, the auditor also decided that the irregularities were sufficiently serious to warrant additional disclosure in the audit report, effectively drawing users’ attention to the Council’s own disclosures in the annual report. In my view, it is likely that had the rating irregularities been identified earlier, the auditor would have adopted a similar approach to that outlined above: that is, they would have asked the Council to provide additional disclosure. The auditor would then have been in a position to issue an unqualified opinion but include additional disclosure referring to the impact of the rating irregularities, as they did in 2011 and 2012.

Have the objectives of the audit been satisfied?

General findings and observations

357. I turn now to consider the other general issues and deficiencies I have identified in the planning and performance of the audit engagement over the whole review period. These deficiencies have a significant bearing on my assessment of whether:

• there is sufficient appropriate audit evidence to support the conclusions reached by the auditor;
• the auditor met the standards and expectations required in the performance of the audit ;
• the auditor ultimately satisfied the overall objective of the audit.

358. In summary, the most significant deficiencies include:

• The auditor did not have a complete understanding of the wastewater project. In particular, the auditor’s knowledge and understanding of the wastewater project were inadequate, and did not allow the audit engagement to be effectively planned and performed. The auditor’s failure to identify the wastewater project as a significant area of audit risk or focus during 2006 – 2009 is a particularly egregious example. While the project’s impact on the Council’s annual reports/planning document varied during the review period, in my view, the project should have been a significant and increasing area of focus throughout the 2006 – 2009 audits. The auditor’s inadequate understanding of the project prevented this from happening;
• The audit work performed by the auditor on Council’s rates – principally during that period where significant irregularities in the setting and assessment of rates were identified in the Kaipara District Council (Validation of Rates and Other Matters) Bill – was inadequate;
• Whether the auditor applied sufficient professional judgement and scepticism when considering and assessing the impact of the wastewater project on the Council’s financial statements during the period of construction (2008 – 2009);

359. I consider that these deficiencies were likely to have significantly impacted the auditor’s ability to satisfy the overall objective of the audit, in the year(s) I have identified. They also significantly affect whether the auditor issued the correct audit opinion in those years. By their very nature, these deficiencies represent departures from the minimum professional standards and expectations required of the auditor.

360. More general areas of concern, affecting multiple audits, include:

• Whether the auditor appropriately considered all matters relevant to the planning of the audit engagement;
• The identification and assessment of significant audit risks and areas of audit focus;
• The sufficiency and appropriateness of audit documentation. I am principally concerned about the absence of documentation that would support the conclusions the auditor reached and provide evidence of the professional judgment they exercised – including when deciding the extent to which it was reasonable to rely on advice from management and external advisors, and on work performed in previous audits. I have accepted Audit New Zealand’s position that, over the review period, the industry had increasing expectations of what constituted sufficient appropriate documentation. However, the fact remains that the absence of sufficient documentation on the audit files makes it impossible to fully assess the nature and extent of the auditor’s work, and to determine if it was sufficient to support the individual conclusions reached.
• The auditor’s assessment of the Council’s management control environment, and the extent they relied on it when deciding areas of audit focus and the test procedures needed to satisfy the audit conclusion; and
• The auditor’s assessment of the Council’s compliance with laws and regulations.

361. The extent to which these deficiencies affect whether the audit objectives were met varies throughout the review period. I consider it unlikely that they directly impacted on whether the auditor has issued the appropriate audit report. But I am nonetheless concerned by them, as they call into question whether the auditor complied fully with the standards expected when planning and performing an audit.

362. In light of this general concern, it is instructive to examine the impact of these deficiencies on clusters of individual audits. My discussion incorporates observations I have made elsewhere in this report that shed light on the auditor’s knowledge, understanding and testing of the wastewater project within each audit cluster.

Specific findings and observations: audits performed 2003 – 2005

363. In this period, the auditor viewed the wastewater project as a general area of audit focus when planning the audit. There is documentation and evidence showing the auditor reviewed the project management annually. While this assessment of the overall project management was overly narrow in scope and consideration of the most relevant aspects of the Council’s governance and management of the project, it is unlikely to have influenced the auditor’s planning and performance of the audit. I have made this assessment on the basis that during 2003‐2005, the Council was still reviewing the scope of the wastewater project; the final contract documentation and structure of the project had yet to be determined. In my view the auditor’s level of knowledge, understanding and testing was sufficient to enable them to understand the impact of the wastewater project on the Council’s annual report or planning document, and thereby satisfy the objective of the audit.

364. My principal concern throughout this period is that the audit file does not always contain sufficient documentation for me to assess whether the auditor:

• had adequate audit evidence to support the conclusions they reached;
• appropriately carried out the audit test procedures required; and
• documented their professional judgement.

369. Audit New Zealand asserts that the nature and extent of documentation on the audit file was consistent with industry practice at that time. It is difficult for me to fully assess this now, although I accept that industry views on what constitutes sufficient appropriate audit documentation have increased since 2003.

370. I have noted other general deficiencies in the auditor’s assessment of the Council’s control environment. However, it is unlikely that these would have significantly impacted the identification of audit risks or areas of audit focus, or the auditor’s approach to planning and performing the audit.

371. Notwithstanding these comments, in my view the audit files generally provide sufficient evidence to support the overall conclusions the auditor reached. There is no reason to think that the auditor had not satisfied the overall audit objective at the time that they issued their unqualified audit report.

Specific findings and observations: audits performed 2006 ‐ 2009

372. During this period the project’s scope and financial impact was reviewed, updated and finalised. Construction took place during 2008‐ 2009, and final commercial acceptance in July 2009 – after the 30 June 2009 balance date but before the 2009 audit was finalised. Over this time, changes in the project’s scope and consequently the financial forecasts had a significant impact on the Council’s annual reports and planning documents, the Council itself and the wider community. As I have already explained, it was found in 2011 that the Council incorrectly accounted for the wastewater project during construction. This error affected the 2008 and 2009 annual report; in the case of the latter, the effect was material (as the Council disclosed in 2011).

373. Based on my review of the audit files, I find that the auditor’s understanding of the wastewater project – once its final scope and contract arrangement had been agreed – was insufficient to properly plan and perform the audit of the Council’s annual reports/planning document. The potential impact of this failing is significant: it affected the auditor’s overall conclusion and the audit report issued, and is therefore crucial to determining whether the objectives of these audits were satisfied.

374. As I have said, the wastewater project should have been a major focus for the auditor during this period. While the auditor was generally aware of the project’s progress, I consider that level of awareness was not a sufficient basis on which to effectively plan and perform the audit. The auditor’s understanding of the project’s nature and scope did not allow a proper appreciation of its impact on the annual report. And, in contrast to 2003‐ 2005, in this period the auditor identified no significant audit risks relating to the project.

375. I have heard from the auditor that they relied on the project management assessment performed by the previous auditor in 2005, and on management’s general understanding of the project. I find the fact that the auditor regarded these sources as appropriate audit evidence during the 2006 – 2009 period a significant concern. In my view, the auditor should have been independently updating their understanding and assessment of the project as its scope was finalised, the construction contract was awarded, and construction got underway. The fact that the auditor identified no significant audit risks is also a concern, as it meant there was no assessment or testing of the contract arrangement and its impact on the Council’s annual report during 2006 – 2009.

376. The auditor has noted that their understanding was influenced by the fact that the Council’s understanding of the appropriate accounting treatment of the wastewater project during the period of construction was either incomplete or incorrect. The auditor has also suggested that nature of the public‐private partnership arrangements, such as the arrangement put in place for the Council’s wastewater project were new in the context of the local government audits. However, in my view the auditor’s representations further illustrate my concern that the auditor has placed an inappropriate level of reliance on 102 management’s understanding and has not independently performed sufficient appropriate audit test procedures to be satisfied that the accounting treatment was appropriate and that the Council’s financial statements were materially correct. The fact that the auditor acknowledges the complexity of the arrangement suggests that it was reasonable to expect that the accounting and financial implications of the wastewater project would be a significant area of audit risk and focus. As has been explained, it was not. The nature and extent of the auditors reliance on management’s understanding meant the auditor failed to adequately identify the potential impact on the Council’s annual report if the incorrect accounting treatment was applied. In the event, its impact on the 2009 annual report was material.

377. I have already noted significant deficiencies in the auditor’s work on rates, and pointed out that many of the irregularities since identified in the Bill before Parliament should have been detected by the auditor through their test procedures. While these shortcomings may not have changed the decision to issue an unqualified audit opinion, they are nonetheless significant concerns that mean the overall performance of the audit was sub‐standard.

378. Finally, many of the general deficiencies noted in paragraphs 357‐362 above were also apparent in this period. Again, they must be taken into account in my assessment of whether the auditor has met the standards expected and satisfied the overall audit objective.

379. Overall, after reviewing the 2006‐2009 audit files and carefully considering the issues and deficiencies identified, I conclude that the auditor did not satisfy the overall audit objective in this period. The deficiencies noted in the auditor’s work were not identified or addressed through the engagement quality review processes. As there is sufficient evidence to indicate that the Council’s 2009 annual report was materially misstated, I also conclude that the auditor incorrectly issued an unqualified audit opinion on that annual report: it should have been qualified. This assessment is made on the assumption that the errors and omissions were left uncorrected.

Specific findings and observations: audits performed 2010 ‐ 2012

380. After completion and commercial acceptance of the wastewater project in 2009, the infrastructure asset and related borrowings were brought into the Council’s financial statements for the first time as part of the 2010 audit. As noted, the Council did not fully comply with generally accepted accounting practice in its accounting treatment of the project during construction. It addressed this issue as part of the 2011 annual report. The impact of the incorrect accounting treatment on the 2010 annual report was not material.

381. It was during 2010‐2012 that significant irregularities in the management and funding of the project came to light, including irregularities in the setting and assessment of Council rates. From my review of audit files, I am satisfied that the auditor sufficiently and appropriately considered these matters when planning and performing audits in this period, and in forming an overall conclusion on the audit evidence available.

382. In general, the quality of audit planning and performance significant increased in this period. The sufficiency and appropriateness of audit documentation and evidence improved markedly, showing extra effort and resources were applied to auditing the Council’s annual reports/planning document once the irregularities I have referred to came to light.

383. Apart from the initial planning of the 2010 audit, and the auditor’s failure to identify significant audit risks associated with the wastewater project, I find only minor deficiencies in audit quality over this period. Those I have identified were unlikely to affect the auditor’s conclusion or whether the auditor had satisfied the objective of the audit. 

In my view, the audit files for this period generally provide sufficient evidence to support the auditor’s overall conclusion. There is no reason to suggest that the auditor did not satisfy the overall audit objective at the time that they issued their unqualified audit report. Moreover, the auditor’s 2011 and 2012 reports provide additional explanatory information that draws attention to the Council’s disclosure of the irregularities, and their effect on the annual report.

---

13 EQCR (Engagement Quality Control Review) is the term used to describe Audit New Zealand’s independent peer review activity. The term was introduced in 2007. Prior to 2007, this peer review activity was referred to as Professional Standards Review (PSR). For the purposes of this report I use the term EQCR to apply to the independent peer review activity before and after 2007.

14 The Kaipara District Council (Validation of Rates and Other Matters) Bill (the Bill), introduced to Parliament in June 2013.