The Auditor-General's Strategy 2009-12

Figure 2
Summary of our Strategy 2009-12

Our vision

Our vision is that our audit and assurance work improves the performance of, and the public’s trust in, the public sector.

Our purpose

Our purpose is to give independent assurance to Parliament, public entities, and the public about whether public entities are:

• carrying out their activities effectively, efficiently, and appropriately;
• using public funds wisely; and
• reporting their performance appropriately.

Our strategy

To achieve our vision, our strategy for 2009-12 is to generate greater insight and value from our work.

We will do this by:

• better understanding the objectives and operating environments of public entities;
• better using the full range of our resources to identify and address issues and risks within public entities and the public sector; and
• better customising our reporting.

Better understanding of public entities

We intend to put in place a broader approach to risk assessment to generate better information about the effectiveness, efficiency, and appropriateness of public entities’ activities. In particular, we aim to achieve this through annual audits, which are our major output and the basis for gathering information and building knowledge about all public entities.

A broader approach to risk assessment through annual audits will involve building a better understanding of each public entity’s purpose and outcomes, and its main services, processes, and financial operations.

Our intended approach will focus on elements common to a range of public entities – for example, the public entity’s:

• clarity of strategic planning;
• communication of, and adherence to, integrity and ethical values;
• participation of people with governance responsibilities;
• overall legislative compliance arrangements;
• major entity-level controls over key business processes;
• risk identification, assessment, and management practices;
• information systems and communications that support the implementation and maintenance of management and service delivery intentions and controls;
• monitoring of policies and processes;
• organisational structure and assignment of authority and responsibility; and
• management philosophy and operating style.

Better using the full range of our resources

An annual audit provides assurance about the fair disclosure of information. The annual audit cannot ensure that the public entity has properly assessed, reported, and addressed the effect of all issues and risks identified from an organisational perspective.

However, through annual audits, we have contact every year with every public entity in New Zealand. This is a unique position that potentially gives us more information and knowledge about the state of the public sector and its risks and issues than anyone else. Such issues and risks may relate to individual public entities, groups of public entities, or the public sector as a whole.

We intend to use the Auditor-General’s discretionary reporting mandate (for performance audits, inquiries, and other audit and assurance services) to focus more on risks and issues that arise from annual audits, but that are not necessarily able to be fully explored within those audits. This will allow us to give more in-depth consideration to risks and issues arising from the annual audits within individual public entities, within sectors, or throughout the public sector. We would then apply what we learn from our discretionary reporting work to our annual audit work and to specific feedback to help public entities improve their performance.

Public entities vary significantly in their purpose, size, complexity, nature, and effect on the public. Therefore, as part of achieving our strategy, we need to address the extent to which issues and risks are assessed within public entities or sectors, and how we manage information and knowledge about public entities to identify risks for sectors and the public sector overall.

We recognise that, while the independence of the Auditor-General is an important constitutional safeguard, we are part of a wider system to ensure that public entities operate effectively and efficiently and are publicly accountable. We intend to explore how to better communicate with, and support action by, other agencies in the wider system so that we can contribute to the understanding and addressing of risks within and across public entities.

Assessing risk and escalating issues from annual audits

We intend to further develop our approach to assessing risk and escalating issues from annual audits. For smaller public entities, this approach will involve:

• high-level risk assessments as part of annual audits, with analysis focused on identifying sector issues;
• a limited number of performance audits and specific annual audit work based on identified sector issues, and inquiries carried out in response to public and Parliamentary requests; and
• escalation, where appropriate, of significant issues (in particular, issues not addressed through any of our assurance or reporting mechanisms) to other agencies, such as the State Services Commission or a monitoring department.

For larger and more complex public entities, we will take a more intensive approach to assessing risk and escalating issues from annual audits. This will involve:

• comprehensive risk assessments to identify public entity, sector, and across-sector issues;
• integration and deployment of discretionary resources through a planning process to consider public entity, sector, and across-sector issues – in particular, issues not able to be explored through annual audit work;
• addressing selected issues through the Auditor-General’s range of discretionary auditing and reporting powers, including performance audits, specific issues-based work as part of annual audits, and Office-initiated inquiries (as well as responding to public and Parliamentary requests); and
• escalation to other agencies (where appropriate) of significant issues – in particular, issues not being addressed through any of our assurance or reporting mechanisms.

Better customising our reporting

Our overall intention is to ensure that our reporting is relevant and timely so that Parliament, the public, and public entities can get the maximum assurance and improvement benefit from our work.

In particular, the public entities that we audit want us to focus on:

• demonstrating greater understanding of their business rather than just auditing their finances;
• helping them to identify issues and solutions;
• sharing beneficial information from others with similar issues and good practice information; and
• providing them with timely information about audit expectations, and changes and opportunities for improvement related to legislative and accounting requirements.

We envisage generating greater insight from our work by customising our reporting to public entities, Parliament, and others. This will involve changing the way we report to better suit the issue and the audience.

Our reporting will be informed by our efforts to better understand public entity risks, and by better integrating and deploying the Auditor-General’s discretionary auditing and reporting powers around these risks. For each issue, we will identify who the information is relevant to and the most timely and effective way to provide it.

Much of our current discretionary reporting focuses on producing a specified number of reports that are presented to Parliament. Parliament is our main stakeholder, and formal reporting to Parliament will continue to be important. However, we consider that expanding the range of ways and formats that we use for reporting will allow us to provide more effective products to help public entities improve their performance.