Audit teams must comply with our audit framework and relevant legislation, including the:
- National Greenhouse and Energy Reporting Act 2007
- National Greenhouse and Energy Reporting Regulations 2008
- National Greenhouse and Energy Reporting (Audit) Determination 2009.
Team roles and responsibilities
An audit team is made up of an audit team leader and other team members.
Audit team leader
An audit team leader is a registered greenhouse and energy auditor who is appointed to an audit. For certain types of audits, they must be individuals registered as a Category 2 auditor.
An audit team leader must have full control of the audit. They must:
- agree to audit engagement terms
- select the audit team and oversee their work
- ensure the peer reviewer is impartial and objective
- take part in the preparation and execution of the audit
- lead the assessment of the audit outputs and prepare the audit report
- ensure the audit meets the requirements of the audit framework and other relevant standards.
The audit team leader should also ensure the quality and completeness of work papers and audit files.
In practice, we don't expect the audit team leader to complete every requirement. But they should supervise the completion of these requirements and make key decisions.
Part 2 of the Determination outlines audit team leader requirements.
Peer reviewer
The Determination requires that the decisions made by the audit team leader during an audit are peer reviewed. A peer reviewer is a person who is impartial and objective and either:
- a Category 2 registered greenhouse and energy auditor
- a company auditor registered under the Corporations Act 2001 who has sufficient and appropriate qualifications, experience and authority to do the evaluation.
Although decisions are peer-reviewed, the audit team leader shouldn't limit their use of other expertise from outside the audit team.
To ensure compliance with Australian Standard on Assurance Engagements (ASAE) 3000, the audit team leader should only sign the assurance report after the peer review is complete.
Section 3.7(2) of the Determination details the peer review requirements.
The role of a peer reviewer
A peer reviewer:
- should have the same (or higher) level of authority and experience as the audit team leader
- can be within or external to the audit firm
- can't be part of the audit team.
The peer reviewer must make sure they have the required subject matter expertise before undertaking peer review.
The peer reviewer must be involved in all stages of the audit.
After completing their review, the peer reviewer should keep on file:
- the proposed independent audit report and documentation prepared in developing the report
- the audit plan, including all comments and tracked changes
- independence and conduct checks.
Impartiality and objectivity
When conducting an audit, all team members must be impartial and objective. They must have professional scepticism of the information they're auditing. They check and assess all information provided to them.
To comply with impartiality and objectivity requirements, we recommend audit team leaders engage different peer reviewers for their audits.
Like auditors, peer reviewers should rotate to remain independent and impartial.
If an auditor uses the same peer reviewer for all audits, there may be concerns about familiarity and potential conflicts of interest.
To ensure peer reviewers remain impartial, we recommend the audit team leader engage a different peer reviewer after 5 consecutive audits for at least the next 2 audits.
Peer reviewers should also provide assurance that they will remain independent. They should review their impartiality and objectivity every year.
Selecting audit team members
The audited body appoints the audit team leader. Under the Act, there must be written authority from the audited body that names the audit team leader. This is referred to as an instrument of appointment.
The audit team leader is responsible for selecting the audit team members. Under section 2.2 of the Determination, they must ensure the team has the knowledge, skills and availability to do the audit.
This means the audit teams are multidisciplinary. It may include:
- assurance practitioners
- engineers
- environmental scientists
- financial, legal or corporate experts.
The audit team leader can invite an external expert if they can't find suitable team members within their organisation. Experts within the audit team have the same requirements as other team members, including independence, quality management and conflict of interest requirements.
Even though the audit team leader is responsible for ensuring the team has the combined skills and experience to perform the audit, the whole team should be part of this evaluation process.
The audit team leader will also need to consider whether the team has enough resources to complete the audit, including:
- time
- equipment
- access to management and key personnel.
Inviting external experts
For some complex audits, the audit team leader may need to include an external expert in the audit team.
To decide if an expert is needed, the audit team leader can consider the:
- team's knowledge and experience of the audit subject
- risk of errors due to the nature, complexity and significance of the audit subject
- quantity and quality of evidence they expect to get during the audit.
For example, an audit team leader may include an expert when auditing:
- a complex direct measurement method developed by the audited body to measure its emissions or other information
- legal opinions prepared by the audited body around the interpretation of key regulatory requirements or terms.
If an audit team leader plans to include an expert in the team, they should:
- assess the skills and objectivity of the expert
- get evidence that the expert's assurance procedures are appropriate and cover the identified assurance risks
- ensure the whole audit team, including the expert, gathers evidence to support the conclusions made by the expert.
The audit team should help guide the expert, especially if the expert hasn't done an audit before.
The audit team leader should keep records of any testing, evidence or reports completed by experts.
Documenting the selection of the peer reviewer
The audit team leader should document the selection and appointment of a peer reviewer in the audit file. It should include details about:
- how the peer reviewer met the impartiality, expertise and characteristics requirements
- what the peer reviewer did and how they were involved throughout the audit
- the outcome of the peer review.
We may need this documentation when we inspect a greenhouse and energy auditor's registration.
Audit standards
There are several national and international standards auditors use when conducting assurance engagements.
Audit team leaders must ensure that audits comply with all relevant audit standards set by the Australian Auditing and Assurance Standards Board. Under section 2.5(c) of the Determination, this includes Australian Standard on Assurance Engagements (ASAE) 3000 Assurance Engagements Other than Audits or Reviews of Historical Financial Information. Depending on the subject matter of the audit, auditors may also need to comply with:
- ASAE 3100 Compliance Engagements
- ASAE 3410 Assurance Engagements on Greenhouse Gas Statements
- ASAE 3450 Assurance Engagements involving Corporate Fundraisings and/or Prospective Financial Information
Auditors may also follow relevant standards published by the International Organisation for Standardisation (ISO), including:
- ISO 14064-1:2018 Greenhouse gases Part 1: Specification with guidance at the organization level for quantification and reporting of greenhouse gas emissions and removals
- ISO 14064-2:2019 Greenhouse gases Part 2: Specification with guidance at the project level for quantification, monitoring and reporting of greenhouse gas emission reductions or removal enhancements
- ISO 14064-3:2019 Greenhouse gases Part 3: Specification with guidance for the verification and validation of greenhouse gas statements
- ISO 14065:2020 General principles and requirements for bodies validating and verifying environmental information.
Auditors may also use the APES 110 Code of Ethics for Professional Accountants, issued by the Accounting Professional and Ethical Standards Board.
Quality management systems
A robust quality management system must be in place for all auditors.
For audits undertaken in compliance with ASAE 3000, ASAE 3100 or ASAE 3410, the quality management system must comply with ASQM 1 Quality Management for Firms that Perform Audits or Reviews of Financial Reports and Other Financial Information, or Other Assurance or Related Services Engagements (ASQM 1).
Peer reviews undertaken in compliance with ASAE 3000, ASAE 3100 or ASAE 3410 must comply with ASQM 2 Engagement Quality Reviews (ASQM 2).
For more information, watch our webinar on quality management standards for audits.
Audit standard ASQM 1
ASQM 1 requires a firm to tailor the design, implementation and operation of its quality management system based on the:
- nature and circumstances of the firm
- types of engagements it performs.
ASQM 1 is structured around 2 processes and 6 components that are designed to operate in an iterative and integrated manner.
The 2 processes are:
- risk assessment process
- monitoring and remediation process.
The 6 components are:
- governance and leadership
- resources
- information and communication
- relevant ethical requirements
- acceptance and continuance
- engagement performance.
ASQM 1 requires a firm to evaluate and make an overall conclusion on the system of quality management at least annually.
The move from Australian Auditing Standard ASQC 1 to ASQM 1 reflects a greater focus on quality management over quality control. ASQM 1 promotes more proactive monitoring of the quality management system as a whole, including the effective and timely remediation of deficiencies.
Audit standard ASQM2
ASQM 2 is a new standard that has been developed to provide an increased focus on the rigour of the conduct of engagement quality reviews.
ASQM 1 outlines the importance of engagement quality reviews in managing quality risks. It includes criteria for when an engagement quality review is required. One of the requirements is when the appointment of an engagement quality review is required by legislation. All Part 6 audits require the appointment of a peer reviewer.
If an engagement quality review is required, then ASQM 2 comes into play and this standard addresses the selection of the individual to perform the review, how it is performed and what should be documented.
ASQM 2 places an increased focus on the objectivity of the peer reviewer, as having the right mindset is essential to effectively evaluating the judgements and conclusions of the engagement team.
ASQM 2 includes 2 key elements:
- eligibility requirements for peer reviewers
- performance of peer reviews.