Auditing March 2014

Introduction Objective Setting the Scene Legislation The Audit Process Outcomes of an Audit Questions March 2014

To provide clarity about what to expect in an audit To go through the legislation relevant to the audit To walkthrough the audit process – what is involved in the process and what is expected of private certifiers and building surveyors in councils To discuss how audit outcomes may impact private certifiers or councils Objective March 2014

Setting the scene March 2014 Select Committee Auditing should go further than checking the documentation. It should also involve checking the building assessment process to find fundamental errors. Victorian Auditor General’s Report on Victoria’s Building Permit System Additionally, the audits focus almost entirely on administrative matters, while compliance with the more critical safety and technical issues is not systematically assessed. Recognised standards of auditing

The Legislation - Section 56B March 2014 Purpose of audits Sec 56B (3)(a) – general provision – check that Building Rules assessment processes and procedures have been undertaken in accordance with the Act and regulations Sec 56B (3)(b) – technical checks – at auditor’s discretion Sec 56B (3)(c) - anything else – prescribed by the regulations

The Legislation - Section 56B March 2014 Undertaking audits Sec 56B (9)– how an audit may be conducted Sec 56B (10) – draft report provided to council or private certifier for response to correct any errors of fact

The Legislation - Section 56B March 2014 Follow up of audits – Registration Authority Sec 56B (6) – registration renewal – evidence of audit compliance with Section 56B Sec 56B (7) – cancellation of registration – not adequately addressed any matter identified in audit

The Legislation - Section 56B March 2014 Audits outcomes - Minister Sec 56B (11) – any significant contravention of Building Rules must be reported by the auditor to the Minister Sec 56B (12) – Minister can give recommendations, directions or disqualification Sec 56B (13) – require an investigation

The Legislation - Section 56B March 2014 Audits outcomes (cont’d) Sec 56B (15) – Minister can change a recommendation to a direction to a council or private certifier if not satisfied with progress Sec 56B (16) – failure to comply with a direction has a fine Sec 56B (18) –Minister can issue guidelines for audits

Audit Framework – prepared based on:  Section 56B of the Act  Standards and principles of – International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors – Standards on Assurance Engagements by the Auditing and Assurance Standards Board. Pilot Program and Review March 2014

Pilot Program and Review March 2014 Pilot program - 8 councils and private certifiers Six month review  In house review performed to identify lessons learnt  Feedback sought from those audited (7 of 8 provided positive feedback)  Independent review by DPTI Audit and Governance Unit

Pilot Program and Review March 2014  Crown Solicitor’s Office advice sought on the application of the legislation  AIBS provided feedback on the draft Audit Framework. All information used to update and improve the Audit Framework Audit Framework endorsed as Minister’s Guidelines -internal document for use by the auditor -subject to independent audit review

The Audit Process March 2014

Planning March 2014 timing agreed scope, approach and timing confirmed in the Audit Planning Memorandum document / information request list sent other matters discussed

Fieldwork March 2014 Based on Section 56B (9) analysing processes and procedures (sec 56B (9)(a)) examining random or selective samples of documents or records (sec 56B (9)(b)) conducting interviews (sec 56B (9)(c)) taking other steps as the auditor thinks fit (sec 56B (9)(d))

Fieldwork March 2014 The key objective of fieldwork is to gather evidence relating to a building surveyor’s compliance with the Act and the Regulations. Hence, the auditor is required to examine or review relevant documents or records as per Section 56B (9)(b).

Fieldwork March 2014 “There are significant gaps in the documentation lodged by building surveyors at councils. This absence of documentary evidence to support assessments provides little assurance that surveyors have carried out their responsibilities effectively and that they are adequately upholding and enforcing building and safety requirements.” Victorian Auditor-General’s Report on Victoria’s Building Permit System (December 2011)

Fieldwork – examples of documents, records or tools to demonstrate compliance use of computer application where legislative requirements are checked internally adopted policies or procedures checklists or check sheets quality review by an independent person relevant documents retained (eg formal notifications, certificates of independent technical experts etc) March 2014

Fieldwork – examples of documents, records or tools to demonstrate compliance relevant correspondence / retained (eg outstanding information request from applicants) assessment notes (eg information considered on aspects of compliance, reasons for any decision made) note to file (eg meetings or discussions held) up-to-date forms and templates consistent with legislative requirements March 2014

Technical checks – key facts Technical checks involve the review of plans, drawings and other documentation (such as alternative solutions) to ascertain compliance with the relevant technical standards or legislation. Technical checks will not be performed for ALL audits – will only be performed when the auditor thinks it is appropriate to do so (Section 56B (3)(b)). Technical checks will be triggered by the specific circumstances surrounding a private certifier or council. March 2014

Technical checks – triggers Technical checks may be triggered in one of two ways: technical checks initiated during the audit process (ie as part of fieldwork); technical checks initiated by other circumstances. March 2014

Technical checks – initiated during the audit process (fieldwork) If the auditor is not able to form a conclusion about the appropriateness of the granting of building rules consents, then conducting technical checks may be the only option. March 2014

Technical checks – initiated during the audit process (fieldwork) Examples that may potentially trigger a technical check: insufficient evidence or documentation that building rules assessments are properly undertaken a lack of documentation or evidence supporting the granting of building rules consents a lack of established procedures relating to the building rules assessment process independence / conflict of interest issues practices that undermine the purpose of building rules assessments or the professional diligence of the building surveyor March 2014

Technical checks – initiated by other circumstances These will be determined by contextual matters within which the undertaking of building rules assessments are being conducted by the council or private certifier. March 2014

Technical checks – initiated by other circumstances Examples that may potentially initiate a technical check: there is a complaint or history of complaints made against a private certifier or council ‘high risk matters’ (eg a building is outside of a person’s usual range of building applications; high profile developments, ‘innovative’ buildings – all could possibly be subject to public scrutiny) existence of ‘hot technical issues’ (eg swimming pool safety, disability access) March 2014

Technical checks – remember! The previous examples are ONLY examples. It is not possible to encapsulate all possible circumstances when a technical check may be appropriate; private certifiers and councils have circumstances and operations unique to them. Nonetheless, the examples should give indication of when a technical check may be required. March 2014

Technical checks – who will perform them? They will be undertaken by an accredited level 1 Building Surveyor. If necessary, expert advice will be sought. March 2014

Technical checks – extent of technical checks A technical check may not necessarily be a 100% check of all technical components of a building application; the extent depends on its purpose. If instigated during the fieldwork, then generally, the Building Surveyor performing technical check will ascertain whether there is any issue for granting a building rules consent. Specific matters to be checked will depend on the nature and complexity of the building application being audited. March 2014

Technical checks – extent of technical checks If instigated by other circumstances (eg there is a complaint, ‘hot technical issue’), the technical check will focus on the relevant technical matters (eg swimming pool safety, disability access, technical matter subject of a complaint etc). It should be noted however, that both instances above may be undertaken in an audit, depending on the specific circumstances of a private certifier or council. March 2014

Fieldwork – potential audit issues Any potential issues identified during the fieldwork will be discussed with private certifiers and councils before a draft report is written. This is to eliminate ‘surprises’ and for the private certifier or council to start thinking about remedial actions early on to address issues. March 2014

Reporting March 2014 Draft report from the auditor is reviewed for any correction of error or fact by private certifier or council (Sec 56B (10)). Agreed actions are discussed. Report is finalised. Report is referred to the Minister or the Registration Authority as may be relevant.

Reporting – rating of audit issues March 2014 Issue ratingDescription / nature of issue Indicative timeframe for addressing issues Significant  Represents a breach of the Act or Regulations that poses a threat to public health or safety; or  There is a gross misrepresentation or negligence in the conduct of work Immediately (issue to be reported to the Minister) High  Represents a breach of the Act or Regulations but there is no threat to public health or safety;  Existing controls or processes are not adequate to ensure compliance with the Act or the Regulations and there are no compensating controls in place Within three months of the report date Moderate  Represents deficiencies in control processes that have residual risks for non-compliance with the Act or the Regulations Within six months of the report date Low  Business improvement opportunities that do not pose risks of non- compliance with the Act or the Regulations No timeframe The following is the issue rating table used as a guide for rating audit issues in the audit report and the indicative timeframe for rectifying them.

Reporting – referral of the audit report to the Minister or Registration Authority March 2014 Section 56B (11) – The auditor must report any ‘significant’ audit findings to the Minister.

Action by the Minister or the Registration Authority March 2014 The audit process (and the auditor’s role) is finished upon the issue of the audit report or, if relevant, upon referral of the audit report to the Minister. Any subsequent action by the Minister or the Registration Authority is outside of the audit process.

Action by the Minister March 2014 Minister can make recommendations, give directions, change recommendations to directions for both councils and private certifiers, and disqualify a private certifier Minister can appoint an investigator to undertake an investigation before taking action – this follows a different process

Action by the Registration Authority March 2014 Section 56B (6) and (7) Provisions regarding the potential impact of the audit report to the registration of a private certifier Registration renewal – progress report to be provided in a form determined by the Minister Registration may be cancelled if any matter identified in audit has not been adequately addressed

Action by the Minister or the Registration Authority March 2014 The provisions of Section 45A and Regulation 93A (natural justice provisions) apply before any disciplinary action is taken - i.e. (1)Opportunity to make a submission on the matter (2)Proposed action – time to make a further submission

March 2014

Questions