Benchmarking of audit regime against audit best practices

Similar documents
AUSTRALIAN ENERGY MARKET OPERATOR INDEPENDENT ASSURANCE REPORT ON AEMO S COMPLIANCE WITH THE GAS SERVICES INFORMATION RULES AND GSI PROCEDURES

We suggest the Consultative Document consider a two prong approach which:

INTERNATIONAL STANDARD ON AUDITING (IRELAND) 210 AGREEING THE TERMS OF AUDIT ENGAGEMENTS

MKO Partners, Chartered Accountants Audit Transparency Report 2015

Regulatory Compliance and Quality Review Programme

Kyte Broking Ltd. Conflicts of Interest Policy Summary Statement. Page 1 of 9

MKO Partners, Chartered Accountants Audit Transparency Report 2016

X5 RETAIL GROUP Rules on External Auditor Independence and Selection Adopted on 1 December 2015 by the Audit Committee

Guidance Note: Corporate Governance - Audit Committee. March Ce document est aussi disponible en français.

Alfa Financial Software Holdings PLC Terms of Reference of The Audit and Risk Committee of The Board of Directors of The Company

RELEVANT TO ACCA QUALIFICATION PAPER P7. Studying Paper P7? Performance objectives 17 and 18 are relevant to this exam

Dun & Bradstreet (Australia) Pty. Ltd

Audit and Risk Committee Charter

JUNE 14, 2017 FREQUENTLY ASKED QUESTIONS ON THE CODE OF CORPORATE GOVERNANCE FOR ISSUERS OF SECURITIES TO THE PUBLIC, 2015

August THE APPOINTMENT OF THE AUDITOR AND THE DURATION OF THE AUDIT ENGAGEMENT: Striving for a Workable Single Market in the EU

BOM/BSD 2/November 1994 BANK OF MAURITIUS. Guideline on Maintenance of Accounting and other Records and Internal Control Systems

INTERNAL AUDIT CHARTER

VOLUNTARY CODE OF CONDUCT IN RELATION TO EXECUTIVE REMUNERATION CONSULTING IN THE UNITED KINGDOM

CORPORATE GOVERNANCE POLICY

ANNUAL PERFORMANCE REPORT DATA ASSURANCE PLAN 2015/2016

Financial Reporting Council AUDIT TENDERS NOTES ON BEST PRACTICE

Risk Management Strategy

Working with the external auditor

Corporate governance. codes compared. Corporate governance codes compared 01

INTERNATIONAL STANDARD

THE IFRS WORKSHOP. Hilton Hotel. Saturday, 11 February /02/2017 Uphold Public Interest

Continuing Professional Development (CPD) Requirements for New Zealand Licensed Auditors

CLP HOLDINGS LIMITED

Health and Safety Audit

Corporate Governance Statement. APN Property Group August 2017

GROUP AUDIT COMMITTEE TERMS OF REFERENCE

Bluewaters Power 1 Pty Ltd

TABLE OF CONTENTS WATER SERVICES ASSOCIATION OF AUSTRALIA PROCESS BENCHMARKING AUDIT PROTOCOLS COPYRIGHT:... 3

Standard on Assurance Engagements ASAE 3500 Performance Engagements

(Non-legislative acts) REGULATIONS

RISK AND AUDIT COMMITTEE TERMS OF REFERENCE

Network Rail Limited (the Company ) Terms of Reference. for. The Audit and Risk Committee of the Board

Basel Committee on Banking Supervision. Consultative Document. External audits of banks. Issued for comment by 21 June 2013

AUDIT AND RISK COMMITTEE For Office of the Police Ombudsman for Northern Ireland. Terms of Reference. September 2016

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

2017 Archaeology Audit Program Procedure Manual. April 2017

Internal Audit Report Corporate Governance and Risk Management

The Essential Guide to the Public Sector Equality Duty

GDPR Compliance Checklist

Statements of Membership Obligations 1 7

Review of agreed-upon procedures engagements questionnaire

Audit Independence Policy

Company Monitoring Framework Risks, Strengths and Weaknesses Statement January 2017

Speedy Group Policy Part of: Group Policies & Procedures

King III Chapter 2 The Social and Ethics Committee. November 2011

PROFESSIONAL LEVEL PART-A: OVERVIEW OF AUDITING AND ASSURANCE

Audit Committee Charter

Code of Practice. for Inspecting and Certifying Buildings and Works. Building Control Regulations 1997 to 2015

Clause-byclause. Interpretation. Transitioning to ISO 9001:2015

ON ARM S LENGTH. 1. Introduction. 2. Background

Enhancing Audit Quality

AUDIT COMMITTEE REGULATIONS. The Supervisory Board appointed an Audit Committee, such in accordance with Article 6 of the Regulations.

Honorary Contracts Procedure

ARCHIVED Audit of Risk Management

ARTICLE 29 Data Protection Working Party

Position Statement. Product compliance and evidence of suitability

Corporate Governance Statement John Bridgeman Limited

25 D.L. Martin Drive Mercersburg, PA (717)

Asset Risk Management Journey Plan

Report on controls over Devon Funds Management Limited s investment management services. For the period from 1 January 2014 to 31 December 2014

POLICY NO. 1-1 DUTIES OF THE BOARD OF DIRECTORS

Horizontal Audit of the Acquisition Cards Process

BOARD CHARTER TOURISM HOLDINGS LIMITED

The Merlin Principles. The Elements of each Principle

Improving resource consent conditions

Template for ToR for Transaction Advisory Services

1 July Guideline for Municipal Competency Levels: Head of Supply Chain and Supply Chain Senior Managers

PHILIPPINE STANDARD ON AUDITING 300 PLANNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 210 TERMS OF AUDIT ENGAGEMENTS CONTENTS

TECHNICAL GOVERNANCE AND ADVISORY STRUCTURES FOR THE STANDARDS DEVELOPMENT PROCESS

Survey of Stakeholder Perspectives of Audit Quality Detailed Discussion of Survey Results

REPUBLIC OF LITHUANIA LAW ON ELECTRICITY 20 July, 2000, No. VIII 1881 as amended by 26 June, 2001, No. IX-408 Vilnius CHAPTER ONE GENERAL PROVISIONS

North York Moors National Park Authority Finance, Risk Audit and Standards Committee

Terms of Reference. Quality and Value Audits

HF GROUP LIMITED BOARD CHARTER

PROCUREMENT GUIDELINES FOR DEVELOPER DELIVERED INFRASTRUCTURE

REVIEW OF DISRUPTION TO THE RTGS SYSTEM ON 20 OCTOBER 2014: AN UPDATE TO THE BANK OF ENGLAND S RESPONSE SUMMARY

Preparing an audit report for Limited Partnerships

Information Governance Strategic Management Framework

Procurement Document

BOISE CASCADE COMPANY

PostNL group procedure

Company monitoring framework

The Higher Education Code of Governance

INSTITUTE OF DIRECTORS

FAC Facility Interconnection Requirements

BERMUDA MONETARY AUTHORITY

King lll Principle Comments on application in 2013 Reference in 2013 Integrated Report

ISCC 204 AUDIT REQUIREMENTS AND RISK MANAGEMENT. Version 3.0

Guidance: Transition for Logbooks for RCA Applications under RG 180 Auditor registration (2016)

CMVM CORPORATE GOVERNANCE CODE 2013 (RECOMMENDATIONS)

AUDITING. Auditing PAGE 1

Loch Lomond and The Trossachs National Park Authority. Key Controls Report

RETAIL MARKET PROCEDURES (VICTORIA)

PrePayPower Limited Paramount Court Corrig Road Sandyford Dublin 18 FreePhone:

Transcription:

Benchmarking of against best practices Introduction 1. In February 2015, the Authority engaged PA Consulting Limited (PA Consulting) to develop a comparison framework to allow the Electricity Authority (Authority) to evaluate its against international best practices in electricity industry ing. 2. In developing the framework, PA Consulting considered international practices in electricity industry ing and noted that there is variation in ing practices across markets because: (a) (b) compliance risks can vary significantly by ed entity and by market governance of ed entities can vary by market. 3. When specifying best practice for the New Zealand, it is important to consider the practices that are most appropriate in the context of the New Zealand. 4. PA Consulting's comparison built on its analysis of international practices by: (a) (b) identifying ing best practice in the New Zealand context developing an comparison framework under which the Authority can review the existing. 5. The Authority has applied the comparison framework to the existing in order to identify opportunities that may exist to improve the. 6. The purpose of this exercise was not to fully align the existing with PA Consulting s definition of ing best practice. Rather, Authority staff applied the comparison framework to guide any changes to the so they align with the Authority s statutory objectives. Authority staff consider this approach will improve efficiency in the market and deliver long-term benefits to consumers. The comparison framework 7. PA Consulting developed the comparison framework by: (a) (b) (c) setting out six dimensions of ing best practice defining ing best practice in the New Zealand context with respect to the six dimensions of ing practice developing a scoring framework to enable the Authority to benchmark and evaluate the against the best practice framework. 8. The six dimensions of ing practice that best practices can be specified against are summarised in Table 1. Benchmarking of against best practice Page 1 of 14

Table 1: Dimensions of ing practice Dimension Question Subcategories Principles and objectives Scope of Assurance What should the overarching goal of the be? What aspects of participant operations should an cover? How can the integrity of the process be assured? high level principles objectives ed entities scope of activities: operational compliance market software compliance IT systems and procedures review governance of process formal assurance requirements Audit approach How should the be carried out from a methodological perspective? approach used to focus effort approach used to evaluate compliance Classification and reporting of findings Logistics How should findings be classified and reported? How should the be carried out from a logistical perspective? approach used to define materiality of breaches and general findings manner in which findings are reported appointment of ors frequency of s timing of s 9. The definition of best practice with respect to each of the dimensions and subcategories in Table 1 is summarised in Table 2. Table 2: Specification of ing best practice Dimension Subcategories Best practice specification Principles and objectives High level principles At a high level an should: provide market stakeholders with assurance that the market is operating properly and in accordance with the market objectives, rules, and subsidiary Benchmarking of against best practice Page 2 of 14

Dimension Subcategories Best practice specification documents. promote compliance with the Code and good industry behaviour. improve the operational efficiency of the market. Scope of Audit objectives Audited entities Scope of activities The should: provide assurance that participants (responsible for the provision of any data or supporting information that impacts on settlement or other financial market outcomes) are compliant with their obligations and have appropriate procedures/systems/controls to mitigate compliance risk. inform the Authority when making Code required certification, approval and next date decisions. provide ed entities with education and information that enables them to improve compliance, mitigate compliance risk, and understand their role in the context of the wider market. The entities ed as part of an should include: metering equipment providers data providers/settlement agents meter testing houses Audit activities should include: operational compliance s. software/tool compliance. IT review of data providers focused on software management, information security, and selected interfaces. Assurance Governance of process The governing body should specify high level requirements with respect to scope and approach. The governing body should approve plans for specific s before they commence. Audit plans should, at a minimum, specify areas of focus and proposed approach. Benchmarking of against best practice Page 3 of 14

Dimension Subcategories Best practice specification The governing body should reserve the right to prescribe reporting requirements (in terms of content, format, etc). Audit approach Classification and reporting of findings Formal assurance requirements Approach used to focus effort Approach used to evaluate compliance Approach used to define materiality of breaches and general findings Manner in which findings are reported The governing body should have the right to prescribe formal assurance requirements (aligned with internationally accepted ing standards (eg, ISAE 3000)) relating to scope, approach and quality control, and or independence and competence, etc. The governing body should require ors to be rotated from time to time. Auditor rotation can be specified either through the appointment of new firm, or through the appointment of a new lead or from an existing firm. A risk-based approach should be used when determining ing focus. Areas of focus in low to medium risk areas should be rotated over multiple s. The or should have a clear understanding of the ed entity s obligations under the Code in the areas that are covered by scope and focus. Compliance testing and should be conducted in accordance with the relevant assurance standard Assessment of business processes areas in focus should enable the or to evaluate the level of compliance risk in that area. Materiality ratings for breaches and findings should be recommended by the or and approved by the governing body prior to the commencing. An ordinal rating based on risk and materiality should be adopted to classify breaches and findings. The or should provide an opinion letter that sets out the scope and findings of the. The or should provide the ed entity and governing body with more detailed reports (as required). Benchmarking of against best practice Page 4 of 14

Dimension Subcategories Best practice specification The governing body should reserve the right to specify mandatory content and formatting requirements for all opinions and reports. Appointment of ors The governing body should appoint ors to review the compliance of the ed entities. The governing body should select a single or for a group of entities where it deems that the appointment of a single or will lead to economies of scale (and therefore lower cost), consistency of approach, and a helicopter view of compliance across a group of ed entities. Logistics Frequency of s Audit frequencies of metering services providers should be set at the discretion of the governing body based on level of risk associated with ed entity as evidenced by: the risk inherent in the ed entities obligations past compliance performance of the ed entity (and therefore the level of risk posed by the ed entity taking into account controls). Timing of s Compliance testing (requiring observed evidence of compliance) and compliance risk assessments of metering services providers should be undertaken during the course of the period (as opposed to once the period has ended). Audit activities which require information covering the entire period (eg, change management records providing evidence that the ed entity has met software management obligations compliantly throughout the period, and has system logs covering the period) should be conducted after the end of the period. 10. The scoring system used to benchmark and evaluate the current against the best practice specifications defined in Table 2 is summarised in Table 3. Table 3: Benchmark categories for comparison framework Score Definition Benchmarking of against best practice Page 5 of 14

0 Does not meet best practice specification 1 Meets some of the requirements in the best practice specification 2 Meets most of the requirements in the best practice specification 3 Completely meets best practice specification Electricity Authority Application of the comparison framework 11. Authority staff have benchmarked and evaluated the existing using the comparison framework. This evaluation is detailed in Table 4 and summarised in Figure 1 below. 12. The dimensions of the New Zealand scored highly (score of 3: completely meets best practice specification) against best practice, including: (a) (b) Scope of : The scope of the includes all parties that can affect the wholesale settlement of the electricity market. Logistics frequency: The frequency of most s is set at the discretion of the Authority. The Authority considers risk posed by the relevant ed entity and their past compliance performance when setting frequency. 13. The areas in which the New Zealand scored poorly (score of 0: does not meet best practice specification) against best practice included: (a) (b) (c) Assurance governance of process: The Authority does not specify scope or requirements and does not approve plans for specific s. Assurance formal assurance requirements: The Authority does not require ors to follow any formal assurance requirements and does not require ed entities to change lead ors after a period of time. Logistics appointment of ors: The Authority does not appoint the or for each ed entity and does not seek to achieve a reduction in costs through a competitive tender process for services. 14. The remaining aspects of, the New Zealand scored 1 (meets some of the requirements in the best practice specification) against other dimensions and sub-categories. This indicates that the has some aspects of best practice in these dimensions but obvious opportunities exist to improve the in these areas. Benchmarking of against best practice Page 6 of 14

Figure 1 Summary of best practice comparison framework against current Principles and objectives Frequency of s Timing of s High level principles 3 2 Audit objectives Scope of Regime Audited entities Appointment of ors Logistics Manner in which findings are reported 1 0 Scope of activities Assurance Governance of process Approach used to define materiality of breaches and general findings Classification of findings & reporting of findings Approach used to evaluate compliance Formal assurance requirements Audit approach Approach used to focus effort Benchmarking of against best practice Page 7 of 14

Table 4: Detailed evaluation of New Zealand against best practice Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning High level principles At a high level an should: 1. provide market stakeholders with assurance that the market is operating properly and in accordance with the market objectives, rules, and subsidiary documents 2. promote compliance with the Code and good industry behaviour 1 NZ meets at least one of the principles fully or at least two partially. The process currently promotes compliance with the Code, therefore there is an intention to improve the operational efficiency of the market. 3. improve the operational efficiency of the market. Principles and objectives Audit objectives The should: 1. provide assurance that participants (responsible for the provision of any data or supporting information that impacts on settlement or other financial market outcomes) are compliant with their obligations and have appropriate procedures/systems/controls to mitigate compliance risk 1 NZ meets at least one of the principles fully or at least two partially. Current s provide assurance that participants are compliant with their obligations. Audit reports provide a decision-making process. Participant education is limited and ad hoc. 2. inform the Authority when making Code required certification, approval and next date decisions 3. provide ed entities with education Benchmarking of against best practice Page 8 of 14

Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning and information that enables them to improve compliance, mitigate compliance risk and understand their role in the context of the wider market. Audited entities The entities ed as part of an should include: metering equipment providers data providers/settlement agents 3 NZ includes all three ed entities. Current meets all best practice requirements. Scope of Scope of activities meter testing houses. Operational compliance s. Software/tool compliance. IT review of data providers focussed on software management, information security, and selected interfaces. 3 NZ includes scope for ing aspects of all three activities. Current meets all best practice requirements. Assurance Governance of process 1. The governing body should specify high level requirements with respect to scope and approach. 2. The governing body should approve plans for specific s before they commence. Audit plans should, at a minimum, specify areas of focus 0 NZ meets one of the specified governance requirements but only partially. The Authority does not specify scope or approach. The Authority does not approve plans. The Code provides the Authority with the right to Benchmarking of against best practice Page 9 of 14

Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning and proposed approach. 3. The governing body should reserve the right to prescribe reporting requirements (in terms of content, and format, etc). prescribe reporting requirements. 1 However this right has not been exercised. Formal assurance requirements 1. The governing body should have the right to prescribe formal assurance requirements (aligned with internationally accepted ing standards (eg, ISAE 3000)) relating to scope, approach and quality control, and or independence and competence, etc. 2. The governing body should require ors to be rotated from time to time. Auditor rotation can be specified either through the appointment of new firm, or through the appointment of a new lead or from an existing firm. 0 NZ meets none of the specified assurance requirements. The current does not require ors to follow formal assurance standards. Auditors are not rotated. Audit approach Approach used to 1. A risk-based approach should be used when determining ing focus. 1 NZ only partially All s under the use risk to focus 1 Clause 10(a) of Schedule 15.1 Benchmarking of against best practice Page 10 of 14

Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning focus effort 2. Areas of focus in low to medium risk areas should be rotated over multiple s. meets this requirement. effort, but the approach is ad hoc and not transparent. In addition, the metering equipment provider s are the only s that consider compliance risk when determining next dates (whereby ed entities who pose a greater level of risk (as evidenced by findings) would be ed at greater frequency than those who pose a lower level of risk). Approach used to evaluate compliance 1. The or should have a clear understanding of the ed entity s obligations under the Code in the areas that are covered by scope and focus. 2. Compliance testing and should be conducted in accordance with the relevant assurance standard. 3. Assessment of business processes areas in focus should enable the or to evaluate the level of compliance risk 1 NZ meets at least one best practice specification fully or at least two partially. Auditors use published guidelines to determine process areas to focus on. No compliance testing or standards are applied. No assessment of business process areas in focus or evaluation of compliance risk in ed areas. Benchmarking of against best practice Page 11 of 14

Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning in that area.. Classificati on and reporting of findings Approach used to define materiality of breaches and general findings Manner in which findings are reported 1. Materiality ratings for breaches and findings should be recommended by the or and approved by the governing body prior to the commencing. 4. An ordinal rating based on risk and materiality should be adopted to classify breaches and findings. 1. The or should provide an opinion letter that sets out the scope and findings of the. 2. The or should provide the ed entity and governing body with more detailed reports (as required). 3. The governing body should reserve the right to specify mandatory content and formatting requirements for all opinions and reports. 1 NZ includes some consideration of materiality when reporting findings; however approach to defining materiality is ad hoc, not transparent, and ratings are not ordinal. 1 NZ meets at least one of the reporting requirements completely Materiality ratings are set in guidelines and are based on directly measurable financial impact on ed entity of failing to comply with Code. The or does not provide and opinion letter. The or produces a detailed report that the ed entity must provide to the Authority. The Code requires that s must be in the prescribed form however it does not include an Benchmarking of against best practice Page 12 of 14

Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning opinion. Appointment of ors 1. The governing body should appoint ors to review the compliance of the ed entities. 2. The governing body should select a single or for a group of entities where it deems that the appointment of a single or will lead to economies of scale (and therefore lower cost), consistency of approach, and a helicopter view of compliance across a group of ed entities. 0 NZ meets none of the specified appointment requirements. The Authority approves ors but does not appoint an or for an. Logistics Frequency of s Audit frequencies of metering services providers should be set at the discretion of the governing body based on level of risk associated with ed entity as evidenced by: the risk inherent in the ed entities obligations past compliance performance of the ed entity (and therefore the level of risk posed by the ed entity taking into account controls). 3 Both considerations are used fully when setting frequency. The frequency for metering equipment providers, reconciliation participants, dispatchable load purchasers and test houses can vary based on the risk inherent in the ed parties obligations and past compliance performance. Benchmarking of against best practice Page 13 of 14

Dimension Subcategories Best practice specification Current NZ score (0-3) Assessment of current NZ Reasoning Timing of s 1. Compliance testing (requiring observed evidence of compliance) and compliance risk assessments of metering services providers should be undertaken during the course of the period (as opposed to once the period has ended). 2. Audit activities which require information covering the entire period (eg, change management records providing evidence that the ed entity has met software management obligations compliantly throughout the period, system logs covering the period) should be conducted after the end of the period. 1 A small number of compliance tests (requiring observation) are undertaken during the period. The current partially meets the best practice specification in that activities which require information covering the entire year are conducted after the end of the period. Benchmarking of against best practice Page 14 of 14

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback