NIAO Quality Report 2024 - 2025

Foreword from the Comptroller and Auditor General (C&AG) – Dorinnia Carville

This is my third quality report as the C&AG of the Northern Ireland Audit Office. 

Last year I reported that, while it was a rewarding year, there were many challenges.  I am pleased to report that we have successfully addressed many of these challenges with noteworthy achievements during the year. 

One of the biggest challenges of the previous year was the implementation of our new International Standard on Auditing (ISA) 315 financial audit approach and this was reflected in our quality control review scores for the year.  I reported that we had responded by undertaking a robust post implementation review and developing detailed action plans to address issues raised by our Quality Control Reviewers.  I am pleased to report that this has resulted in much improved quality control review scores this year.  This is testament to the professionalism and commitment of NIAO’s people to embed the new methodology and enhance the quality of our work, and our commitment to learning and developing as an organisation.  We continue to place a strong emphasis on responding to the findings of this year’s reviews to enhance our audit quality even further as the environment that our audited bodies operate in becomes increasingly complex alongside increased regulatory and professional standards for auditors. 

Financial audit often involves technical judgements to be made, some of which will result in modified audit opinions. However, it is an extremely unusual occurrence for the audit opinion on the financial statements of a government department to be disclaimed. Due to the inability to obtain sufficient, relevant and reliable audit evidence to support the information in the 2023-24 financial statements of the Department of the Economy, I issued a disclaimer audit opinion, outlining my rationale in a detailed report to the financial statements. 

The disclaimer was considered by the Public Accounts Committee (PAC) and I have continued to provide support to the Committee on this and other significant inquiries including mental health services, public procurement, child poverty, major capital projects and developing skills for NI’s future. The PAC’s interest in these matters helps to promote good governance and accountability across the Northern Ireland Civil Service. 

During 2024-25 we delivered an ambitious and wide-ranging portfolio of public reporting work which included publication of reports on topics such as waste management, soil analysis, managing the schools’ estate, ambulance handovers, homelessness and health and social care imaging services.  We also published a good practice guide on effective audit and risk assurance committees which I hope will be helpful to our audited bodies and their non-executives in strengthening governance and accountability in public services. 

We continue to invest in our people and grow the business to build enhanced capability and capacity.  Progress has been made in a number of areas including recruitment of  additional IT audit expertise which enabled us to deliver all IT audit work on the 2024-25 audit portfolio in house for the first time. We continue to recruit talented individuals to join our organisation and further build on the quality of our organisation and our work. 

I was delighted to publish our new Corporate Plan which sets out our priorities for the period 2024-2029: 

  • High quality public audit;

  • Improve outcomes and accountability; and 

  • Invest in our people.

During the year we completed our biennial staff engagement survey.  It was encouraging to note many of the positive reflections contained within the survey results.  For example, 71% of respondents agreed that they have the training to do their job effectively, 77% of respondents agreed that their manager recognises when they perform well and 76% of respondents are proud to work for NIAO. There is more that we can do to improve the employee experience at NIAO and therefore, in response to the survey results, we have developed a People Engagement Programme with a focus on the areas that staff feel we can enhance. I look forward to reporting on the progress we have made next year.

I remain very proud of the work of the NIAO and our achievements. As we move into 2025-26 we will continue to embrace opportunities to deliver against our vision of independence and excellence in audit to improve public services.
 

Introduction  

NIAO is committed to delivering high quality audits and we seek continuous improvement in the work that we do. We design and implement our quality arrangements to ensure compliance with auditing standards.

 

International Standard on Quality Management (ISQM) 1 requires firms to design, implement and operate a system of quality management (SOQM) to manage their engagement quality. ISQM 2 builds upon ISQM 1 by including specific requirements for engagement quality review, which forms part of the system of quality management. 

 

NIAO has a fully embedded Quality Manual and, a detailed annual Evaluation of Quality Management is undertaken by the Technical and Quality team and presented to the Senior Leadership Team (SLT) each December.  The most recent evaluation in December 2024 concluded that the NIAO system of quality management provides the Office with reasonable assurance that the quality objectives are being achieved. 

 

This report covers our audit quality arrangements and monitoring activity under ISQM1 for the year ended 31 March 2025.  Its analysis is at the heart of our corporate priority of delivering high quality public audit and ensuring our stakeholders have confidence in NIAO providing oversight and assurance on public sector spending.

Dorinnia Carville – Comptroller and Auditor   General 

Rodney Allen – 

Chief Operating Officer

Ultimate responsibility and accountability for the NIAO's system of quality management rests with the Comptroller and Auditor General.

Quality Management Director assigned responsibility for the system of quality management, including compliance with independence requirements and the monitoring and remediation process.

 

Executive Summary - Key facts for 2024-25

 

This section of the report summarises the key facts for 2024-25. 

Our system of quality management is underpinned by a suite of policies and procedures including:

 

The Office recruited fourteen staff consisting of one Head of people, one information systems manager, one Senior Auditor, three auditors, two performance auditors, three Trainee Accountants and three Higher Level Apprentices. We are a registered training organisation and support the Graduate Trainees in completing their qualification with Chartered Accountants Ireland. In addition, we provide professional training for our Apprentices undertaking the Institute of Accounting Technicians Ireland qualifications.

During 2024-25 eight staff left the office.

During 2024-25 we experienced our second full cycle of audits under the new financial audit approach, which had been developed to ensure compliance with ISA 315. Following the post-implementation review conducted in the previous year, the new audit methodology has been successfully integrated, and our teams have gained good experience of applying it. We also introduced a new approach for auditing group accounts, in order to comply with the revisions of ISA 600 which will apply to 2024/25 audits. To ensure the smooth transition to the new group audit approach new audit templates were developed and training sessions were held. 

Further technical training was organised for staff on a range of topics including:

  • Data Analytics – use of Adapt (our internally developed data analytics tool which supports staff in completing risk assessments and selecting samples) and the new Data Analytics portal;

  • IT audit – IT Environment Risk Identification and Assessment;

  • ISA 600 – overview of changes to the standard and changes to our approach;

  • Local Government update;

  • Financial Accounting Update; and

  • Auditing Standards Update;

  • Financial audit and public reporting development days;

  • CIPFA certificate in Performance Audit Fundamentals; and

  • Data visualisation.

Work on a new audit manual to supplement current guidance and support teams in applying current methodology commenced in 2024-25. It is anticipated that the manual will be completed in Autumn 2025.

During 2024-25 we certified 109 central government accounts and 15 local government accounts. In the period we also certified 27 prior year accounts. In total, 28 audits with significant matters of judgement were referred to the Technical Director. The C&A­­G’s opinions on 15 accounts were qualified (some accounts received more than one qualification) and a further 9 opinions were modified (but not qualified). The C&AG also disclaimed her opinion on 1 account. 

Six financial audits were subject to an internal Engagement Quality Review by an independent director. In each case, the engagement quality reviewer upheld the conclusions reached by the engagement team. 

                   Five financial audits were subject to external quality control review (QCR) by the Institute of Chartered Accountants in England and Wales (ICAEW). This is the fifth year that ICAEW has independently reviewed our audits. Our contract with ICAEW expired in April 2024 and a procurement exercise was completed to obtain an external quality control reviewer for 2024 onwards. ICAEW were successful in the procurement. Four of the audit files reviewed were rated as ‘generally acceptable’, One of the audit files was rated as ‘improvement required’.  In addition ICAEW identified a number of areas of good practice on the files. 

                 

                 In response to the issues raised by ICAEW, the Technical and Quality Team facilitated the completion of root cause analysis exercises at the conclusion of each quality control review. Considerable time and effort went into completing the root cause analysis work which entailed liaising closely with the engagement teams to understand the reason for any issues identified during the reviews and to develop detailed action plans, the implementation of which will be monitored by the Technical and Quality Team and reported to SLT. 

                    

In response to the quality control reviews:

  • an audit policy circular documenting the results of the quality control review process was shared with all staff;

  • a feedback session was held to provide feedback from the QCRs and to offer an opportunity for staff to ask questions to clarify their understanding of issues raised.  

This was competed with the aim of ensuring the quality of our work continues to improve and our people continue to learn and develop. Staff were asked to review the findings and take recommendations into consideration when undertaking all future work. 

 

During 2024-25 we published:  

 

Two public reports published in 2024-25 were peer reviewed by Audit Scotland. The reviews found our reports to be “balanced, authoritative and persuasive”. The review also included learning points that was shared with staff working on public reporting.   
 

We undertook a survey of audited bodies during the year and feedback continued to be very positive, with overall impressions being:

  • 93% indicating that NIAO audit staff provided a high quality and professional service;

  • 91% consider that the NIAO’s work leads to improvement in the provision of public services;

  • 98% considered NIAO good practice guides as a useful resource

We also undertook a survey of the Members of the Northern Ireland Assembly’s Public Accounts Committee during the year and feedback was very positive.  Members indicated that they were satisfied with the level of detail in our public reports and their ability to support an effective Inquiry.  Members were also satisfied with the NIAO’s engagement with the Committee and its role in supporting the work of the Committee throughout the current Mandate.

 

 

Part One: Policies and procedures

The quality management policies, procedures and practices of the NIAO are currently documented in the ‘Quality Control in the Northern Ireland Audit Office’ (Quality Control guide), supplemented by, and cross referenced to, a variety of documentation and procedures including:

 

NIAO has a fully embedded Quality Manual, and a detailed annual Evaluation of Quality Management is undertaken by the Technical and Quality team and presented to the Senior Leadership Team (SLT) each December.  The most recent evaluation in December 2024 concluded that the NIAO system of quality management provides the Office with reasonable assurance that the quality objectives are being achieved.  Currently we use a software package ‘Pentana audit’ to record our financial audit work.  We regularly review our audit software and benchmark with audit other institutions to ensure our staff can access modern and up to date software. 

 

During the year our internal data analytics team successfully developed a bespoke in-house tool called Adapt which is used to reconcile accounts, perform journal risk assessments to inform our audit work and select samples.  The tool is now used by all departmental audit teams and it has contributed to more focused and informed audit testing.  Work is ongoing to further develop this tool for use on a wide range of audited bodies including Further Education Colleges and Councils.   The team has also developed and implemented a data warehouse which currently holds all data for central government departments and some NDPBs.  Again, this will be rolled out further during 2025-26.  Development work in this area will continue in the coming year along with consideration on the potential for Artificial Intelligence to enhance our work.

 

We regularly review our audit software and benchmark with other audit institutions to ensure our staff can access modern and up to date software. We continue to make greater use of technology in our audits by investing in the use of data analytics to improve quality, insight and efficiency, which allows us to examine high volume data sets and focus on high-risk or unusual patterns in our audit work

 

The NIAO’s Advisory Board which supports the C&AG in her role as Accounting Officer, by reviewing the comprehensiveness and reliability of assurances on governance, risk management, the control environment and the integrity of financial statements and the annual report. To provide support in these functions, the Board has established the Audit and Risk Assurance Committee (ARAC) to review the comprehensiveness of assurances on systems of internal control, risk management and corporate governance. ARAC comprises three nonexecutive Board members of NIAO, excluding the NIAO Board Chairperson, and is independent of all NIAO operational activities.

In December 2024 Marie Mallon OBE was appointed as Chairperson of the Advisory Board and three new non-executive members were also appointed taking up post from April 2025.

 

ARAC was kept informed about issues relating to quality throughout the year and was updated on the results of the quality control reviews (QCR). The Committee considered the key reasons for the results and the action being progressed as a result of the review. 

 

We now publish any potential conflicts of interest of the Senior Leadership Team and our Advisory Board members on our website to further enhance transparency. 

Part Two: People

The NIAO People Strategy is central to our strategic and organisational planning and supports the achievement of our overall strategic priorities, delivered through a comprehensive People Plan. 

Recruitment, retention and development of staff continues to be a high priority for NIAO, in order to maintain and develop as an organisation and it is essential that these priorities are supported by strong leadership. As an Investors In People (IIP) accredited organisation we are committed to the continuous investment in our people’s development, talent and motivation. In May 2024 the Office was notified that Standard Investors in People Accreditation has been retained. That process highlighted many positive indicators and a number of areas for development that have supported action planning for continuous improvement.

Towards the end of the year, we undertook a biennial staff engagement survey and in response to the findings report have initiated a NIAO People Engagement Programme, providing a thematic framework with a focus on areas our staff have told us they feel we can further enhance. Each key theme will be Director led, reporting to a Steering Group for oversight and guidance. In the months ahead, a series of engagements is anticipated across the organisation to secure staff involvement and participation to progress the NIAO People Engagement Programme and critically to inform how we make further improvements in the journey of investing in our people and making NIAO a great place to work. 

Independence

The Chief Operating Officer Rodney Allen, as Quality Management Director is responsible for policies and procedures in respect of integrity, objectivity, independence and compliance with the Financial Reporting Council’s Ethical Standard. 

The NIAO Code of Conduct (the Code) outlines the ethical requirements to which staff must adhere. The requirements encompass the five fundamental principles of professional ethics:

The Code restates the established policy that staff need to be independent of audited bodies or other interested groups and have an unbiased attitude to the issues and topics under review. It requires staff to complete an annual return setting out in writing any potential conflicts of interest, including personal or domestic relationships with employees of bodies they audit.  All completed declarations are recorded and held centrally in the eHR system. The Code makes it clear that staff are expected to notify their line director immediately of any changes in circumstances affecting their previous declarations. In addition, all staff record a declaration of independence on the audit file of each engagement they work on.

The Ethical Standard requires the engagement team to consider threats to independence, objectivity and integrity in respect of all covered persons. The definition of a covered person is "a person in a position to influence the conduct or outcome of the engagement". On an annual basis, the Quality Management Director identifies all covered persons and for each obtains details of interests notified in their Code of Conduct return. Where the Quality Management Director considers these individuals have potential conflicts with audit engagements, he will notify the engagement directors and audit managers affected to ensure that appropriate safeguards are put in place to mitigate risk. For the purpose of evidence on audit files, confirmation is provided to all staff when this exercise is complete.

The Financial Reporting Council’s revised ethical standard became effective in December 2024.  In response, we developed internal ethical training which was completed by director led teams and was mandatory for all staff. 

 

Staff rotation 
 

To safeguard against conflicts of interest arising as a result of over familiarity, we have a policy of rotating staff. It is our policy for engagement directors and engagement managers to continue with a specific client or engagement to the fifth year of association (inclusive) unless there are any identified threats to their or the C&AG’s objectivity or perceived loss of independence that cannot be properly mitigated.

In years six and seven the presumption is that engagement directors and engagement managers will be rotated due to length of association alone unless there are overriding operational reasons for them to remain in place.  No engagement director or engagement manager will act as part of an engagement team for a period of more than seven years in any twelve year period. Once rotated, relevant individuals should have no further involvement in work relating to the client for a further five years.  Where an engagement quality reviewer involved in a financial audit becomes the audit engagement director, the combined period of service in these positions shall not exceed seven years. We also have a cooling off period of two years before the engagement director can assume the role of engagement quality reviewer.

Where the role of engagement director is delegated, the same rotation policy applies to the individual undertaking the role. All other staff will be rotated regularly to ensure that they have experience across audit clients.  No member of staff should work on a particular engagement for a period of more than seven years within any twelve-year period.

Any firms contracted to undertake financial audit work on behalf of NIAO also rotate staff in line with this policy. 

 

Hospitality

We maintain a register of all hospitality offered to NIAO staff. For transparency, disclosures of hospitality and gifts accepted, declined and provided by each NIAO Non-Executive Member and member of the Senior Leadership Team are published on our website annually. 


Recruitment 

 

We continue to seek to recruit and promote the best quality candidates to meet our current and future needs.  Recruitment is competency and values based, and in compliance with equal opportunities requirements.  In 2024-25 we focussed on attracting quality people, including different skills and abilities to add to the diversity to our workforce and keep pace with developments.

The office recruits Higher Level Apprentices (HLAs) in Accounting and Trainee Accountants annually with a view to developing our own qualified accountants.  There is a dedicated programme of training relevant to the trainees tenure within the organisation and the appointment of a mentor to support professional development in addition to vital on the job the training within their teams.

During 2024-25 a total of eight staff left the Office. We recruited 14 staff during this time.

 

An online resourcing tool, Time and Space, is updated and monitored regularly and management routinely considers resource allocations to ensure that the Office has sufficient personnel with the capabilities, competence, commitment and ethical principles necessary to perform its engagements. 

One of the challenges we continue to face is increased market demand for qualified experienced auditors. In response to that we continue to look at ways to raise awareness and attract more applicants whilst also enhancing our ability to develop and retain staff.  For example, during 2024-25 we partnered with Queen University Belfast’s new Masters in Accounting programme and hosted two paid placement students for 12 weeks beginning in January 2025. The placement provided the students the opportunity to learn the function of the Northern Ireland Audit Office in providing scrutiny of public sector finances. Placement students were provided with a meaningful learning and development experience related to and broadening their accounting and auditing knowledge.

 

Competence and capabilities of staff

We have established policies and procedures designed to provide the Office with assurance that it has sufficient personnel with capabilities, competence and commitment to ethical principles necessary to perform its engagements in accordance with professional standards, and regulatory and legal requirements.  These policies and procedures are recorded in the Office’s personnel, management information and audit  Policy Circulars supported by the Northern Ireland Civil Service (NICS) Staff handbook. To ensure compliance with ethical and professional requirements, the competence of financial audit teams is considered and documented at the outset of each audit engagement as part of risk management procedures. 

Learning and Development

The Office acknowledges the importance of and encourages and supports the training and development of all staff to maintain and develop the required capabilities and competence necessary. The Development and Talent Management Strategy directly aligns with the Corporate Plan for 2024-2029 and is a fundamental part of the strategic pillars within our People Strategy. This strategy supports the achievement of our strategic priorities and is intrinsically linked to our values. Seven key areas of learning and development have been outlined in the strategy and form the basis of an organisational Learning and Development plan that is currently being finalised.

The Office develops the capabilities and competence of its staff through a combination of structured and unstructured training, work experience and coaching, influenced by a 70-20-10 Model for Learning.

The performance management framework includes a consideration of training undertaken during the period under review and a review of current developmental needs.

We are a registered training organisation and support the Trainees in completing their qualification with Chartered Accountants Ireland. In addition, we provide professional training for our Apprentices undertaking the Institute of Accounting Technicians Ireland qualifications.

In order to make a positive impact in delivering our priorities, it is essential that our staff are experienced and skilled in the work that they undertake.  Approximately 65 per cent of staff have professional accountancy qualifications, allowing us to meet the professional standards required of all financial auditors. This base is supplemented by other staff with relevant professional and research skills, IT audit and data analytics skills and by contractual agreements with private firms.

To assist in the achievement of the above, our Technical and Quality Team develops an annual training programme to address technical training skills.  This includes a number of mandatory training courses each year, to ensure audit quality and non-attendance at these courses is monitored and followed up on. Staff can apply for a variety of training courses to meet Continuing Professional Development (CPD) and the competency requirements of their work.  Booking takes place via the eHR system which facilitates accurate recording of training and development. In addition to booking training, eHR allows staff to centrally record their CPD activities, including those undertaken outside core work. Qualified staff have a responsibility to ensure that they are attending sufficient courses and updating their knowledge in order to comply with the requirements of their respective professional institutes and are supported by the office to maintain professional accreditations with respective Institutes. 

The training needs for staff are identified from a variety of sources including:

  • strategic workforce planning;

  • Corporate/Business plans;

  • changes in working practices e.g. new technology, legislation and systems;

  • technical requirements;

  • professional requirements; 

  • statutory and mandatory requirements; and

  • performance management, including personal development plans.

     

During 2024-25 we experienced our second full cycle of audits under the new financial audit approach, which had been developed to ensure compliance with ISA 315. Following the post-implementation review conducted in the previous year, the new audit methodology has been successfully integrated, and our teams have gained good experience of applying it. We also introduced a new approach for auditing group accounts, in order to comply with the revisions of ISA 600 which will apply to the audit of the 2024-25 Annual Report and Accounts. To ensure the smooth transition to the new group audit approach new audit templates were developed and various training sessions were held in person and recorded. 

Further technical training was organised for staff on a range of topics including:

  • Auditing de-brief day; 

  • Data Analytics – use of Adapt (our internally developed data analytics tool which supports staff in completing risk assessments and selecting samples) and the new Data Analytics portal;

  • IT audit – IT Environment Risk Identification and Assessment;

  • ISA 600 – overview of changes to the standard and changes to our approach;

  • Local Government update;

  • Financial Accounting Update and

  • Auditing Standards Update.

In addition to formal training provided, we issued guidance on several technical matters, such as dealing with excess votes; leases disclosures due to the change in IFRS 16; the impact of irregularities on the true and fair audit opinion; and material uncertainties in valuation reports.

We continue to provide all of our audit staff with access to croner-i.  Croner-i is an online reference service which allows users to access auditing and accounting standards as well as providing online training and practical interpretation/application of the standards. 

New staff, at all staff levels are assigned a ‘buddy’ when they join and as an additional quality measure for leadership. 

On-boarding procedures include training on NIAO methodology provided to all new staff. Junior members of staff at trainee grades are also provided with in-house introductory accounting and audit training prior to commencing their studies.

We continued to provide a range of technical training for our public reporting staff. We held a public reporting development day, the morning of which comprised of training on report drafting delivered by a team from the National Audit Office. We have also identified the CIPFA Certificate in Performance Audit Fundamentals as being relevant to our work. Three staff have successfully completed the certificate and we are now planning to roll the training out more widely to the remaining staff working on public reporting. Further training on data visualisation has taken place for our champions network – and further updates are planned. 

 

Staff Wellbeing 

The Wellbeing Strategy launched in October 2023 aimed at ensuring individual and organisational wellbeing is embedded in everything we do.  An action plan for the year has successfully been delivered.  The Wellbeing Committee continues to support the delivery of our Wellbeing Strategy and action plan through our wellbeing champions, and planning and oversight of a calendar of events to focus on our pillars of physical, mental, social and financial wellbeing. Activities this year have included nutrition and sleep workshops, yoga, wellbeing walks, flu vaccines, blood donation and volunteering opportunities with our local food bank and National Trust.  Our programme is supplemented by access for all staff to an on-site gym and a wide range of social events arranged by our active Sports and Social Committee who work in partnership with our Wellbeing Committee. 

All staff have access to a Wellbeing Hub that can be accessed via the intranet site or app anytime. The Hub promotes details of wellbeing activities as well as providing access to advice, information, tools and resources and signposting to partner bodies. The Hub has been customised to provide access to your own policies and procedures, and Audit Office internal stories and articles.  An Employee Assistance Programme is also available for staff, providing direct access to health and wellbeing support including free confidential counselling services. As part of our wellbeing support all staff were offered free Health Checks which were very positively received. 

 

Performance management 

The current performance management system provides a framework, including process, documents and tools, to clarify work priorities, discuss expectations, review performance, and plan and support development to continue to build capabilities.  The aim is to promote a culture of continuous dialogue about practice (behaviours) and performance (delivery) based on clear expectations. It is based on a partnership between the individual and the organisation. The process is about recognising and supporting the ongoing development needs of staff, so that they can contribute towards organisational performance to the best of their ability and develop as individuals. 

Performance reporting is recorded using the Office’s eHR application.  This assists the Office in monitoring compliance with its performance management policy.

 

Use of external resources

We contract out, in financial terms, around 21 per cent of our financial audit work to private sector firms. We work in partnership with these firms, and this enables us to benchmark our work against the private sector to demonstrate quality and efficiency. The objective is not just about managing peaks in our workload, although this is a key element. 

In all cases of contracted-out audit arrangements, the C&AG retains overall responsibility for the audit of the financial statements and will sign the audit certificate/opinion and report.

In 2023-24 we appointed new contractors for the next few years.  We noted changes in the marketplace in terms of availability of firms and associated costs. 

We therefore decided to build internal capacity and deliver all IT audit work in-house.  To achieve this, we recruited additional staff with specialist IT audit skills, supported an auditor to undertake their ISACA Certified Information Systems Auditor (CISA) qualification and offered IT audit training to all staff. This enabled us to deliver all IT audit work internally in 2024-25 for the first time.  

We continue to keep under review the extent we work in partnership with private sector firms.

Acceptance and continuance procedures

In light of the statutory appointment of the C&AG as auditor, acceptance procedures are not always relevant to the Office. However, we have procedures in place to provide assurance that we only undertake or continue relationships and engagements where we have:

  • considered the integrity of the client;

  • the competency to perform the engagement;

  • the capabilities, time and resources to do so; and

  • where it has confirmed that it can comply with ethical requirements.

The vast majority of audits undertaken by the Office are by statutory appointment and in these circumstances, we cannot withdraw or decline the appointment. However, Practice Note 10 Audit of Financial Statements and Regularity of Public Sector Bodies in the UK (Revised 2024) (PN 10) indicates that there are other avenues open to the Office; for example, we can report to the NI Assembly on matters that might otherwise have caused us to withdraw from the engagement. 

 

Acceptance and continuance procedures are embedded within the Quality Control guide and the electronic audit template for all audits regardless of whether these are statutory appointments. All new client and engagement requests must be submitted to the C&AG for approval. Staff have been reminded to be alert to the requirement for public bodies to consult with the Office in cases where the Department of Finance has agreed that the accounts of a body should be subject to examination and certification by the C&AG, or that the C&AG should have rights of inspection. There were no new engagements accepted during 2024-25.

Part Three: Engagement performance

 

Overall responsibility for engagement performance and quality rests with the engagement director assigned to each audit. 

During 2024-25 we certified 109 central government accounts and 15 local government accounts. In the period we also certified 27 prior year accounts.

Technical and specialist advice

We have a designated Technical Director whose responsibilities include:

 

 

The Technical Director, supported by the Technical and Quality Team, is available to advise staff on complex or judgemental accounting and auditing issues.  All qualifications or proposed qualifications must be referred to the Technical Director. Should a conflict situation arise (e.g. the Technical Director is involved in an audit requiring technical review), the matter will be allocated to an independent director or handled by the Quality Management Director.

Differences of opinion within the engagement team or between the engagement team and the engagement quality reviewer should be referred to the Technical Director for resolution. 

 

During the year a wide range of technical guidance and advice was provided on key audit or accounting issues. This covered areas such as using the work of experts; the impact of irregularities on the true and fair audit opinion; budgeting influencing accounting; and material uncertainties in valuation reports. In total, 28 audits with significant matters of judgement were referred to the technical director during 2024-25. Arising from these, the C&AG’s opinions on 15 accounts were qualified (some accounts received more than one qualification), the C&AG disclaimed her opinion on 1 account and a further 9 opinions were modified (but not qualified). 

 

Review of engagement performance

During the period, the vast majority of audits performed were subject to a two-stage review process:

Audits that are assessed as being lower risk and lower complexity have only one stage of review and are delegated to another member of the audit team who will act as the engagement director.  The rationale for adopting this approach will be clearly documented and approved by the portfolio director.

Engagement Quality Review (EQR)

A further level of review is performed on the audits of those accounts deemed to be high risk or high interest.  This independent review is carried out by an engagement quality reviewer whose role is clearly defined. 

 

The independent review process is designed to provide an objective evaluation of the significant judgements made by the engagement team and the conclusions reached.

 

As part of the financial audit planning process, the engagement director is responsible for determining whether the audit requires an EQR based on the following considerations:

  • whether the entity is a Public Interest Entity (PIE) or whether    any relevant laws or regulations require an engagement quality review; or

  • the nature of the engagement, including the extent to which the entity’s financial statements are of high Assembly or public interest; or

  • the identification of unusually complex circumstances or technical risks and/ or judgements in an engagement or class of engagements; or

  • whether it is likely that there may be a significant modification to the audit opinion; and/or

  • if an engagement quality review is an appropriate response to address one or more quality risk(s); and/or

  • where senior engagement staff are new to their role.

An engagement quality reviewer is assigned for all high-risk audits of first year directors to ensure audit quality. 

 

The Technical Director determines who performs the engagement quality reviewer function for engagements where it is determined that an EQR is needed. The decision takes into consideration an individual’s independence from the body being audited, their specific skill set and their experience at the director grade. The engagement quality reviewer will not be a member of the engagement team and an engagement director may not act as engagement quality reviewer until a period of at least two years has passed after previously serving as engagement director. 

 

The engagement quality reviewer notifies the engagement director if they have concerns that the significant judgements made by the engagement team, or the conclusions reached thereon, are not appropriate. If such concerns are not resolved to the engagement quality reviewer’s satisfaction, the engagement quality reviewer notifies the Technical Director or the Quality Management Director that the engagement quality review cannot be completed. 

 

Six financial audits were subject to EQR in 2024-25. In each case the independent reviewer upheld the judgements and conclusions made by the engagement team. 

Quality control reviews

As part of quality control monitoring procedures we undertake an annual programme of quality control reviews. This is led by the Technical Director and is an important tool in promoting audit quality and continuous improvement. The objective of the reviews is to consider whether each audit was properly planned and conducted in accordance with our methodology and professional standards, and whether the documented audit work supports the audit opinion provided. 

Following a procurement competition, the Institute of Chartered Accountants in England and Wales (ICAEW) was appointed in October 2024 to provide an independent quality control review service. In line with good practice, this ensures that the monitoring arrangements are completely independent. The current process for selecting audits for review ensures that:

  • engagement directors with ten or more financial audit engagements are reviewed every two years. Otherwise, engagement directors will be reviewed every three years;

  • one delegated audit engagement is reviewed every three years; 

  • where possible, one high risk audit is reviewed each year.

 

Where a quality control review identifies that significant improvements are required, the engagement director’s portfolio of engagements will be included in the following year’s selection and an additional review will be undertaken. 

The 2024 sample period covered all in house financial audit engagements certified between November 2023 and September 2024, and the cold review process commenced in November 2024.

ICAEW rated four of our financial audit files reviewed as ‘generally acceptable’ and one financial audit file as ‘improvement required’, they also noted areas of good practice in the files. The results of the 2024-25 reviews reflect an improvement on the prior year results. This indicates that staff are more confident in the application of our new methodology. We will continue to respond to ICAEW’s findings to ensure that we deliver quality audits which comply with standards.

 

                 In response to the issues raised by ICAEW, the Technical and Quality Team facilitated the completion of root cause analysis exercises at the conclusion of each quality control review. Considerable work went into completing the root cause analysis work which entailed liaising closely with the engagement teams to understand the reason for any issues identified during the reviews and to develop detailed action plans, the implementation of which will be monitored by the Technical and Quality Team and reported to SLT. 

                    

A feedback session was held for all staff in which the results of the QCRs were communicated and general findings which may apply to the wider office were highlighted. This was competed with the aim of ensuring the quality of our work continues to improve. Staff were asked to review the findings and take recommendations into consideration when undertaking all future work.

 

The results of the QCR process are reported to the Office’s Audit and Risk Assurance Committee (ARAC) and Advisory Board.  Assurance is provided to ARAC that an in-depth root cause analysis had been undertaken and action plans developed to address ICAEW’s findings. 

Review of contracted out audits

NIAO contracts with private sector audit firms to undertake NIAO audit engagements.  While contractor firms provide shadow audit certificates, the C&AG retains responsibility for certification and reporting. 

 

In 2024-25 we assessed contractor performance by:

  • regularly monitoring Key Performance Indicator (KPI) scores and holding quarterly performance review meetings with contractors;

  • carrying out a programme of pre-certification file reviews, based on experience, risk and prior performance;

  • undertaking quality control reviews of a sample of contracted out audits. This is normally undertaken by engagement directors and managers; and

  • requiring contractors to undertake cold reviews of the work they are contracted to do (one audit per contract).

 

Overall results of KPI monitoring were generally satisfactory. 

Five audits were selected for cold review. Three of the reviews received a ‘generally acceptable’ grading, one received ‘good’ and the last one received ‘improvement required’. 

The ‘improvement required’ grading was due to the fact that the contractor failed to properly engage in the process and the review team had to conclude on the cold review without being able to take into account any justification or information from the contractor involved. This is unsatisfactory and will be followed up formally with the Contractor as part of our contract management procedures.

Assembly of certified audit files

We are required to establish a quality objective to assemble and close our audit files on a timely basis. Where there is no time limit prescribed in law or regulation, ISQM1 recommend that an appropriate time limit is ordinarily not more than 60 days from the date of the auditor’s report. We have adopted this as our time limit for audit closure and it is incorporated within both our financial audit methodology and electronic audit file system. 

During 2024-25, 67 per cent of all audits certified were closed within 60 days (67 per cent in 2023-24; 54 per cent in 2022-23). Regular communication is issued to managers to remind them of the requirement to close the audit file within the 60-day time limit. Despite this there continues to be limited compliance. We will continue to monitor the completion of post certification audit procedures and the administrative close of audit files.

Complaints 

We are required to have policies and procedures to ensure that we deal appropriately with complaints and allegations that the work performed by auditors does not comply with professional standards and regulatory and legal requirements.  The NIAO Code of Conduct requires that staff discuss any such matters that come to their attention with their line manager, director or, if appropriate, the Chief Operating Officer.

Obtaining feedback on the quality of our financial audit is important in ensuring that we fully understand the needs and expectations of our stakeholders and continue to provide the quality of the audit they expect.  Audited bodies are provided with information on making a complaint in the Report to those Charged with Governance prepared at the completion of an audit.  In addition, our website provides further information and contact details regarding complaints about the work of the Office. 

No complaints were received by the office during 2024-25. 

Auditee Survey

 

We undertook a survey of audited bodies during the year and received 55 responses out of a possible 104.  Feedback was very positive, with overall impressions being:

  • 93% indicating that NIAO audit staff provided a high quality and professional service;

  • 91% consider that the NIAO’s work leads to improvement in the provision of public services;

  • 98% considered NIAO good practice guides as a useful resource.

 Public reporting Quality Assurance arrangements

 

Public reporting processes are subject to a range of formal internal quality assurance checks in order to maintain and improve the quality of published reports. 

We have continued to update our Public Reporting Guidance during 2024-25 with an increased focus on alignment with the INTOSAI Standards. The revised guidance includes clarification around activities at the identification and planning stages and also includes an additional Quality Assurance meeting to discuss emerging issues and findings during the development of the report.

We continue to submit reports to an external peer review (through reciprocal arrangements) where a sample of reports are circulated to other UK and Ireland public audit agencies for their assessment, using agreed assessment criteria. 

Two public reports published in 2024-25 were peer reviewed by Audit Scotland. The reviews found our reports to be “balanced, authoritative and persuasive”. These reviews continue to strengthen our public reports, through the provision of constructive feedback and sharing of better practices.