Figure 9 — The assurance engagement process: Performing
By this point, key decisions on the approach and procedures to be performed during the engagement must have been made, documented and communicated to the audited body. The success of the performing stage of the assurance engagement depends on the audit team’s ability to perform the planned procedures, document their work and assess the results of work performed on the assurance engagement as a whole.
Assurance documentation is a key component of undertaking an assurance engagement. It enables effective review and evaluation of the assurance evidence obtained and conclusions reached before the audit team leader’s assurance engagement report is finalised.1
The assurance engagement documentation must provide:
Refer to section 3.9 onwards of the NGER Audit Determination about performing an assurance engagement.
See section 3.22 and 3.23 of the NGER Audit Determination for the full list of required contents of the assurance engagement report.
In addition, documentation should provide evidence of how the work performed has followed any other guidance which the auditor has decided to use (for example, ASAE 3000 or ISO 14064-3:2006).
The assurance engagement documentation must be prepared, on a timely basis, in a way that is sufficient and appropriate to enable an experienced auditor, having no previous connection with the assurance engagement, to understand:
The contents which must be included in the assurance engagement report are listed in the NGER Audit Determination and include components, such as the objective of the assurance engagement, the matters being audited and the type of greenhouse and energy assurance engagement carried out.
Relevant assurance engagement documentation must be kept for five years after the date the assurance engagement report is signed.
section 4.2 of this handbook for detailed guidance on record-keeping, including the obligation to allow inspectors access to documentation.
Section 5.3.3 of this handbook covers the assessment of systems, processes and controls during the risk assessment.
Internal controls are a significant part of management’s comfort over the accuracy and completeness of the reported greenhouse and energy information.
For the auditor to rely on these internal controls several things should be considered:
Testing can then be performed for the auditor to check the controls are operating effectively.
The diagram below provides some examples of the types of procedures performed in validating controls.
Figure 10 — Different types of control testing
The auditor performed a greenhouse and energy assurance engagement for Company B, a food manufacturer with an abattoir facility. The key greenhouse gas emissions sources are electricity consumption (scope 2 emissions) and gas consumption (scope 1 emissions) for the processing and abattoir facility and boilers respectively.
Due to the high levels of consumption and cost of the utilities, Company B uses its own direct metering system to check the utility providers’ invoices.
Through enquiry and observation, the auditor assessed that the key controls in the greenhouse gas emissions information collection process are the monthly manual reconciliation of Company B’s meters to those of the utility providers, as stated on the utility invoices, and the monthly manual sign-off of the data entered, following the monthly reconciliations by the department supervisors.
The auditor first sought to examine evidence (completed reconciliations and manual sign-offs of printouts of entered data) that the controls had been performed for a sample of three months during the reporting year. Through enquiry, the auditor found the reconciliations had been performed in each month but no sign-offs of entered data had occurred in the months selected for testing or any other months during the reporting year.
The auditor then sought to re-perform the reconciliations using the source data (extracts from Company B’s metering system and utility providers’ meter data as shown on utility invoices). The auditor found there had been a minor manual transposition error in one of the three months re‑performed, resulting in a two per cent misstatement in greenhouse gas emissions for this month. The auditor re-performed the test for another two months and noted no further errors. Re‑performance may include recalculating a reconciliation or calculation, or re-performing a control such as testing a password protection control is operating effectively.
In documenting the results of the testing on the assurance engagement file, the auditor included a table summarising the procedures performed, comfort obtained and the flow-on considerations for the assurance engagement. The auditor concluded that the reconciliation control had been operating effectively but that the manual sign-off control had not.
The auditor judged that the reconciliation control was the key control in the process and reliance would be placed on the effective operation of this control. Therefore, the extent of substantive testing to electricity and gas invoices received from the utility providers would be reduced. However, the substantive testing would not be reduced by as much as originally planned, due to the lack of effective controls over checking data inputted following the completion of the monthly reconciliations.
Analytical procedures consist of evaluations of information made by a study of plausible relationships between various data sets (that is, greenhouse gas emissions and units of production).
They also encompass the investigation of identified fluctuations and relationships that are inconsistent with other relevant information, established expectations, or deviate significantly from predicted amounts.
As one of the purposes of the assurance engagement plan is an efficient and effective assurance engagement, analytical procedures are often used as one of the key substantive tests (that is, in preference to inspection of records and documents) where appropriate.
This implies several key concepts:
Performing analytical procedures can be done in five steps, as depicted below.
Figure 11 — The five step analytical procedures process
It is important to note that the five step process is designed to standardise the performance of analytical procedures to improve their quality. The auditor should go through the process as outlined above. Further guidance is given on each step in the table below.
It is expected that inspection of the audited body’s records and documents will be required, at least to some extent, in most assurance engagements performed under the NGER Audit Determination. Such inspections form part of ‘tests of details’ as shown in the assurance engagement process flow diagram (Figures 2 to 5). These procedures typically involve testing reported information back to its source documentation.
Sections 3.13 to 3.15 of the NGER Audit Determination address evidence gathering, types of evidence and methods for gathering evidence.
An expert may be brought into the audit team to review significant or complex areas of greenhouse gas emissions measurement, as part of the audit team’s assurance procedures. It is important to note the expert does so as part of the audit team (refer to section 4.1.1 of this handbook).
Examples of evidence gathering techniques are given in the table below.
It is usually impractical to perform tests of details on all of the items making up a population. Therefore, in order to gain the required level of assurance, the auditor needs to determine the appropriate means of selecting items for testing. Determining the appropriate selection method depends on the test objectives, including the assertions being tested, and the characteristics of the population to be tested.
An assertion is a representation by the audited body, explicit or otherwise, that is embodied in the reported greenhouse and energy information, as used by the audit team leader to consider the different types of potential misstatement that may occur.
The methods of selecting items for testing include:
The auditor must first consider if selecting specific items will result in the auditor efficiently collecting evidence for the assertion being tested. By selecting specific items the auditor is focusing the procedure on items they consider are at higher risk of misstatement but is forgoing the ability to extrapolate results across the untested population. Characteristics commonly considered higher risk include:
In the event the auditor needs to obtain further evidence they will need to perform sample based testing. Such testing requires the selection of a sample that is representative of the population, so the results of the testing can be extrapolated across the untested items. In order to achieve this, the auditor may consider:
The size of the sample needs to be large enough to ensure that the sample is representative of the population. The sample size selection method should be reviewed by the audit team leader and be included in the internal quality control review system for the audit.
This is an area for the audit team leader to exercise professional judgement as to how much testing is sufficient. Refer also to the guidance given in section 5.4.2 above.
For engagements to provide assurance over a report or data within a report issued by the audited body under section 19 of the NGER Act, or a project report under section 76 of the CFI Act, the audit team leader conducts procedures to test the aggregation process underlying that report. These procedures include:
During an assurance engagement over greenhouse and energy information it is expected an auditor will need to assess how reasonable management’s estimates and assumptions are. The auditor must assess management’s estimates against available evidence (ideally data external to the audited body; for example, supplier data).
To assess how reasonable management’s estimates are, the auditor can consider:
In such situations the audit team leader must use their professional judgement to weigh up whether the available evidence as well as the management representation is sufficient to support the assurance conclusion as expressed in the assurance engagement report.
The auditor is performing an assurance engagement over the reported 2009–10 NGER information for Company C, a large electricity generation company with a portfolio of coal and gas fired power stations.
The auditor is currently looking at the reported greenhouse gas emissions from one of Company C’s gas fired power stations. The greenhouse gas emissions are calculated using activity data (gigajoules or cubic metres of gas) and the power station’s own energy content and emissions factors calculated in accordance with Method 2 per the NGER Measurement Determination.
The auditor used a variety of techniques to gain the necessary assurance over the reported greenhouse gas emissions, including:
The auditor used a table to document a summary of the procedures performed and the evidence obtained on the assurance engagement file, to support the overall conclusions reached for the greenhouse gas emissions of the power station.
The errors noted in the summary of uncorrected errors were material individually as well as in aggregate. Accordingly the auditor communicated to management that the errors included in the summary of uncorrected errors should be remediated prior to the signing of the assurance engagement report. Refer to the guidance given below on discussing findings with management.
Before commencing the reporting stage it is highly recommended that the auditor discusses the findings arising from the procedures performed during the performing stage with management.
The amount and basis for any errors and non-compliance with the relevant legislation must be noted and explained by the auditor to management. A meeting to discuss a summary of uncorrected errors (refer to section 5.5.3 below) prepared by the auditor is often the most efficient method to do so.
For section 73 to 74A audits under the NGER legislation, in discussing findings with management, where misstatements and non-compliance are identified, the Clean Energy Regulator will discuss implications and potential changes or resubmission with the audited body, once the audit has been completed.
1 Auditing Standard ASA 230
Audit Documentation issued by the AUASB, available at
About The Clean Energy Regulator
Carbon Farming Initiative
Carbon Pricing Mechanism
National Greenhouse And Energy Reporting
Renewable Energy Target
Emissions Reduction Fund
Our Systems And Their Resources
Clean Energy Markets
Data and information
Subscribe to email updates
The Clean Energy Regulator is a Government body responsible for accelerating carbon abatement for Australia.
Follow us on Twitter
Follow us on LinkedIn