Volume 17 - Audit Policy
- Policy Principles
- Governing Materials
- Audit Entities
- Audit Activities
- Document Management
- Guidance Tools
- Audit Reports
- Validation and Moderation
- Fee for Service
In order to manage phytosanitary risks, and as party to a number of international obligations which aim to protect plant health, the Department of Agriculture and Water Resources manages the export of plants and plant products. This maintains the integrity of exported products and Australia’s reputation as a reliable exporter. Regulatory requirements for the export of prescribed plants and plant products are outlined in the Export Control Act 1982, Export Control (Plants and Plant Products) Order 2011 (Plant Order) and Export Control (Prescribed Goods - General) Order 2005 (General Order), and supporting legislative instruments. Under the Export Control Orders, primary responsibility for meeting Australian and importing country requirements rests with entities external to the department such as exporters and the occupiers of premises involved in the export of prescribed plants and plant products. This obligation is realised through systems such as the registration of premises involved in the export of plants and plant products (Registered Establishments) and the appointment of Authorised Officers for inspection. One of the department’s roles in these systems is to provide assurance that they are effective as required. This role is undertaken by the Audit Services Group (AuSG), Service Delivery branch within the department. AuSG achieves assurance through conducting external audits of Registered Establishments, Protocol entities and third party Authorised Officers to ensure that the required standards are being met.
The purpose of this document is to provide a framework for monitoring the compliance of registered establishments, third party Authorised Officers (AOs) and other entities in meeting the outcomes, prerequisites, requirements and standards relating to exporting plants and plant products. This policy underpins and provides rigour around the management of external audit activities responsible for managing the registration and performance standards of these entities. This policy also provides overarching principles for the development, implementation, management and improvement of external audit activities.
External audits must be managed efficiently and effectively and add value to the organisation being audited and its stakeholders. External audits will be managed and implemented to provide objective and relevant assurance, and contribute to the effectiveness and efficiency of governance, risk management, and control processes. The auditors who are part of the external audit activities must demonstrate conformance with the APS Code of Conduct. Audit activities will be structured and managed in a way that ensures the department:
- is accountable, transparent, consistent and fair in dealings with export clients
- provides an environment that is responsive to changing risks and has a capacity to minimise the regulatory impact on compliant clients
- works towards the achievement of a ‘shared responsibility’ philosophy with clients in delivering outcomes
- engages with clients to encourage compliance with export regulation and
- implements regulatory response measures that are proportionate to the degree of non-compliance
Audit frequency and intervention will be designed based on the department’s broader compliance model. This compliance model assumes that most stakeholders will comply, or try to comply, with their obligations. The department recognises that it is not appropriate to respond to all compliance issues in the same way. However, the department acknowledges a need for strong enforcement techniques to deal with non-compliance where serious and deliberate fraud occurs. The department’s objective is to encourage compliance. The department’s best practice approach to implementing compliance programs is based on the Braithwaite responsive regulation model. The diagram below represents the Braithwaite responsive regulation model, where the volume occupied by each layer indicates the effort and resources that should be allocated to each function.
Continuous Review and Improvement
To improve audit functions the management of activities will include processes that facilitate continual improvement, through activities such as information collection, reporting, verification, analysis and review. Information collected via the audit activities provides a valuable feedback loop for continual improvement of instructional material and the audit program itself.
All relevant legislation, internal obligations, standards and policies (including, but not limited to those listed below) should be followed in addition to this policy.
Relevant legislation includes the:
- Export Control Act 1982
- Export Control (Plants and Plant Products) Order 2011
- Export Control (Prescribed Goods – General) Order 2005
Relevant Australian Public Service/departmental policies include:
- Biosecurity Compliance Strategy
- APS Values and Code of Conduct
Relevant Plant Export Operations policies include:
- Plant Export Operations Manual / Work Instructions
- Plant Export Operations Work Plans
- Authorised Officer Deed of Obligations / Instrument of Appointment
- Registered Establishment Audit and Performance Standards
- Authorised Officer Audit and Performance Standards
External guidance includes:
- Importing Country Requirements including Protocols
- the International Plant Protection Convention
- AS/NZS ISO 19011:2003
Audit Services Group currently audit three entities under this policy. These are:
- Registered Establishments (establishments) exporting plants and plant products.
- Third Party Authorised Officers (AOs) for Plant Exports.
- Entities registered for Protocol activities.
Authorisation and Accreditation
Audit Service Group auditors are authorised under the requirements of subsection 45.5 of the Export Control (Plants and Plant Products) Order 2011. Auditors will undertake specific training to ensure consistent audit practices across Australia.
The Assistant Secretary, Audit Services Group holds the overall responsibility for Plant Export Operations audit . Responsibilities of the Assistant Secretary include:
- Ensuring adequate resources are available to Audit Services Group Managers to effectively schedule and complete audits in a timely fashion
- Ensuring appropriate measures are taken to achieve and maintain consistent audit standards across all regions
- Ensuring resource levels are reviewed annually in line with the financial year budget cycle
Audit Services Group Directors oversee audit activities. Responsibilities of the Audit Services Group Directors include:
- Scheduling and assigning auditors to audits
- Assessing risk to determine unannounced audits
- Ensuring timely completion of audits
- Ensuring auditor compliance to set standards, procedures and systems
- Determining escalation of appeals against adverse audit results
All entities will be subject to periodic audit/verification activities as stipulated by their specific performance standard.
Audit Services Group Managers are to schedule periodic audits prior to each quarter of a financial year. Non-periodic audits are to be scheduled by the Audit Services Group Manager based on the compliance model.
To ensure consistency, Plant Export Operations will maintain controlled templates for the following documents:
- Registered Establishment Audit Checklist
- Authorised Officer Compliance Audit Checklist
- Authorised Officer Demonstration Audit Checklist
- Protocol Audit Checklists (Market specific)
- Corrective Action Request reports (Registered Establishments)
- Corrective Action Request reports (third party Authorised Officers)
- Audit Report (Registered Establishments)
- Audit Report (third party Authorised Officers)
During PEO audits, entities are assessed for compliance against a defined set of performance standards. Performance standards are derived from documents such as relevant legislation and PEO work instructions, and are used to determine whether or not entities/individuals are compliant with these documents. Performance standards are critical for maintaining the integrity of the export process.
Performance standards are organised into a standard set of ‘checklist items’. Checklist items are the specific areas an auditor will focus on within an audit . All checklist items are to be covered during an audit to ensure that entities are assessed comprehensively and consistently.
Checklist items are further arranged into ‘activities’. All activities are to be covered during an audit to ensure that entities are assessed comprehensively and consistently.
Plant Export Operations intervention is aligned to the level of risk and level of compliance. Serious non-compliances found during audit will result in referral to the Delegate of the Secretary of the Department, which may lead to suspension or revocation of the establishment registration or the AOs instrument of appointment, or the full force of the law. Less serious non-compliance issues are dealt with using Corrective Action Requests (CARs) for Establishments and third party Authorised Officers. Protocol entities are not issued CARs.
The auditor(s) will produce a comprehensive report upon completion of the audit . The report will be submitted to the entity/individual at completion of the audit or within 10 working days of completion, including all corrective actions and issues raised. The report is made up of the following:
- Activity Scores
- Overall Score
- Corrective Actions
- Observations and Recommendations
The Plant Export Operations audit data is captured centrally through a national database. The data is used for analysis and system improvements. The captured data includes:
- the number of corrective actions issued
- the number of audits conducted within each quarter
- the number of corrective actions with extensions
- the average audit scores for each establishment type
- audit results
- the number and nature of audit non-compliances for AOs
Using this data, a report detailing audit activities is produced for senior executives on a quarterly basis.
The audit of Registered Establishments , protocol entities and third party AOs is currently subject to fee for service.