WolfPeak are leaders in independent auditing, providing audit services on some of the most important projects in NSW including Sydney Metro, Port Botany terminals, Parramatta Powerhouse, the Sydney Opera House and many more.
Over the last 10 years we have worked in accordance with international audit standards and within a number of regulator’s audit frameworks. The Department of Planning and Environment has worked hard in recent years to lift the compliance capability of industry through rigorous audit processes and to standardise its audit requirements to give certainty to community, proponents and regulators alike. This has been done, in large part, through the Independent Audit Post Approval Requirements (or IAPAR).
The IAPAR was first introduced in 2018, providing a comprehensive step change in audit requirements on major projects throughout NSW. An update was completed in 2020 as part of the Department’s continual improvement processes, and further updates are anticipated in the coming years.
The IAPAR sets out the requirements for:
- selection of independent auditors
- audit process
- scope and frequency of audits
- content of audit reports, and
- response to and submission of audit reports.
The IAPAR is publicly available on the Department’s website.
For those not familiar with the process it can be a challenge to navigate. Below we provide a quick overview on its requirements.
Independent auditors must be suitably qualified, experienced and independent of the project being audited. The auditors must be approved by the Department prior to commencing the audit.
Audits must be conducted at regular intervals. Unless specified by a condition of approval the audits must occur:
- for construction – within 12 weeks of commencement of construction, then at 26-week intervals thereafter, and
- for operations – within 26 weeks of commencement of operations, then at three-yearly intervals thereafter.
The scope of each audit is significant, assessing compliance with every triggered condition of approval, along with assessments of incident management, complaint management, environmental performance and more. The auditor must consult with the Department on the scope of each audit prior to the audit commencing. This consultation may require the auditor to focus on a particular area over and above the standard scope defined in the IAPAR.
When assessing compliance only three compliance categories can be assigned:
- Compliant: the auditor has collected sufficient verifiable evidence to demonstrate that all elements of the requirement have been complied with within the scope of the audit.
- Non-compliant: the auditor has determined that one or more specific elements of the conditions or requirements have not been complied with within the scope of the audit.
- Not Triggered: a requirement has an activation or timing trigger that has not been met at the time when the audit is undertaken, therefore an assessment of compliance is not relevant.
Audit findings must be based on verifiable evidence. Verifiable evidence includes:
- records, documents and reports
- interviews of relevant site personnel
- figures and plans; and
- site inspections of relevant locations, activities and processes.
Audit reports must be reviewed and responded to by the proponent to ensure they are factually accurate and that the findings and recommendations are agreed to. It is important to note, however, that auditors retain the right to make findings or recommendations based on the facts presented.
The final audit report, and the proponent’s response to the findings, must be submitted to the Department within two months of the audit site inspection.
WolfPeak prides itself on providing a robust and problem-solving approach to all its work, including independent auditing. We deliver audits with rigour, and with a focus on being constructive, open and transparent. Our work satisfies the relevant approval requirements around auditing; helps projects comply with their requirements and realise tangible improvements, and gives the Department certainty that projects are subject to proper, independent compliance checks.