The Treasurer has announced changes to Australia’s foreign investment review framework, effective from 10.30pm AEDT on Sunday 29 March 2020, relating to monetary thresholds and timeframes for reviewing applications. Details are available in our Guidance Note number 53, which addresses the effects of the changes. All material on this website should be read in light of the Treasurer’s announcement.

Compliance - independent audit conditions [GN52]

PDF332.09 KB

Last updated April 2020

Under section 74 of the Foreign Acquisitions and Takeovers Act 1975 (FATA), the Treasurer can issue a no objection notification for certain investments (defined in the FATA as ‘significant actions’), subject to one or more conditions, if the Treasurer considers that the conditions are necessary to ensure the investment is not contrary to the national interest.  Generally, if conditions are imposed, these will also include conditions requiring reporting on compliance with the conditions. These reporting conditions may require an officer of the investor to certify the investor’s compliance with the conditions or require that an independent audit regarding compliance with the conditions be carried out. Exemption certificates issued under the FATA also may include independent audit conditions.

This Guidance Note provides background information on compliance and reporting, followed by more specific information on independent audit conditions (including the circumstances in which they may be applied) and guidance to foreign investors on compliance with independent audit conditions when they are applied.

Objective of Compliance Reporting

Compliance reporting activities, including receiving assurance through independent audits of compliance with conditions, provides strengthened assurance that foreign investors are meeting their compliance obligations. A foreign investor’s specific compliance reporting obligations are set out in the relevant no objection notification or exemption certificate issued to that foreign investor. Guidance on reporting requirements other than independent audits is also provided in Guidance Note 51. The guidance provided below is general in nature and must be read in conjunction with the relevant no objection notification or exemption certificate. Further information on the foreign investment compliance policy and compliance framework can be found on the FIRB website.

Ongoing assurance that investors are complying with their obligations under the foreign investment framework is a priority for the Commonwealth, to ensure that foreign investment is not contrary to the national interest. Treasury’s role includes supporting foreign investors to understand their compliance obligations, while minimising the regulatory burden. 

Independent audit conditions

Independent audit conditions, under which investors must engage an independent audit firm to audit their compliance with conditions, provide an additional level of assurance where more visibility of compliance with conditions is required. These conditions generally require that the Commonwealth approve the scope of the audit and the identity of the audit firm or auditors. In some cases, conditions will allow an investor to engage an independent professional advisory firm  with appropriate technical skills (in addition to, or instead of, an independent audit firm (Relevant Expert)) to prepare an audit report in accordance with relevant Australian audit standards issued by the Auditing and Assurance Standards Board.1

The decision maker may be more likely to impose an independent audit condition in relation to investments which are of a higher value or where the assessed risk to the national interest is higher, such as investments involving sensitive sectors of the economy.

Factors the Commonwealth is likely to consider in determining whether to approve a particular audit firm and/or Relevant Expert undertaking audit work

Amongst other factors, the Commonwealth is likely to consider the following in determining whether to approve an audit firm (and/or Relevant Expert, if applicable) undertaking audit work:

  1. Depth and quality of the pool of people dedicated to the audit, including relevant experience of the firm and individual team members, as well as the level of commitment of people supporting the audit. The proposed team members’ experience in undertaking similar work in Australian regulated entities is also a relevant factor.
  2. Absence of any existing or potential conflicts of interest (including a robust process to ensure this is the case), and the approach to identifying, reporting and managing any potential conflicts of interest during the course of the audit. Investors and their proposed auditors are encouraged to consider the impact of prior engagements, and may be asked for information relating to them.
  3. Knowledge and understanding of the relevant industry and if relevant, the cybersecurity context. The investor should, to the best of its ability, provide information on the work that the proposed audit firm (and/or Relevant Expert, as applicable) has undertaken in the relevant sector over the last five years.
  4. Understanding of governance.
  5. Understanding of the technical, commercial, policy and regulatory issues.
  6. Where relevant, capacity and expertise to assess and advise on potential system security issues. A summary of previous security analysis roles undertaken within Australian or global companies would be useful in this regard.
  7. Ability to work with government.
  8. Staff with appropriate security clearances (where applicable and relevant).

It is important to note that it is a requirement that the audit must be conducted independently and, therefore, the Commonwealth cannot be party to the audit. The audit must also be carried out at the cost of the entity to which it relates.

It is open to an investor to propose different firms to undertake different aspects of the required audit, so long as compliance with all relevant conditions is assessed. Such proposals would not be automatically agreed to by the Commonwealth, but agreement will not be unreasonably withheld.

The Commonwealth is unable to provide a list of preferred auditors.

The guidance provided above is general guidance and not all criteria will be applicable in all circumstances. It should be read in conjunction with the relevant no objection notification or exemption certificate issued to a particular investor.

Factors the Commonwealth is likely to consider in determining whether to approve the scope of works for an audit

Amongst other factors, the Commonwealth would expect that the scope of works for an audit should:

  1. Outline the level of assurance to be provided, with reference to the Framework for Assurance Engagements issued by the Auditing and Assurance Standards Board. The Commonwealth recommends adopting the ASAE3100 for independent Audits required under the FATA. While the preference is for a reasonable assurance review, a reduction or increase in the assurance level may be appropriate in certain circumstances. 
  2. Outline the scope of the audit, including clearly outlining which conditions will be subject to the audit and any proposed exclusions.
  3. Outline the methodology the audit will use to assess compliance by the applicant, with appropriate data management as stipulated for each of the approved conditions.
  4. Outline what evidence will be used to assess compliance with each of the conditions. The Commonwealth considers it to be important for auditors to review not only the policies and procedures but also evidence that policies and procedures are implemented and complied with.
  5. Specify an appropriate timeframe for completion of the audit and delivery of the audit report.
  6. Outline the proposed outcome of the audit, including an assertion about the applicant’s compliance or non-compliance with the conditions and where appropriate, recommendations to remediate any deficiencies or risks identified.
  7. Indicate whether the audit will be conducted remotely (that is, that auditors would not be required to enter premises) or whether site visits will be required.

Contact between the Commonwealth and the audit firm

In some circumstances, conditions may prescribe that the Commonwealth can speak directly to the auditors prior to the commencement of any works. A direct line of communication allows Commonwealth representatives to provide appropriate context to the auditors on the intent of the conditions and requirements to be compliant.

Instructions provided directly to the auditors will not seek to change the agreed audit scope.

Important notice: The Commonwealth makes all reasonable efforts to ensure the information provided is correct. However, the information provided is a general guide only and the Commonwealth does not make any representation or warranty about the accuracy, currency or completeness of the information. It also does not accept any responsibility or liability for any loss, however caused, arising from the use of, or reliance on, the information provided. Before relying on any information provided, you should make your own enquiries and seek independent professional advice.