For the purposes of this Guidance Statement, the following terms have the meanings attributed below:

“Auditor” means an individual auditor, audit firm or audit company.^[2] Unless specified, auditor refers to an external auditor conducting an audit or review of an entity’s financial report or other financial information.

“Audit (or review) working papers” (herein referred to as audit working papers in this Guidance Statement) contained within an audit file may include:

1. documents or any other records of information, produced or acquired by an auditor (whether from the client or third parties) during an engagement that are used, or developed, to undertake the engagement and fulfil the auditor's responsibilities under that engagement.
2. copies of documents, records or schedules produced by the client and utilised by the auditor to undertake an engagement;
3. internal documents and records created or developed by the auditor to perform or support any audit or audit-based procedures undertaken or conclusion derived from these documents, such as memorandums, external correspondence with the client or third parties, and final reports;
4. audit work programs (other than those considered proprietary by the audit firm); and
5. for an internal audit engagement—the internal audit working papers.

An “audit file” is a file that contains the audit working papers as defined in (b) above, and those other documents that are excluded for the purposes of allowing third party access, as enumerated in paragraph 8 below.

“Internal audit function” means an appraisal activity, established within, or provided as a service to the entity. Its functions include, amongst other things, examining, evaluating and monitoring the adequacy and effectiveness of internal control.

“Internal auditors” means those individuals who perform the activities of the internal audit function. Internal auditors may belong to an internal audit department of an entity or equivalent function or an internal audit provider.

“Internal audit provider” means a third party contracted to provide internal audit services to an entity.

“Third parties”, in addition to internal audit providers defined in (f) above, may also include regulators, auditors of controlling entities or joint ventures, advisers to prospective purchasers, investors or lenders, and successor auditors.

“Regulators” may include the Australian Securities and Investments Commission (ASIC), the Australian Prudential Regulation Authority (APRA) or the Australian Taxation Office (ATO).

For the purposes of this Guidance Statement, the following documents and information which are ordinarily contained in an audit file, do not form part of the auditor’s audit working papers defined in paragraph 7 (b) that are normally provided to third parties when access is requested:

1. the auditor’s internal budgeting documents concerning costing or billing records for the audit client;
2. internal staffing-related documents for the engagement and any incidental personnel records or information about the engagement team;
3. documents or information that are subject to legal professional privilege; and
4. proprietary work programs (e.g. client acceptance checklists and internal firm independence review checklists).

When a regulator seeks access to audit working papers, the relevant legislative provisions may permit the regulator to access documents or information that do not form part of the auditor’s audit working papers as outlined in paragraph 8 above.

For the purposes of this Guidance Statement, documents or information included in the audit file may be subject to “legal professional privilege” because an audit client, or relevant laws or regulations, at the time it was originally provided, required that such information or audit working paper be legally privileged. An example is legal advice regarding litigation against the audit client, as provided by its legal counsel. Paragraphs 28–31 of this Guidance Statement contain further discussion related to legal professional privilege.