Granting Access to Audit Working Papers by Regulators


An auditor is required to produce, or give access to their audit working papers when:

  1. legally requested to do so pursuant to the issue of a subpoena, search warrant or court order or pursuant to discovery obligations during court proceedings; or
  2. required by a regulator such as ASIC, APRA and the ATO, under relevant legislative provisions.


Regulators may seek to access an auditor’s audit working papers when, for example, they are undertaking:

  1. an investigation of an alleged or suspected contravention of the relevant legislation by the auditor’s client; or
  2. compliance-related surveillance activities concerning legislative obligations or monitoring of industry-wide issues that affect the auditor’s client.


If under the relevant legislation regulatory authorities seek access to audit working papers, the auditor’s statutory obligations under normal circumstances will override common law or professional responsibilities to respect the confidentiality of the client. The level of access granted by the external auditor will need to be in accordance with the requirements of the relevant legislation.


When a regulator requests an auditor to provide access to their audit working papers, the request is normally made on a formal basis, by issuing a written notice under the legislation. The notice typically sets out for example, the nature of the matter to be investigated, to whom and when audit working papers are required to be made available and a description of the specific audit working papers to be provided.


The base level financial requirements (refer paragraph 18) and other financial requirement conditions, as set out in ASIC Pro Forma 209 (PF 209), do not apply, but FS70 and FS71 are still required to be lodged with ASIC, if the Licensee is either:

  1. inform the client, or former client that a request for audit working papers concerning the audit client’s engagement has been made and the purpose for which access is required, except where such disclosure is prohibited by law;
  2. consult their legal counsel;
  3. where appropriate, and in consultation with the client, inform the regulator seeking access to their audit working papers that certain audit working papers may not be accessed, because they are the subject of client legal professional privilege (see paragraph 28); and
  4. maintain a written record of action taken to comply with the regulator’s request, as well as a list of the audit working papers provided pursuant to such request; and
  5. ensure the regulator provides a written receipt for all audit working papers accessed.