Audit compliance plans

The Electricity Authority expects audit compliance plans to be specific, clear and relevant to the obligation they relate to. This case study discusses how to develop an audit compliance plan that complies with the Electricity Industry Participation Code.

Common issues with audit compliance plans

In 2025, the Authority has received some inadequate compliance plans. Common issues include:

  • failing to explain how the actions will resolve the non-compliance, or prevent recurrence
  • specifying a date for completion of the proposed actions which are:
    • still under investigation
    • still being identified
    • not clearly bound to a goal or deliverable – for example, setting the end date as the end of the month or year, when the issue is still under investigation or information is needed from agents
  • copy and pasting responses across non-compliances, indicating the steps being taken are not necessarily tailored to the issue identified through the audit process
  • re-using previous audits’ responses, without
    • indicating what has changed or
    • if nothing has changed, why no progress has been made.

It’s in the best interest of participants to get this right

When compliance plans are inadequate, we may:

  • request the participant:
    • re-submit their compliance plan with additional information and /or
    • meets with the Authority to provide additional information
  • consider approving a shorter period between audits, so we can check on the participant’s progress towards compliance
  • commence an audit ourselves of the relevant clauses
  • allege breaches of the Code
  • consider what other compliance tool is appropriate in the circumstances.

Our expectations for compliance plans

We expect compliance plans to be specific, clear, and relevant to the obligation they address. Actions to resolve and prevent recurrence must be targeted, and time bound.

Actions to resolve non-compliances and prevent recurrence which can be assessed against the SMART framework (specific, measurable, achievable, relevant and time-bound) are more likely to meet our expectations.

SMART actions help us understand the participant’s plans, so we can assess the participant’s level of understanding of what caused the non-compliance, and what needs to change to prevent it from continuing. It also gives us clear checkpoints to track progress on steps taken to resolve or prevent non-compliances, so we can follow up if needed.

If you plan a staged response to resolve an issue, explain this in your compliance plan - especially if you expect progress to improve compliance won't be completed before your next audit.

Example

The audit process for a reconciliation participant identified a non-compliance with clause 10.6 of the Code. The incorrect metering equipment provider (MEP) was listed for one network supply point (NSP) table. The required action to resolve this was to correct the MEP.

The participant did not make this correction when submitting its audit. To prevent recurrence, the participant advised the error appeared to be a one-off, but it would monitor NSP tables for other issues.

We asked the participant to resolve the error and update us once this was done. In this case, no further compliance action was needed because the overall risk was low and the compliance plan gave us enough detail to understand how the issue would be fixed.

Giving extra details as part of the audit process

Participants can provide extra evidence to show they are improving their compliance. For example, you might include a project plan or timeline.

You are welcome to supply additional information when you submit your audit. If you want any supplementary information kept confidential, let us know when you upload your audit through the audit portal.

Background on audits

Many participants are required under Parts 10, 11, 13 and 15 of the Electricity Industry Participation Code 2010 (Code) to submit regular audits to the Electricity Authority.

The obligations on audited participants are set out in Part 16A of the Code. Audits require participants to tell us what they are doing to make sure they meet their obligations under the Code, and if issues have arisen, how they are fixing them.

Most participants may also be audited on the Authority’s own initiative. If the Authority initiates an audit, it may choose to audit a specific clause or clauses; or a wide range of clauses, similarly to regular audits.

Obligations under the Code

Regular audits require participants to submit a compliance plan in the form prescribed by the Authority. As of November 2025, this is a spreadsheet which sets out any non-compliances identified through the audit process.

This compliance plan requires participants to explain what actions they are taking to resolve the non-compliance; and the time frames within which the participant intends to complete those actions.

The compliance plan also requires participants to outline steps they are taking to prevent recurrence, and when they will be taken, because these actions have the potential to reduce the risk of potential breaches of the Code.

These obligations are set out in clauses 16A.13(3) and 16A.13(4) of the Code as follows:

16A.13 Participants to give final audit report and compliance plan to the Authority

(3) Each participant must -

  • (a) provide the compliance plan and final audit report in the prescribed form; and
  • (b) deliver the compliance plan and final audit report in the manner specified by the Authority.

(4) Each compliance plan must specify -

  • (a) the actions that the participant intends to take to address any breaches or potential breaches of this Code identified in the audit report; and
  • (b) the timeframes within which the participant intends to complete those actions.

Questions?

We're here to help. If you have any questions or need any support, please get in touch with compliance@ea.govt.nz