GUID 2900

Guidance to the
financial auditing
standards

INTOSAI Guidances are issued

by the International
Organisation of Supreme Audit
Institutions, INTOSAI, as part of
the INTOSAI Framework of
Professional Pronouncements.
For more information visit
INTOSAI www.issai.org
 INTOSAI

INTOSAI, 2021
TABLE OF CONTENTS

1. Preamble 6

2. ISSAI 2200 - Overall Objectives of the Independent Auditor and

the Conduct of an Audit in Accordance With International Standards
on Auditing 8

3. ISSAI 2210 - Agreeing the Terms of Audit Engagements 11

4. ISSAI 2220 (Revised) - Quality Control for an Audit of Financial

Statements 15

5. ISSAI 2230 - Audit Documentation 17

6. ISSAI 2240 - The Auditor’s Responsibilities Relating to Fraud in

an Audit of Financial Statements 21

7. ISSAI 2250 (Revised) - Consideration of Laws and Regulations in

an Audit of Financial Statements 27

8. ISSAI 2260 (Revised) - Communication with Those Charged

with Governance 29

9. ISSAI 2265 - Communicating Deficiencies in Internal Control to

Those Charged with Governance and Management 32

10. ISSAI 2300 - Planning an Audit of Financial Statements 33

11. ISSAI 2315 (Revised 2019) - Identifying and Assessing the Risks
of Material Misstatement 37

12. ISSAI 2320 - Materiality in Planning and Performing an Audit 43

13. ISSAI 2330 - The Auditor’s Responses to Assessed Risks 47

14. ISSAI 2402 - Audit Considerations Relating to an Entity Using a
Service Organization 49

15. ISSAI 2450 - Evaluation of Misstatements Identified during the

Audit 53

16. ISSAI 2500 - Audit Evidence 56

17. ISSAI 2501 - Audit Evidence - Specific Considerations for

Selected Items 59

18. ISSAI 2505 - External Confirmations 62

19. ISSAI 2510 - Initial Audit Engagements - Opening Balance 64

20. ISSAI 2520 - Analytical Procedures 65

21. ISSAI 2530 - Audit Sampling 68

22. ISSAI 2540 (Revised) - Auditing Accounting Estimates and

Related Disclosures 71

23. ISSAI 2550 - Related Parties 77

24. ISSAI 2560 - Subsequent Events 82

25. ISSAI 2570 (Revised) - Going Concern 84

26. ISSAI 2580 - Written Representations 87

27. ISSAI 2600 - Special considerations - Audits of Group Financial

Statements (Including the Work of Component Auditors) 90

28. ISSAI 2610 (Revised 2013) - Using the Work of Internal

Auditors 97

29. ISSAI 2620 - Using the Work of an Auditor’s Expert 99

30. ISSAI 2700 (Revised) - Forming an Opinion and Reporting on
Financial Statements 102

31. ISSAI 2701 - Communicating Key Audit Matters in the

Independent Auditor’s Report 104

32. ISSAI 2705 (Revised) - Modifications to the Opinion in the

Independent Auditor’s Report 106

33. ISSAI 2706 (Revised) - Emphasis of Matter Paragraphs and

Other Matter Paragraphs in the Independent Auditor’s Report 109

34. ISSAI 2710 - Comparative Information - Corresponding Figures

and Comparative Financial Statements 111

35 ISSAI 2720 (Revised) - The Auditor’s Responsibilities Relating

to Other Information 112

36. ISSAI 2800 (Revised) - Special Considerations - Audits of

Financial Statements Prepared in Accordance with Special
Purpose Frameworks 114

37. ISSAI 2805 (Revised) - Special Considerations - Audits of

Single Financial Statements and Specific Elements, Accounts or
Items of a Financial Statement 117

38. ISSAI 2810 (Revised) - Engagements to Report on Summary

Financial Statements 119

APPENDIX A: ISSAI 2210 121

APPENDIX B: ISSAI 2500 127

APPENDIX C: ISSAI 2580 129

APPENDIX D: ISSAI 2701 130

1 Preamble

INTRODUCTION

1) The INTOSAI framework of professional pronouncements derives its financial

audit standards (ISSAIs) from International Standards on Auditing (ISAs).
During the application of these financial auditing standards in the public
sector, auditors may face the interpretation of:

• Terminology not usually found in the public sector - for example, the
terms engagement partner, listed entity
• Audit mandates sourced from legislation
• Distinguishing a compliance engagement from a financial audit with
elements of compliance with authorities
• Reporting matters required by law or regulation

2) The ISAs are relevant to engagements in the public sector. A Supreme

Audit Institution (SAI)’s responsibilities, however, may be affected by the
audit mandate or by obligations on public sector entities arising from law,
regulation or other authority (such as ministerial directives, government
policy requirements, or resolutions of the legislature), which may encompass
a broader scope than an audit of financial statements in accordance with the
ISAs. The ISAs therefore declare that this broader scope of a public-sector
audit may be defined through INTOSAI’s professional pronouncements or
by standards or guidance issued by SAIs or other national standard-setters
(cf. ISA 200.A59). The ISSAIs provide requirements relevant for public-sector
auditing beyond those of the ISAs through the performance audit standards
(ISSAI 3000-3899) and compliance audit standards (ISSAI 4000-4899).

6
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Objective

3) The GUID 2900 - Guidance to the financial auditing standards aims to support
SAIs and auditors in implementing and using the financial auditing standards
(ISSAI 2000-2899) by providing additional guidance in relation to the definitions,
objectives, requirements and explanatory and further application material
contained in the standards. Within the set of financial auditing standards, a
reference to ISSAI 2xxx is equal to a reference to ISA xxx (where xxx is the
number of the ISA), subject only to the modifications and further application
material provided in the ISSAI 2000. The GUID 2900 covers selected issues in
each of the ISSAIs 2200-2899.

Definitions

4) Definitions that are necessary to understand guidance provided are found in

individual guidance sections below.

Scope

5) These guidelines provide supplementary audit guidance in relation to the

financial auditing standards ISSAI 2200 to 2899 and do not contain any further
requirements for the conducting of the audit.

7
2 ISSAI 2200 -
Overall Objectives of the Independent
Auditor and the Conduct of an Audit
in Accordance With International
Standards on Auditing

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Considerations Specific to Smaller Entities

b) An Audit of Financial Statements
c) Professional Skepticism

Considerations Specific to Smaller Entities

2) Some ISSAIs contain considerations specific to audits of smaller entities. In

audits of public sector entities and entities that receive government awards,
these considerations are usually not applicable, even if the public sector
entity has few employees, simple operations, or a relatively small budget.
In those situations, the public sector entity may still have complicated
transactions, such as transfers from other governments, as well as a need to
comply with laws, regulations, policies and systems determined by a higher
level of government and a need for accountability for use of taxpayer monies.
Therefore, it is advised that auditors carefully consider the relevance of such
considerations. Sections may include additional guidance in this area when
considered important to add guidance relevant for audits of smaller public
sector entities.

8
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

An Audit of Financial Statements

3) ISSAI 2200.A8 provides examples of financial statements and the content of a

complete set of financial statements. A complete set of financial statements
for a public sector entity may be prepared on a cash basis of accounting, on a
modified accrual basis of accounting, or on a full accrual basis of accounting,
and may comprise but is not limited to:
• A statement of cash receipts and cash payments (cash basis of accounting)
• A statement of financial position;
• A statement of financial performance;
• A statement of changes in net assets/equity;
• A statement of revenues and expenditures;
• A cash flow statement;
• A comparison of budget and actual amounts either as a separate additional
financial statement or as a reconciliation; and
• Notes comprising a summary of significant accounting policies and other
explanatory information.

4) In certain environments, and depending on the applicable financial reporting

framework, a complete set of financial statements may also include other
reports such as reports on performance and appropriation reports.

5) Some public sector entities do not produce financial statements since the
primary objective of the accounting framework of the public sector entity is
to control a budget process and to produce only the financial information that
is needed to effectively achieve this objective. Financial reporting is therefore
not the primary objective of the accounting framework for such public sector
entities. The financial audit ISSAIs are designed to audit historical financial
information presented in the form of financial statements but may be adapted
as necessary to audit other forms of historical financial information. For
this reason, the financial audit ISSAIs may be applied to audit the historical
financial information produced by such public sector entities if the auditor
concludes that the accounting framework provides appropriate criteria for the
audit. Appropriate criteria are a precondition for an audit and preconditions
are addressed in Section 3 of this GUID.

9
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Professional Skepticism

6) ISSAI 2200.15 requires the auditor to plan and perform an audit with
professional skepticism recognizing that circumstances may exist that cause
the financial statements to be materially misstated. The INTOSAI Fundamental
Principles of Public-Sector Auditing in ISSAI 100.371 also address professional
skepticism. The concept of professional skepticism enhances and broadens
the concept of due care and is fundamental for the planning and performance
of the audit.

1 ISSAI 100 - Fundamental Principles of Public-Sector Auditing

10
3 ISSAI 2210 -
Agreeing the Terms of Audit
Engagements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Definitions
b) Preconditions for an Audit
c) Agreement on Audit Engagement Terms
d) Recurring Audits
e) Acceptance of a Change in the Terms of the Audit Engagement

Definition

2) Abuse - Involves behaviour that is deficient or improper when compared with

behaviour that a prudent person would consider reasonable and necessary
business practice given the facts and circumstances. Abuse also includes
misuse of authority or position for personal financial interests or those of
an immediate or close family member or business associate. Abuse does
not necessarily involve fraud, violation of laws, regulations, or provisions
of a contract or grant agreement. Abuse is a departure from the concept
of propriety, which relates to the general principles of sound public sector
financial management and conduct of public sector officials.

11
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Preconditions for an Audit

3) When establishing whether necessary preconditions for an audit are present

as required in ISSAI 2210.6(a), auditors consider that in the public sector the
financial reporting framework may often be prescribed by law and regulation.
If auditors determine that the framework prescribed by law and regulation is
not acceptable, they apply the requirements of ISSAI 2210.8, 19 and 20, and
also consider:
• Informing the legislature; and
• Influencing standard setting by professional or regulatory organizations.

4) When obtaining the agreement of management and, where appropriate, the

legislature and those charged with governance that they acknowledge and
understand their responsibility as stated in ISSAI 2210.6(b), auditors take into
account the fact that the responsibilities of management and those charged
with governance in the public sector may be broader than those responsibilities
in the private sector. Legislative, governance and management structures may
vary widely within the public sector, thereby enhancing the need to formalize
the acknowledgement and understanding of such responsibilities.

Agreement on Audit Engagement Terms

5) The terms of an audit engagement in the public sector are normally mandated
and therefore not subject to requests from, and agreement with, management.
Therefore the requirements in the ISSAI, when applied in the public sector
context, are useful in establishing a common, formal understanding of the
respective roles and responsibilities of management and the auditor. Since
the SAI is normally engaged by and reports to the legislature, agreements
often need to be reached with both the legislature and management.

6) In the public sector, there may be additional matters besides the examples
listed in ISSAI 2210.A24-A26 that auditors have to report on during the course
of the audit and that may be relevant to the engagement letter, such as:
• Non-effective performance of operations – relates to management’s
responsibility to undertake activities in an effective and efficient manner;

12
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Instances of non-compliance with authorities – relates to management’s

responsibility to undertake activities, use resources, and fulfil accountability
requirements, in accordance with authority granted by the legislature and
all other relevant directions;
• Ineffectiveness of internal control – relates to management’s responsibility
for, design, implementation and operation of internal control;
• Legal implications – relates to the responsibilities of those SAI’s with a
Judicial Role;
• Waste – relates to management’s responsibility to obtain and apply
resources in an economical manner, without any public money being
wasted; and
• Instances of abuse – relates to management’s responsibility to meet the
expectations of the legislature and the public as they relate to appropriate
standards of behavior.

It may also be advisable to describe the arrangements to protect the SAI’s

independence.

7) The financial auditing standards (ISSAIs 2000-2899) may not be sufficient

to form the basis on which audit activities referred to in paragraph 3.6 are
performed. Within the ISSAIs, performance audit standards (ISSAI 3000-3899)
and compliance audit standards (ISSAI 4000-4899) are aimed at audits with
objectives other than the audit of historical financial information. It may
be relevant to specify in the terms of the audit engagement the standards
adhered to with respect to additional reporting matters.

8) In addition to the points listed in ISSAI 2210.A26, auditors may also consider
it relevant to include any arrangements whereby the audit work is contracted
out to another auditor.

9) In the public sector, the acceptance and continuance process referred to in

ISSAI 2210.7 is influenced by the fact that SAIs may not have the option to
decline or withdraw from the audit. However, in cases where management or
the legislature imposes a scope limitation prior to the start of the engagement,
the effect of which may result in the auditor disclaiming the opinion on the
financial statements, auditors are advised to consider the situation and how it

13
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

may impact the risk assessment, the audit approach and the auditor’s report.
In some cases it may also be appropriate to report separately to the legislature.

10) ISSAI 2210.8 discusses other factors affecting audit engagements acceptance.
In a situation where the preconditions for an audit are not present and when
SAIs do not have the option to decline an audit engagement, an appropriate
response in addition to the requirements in ISSAI 2210.19 and 20 may include
informing the legislature.

11) ISSAI 2210.A25 recommends that it may be helpful for the auditor to
make reference, in the terms of the audit engagement, to the possibility of
communicating key audit matters in the auditor’s report. Auditors may be
required to or may decide to communicate key audit matters to other parties,
such as the legislature, in addition to management or those charged with
governance or to the judiciary when relevant legal provisions do exist.

Recurring Audits

12) When considering the requirements in ISSAI 2210.13, auditors may determine
that some or all of the terms of an audit engagement in the public sector are
mandated by law and therefore not subject to revision.

Acceptance of a Change in the Terms of the Audit Engagement

13) When considering the requirements in ISSAI 2210.14 to 17, auditors may
determine that some or all of the terms of an audit engagement in the public
sector are mandated by law and therefore not subject to revision.

14) An illustrative example of a public sector engagement letter is presented in

Appendix A.

14
4 ISSAI 2220 (Revised) -
Quality Control for an Audit of
Financial Statements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) System of Quality Control and Role of Engagement Teams
b) Relevant Ethical Requirements
c) Requirements for Listed Entities

System of Quality Control and Role of Engagement Teams

2) It is fundamental to understand that the ISSAI is premised on the basis that

the SAI is subject to ISSAI 1401 or to national requirements that are at least
as demanding. As covered by ISSAI 20002, auditors apply ISSAI 140 to meet
quality control requirements. ISSAI 140 intends to serve the same objective
as ISQC 13 in relation to each SAI’s mandate and circumstances. Although the
general purpose and key principles of ISSAI 140 are consistent with ISQC 1,
the requirements of ISSAI 140 are not identical to the requirements of ISQC 1.
ISSAI 140 may therefore need to be supplemented by additional requirements
in ISQC 1 when the auditor includes in their report an assertion of compliance
with International Standards on Auditing (ISAs) and not with the ISSAIs. Options
to refer to the ISSAI framework are explained in ISSAI 100.8 to12.4
1 ISSAI 140 - Quality Control for SAIs
2 ISSAI 2000 - Application of the financial audit standards
3 International Standards for Quality Control 1 - Quality Control for Firms that Perform Audits and Reviews of
Financial Statements, and Other Assurance and Related Services Engagements
4 ISSAI 100 - Fundamental Principles of Public-Sector Auditing

15
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Relevant Ethical Requirements

3) As covered by ISSAI 2000, auditors apply ISSAI 130, the INTOSAI Code of Ethics5.
The INTOSAI Code of Ethics may need to be supplemented by additional
requirements in the IESBA Code or national requirements that are more
restrictive when the auditor includes in their report an assertion of compliance
with International Standards on Auditing (ISAs) and not with the ISSAIs. Options
to refer to the ISSAI framework are explained in ISSAI 100.8 to12.6

Requirements for Listed Entities

4) The ISSAIs have specific performance and reporting requirements for audits of
listed entities. Listed entities are less common in the public sector. However,
in applying the definition of listed entities which is provided in the ISSAIs,
an auditor may conclude they are auditing a listed entity as the definition
considers both shares and debt. As noted in Section 31 of this GUID, a SAI may
have developed additional internal policies or guidance on the application of
listed entity definitions, performance, and reporting requirements.

5 ISSAI 130 - Code of Ethics

6 ISSAI 100 - Fundamental Principles of Public-Sector Auditing

16
5 ISSAI 2230 -
Audit Documentation

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Assembly of the Final Audit File
b) Confidentiality and Transparency Issues
c) Specific Considerations Regarding Documentation for SAIs with a Judicial Role

Assembly of the Final Audit File

2) In the public sector, the finalization process leading up to the date of the
auditor’s report may be lengthy. However, this does not preclude assembly
of the final audit file on a timely basis.

3) In the public sector, there may be requirements to retain audit documentation

for periods shorter or longer than required for the private sector. These
requirements may be due to the historical significance of certain types
of documents which, for example, may require indefinite retention in the
country’s national archives. There may also be additional requirements
related to national security classifications, including how documentation
is stored. Auditors are advised to familiarize themselves with applicable
legislation in regard to the retention and storage of documentation.

17
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Confidentiality and Transparency Issues

4) A fundamental difference between the private and public sector is that

there may be specific legislative requirements in the public sector related
to confidentiality on the one hand, and access by third parties on the other
hand. There is an ongoing need in the public sector to balance confidentiality
with the need for transparency and accountability.

5) The balance between confidentiality and transparency requires professional

judgment to ensure that documentation of a confidential nature is clearly
identified and treated as such, while at the same time granting access as
appropriate. It is therefore important to be familiar with the SAI’s policies
and procedures addressing confidentiality. Such procedures might include
types of audit documentation to be considered confidential, types of audit
documentation to be made available to the public, clearly defined lines of
responsibility for authorizing disclosure of audit documentation and routines
for making such information available if required.

6) Furthermore, SAIs may have additional statutory responsibilities related

to confidentiality. These responsibilities may be based on the mandate of
the particular SAI, or legislation related to official secrets or privacy. Such
legislation, for example, could relate to audits of defence, health, social
service or tax agencies. Auditors are advised to familiarize themselves with
the particular national requirements related to confidentiality to which they
are bound.

7) It is good practice for auditors to also familiarize themselves with any

legislation that grants public access to audit correspondence, for example
where electronic or other post journals are open to public scrutiny. This type
of correspondence may include letters to and from the audited entity, or other
parties, related to the gathering of audit evidence, as well as considerations
and judgments related to audit issues.

8) It is not unusual in the public sector to have to respond to requests from

outside parties to obtain access to audit documentation. This can be especially
sensitive when the outside party attempts to obtain information indirectly
from the audit organization that it is unable to obtain directly from the audited
entity.

18
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

9) As a matter of principle, when the audited entity has a statutory obligation to

gather and retain certain information, requests from outside parties for such
information are normally referred to the audited entity.

10) In situations where auditors consider granting access to audit documentation,

they normally consult with relevant parties (such as the audited entity to
whom the request relates) prior to the information being disclosed. In such
cases the auditor ensures that those with access adhere to at least the same
level of confidentiality as the auditor.

11) In some environments, public sector audit work is contracted out by the SAI to
other auditors. The acceptance of such appointments normally requires the
auditor performing the work to acknowledge that audit documentation may
be subject to inspection by the auditor that appointed the other auditor. The
audit documentation may also be subject to inspection by review agencies
that have statutory rights of access to information relevant to the auditor’s
duties.

Specific Considerations Regarding Documentation for SAIs

with a Judicial Role

12) In some public sector environments, such as in a Court of Accounts environment,

auditors may be required to comply with rules of evidence imposed by laws
and regulations that could impact documentation requirements. Auditors
operating in such environments familiarize themselves with the relevant laws
and regulations and with the policies and procedures describing the additional
documentation requirements. Auditors working in such environments are
advised to consider the following matters which may affect documentation
requirements:

• Legislation imposing additional audit documentation requirements;

• The scope of such requirements (i.e. are they to be imposed on every
document from the audit assignment or on specific documents relating to
certain audit issues);
• Additional processing, formalities or requirements to which audit
documents are subject;

19
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• The purpose of each additional requirement with respect to the due

process of law; and
• Any further impairment that may be placed upon audit documentation
due to the specific ways it has been collected and/or produced.

13) For SAIs with a judicial role, such as a Court of Accounts, documentation forms
part of the basis of the official ruling. In such an environment, due process of
law may establish specific and strict requirements to be adhered to in regard
to confidentiality of documentation in connection with the proceedings of a
case. Additionally, as decisions may result in a legally binding public credit,
there may be additional documentation retention requirements to which
auditors adhere.

14) Auditors operating in such environments are advised to familiarize themselves

with relevant laws and regulations in this respect and, if applicable, to
follow stricter rules of evidence when potential irregularities or instances of
misconduct are identified. This is done to meet the requirements for proceeding
with a formal judgment, to provide evidence to the judicial department of the
Court of Accounts and to cooperate with the judicial department as necessary.
Such information is normally provided in the form of a separate report on the
audit work performed and the related findings.

20
6 ISSAI 2240 -
The Auditor’s Responsibilities Relating
to Fraud in an Audit of Financial
Statements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Characteristics of Fraud
b) Professional Skepticism
c) Discussion Among the Engagement Team
d) Risk Assessment Procedures and Related Activities
e) Identification and Assessment of the Risks of Material Misstatement Due
to Fraud
f) Responses to the Assessed Risks of Material Misstatement Due to Fraud
g) Auditor Unable to Continue the Engagement
h) Communications to Management and with Those Charged with Governance
i) Communications to Regulatory and Enforcement Authorities

Characteristics of Fraud

2) ISSAI 2240.2 and 3 deal with the characteristics of fraud. Three conditions
are normally present when fraud occurs. These conditions are often present
in various ways in the public sector. These include:

• Incentive or pressure (placed on or perceived by management or

employees giving them a reason to commit fraud) – public sector

21
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

employees are often under pressure to deliver high quality services with
few resources and to meet budget expectations. This may be especially
relevant in difficult economic conditions where there is pressure to
maintain user charges and tax rates, resulting in incentives to overstate
revenues and understate expenditures. There may also exist incentives to
spend the available budget by the end of the financial year;

• Opportunity (characteristics or circumstances related to an entity allowing

for the perpetration of fraud) – a difficult recruitment environment or a lack
of sufficient qualified personnel may be more prevalent in the public sector.
Such situations may often result in deficiencies in internal control creating
the opportunity for fraud. Improper segregation of duties or collusion with
outside parties can also create opportunities for fraud, in particular for
individuals involved in public sector procurement. The widespread use of
high volume, low value cash transactions in certain public sector entities
such as cash transactions at police departments or health clinics may add
to those risks. Although monetary values may be small, such situations
may lead to violation of public trust, expectations and accountability; and

• Rationalization or attitude (behaviour, character or ethical values that

allow individuals to justify their reasons for committing fraud) - generally
lower salary levels in the public sector compared to the private sector may
lead employees to believe that they can justify misuse of funds. As above,
this may violate principles of public trust, expectations and accountability.

Professional Skepticism

3) The auditor’s responsibility to maintain an attitude of professional skepticism

throughout the audit, as provided for in the ISSAI, is addressed by ISSAI 1001
and ISSAI 2200.

4) In the public sector, threats to maintaining an attitude of professional

skepticism throughout the audit, as described in ISSAI 2240.13 to 15, may
exist and include:

1 ISSAI 100 - Fundamental Principles of Public-Sector Auditing

22
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• The nature of personal or professional relationships as a result of the

political process/environment;

• The public sector audit organization’s exclusive mandate, resulting in the

lack of audit competitors; and

• In some environments, the lack of requirements to rotate auditors regularly.

5) Therefore auditors take appropriate action to reduce such threats when they
exist. Such actions may include introducing safeguards as addressed in Section
4 - ISSAI 2220.

Discussion Among the Engagement Team

6) In the public sector, the discussion may also cover the additional objectives
and related risks of material misstatement, as discussed in GUID 2900 Section
1 - Preamble. Auditors may include auditors engaged in other audit activities
of the entity in such a discussion.

Risk Assessment Procedures and Related Activities

7) When considering the requirement in ISSAI 2240.18(c), auditors may also

inquire as to management’s communication with other government bodies
as appropriate.

8) When considering the requirements to make inquiries of those charged with

governance as stated in ISSAI 2240.21, auditors may also include responsible
officials of, for example, a ministry or members of relevant legislative
committees.

9) According to ISSAI 2240.23, the auditor shall evaluate whether unusual or

unexpected relationships that have been identified in performing analytical
procedures, including those related to revenue accounts, may indicate risks
of material misstatement due to fraud. In the public sector, in addition to
revenue accounts, there may be other areas of significance for the purposes of

23
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

performing analytical procedures depending on the nature of the operations

of the entity. In many public sector entities, areas such as procurement and
grants may be more relevant than revenue accounts for such purposes. When
performing analytical procedures, auditors may consider the challenges
unique to a particular basis of accounting, when applicable, and the related
possibilities for manipulation of financial information, which may limit the
value of the analytical procedures.

Identification and Assessment of the Risks of Material

Misstatement Due to Fraud

10) In the public sector, revenue recognition may not always be the most relevant
area for the presumption that there are risks of fraud, as required by ISSAI
2240.27. Revenue recognition may be highly relevant for tax authorities or
other agencies that collect revenues such as state universities and colleges,
hospitals or regulatory agencies, which charges fees for services rendered,
or are recipients of donor funds. However, in many public sector entities,
the focus is on expenditures and areas such as procurement and payment of
grants. Therefore, in addition to revenue recognition, where relevant, auditors
may consider such other areas when making the presumption of fraud risks.

Responses to the Assessed Risks of Material Misstatement

Due to Fraud

11) ISSAI 2240.33(c) deals with significant transactions that are outside the normal
operations and activities of the audited entity. Examples of such transactions
in the public sector may include:
• Expenses for health emergencies;
• Expenses for natural disasters;
• Economic development incentives;
• Provisions in union contracts;
• Real-estate purchases or sales;

24
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Land swaps;
• Granting of easements;
• Major capital projects (e.g., infrastructure or information systems)
• Public/private partnerships;
• Privatization of governmental services;
• Early extinguishment of debt; and
• Government guarantees or assurances to rescue private sector entities if
they have financial difficulties.

Auditor Unable to Continue the Engagement

12) SAIs do not normally have the option to withdraw from an audit engagement
as described in ISSAI 2240.39(b) and (c). Therefore, auditors are advised to
consider the impact on the audit opinion and any requirements for other forms
of reporting, including whether it may be appropriate to report separately to
the legislature and/or to issue classified or restricted reports.

Communications to Management and with Those Charged

with Governance

13) Auditors may be required or may decide to communicate matters addressed

in ISSAI 2240.41 with other parties such as the legislature, in addition to
management and with those charged with governance.

Communications to Regulatory and Enforcement

Authorities

14) The requirements for reporting of fraud in the public sector may be subject
to specific provisions of the audit mandate or related laws or regulations,
in line with ISSAI 2240.44 regarding communication to a party outside the
entity. Such parties may include regulatory and enforcement authorities.

25
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

In some environments, there may be a duty to refer indications of fraud

to investigative bodies and even cooperate with such bodies to determine
if fraud or abuse has occurred. In other environments, auditors may be
obliged to report circumstances that may indicate the possibility of fraud or
abuse to the competent jurisdictional body or to the appropriate part of the
government or legislature, such as prosecutors, the police and (if relevant to
legislation) affected third parties. Auditors take care to avoid interfering with
potential investigations or legal proceedings. Auditors need to be familiar with
applicable laws and regulations in regard to reporting, communication and
documentation of indications or suspicions of fraud. Furthermore, auditors
consider the need to obtain legal advice in issues regarding indications of
fraud.

26
7 ISSAI 2250 (Revised) -
Consideration of Laws and Regulations
in an Audit of Financial Statements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Overall Considerations
b) The Auditor’s Consideration of Compliance with Laws and Regulations
c) Reporting of Identified or Suspected Non-Compliance

Overall Considerations

2) In the public sector, consideration of compliance with laws and regulations

often has a broader scope than that set out in the financial auditing
standards (ISSAI 2800-2899). This broader scope may, for example, include
additional responsibilities for expressing a separate opinion as to the entity’s
compliance with laws and regulations. These additional responsibilities, and
related audit and reporting objectives, are dealt with in ISSAI 40001.

3) As noted in ISSAI 2250.2, the effect of laws and regulations on the financial
statements varies considerably. In the public sector there may, for instance,
be specific laws and regulations on how to distribute grants and subsidies
from an agency that will have a direct impact on the financial statements.
The financial reporting framework may also include information such as a
budget report, appropriation report, or performance report. When the
1 ISSAI 4000 - Compliance Audit Standard

27
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

financial reporting framework includes such information, auditors may need

to consider specific laws and regulations that may have a direct or indirect
effect on the financial statements.

The Auditor’s Consideration of Compliance with Laws and

Regulations

4) When considering the requirements in ISSAI 2250.15, auditors may also take
into account findings related to non-compliance with laws and regulations
from other types of audit activities undertaken by the SAI such as performance
audits or jurisdictional review of the financial operations when the auditor’s
mandate includes such a capacity.

Reporting of Identified or Suspected Non-Compliance

5) Some auditors may be required to communicate all identified instances

of non-compliance with laws and regulations, even those that are clearly
inconsequential. Some public sector audit organizations can, according to the
audit mandate, order the entity to correct any instances of non-compliance
with laws and regulations. In such cases, especially where there is an element
of subjectivity in interpreting laws and regulations, auditors are advised to
consider whether exercising this authority may impair their independence
and, if so, take appropriate action to avoid such impairment.

6) When considering the requirement of ISSAI 2250.29 auditors may also

determine whether such responsibilities include reporting separately to the
legislature and/or other relevant authorities such as prosecutors, the police
and (if relevant to legislation) affected third parties.

28
8 ISSAI 2260 (Revised) -
Communication with Those Charged
with Governance

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Those Charged with Governance
b) Matters to Be Communicated
c) The Communication Process

Those Charged with Governance

2) In the public sector, governance responsibilities may exist at several

organizational levels as well as in several functions (i.e. vertically or
horizontally). As a result, there may be instances where there are several
distinct groups which are identified as those charged with governance.
Furthermore, an audit in the public sector might involve both financial
statement objectives as well as objectives addressed by other ISSAIs. In such
cases, there may be separate governance bodies.

3) In situations where matters are communicated to subgroups of those charged

with governance, as discussed in ISSAI 2260.12, auditors may need to convey
the information, in full or in summary, to the governing body as a whole.
This is particularly relevant in the public sector where it is not uncommon
for those charged with governance to be involved in managing the entity.
Auditors need to be particularly sensitive to meet the needs and expectations

29
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

of the legislature or appropriate regulators about matters communicated to

other governance levels, particularly where the matters may be of broad
public interest or speculation.

Matters to Be Communicated

4) ISSAI 2260.15 requires the auditor to communicate with those charged

with governance an overview of the planned scope and timing of the audit.
In the public sector, this requirement may be achieved by various means.
For example, the scope and timing of the audit may be defined in relevant
legislation or the audit mandate, or auditors may communicate an overview
of the planned scope and timing of the audit in the engagement letter.

5) ISSAI 2260.A11(b) states that communication regarding the planned scope

and timing of the audit may assist the auditor to better understand the
entity and its environment. Auditors may find it helpful to communicate their
understanding of which components’ financial information should be included
in the entity’s financial statements and to use the entity’s response to verify
their understanding. For example, it may be difficult to determine if, and to
what extent, joint ventures (including private and public sector entities) are to
be included in the consolidated financial statements of an audited entity.

6) ISSAI 2260.16 lists the significant findings from the audit that the auditor is
required to communicate to those charged with governance. SAIs are often
the mandated auditors of the whole, or parts, of the government and its
administration. In this situation, auditors may have access to information
from other entities and their audits, which might be of relevance to those
charged with governance. Examples of this might include material errors
in transactions with the audited entity, which also affect other entities, or
designs of relevant controls, which have provided efficiency gains in other
entities. Communicating this type of information to those charged with
governance may add value to the audit when circumstances permit. However,
laws, regulations or ethical requirements may prohibit communicating this
type of information.

30
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

7) SAIs’ independence and objectivity are critical to their ability (a) to hold
governments accountable to legislatures and the public, and (b) to help
identify threats to the good stewardship of public funds, such as corruption and
abuse. The requirement relating to listed entities contained in ISSAI 2260.17
to communicate compliance with relevant ethical requirements regarding
independence may also apply to SAIs where it is in the public interest to
report. Matters in the INTOSAI Code of Ethics, such as political neutrality, may
be of particular importance in the public sector context.

The Communication Process

8) ISSAI 2260.22 requires the auditor to evaluate whether the two-way

communication between the auditor and those charged with governance has
been adequate for the purpose of the audit. If the two-way communication
is not adequate, the ISSAI requires the auditor to take appropriate action.
In the public sector, appropriate action may include communicating with the
legislature or the appropriate regulators, or funding agencies.

31
9 ISSAI 2265 -
Communicating Deficiencies in
Internal Control to Those Charged
with Governance and Management

Content of this Section

1) This Section provides additional guidance to auditors related to:

a) Identifying Those Charged with Governance in the Public Sector
b) Determination of Whether Deficiencies in Internal Control Have Been Identified

Identifying Those Charged with Governance in the Public

Sector

2) When considering the requirements in ISSAI 2265.9, auditors may consider

that identifying those charged with governance in the public sector might
not be as straight forward as it is in the private sector. Section 8 - ISSAI 2260
provides guidance to auditors to help identify those charged with governance
in public sector entities.

Determination of Whether Deficiencies in Internal Control

Have Been Identified

3) When determining whether deficiencies in internal control have been

identified, auditors may need to identify any relevant laws or regulations
related to internal control and the requirements of the laws or regulations
that are relevant for the public sector entity.

32
10 ISSAI 2300 -
Planning an Audit of
Financial Statements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) The Role and Timing of Planning
b) Preliminary Engagement Activities
c) Planning Activities
d) Considerations Specific to Smaller Entities
e) Additional Considerations in Initial Audit Engagements
f) Specific Considerations for SAIs with a Judicial Role

The Role and Timing of Planning

2) ISSAI 2300.2 deals with the benefits of adequate planning. The application
and other explanatory material in ISSAI 2300.A1 to A3 provides guidance on
the role and timing of planning. In the public sector environment, additional
planning considerations may include:

• Obtaining an understanding of the legal and regulatory framework

applicable to the entity due to the broader objectives of the audit;

• The implications for the audit of the financial statements of knowledge

obtained from other audit activities relevant to the entity, including the
implications of previous recommendations;

33
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• The implications for the audit of the financial statements of knowledge

obtained from other audit planning activities related to the relevant
department and ministry; and

• The expectations of the legislature and other users of the auditors’ report.

3) ISSAI 2300.A3 states that the auditor may decide to discuss elements of planning
with the entity’s management to facilitate the conduct and management of
the audit engagement. Laws, regulations or the audit mandate may limit what
the auditor may discuss about the audit strategy and audit plan. Auditors are
advised to familiarize themselves with such laws, regulations or audit mandate.

Preliminary Engagement Activities

4) ISSAI 2300.6 sets out the activities to be undertaken at the beginning of a

current audit engagement. They include procedures regarding the continuance
of the client relationship and the specific audit engagement. The continuance
process for SAIs is influenced by the fact that they may not have the option
to resign from an engagement. If information becomes available to auditors
that would normally result in declining or discontinuing an engagement,
auditors are advised to consider such information when performing further
planning and risk assessment activities. Auditors may also have a statutory
responsibility to report such issues and may consult with legal counsel in
these circumstances.

Planning Activities

5) ISSAI 2300.8 prescribes procedures to be performed in establishing the

overall audit strategy. In establishing the audit strategy, auditors may consider
additional characteristics such as:

• Additional reporting responsibilities for the entity. Examples of such

additional responsibilities may include a requirement for the entity to
report on government funding, including grants; and

34
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Additional reporting responsibilities for the public sector auditor as

discussed in Section 3, paragraph 3.6

Considerations Specific to Smaller Entities

6) ISSAI 2300.A11 contains guidance specific to smaller entities. Audits of smaller

public sector entities are normally not conducted by a sole practitioner.
Furthermore, due to the reporting structure of government entities, the concept
of the owner-manager normally does not exist. In the public sector, control
structures of smaller entities are often part of the control structure of a larger
government body. Therefore, the assumption of few relevant control activities
is often not appropriate in the public sector. Additional control aspects of the
larger government body may be included in the auditors’ audit plans.

Additional Considerations in Initial Audit Engagements

7) ISSAI 2300.13, supplemented by application and other explanatory material

in ISSAI 2300.A22, requires the auditor to undertake certain activities prior to
starting an initial audit. In the public sector, audit engagements are normally
not initiated in the same way as in the private sector. Auditors may be selected
through a competitive process or may be appointed by statute. Nonetheless,
the guidance and requirements contained in ISSAI 2300.13 and A22 is relevant
for auditors where the circumstances described exist.

Specific Considerations for SAIs with a Judicial Role

8) In some public sector environments, such as in a Court of Accounts

environment, the auditors’ report is often adjudicated upon and used to
determine personal legal implications of those who are responsible for
financial acts, including significant matters, control deficiencies, and instances
of non-compliance with authorities. Such information is normally provided in
the form of a separate report on the audit work performed and the related

35
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

findings. Auditors are advised to familiarize themselves with any such policies
and procedures describing additional requirements relating to determining
personal legal implications of those who are responsible for financial acts,
including significant matters, control deficiencies, and instances of non-
compliance with authorities. In addition, auditors in such environments may
plan and perform procedures to meet legal requirements and follow stricter
rules of evidence when potential irregularities or instances of misconduct
are identified, such that relevant requirements for proceeding with a formal
judgement are met. This is done to provide evidence of such potential
irregularities and instances of misconduct to the judicial department of the
Court of Accounts, and cooperate with the judicial department as necessary.

36
11 ISSAI 2315 (Revised 2019) -
Identifying and Assessing
the Risks of Material
Misstatement

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Risk Assessment Procedures and Related Activities
b) Obtaining an Understanding of the Entity and Its Environment, the Applicable
Financial Reporting Framework and the Entity’s System of Internal Control
c) Identifying and Assessing the Risks of Material Misstatement
d) Additional Examples of Conditions and Events That May Indicate Risks of
Material Misstatement

Risk Assessment Procedures and Related Activities

2) When carrying out the risk assessment procedures and related activities
in ISSAI 2315 (Revised 2019).13 to 18, auditors may take into account the
broader objectives of the audit mandate as described in Section 1 - Preamble.

3) When making inquiries of management and others, auditors may also obtain
information from additional sources such as:

• Auditors involved in performance and other audits related to the entity;

• Government officials; and
• Legislative reports or minutes.

37
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

4) When performing analytical procedures, auditors may also consider

relationships such as:

• Expenditures versus appropriations;

• Benefit payments, such as child support and pensions versus demographic
information; and
• Interest as a percentage of national debt compared to the government
borrowing rate.

5) When performing observation and inspection, auditors may also observe and
inspect items such as:
• Additional documents prepared by management for the legislature, such
as performance reports or funding requests;
• Testimonies of agency officials;
• Ministerial and other directives; and
• Official records of proceedings of the legislature.

6) When using information obtained from previous experience with the entity
and previous audits, auditors may also use reports from previous performance
audits and other audit activities relevant to the entity.

7) ISSAI 2315 (Revised 2019).17 requires the engagement partner and other key
engagement team members to discuss the susceptibility of the entity’s financial
statements to material misstatement, and application of the applicable
financial reporting framework to the entity’s facts and circumstances. In the
public sector, this discussion may cover the additional objectives and related
risks of material misstatement, as discussed in paragraph 11.2 above. Auditors
may include auditors engaged in performance audits and other audit activities
of the entity in such a discussion.

38
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Obtaining an Understanding of the Entity and Its

Environment, the Applicable Financial Reporting
Framework and the Entity’s System of Internal Control

8) In obtaining the understanding of the entity and its environment in accordance

with ISSAI 2315 (Revised 2019).19, auditors may take into account:

a) Governance structures may be affected by the legal structure of the entity,

for example whether the entity is a ministry, department, agency or other
type of entity;

b) Ownership of public sector entities may not have the same relevance as in
the private sector;

c) Program objectives and strategies may include public policy elements;

d) Specific laws and regulations to which the entity is subject and the potential
impact of non-compliance with these;

e) Decisions initiated outside the entity as a result of political processes. Such

decisions may influence management’s activities. Examples include:
• New geographic locations or closures of existing locations;
• Reorganizations, including transfer of activities to other entities;
• New program areas; and
• Budgetary constraints or cut backs.

f) Knowledge of the government activities carried out, including relevant

programs;

g) The budget process and execution of the budget;

h) Issues related to management’s assumptions ongoing concern may not be

relevant;

i) Knowledge of the stakeholders (companies, organisations, citizens) and

their interests;

39
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

j) The public opinion towards relevant issues;

k) Current issues and developments in the society; and

l) Interests of members of parliament and discussions in parliament.

9) ISSAI 2315 (Revised 2019).19(a)(iii) refers to the measurement and review of

financial performance. Auditors may include non-financial information such
as achievement of outcomes (for example, number of people helped by the
program) in their measurement or review. Also, in the public sector there are
additional external parties who may measure and review performance. These
external parties may include the legislature, other public sector entities, and
the media.

10) In obtaining the understanding of the entity’s system of internal controls

relevant to the audit required by ISSAI 2315 (Revised 2019).21 auditors may
take the following into account:

a) Any additional reporting responsibilities regarding the entity’s system of

internal controls;

b) Relevant controls that relate to compliance with authorities;

c) Relevant controls related to monitoring performance against the budget;

d) Relevant controls related to transferring budgetary funds to other entities;

e) Relevant controls for classified data related to national security and sensitive
personal data, such as tax and health information;

f) Supervision and other controls performed by parties outside the entity and
related to areas such as:
• Compliance with procurement regulations;
• Execution of the budget;
• Other areas as defined by legislation or audit mandate;
• Management’s accountability.

40
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

11) In obtaining the understanding of the entity’s risk assessment process required
by ISSAI 2315 (Revised 2019).22, auditors are advised to take into account that
such process may be set out in legislation, included in directives, or conducted
by other public sector entities.

12) In some audit environments, such as a Court of Accounts environment, auditors

may work closely with prosecutors and police when dealing with financial
fraud or non-compliance. Therefore, they may have obtained information
from prosecutors and police that is relevant to the understanding of the entity
and its environment, and to the risk assessment.

Identifying and Assessing the Risks of Material

Misstatement

13) When auditors identify and assess the risks of material misstatement in
accordance with ISSAI 2315 (Revised 2019.28 and 29, auditors may take into
account additional matters such as:

• The fact that the identification and assessment of risks at the financial
statement level and the assertion level may include issues related to the
political climate, public interest and program sensitivity; and

• The fact that the assertions for classes of transactions, account balances
and disclosures may be expanded to include assertions that transactions
and events have been carried out in accordance with legislation or proper
authority consistent with ISSAI 2315 (Revised 2019).A192.

14) In exercising judgment as to which risks are significant risks as required by ISSAI
2315 (Revised 2019).32, auditors may also take the following into account:
a) Complexity and inconsistency in regulations and directives;
b) Non-compliance with authorities; and
c) The budget process and the execution of the budget.

41
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Additional Examples of Conditions and Events That May

Indicate Risks of Material Misstatement

15) The following are examples of additional conditions and events that may
indicate risks of material misstatement for entities in the public sector:
• Budget overspending due to weak budgetary controls;
• Privatizations;
• New programs;
• Major changes to existing programs;
• New financing sources;
• New laws and regulations or directives;
• Political decisions such as relocation of operations;
• Programs without sufficient allocated resources and funding;
• Increased public expectations;
• Procurement of goods and services in certain industries such as defence;
• Outsourcing of government activities;
• Operations subject to special investigations;
• Changes in political leadership;
• Indications of waste or abuse;
• Higher than normal expectations to meet budget;
• Public and private partnerships; and
• Planning and implementation of large infrastructure projects.

42
12 ISSAI 2320 -
Materiality in Planning and
Performing an Audit

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Materiality in the Context of an Audit
b) Determining Materiality and Performance Materiality when Planning the Audit
c) Revision as the Audit Progresses

Materiality in the Context of an Audit

2) When determining materiality for planning purposes in the public sector

both quantitative and qualitative matters as well as the nature of items are of
importance. The context in which the matter appears may be of importance.
Furthermore, the inherent nature or characteristics of items, or groups of
items, may render them material.

3) ISSAI 2320.A3 states that the legislators and regulators are often the primary
users of the public sector entities’ financial statements, and that the financial
statements may be used to make decisions other than economic ones.
Legislators represent the citizens and provide funding for various government
programs, activities, and functions. Legislators and/or regulators frequently
evaluate or make decisions about an entity’s activities. Other users may
include entity management, bondholders or the media. Financial statements
that meet the needs of legislators and regulators will also meet most of the
needs of other users.

43
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

4) The financial statements may also represent a key element of a public sector
entity’s accountability to the public. The accountability framework may
introduce other factors that influence the determination of materiality at
different levels. As a consequence, materiality is likely to be a result of both
quantitative and qualitative factors, and materiality levels for particular classes
of transactions, account balances and disclosures may be set at a lower level.

Determining Materiality and Performance Materiality

When Planning the Audit

5) As noted above, materiality in the public sector includes both quantitative and
qualitative aspects (referred to in the ISSAIs as aspects related to the “size”
and “nature” of misstatements). The determination of a materiality level or
levels is described in ISSAI 2320.10 and 11. Materiality levels for classes of
transactions, account balances or disclosures may be set at a lower level. This
may be for a variety of reasons, including the context of the matter, or the
nature and characteristics of the systems and entities involved as explained
in paragraphs 12.2 to 12.4 above. Furthermore, certain procedures may be
required to be performed by audit mandate or legislation. Examples of such
procedures might be tests of ministerial salaries regulated by statute and
sensitive payments such as travel and hospitality of senior staff. In the rare
cases where the auditors want to detect all such misstatements, they test all
relevant transactions.

6) Where auditors also provide opinions on the effectiveness of controls or

compliance with laws and regulations, they consider the need to establish
materiality for these objectives in addition to materiality for the financial
statements. For example, when reporting on the effectiveness of controls,
the auditor may use a benchmark based on the percentage of transactions
or monetary amounts sampled to determine materiality for evaluating
control deviations. In determining materiality for these other types of
engagements, the auditor may use guidance provided by other ISSAIs as
stated in paragraph 3.7 above.

44
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

7) ISSAI 2320.A3 describes considerations specific to determining materiality

levels in the public sector. When determining whether a particular class of
transactions, account balance, disclosure, or other assertion which is part of
the financial reporting framework, is material by virtue of its nature, auditors
take into account qualitative aspects such as:

• The context in which the matter appears, for example if the matter is also
subject to compliance with authorities, legislation or regulations, or if law
or regulation prohibits overspending of public funds, regardless of the
amounts involved;

• The needs of the various stakeholders and how they use the financial
statements;

• The nature of the transactions that are considered sensitive to users of the
financial statements;

• Public expectations and public interest, including emphasis placed on the

particular matter by relevant committees in the legislature, such as a public
accounts committee, including the necessity of certain disclosures;

• The need for legislative oversight and regulation in a particular area; and

• The need for openness and transparency, for example if there are particular
disclosure requirements for frauds or other losses.

8) ISSAI 2320.A4 to A8 discusses identifying appropriate benchmarks for financial

statement materiality. In the public sector, the budget, usually the total
annual expenditure of an institution may be the most appropriate basis for
determining materiality where that institution’s primary function or mandate
is service delivery. For public sector entities that are expected to recover costs
or break-even, net costs may not be an appropriate benchmark. In those cases
gross expenditure or gross revenues may be a more relevant benchmark. For
public sector entities that are custodians of large amounts of assets, total
assets, total liabilities, net assets or net liabilities or certain classes of assets
might be an appropriate benchmark if they are accounted for in the financial
statements. In some cases, especially when considering qualitative materiality,
other types of benchmarks may also be useful. For example:

45
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Those amounts previously considered material by a relevant committee in

the legislature, such as public accounts committee; and

• Benefit payments as compared to cost of living indicators, for example

the importance to the eligible recipient of monthly benefit payments,
such as retirement or disability, paid out in accordance with public sector
programs.

Revision as the Audit Progresses

9) ISSAI 2320.12, 13 and A14 discuss the need to revise materiality levels in the
event of becoming aware of new information during the course of the audit.
Due to governance structures and interrelationships of entities within the
public sector, it is not unusual for auditors to receive new information during
the course of the audit.

46
13 ISSAI 2330 -
The Auditor’s Responses to
Assessed Risks

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Audit Procedures Responsive to the Assessed Risks of Material
Misstatement at the Assertion Level
b) Evaluating the Sufficiency and Appropriateness of Audit Evidence
c) Specific Considerations for SAIs with a Judicial Role

Audit Procedures Responsive to the Assessed Risks of

Material Misstatement at the Assertion Level

2) ISSAI 2330.A17 states that the audit mandate and any other special auditing
requirements may affect the auditor’s consideration of the nature, timing
and extent of further audit procedures. Examples of such other requirements
are found in Section 3, paragraph 3.6.

3) ISSAI 2330.8 describes the circumstances in which the auditor is required

to perform tests of controls to obtain sufficient appropriate audit evidence
as to the operating effectiveness of relevant controls. As a result of the
additional objectives described in paragraph 13.2 above, tests of controls
for a public sector entity may be broader and more detailed than those for a
private sector entity. Auditors may perform tests of controls on other types
of engagements other than in the audit of financial statements and may seek
guidance on performing these from ISSAIs other than the ISSAIs 2000-2899.

47
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

4) In designing and performing tests of controls as required by ISSAI 2330.10,

auditors determine whether the entity is part of a larger government control
environment. As a result, controls may exist outside the entity. The auditor
determines whether and how to obtain sufficient appropriate audit evidence
about those controls.

5) When using audit evidence about the operating effectiveness of controls

obtained in previous audits, as stated in ISSAI 2330.13, auditors may consider
using evidence obtained in performance audits or other audit activities
relevant to the entity. When considering evidence obtained in previous
performance audits, auditors evaluate whether the assertions used and tests
performed are adequate for the purpose of the financial statement audit.

Evaluating the Sufficiency and Appropriateness of Audit

Evidence

6) ISSAI 2330.27 requires the auditor to express a qualified opinion or disclaim an

opinion on the financial statements if the auditor is unable to obtain sufficient
appropriate audit evidence. ISSAI 2330.A62 provides factors that may influence
the auditor’s judgment as to what constitutes sufficient appropriate audit
evidence. In evaluating what is sufficient appropriate audit evidence, auditors
also take into account the need to obtain sufficient appropriate evidence to
meet any additional objectives as described in paragraph 13.2 above.

Specific Considerations for SAIs with a Judicial Role

7) In some public sector environments, such as a Court of Accounts environment,

the auditors’ report is often judged and used to determine personal legal
implications of those responsible for financial acts, including significant
matters, control deficiencies and instances of non-compliance with authorities.
Therefore, auditors in such environments, when evaluating the sufficiency
and appropriateness of audit evidence, perform procedures to identify those
responsible for financial acts and for compliance with legal requirements.

48
14 ISSAI 2402 -
Audit Considerations
Relating to an Entity Using a
Service Organization

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Scope of the ISSAI
b) Definitions
c) Obtaining an Understanding of the Services Provided by a Service
Organization, Including Internal Control
d) Specific Considerations for SAIs with a Judicial Role

Scope of the ISSAI

2) ISSAI 2402.2 refers to organizations that provide services that are integral to
the entity’s operations. In the public sector, service organizations may also be
an integral part of a user entity’s capacity to comply with the authorities that
govern it, carry out its program objectives and to ensure effective internal
control. The nature and extent of the work to be performed by the auditors
in this context depends on the nature and significance of those services to
the public sector entity and the relevance of those services to the public
sector audit mandate.

49
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Definitions

3) The terms ‘service organization’ and ‘subservice organization’ are defined in

ISSAI 2402.8(e) and 8(g). In addition to being part of a user entity’s information
system relevant to financial reporting, in the public sector these terms
may also extend to organizations that provide services integral to the user
entity’s ability to achieve its program objectives, such as the determination
of eligibility, and distribution of pension payments to individuals, or grants to
individuals or organizations.

Obtaining an Understanding of the Services Provided by a

Service Organization, Including Internal Control

4) ISSAI 2402.9 relates to the user auditor obtaining an understanding of how

a user entity uses a service organization in its operations. When considering
the significance of the services provided to the user entity, the nature and
materiality of transactions processed, as well as the nature of the relationship
between the user entity and the service organization, auditors may also
consider the service organization’s role related to the user entity’s compliance
with authorities, achievement of program objectives and effectiveness of
internal control. Sources of information which auditors may use to obtain
this understanding are documented in contract or the service agreement
governing the relationship between the parties involved.

5) Furthermore, when considering the nature of transactions processed by a

service organization for a user entity, auditors may consider the degree of
accountability of the flow of funds between the two entities. The accountability
between the two entities may vary from:

a) A situation where the user entity uses a service organization to provide

unconditional funding to eligible recipients, with no requirements for the
recipients or the service organization to report back to the user entity on the
use of those funds, to;

50
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

b) A situation where there is full accountability for the funds, whereby the
transactions carried out by the service organization are fully accounted for, and
assurance has been provided to the user entity that the transactions carried
out by the service organization are in compliance with the authorities which
govern them, and that relevant program objectives have been achieved.

6) In addition, when considering the nature of the relationship between the

user entity and the service organization, auditors may also consider relevant
governance structures, as well as accountability structure and the extent of
influence one entity may have on the other.

7) The definitions of ‘service auditor’ and ‘user auditor’ in ISSAI 2402.8(d) and
8(h) may be deemed to imply that there are two separate audit organizations
involved. However, in the public sector, one level of government may
provide services to other levels of government. These levels may ultimately
be considered as belonging to the same governmental structure and may,
as a result, be audited by the same public sector audit organization. Being
a part of the same public sector audit organization may affect how the two
individual auditors responsible for the service organization and the user entity
respectively, communicate with, and report to one another in accordance
with the requirements set out in ISSAI 2402.12 to 18. For example, in such
situations, communication between the service auditor and user auditor
may, depending on their mandate, not be subject to the same confidentiality
requirements as in the private sector.

8) For example, ISSAI 2402.12 describes options the user auditor may employ to
obtain a sufficient understanding of the user entity’s internal control relevant
to the audit in order to provide a basis for the identification and assessment of
risks of material misstatement. When the user auditor and the service auditor
are from the same public sector audit organization, some or all of the options
described in ISSAI 2402.12 may not be practical. Nonetheless, in such cases,
the information exchanged between the user auditor and the service auditor
is shared in a transparent manner. This information may include matters
similar to those included in a type 1 or type 2 report.

9) Furthermore, in such situations, it may be helpful to give sufficient consideration

to identifying and addressing relevant reporting needs, channels and forms at
the planning stage of the engagement.

51
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Specific Considerations for SAIs with a Judicial Role

10) In some public sector audit environments, such as in a Court of Accounts

environment, there may be additional considerations that auditors take into
account. These considerations may include:

• Assessing the risks of potential non-compliance or misconduct, at either

the user entity or the service organization, that may have a material impact
on financial statements of the user entity;

• Following stricter rules of evidence when potential irregularities or

instances of misconduct are identified, such that relevant requirements
for proceeding with a formal judgment are met; and

• Providing evidence of such potential irregularities and instances of

misconduct to the judicial department of the Court of Accounts, and
cooperating with the judicial department as necessary. Such information
is normally provided in the form of a separate report on the audit work
performed and the related findings.

52
15 ISSAI 2450 -
Evaluation of Misstatements
Identified during the Audit

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Evaluating the Effect of Uncorrected Misstatements
b) Written Representations
c) Specific Considerations for SAIs with a Judicial Role

Evaluating the Effect of Uncorrected Misstatements

2) In applying ISSAI 2450.11, auditors with additional reporting responsibilities

related to non-compliance with authorities and control deficiencies
separately evaluates each of these objectives. However, misstatements,
instances of non-compliance with authorities and control deficiencies can be
interrelated, potentially increasing the risk to each objective.

3) ISSAI 2450.12 to 13 deal with communication of uncorrected misstatements

with those charged with governance. Where appropriate to a SAI’s mandate,
this communication may include instances of non-compliance with
authorities and control deficiencies. Auditors may also need to communicate
misstatements, instances of non-compliance with authorities and control
deficiencies to additional parties such as government officials.

53
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

4) When communicating with those charged with governance or with additional

parties as described in paragraph 15.3 above, auditors may be expected to
communicate all misstatements, even those that have been corrected by the
entity. When communicating with those charged with governance, auditors
use ways of reporting relevant to their environment. Auditors may also be
called upon to present before the legislature on the results of the financial
statement audit.

Written Representations

5) ISSAI 2450.14 requires the auditor to obtain written representation that

management considers the effects of uncorrected misstatements on the
financial statements to be immaterial. Where auditors have additional
responsibilities for compliance with authorities and effectiveness of internal
control these representations may be made in a single document.

Specific Considerations for Auditors with a Judicial Role

6) In some public sector audit environments, such as in a Court of Accounts

environment, the auditors’ report is often used to determine personal legal
implications of those responsible for financial acts, including significant
matters, instances of non-compliance with authorities, and control
deficiencies. Therefore, auditors in such environments, when evaluating the
misstatements, instances of non-compliance with authorities and control
deficiencies identified during the audit, also identify those responsible for the
financial acts and for compliance with legal requirements, and follow stricter
rules of evidence when potential irregularities or instances of misconduct
are identified, such that relevant requirements for proceeding with a formal
judgment are met. This is done to provide evidence of such potential
irregularities and instances of misconduct to the judicial department of the
Court of Accounts, and cooperate with the judicial department as necessary.
Such information is normally provided in the form of a separate report on the
audit work performed and the related findings.

54
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

7) ISSAI 2450.8 requires the auditor to communicate on a timely basis all

misstatements accumulated during the audit with the appropriate level of
management. Where SAIs have mandates which include the legal authority
to order the entity to correct any misstatements as well as instances of non-
compliance with authorities, they are advised to consider whether exercising
this authority may impair their independence and, if so, take appropriate
action to avoid such impairment.

55
16 ISSAI 2500 -
Audit Evidence

Sufficient Appropriate Audit Evidence

1) Some audit evidence is obtained by performing audit procedures to test

accounting records. Audit evidence comprises both information that
supports and corroborates management’s assertions, and any information
that contradicts such assertions. In the case of financial statements in the
public sector, management may often assert that transactions and events
have been carried out in accordance with legislation or proper authority.
Such assertions may fall within the scope of a financial audit.

2) When considering information from sources independent of the entity as

referred to in ISSAI 2500.A12 auditors may consider sources as independent
of the entity even though they ultimately report to the same authority e.g.
operationally independent government agencies reporting to the same
authority. The nature of benchmarking data in the public sector may include
other sources e.g. comparisons between similar programs, or performance
indicators.

3) When considering the sources of evidence in accordance with ISSAI 2500.A5

auditors may also consider evidence obtained in performance audits or other
audit activities relevant to the entity. When relying on evidence obtained in
performance audits, auditors evaluate whether the assertions used and tests
performed are adequate for the purpose of the financial statement audit.

56
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

4) When the audit mandate includes objectives related to compliance with

authorities, auditors may need to consider the nature and timing of audit
procedures as explained in ISSAI 2500.A16 e.g. the ability to apply certain audit
procedures to establish the compliance with authorities or the effectiveness
of the controls may be adversely affected by the passage of time.

5) Public sector entities will usually have established internal controls designed
to secure the compliance with authorities. However, where the audited entity
is responsible for giving grants or other financial assistance to other parties,
it is often the case that the compliance with authorities will depend, in part,
on the other parties satisfying the criteria and meeting the terms for receiving
assistance. Additional evidence may be required concerning the entity’s
exercise of its responsibilities to satisfy itself about the transactions of these
other parties.

6) When considering the guidance in ISSAI 2500.A17, auditors may take into
account that data retention requirements for public sector entities may be
different as stipulated by relevant legislation. Auditors are advised to familiarize
themselves with applicable legislation in regard to retention of data.

7) Auditors in some environments, such as a Court of Accounts environment, may

be subject to laws and regulations requiring the auditors to understand and
follow precise procedures related to rules of evidence. Auditors are advised
to familiarize themselves with any such policies and procedures describing
additional requirements relating to audit evidence and that are designed
to ensure compliance with authorities. For example, auditors operating in
such an environment may need to consider the following matters related to
evidence collection:

• Legislation imposing additional requirements on audit evidence;

• The scope of additional requirements (i.e., are they to be imposed on every

document from the audit assignment or on specific documents relating to
certain audit issues);

• Additional processing, formalities or requirements to which audit evidence

is subject;

57
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• The purpose of each additional requirement as regards due process of law

in following the steps of the audit; and

• Any restrictions that may be placed upon audit evidence due to specific
ways it has been collected and/or produced.

8) Appendix B provides information on sources of audit evidence concerning

management of risks related to laws and regulations.

58
17 ISSAI 2501 -
Audit Evidence - Specific
Considerations for
Selected Items

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Inventory
b) Litigation and Claims
c) Segment Information

Inventory

2) Inventory in the public sector is often different from inventory in the private
sector. For example, inventory in the public sector is often held for use rather
than for resale; therefore, the nature of internal controls and the assessed
risk of material misstatement may be different. Auditors may have other
objectives and assertions to consider in addition to existence and condition
such as public expectations for effective management of inventory.

3) When applying the requirements of ISSAI 2501.4, to decide whether to

attend physical counts, auditors consider the matters described above.

4) Where auditors are restricted by either management, legislation or

regulations and cannot attend a physical count as required by ISSAI 2501.4
or request confirmation from a third party as required by ISSAI 2501.8 and
other audit procedures are not possible, auditors are advised to consider the

59
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

effect on the auditor’s report. The auditor’s response may be different when
the limitation is imposed by management rather than imposed by legislation
or regulations.

5) In some public sector audit environments, such as a Court of Accounts,

auditors may have extended responsibilities for identifying who is responsible
for the existence and condition of the inventory, including development and
implementation of controls. This may include, where applicable, determining
sanctions. Therefore the auditor provides evidence of such potential
irregularities and instances of misconduct to the judicial department of the
Court of Accounts, and cooperates with the judicial department as necessary.
Such information is normally provided in the form of a separate report on the
audit work performed and the related findings.

Litigation and Claims

6) When designing and performing audit procedures in accordance with ISSAI

2501.9 and A18, auditors may have additional responsibilities in relation to
litigation and claims. In addition, there may be ambiguities between public
sector entities regarding liabilities and commitments that arise from litigation
and claims. Thus, the responsibilities may include identifying probable future
claims and the potential wider consequences of those claims on the public
sector. Due to the complexity and structure of public sector organizations,
auditors may need to inquire of other public sector organizations in addition
to management of the audited public sector entity. For example, a central legal
department may administer all claims against the government; the auditors
would inquire of that department in addition to management of the audited
entity.

7) Where legal counsels within the government do not charge the public sector
entity for their services, public sector entities may not have legal expense
accounts as discussed in ISSAI 2501.9(c).

8) Auditors may need to consider other sources of information when performing

audit procedures to identify litigation and claims involving the entity such as:

60
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Media reports;
• General public and stakeholder feedback;
• Other information obtained by regulators, officials, public prosecutors, or
other investigative agencies;
• Information from complaints officials and whistle-blowers; and
• Outcomes of performance or other audits.

9) When applying the requirements in ISSAI 2501.10, SAIs, in accordance with

their mandate, may have the right to communicate directly with the entity’s
external legal counsel without management’s permission. Auditors consider
the independence and objectivity of a legal counsel who may be part of the
entity or part of another government organization. When the independence
or objectivity of legal counsel is in doubt, the auditors may wish to consider
obtaining information from another source.

10) When seeking direct communication through a letter of general or specific

inquiry as referred to in ISSAI 2501.A22 and A23, auditors may include other
specific inquiries if permitted by the applicable financial reporting framework.
For example, this may include whether the entity is operating within its
legislative mandate.

Segment Information

11) Presentation and disclosure of segment information may not be required by

certain financial reporting frameworks or relevant in the context of certain
public sector entities. However, there may be other information similar to
segment information required by laws or regulations or by the applicable
financial reporting framework. For example, public sector entities may
be required to report incomes and expenditures by fund, appropriation,
program or category; auditors might be required to audit that information. In
certain circumstances auditors may be required to express an opinion on the
segmental or similar information either as part of the overall audit opinion or
on a stand-alone basis.

61
18 ISSAI 2505 -
External Confirmations

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) External Confirmation Procedures to Obtain Audit Evidence
b) Management’s Refusal to Allow the Auditor to Send a Confirmation Request

External Confirmation Procedures to Obtain Audit

Evidence

2) ISSAI 2505.A1 and ISSAI 2330.A50 state that confirmations can be used to
obtain evidence about the presence or absence of certain conditions (e.g.
“side agreements” not included in formal arrangements). In addition
to assertions related to the audit of financial statements, auditors may
find confirmations useful in obtaining evidence related to additional audit
objectives stipulated by their audit mandate or arising from legislation,
regulation, ministerial directives, government policy requirements, or
resolutions of the legislature. For example, external confirmations can be
used to obtain evidence about:

• The presence or absence of agreements or arrangements with third

parties of legislated or other terms and conditions such as guarantees of
performance or funding;

62
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• The commitment of expenditures that have not yet been authorized by

the legislature;

• The continued eligibility of individuals in receipt of pensions, income

assistance, annuities or other ongoing payments; or

• The presence of “side deals” with suppliers for the return of goods for
credit in order to use funding that would have otherwise lapsed in a
subsequent fiscal period.

3) When requesting an external confirmation as defined in ISSAI 2505.6(a),

auditors are advised to ensure that the requests are directed to third-parties
who are independent of the audited entity and the responses are reliable
in light of the relationship between the entity and the confirming party.
However, auditors may consider some sources as independent of the entity
even though the audited entity and the entity that is the source ultimately
report to the same authority. In such circumstances, a higher standard in
the audit evidence documentation on how independence was assessed and
considered by the auditors is encouraged.

Management’s Refusal to Allow the Auditor to Send a

Confirmation Request

4) Auditors may, in addition to the requirement to communicate to those

charged with governance as stated in ISSAI 2505.9, be required or expected to
communicate to the legislature or appropriate oversight body. Management’s
refusal to allow the auditor to send a confirmation request has a direct impact
on the risk assessment and audit risk conclusions made thereof.

63
19 ISSAI 2510 -
Initial Audit Engagements
- Opening Balance

Initial Audit Engagements

1) An initial audit might occur when an entity is nationalized without resulting in

the formation of a new entity or when a SAI’s mandate is changed to include
a new or additional audit of an already existing entity. An initial audit may
also occur when a public sector entity is created, and legislation, regulation
or framework require the appropriation of all or parts of prior balances of a
predecessor public sector entity, which have been audited by a predecessor
auditor.

64
20 ISSAI 2520 -
Analytical Procedures

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Analytical Procedures
b) Substantive Analytical Procedures
c) Investigating Results of Analytical Procedures

Analytical Procedures

2) In performing analytical procedures, either in the assessment of risk,

substantive testing or forming an overall conclusion auditors may also
consider, without limitation to the list below, relevant relationships such as:

• Expenditures versus budget or appropriations;

• Benefit payments, such as child support and pensions versus demographic

information;

• Tax revenues versus demographic information or economic conditions or

indicators;

• Interest as a percentage of national debt compared to the government

borrowing rate;

65
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Results accomplished in relation to expenditure, where performance

information is included as part of the financial statements; and

• Government grants for economic and social development, e.g. grants for
low income farmers and grants for school buildings, versus economic and
demographic indicators.

3) In order to be an effective procedure, such tests are advised to be at an

appropriate level of detail.

Substantive Analytical Procedures

4) When designing analytical procedures, auditors may consider the information

obtained and conclusions reached in related audit activities, including
performance and other audits. When relying on other audit activities,
auditors are advised to evaluate whether the related objectives, assertions
covered and tests performed are appropriate for the purpose of the financial
statement audit.

5) The auditor’s determination of the acceptable amount referred to in ISSAI

2520.A16 is influenced by materiality which in the public sector may be
influenced by the audit mandate and public expectations amongst other
considerations.

6) When assessing the reliability of data referred to in ISSAI 2520.A12(a) auditors

may use information obtained from other entities within the government even
though they ultimately report to the same authority. For example, comparative
data in the public sector may include comparisons between similar entities
and/or programs.

7) When considering the guidance in ISSAI 2520.A13 for performing analytical

procedures, auditors are advised to understand the design of the controls and
may need to test the operating effectiveness of the controls over the entity’s
non-financial information used in analytical procedures.

66
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Investigating Results of Analytical Procedures

8) Auditors consider that they may have additional responsibilities when

management is unable to provide explanations for differences identified in
performing analytical procedures referred to in ISSAI 2520.A21. For example,
auditors in some audit environments, such as a Court of Accounts environment,
may need to investigate further the underlying reasons for the lack of
information and determine who is responsible. The auditor may also provide
evidence of such potential irregularities and instances of misconduct to the
judicial department of the Court of Accounts, and cooperate with the judicial
department as necessary. Such information is normally provided in the form of
a separate report on the audit work performed and the related findings.

67
21 ISSAI 2530 -
Audit Sampling

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Sample Design, Size and Selection of Items for Testing
b) Nature and Cause of Deviations and Misstatements
c) Projecting Misstatements
d) Evaluating Results of Audit Sampling

Sample Design, Size and Selection of Items for Testing

2) When designing an audit sample in accordance with ISSAI 2530.6 SAIs may
have greater responsibilities under a mandate. In such situations auditors
may set different levels of parameters, including materiality and a higher
level of confidence, and this may affect the sample size. Auditors might
design separate samples to test controls and compliance or may design one
sample to test both. For example, a sample of disbursements might be used
to test controls over disbursements as well as whether the disbursements
were in accordance with authorities.

3) Public sector auditors are more likely than private sector auditors to consider
the need to sample non-financial information. As a result of additional
public sector objectives, such as testing compliance with authorities and
reviewing non-financial information contained in financial statements,

68
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

auditors may consider whether sampling will be useful in testing such non-
financial information contained in financial statements. An example of
such non-financial information may be information contained in sustainable
development measures.

4) Auditors may be mandated to report additional information about audit

sampling. Such requirements may include reporting the sampling methods
used, whether the results of the sample may be projected to the population,
and if so, the results of that projection. Auditors may consider such needs in
deciding whether to use statistical or non-statistical approaches.

Nature and Cause of Deviations and Misstatements

5) When analyzing deviations and misstatements identified as stated in ISSAI

2530.A17 auditors consider that they may have extended audit and reporting
responsibilities related to fraud. Section 6 of this GUID provides additional
information for auditors related to the auditor’s responsibilities relating to
fraud in an audit of financial statements.

Projecting Misstatements

6) When performing audit sampling for testing controls, auditors may be required
to project the deviation rate in the population, including a confidence interval,
and report the sample results as noted paragraph 21.4 above. In some audit
environments, such as Courts of Accounts, reporting on the deviation rates
may be required to explain, for example, the deficiencies in internal control or
non-compliance with authorities.

Evaluating Results of Audit Sampling

7) In addition to the guidance in ISSAI 2530.A23 auditors are advised to consider

their responsibilities under their mandate when management is unable
to provide an adequate explanation for deviations and misstatements. For

69
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

example, auditors in a Court of Accounts environment may need to investigate

further the underlying reasons for the lack of information and determine who
is responsible.

8) In addition to the guidance in ISSAI 2530.A23 (second bullet point), auditors

may need to consider any additional responsibilities as described in Section 3,
paragraph 3.6.

70
22 ISSAI 2540 (Revised) -
Auditing Accounting
Estimates and Related
Disclosures

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Nature of Accounting Estimates
b) Objective
c) Risk Assessment Procedures and Related Activities
d) Responses to the Assessed Risks of Material Misstatement
e) Further Substantive Procedures to Respond to Significant Risks
f) Evaluating the Reasonableness of the Accounting Estimates, and
Determining Misstatements
g) Indicators of Possible Management Bias
h) Written Representations
i) Documentation

Nature of Accounting Estimates

2) When and how public sector entities use accounting, estimates depend on
the types of financial items reported and the applicable financial reporting
framework. Some important estimates in the public sector may relate to
assets, liabilities and disclosure items, such as:

• Social insurance programs;

71
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Government employee pension programs;

• Health care programs;
• Veterans’ benefits programs;
• Government guarantee programs;
• Environmental liabilities;
• Tax revenue and receivables; and
• Certain property and equipment such as specialized military equipment
and heritage assets.

3) Due to the nature of government operations, some accounting estimates of

public sector entities will have a high level of estimation uncertainty, such as
guarantees related to loans or distressed entities.

4) In addition to the guidance provided in ISSAI 2540.A72-A75, in the public sector

fair value measurement is not always required by the applicable financial
reporting framework. In those cases, auditors may assess the alternative
valuation method used and determine whether it is in accordance with the
applicable financial reporting framework and is not misleading.

Objective

5) When considering the objective of ISSAI 2540.11 to obtain sufficient

appropriate audit evidence about whether accounting estimates and related
disclosures are reasonable in the context of the financial reporting framework,
auditors may consider the following:

• Financial reporting frameworks may require disclosure of non-financial

information such as program results and other operational information.
This information may be based on estimates; or

• Some liabilities such as Government policy related guarantees have such a

high level of estimation uncertainty that the applicable financial reporting
framework may not allow their recognition but may still require disclosure
of the estimation uncertainty. Where these potential liabilities threaten
the sustainability of government programs, auditors may use Emphasis of
Matters or Other Matters paragraphs to highlight the issues.

72
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Due to the complexity, nature and the element of management judgement,

the reporting of a Key Audit Matter in such situations in line with ISSAI
2701 may be appropriate.

Risk Assessment Procedures and Related Activities

6) In the public sector, the actual amounts of certain long-term estimated

liabilities may not be known for an extended period of time. For example,
social insurance liabilities extend for many years into the future and, therefore,
auditors will not be able to use subsequent events to evaluate them. By its
nature, the public sector has access to prior year records that extend through
a significant amount of time from which the auditor may generate trends on
the accuracy of estimates. These trends may be relevant in the application of
ISSAI 2540.A55 to A60.

Responses to the Assessed Risks of Material Misstatement

7) When considering whether specialized skills or knowledge in relation to one

or more aspects of the accounting estimates are required in order to obtain
sufficient appropriate audit evidence as required by ISSAI 2540.15, auditors’
consideration of the need for specialized skills may be particularly relevant in
relation to estimates such as those for but not limited to:

• Social insurance programs;

• Government employee pension plans; and
• Veterans’ compensation programs.

Further guidance in using experts is included in Section 29 of this GUID.

73
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Further Substantive Procedures to Respond to Significant

Risks

8) When evaluating accounting estimates in accordance with the requirements

in ISSAI 2540.24(d), auditors may consider that management may not be in
a position to carry out the specific course of action on which the estimate is
based. As discussed in ISSAI 2315 (Revised), such decisions related to carrying
out the specific course of action on which the estimate is based may be
made outside the audited entity’s control as a result of political processes.
In such circumstances, the auditor may need to consider the sufficiency and
appropriateness of audit evidence and any impact on the auditor’s conclusion
on the financial statements.

Evaluating the Reasonableness of the Accounting

Estimates, and Determining Misstatements

9) When public sector financial statements include a number of very large

estimates, which may have a large estimation uncertainty, auditors may need
to evaluate the adequacy of disclosure of the estimation uncertainty and its
effect on the auditor’s report.

Indicators of Possible Management Bias

10) Auditors review the judgments and decisions made by management in

making accounting estimates to identify whether there are indicators of
possible management bias in accordance with ISSAI 2540.32. In this process,
managers can base their assumptions on different types of information
extracted from internal and external sources, the relevance and reliability of
which will be variable. The specific assumptions will also vary according to
the characteristics of the asset or liability to be valued, the valuation method
used (e.g. a market or performance approach) and the requirements of the

74
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

applicable financial reporting framework. In doing this, auditors may consider

reasons for possible bias that may be specific to the public sector such as:

• Strong political motives;

• Changing or unstable political and economic environment;
• Increased public expectations;
• Higher than normal expectations to meet budget;
• Pressure to adhere to regional and international treaties such as Sustainable
Development Goals (SDGs);
• Reduction in budgets without corresponding reduction in service delivery
expectations;
• Public and private partnerships; and
• Tolerance of errors in financial information.

11) Auditors operating in some environments, such as a Court of Accounts

environment, may have additional responsibilities related to when they
determine an intention by management to mislead. Such responsibilities
often include identifying the individual(s) responsible for such actions and to
recommend the filing of the appropriate civil and criminal charges against
them. For that purpose, the auditors provide evidence of such potential
irregularities and instances of misconduct either to the judicial department of
the Court of Accounts or the relevant prosecutor’s office, and cooperate with
the judicial department as necessary. Such information is normally provided
in the form of a separate report on the audit work performed and the related
findings.

Written Representations

12) Due to the complexity, nature and the element of management judgement in
relation to accounting estimates in the public sector, the auditor may consider
the need to obtain representations about specific accounting estimates,
including in relation to the methods, assumptions, or data used.

75
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Documentation

13) In cases where the auditors used the extensive long backdating prior year
data and knowledge available in the public sector when developing an
“Auditor’s range” in accordance with ISSAI 2540.29, the auditors may consider
documenting over and above the requirements of ISSAI 2540.39 the basis for
the auditor’s evaluation of the reasonableness of the accounting estimates
and related disclosures using such data.

76
23 ISSAI 2550 -
Related Parties

Content of this Section

1) This Section provides guidance for auditors related to:

a) Restricted Transactions
b) Definitions
c) Risk Assessment Procedures and Related Activities
d) Identification and Assessment of the Risks of Material Misstatement
Associated with Related Party Relationships and Transactions
e) Responses to the Risks of Material Misstatement Associated with Related
Party Relationships and Transactions

Restricted Transactions

2) Public sector entities may also be subject to specific restrictions on the nature
and scope of the transactions that they can have with related parties. The
restrictions may prohibit transactions or practices that might be permissible
in related party relationships outside the public sector.

Definitions

3) ISSAI 2550.10(b) provides a definition of ‘related party’ where the applicable

financial reporting framework establishes minimal or no related party

77
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

requirements. Auditors will note that, under this definition, entities that are
under common control by a state (i.e. a national, regional or local government)
are not considered related unless they engage in significant transactions or
share resources to a significant extent with one another.

4) Auditors may consider whether the exemption from the definition of related
parties of entities under common control by the state leads to areas of
greater risk in their audit of public sector entities. For example, there may be
a situation where a ministry is composed of a number of entities. While these
entities may not share resources or transact to a significant extent, there may
be many, smaller apparently ‘insignificant’ transactions taking place which
may be deemed irregular. There may also be situations where there is no
transaction at all. For example the minister may exert influence on one entity
to withhold paying a dividend to another entity in order to influence cash flow
and possible budgetary appropriations decisions.

5) Auditors are advised to keep the wider definition of related parties in mind
when applying the ISSAI.

Risk Assessment Procedures and Related Activities

6) In obtaining an understanding of the public sector entity’s related party

relationships and transactions, in addition to the procedures described in
ISSAI 2550.11 to 14 auditors have regard to:

• The legal structure and regulatory requirements governing the entity and
its related parties, for example whether the entity is a ministry, department,
agency or another form of public entity;

• Understanding the business operations of public sector entities will often

include obtaining knowledge of types of government activities carried out
including relevant programs and the principal entities it engages with in
the execution of those programs;

• The organizational structure for controlling the entity and establishing

accountability, recognizing that in the public sector those charged with

78
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

governance serve as representatives of the citizens. Ownership of public

sector entities may not have the same relevance as in private sector;

• Obtaining an understanding of the entity’s reporting requirements,

including those for the disclosure of related party relationships and
transactions; and

• Other regulations that may be relevant to the public sector entity’s ability
to conduct business with related parties. This may include compliance
with procurement regulations, which may include a requirement for public
sector entities to demonstrate that transactions with related parties are
conducted at arm’s length.

7) The discussion on the susceptibility of the entity’s financial statements to

material misstatement may also cover the additional objectives and related
risks of material misstatement, as discussed in ISSAI 2550.A8. Auditors may
include auditors engaged in performance audits and other audit activities of
the entity in such a discussion.

8) The discussion among the engagement team related to fraud may include
consideration of the susceptibility of the entity’s procurement process to
fraud carried out by or through related parties.

Identification and Assessment of the Risks of Material

Misstatement Associated with Related Party Relationships
and Transactions

9) In addition to the assertions set out in ISSAI 2315, the management of public
sector entities may assert that transactions and events have been carried
out in accordance with legislation or proper authority as noted in ISSAI 2315.
A192. Such assertions may extend to the relationships and transactions with
related parties and fall within the scope of the financial statement audit.

10) Auditors may be required by their mandate to consider the legal framework
and regulations governing the entity and any requirements or specific

79
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

limitations these may place on the entity, those charged with governance,
management and employees, for entering into and the conduct of transactions
with a related party. There may also be limitations on the entity’s capacity
to establish wholly or partly owned entities which would be deemed related
parties.

11) There may also be a requirement for those charged with governance of public
sector entities, management and employees to declare their interests in
entities with which they transact on a professional or commercial basis. Where
such legislative requirements exist, auditors need to apply risk assessment
procedures to identify and assess the risks of material misstatements arising
from non-compliance with those requirements.

Responses to the Risks of Material Misstatement

Associated with Related Party Relationships and
Transactions

12) ISSAI 2550.23(b) requires auditors to obtain evidence that significant

transactions with related parties outside the entity’s normal course of
business are appropriately authorized and approved. In the public sector,
the audit mandate may involve a responsibility to report on compliance with
laws and regulations. This may include a responsibility to obtain evidence
that the relationships and transactions with related parties comply with laws
and regulations and have been authorized and approved. Auditors may also
have to seek evidence that management has obtained authorization and
approval from the legislature, the finance ministry, or a ‘parent’ or sponsoring
department, or the appropriate oversight body. These procedures may apply
irrespective of whether the transactions are significant or outside the normal
course of business.

13) ISSAI 2550.24 requires auditors to obtain sufficient appropriate evidence about
a management’s assertion that related party transactions are conducted at
terms equivalent to those prevailing in an arm’s length transaction if such an
assertion was made by management in the financial statements. In the public

80
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

sector laws or regulations related to procurement may require that contracts

with third parties, including related parties, are subject to competitive
tendering or some other form of ’market testing’ to demonstrate ‘value for
money’.

81
24 ISSAI 2560 -
Subsequent Events

Content of the Section

1) This Section provides additional guidance for auditors related to:

a) Events Occurring Between the Date of the Financial Statements and the
Date of the Auditor’s Report
b) Facts Which Become Known to the Auditor after the Financial Statements
Have Been Issued

Events Occurring between the Date of the Financial

Statements and the Date of the Auditor’s Report

2) In addition to the specific inquiries identified in ISSAI 2560.A9 auditors may

also consider events that have occurred which:

a) Have relevance for the government entity’s ability to fulfill its program
objectives; and
b) May impact the presentation of any performance information in the
financial statements.

3) In addition to the procedures described in ISSAI 2560.A10 the auditor may

also consider matters arising from relevant proceedings of the legislature
and other relevant bodies which the auditors may have become aware of
during the course of the audit as being scheduled to take place at or after the

82
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

period end, the outcome of which may require adjustment of, or disclosure in,
the financial statements.

Facts Which Become Known to the Auditor after the

Financial Statements Have Been Issued

4) With respect to auditor action to seek to prevent reliance on the auditor’s

report in ISSAI 2560.A20 auditors may seek legal advice and also consider
reporting to the appropriate statutory body.

83
25 ISSAI 2570 (Revised) -
Going Concern

Content of the Section

1) This Section provides additional guidance for auditors related to:

a) Going Concern Assumption
b) Evaluating Management’s Assessment
c) Additional Audit Procedures When Events or Conditions Are Identified

Going Concern Assumption

2) Auditors may be required to review and report upon the entity’s arrangements
to maintain its general financial standing.

3) Public sector entities may spend more in one year than they have resources to
cover, such that their income may be less than their expenditure or there is an
excess of liabilities over assets. However, it is uncommon for the operational
existence of a public sector entity to cease or its scale of operations to be
subject to a forced reduction because of an inability to finance its operations
or of net liabilities.

4) Cessation of a public sector entity is most likely to result from a government

policy decision. A policy decision may be taken to wind up and dissolve
an entity in its entirety, to scale back its operations and transfer some of
its functions to another public entity, merge with another public entity or
privatize the entity. In each of these cases the operational existence of all or

84
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

part of the entity ceases. Auditors may consider the manner in which entity
activities are being wound up and/or transferred in order to conclude on
matters related to going concern.

5) In forming a view of the entity’s ability to continue its operations, auditors’

consideration of going concern embraces two separate, but sometimes
overlapping, factors:

• The greater risk associated with changes in policy direction (for example,
where there is a change in government); and

• The less common operational, or business, risk (for example, where an

entity has insufficient working capital to continue its operations at its
existing level and is unable to raise additional capital).

6) To minimize the risk of changes in government policies not coming to the

auditor’s attention which could impact on the going concern assumption, the
auditor may ascertain whether:

• The government has declared its intention to review an area of policy

affecting the audited entity;

• A review has been announced and is in progress;

• A review has indicated that the audited entity could be rationalized or that
an entity’s future may be re-examined; or

• There is a government policy to privatize the activities of the audited entity.

Evaluating Management’s Assessment

7) Auditors are aware that changes of government policies can have a significant
impact on the status and functions of public sector entities. However, political
decisions may be unknown to the auditor.

85
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Additional Audit Procedures When Events or Conditions Are

Identified

8) When considering the requirements of ISSAI 2570.16 auditors may consider

whether to request that the entity secures direct confirmation from the
department or executive body responsible for providing financial backing or
future funding to the entity. When considering requesting such confirmation,
auditors are advised to take into account any constraints imposed by the
political process. In such circumstances, a representation provided by the
responsible financial officer of the entity that financial backing or future
funding will be received may not be sufficient as meaningful assurance on the
future of an entity. This is because the intentions of the financial backer might
not be known by the entity.

9) In addition to the audit procedures set out in the ISSAI, auditors may also read
official records of changes in policy and relevant proceedings of the legislature
and inquire about matters addressed in proceedings for which official records
are not yet available.

86
26 ISSAI 2580 -
Written Representations

Content of the Section

1) This Section provides additional guidance for auditors related to:

a) Overall Considerations
b) Management from Whom Written Representations Requested
c) Communicating a Threshold Amount
d) Date of and Period(s) Covered by Written Representations
e) Doubt as to the Reliability of Written Representations and Requested
Written Representations Not Provided

Overall Considerations

2) In the public sector management’s responsibilities may be broader than

those responsibilities in the private sector. When requesting written
representations about management’s responsibilities, auditors may take this
broader premise into account.

87
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Management from Whom Written Representations

Requested

3) When considering the guidance in ISSAI 2580.A2 auditors are advised to take
into account that requirements with regard to responsibility for preparation of
financial statements may vary as stipulated by legislation. Auditors are advised
to familiarize themselves with applicable legislation to identify those from
whom written representations should be requested. Auditors may also inform
and agree, at the planning stage, with those charged with governance on those
individuals identified as responsible for providing written representations.

Communicating a Threshold Amount

4) According to ISSAI 2580.A14 the auditor may consider communicating

to management a threshold for purposes of the requested written
representations. Auditors are advised to take into account the broader
public sector perspective by which they may be required to communicate
all misstatements, even those that have been corrected by the entity, and
all control deficiencies, and instances of non-compliance with authorities.
For purposes of requesting written representations auditors may consider
communicating such requirements. Auditors are advised to take into account
the broader public sector perspective and procedures describing additional
objectives, responsibilities and requirements.

Date of and Period(s) Covered by Written Representations

5) As stated in ISSAI 2580.A15 the date of the written representations should

be as near as practical to the date of the auditor’s report on the financial
statements. In the public sector management representations may sometimes
be obtained from high governance levels and it is therefore important for
auditors to plan in advance so that written representations may be obtained
in time to avoid any delay in issuing the audit report.

88
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Doubt as to the Reliability of Written Representations and

Requested Written Representations Not Provided

6) Auditors may be appointed in accordance with statutory procedures and

therefore may not in a position to decline or withdraw from an engagement.
In such cases, auditors may report to the legislature as appropriate.

7) Appendix C lists other items that an auditor may choose to include in the
management representation letter.

89
27 ISSAI 2600 -
Special considerations -
Audits of Group Financial
Statements (Including the
Work of Component Auditors)

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Definitions
b) Acceptance and Continuance
c) Understanding the Group, its Components and their Environments
d) Understanding the Component Auditor
e) Materiality
f) Responding to Assessed Risks
g) Consolidation Process
h) Communication with the Component Auditor
i) Communication with Group Management and Those Charged with
Governance of the Group

Definitions

2) When considering the definitions in ISSAI 2600.9 in addition to referring to

the guidance in ISSAI 2600.A2 to A6 additional characteristics may apply in
the public sector as follows;

a) Component - In a public sector environment, components may also

include agencies, departments, bureaus, corporations, funds, component
units, districts, joint ventures and non-governmental organizations; and

90
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

b) Significant Component - In a public sector environment the determination

of significant components may also involve matters that have heightened
public sensitivity, such as national security issues, donor funded projects or
the reporting on tax revenue.

Acceptance and Continuance

3) The inability to be involved in the work of a component auditor as discussed in

ISSAI 2600.13 and the inability to obtain sufficient appropriate audit evidence
may be less likely to occur in a public sector environment, because laws or
regulations may prohibit restrictions of access to information.

4) When complying with the requirements of ISSAI 2600.13 in addition to

referring to the guidance in ISSAI 2600.A18 public sector group auditors may
communicate with the legislature or other regulatory bodies as appropriate,
about removing restrictions on access to audit evidence imposed by group
management or laws or regulations.

5) In the public sector, the significant changes that affect the group engagement
team’s ability to obtain sufficient appropriate audit evidence as mentioned in
ISSAI 2600.A12 may be affected by additional changes, such as;

• Changes in laws and regulations affecting the financial management

information system and/or the financial reporting framework; and

• Changes in the nature, sources or amounts of funding, including changes

in the structure of public debt.

Understanding the Group, its Components and their

Environments

6) The group auditor is required to understand the group and its components
and guidance is provided in ISSAI 2600.A23 to A31. The group engagement
team may also obtain an understanding about additional public sector matters
which may include:

91
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

• Controls over compliance with laws and regulations;

• Adherence to budgetary requirements and spending authorities;

• Consistent classification of codes for reporting budgetary and actual

amounts; or

• Participation of group and/or components in public and private

partnerships.

7) In certain cases, the Government may have relationships with independent

entities through transfers or through its role as a regulator for certain industries.
In these cases it can be difficult to determine whether the Government’s
relationship with an entity justifies their inclusion in the group. For example;

• The application of the financial reporting framework may result in the

exclusion of a specific type of agency, department, bureau, corporation,
fund, district, joint venture or non-governmental organization from the
group financial statements. In such cases, if the public sector group auditor
believes that this outcome would result in a misleading group financial
statement presentation, the public sector group auditor may, in addition to
considering the impact on the auditor’s report, also consider the need to
communicate the matter to the legislature or other appropriate regulatory
bodies; or

• The financial reporting framework may not provide specific guidance

for inclusion or exclusion of the entities, mentioned above, in the group
financial statements. In such cases, the public sector group auditor may
participate in discussions between group management and component
management to determine whether the treatment of the component in
the group financial statements will result in fair presentation. In addition,
it is possible that group management may not agree with the inclusion of
the component in group financial statements, which, in turn, may limit the
ability of the group auditor to communicate with and use the work of the
component auditor.

92
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Understanding the Component Auditor

8) Where the public sector group auditor plans to request a component auditor to
perform additional audit work on financial information related to a component
or the group, the guidance in ISSAI 2600.A33 is particularly relevant. In certain
public sector environments the group auditor’s methodology may differ from the
methodology or practices of component auditors. In such cases the group auditor
may prescribe procedures consistent with the group auditor’s methodology.

9) When considering ISSAI 2600.A37 auditors may note that in the public sector,
the component auditor may also be subject to the requirements of INTOSAI
Code of Ethics as adopted by the public sector audit organization.

10) The second bullet of ISSAI 2600.A38 discusses the group engagement team’s
understanding of the component auditor’s professional competence and
whether the component auditor possesses the special skills (e.g. industry
specific knowledge) necessary to perform the work. In the context of the
public sector environment this would include knowledge of that environment
and applicable laws and regulations relevant to the group audit.

11) ISSAI 2600.A41 discusses circumstances where law or regulation prohibits access
to relevant parts of the audit documentation of the component auditor. In such
circumstances, the public sector also may consider whether to communicate
the matter to the legislature or other appropriate regulatory bodies.

Materiality

12) When determining materiality for the group financial statements as required
by ISSAI 2600.21 to 23, auditors may use the guidance in ISSAI 2320.A3 and A10
which addresses determining materiality in the public sector. In the context
of group financial statements, materiality for classes of transactions, account
balances, disclosures as well as component materiality may be assessed at a
low level in the public sector. This may occur for a variety of reasons, including
the context of the matter, or the nature and characteristics of the systems

93
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

and entities involved. In addition, there might be requirements for separate

opinions on components, thus indicating a need for lower materiality for
the components. Furthermore, certain procedures may be required to be
performed by audit mandate or legislation, or the auditors may design audit
procedures for transactions that are significant solely because of their nature.

13) As required by ISSAI 2600.21(d) the determination of a threshold, above

which statements cannot be regarded as clearly trivial to the group financial
statements, may be influenced by the nature of the subject matter and public
sensitivity. Public sector group auditors also take into account the broader
public sector perspective by which they may be required to communicate all
misstatements, including those that have been corrected by the entity, and
all control deficiencies, and instances of non-compliance with authorities. In
such cases no thresholds would be established.

Responding to Assessed Risks

14) When applying the requirements of ISSAI 2600.24 at the group level, public
sector group auditors may consider that in the public sector the nature of
activities performed by different components is a major determinant of risk
of material misstatement. For instance, the risk of material misstatements
in a disaster-relief operation will usually be higher than the risk of material
misstatements in a more stable operation such as payment of salaries to
school teachers. To assess the risk of material misstatements in group wide
operations, the group auditor may categorize components according to the
nature of their operations, assessing risk for each category separately. Such
an exercise may enable the group auditor to determine the nature, timing and
extent of the work to be performed on the Consolidation process.

Consolidation Process

15) When considering the guidance in ISSAI 2600.A56 in the context of the public
sector there may be a variety of transactions recorded only at the group
level especially in the consolidated financial statements of the government.

94
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Such transactions may include recording of natural resources or historical

treasures. In such cases, group auditors are responsible for obtaining sufficient
appropriate audit evidence for these transactions.

16) These are examples of public sector related conditions in addition to the
examples included in Appendix 3 of ISSAI 2600, which might indicate risks of
material misstatements of the group financial statements.

• Management’s lack of knowledge of applicable laws and regulations;

• Budget overspending due to weak budgetary controls;
• Privatizations of components;
• New programs or components or major changes to existing programs or
components;
• New financing sources for the group or components and between
components;
• Changes in laws and regulations or directives;
• Political decisions such as reorganization of components;
• Major programs within a component without sufficient allocated resources
and/or funding;
• Increased public expectations;
• Procurement of goods and services in certain components, such as defence
or national security;
• Outsourcing of component activities;
• Components subject to special investigations or parliamentary or legislative
oversight;
• Changes in political leadership;
• Indications of waste or abuse;
• Higher than normal expectations to meet budget;
• Public and private partnerships;
• Political interference in allocation of public resources; or
• Direct influence of government in management and/or lack of professional
experience in management versus political appointment.

95
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

Communication with the Component Auditor

17) When communicating with the component auditor in accordance with ISSAI
2600.40 public sector group auditors may find it relevant to provide the
component auditors with information on the risk of non-compliance with
laws or regulations that could give rise to a material misstatement in the
group financial statements or affect the nature, timing and extent of audit
procedures and reporting requirements.

18) Additional matters that may be relevant in the public sector in addition to
requested or suggested matters in Appendix 5 of ISSAI 2600 may include:

• A list of laws and regulations relevant to the audit of the component audit
as well as a list of laws and regulations relevant to the group audit; or

• A list of additional procedures that the group auditor determines is

necessary to be performed by the component auditor.

Communication with Group Management and Those Charged

with Governance of the Group

19) Public sector group auditors may have reporting responsibilities regarding
communicating fraud identified at the component level in addition to the
requirements in ISSAI 2600.47. These responsibilities may include reporting
to parties outside the entity, such as regulatory and enforcement authorities.
Further guidance on the auditor’s responsibilities on reporting fraud is
included in ISSAI 2240.

96
28 ISSAI 2610 (Revised 2013) -
Using the Work of
Internal Auditors

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Determining Whether, in Which Areas, and to What Extent the Work of
the Internal Auditor Function Can Be Used
b) Determining Whether, in Which Areas, and to What Extent Internal
Auditors Can Be Used to Provide Direct Assistance

Determining Whether, in Which Areas, and to What Extent

the Work of the Internal Auditor Function Can Be Used

2) When evaluating the objectivity of the internal audit function as required by

ISSAI 2610.15(a) auditors are advised to consider INTOSAI GUIDs addressing
the topics of internal auditor independence and objectivity. Where the
internal audit function is established by legislation or regulation, and the
following criteria are met, there is a strong indication that the internal audit
function is objective:

a) Is accountable to top management, for example the head or deputy head

of the government entity, and to those charged with governance;

b) Reports the audit results both to top management, for example the head or
deputy head of the government entity, and to those charged with governance;

97
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

c) Is located organizationally outside the staff and management function of

the unit under audit;

d) Is sufficiently removed from political pressure to conduct audits and report

findings, opinions, and conclusions objectively without fear of political reprisal;

e) Does not permit internal audit staff to audit operations for which they have
previously been responsible for to avoid any perceived conflict of interest; and

f) Has access to those charged with governance

Determining Whether, in Which Areas, and to What Extent

Internal Auditors Can Be Used to Provide Direct Assistance

3) In consideration of the public expectation about independence of those

conducting the audit, it may be relevant for auditors to evaluate the threats
and safeguards in using internal auditors to provide direct assistance, in
addition to those criteria already identified in the ISSAI.

98
29 ISSAI 2620 -
Using the Work of an
Auditor’s Expert

Content of Section

1) This Section provides additional guidance for auditors related to:

a) Determining the Need for an Auditor’s Expert
b) The Competence, Capabilities and Objectivity of the Auditor’s Expert
c) Agreement with the Auditor’s Expert

Determining the Need for an Auditor’s Expert

2) When determining the need to use the work of an auditor’s expert, auditors
are advised to consider that, based on the laws, regulations or mandate,
financial audits may include additional responsibilities related to fraud.
Auditors may in such cases need to use the work of experts from the
police or anti-corruption bureaus. For some public sector environments,
such as a Court of Accounts environment including judgment mandates,
the judgment decision may be based on expert’s evidences which become
legally binding and force the responsible person of the fraud or corruption to
pay penalties and debts. Prosecutors can sue the agent responsible for fraud
or corruption and also seize assets necessary to pay the debt. Therefore,
the auditors provide evidence of such potential irregularities and instances
of misconduct to the judicial department of the Court of Accounts or the
relevant prosecution office, and cooperate with these judicial department as
necessary. Such information is normally provided in the form of a separate
report on the audit work performed and the related findings.

99
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

The Competence, Capabilities and Objectivity of the

Auditor’s Expert

3) The issue of independence is of utmost importance in the public sector and may
include legislative requirements or government policies with which auditors
and experts must comply. The procedures recommended in ISSAI 2620.A20
related to the evaluation of objectivity may also be adopted by auditors
to evaluate the independence of the expert. Moreover, when considering
independence, auditors may also consider evaluating the expert’s actual
and perceived political neutrality. Activities which could call into question an
expert’s political neutrality may include running for or holding political office
or taking part in events sponsored by political associations, lobby groups or
organizations with political affiliations. These factors should be considered in
the context of the expert’s level of involvement and the perceived potential
for personal benefit and/or bias.

Agreement with the Auditor’s Expert

4) Paragraphs 70 and 71 of INTOSAI Code of Ethics require auditors to observe

confidentiality especially with regard to sensitive data, unless specific authority
has been given to disclose some information or there is a legal or professional
right or duty to do so. One fundamental difference between the private and
public sector is that there may be specific legislative requirements in the
public sector related to confidentiality on the one hand, and access by third
parties on the other. There is an ongoing need in the public sector to balance
confidentiality with the need for transparency and accountability. When
considering confidentiality matters as stated in ISSAI 2620.11(d) auditors are
advised to be aware of any legislation giving public access to the work of an
expert used in the audit in a public sector.

5) Receiving the requests from outside regulatory entities, police, prosecutors or

judges to obtain access to the work of an expert is not unusual in the public
sector. Auditors are advised to inform the expert that his or her evidence or
report may be requested from outside the public sector audit organization
and be used in other processes or investigations.

100
GUID 2900 - GUIDANCE TO THE FINANCIAL AUDITING STANDARDS

6) The expert that works for the public sector may have additional responsibilities
related to confidentiality which may be based on the mandate of the particular
Supreme Audit Institution, or laws related to official secrets or private acts.
Such legislation may, for example, relate to audits of defence, health, social
service or tax agencies. Auditors may need to familiarize themselves with any
particular requirements related to confidentiality to which he or she is bound.

7) The balance between confidentiality and transparency requires the auditors

to use professional judgment to ensure that the work of an expert of a
confidential nature is clearly identified and treated as such, while at the same
time granting access as appropriate. Auditors are advised to be aware of those
clearly defined policies and procedures set up by the audit organization to
deal with such situations.

101
30 ISSAI 2700 (Revised) -
Forming an Opinion and
Reporting on Financial
Statements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Auditor’s Report

Auditor’s Report

2) In the public sector, law or regulation may set out the responsibilities for
the financial statements and the auditor determines the responsibilities of
management and those charged with governance1 that will be included in
the auditor’s report as guided by ISSAI 2700.A44 to A49.

3) According to ISSAI 2700.43, if the auditor addresses other reporting

responsibilities in the auditor’s report on the financial statements that are
in addition to the auditor’s responsibilities under the financial audit ISSAIs,
these other reporting responsibilities shall be addressed in a separate
section in the auditor’s report with a heading titled “Report on Other Legal
and Regulatory Requirements” or otherwise as appropriate to the content of
the section, unless these other reporting responsibilities address the same
topics as those presented under the reporting responsibilities required by the
financial audit ISSAIs in which case the other reporting responsibilities may be
presented in the same section as the related report elements required by the
financial audit ISSAIs. This financial audit ISSAI reporting requirement exists
to help ensure the clarity of the audit opinion on the financial statements

1 ISSAI 2260 (Revised), “Communication with Those Charged with Governance”

102
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

by requiring information that is reported in the ISSAI financial audit report

that is not relevant to the opinion on the financial statements to be clearly
differentiated within the ISSAI financial audit report. The financial audit ISSAIs
do not address the nature and extent of the procedures that must be performed
to support the reporting of such information or how such information may be
presented in a separate report. The application of other auditing standards
may therefore be necessary when reporting such information.

4) ISSAI 2220 may be referred to when reporting on ethical responsibilities in the

Basis for Opinion section in accordance with ISSAI 2700.28.

5) In cases where auditors are required by law or regulation to use a specific

layout or wording of the auditor’s report, auditors evaluate whether such
layout or wording contains the minimum elements, as required by ISSAI
2700.50. If such elements are not included, auditors cannot state that the
audit complies with the financial auditing standards (ISSAI 2000-2899).

6) When applying ISSAI 2700.A21 and when law, regulation or the terms of the
engagement do not specify the addressee for the auditor’s report, auditors
are advised to address the auditor’s report to those charged with governance
or relevant part of the legislature, as appropriate.

7) Law or regulation may establish deadlines for the date of the auditor’s report.
In circumstances where auditors are unable to meet the deadline, auditors
may consider taking appropriate actions such as informing those charged with
governance or the legislature.

103
31 ISSAI 2701 -
Communicating Key Audit
Matters in the Independent
Auditor’s Report

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Determining Key Audit Matters
b) Communicating Key Audit Matters

Determining Key Audit Matters

2) While the requirement to report Key Audit Matters is mandatory for listed
entities as per ISSAI 2701, auditors may also consider reporting key audit
matters when auditing entities other than listed entities since the public
sector is a significant participant of any economy and is responsible for
maintaining and providing important functions that affect citizens.

3) When deciding to communicate key audit matters when auditing entities

other than listed entities, auditors may consider the following criteria:

• If laws and regulations or the audit mandate require the auditors to report
specific issues related to the work of the auditor which would be similar
to key audit matters, the auditors may consider whether communication
of key audit matters in the auditor’s report would be relevant.

• Communication of matters similar to key audit matters that are required

by law and regulation may be communicated in different ways. If

104
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

communicated in the auditor’s report, ISSAI 2701 may not be applicable but
when the communication is presented in separate reports only addressing
specific users, the auditor may find it relevant to apply ISSAI 2701 since the
auditor’s report will reach all potential stakeholders and users.

• ISSAI 2700.A75 provides further guidance on the interaction between key

audit matters and other reporting requirements in the public sector.

4) If the auditor decides to apply ISSAI 2701 for an audit of an entity other than
a listed entity, it may be advisable to establish a policy to communicate key
audit matters for all audited entities (other than listed entities) or just specific
entities. Criteria may be established to identify audited entities for which key
audit matters will be communicated. Examples of such criteria:

• Audited entities with the highest impact on the state budget;

• Audited entities with the largest impact on the consolidated financial

statements; and

• Audited entities which will affect the market (e.g. national debt).

Communicating Key Audit Matters

5) When communicating key audit matters, auditors are advised to consider laws
and regulations that restrict the reporting of such information by imposing
confidentiality requirements. The need for confidentiality may be based on
the mandate of the auditor or legislation related to official secrecy or privacy.
For example, audits of entities responsible for defence, health, social service
and taxation may be subject to such restrictions. Auditors may identify such
laws and regulations and consider these confidentiality requirements when
determining the key audit matters to communicate. ISSAI 2701.14 and A52 to
A56 provide guidance on how this circumstance may be addressed.

6) Appendix D presents an illustrative example of a Key Audit Matters paragraph.

105
32 ISSAI 2705 (Revised) -
Modifications to the
Opinion in the Independent
Auditor’s Report

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Circumstances When a Modification to the Auditor’s Opinion is Required
b) Determining the Type of Modification to the Auditor’s Opinion
c) Nature of Material Misstatements
d) Nature of an Inability to Obtain Sufficient Appropriate Audit Evidence
e) Form and Content of the Auditor’s Report When the Opinion is Modified
f) Communication With Those Charged With Governance

Circumstances When a Modification to the Auditor’s Opinion

is Required

2) In applying the requirements in ISSAI 2705.6 auditors having responsibilities

relating to reporting on non-compliance with authorities while conducting
an audit of financial statements may consider the impact of a matter of non-
compliance, normally reported in a separate section of the auditor’s report
as per ISSAI 2705.43.

106
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

Determining the Type of Modification to the Auditor’s Opinion

3) In addition to the responses required by ISSAI 2705.13(b) auditors may be

required, or decide, to report separately to the legislature or other regulatory
bodies as appropriate about any instances of management refusing to remove
restrictions on access to audit evidence.

Nature of Material Misstatements

4) When applying ISSAI 2705.A3 auditors will also find further guidance in ISSAI
2450.A24 and A25.

Nature of and Inability to Obtain Sufficient Appropriate Audit

Evidence

5) In the public sector, additional examples of circumstances relating to the

nature or timing of the auditor’s work as described in ISSAI 2705.A11 may
include legislative changes, national disasters and political decisions such as
military operations and major relocation of government operations.

Form and Content of the Auditor’s Report When the Opinion Is

Modified

6) In the public sector, it may not always be relevant to quantify the effect
on income tax, income before taxes, net income and equity, the example
provided in ISSAI 2705.A22. Auditors may instead quantify the effects on the
financial statements in other terms such as gross expenditure, gross revenue
or national debt or surplus.

107
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

Communication with Those Charged with Governance

7) Auditors may be required to, or may decide to, communicate with other
intended users, such as the legislature, in addition to those charged with
governance, as set out in ISSAI 2705.30.

108
33 ISSAI 2706 (Revised) -
Emphasis of Matter
Paragraphs and Other Matter
Paragraphs in the Independent
Auditor’s Report

Content of the Section

1) This Section provides additional guidance for auditors related to:

a) Emphasis of Matter Paragraphs in the Auditor’s Report
b) Other Matter Paragraphs in the Auditor’s Report
c) Communication With Those Charged With Governance

Emphasis of Matter Paragraphs in the Auditor’s Report

2) In the public sector, audit mandates or expectations may expand circumstances

relevant for reporting an Emphasis of Matter paragraph concerning a matter
appropriately presented or disclosed in the financial statements. In addition
to examples discussed in the application guidance of the ISSAI, auditors may
consider the following factors when considering reporting an Emphasis of
Matter paragraph:

• Legislative actions on programs or the budget;

• Laws, regulations or directives with a significant effect on the entity;
• Fraud, abuse or losses;
• Significant transactions;
• Significant internal control deficiencies;
• Questionable business practices;
• Transactions entered into without due regard for economy;

109
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

• Prior period errors;

• Environmental issues; or
• Corporate social responsibility issues.

Other Matter Paragraphs in the Auditor’s Report

3) The same examples provided in paragraph 33.2 above may be relevant for
Other Matter Paragraphs, as outlined in ISSAI 2706.10 when the information
is not disclosed in the financial statements.

4) Audits conducted by the public sector auditor may be mandated by law or

regulation, and therefore public sector auditors may not be able to withdraw
from an engagement even though the possible effect of an inability to obtain
sufficient appropriate audit evidence due to limitation of scope of the audit
imposed by management is pervasive as outlined in ISSAI 2706.A10. In this
circumstance, the auditor may consider it necessary to include an Other
Matter Paragraph in the auditor’s report citing the mandate for audit and that
it is not possible to withdraw from the engagement.

5) Restrictions on distribution or use of the auditor’s report suggested in ISSAI

2706.A14 may not be an option in the public sector. Further guidance on
restriction on distribution or use is provided in ISSAI 2800.A21.

Communication with Those Charged with Governance

6) ISSAI 2706.12 requires the auditor to communicate with those charged with
governance if the auditor expects to include an Emphasis of Matter or an
Other Matter paragraph in the auditor’s report. Auditors may be required to
or decide to communicate with other intended users, such as the legislature,
in addition to those charged with governance.

7) When considering ISSAI 2706.A18, auditors may be expected to communicate

with those charged with governance on all matters included in an Other Matter
paragraph, even those matters that are recurring. Auditors may also decide to
communicate recurring matters to other parties such as the legislature.

110
34 ISSAI 2710 -
Comparative Information
- Corresponding Figures
and Comparative Financial
Statements

Content of this Section

1) This Section provides additional guidance for auditors related to audit
reporting.

Audit Reporting

2) Normally the situations described ISSAI 2710.13, 17 and 18 may be less

likely to occur in the public sector as the responsibility to audit the financial
statements may reside with the auditor as defined in its mandate. Situations
where the concept of predecessor auditor may be relevant include
nationalization and privatization. When the audit of the financial statement
is outsourced1 and the responsibility of the audit remains within the auditor,
the concept of a predecessor auditor will not be relevant. It is also less likely
that situations described in ISSAI 2710.14 and 19 involving an unaudited
prior period, would occur.

1 An outsourced audit is a financial statement audit performed by a separate audit organization (e.g. a national
accounting firm) on behalf of a SAI. The audit report resulting from the audit engagement is issued by the SAI.

111
35 ISSAI 2720 (Revised) -
The Auditor’s Responsibilities
Relating to Other Information

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Definition of Annual Report
b) Withdrawal From the Engagement

Definition of Annual Report

2) In compliance with law, regulation or custom, public sector entities may

publish further reports such as annual activity reports or documents reporting
on the sustainability of their finances or activities.

3) Auditors are advised to obtain an understanding of the scope, contents,

purposes and intended addressees of any documents published annually by
the auditee (whether on traditional media or electronically). On the basis of
this understanding, auditors may identify, in liaison with management, the
entity’s annual report(s).

4) Auditors may consider whether it is necessary to issue guidance within their

organization to ensure that the identification of entity annual reports is
performed on a consistent basis across all of the audited entities.

112
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

Withdrawal from the Engagement

5) When circumstances surrounding a refusal to correct a material misstatement

of the other information cast such doubt on the integrity of management
and those charged with governance as to call into question the reliability of
representations obtained from them during the audit, withdrawal from the
engagement may be appropriate.

6) ISSAI 2720.A47 provides that where withdrawal from an engagement is not

possible in the public sector, the auditor may issue a report to the legislature
providing details of the matter or may take other appropriate actions. Other
appropriate actions may include reporting under Other Matter Paragraph
in accordance with ISSAI 2706 highlighting management’s refusal to correct
material misstatements of the other information. Alternatively, the auditor
may also conclude that a disclaimer of opinion on the financial statements is
the appropriate response in the circumstances. More than one action may be
necessary depending on the circumstances encountered.

113
36 ISSAI 2800 (Revised) -
Special Considerations - Audits
of Financial Statements
Prepared in Accordance with
Special Purpose Frameworks

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Definitions of Special Purpose Frameworks
b) Considerations When Accepting the Engagement
c) Forming an Opinion and Reporting Considerations

Definitions of Special Purpose Frameworks

2) In addition to preparing general purpose financial statements, a public

sector entity may prepare financial statements for other parties (such as
governing bodies, the legislature or other parties that perform an oversight
function) that can demand financial statements tailored to meet their specific
information needs. In some environments such financial statements are the
only financial statements prepared by the public sector entity. ISSAI 2800.
A4 provides that even when such financial statements are the only financial
statements prepared by the public sector entity, they are considered to be
special purpose financial statements. Auditors, therefore, are advised to
examine whether the financial reporting framework is designed to meet
the financial information needs of a wide range of users (“general purpose
framework”) or the financial information needs of specific users.

114
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

3) ISSAI 2800.A1 provides examples of special purpose frameworks. Other

examples may include the financial reporting provisions of a grant facility or a
specific public sector program.

Considerations When Accepting the Engagement

4) ISSAI 2800.8 explains that an understanding of the steps taken by management

to determine that the financial reporting framework is acceptable in the
circumstances may assist the auditor in determining the acceptability of that
framework in line with the requirements of ISSAI 2210. In some jurisdictions,
law or regulation may prescribe the financial reporting framework to be used
by management in the preparation of special purpose financial statements
for a certain type of entity. For example, a regulator may establish financial
reporting provisions to meet the requirements of that regulator. In the absence
of indications to the contrary, such a financial reporting framework is presumed
acceptable for special purpose financial statements prepared by such entity.

Forming an Opinion and Reporting Considerations

5) ISSAI 2800.11 requires the auditor to apply the requirements of ISSAI 2700
(Revised) when forming an opinion. In the public sector, legislation governing
the audit mandate may specify the layout of, or wording to be used in, the
auditor’s report. When auditors prepare the auditor’s report using the layout
or wording specified in such legislation, the auditor’s report can refer to the
audit being conducted in accordance with ISSAIs, and the legislation governing
the audit mandate, only if the auditor’s report includes, at a minimum, each
of the elements specified in ISSAI 2700.50(a) to (o).

6) Legislation or mandated responsibilities in the public sector may require the

auditor’s report on special purpose financial statements to address other
reporting responsibilities in addition to the auditor’s responsibilities under
the ISSAIs. Such a description is included in a separate section of the auditor’s
report. If the relevant legislation or the audit mandate specifies the format
for, or wording to be used in this section, auditors may use the prescribed
wording but also ensure that the requirements of ISSAI 2700.43 to 45 are met.

115
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

7) When management has a choice of financial reporting frameworks ISSAI

2800.13(b) requires that the explanation of management’s responsibility
for the special purpose financial statements be expanded to include the
responsibility for determining that the applicable financial reporting
framework is acceptable in the circumstances. As discussed in paragraph 36.4
above, it is unlikely that, in the public sector, management has such a choice.
Auditors may also consider expanding the description of management’s
responsibility for the special purpose financial statements to include the
source that determines the financial reporting framework applied.

8) ISSAI 2800.14 requires the auditor’s report to include an Emphasis of Matter

paragraph alerting users of the auditor’s report that the financial statements
are prepared in accordance with a special purpose framework and that, as a
result, the financial statements may not be suitable for another purpose. ISSAI
2800.A21 explains that the auditor may also consider including a statement
in the auditor’s report that it is intended solely for the specific users and
that depending on law or regulation this may be achieved by restricting the
distribution or use of the auditor’s report. In the public sector this may not
be an option as the auditor’s report is ordinarily a public document. However,
to avoid misleading users of the auditor’s report, auditors are advised to
include in their report the statement that the financial statements have been
prepared in accordance with a special purpose framework. An example of
such a paragraph is included below.

Example of statement to include in the auditor’s report

Emphasis of Matter: basis of accounting and restriction on the distribution
of use
We draw attention to note x setting out the Accounting Policies adopted by the
[audited entity] in preparing the financial statements. The financial statements
have been prepared in accordance with [legislation/government direction/
other authority] issued by [Ministry, Agency, Government, Parliament] to
assist the [audited entity] in complying with [basis].
As a result, the financial statements may not be suitable for another purpose.
Our report is intended solely for [Ministry, Agency, Government, Parliament]
and should not be used by other parties. We have not modified our opinion in
respect of this matter.

116
37
ISSAI 2805 (Revised) -
Special Considerations -
Audits of Single Financial
Statements and Specific
Elements, Accounts or Items
of a Financial Statement

Content of the Section

1) This Section provides additional guidance for auditors related to:

a) Considerations When Accepting the Engagement
b) Forming an Opinion and Reporting Considerations

Considerations When Accepting the Engagement

2) When considering ISSAI 2805.7 auditors may be engaged to audit single

financial statements, specific elements, accounts or items such as to audit
projects financed by the government in organizations in which they are not
engaged to audit the complete set of financial statements. The guidance set
out in ISSAI 2805.A6 to discuss with management whether another type of
engagement might be more practicable when an audit in accordance with
the ISSAIs may not be practicable, is normally not an option for SAIs since
SAIs may need to determine and agree such issues with the legislature or
with those with responsibility to direct the audit organization.

3) A public sector entity may prepare financial information, including single

financial statements, specific elements, accounts or items of a financial
statement for other parties (such as governing bodies, the legislature or
other parties that perform an oversight function). Such information may
fall under the audit mandate of a public sector audit organization. Auditors
engaged in such audits are advised to carefully consider the guidance in ISSAI
2805.A5 to A9 in such cases.

117
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

4) When auditors are engaged to report on single financial statements, specific

elements, accounts or items of a financial statement in conjunction with
an audit of the entity’s financial statements, they are advised to determine
whether laws, regulations or the audit mandate may prescribe wording for
the opinion in the auditor’s report that differs significantly from the guidance
provided in ISSAI 2805.A8 to A9. ISSAI 2210.18 to 21 also deals with the
auditor’s additional considerations in engagement acceptance.

5) ISSAI 2805.8 explains that an understanding of the steps taken by management

to determine that the financial reporting framework is acceptable in the
circumstances may assist the auditor in determining the acceptability of that
framework. In the public sector, however, the financial reporting framework
may be prescribed by law or regulation.

Forming an Opinion and Reporting Considerations

6) In the public sector, legislation governing the audit mandate may specify
the layout of, or wording to be used in, the auditor’s report. When auditors
prepare the auditor’s report using the layout or wording specified in such
legislation, the auditor’s report can refer to the audit being conducted in
accordance with the financial auditing standards (ISSAI 2000-2899), and the
legislation governing the audit mandate, only if the auditor’s report includes,
at a minimum, each of the elements specified in ISSAI 2700.50(a) to (o).

7) ISSAI 2805.15 requires the auditor to consider whether to modify the auditor’s
report on an element in a similar manner as the auditor’s report on the entity’s
financial statements. Auditors also consider whether to modify the auditor’s
report on an element based on modified opinions in the auditor’s report on the
entity’s financial statements that relate to additional reporting responsibilities
as described in paragraph 37.6. Even when such modified opinion does not
relate to the audited element, auditors nevertheless are advised to consider
whether to include a reference to the modified opinion in the auditor’s report
on the element. Factors that may affect the auditor’s consideration include
the requirements of relevant legislation or the audit mandate, other specific
provisions for the engagement, and whether omission of such reference from
the auditor’s report on the element might be misleading.

118
38 ISSAI 2810 (Revised) -
Engagements to Report
on Summary Financial
Statements

Content of this Section

1) This Section provides additional guidance for auditors related to:

a) Auditor’s Report on Summary Financial Statements
b) Restriction on Distribution or Use or Alerting Readers to the Basis of
Accounting
c) Auditor Association

Auditor’s Report on Summary Financial Statements

2) In reporting on the financial statements from which the summary financial

statements have been derived, auditors might have expressed an opinion
in addition to the opinion whether the financial statements have been
prepared, in all material respects, in accordance with the applicable financial
reporting framework. For example, auditors might have reported on whether
they have found any instances of non-compliance with authorities including
budget and accountability, or expressed an opinion on the effectiveness of
internal control. In such cases, in addition to the requirements set out in ISSAI
2810.16, auditors should include a reference to such an additional opinion in
the auditor’s report on the summary financial statements.

3) In the public sector, the elements of the auditor’s report, including the form
and wording of the opinion may be prescribed by law or regulation or defined

119
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

by the audit mandate. In such circumstances, auditors are advised to apply

the prescribed wording, taking into account ISSAI 2810.10.

4) ISSAI 2810.19 also applies in circumstances where the auditor’s report on the
financial statements from which the summary financial statements have been
derived includes a qualified opinion, an Emphasis of Matter paragraph, an
Other Matter paragraph, a Material Uncertainty Related to Going Concern
section, communication of key audit matters or a statement that describes an
uncorrected material misstatement of the other information.

Restriction on Distribution or Use or Alerting Readers to the

Basis of Accounting

5) Taking into account ISSAI 2810.22, restricting the distribution or use of an

auditor’s report is not normally an option as the auditor’s report ordinarily is
a public document.

Auditor Association

6) ISSAI 2810.26 to 27 require the auditor to take action to avoid being associated
with summary financial statements on which the auditor has not reported.
Auditors may also take other action depending on relevant legislation and the
audit mandate. Such action may include formal reports to the legislature.

120
 Appendix A:
ISSAI 2210

Example of an Audit Engagement Letter in the Public Sector

The following is an example of an audit engagement letter for an audit of

general purpose financial statements prepared in accordance with International
Public Sector Accounting Standards. This letter is intended only to be a guide that
may be used, but will need to be tailored according to individual requirements
and circumstances. It may be appropriate to seek legal advice that any proposed
engagement letter is suitable.

___________________________________________________________________

Addressee

[To the appropriate representative of management or those charged with

governance of the entity]

Date

Dear Sir/Madam

Introduction

The [group] financial statements as of [date] and for the year then ended of the
[name of the entity] and the [names of subsidiaries] are subject to auditing by the
[Public Sector Audit Organization] in accordance with [relevant legislation].

121
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

The purpose of this letter is to outline:

a) The terms of the audit engagement and the nature, and limitations, of the
annual audit; and

b) The respective responsibilities of the auditor and the [appropriate level of

management] in the annual audit.

The terms of the audit engagement are set out below. This letter will remain effective
until a new audit engagement letter is issued.

Objective(s) of the Audit

The objective(s) of the annual audit are:

a) To obtain reasonable assurance about whether the financial statements as

a whole are free from material misstatement, whether due to fraud or error,
and to issue an auditor’s report that includes our opinion; and

b) [Additional objectives e.g. related to compliance with authorities or internal

controls].

Reasonable assurance is a high level of assurance, but is not a guarantee that an

audit conducted in accordance with [relevant auditing standards] will always detect
a material misstatement when it exists. Misstatements can arise from fraud or error
and are considered material if, individually or in the aggregate, they could reasonably
be expected to influence the economic decisions of users taken on the basis of these
financial statements.

Responsibilities of the Auditors

The Auditing Standards Applied when Conducting the Audit

We will conduct our audit in accordance with the [relevant auditing standards]. The
auditing standards require that we comply with ethical requirements. As part of
an audit in accordance with [relevant auditing standards], we exercise professional
judgment and maintain professional skepticism throughout the audit. We also:

• Identify and assess the risks of material misstatement of the financial

statements, whether due to fraud or error, design and perform audit

122
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

procedures responsive to those risks, and obtain audit evidence that is

sufficient and appropriate to provide a basis for our opinion. The risk of not
detecting a material misstatement resulting from fraud is higher than for
one resulting from error, as fraud may involve collusion, forgery, intentional
omissions, misrepresentations, or the override of internal control.

• Obtain an understanding of internal control relevant to the audit in order

to design audit procedures that are appropriate in the circumstances, but
not for the purpose of expressing an opinion on the effectiveness of the
entity’s internal control. However, we will communicate to you in writing
concerning any significant deficiencies in internal control relevant to the
audit of the financial statements that we have identified during the audit.

• Evaluate the appropriateness of accounting policies used and the

reasonableness of accounting estimates and related disclosures made by
management.

• Conclude on the appropriateness of management’s use of the going

concern basis of accounting and, based on the audit evidence obtained,
whether a material uncertainty exists related to events or conditions that
may cast significant doubt on the entity’s ability to continue as a going
concern. If we conclude that a material uncertainty exists, we are required
to draw attention in our auditor’s report to the related disclosures in the
financial statements or, if such disclosures are inadequate, to modify our
opinion. Our conclusions are based on the audit evidence obtained up to
the date of our auditor’s report. However, future events or conditions may
cause the Company to cease to continue as a going concern.

• Evaluate the overall presentation, structure and content of the financial

statements, including the disclosures, and whether the financial statements
represent the underlying transactions and events in a manner that achieves
fair presentation.

Because of the inherent limitations of an audit, together with the inherent limitations
of internal control, there is an unavoidable risk that some material misstatements
may not be detected, even though the audit is properly planned and performed in
accordance with [relevant auditing standards].

123
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

[When relevant, auditors consider including information on their responsibilities

related to any additional audit objectives]

While our audit is not directed to reporting the following, we will report these items
if we become aware of them during the course of the audit: [refer to Section 3,
paragraph 3.6]

Reporting

The form and content of our report may need to be amended in the light of our
audit findings. [Insert appropriate reference to the expected form and content of
the auditor´s report including, if applicable, the reporting on other information in
accordance with ISSAI 2720 (Revised).]

Independence

Our ethical requirements require us to remain independent of the [entity type], and
we hereby confirm our independence with respect to this audit. This means we are,
in both fact and appearance, free of any interest that, whatever its actual effect,
might be deemed incompatible with integrity, objectivity and independence. [Clarify
any perceived limitations of independence by describing the threats and safeguards
to independence.]

Responsibilities of Management and Those Charged With Governance

[Add the responsibilities of management and, where appropriate, those charged

with governance, and identify the applicable financial reporting framework. For the
purpose of this example, it is assumed that the auditor has determined that the
law or regulation does not prescribe those responsibilities in appropriate terms.
The description in ISSAI 2210.6(b) is therefore used. When relevant, information
on management’s responsibilities related to additional audit objectives needs to be
included.]

Our audit will be conducted on the basis that management and, where appropriate,
those charged with governance acknowledge and understand that they have
responsibility:

124
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

a) For the preparation and fair presentation of the financial statements (or
for the preparation of financial statements that give a true and fair view) in
accordance with (applicable financial reporting framework);

b) For such internal control as management determines is necessary to

enable the preparation of financial statements that are free from material
misstatement; whether due to fraud or error; and

c) To provide us with:

i.Access to all information of which management is aware that is

relevant to the preparation of the financial statements such as records,
documentation and other matters;

ii.Additional information that we may request from management for

the purpose of the audit; and

iii.Unrestricted access to persons within the entity from whom we

determine it necessary to obtain audit evidence.

Representation Letter

As part of our audit process, we will request from management written confirmation
concerning representations made to us in connection with the audit.

Other Relevant Information

[Under this heading it may be appropriate to include information regarding for

example:
• Statutory reporting deadlines;
• Ownership of working papers;
• Contractual arrangements with auditors doing work on behalf of the public
sector audit organization;
• Fees;
• Relevant contact information, staff accommodation and resources; and
• Any other matters to assist in clarifying the expectation gap and to enhance
effective communication]

125
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

Acknowledgement of the Terms of the Engagement

Please acknowledge receipt of this letter and acceptance of the terms of the audit
engagement by signing the enclosed copy of this letter in the space provided and
returning it to [insert name].

If you require any further information, or wish to discuss the terms of the audit
engagement further before replying, please do not hesitate to contact me.

Yours sincerely,

Signed

……………………………

Appointed auditor

The terms of this audit engagement are agreed to and acknowledged by [designation
of person signing] on behalf of the [name of entity].

……………………………..

Signed

………………………………………………………………………

Name and position

Date

[Appropriate representative of management or those charged with governance]

126
 Appendix B:
ISSAI 2500

Sources of Audit Evidence Concerning Management of Risks

Related to Laws and Regulation

Risk Description Possible Sources of Audit Evidence

(list non-exhaustive)
Complexity of The more complex the regulations • Formal and documented proce-
Regulations the greater the risk of error. This dures for the translation of statu-
may occur either through a misun- tory requirements into operating
derstanding or misinterpretation of instructions;
the regulation or through an error • Formal and documented control
in application. plans monitoring activities by
scheme managers;
• Review reports by internal audit
or some other independent audit
of scheme control plans and
operating manuals.
New Legislation New legislation may require the Formal and documented proce-
introduction of new administrative dures for the translation of statutory
and control procedures. This may requirements into scheme rules. For-
result in errors in either the design mal control plans and the independ-
or operation of controls required to ent review of operating instructions
ensure compliance with authorities. and control plans may also constitute
audit evidence where schemes are
introduced following new legislation.

127
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

Risk Description Possible Sources of Audit Evidence

(list non-exhaustive)
International Where regulation is developed by Sources of audit evidence identified
Schemes (funded such institutions, there is a risk that in connection with the complexity
by the United Na- regulations and guidance may be of regulations may apply equally to
tions, EU or other misinterpreted or omitted from such funded schemes.
institutions) internal instructions.
Services and Pro- Where programs are administered • Formal agreements between the
grams Delivered by agents, departments lose a de- entity and the agent defining
Through Third gree of direct control and may have control procedures to be applied
Parties to rely on agents to ensure compli- in the administration of services;
ance with authorities. • Documented procedures and
outcome of management control
and monitoring of third party
activities;
• Reports from inspection visits by
internal audit to third parties to
review systems and procedures,
including those relevant to regu-
larity;
• An assurance or agreed upon
procedures report on payments
and receipts, or on controls over
payments and receipts, by the
third party’s auditor.
Payments and An entity’s ability to confirm com- • Departmental instructions and
Receipts Made pliance with authorities may be re- guidance to claimants clearly
on the Basis of stricted where, for example, criteria stating criteria for making claims;
Claims or Decla- specified for receipt of grant are not • Standard requirements for doc-
rations subject to direct verification. umentation evidencing entitle-
ment to be submitted in support
of claims exist (this may be a
condition of payment of grant or
a requirement once the activity
supported by the grant has been
completed);
• Reports from physical inspection
of claimants’ records etc. to con-
firm eligibility;
• Documented procedures for
assessing the financial standing
of claimants before awarding a
grant and for monitoring contin-
uing solvency exist;
• Independent certification of the
application of grant by external
auditor.

128
 Appendix C:
ISSAI 2580

Public Sector Considerations for the Representation Letter

Appendix 2 of the ISSAI provides an illustrative example of a representation

letter. Based on the relevant law or regulation or audit mandate, auditors may
choose to include additional items such as:

• Whether the activities and the financial transactions are in compliance

with the authorities that govern them;

• Whether the internal control systems have functioned effectively

throughout the period covered by the audit;

• Whether the internal audit function has operated effectively throughout

the period covered by the audit;

• Whether the government program XYZ has been carried out in an

economical, efficient and effective manner;

• Whether management has provided its interpretation of compliance

requirements that may have varying interpretations;

• Whether all contracts, grant agreements and other correspondence in regard

to agreements involving use of program funds has been made available; or

• Whether management has disclosed all contracts and agreements with

service organizations, including any communication with those service
organizations relating to instances of non-compliance.

129
 Appendix D:
ISSAI 2701

Illustrative Example of a Key Audit Matters Paragraph

Key Audit Matters

Key audit matters are those matters that, in our professional judgment, were of
most significance in our audit of the financial statements of the current period.
These matters were addressed in the context of our audit of the financial statements
as a whole, and in forming our opinion thereon, and we do not provide a separate
opinion on these matters.

Valuation of Special Purpose Properties

XYZ’s holdings of special purpose properties represents XX % of the total amount

of material assets. Due to their unique structure and terms, the valuations of these
properties are based on an internally developed valuation model and not on quoted
prices in active markets. This introduces significant measurement uncertainty in
the valuations. As a result, the audit of the valuations of these properties was
significant to our audit.

We have involved our valuation specialists and external experts in addressing this
matter and we focused our audit work on:

• Evaluating and assessing the appropriateness of the assumptions used by

the management;

• Analyzing the results with relevant third-party data as applicable;

130
GUID 3910 - CENTRAL CONCEPTS FOR PERFORMANCE AUDITING

• Testing the internal controls within the application used to perform the
valuations.

We also evaluated the presentation and disclosure of the transactions within the
financial statements.

Disclosures about the valuation of the special purpose properties are provided
in Note 10.1

1 ISSAI 2701.13

131