CAG’s Auditing Standards, 2017

Sl No Point Remark/Key
1. The Auditing Standards were first brought out by the Department in 1994 Preface
and were subsequently revised in 2002.
2. The CAG’s Auditing Standards set out the professional standards of auditing
for the organisation as well as for its personnel - the individual auditors.
3. Auditing Standard has been divided into 3 chapter
(i) Basic Postulates (ii) General Standards and (iii) Specific Standards
BASIC POSTULATE
4. These standards establish the norms which are applicable to all public sector Purpose and
audit engagements, irrespective of their form or context. authority
5. These standards incorporate the Prerequisites for the functioning of
Supreme Audit Institutions and suitably adopted Fundamental Auditing
Principles of the International Standards of Supreme Audit Institutions
6. The Current Auditing Standards were issued in 2017 and effective from 1st
April 2017
7. The audit mandate is laid down in the Constitution of India, DPC Act and Audit Mandate
specific legislations enacted over time by the Parliament and State
Legislatures.
8. CAG shall perform such duties and exercise such powers in relation to the Article 149
accounts of the Union and of the States and of any other authority or body
as may be prescribed by or under any law made by Parliament.
9. the reports of the CAG shall be submitted to the President/Governor as the Article 151
case may be , who shall cause them to be laid before each House of
Parliament/Legislature of the State
10. Net proceeds’ in relation to any tax or duty means the proceeds thereof Article 279
reduced by the cost of collection and that the net proceeds of any tax or
duty, or of any part of any tax or duty, in or attributable to any area shall be
ascertained and certified by the CAG, whose certificate shall be final.
11. Audit of accounts of District and Regional Councils of autonomous regions Sixth Schedule
is envisaged by
12. The general provisions relating to audit are elaborated in Sections 13 to 21 and 24
of the DPC Act.
13. The audit mandate of CAG extends to bodies or authorities such as statutory
corporations, government companies, autonomous bodies constituted as
societies, trusts or not for profit companies, urban and rural local bodies and
also to any other body or authority whose audit may be entrusted to CAG
under law.
14. To fulfil its mandate, SAI India undertakes financial audit, compliance audit,
performance audit and combination of such audits.
15. (i) Independence Prerequisites
(ii) Accountability and Transparency for functioning
(iii) Ethics of the SAI
(iv) Quality assurance
16. The existence of an appropriate and effective constitutional/ statutory/ Independence
legal framework and its application.
17. This framework shall establish provisions that secure the functional
independence of the Head of the SAI including security of tenure.
18. The CAG shall only be removed from office in like manner and on like
grounds as a Judge of the Supreme Court of India.

1
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
19. terms for appointment and demitting of office of the CAG are provided
under the DPC Act
20. SAI India has the functional and organisational autonomy required for
carrying out its mandate and is free from direction or interference from the
Legislature or the Executive in the:
a) selection of audit issues;
b) planning, programing, conduct, reporting and follow up of audits; and
c) organisation and management of its office.
21. SAI India may accept specific requests for audits made by Legislature as
expressed as a whole or through one of its committees or by the
Government while retaining its right to decline such requests.
22. SAI India may be consulted by the Executive in matters such as financial
legislations, accounting standards and policies, public accounts, form of
financial statements and for draft laws or rules affecting its competence or
authority
23. The DPC Act empowers SAI India to inspect any office of accounts under the
control of the Executive and to require the production of all necessary
documents and information necessary for the proper discharge of its
statutory responsibilities.
24. SAI India thus shall have access to premises, operations, systems including
Information Technology systems and records of auditable entities1
25. Regulation 2 of the Regulation of Audit and Accounts, 2007 defines an
auditable entity as ‘office, authority, body, company, corporation or any
other entity subject to audit by the CAG’
26. SAI shall have the freedom to decide the form, content and timing of audit
reports, to publish and disseminate them
27. SAI shall be free to decide the timing of its audit reports except where
specific reporting requirements are prescribed by law.
28. SAI is also free to disseminate its reports once they have been formally
tabled in the appropriate legislature as required by law.
29. There shall exist effective follow up mechanisms on SAI’s
recommendations
30. SAI India may submit its reports to the Legislature or an audited entity’s
governing body as appropriate for follow up of specific recommendations
for corrective action.
31. AI India shall have its own follow up procedures to monitor and report on
the action taken by the concerned
32. SAI shall have financial and managerial/administrative autonomy and the
availability of appropriate human, material and monetary resources
33. The Constitution provides that the conditions of service of persons serving
in the Indian Audit and Accounts Department and the administrative powers
of the CAG shall be such as may be prescribed by rules made by the
President after consultation with the CAG.
34. The Legislature is responsible for ensuring that SAI India has the resources
necessary to fulfil its mandate.
35. SAI India’s functional autonomy does not preclude arrangements with
auditable entities in regard to matters such as personnel management,
property management or common purchasing of equipment and stores.
36. Accountability and transparency are two important elements of good Accountability
governance. and
37. Accountability refers to the legal and reporting framework, organisational Transparency
structure, strategy, procedures and actions to ensure that the SAI meets its

2
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 legal obligations with regard to its audit mandate and reporting and that the
SAI and its personnel can be held responsible for their actions.
38. Transparency refers to the SAI’s timely, reliable, clear and relevant public
reporting on its status, mandate, strategy, activities and performance as also
of the audit findings, conclusions and public access to information about the
SAI.
39. SAI shall perform its duties under a legal framework that provides for
accountability and transparency.
40. SAI shall make public its mandate, mission and responsibilities.
41. SAI shall adopt audit standards, processes and methods that are objective
and transparent.
42. The standards and methodologies adopted by SAI India shall be consistent
with the fundamental auditing principles elaborated under the International
Standards of Supreme Audit Institutions (ISSAIs) of International
Organisation of Supreme Audit Institutions (INTOSAI).
43. While conducting its audits, SAI India shall communicate the criteria on
which opinions would be based to the auditable entities and keep them
informed about the audit objectives, methodology and findings.
44. SAI India shall also communicate the scope of audits undertaken as part of
the reporting process.
45. Its audit findings and recommendations shall be subject to procedures of
comment, discussion and responses from the audited entity.
46. SAI shall manage its operations economically, efficiently, effectively and in
accordance with laws and regulations and report publicly on these
matters.
47. SAI India shall employ sound management practices including appropriate
internal controls over its financial management and performance and
reports on all areas of performance including various audits carried out
covering compliance, performance and financial audits.
48. SAI India’s financial statements are open to Parliamentary review and its
budget, financial resources and use of resources are in the public domain.
49. SAI shall report publicly on the results of audits and on conclusions
regarding overall public sector activities after the said report is tabled in
concerned legislature or presented to governing body as the case may be
50. SAI shall communicate timely and widely on its activities and audit results
through the website, media and other means once the Audit Reports are
tabled in the concerned legislature,
51. SAI shall apply high standards of integrity and ethics for staff of all levels. Ethics
52. SAI India shall have a Code of Ethics that is aligned with the Code of Ethics
(ISSAI 30) elaborated under the ISSAIs.
53. The fundamental principles of ethics are integrity, independence, objectivity
and impartiality, confidentiality and competence.
54. The risks to quality control depend upon the mandate and functions, Quality
conditions and environment under which it operates. Assurance and
55. SAI shall establish policies and procedures designed to promote an Quality Control
internal culture recognising that quality is essential in performing all of its
work. The Head of SAI shall retain overall responsibility for the system of
quality control.
56. SAI shall establish policies and procedures designed to provide it with
reasonable assurance that the SAI, including all personnel and any parties
contracted to carry out work for the SAI comply with the relevant ethical
requirements.
3
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
57. SAI shall establish policies and procedures designed to provide reasonable
assurance that its audits and other work are carried out in accordance with
relevant standards, applicable legal and regulatory requirements.
58. SAI issues reports that are appropriate in the circumstances and that it has
sufficient resources with the competence, capabilities and commitment to
ethical principles as required to carry out its range of work.
59. SAI India shall have an Audit Quality Management Framework that
establishes appropriate quality control policies and procedures such as
supervision and review responsibilities and ensures tools such as audit
methodologies for all work carried out.
60. SAI India may draw on a number of different sources to ensure that it has
the necessary skills and expertise to carry out its range of work.
61. As resources are limited, SAI India may prioritise its work in a manner that
takes into account the need to maintain quality.
62. SAI shall establish a monitoring process designed to provide it with
reasonable assurance that the policies and procedures relating to the
system of quality control are relevant and adequate and is operating
effectively.
63. SAI India may invite external independent assessment of its activities and
implementation of standards through a peer review.
64. Where appropriate, SAI India may consider other means of monitoring the
quality of its work
65. There are procedures for dealing with complaints about the quality of work
performed by SAI.
GENERAL STANDARDS
66. Public sector audit environment is that in which governments and other Public Sector
entities exercise responsibility for the use of national wealth, natural Auditing and its
resources, resources derived from taxation and other sources in the delivery Objectives
of services to citizens and other recipients.
67. Public sector refers to the sector that is controlled by Central, State and
Local Governments. Public sector entities include all Central and State Public
sector Ministries, Departments, Directorates /Commissionerates, and all
other entities/bodies wholly or partially owned/controlled by the Central
and/or State Governments or entities engaged in delivery of pubic goods
and services.
68. Public sector auditing helps to create suitable conditions and reinforce the
expectation that public sector entities and public servants will perform their
functions effectively, efficiently, ethically and in accordance with the
applicable laws and regulations.
69. Public sector auditing is essential in that it provides legislature and oversight
bodies, those charged with governance and the general public with
information, independent and objective assessments concerning the
stewardship and performance of public sector policies, programmes or
operations.
70. public sector auditing contributes to good governance by:
(i) Providing the intended users with independent, objective and reliable
information, conclusions or opinions
(ii) enhancing accountability and transparency, encouraging continuous
improvement and sustained confidence
(iii) reinforcing the effectiveness of those bodies that exercise general
monitoring and corrective functions over public sector and those
responsible for the management of publicly funded activities;

4
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 (iv) creating incentives for change by providing knowledge, comprehensive
analysis and well-founded recommendations for improvement.
71. Financial Audit: focuses on determining whether an entity’s financial Types of Public
information is presented in accordance with the applicable financial Sector Audits
reporting and regulatory framework.
72. This is accomplished by obtaining sufficient and appropriate audit evidence
to enable the auditor to express an opinion as to whether the financial
information is free from material misstatement due to fraud or error.
73. Compliance Audit: focuses on whether a particular subject matter is in
compliance with the criteria.
74. To assess whether activities, financial transactions and information are, in
all material aspects, in compliance with the applicable authorities which
include the Constitution, Acts, Laws, rules and regulations etc.
75. Performance Audit: focuses on whether interventions, programmes and
institutions are performing in accordance with the principles of economy,
efficiency and effectiveness and whether there is room for improvement.
76. SAI may also conduct combined audits incorporating financial, performance
and /or compliance aspects.
77. i. The three parties Elements of
ii. Subject matter, criteria and subject matter information and Public Sector
iii. Types of engagement Auditing
78. i. the auditor The Three
ii. the responsible party and Parties
iii. intended users.
79. In public sector auditing the role of auditor is fulfilled by SAI, India and by its
personnel delegated with the task of conducting audits.
80. Generally, auditable entities and those charged with governance of the
auditable entities would be the responsible parties.
81. The intended users are the individuals, organizations or classes thereof for
whom the auditor prepares the audit report. The intended user is primarily
the Parliament or the Legislature and general public
82. Subject matter refers to the information, condition or activity that is Subject Matter,
measured or evaluated against certain criteria.
83. Subject matter can take many forms and have different characteristics
depending on the audit objective
84. An appropriate subject matter is identifiable and capable of consistent
evaluation or measurement against the criteria.
85. The criteria are the benchmarks used to evaluate the subject matter. Each Criteria
audit shall have criteria suitable to the circumstances of that audit.
86. In determining the suitability of criteria the auditor considers their relevance
and understandability for the intended users, as well as their completeness,
reliability and objectivity (neutrality, general acceptance and comparability
with criteria used in similar audits).
87. The criteria used may depend on a range of factors, including the objectives
and the type of audit.
88. Criteria can be specific or more general and may be drawn from various
sources,
89. They shall be made available to the intended users to enable them to
understand how the subject matter has been evaluated or measured.
90. Subject matter information refers to the outcome of evaluating or
measuring the subject matter against the criteria.

5
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
91. It can take many forms and have different characteristics depending on the and Subject
audit objective and audit scope. Matter
Information
92. i. Attestation Engagements and Types of
ii. Direct Reporting Engagements. Engagement
93. Engagement in which the responsible party measures the subject matter Attestation
against the criteria and presents the subject matter information, on which Engagement
the auditor then gathers sufficient and appropriate audit evidence to
provide a reasonable basis for expressing a conclusion.
94. Financial audits are always attestation engagements, as they are based on
financial information presented by the responsible party.
95. Engagement in which the auditor measures or evaluates the subject matter Direct Reporting
against the criteria. Engagement
96. The outcome of measuring the subject matter against the criteria is
presented in the audit report in the form of findings, conclusions,
recommendations or an opinion.
97. Performance audits and compliance audits are generally direct reporting
engagements.
98. Audit has to provide reliable and relevant information to the intended users Confidence and
based on sufficient and appropriate evidence by performing procedures to Assurance in
reduce or manage the risk of reaching inappropriate conclusions. Pub- Sector
Auditing
99. Through opinions and conclusions: which explicitly convey the level of Forms of
assurance. This applies to all attestation engagements and certain direct providing
reporting engagements. assurance
100. In other forms: In some direct reporting engagements the auditor does not
give an explicit statement of assurance on the subject matter rather
provides the users with the necessary degree of confidence regarding
development of finding & conclusion
101. i. Reasonable or Levels of
ii. Limited assurance
102. Reasonable assurance is high, but not absolute, given the inherent Reasonable
limitations of an audit, the result of which is that most of the audit evidence Assurance
obtained by the auditor will be persuasive rather than conclusive.
103. In reasonable assurance the audit conclusion is expressed positively, either
explicitly or in other forms conveying the necessary degree of confidence
104. A limited assurance conveys the limited nature of the assurance provided. Limited
105. The audit conclusion is expressed in a negative manner stating that based Assurance
on the procedures performed, nothing has come to the auditor’s attention
to cause the auditor to believe that the subject matter is not in compliance
with the applicable criteria.
106. Auditing is a cumulative and iterative process. Principles of
107. The principles of public sector auditing constitute the general standards that Public Sector
apply to SAI India’s personnel as auditors Auditing
108. Categorised into
i. General principles
ii. Principles related to the audit process
109. (i) Ethics and Independence (ii) Professional Judgment, due care and General
Scepticism (iii) Quality Control (iv) Audit Team Management & Skill (v) Audit Principles
Risk (vi) Materiality (vii) Documentation and (ix) Communication

6
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
110. Maintaining professional distance, an alert and questioning attitude when Professional
assessing the sufficiency and appropriateness of evidence obtained Scepticism
throughout the audit.
111. It also entails remaining open-minded and receptive to all views and
arguments
112. Professional judgement implies the application of collective knowledge, Professional
skills and experience to the audit process. Judgement
113. Due care denotes that auditors shall plan and conduct audits in a diligent Due Care
manner. Auditors shall avoid any conduct that might discredit their work.
114. Auditors shall perform the audit in accordance with professional standards Quality Control
on quality control
115. Quality control procedures shall cover matters such as the direction, review
and supervision of the audit process and the need for consultation in order
to reach decisions on difficult or contentious matters.
116. The audit team shall COLLECTIVELY possess the knowledge, skills expertise Audit Team
and competence necessary to successfully complete the audit. Management
117. This includes an understanding and practical experience of the type of audit and Skills
being conducted, familiarity with the applicable standards and legislation,
an understanding of the entity’s operations and the ability and experience
to exercise professional judgement.
118. The auditor may use the work of internal auditors, other auditors or experts,
however, SAI, India has the sole responsibility for any audit opinion or report
it might produce on the subject matter and that responsibility is not reduced
by its use of work done by other parties.
119. The audit risk is the risk that the audit report may be inappropriate. Audit Risk
120. The auditor performs procedures to reduce or manage the risk of reaching
inappropriate conclusions.
121. When the objective is to provide reasonable assurance, the auditor shall
reduce audit risk to an acceptably low level given the circumstances of the
audit.
122. The audit may also aim to provide limited assurance which in the auditor’s
professional judgment, will be meaningful to the intended users.
123. Auditors shall consider materiality throughout the audit process Materiality
124. A matter can be judged material if knowledge of it would be likely to
influence the decisions of the intended users.
125. Determining materiality is a matter of PROFESSIONAL JUDGEMENT and
depends on the auditor’s interpretation of the users’ needs.
126. This judgement may relate to an individual item or to a group of items taken
together.
127. Materiality shall be considered for the purposes of planning, evaluating the
evidence obtained and reporting, though the materiality levels could differ
for each of the processes.
128. Materiality considerations affect decisions concerning the nature, timing
and extent of audit procedures and the evaluation of audit results
129. Materiality is categorised into (i) Materiality by Value (ii) Nature and (iii)
Context
130. Auditors shall prepare audit documentation that is sufficiently detailed to Documentation
provide a clear understanding of the work performed, evidence obtained
and conclusions reached.
131. It should be so to enable an EXPERIENCED AUDITOR, WITH NO PRIOR
KNOWLEDGE of the audit, to understand the nature, timing, scope and
results of the procedures performed, the evidence obtained in support of
7
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 the audit conclusions and recommendations, the reasoning behind all
significant matters that required the exercise of professional judgement and
the related conclusions.
132. i. confirm and support the auditor’s opinions and reports Importance of
ii. serve as a source of information for preparing reports or answering any sound
enquiries from the audited entity or any other party; documentation
iii. serve as evidence of the auditor's compliance with the auditing
standards;
iv. facilitate planning, supervision and review; help with the auditor’s
professional development;
v. help to ensure that delegated work has been satisfactorily executed; and
vi. provide evidence of work done for future reference.
133. (i) the timely preparation of documentation Further
(ii) the form, content and extent of documentation requirement of a
(iii) where the auditor judges it necessary to depart from a relevant sound
requirement in the applied auditing standards documentation
(iv) where the auditor performs new or additional audit procedures or draws
new conclusions after the date of the auditor’s report; and
(v) the assembly of the final audit file.
134. Auditors shall establish effective communication throughout the audit Communication
process
135. This is key to developing a constructive working relationship.
136. Communication shall include obtaining information relevant to the audit
and providing management/ those charged with governance with timely
observations and findings throughout the engagement.
137. It is important to promote effective two-way communication throughout
the engagement.
138. Written communication is vital for significant audit findings, which auditors
are required to communicate to those charged with governance.
139. The auditor may also have a responsibility to communicate audit-related
matters to other stakeholders, such as legislative and oversight bodies.
140. i. Planning the audit Principles
ii. Conducting the audit related to the
iii. Reporting & Follow-up audit process
141. Auditors shall obtain an understanding of the nature of the Planning the
entity/programme to be audited Audit
142. Interaction with management, other relevant stakeholders and experts.
Documents (including earlier studies and other sources) shall be examined
in order to gain a broad understanding of the subject matter to be audited
and its context.
143. Auditors shall conduct a risk assessment or problem analysis and revise
this as necessary in response to the audit findings
144. The identification of risks and their impact on the audit shall be considered
throughout the audit process.
145. In a problem analysis the auditor shall consider actual indications of
problems or deviations from what should be or is expected.
146. Auditors shall identify and assess the risks of fraud relevant to the audit
objectives
147. The primary responsibility for the prevention and detection of fraud rests
with the entity’s management and those charged with governance.
148. Fraud is a broad legal concept and the auditor does not make legal
determination of fraud.
8
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
149. Auditors shall make enquiries and perform procedures to identify and
respond to the risks of fraud relevant to the audit objectives.
150. They shall maintain an attitude of professional scepticism and be alert to the
possibility of fraud throughout the audit process.
151. Auditors shall plan their work to ensure that the audit is conducted in an
effective and efficient manner
152. Planning for a specific audit includes strategic and operational aspects.
153. Strategically, planning shall define the audit scope, objectives and approach. Strategic
154. Objectives-what the audit is intended to accomplish. Aspects
Scope-subject matter and the criteria directly related to the objectives.
Approach-nature and extent of the procedures gathering audit evidence.
155. Professional judgement shall be exercised to decide on a suitable
methodology depending upon the subject matters, audit objectives being
pursued and the envisaged scope of audit.
156. Operationally, planning entails setting a timetable for audit and defining the Operational
nature, timing and extent of the audit procedures. Aspects
157. During planning, auditors shall assign the members of their team as
appropriate and identify other resources that may be required, such as
subject experts.
158. Audit planning shall be responsive to significant changes in circumstances
and conditions. It is an iterative process that takes place throughout the
audit.
159. Auditors shall perform audit procedures that provide sufficient and Conducting the
appropriate audit evidence to support the audit report Audit
160. The auditor’s decisions on the nature, timing and extent of audit procedures
will impact on the evidence to be obtained.
161. The choice of procedures will depend on the risk assessment or problem
analysis.
162. Audit evidence is any information used by the auditor to determine whether
the subject matter complies with the APPLICABLE CRITERIA.
163. Evidence may take many forms, such as electronic and paper records of
transactions, written and electronic communication with outsiders, and
observations by the auditor and oral or written testimony by the audited
entity.
164. Methods of obtaining audit evidence can include inspection, observation,
inquiry, confirmation, recalculation, re-performance, analytical procedures
and/or other research techniques.
165. Evidence shall be both sufficient (quantity) appropriate (quality)
166. sufficient (quantity) audit evidence persuades a knowledgeable person that
the findings are reasonable,
167. Appropriate (quality) audit evidence establishes evidence being relevant,
valid and reliable.
168. Merely obtaining more evidence does not compensate for its poor quality.
169. The reliability of evidence is influenced by its source and nature, and is
dependent on the specific circumstances in which the evidence was
obtained.
170. (i) when it is obtained from sources external to the responsible party. Reliability of
(ii) that is generated internally when the related controls are effective evidence being
more
(iii) obtained directly by the auditor
(iv) When it exists in documentary form, whether paper, electronic, or other
media

9
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 (v) Provided by original documents than provided by photocopies or
facsimiles.
171. The auditor’s assessment of the evidence shall be objective, fair and Conducting the
balanced. Audit
172. Preliminary findings shall be communicated to and discussed with the entity
being audited to confirm their validity.
173. The auditor must respect all requirements regarding confidentiality.
174. Auditors shall evaluate the audit evidence and draw conclusions
175. The auditor shall evaluate the audit evidence with a view to obtaining audit
findings.
176. When evaluating the audit evidence and assessing materiality of findings the
auditor shall take both quantitative and qualitative factors into
consideration.
177. Based on the findings, the auditor shall exercise professional judgement to
reach a conclusion on the subject matter or subject matter information
178. Auditors shall prepare a report based on the conclusions reached. Reporting and
Follow-up
179. Reports shall be easy to understand, free from vagueness or ambiguity and
complete.
180. They shall be objective and fair, only including information which is
supported by sufficient and appropriate audit evidence and ensuring that
findings are put into perspective and context.
181. The form and content of a report will depend on the nature of the audit, the
intended users, the applicable standards and legal requirements
182. The reports can appear in short form or long form.
183. In an attestation engagement the report is generally referred to as the
Auditor’s Report.
184. When an audit opinion or conclusion is used to convey the level of Opinion or
assurance, the opinion or conclusion shall be in a standardised format. Conclusion
185. It may be unmodified or modified.
186. An unmodified opinion/conclusion is used when either limited or
reasonable assurance has been obtained failing which modified opinion is
expressed.
187. (i) Qualified (except for) Modified
(ii) Adverse and opinion
(iii) Disclaimer
188. where the auditor disagrees with, or is unable to obtain sufficient and Qualified (Except
appropriate audit evidence about certain items in the subject matter which for)
are, or could be, material but not pervasive;
189. where the auditor, having obtained sufficient and appropriate audit Adverse
evidence, concludes that deviations or misstatements, whether individually
or in the aggregate, are both material and pervasive
190. Where the auditor is unable to obtain sufficient and appropriate audit Disclaimer
evidence due to an uncertainty or scope limitation which is both material
and pervasive.
191. Follow-up focuses on whether the audited entity has adequately addressed
the matters raised. Insufficient or unsatisfactory action by the audited entity
may call for a further report by SAI India.
SPECIFIC STNADARDS
192. Specific considerations regarding their applicability to financial, compliance
and performance audits, which the auditors shall observe as specific
standards during the conduct of these audits.
10
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
193. Financial Audit
194. (i) To obtain reasonable assurance about whether the financial statements overall
as a whole are free from material misstatement, whether due to fraud or objectives of
error, thereby enabling the auditor to express an opinion on whether the the auditor
financial statements are prepared, in all material respects, in accordance
with an applicable financial reporting framework and
(ii) To report on the financial statements, and communicate the result of the
audit in accordance with the auditor’s findings.
195. The objectives of financial audit in public sector are often broader than
expressing an opinion on the financial statements due to the audit mandate
arising from legislations, regulation and government policy requirements
may result in additional objectives.
196. Financial reporting frameworks may be for general or specific use. Financial
197. A framework designed to meet the information needs of a wide range of Reporting
users is referred to as a general-purpose framework, while special-purpose Frameworks
frameworks are designed to meet the specific needs of a specific user or
group of users.
198. General purpose frameworks are the International Public Sector Accounting
Standards (IPSASs), International Financial Reporting Standards (IFRSs), the
Indian Accounting Standards, or other national financial reporting
frameworks
199. (i) a statement of financial position (ii) a statement of financial performance complete set of
(iii) a statement of changes in net assets/equity (iv) a cash flow statement FS as per
(v) a comparison of budget and actual amounts (vi) notes and (vii) such as general
reports on performance and appropriation reports. purpose
200. If the financial statements are prepared in accordance with a framework for
other accounting bases, such as modified accrual or cash basis (e.g. Indian
Government Accounting Standards – IGAS), a complete set of financial
statements may not include all of the above.
201. A public sector entity may prepare financial statements for other parties Special-
(such as governing bodies, the legislature or other parties with an oversight Purpose
function), which may require financial statements tailored to meet their Frameworks:
specific information needs.
202. Special purpose financial statements are generally prepared in addition to
general purpose financial statement but in certain environment these are
the only financial statements prepared by the public sector entity.
203. (i) the cash receipts and disbursements Some specific
(ii) the financial reporting provisions established by an international funding purpose
organization or mechanism; financial
(iii) the financial reporting provisions established by a governing body, the statement
legislature or other parties that perform an oversight function to meet the
requirements of that body; or
(iv) the financial reporting provisions of a contract, such as a project grant.
204. Frameworks prescribed by law or regulation will often be deemed Frameworks
acceptable by the auditor. prescribed by
205. Such frameworks invariably require presentation of original and final budget law or
amounts and actual amounts on a comparable basis to complete the regulation
accountability cycle
206. The accounting base, basis of classification, the level of aggregation of
budget heads for presentation in financial statements are determined by
law, rules and regulations.

11
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
207. The GAR, 1990, GFR, DFPR 1978 and List of Major and Minor Heads, Annual
Appropriation and Finance Accounts and Accounts Codes and rules that
govern preparation and compilation of finance and appropriation accounts
of the Union and the States constitute the rule based standards.
208. The auditor shall apply the concept of materiality in an appropriate Materiality
manner when planning and performing the audit.
209. A misstatement is material, individually or when aggregated with other
misstatements, if it could reasonably be expected to influence the decisions
taken by users on the basis of the financial statements.
210. When planning the audit strategy, the auditor shall assess materiality for the
financial statements as a whole.
211. The auditor shall also determine the materiality level or levels for the classes
of transactions, account balances or disclosures concerned.
212. Even while the auditor’s opinion deals with the financial statements as a
whole, auditor should considers not only the size but also the nature of
uncorrected misstatements (e.g. if it is a result of fraud or corruption) and
the particular circumstances of their occurrence when evaluating their
effect on the financial statements.
213. Assessing materiality is a matter of auditor’s judgement.
214. The audit risk in an audit of financial statements is the risk that the auditor Audit Risk
will express an inappropriate conclusion if the subject matter information
is materially misstated.
215. (i) Inherent Types of Audit
(ii) Control Risk Risk
(iii) Detection Risk
216. the susceptibility of the subject matter information to material Inherent Risk
misstatement, assuming that there are no related controls;
217. the risk that a material misstatement could occur and will not be prevented Control risk
or detected and corrected at the appropriate time by related controls
218. Some control risk will always exist due to the limitations inherent in the
design and operation of internal controls
219. The risk that the auditor will not detect a material misstatement. Detection Risk
220. The risk assessment is a matter of professional judgement and is not capable Audit Risk
of precise measurement.
221. The degree to which the auditor considers each element of risk will depend
on the circumstances of each audit.
222. The auditor shall assess the risks of material misstatement at the financial Risk Assessment
statement level as a whole and the assertion level for classes of
transactions, account balances and disclosures so as to provide a basis for
designing and performing further audit procedures.
223. (i) identify risks throughout the process of obtaining an understanding of the Auditor needs to
entity being audited and its environment by examining relevant controls
(ii) assess the risks identified and evaluate whether they relate more
pervasively to the financial statements as a whole and could potentially
affect many assertions
(iii) relate the risks identified to what could go wrong at the assertion level,
taking account of relevant controls that the auditor intends to test d)
consider the likelihood of misstatement, including the possibility of multiple
misstatements, whether the potential for misstatement is such as to render
it material.
224. When judging which risks are significant, the auditor needs to consider at
least the following:
12
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 (i) risk of fraud (ii) recent significant economic, accounting or other
developments, which requires specific attention (iii) the complexity of
transactions (iv) significant transactions with related parties (v) the degree
of subjectivity in the measurement of financial information related to the
risk, especially measurements which involve a wide range of measurement
uncertainty (vi) significant transactions that are outside the entity’s normal
course of business, or that otherwise appear to be unusual and (vii)
compliance with laws and regulations.
225. Responses to assessed risks include designing audit procedures that address
the risks, such as substantive procedures and test of controls.
226. Substantive procedures include both tests of details and substantive
analysis of classes of transactions, account balances and disclosures.
227. The auditor shall consider whether there are events or conditions that may Going Concern
cast significant doubt on the entity’s ability to continue as a going concern. Considerations
228. Financial statements are normally prepared on the assumption that the
entity is a going concern and will continue to meet its statutory obligations
for the foreseeable future.
229. General-purpose financial statements are typically prepared on a going-
concern basis.
230. The going-concern concept may have little or no relevance for public-sector
entities such as those funded through appropriations on the public sector
budget.
231. The auditor shall identify and assess the risks of material misstatement in Considerations
the financial statements due to fraud, shall obtain sufficient and Relating to
appropriate audit evidence regarding the assessed risks of material Fraud in an
misstatement due to fraud. Audit of
232. The auditor shall respond appropriately to fraud or suspected fraud Financial
identified during the audit Statements
233. The distinguishing factor is whether the action (fraud or error) resulting in a
misstatement was intentional or unintentional.
234. The auditor is concerned only with fraud that causes a material
misstatement in the financial statements.
235. Two types of intentional misstatements are relevant to the auditor –
(i) misstatements resulting from fraudulent financial reporting and
(ii) those resulting from the misappropriation of assets.
236. Areas in which auditors shall be alert to fraud risks leading to material
misstatement may include procurement, grants, privatisations, intentional
misrepresentation of results or information and misuse of authority or
power.
237. The auditor shall identify the risks of material misstatement due to direct Considerations
and material non-compliance with laws and regulations. Relating to
238. The auditor shall obtain sufficient and appropriate audit evidence regarding Laws and
compliance with the laws and regulations Regulations in
239. However, the auditor is not responsible for preventing non-compliance and an Audit of
cannot be expected to detect all breaches of laws and regulations. Financial
240. The effect of laws and regulations on the financial statements varies Statements
considerably some may have direct effect whereas other may have indirect
effect on financial statement
241. Non-compliance with laws and regulations may result in fines, litigation or
other consequences for the audited entity that may have a material effect
on the financial statements.

13
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
242. Matters involving non-compliance with laws and regulations that come to
the auditor's attention during the course of the audit shall be communicated
to management/those charged with governance.
243. The auditor shall obtain sufficient and appropriate audit evidence that all Consideration
events occurring between the date of the financial statements and the of Subsequent
date of the auditor’s report that require an adjustment to, or disclosure in, Events
the financial statements have been identified.
244. Ordinarily, two types of events are identified:
a) Events that provide evidence of conditions that existed at the date of the
financial statements; and
b) Events that provide evidence of conditions that arose after the date of
the financial statements.
245. Procedures shall be designed, as nearly as possible, to cover the period from
the date of the financial statements to the date of the auditor’s report.
246. The auditor is not, however, expected to perform additional audit
procedures on matters to which previous audit procedures have provided
satisfactory conclusions.
247. (i) understanding of any procedures established by management to ensure Process
that subsequent events are identified regarding
(ii) inquiries of management subsequent
(iii) scrutiny of minutes of the Board / those charged with governance events
(iv) scrutiny of the entity’s most recent interim financial statements, if any
(v) written confirmation from the management /those charged with
governance.
248. The auditor is under no obligation to perform any audit procedures on the
financial statements after the date of the auditor’s report.
249. However, if, after the date of the auditor’s report but before the financial
statements have been issued, a fact becomes known to the auditor that, had
it been known at the date of the auditor’s report, might have caused an
amendment to the report, appropriate action shall be taken.
250. (i) discussing the matter with the management and, where appropriate, Fact becoming
those charged with governance known after
(ii) determining whether the FS need amendment and, if so, date of audit
3) inquiring how the management intends to address the matter in the report but
financial statements before issue
4) Obtaining written confirmation from the management.
251. If the management does not take the necessary steps and does not amend
the financial statements, the auditor shall notify the management and those
charged with governance that the auditor will seek to prevent future
reliance on the auditor’s report.
252. This may entail seeking legal advice and reporting to the appropriate
statutory body.
253. Uncorrected misstatements shall be evaluated for materiality, individually Evaluating
or in aggregate, to determine their effect on the opinion to be given in the Misstatements
auditor’s report.
254. the auditor shall consider
(i) the size and nature of the misstatements, in relation both to particular
classes of transactions, account balances or disclosures and to the financial
statements as a whole, and the particular circumstances of their occurrence;
and

14
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 (ii) the effect of uncorrected misstatements from prior periods on the
relevant classes of transactions, account balances or disclosures, and on the
financial statements as a whole.
255. The auditor shall invite the management to correct misstatements, and if
the management refuses to correct some or all communicated
misstatements the auditor shall ascertain the reasons.
256. Those charged with governance shall be notified of uncorrected
misstatements and their effect on Financial Statement
257. The auditor’s notification shall individually identify uncorrected material
misstatements in classes of transactions, account balances or disclosures.
258. The auditor shall form an opinion based on an evaluation of the Forming an
conclusions drawn from the audit evidence obtained, as to whether the Opinion and
financial statements as a whole are prepared in accordance with the Reporting on
applicable financial reporting framework. the Financial
259. The opinion shall be expressed clearly in a written report that also Statements
describes the basis for the opinion.
260. The conclusion shall take into account:
a) Whether sufficient and appropriate evidence has been obtained
b) Whether uncorrected misstatements are material, individually or in
aggregate; and
c) The auditor’s evaluations of the financial statements.
261. The auditor shall express an unmodified opinion if it is concluded that the Forms of
financial statements are prepared, in all material respects, in accordance opinion
with the applicable financial framework.
262. If the auditor concludes that, based on the audit evidence obtained, the
financial statements as a whole are not free from material misstatement, or
is unable to obtain sufficient and appropriate audit evidence to conclude
that the financial statements as a whole are free from material
misstatement, the auditor shall modify the opinion in the auditor’s report.
263. Auditors may provide three types of modified opinions: a qualified opinion,
an adverse opinion and a disclaimer of opinion
264. (i) The nature of the matter giving rise to the modification – that is, whether Decision
the financial statements are materially misstated or, in the event that it was regarding type
impossible to obtain sufficient and appropriate audit evidence, may be of modified
materially misstated; and opinion
(ii) The auditor’s judgment about the pervasiveness of the effects or
possible effects of the matter on the financial statements.
265. (i) The financial statements present fairly, in all material respects... in Expression of
accordance with [the applicable reporting framework]; or opinion in the
(ii) The financial statements give a true and fair view of ... in accordance Auditor’s
with [the applicable financial reporting framework] Report
266. (i) responsibility of Management for the financial statements, stating that Important
the management is responsible for the financial statements in accordance Sections of
with the applicable financial reporting framework Auditor’s
(ii) responsibility of Auditors, stating that the responsibility of the auditor is Report apart
to express an opinion based on the audit of the financial statements and from opinion
describing the scope of audit and audit procedures carried out section
(iii) Emphasis of Matter and Other Matters paragraphs and
(iv) other regulatory and reporting responsibilities of auditors.
267. If the auditor considers it necessary to draw users’ attention to a matter Emphasis of
presented or disclosed in the financial statements that is of such importance matter
that it is fundamental to their understanding of the financial statements, but
15
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 there is sufficient and appropriate evidence that the matter is not materially
misstated in the financial statements
268. Emphasis of Matter paragraphs shall only refer to information presented or
disclosed in the financial statements.
269. If the auditor considers it necessary to communicate a matter, other than Other Matter
those that are presented or disclosed in the financial statements, which, in
the auditor’s judgement, is relevant to users’ understanding of the audit,
provided not prohibited by the law or regulation
270. This paragraph shall appear immediately after the opinion and any Emphasis
of Matter paragraph.
271. Comparative information’ refers to amounts and disclosures included in Comparative
the financial statements in respect of one or more prior periods. information-
272. (i) the comparative information agrees with the amounts and other Corresponding
disclosures that were presented in the prior period or, where appropriate, figures and
have been restated; and comparative
(ii) the accounting policies reflected in the comparative information are financial
consistent with those applied in the current period or, if there have been statements
changes in accounting policies, whether those changes have been properly
accounted for and adequately presented and disclosed.
273. The auditor shall perform such additional audit procedures as are necessary
in the circumstances to obtain sufficient and appropriate audit evidence as
to whether a material misstatement exists if the auditor becomes aware,
during the current period, of a possible material misstatement in the
comparative information
274. The auditor is required to determine the acceptability of the financial
Audits of
reporting framework that was applied when preparing the financial financial
statements. statements
275. In an audit of special-purpose financial statements, the auditor shall
prepared in
obtain an understanding of: accordance
(i) the purpose for which the financial statements are prepared; with Special-
(ii) the intended users; and Purpose
(iii) the steps taken by management to determine that the applicable Frameworks
financial reporting framework is acceptable in the circumstances.
276. When forming an opinion and reporting on special-purpose financial
statements, the auditor shall comply with the same requirements as for
general-purpose financial statements.
277. (i) describe the purpose for which the financial statements have been
prepared; and
(ii) make reference to the management’s responsibility for determining
that the applicable financial reporting framework is acceptable in the
circumstances where the management has a choice of frameworks to use
in preparing the financial statements.
278. The auditor shall include an Emphasis of Matter paragraph alerting users to
the fact that the financial statements have been prepared in accordance
with a special-purpose framework and that, as a result, they may not be
suitable for another purpose.
279. The auditor shall first determine whether the audit is practicable. Audits of single
280. The auditor shall consider whether the expected form of opinion is financial
appropriate in the circumstances of the engagement, and shall adapt the statements and
reporting requirements as necessary.

16
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
281. If the auditor is engaged to report on a single financial statement, or on a specific
specific element of a financial statement, in conjunction with an elements,
engagement to audit the entity’s complete set of financial statements, the accounts or
auditor shall express a separate opinion for each engagement. items of a
282. If the opinion in the auditor’s report on an entity’s complete financial financial
statements is modified, or the report includes an Emphasis of Matter statement
paragraph or Other Matter paragraph, the auditor shall determine the effect
this may have on the auditor’s report on a single financial statement or a
specific element of a financial statement.
283. Where appropriate, the auditor shall modify the auditor’s report on the
single financial statement or specific element of a financial statement.
284. Auditors shall obtain sufficient and appropriate audit evidence regarding audits of
the financial information of all components and the consolidation process Consolidated
to express an opinion as to whether the Consolidated Financial Statements Financial
(including whole-of-public sector financial statements) are prepared, in all Statements
material respects, in accordance with the applicable financial reporting (including
framework. Whole of Public
285. The auditor carrying out an audit of consolidated financial statements is Sector Financial
referred to as the principal auditor. Statements)
286. The principal auditor shall establish a consolidated audit strategy and
develop a consolidated audit plan.
Performance Audit
287. The main objective of performance audit is to constructively promote Introduction
economical, effective and efficient governance. It also contributes to
accountability and transparency.
288. Performance audit promotes accountability by assisting those charged with
governance and oversight responsibilities to improve performance through
an examination of whether:
(i) decisions by the legislature or the executive are efficiently and effectively
prepared and implemented and
(ii) tax payers or citizens have received value for money.
289. It does not question the intentions and decisions of the legislature, but
examines whether any shortcomings in the implementation of the law and
framing of regulations have prevented the specified objectives from being
achieved.
290. It provides constructive incentives for the responsible parties to take
appropriate action.
291. Performance audits undertaken by SAI, India may have overlaps with other Perspective of
audit types (or combined audits) Performance
292. In case of combined audit Audit
a) Elements of performance audit can be part of a more extensive audit that
also covers compliance and financial auditing aspects.
b) In the event of an overlap, the primary objective of the audit shall guide
the auditors as to which standards to apply.
293. Performance auditing focuses on activity and results rather than reports or
accounts, and that its main objective is to promote economy, efficiency and
effectiveness rather than report on compliance.
294. Performance audits are essentially direct reporting engagements where the Type of
auditor measures or evaluates the subject matter against the criteria. Engagement
295. Performance audits are not normally expected to provide an overall opinion, and Assurance
comparable to the opinion on financial statements, on the audited entity’s
achievement of economy, efficiency and effectiveness.
17
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
296. The degree of economy, efficiency and effectiveness achieved may be
conveyed in the performance audit report in different ways:
(i) either through an overall view on aspects of economy, efficiency and
effectiveness
(ii) or by providing specific information on a range of points including the
audit objective, the questions asked, the evidence obtained, the criteria
used, the findings reached and the specific conclusions.
297. Performance audits are designed to provide a reasonable assurance with a
set of conclusions and, if applicable, a single overall conclusion and to
present a balanced report by taking into account all relevant viewpoints.
298. The risk of obtaining incorrect or incomplete conclusions, providing Audit Risk
unbalanced information or failing to add value for users.
299. Many topics in performance auditing are complex and sensitive
300. The risk that an audit will fail to provide users of the audit report with
knowledge or recommendations that would make a real contribution to
better performance.
301. (i) not possessing the competence to conduct sufficiently broad or deep Important
analysis, aspects of Audit
(ii) lacking access to quality information Risk
(iii) obtaining inaccurate information (e.g. because of fraud or irregular
practices),
(iv) being unable to put all findings in perspective, and f
(v) failing to collect or address the most relevant arguments.
302. Auditors shall select audit topics through the strategic planning process by Selection of
analysing potential topics and conducting research to identify risks and topics
problems.
303. Determining which audits will be pursued is usually part of SAI India’s
strategic planning process.
304. In this process, auditors shall consider that audit topics are sufficiently
significant as well as auditable and in keeping with SAI India’s mandate.
305. The topic selection process shall aim to maximise the expected impact of
the audit while taking account of audit capacities (e.g. human resources and
professional skills).
306. Performance auditing generally requires that audit-specific, substantive and
methodological knowledge be acquired before the audit is launched (“pre-
study/ pilot study”).
307. Auditors shall plan the audit in a manner that contributes to a high-quality Audit Design
audit that will be carried out in an economical, efficient, effective and
timely manner and in accordance with the principles of good project
management.
308. (i) the background knowledge and information required for an Consideration
understanding of the audited entities
(ii) the audit objectives, questions, criteria, subject matter and methodology
(iii) the necessary activities, staffing and skills requirements, the key project
timeframes and milestones and the main points for control.
309. The planning phase shall also involve research work aimed at building
knowledge, testing various audit designs and checking whether the
necessary data are available.
310. Auditors shall choose a result, problem or system-oriented approach, or a Audit approach
combination thereof, to facilitate the soundness of audit design.
311. A system-oriented approach examines the proper functioning of
management systems, e.g. financial management systems

18
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
312. A result-oriented approach assesses whether outcome or output objectives
have been achieved as intended or programmes and services are operating
as intended
313. A problem-oriented approach examines, verifies and analyses the causes of
particular problems or deviations from criteria.
314. All three approaches can be pursued from a top-down or bottom-up
perspective.
315. Top-down audits concentrate mainly on the requirements, intentions,
objectives and expectations of the legislature and central public sector.
316. A bottom-up perspective focuses on problems of significance to people and
the community.
317. When planning the audit, the auditor shall design the audit procedures to Audit
be used for gathering sufficient and appropriate audit evidence. Procedure
318. deciding on the overall audit design (which questions to ask, e.g.
explanatory /descriptive/evaluative);
b) determining the level of observation (e.g. looking at a process or
individual files) and methodology (e.g. full analysis or sample);
c) Specific data-collection techniques (e.g. analysis of records,
questionnaire, interview or focus group). Data-collection methods and
sampling techniques shall be carefully chosen.
319. Planning be flexible and pragmatic, therefore, performance audit
procedures shall not be overly standardised.
320. In certain cases – where, for example, the audit requires data to be gathered
in many different regions or areas or the audit is to be conducted by a large
number of auditors – there may be a need for a more detailed audit plan in
which audit questions and procedures are explicitly defined.
321. When planning an audit, auditors shall also assess the risk of fraud.
322. The overall aim at the planning stage is to decide, by building up knowledge
and considering a variety of strategies, how best to conduct the audit.
323. Auditors shall establish suitable criteria identified from different sources
which correspond to the audit questions and are related to the principles of
economy, efficiency and effectiveness.
324. The criteria shall be discussed with the auditable entities, but it is ultimately
the auditor’s responsibility to select suitable criteria.
325. In audits covering complex issues it is not always possible to set criteria in
advance and instead they will be defined during the audit process.
326. Auditors shall apply procedures to safeguard quality, ensuring that the Quality Control
applicable requirements are met and placing emphasis on appropriate,
balanced and fair reports that add value and answer the audit questions.
327. The need to establish a working atmosphere of mutual trust and
responsibility and provide support for audit teams shall be seen as part of
quality management.
328. In performance auditing, even if the report is evidence-based, well-
documented and accurate, it might still be inappropriate or insufficient if it
fails to give a balanced and unbiased view, includes too few relevant
viewpoints or unsatisfactorily addresses the audit questions.
329. As audit objectives vary widely between different audit engagements, it is
important to define clearly what constitutes a high-quality report in the
specific context of an audit engagement.
330. No quality control procedures at the level of the individual audit can
guarantee high-quality performance audit reports.

19
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
331. It is equally important for auditors to be – and remain – competent,
motivated and willing to innovate.
332. Control mechanisms shall therefore be complemented by support, such as
on-the-job training and guidance for the audit team.
333. Auditors shall strive to provide audit reports which are comprehensive, Reporting
convincing, timely, reader-friendly and balanced.
334. To be comprehensive, the report shall include information about the audit
objective, audit questions and answers to those questions, the subject
matter, criteria, methodology, sources of data, any limitations to the data
used, and audit findings.
335. To be convincing, it shall be logically structured and present a clear
relationship between the audit objective, criteria, findings, conclusions and
recommendations. All relevant arguments shall be addressed.
336. The report shall explain why and how problems observed in the findings
hamper performance in order to encourage the audited entity or the user
to initiate corrective action.
337. It shall, where appropriate, include recommendations for improvements to
performance.
338. The report shall be as clear and concise as the subject matter permits and
phrased in unambiguous language.
339. As a whole it shall be constructive, contribute to better knowledge and
highlight any necessary improvements.
340. Being balanced means that preparation of the report needs to be impartial
in content and tone.
341. (i) Findings objectively and fairly. Balanced
(ii) Different perspectives and viewpoints. Where different interpretations Report includes
of the evidence can legitimately be made, they need to be presented to
ensure fairness and balance and
(iii) Both positive and negative aspects and give credit where it is due.
342. Auditors shall seek to provide constructive recommendations that are Recommen-
likely to contribute significantly to addressing the weaknesses or problems dations
identified by the audit.
343. Recommendations shall address the causes of problems and/or
weaknesses.
344. Recommendation shall be phrased in such a way that avoids truisms or
simply inverting the audit conclusions and they shall not encroach on the
management’s responsibilities.
345. It shall be clear who and what is addressed by each recommendation, who
is responsible for taking any initiative and what the recommendations mean
– i .e. how they will contribute to better performance
346. Recommendations shall be presented in a logical and reasoned fashion and
be linked to the audit objectives, findings and conclusions.
347. Together with the full text of the report, they shall convince the reader that
they are likely to significantly improve the conduct of public sector
operations and programmes.
348. Auditors shall follow up previous audit findings and recommendations Follow-up
wherever appropriate.
349. Follow-up shall be reported appropriately in order to provide feedback to
the legislature together, if possible, with the conclusions and impacts of
all relevant corrective action.
350. Follow-up is not restricted to the implementation of recommendations but
focuses on whether the audited entity has adequately addressed the
20
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
 problems and remedied the underlying situation after a reasonable period
of time.
351. Follow-up results may be reported individually or as a consolidated report,
which may in turn include an analysis of different audits, possibly
highlighting common trends and themes across a number of reporting
areas.
Compliance Audit
352. Compliance audit is the independent assessment of whether a given subject Basic
matter is in compliance with applicable authorities identified as criteria.
353. Compliance auditing may be concerned with
a) Regularity - adherence of the subject matter to the formal criteria
emanating from relevant laws, regulations and agreements applicable to the
entity
b) Propriety - observance of the general principles governing sound financial
management and the ethical conduct of public officials
354. Propriety in the public-sector context indicate certain expectations
concerning financial management and the conduct of officials.
355. Promotes transparency by providing reliable reports as to whether funds Objectives of
have been administered, management exercised and citizens’ rights to due Compliance
process honoured as required by the applicable authorities. Audit
356. Promotes accountability by reporting deviations from and violations of
authorities, so that corrective action may be taken and those accountable
may be held responsible for their actions.
357. Promotes good governance both by identifying weaknesses and deviations
from laws and regulations and by assessing propriety where there are
insufficient or inadequate laws and regulations.
358. Compliance audit also considers the risk of fraud in relation to compliance
as fraud and corruption counteracts transparency, accountability and good
governance.
359. In nutshell to enhance the degree of confidence of the intended users with
regard to functioning of audited entities by expressing a conclusion
360. (i) in relation with the audit of financial statements, or Perspectives of
(ii) separately as individual compliance audits, or Compliance
(iii) in combination with performance auditing Audit
361. Compliance audit focusses on obtaining sufficient and appropriate evidence Compliance
regarding compliance of a given subject matter with applicable authorities Audit in
identified as criteria. relation with
362. In the audit of financial statements, only those laws and regulations with a the audit of FS
direct and material effect on the financial statement are relevant whereas
in compliance auditing any law and regulation relevant to the subject matter
may be relevant for audit.
363. Such audits may be conducted separately on a regular basis, as distinct and CA conducted
clearly-defined audits each related to a specific subject matter. separately
364. When compliance audit is part of a performance audit, compliance is seen Compliance
as one of the aspects of economy, efficiency and effectiveness. Audit in
365. Non-compliance may be the cause of, an explanation for, or a consequence combination
of the state of the activities that are the subject of performance audit. with PA
366. In combined audits of this kind, auditors shall use their professional
judgement to decide whether performance or compliance is the primary
focus of the audit and whether to apply the performance audit standards,
compliance audit standards or both.

21
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
367. Compliance audits can be conducted as direct reporting engagements or Type of
attestation engagements. Engagement in
368. In most cases, a compliance audit will not cover all elements of the subject Compliance
matter but will rely on a degree of qualitative or quantitative sampling. Audit
369. Compliance auditing enhances the confidence of the intended users in the
information provided by the auditor or another party
370. Consideration of audit risk is relevant in both attestation and direct Audit Risk
engagements.
371. The auditor shall consider three different dimensions of audit risk – inherent
risk, control risk and detection risk – in relation to the subject matter and
the reporting format, i.e. whether the subject matter is quantitative or
qualitative and whether the audit report is to include an opinion or a
conclusion.
372. The relative significance of these dimensions of audit risk depends on the
nature of the subject matter and whether it is a direct reporting or an
attestation engagement.
373. Materiality in compliance auditing has both quantitative and qualitative Materiality
aspects, although the qualitative aspects generally play a greater role in
the public sector.
374. Materiality shall be considered for the purposes of planning, evaluating the
evidence obtained and reporting.
375. Factors to be considered assessment of materiality are mandated
requirements, public interest or expectations, specific areas of legislative
focus, requests and significant funding.
376. Issues at a lower level of value or incidence than the general determination
of materiality, such as fraud, may also be considered material.
377. The assessment of materiality requires comprehensive professional
judgement on the part of the auditor and is related to the audit scope.
378. In the light of the audit criteria, the audit scope and the characteristics of Risk
the audited entity, the auditor shall perform a risk assessment to determine Assessment
the nature, timing and extent of the audit procedures to be performed.
379. In this process, the auditor shall consider the risks that the subject matter
will not comply with the criteria.
380. Non-compliance may arise due to fraud, error, the inherent nature of the
subject matter and/or the circumstances of the audit.
381. The identification of risks and their potential impact on the audit procedures
shall be considered throughout the audit process.
382. If the auditor comes across instances of non-compliance which may be Risk of fraud,
indicative of fraud, the auditor shall exercise due professional care and abuse and non-
caution so as not to interfere with any future legal proceedings or compliance
investigations.
383. Fraud in compliance auditing relates mainly to the abuse of public authority,
but also to fraudulent reporting on compliance issues.
384. Abuse occurs when the conduct of the entity, program, activity or function
falls far short of societal expectations for prudent behaviour.
385. Instances of non-compliance with authorities may constitute deliberate
misuse of public authority for improper benefit.
386. While detecting fraud is not the main objective of compliance audit, auditors
shall include fraud risk factors in their risk assessments and remain alert to
indications of fraud.
387. Auditors shall prepare a report based on the principles of completeness, Reporting
objectivity, timeliness and a contradictory process.
22
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)
388. The principle of completeness requires the auditor to consider all relevant
audit evidence before issuing a report.
389. The principle of objectivity requires the auditor to apply professional
judgement and scepticism in order to ensure that all reports are factually
correct and that findings or conclusions are presented in a relevant and
balanced manner.
390. The principle of timeliness implies preparing the report in due time.
391. The principle of a contradictory process implies checking the accuracy of
facts with the audited entity and incorporating responses from responsible
officials as appropriate. In both form and content, a compliance audit report
shall conform to all these principles.
392. Reporting may vary between various forms of conclusions, presented in
short or long form. However, the report shall be complete, accurate,
objective, convincing and as clear and concise as the subject matter permits.
393. A conclusion is common in attestation engagements, the answering of
specific audit questions is more often used in direct reporting engagements.
394. A follow-up process facilitates the effective implementation of corrective Follow-up
action and provides useful feedback to the audited entity, the users of the
audit report and the auditor (for future audit planning).
395. The need to follow up previously reported instances of non-compliance will
vary with the nature of the subject matter, the non-compliance identified
and the particular circumstances of the audit.

23
Prepraed by Deepak Kumar Rahi, AAO (Patna/Bihar)