INTOSAI Framework

Mandatory Training for AAOs to be empanelled

for promotion as SAOs – Day 9 Sessions 1 & 2
(Common Audit) Stream
 Session Overview
 International Role of C&AG as SAI India: Relationship with
INTOSAI

2
Learning Objective

By the end of the session(s), the participants will be able to

appreciate
 the international role of SAI, India
 the objectives and the different categories of IFPP

3
 INTOSAI
 International Organisation of Supreme Audit Institutions is an
autonomous, independent, professional and nonpolitical organization
established as a permanent institution;
 Founded in 1953 with 34 members; Currently has 195 Full Members, 5
Associated Members and 1 Affiliated Member;
 The seat of INTOSAI and the General Secretariat is in Vienna,
Austria.
Motto : Mutual Experience Benefits All

4
 INTOSAI
Its purpose is to:
 provide mutual support to SAIs;
 foster the exchange of ideas, knowledge, and experiences;
 act as a recognized global public voice of SAIs within the
international community;
 set standards for public sector auditing;
 promote good national governance; and
 support SAI capacity development, cooperation and continuous
performance improvement.

5
INTOSAI Organisation Structure
 Congress INCOSAI
 Governing Board
 General Secretariat
 INTOSAI Goal Committees
 Supervisory Committee on Emerging Issues
 International Journal of Government Auditing
 INTOSAI Development Initiative (IDI)
 Regional Organisations

6
 INTOSAI’s Strategic Goal Committees

 The four key goals are:

 Goal 1: Professional Standards
 Goal 2: Capacity Building
 Goal 3: Knowledge Sharing & Knowledge Services
 Goal 4: Policy, Finance and Administration

7
 INTOSAI’S REGIONAL ORGANISATIONS
OLACEFS: Organization of Latin American and Caribbean Supreme Audit
Institutions (1965)
 AFROSAI: African Organization of Supreme Audit Institutions (1976)
 ARABOSAI: Arab Organization of Supreme Audit Institutions (1976)
 ASOSAI: Asian Organization of Supreme Audit Institutions (1978)
 PASAI: Pacific Association of Supreme Audit Institutions (1987)
 CAROSAI: Caribbean Organization of Supreme Audit Institutions (1988)
 EUROSAI: European Organization of Supreme Audit Institutions (1990)
8
SAI, India and INTOSAI

 SAI, India is a member of the organisation since its inception in 1953.

 Currently, Comptroller and Auditor General of India is chair of
 INTOSAI Committee on Knowledge Sharing and Knowledge
Services – (KSC) and its Steering Committee. Eleven Working
Groups and One Task Force.
 INTOSAI Working Group on IT Audit (WGITA)
 INTOSAI Compliance Audit Subcommittee

9
SAI, India and ASOSAI

 SAI, India is a member of the organisation since its inception in 1978.

 Comptroller and Auditor General of India is chair of Board of Editors of
the ASOSAI Journal of Government Audit. The journal is published twice
a year.
 The C& AG of India has played a vital role in all the eleven research
projects undertaken so far by ASOSAI. The 12th ASOSAI Research Project
on "Audit on Implementation of SDGs" is under progress.

10
SAI, India and Other Multilateral Bodies

 C &AG of India is a member of the Global Audit Leadership Forum (GALF)-

formerly known as Global Working Group (GWG).
 GALF holds informal discussions on current and emerging issues of

concern to their governments and offices and to explore opportunities

to share information and work closely together.

 Comptroller and Auditor General of India has been participating actively

in the triennial Conferences of Commonwealth Auditors' General.

11
 International Audit Assignments of SAI, India
 CAG of India has been elected as Chair of the UN Panel of External
Auditors for the year 2020. CAG had been Panel Chair from December
2011 to December 2013 and was the Vice- Chair in 2019.
 CAG of India has been appointed as
 Member of the UN Board of Auditors for the term 1 July 2014 to 30

June 2020.
 External Auditor of Food and Agriculture Organization (FAO) for the

period 2020-2025
 External Auditor of World Health Organization (WHO) for the period

2020-2023

12
Bilateral Relationships of SAI, India

Presently SAI India has MoUs/ twinning arrangements with 16

Supreme Audit Institutions viz.,
Afghanistan China Mongolia South Africa

Bhutan Iran Oman Ukraine

Brazil Kuwait Poland Venezuela

Cambodia Maldives Russia Vietnam

13
IFPP - INTOSAI Framework of Professional
Pronouncements
It contains three categories of professional pronouncements
 The INTOSAI Principles (INTOSAI-P)
 The International Standards of Supreme Audit Institutions (ISSAI)
 The INTOSAI Guidance (GUID)

14
The INTOSAI Principles (INTOSAI-P)
INTOSAI Principles consist of founding principles and core
principles.
 Founding principles (1 – 9) specify the role and functions, which
SAIs should aspire to.

 Core principles (10 – 99) support the founding principles clarifying

the SAI’s role in society as well as high level prerequisites for its
proper functioning and professional conduct.

15
 International Standards of Supreme Audit
Institutions (ISSAI)
 The ISSAIs are the authoritative international standards on public sector
auditing.
 The purposes of the ISSAIs:
 ensure quality audits
 strengthen credibility of the audit reports for users
 enhance transparency of the audit process
 specify the auditor’s responsibility in relation to the other parties

involved
 define the different types of audit engagements and the related set

of concepts.
16
ISSAI
 Fundamental Principles of Public Sector Auditing ISSAI 100-129
 SAI Organisational Requirements ISSAI 130 – 199
 Financial Audit
 FA Principles ISSAI 200 – 299 *
 FA Standards ISSAI 2000 – 2899
 Performance Audit
 PA Principles ISSAI 300 – 399
 PA Standards ISSAI 3000 – 3899
* Not yet developed (In progress)

17
 ISSAI
 Compliance Audit
 CA Principles ISSAI 400 – 499

 CA Standards ISSAI 4000 – 4899

 Other Engagements *
 ISSAI 600 – 699

 ISSAI 6000 – 6499

 Competency Standards (COMP) *

 COMP 700 – 799

 COMP 7000 - 7499

* Not yet developed (In progress)

18
The INTOSAI Guidance (GUID)

Guidance supports the SAI and individual auditors in:

 Application of the ISSAIs in practice in the financial, performance or
compliance audit processes

 Application of the ISSAIs in practice in other engagements

 Understanding a specific subject matter and the application of the

relevant ISSAIs

19
GUID
 SAI Organisational Guidance GUID 1900 – 1999
 Supplementary Financial Audit Guidance GUID 2900 - 2999
 Supplementary Performance Audit Guidance GUID 3900 – 3999
 Supplementary Compliance Audit Guidance GUID 4900 – 4999
 Other Engagements GUID 6500 – 6999
 Subject Matter Specific Guidance GUID 5000 – 5999
 Other Guidance GUID 9000 – 9999
 Supplementary Competency Guidance COMP 7500 – 7999

20
Subject Matter Specific Guidance
GUID 5000 – 5999
 5090 – Audit of International Institutions
 5091 – Arrangements for audit of International Institutions
 5100 – Guidance on Audit of Information Systems
 5200 – Activities with an Environmental Perspective
 5201 – Environmental Auditing in The Context of Financial and
Compliance Audits
 5202 – Sustainable Developments: The Role of SAIs
 5203 – Cooperation on Audits of International Accords

21
Subject Matter Specific Guidance
GUID 5000 – 5999
 5259 – Public Debt Information Systems
 5260 – Governance of Public Assets
 5270 – Guideline for the Audit of Corruption Prevention
 5290 – Guidance on Audit of the Development and Use of Key National
Indicators

22
Other Guidance GUID 9000 – 9999

 9000 – Cooperative Audits between SAIs

 9010 – The importance of an independent standard-setting process
 9020 – Evaluation of Public Policies
 9030 – Good Practices Related to SAI Independence
 9040 - Good Practices Related to SAI Transparency

23
 INTOSAI P 1
The Lima Declaration of Guidelines on Auditing Precepts
I. General
II. Independence
III. Relationship to Parliament, government and the administration
IV. Powers of Supreme Audit Institutions
V. Audit methods, audit staff, international exchange of experiences
VI. Reporting
VII. Audit powers of Supreme Audit Institutions

24
 INTOSAI – P 1
The Lima Declaration of Guidelines on Auditing Precepts
Purpose of audit
 The concept and establishment of audit is inherent in public financial
administration as the management of public funds represents a trust.
 Audit is not an end in itself but an indispensable part of a regulatory
system whose aim is to reveal deviations from accepted standards and
violations of the principles of legality, efficiency, effectiveness and economy
of financial management early enough to make it possible to take
corrective action in individual cases, to make those accountable accept
responsibility, to obtain compensation, or to take steps to prevent--or at
least render more difficult--such breaches.
25
INTOSAI- P10–
Mexico Declaration on SAI Independence
Principle 1:
The existence of an appropriate and effective constitutional/ statutory/
legal framework and of de facto application provisions of this framework

Principle 2:
The independence of SAI heads and members (of collegial institutions),
including security of tenure and legal immunity in the normal discharge of
their duties

26
INTOSAI- P10 – Mexico Declaration on SAI
Independence
Principle 3:
A sufficiently broad mandate and full discretion, in the discharge of SAI
functions

 SAIs should be empowered to audit the:

 use of public monies, resources, or assets, by a recipient or beneficiary

regardless of its legal nature;

 collection of revenues owed to the government or public entities;

 legality and regularity of government or public entities accounts;

 quality of financial management and reporting; and

 economy, efficiency, and effectiveness of government or public entities

operations.
27
INTOSAI- P10 – Mexico Declaration on SAI
Independence
Principle 3:
 While respecting the laws enacted by the Legislature that apply to

them, SAIs are free from direction or interference from the Legislature
or the Executive in the
 selection of audit issues;
 planning, programming, conduct, reporting, and follow-up of
their audits;
 organization and management of their office; and
 enforcement of their decisions where the application of
sanctions is part of their mandate.
28
INTOSAI- P10 – Mexico Declaration on SAI
Independence
Principle 4:
Unrestricted access to information
 SAIs should have adequate powers to obtain timely, unfettered,
direct, and free access to all the necessary documents and
information, for the proper discharge of their statutory
responsibilities

29
INTOSAI- P10
Mexico Declaration on SAI Independence
Principle 5: The right and obligation to report on their work
SAIs should not be restricted from reporting the results of their audit work.
They should be required by law to report at least once a year on the results
of their audit work

30
INTOSAI- P10
Mexico Declaration on SAI Independence
Principle 6:
The freedom to decide the content and timing of audit reports and to publish
and disseminate them
 to decide the content of their audit reports.
 to make observations and recommendations in their audit reports, taking into
consideration, as appropriate, the views of the audited entity.
 Legislation specifies minimum audit reporting requirements of SAIs & , where appropriate,
specific matters that should be subject to a formal audit opinion / certificate.
 to decide on the timing of their audit reports except where specific reporting requirements
are prescribed by law.
 to publish and disseminate their reports, once they have been formally tabled or delivered
to the appropriate authority—as required by law
31
INTOSAI- P10 Mexico Declaration on SAI
Independence
Principle 7 :
The existence of effective follow-up mechanisms on SAI recommendations

 SAIs submit their reports to the Legislature for review and follow-up on
specific recommendations for corrective action.
 SAIs have their own internal follow-up system to ensure that the audited
entities properly address their observations and recommendations as well
as those made by the Legislature.
 SAIs submit their follow-up reports to the Legislature for consideration and
action, even when SAIs have their own statutory power for follow-up and
sanctions
32
INTOSAI- P10 Mexico Declaration on SAI
Independence
Principle 8:
Financial and managerial/administrative autonomy and the availability of
appropriate human, material, and monetary resources
 SAIs should have available necessary and reasonable human, material,

and monetary resources - the Executive should not control or direct the
access to these resources. SAIs manage their own budget and allocate it
appropriately.
 The Legislature or one of its commissions is responsible for ensuring that

SAIs have the proper resources to fulfill their mandate.

 SAIs have the right of direct appeal to the Legislature if the resources

provided are insufficient to allow them to fulfill their mandate

33
INTOSAI- P12
Strengthening The Accountability, Transparency And Integrity
Of Government And Public Sector Entities

 Principle 1: Safeguarding the independence of SAIs

 Principle 2: Carrying out audits to ensure that government and public

sector entities are held accountable for their stewardship over, and use
of, public resources

34
INTOSAI- P12
Strengthening The Accountability, Transparency And Integrity
Of Government And Public Sector Entities

 Principle 3: Enabling those charged with public sector governance to

discharge their responsibilities in responding to audit findings and
recommendations and taking appropriate corrective action
 Principle 4: Reporting on audit results and thereby enabling the public
to hold government and public sector entities accountable

35
 INTOSAI- P12
Demonstrating Ongoing Relevance To Citizens, Parliament And
Other Stakeholders
 Principle 5: Being responsive to changing environments and emerging
risks
 Principle 6: Communicating effectively with stakeholders
 Principle 7: Being a credible source of independent and objective
insight and guidance to support beneficial change in the public sector

36
 INTOSAI- P12
Being A Model Organisation Through Leading By Example
 Principle 8: Ensuring appropriate transparency and accountability of SAIs
 Principle 9: Ensuring good governance of SAIs
 Principle 10: Complying with the SAI’s Code of Ethics
 Principle 11: Striving for service excellence and quality
 Principle 12: Capacity building through promoting learning and knowledge
sharing

37
 INTOSAI- P 20

 SAIs perform their duties under a legal framework that provides for
accountability and transparency
 SAIs make public their mandate, responsibilities, mission and strategy
 SAIs adopt audit standards, processes and methods that are objective and
transparent
 SAIs apply high standards of integrity & ethics for staff of all levels
 SAIs ensure that these accountability and transparency principles are not
compromised when they outsource their activities

38
 INTOSAI- P 20
 SAIs manage their operations economically, efficiently, effectively and in
accordance with laws and regulations and reports publicly on these
matters
 SAIs report publicly on the results of their audits and on their conclusions
regarding overall government activities
 SAIs communicate timely and widely on their activities and audit results
through the media, websites and by other means
 SAIs make use of external and independent advice to enhance the
quality and credibility of their work.

39
ISSAI –
Fundamental Principles of Public
Sector Auditing
 ISSAI 130 - Code of Ethics
 Code of Ethics:
A comprehensive statement of the values and principles which
should guide the daily work of auditors
 Key elements of Code of Ethics:

 Integrity

 Independence and Objectivity

 Competence

 Professional behaviour

 Confidentiality and Transparency

41
Risks of non-compliance with the Ethical Values

a. Political influence and external pressure from auditees or other parties;

b. Personal interests;
c. Inappropriate bias from previous judgements made by the SAI or SAI
staff;
d. Advocating the interests of auditees or other parties;
e. Long or close relationships.

42
ISSAI 140 - Quality Control for SAIs
The objective of the SAI is to establish and maintain a system of
quality control to provide it with reasonable assurance that:
 the SAI and its personnel comply with professional standards and
applicable legal and regulatory requirements;
 Quality control procedures should cover matters such as the direction,
review and supervision of the audit process and the need for
consultation in order to reach decisions on difficult or contentious
matters
 reports issued by the firm or engagement partners, are appropriate in
the circumstances”

43
ISSAI 100

Fundamental Principles of Public-Sector Auditing

 Endorsed as Basic Principles in Government Auditing in 2001

 Revised and renamed Fundamental Principles of Public-Sector Auditing
in 2013
 With the establishment of IFPP, editorial changes were made in 2019

44
ISSAI 100

Fundamental Principles of Public-Sector Auditing provides detailed

information on:
 the purpose and authority of the ISSAIs;
 the framework for public-sector auditing;
 the elements of public-sector auditing;
 the principles to be applied in public-sector auditing

45
 Objectives of Public-sector auditing
To contribute to good governance by:
 providing the intended users with independent, objective and reliable

information, conclusions or opinions.

 enhancing accountability and transparency, encouraging continuous

improvement and sustained confidence in the appropriate use of public
funds and assets and the performance of public administration;

46
 Objectives of Public-sector auditing
To contribute to good governance by:
 reinforcing the effectiveness of monitoring and corrective functions over

government, and those responsible for the management of publicly-

funded activities;

 creating incentives for change by providing knowledge, comprehensive

analysis and well- founded recommendations for improvement.

47
Elements Of Public-sector Auditing
The Three Parties
 The role of auditor is fulfilled by the Head of the SAI and by persons to

whom the task of conducting the audits is delegated.

 The responsible parties may be responsible for the subject matter

information, for managing the subject matter or for addressing

recommendations, and may be individuals or organisations.
 The intended users may be legislative or oversight bodies, those

charged with governance or the general public.

48
Elements Of Public-sector Auditing
 Subject Matter
The information, condition or activity that is measured or evaluated
against certain criteria.
 Criteria
The benchmarks used to evaluate the subject matter
 Subject matter information
Refers to the outcome of evaluating or measuring the subject matter
against the criteria.

49
Elements Of Public-sector Auditing

Types of Engagements
Attestation Engagements
 In attestation engagements the responsible party measures the

subject matter against the criteria and presents the subject

matter information, on which the auditor then gathers sufficient
and appropriate audit evidence to provide a reasonable basis for
expressing a conclusion.
 Financial audits are always attestation engagements, as they are

based on financial information presented by the responsible

party.
50
Elements Of Public-sector Auditing
Types of Engagements
Direct Reporting Engagements
 In direct reporting engagements it is the auditor who measures or

evaluates the subject matter against the criteria. The auditor selects the
subject matter and criteria, taking into consideration risk and materiality.
The outcome of measuring the subject matter against the criteria is
presented in the audit report in the form of findings, conclusions,
recommendations or an opinion. The audit of the subject matter may also
provide new information, analyses or insights
 Performance audits are normally direct reporting engagements.

 Compliance audits may be attestation or direct reporting engagements, or

both at once. 51
Elements Of Public-sector Auditing
Forms of Providing Assurance
 Through opinions and conclusions
 Through findings, conclusions and recommendations

Levels of Assurance
 Reasonable Assurance
 Limited Assurance

52
Elements Of Public-sector Auditing
Reasonable Assurance
 Reasonable assurance is high but not absolute.

 The audit conclusion is expressed positively, conveying that, in the

auditor’s opinion, the subject matter is or is not compliant in all

material respects, or, where relevant, that the subject matter
information provides a true and fair view, in accordance with the
applicable criteria.

53
Elements Of Public-sector Auditing
Limited Assurance
 When providing limited assurance, the audit conclusion states that,
based on the procedures performed, nothing has come to the
auditor’s attention to cause the auditor to believe that the subject
matter is not in compliance with the applicable criteria.
 The procedures performed in a limited assurance audit are limited
compared with what is necessary to obtain reasonable assurance, but
the level of assurance is expected, in the auditor’s professional
judgement, to be meaningful to the intended users.
 A limited assurance report conveys the limited nature of the assurance
provided.
54
Principles Of Public-sector Auditing
General Principles
 Ethics and independence
Auditors should comply with the relevant ethical requirements and
be independent.
 Key Ethical Principles include
 integrity  Independence and objectivity
 competence  professional behavior
 confidentiality and transparency

55
Principles Of Public-Sector Auditing
General Principles
Professional judgement, due care and scepticism
Auditors should maintain appropriate professional behaviour by
applying professional scepticism, professional judgment and due care
throughout the audit.
 Professional judgments implies the application of collective
knowledge, skills and experience to the audit process.
 Due care means that the auditor should plan and conduct audits in a
diligent manner.
 Auditors should avoid any conduct that might discredit their work.

56
Principles Of Public-Sector Auditing
General Principles
 Professional scepticism means maintaining professional
distance and an alert and questioning attitude when
assessing the sufficiency and appropriateness of evidence
obtained throughout the audit.
 It also entails remaining open minded and receptive to all
views and arguments

57
Principles Of Public-Sector Auditing
General Principles
Audit team management and skills
Auditors should possess or have access to the necessary skills
 The individuals in the audit team should collectively possess the

knowledge, skills and expertise necessary to successfully complete

the audit.
 This includes an understanding and practical experience of the type

of audit being conducted, familiarity with the applicable standards

and legislation, an understanding of the entity’s operations and the
ability and experience to exercise professional judgment.

58
Principles Of Public-Sector Auditing
General Principles
Communication
Auditors should establish effective communication throughout the
audit process
 It is essential that the audited entity be kept informed of all matters
relating to the audit.
 Communication should include obtaining information relevant to the
audit and providing management and those charged with governance
with timely observations and findings throughout the engagement.
 The auditor may also have a responsibility to communicate audit-related
matters to other stakeholders, such as legislative and oversight bodies
59
 Communication

 Audit team shall establish open co-operation and interaction and an

atmosphere of confidence with the audited entity at the earliest
opportunity
 The audit team shall be receptive to alternative views and arguments
and seek data from different sources and stakeholders
 If conflicts occur, efforts shall be made to air contradictory opinions
with a view to making the final picture as true and fair as possible.

60
Principles Of Public-Sector Auditing
General Principles
Audit risk
Auditors should manage the risks of providing a report that is
inappropriate in the circumstances of the audit.

 The auditor performs procedures to reduce or manage the risk of

reaching inappropriate conclusions, recognising that the limitations
inherent to all audits mean that an audit can never provide absolute
certainty of the condition of the subject matter.

61
Audit Risk
 In an attestation engagement the audit risk has three components:
 the subject matter’s inherent risk (IR)

 the control risk (CR); );

 the risk that the relevant internal controls associated with

the inherent risks are inappropriate or do not work properly
 the detection risk (DR);

 the risk that the procedures performed by the auditor will

lead to an incorrect conclusion/opinion

62
Audit Risk

 By identifying and evaluating the entity’s inherent and control risks,

the auditor can define the nature and extent of the evidence gathering
procedures required to test compliance with the criteria.
 The higher the level of risk, the greater the extents of audit work that
will be required to lower detection risk sufficiently to achieve the
acceptable level of audit risk.

63
 Principles Of Public-Sector Auditing
General Principles
Materiality
Auditors should consider materiality throughout the audit process.
 Materiality consists of both quantitative and qualitative factors.
 It is determined for
 Planning purposes
 Evaluating the evidence and identifying the area of non-compliance
 Reporting the results of audit.
 Materiality is considered in terms of value, nature or characteristics of an item or
group of items.
64
 Principles Of Public-Sector Auditing
General Principles
Matters that may be considered material at a lower level of value or
incidence
 Fraud

 Intentional unlawful acts or non-compliance

 Incomplete information to auditor, management or legislature

 Event and transaction made despite knowledge of the lack of

legal basis

65
Principles Of Public-Sector Auditing
General Principles
Documentation
Auditors should prepare audit documentation that is sufficiently detailed
to provide a clear understanding of the work performed, evidence
obtained and conclusions reached.

66
Principles Of Public-Sector Auditing
General Principles
Audit documentation should include
 audit strategy and audit plan.

 record the procedures performed and evidence obtained and support

the communicated results of the audit.

 It should be sufficiently detailed to enable an experienced auditor, with

no prior knowledge of the audit, to understand the nature, timing,

scope and results of the procedures performed, the evidence obtained
in support of the audit conclusions and recommendations, the
reasoning behind all significant matters that required the exercise of
professional judgment, and the related conclusions.
67
IFPP on Performance Audit
ISSAI 3000 and GUID 3910 & 3920
Definition of Performance Auditing

 Performance auditing carried out by SAIs is an independent, objective

and reliable examination of whether government undertakings,
systems, operations, programmes, activities or organisations are
operating in accordance with the principles of economy, efficiency and
effectiveness and whether there is room for improvement.
 Performance auditing promotes accountability by assisting those with
governance and oversight responsibilities to improve performance.

69
 General Principles

 Performance audit has the objective of examining one or more of these

three:
 economy

 efficiency

 effectiveness

70
 General Principles- Economy

 Minimizing the cost of resources used for an activity, having regard to

appropriate quality.
 Concerned with availability of resources
 in due time

 in appropriate quantity and quality

 at best price

71
 General Principles - Efficiency

 Resources have been put to optimal use or whether similar results

could be achieved with fewer resources
 Concerned with the relationship between
 resources employed,

 conditions given and results achieved;

 in terms of quantity, quality and timing of outputs and outcomes

72
 General Principles - Effectiveness

 Effectiveness is a goal attainment concept

 Concerned with
 attaining the specific aims or objectives set and/or

 achieving the intended outputs

 Also concerned with ascertaining whether impacts observed is really

the result of policy or other circumstances

73
Planning

 Two levels of planning are:

 Strategic Planning: Selection of potential themes/ topics

 Operational Planning or Planning of individual audits: individual

audits are planned in such a way that
 High quality audit is conducted

 Economically, efficiently and effectively and

 In a timely manner

74
 Strategic Planning
 Strategic planning is the basis for the selection of performance audit
topics

 Audit topics are selected based on:

 Significance (Financial/social and political)

 Auditability (Ability to conduct audit)

 Audit impact (can lead to important benefits)

 Risk Assessment (risks to good performance)

75
 Operational Planning

 It involves certain research efforts, with the aim of

 building knowledge,

 testing various audit designs; and

 checking whether data needed is available.

 Different kinds of documents from the audited entity as well as past

audits and evaluations carried out by the SAI, are examined to
understand the audited entity/program

76
Audit Objective(s)
 An audit objective(s) can be thought of as audit questions about the
subject matter on which the auditor seeks to obtain answers, based on
the audit evidence obtained.
 Audit objective(s) should relate to the principles of economy, efficiency
and/or effectiveness.
 They should be in sufficient detail in order to be clear about the
questions that will be answered and to allow logical development of the
audit design.

77
Audit Objective(s)
 If the audit objective(s) is formulated as audit questions and broken
down into sub-questions, it should be ensured that they are
thematically related, complementary, not overlapping and collectively
exhaustive in addressing the overall audit question.
 It is good practice to describe the audit objective(s) as simply as
possible
 Audit questions may be analytical, normative or descriptive.
 Formulation of audit questions is an iterative process in which the
auditor repeatedly specifies and refines the questions, taking account
of known and new information on the subject as well as the feasibility
of obtaining answers.
78
Audit Approach

The auditor shall choose a result-, problem or system-oriented audit

approach, or a combination thereof.

 The audit approach determines the nature of the examination to be

made and is an important link between the audit objective(s), audit
criteria and the work done to collect the evidence.

79
Audit Approach

 A system-oriented approach examines the proper functioning of

management systems.
 A result-oriented approach assesses whether outcome or output
objectives have been achieved as intended or programmes and
services are operating as intended.
 A problem-oriented approach examines, verifies and analyses the
causes of particular problems or deviations from audit criteria.

80
Audit Criteria
 The auditor shall establish suitable audit criteria, which correspond to
the audit objective(s) and audit questions and are related to the
principles of economy, efficiency and/or effectiveness.
 The auditor shall, as part of planning and/or conducting the audit,

discuss the audit criteria with the audited entity.

The audit criteria can be
 qualitative or quantitative

 general or specific

 what is expected, according to sound principles, scientific knowledge

and best practice

81
Audit Criteria
Audit criteria should be
◦ Relevant

◦ Reliable

◦ Reasonable

◦ Objective

◦ Complete

 Source of audit criteria used is identified

 The audit criteria has to be discussed with the audited entity, but it is
ultimately the auditor’s responsibility to select suitable audit criteria.
82
 Planning – Audit Procedure

 Audit methods chosen best allows the gathering of audit data in an

efficient and effective manner.

 The audit procedure indicates the nature, source and the means for
gathering evidence to conclude against the objectives and answer
audit questions.

83
 Conducting Audit

The auditor shall obtain sufficient and appropriate audit evidence in order
to establish audit findings, reach conclusions in response to the audit
objective(s) and audit questions and issue recommendations when
relevant and allowed by the SAI´s mandate.

84
 Audit Evidence
 Evidence
 Information collected to support the auditor’s judgment and

conclusion regarding the organization, program, activity or

function under audit
 Characteristics of audit evidence
 Sufficient - enough to persuade a reasonable person that audit

findings and conclusions are warranted

 Valid and reliable - it actually represents what it purports to

represent
 Relevant - a clear and logical relationship to audit objectives and

criteria 85
Sufficient and appropriate audit evidence
 The auditor shall select a combination of audit techniques to be able
to form a conclusion with the selected level of assurance.

 Audit evidence is gathered using a variety of methods such as:

 Observation  Re-calculation
 Inspection  Substantive testing
 Inquiry  Test of key controls
 External confirmation  Analytical procedures
 Re-performance

86
Information to be used as audit evidence

 The information has to be evaluated for its

 Reliability
 Consistency
 Ambiguity
 accuracy and completeness
 Precision and detail

87
 Reporting– Key Concepts

 Audit Criteria – What should be

 Audit Evidence – What is
 Audit Finding – comparing criteria and evidence
 Cause – Reasons for difference between criteria and evidence
 Effect - impact of difference between criteria and evidence
 Audit conclusion - statements deduced by audit from findings
 Recommendation – Course of action suggested by audit

88
 Reporting
The auditor shall provide audit reports, which are
a) comprehensive,

b) convincing,

c) timely,
d) reader friendly, and

e) balanced

89
 Reporting
To be convincing,
 an audit report needs to be logically structured and present a clear

relationship between the audit objective(s) and/or audit questions,

audit criteria, audit findings, conclusions and recommendations.
 audit findings need to presented persuasively, address all relevant

arguments to the discussion, and be accurate.

 Accuracy requires that the audit evidence presented and all the audit

findings and conclusions are correctly portrayed.

 Accuracy assures readers that what is reported is credible and reliable.

90
 Reporting
 Being timely requires that an audit report needs to be issued on time in
order to make the information available for use by management,
government, the legislature and other interested parties.
 To be reader friendly, the auditor needs to
 Use simple, clear and unambiguous language in the audit report to the

extent permitted by the subject matter.

 Use illustrations and conciseness to ensure that the audit report is no

longer than needed.

 Being balanced means that
 the audit report needs to be impartial in content and tone.

 All audit evidence needs to be presented in an unbiased manner.

91
Reporting
 The auditor shall identify the audit criteria and their sources in the
audit report.
 The auditor shall ensure that the audit findings clearly conclude against
the audit objective(s) and/or questions, or explain why this was not
possible.
 The auditor shall provide constructive recommendations that are likely
to contribute significantly to addressing the weaknesses or problems
identified by the audit, whenever relevant and allowed by the SAI’s
mandate.

92
Reporting
The auditor shall provide constructive recommendations that are likely to
contribute significantly to addressing the weaknesses or problems
identified by the audit, whenever relevant and allowed by the SAI’s
mandate.
In order to be constructive, recommendations will typically:
 be directed at resolving the causes of weaknesses or problems identified;
 be practical and add value;
 be well-founded and flow logically from the findings and conclusions;
 be phrased to avoid truisms or simply inverting the audit conclusions;
 be neither too general nor too detailed.
 be possible to implement without additional resources;
 be addressed to the entities with the responsibility and competence for
implementing them 93
Reporting
The auditor shall give the audited entity the opportunity to comment on
the audit findings, conclusions and recommendations before the SAI
issues its audit report.
 This helps the auditor develop a report that is fair, complete, and objective.
 Including the views of audited entities results in a report that presents not only
the auditor’s findings, conclusions, and recommendations, but also the
perspectives of the audited entity.
 It is advisable to obtain the comments in writing.
 Usually the SAI determines the amount of time given to the audited entity for
providing feedback, but care must be taken to ensure that there is sufficient
time

94
Reporting
 The auditor shall record the examination of the audited entity’s
comments in working papers, including the reasons for making
changes to the audit report or for rejecting comments received.
 The SAI shall make its audit reports widely accessible taking into

consideration regulations on confidential information.

 Distributing audit reports widely can promote the credibility of the

audit function.
 A good performance audit enables the legislature to effectively

scrutinise government and agency performance, and influence

decision-makers in government and the public service to make
changes that lead to better performance outcomes.
95
ISSAI 4000
Compliance Audit Standard

96
Objective Of Compliance Auditing
 To provide the intended user(s) with information on whether the audited
public entities follow parliamentary decisions, laws, legislative acts,
policy, established codes and agreed upon terms.
 Depending on mandate of SAI, Compliance Audit may cover
Regularity

 adherence to formal criteria such as relevant laws,

regulations and agreements
Propriety

 observance of the general principles governing sound

financial management and the conduct of public officials
97
 Objective of Compliance Auditing
 Every compliance audit is an assurance engagement.
 Each assurance engagement is either
 an attestation engagement or

 a direct reporting engagement.

 The auditor chooses the level of assurance based on the needs of the
intended user(s).
 The audit report provides either
 reasonable assurance or
 limited assurance.
98
Identification of Subject Matter and Scope

 The way in which the subject matter is selected, has an impact on the
audit approach when it comes to audit evidence and resources.

 The scope defines the subject matter, and what is going to be audited.
The scope depends on the needs of the intended user(s), the decided
level of assurance, the risk that has been assessed and the
competence and resources available in the SAI.

99
Risk of fraud

The auditor shall consider the risk of fraud throughout the audit process,
and document the result of the assessment

 The auditor needs to identify and assess the risk of fraud and obtain
sufficient and appropriate audit evidence regarding the assessed risks,
through designing and implementing appropriate responses

100
Selection of areas significant for the intended user(s)
Where the SAI has discretion to select the coverage of compliance
audits it shall identify areas that are of significance for the intended
user(s) based on :
• Public or legislative interests or expectations.
 Impact on citizens / Beneficiaries of public funds.
 Significance of certain provisions of the law.
 Rights of citizens and of public sector bodies.
 Potential breaches of applicable laws and other regulations
• Non-compliance with internal controls, or the absence of an adequate internal
control system.
 Findings identified in previous audits.
 Risks of non-compliance signaled by third parties
101
 Defining the subject matter and the corresponding
audit criteria
 Where the SAI has discretion to select the coverage of compliance audits,
the auditor shall define the subject matter to be measured or evaluated
against criteria

 Where the SAI has discretion to select the coverage of compliance audits,
the auditor shall identify relevant audit criteria prior to the audit to
provide a basis for a conclusion/an opinion on the subject matter.

102
Understanding the entity and its environment
including the internal control
The auditor shall have an understanding of the audited entity and its
environment, including the entity’s internal control, to enable effective
planning and execution of audit.

103
Audit strategy and audit plan
The auditor shall develop and document an audit strategy and an audit
plan that together describe how the audit will be performed to issue
reports that will be appropriate in the circumstances, the resources
needed to do so and the time schedule for the audit work.

 Audit strategy is the basis for deciding whether the audit is

possible to execute.
 Audit strategy describes what to do
 Audit plan describes how to do it

104
Audit sampling

 The application of audit procedure to less than 100% of items

within a population of audit relevance so that all sampling units
have equal chances of selection to provide reasonable basis for
drawing conclusion on entire population
 The auditor shall use audit sampling, where appropriate, to provide
a sufficient amount of items to draw conclusions about the
population from which the sample is selected.
 When designing an audit sample, the auditor shall consider the
purpose of the audit procedure and the characteristics of the
population from which the sample will be drawn.
105
Sampling
 Auditor may use either non-statistical or statistical sampling approach.
 The purpose of audit procedure and characteristics of population is to
be considered.
 The sample size to be determined to reduce the sample risk to
acceptably low level.

 sample may be quantitative or qualitative depending on the audit

scope, and the need for information to illuminate the subject
matter from several angles.

106
Evaluating Audit Evidence
and Forming Conclusions
 The auditor shall compare the obtained audit evidence with the
stated audit criteria to form audit findings for the audit conclusion(s).
 Based on the audit findings, and the materiality, the auditor shall
draw a conclusion whether the subject matter is, in all material
respects, in compliance with the applicable criteria.
 The auditor shall communicate the level of assurance provided in a
transparent way.

107
Reporting

 The auditor shall communicate the conclusion in an audit report.

 The conclusion can be expressed either as an
 opinion,
 conclusion,
 answer to specific audit questions or
 Recommendations

108
 Reporting
The audit report shall include the following elements
 Title.

 Identification of the auditing standards.

 Executive summary (as appropriate).

 Description of the subject matter and the scope

 Audit criteria.

 Explanation and reasoning for the methods used.

 Findings.

 Conclusion(s) based on answers to specific audit questions or opinion.

 Replies from the audited entity (as appropriate).

 Recommendations (as appropriate).

109
Reporting of Suspected Unlawful Acts

 In conducting compliance audits, if the auditor comes across instances

of non-compliance which may be indicative of unlawful acts or fraud,
s/he shall exercise due professional care and caution and
communicate those instances to the responsible body.
 The auditor shall exercise due care not to interfere with potential
future legal proceedings or investigations.

110
THANK YOU

111