1 / 45

ISSAI Guidelines On Compliance Audit Parimal Paul Director (Administration)

ISSAI Guidelines On Compliance Audit Parimal Paul Director (Administration). Session Overview. In this session, we will discuss: The key points of ISSAI guidelines on Compliance Audit and the concepts embodied therein. Learning Objectives.

mfisher
Download Presentation

ISSAI Guidelines On Compliance Audit Parimal Paul Director (Administration)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ISSAI Guidelines On Compliance Audit Parimal Paul Director (Administration)

  2. Session Overview In this session, we will discuss: • The key points of ISSAI guidelines on Compliance Audit and the concepts embodied therein.

  3. Learning Objectives • At the end of the session, the participants will be familiarized with key points of ISSAI guidelines on Compliance Audit and concepts thereon will be more clear to them.

  4. (Contd.) INTOSAI’s Lima Declaration: ‘The concept and establishment of audit is inherent in public financial administration as the management of public funds represents a trust. Audit is not an end in itself but an indispensable part of a regulatory system whose aim is to reveal deviations from accepted standards and violations of the principles

  5. (Contd.) of legality, efficiency, effectiveness and economy of financial management early enough to make it possible to take corrective action in individual cases, to make those accountable accept responsible, to obtain compensation, or to take steps to prevent-or at least render more difficult-such breaches.’

  6. Introduction Compliance audit deals with the degree to which the audited entity follows rules, laws and regulation, policies, established codes, or agreed upon terms and conditions, etc. It provides assurance to intended users about the outcome of the evaluation or measurement of a subject matter against the criteria.

  7. Introduction(Contd.) • I t may include depending on mandate of SAI- • Regularity • Propriety Compliance Deviation- the audited entity’s failure to comply with: • Authorities- for compliance audits of regularity; or b) General principles for sound public sector financial management and conduct of public sector officials.

  8. Introduction(Contd.) Assertion Based Reporting vs. Direct Reporting • In some cases, the management entity may prepare a specific assertion or a statement of compliance. • In many Public sector units, there is no such assertion. The matter information is embedded in the auditor’s report-either in the form of data/information or as an explicit statement in the form of compliance. • The ISSAI guidelines are based on direct reporting audits, but may be applied to assertion based reporting.

  9. Introduction(Contd.) • Result of such auditing is reported to the audited entity and the legislature. • The result is also made available to general public to support accountability and transparency in public sector.

  10. Introduction (Contd.) The suite of compliance audit guidelines comprises the following: • ISSAI 4000: A general introduction to guidelines on compliance audit. • ISSAI 4100: Compliance audit guidelines for audits performed separately from the audit of financial statements. Such work may be carried out as part of a performance audit or as a separate audit type. • ISSAI 4200: Compliance audit guidelines related to the audit of financial statements. 10

  11. 11

  12. Scope and Nature of Compliance Audit( Para 2.1 of 4100 ) • In general the mandate of SAI determines the scope. • The Legislative Body may request SAI to perform certain type of audit, which may be accepted provided SAI’s independence is not compromised.

  13. Scope and nature of Compliance Audit(Contd.) • The factors which influence the scope: • Relevant laws and regulations. • Experience of previous audit. • Risk Assessment. • Public interest or expectations. • Request by legislative body.

  14. Reasonableand Limited Assurance(Para 2.2 of 4100 ) • Do we provide any kind of assurance in course of conducting our compliance audit? • Normally compliance audit should be designed to provide Reasonable Assurance of detecting errors, irregularities and illegal acts.

  15. Reasonable and Limited Assurance(Contd.) • Two types of Audit Assurances: • Reasonable ( Positive ). • Limited ( Negative ). • Due to inherent limitations, audit cannot provide 100% assurance. • Reasonable assurance is high but not absolute.

  16. Reasonable and Limited Assurance(Contd.) • In Limited Assurance review, procedures are normally restricted to analytical procedures and inquiries. • The nature, timing and extent of procedures in both cases are determined by applying professional judgment.

  17. Reasonable and Limited Assurance(Contd.) • Reasonable Assurance Format: ‘in our opinion the subject matter is/is not in compliance, in all material respects, with the stated criteria’. Limited Assurance Format: ‘nothing has come to our notice that would indicate that the subject matter is not in compliance, in all material respects, with the criteria’

  18. Objectives to be achieved ( Para 3 of 4100) • To gather sufficient appropriate audit evidence to conclude whether subject matter is in compliance with in all material respects against the set criteria. • Report the findings to Legislative and other appropriate bodies.

  19. Ethical Consideration (Para 5.1 of 4100 ) • The principles relate to: • The independence of SAI including political neutrality. • Avoidance of conflict of interest. • Competence. • Exercise of due care and concern in complying with fundamental auditing principles.

  20. Criteria ( Para 6.3 of 4100 ) • This is the Bench-Mark against which the subject matter is compared. It becomes more difficult when propriety is the subject matter and that may include public expectation. • Characteristics: • Relevant. • Reliable • Complete • Objective. • Understandable. • Comparable. • Acceptable • Available

  21. Understanding Audited Entity and its Environment ( Para 6.4 of 4100 ) • An understanding of the entity and its environment is necessary to determine materiality and assessing the risk. • Sources: • Laws and Regulations. • Budget. • Ministerial directives. • Information from Regulatory Authorities

  22. Understanding audited entities and its environment (Contd.) • Websites. • Published Reports in media. • Knowledge obtained in previous audit. • Minutes of Board/Managing committee meetings • Internal audit report. • Official Statistics.

  23. Audit Strategy and Plan (Para 6.5 of 4100 ) • The Public Sector auditor develops an audit plan for compliance audit. The audit plan includes: • A description of audit criteria. • A description of nature, timing and extent of risk assessment. • A description of nature, timing and extent of planned audit procedures.

  24. Understanding Internal Control ( Para 6.6 of 4100 ) • In performing audit, the public sector auditor should understand and evaluate the reliability of internal control. • It includes understanding and evaluating the controls that assist management in complying with laws, rules and regulations. The assurance derived from internal control will determine confidence level and extent of audit procedures to perform.

  25. Materiality (Para 6.7 of 4100) • Materiality consists of both quantitative and qualitative factors. • It is determined for • Planning purpose • Evaluating the evidence and identifying the area of non-compliance. • Reporting the results of audit. • Materiality is considered in terms of value, nature or characteristics of an item or group of items.

  26. Materiality (Contd.) • The matters that may be considered material at a lower level of value or incidence: • Fraud • Intentional unlawful acts or non-compliance • Incomplete information to auditor, management or legislature • Event and transaction made despite knowledge of the lack of legal basis.

  27. Risk Assessment (Para 6.8 of 4100 ) • Risk assessment is an essential part of performing a reasonable assurance audit. • This is done to: • reduce audit risk to an acceptable low level, • Obtain reasonable assurance as the basis for auditor’s conclusion. • There are three types of audit risks: • Inherent Risks. • Control Risks. • Detection Risks.

  28. Risk Assessment in regard to Fraud (Para 6.8.1 of 4100 ) • The public sector auditor gather sufficient appropriate audit evidence and identify fraud risks through appropriate audit procedures. • Areas which can typically give rise to fraud in public sector • Grants and benefits to third parties, • Procurement, • Privatisation of government entities, • exercise of public officials’ duties and power.

  29. Performing Compliance Audit and gathering evidence ( Para 7 of 4100 ) • Public Sector auditor chooses and perform audit steps and procedures that, in their professional judgement, are approprtate in the circumstances. • It is designed to obtain- • Sufficient • Competent • Relevant evidence to provide a reasonable basis for auditor’s judgement and conclusions.

  30. Performing Compliance Audit and gathering evidence (Para 7 0f 4100 ) • The procedures should be clearly linked to identified risks. • When risk of non-compliance is significant and auditor relies on control, such controls must be tested. • When controls are not considered reliable, auditors plans and performs substantive procedures. • If audit approach consists of only substantive procedures, test of details are performed.

  31. Gathering and Evaluating Evidence ( Para 7.1 of 4100 ) • The fundamental auditing principles state that ‘competent, relevance and reasonable evidence should be gathered to provide basis for auditor’s judgement and conclusions. • The sufficiency relates to quantity of evidence. • The competence, relevance, reliability and appropriateness relate to quality of evidence. • The evidence gathering process is systematic and iterative.

  32. Gathering and Evaluating Evidence (Contd. ) • The evidence gathering techniques: • Observation, • Inspection, • Inquiry, • Re-Performance, • Confirmation, • Analytical procedures.

  33. Documentation ( Para 7.2 of 4100 ) • Audit Evidence gathered must be sufficiently documented. • It should be complete and detailed so that an auditor, having no connection with audit, can understand the work performed in support of conclusion. • Documentation takes place throughout the audit process.

  34. Documentation ( Contd.) • Documentation done on timely basis maintains: • Criteria used, • The work done, • Evidence obtained, • Judgement made. • Review Performed. • Documentation is retained for appropriate period of time.

  35. Communication (Para 7.3 of 4100 ) • Communication with audited entity throughout the audit makes the process effective and constructive. • Communication at initial planning stage-the audit strategy, timing, logistics, responsibilities, suitable audit criteria and other elements of planning. • During performance and throughout audit- significant difficulties encountered and material non-compliance.

  36. Reporting of suspected unlawful Acts (Para 7.4 of 4100 ) • The detection of potential unlawful acts including fraud is not the main objective of performing compliance audit. • The public sector auditor do include fraud risk factors in risk assessment and remain alert • The auditor may communicate their suspicions to management and then follow up to ascertain that action has been taken.

  37. General considerations on evaluating evidence and forming conclusions (Para 8.1 of 4100 ) • Evidence is evaluated in relation to materiality levels to identify instances of material non-compliances. • The factors may include: • Importance of amount involved, • circumstances, • cause leading to non-compliance, • possible effects and consequences non-compliances may have, • Visibility and sensitivity of the programme, • Needs and expectations of the legislature and public.

  38. Reporting ( Para 9 0f 4100 ) • Public sector auditor ensures that report presented • are factually correct, • presented in proper perspective, • balanced in all respects, • Reporting- being essential part of public sector auditing- involves reporting deviation and violations so corrective actions can be taken and persons accountable may be held responsible. • the responses from audited entity are appropriately incorporated. • The principles of contradictions apply involving checking the facts with audited entity and incorporating their responses of appropriate authority.

  39. Form and content of Compliance audit(Para 9.1 of 4100 ) • The form of written report may vary depending on circumstances. • The factors that may influence: • the mandate of SAI, • applicable legislation or regulation, • the objective of particular compliance audit, • Customary reporting practice, • Complexity of the reported issue, • the need of the intended users.

  40. Form and content of compliance audit ( Contd.) • While presenting audit observations and findings, the following four elements must be made apparent to users for their better appreciation of work performed and consequences and significance of findings: • Criteria • Conditions • Cause • Effect.

  41. Audit conclusion (Para 9.1.1.2 of 4100 ) • Depending upon scope and mandate, the conclusion may be expressed as a statement of assurance or as a elaborated answer to specific audit question • Where no material instances of non-compliance is found, the conclusion is unqualified • The modified conclusion is of three types- A qualified conclusion, an adverse conclusion and a disclaimer. • Public auditors provide reasons for modified conclusion.

  42. Conclusions and recommendations • The primary purpose of conclusions and recommendations- • a) to provide clear answers ( conclusions ) to the audit question ( identified criteria ) and • b) to provide constructive and practical recommendations for improvement. • Recommendations are most effective when they are positive in tone and result-oriented.

  43. Follow-Up Process ( Para 9.2 of 4100 ) • The Follow-up process emphasizes: • reporting on constructive recommendations, • corrections of identified weaknesses. • Other follow-up process may include: • internal reviews and evaluations prepared by audited entity or others, • conferences and seminars held for or by the audited entity.

  44. Follow-Up Process ( Contd.) • The follow-up process facilitates: • effective implementation of corrective actions, • useful feedback to audited entity and users of report, • useful feedback to auditors in planning future audits.

  45. Thank you

More Related