1 / 14

Risk Analysis framework for Compliance Audit in SAI India

This presentation outlines the audit mandate of SAI India, features of the risk analysis framework, parameters for inherent and control risk, computation of overall risk index, and challenges in developing and maintaining the framework.

dawnhamilton
Download Presentation

Risk Analysis framework for Compliance Audit in SAI India

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Risk Analysis framework for Compliance Audit in SAI India XV Meeting of Compliance Audit Sub-Committee Luxembourg 9-10 October 2018 Office of Comptroller & Auditor General of India

  2. Presentation Schedule • Audit Mandate of SAI India • Features of risk analysis framework • Parameters for inherent risk • Parameters for control risk • Computation of overall risk index • Challenges in development and maintenance of risk analysis framework

  3. Audit mandate of SAI India • India - a Union of 29 states with 1.2 billion people • Comptroller & Auditor General of India has audit mandate for both union government and the state governments • Audit conducted in accordance with C&AG’s Auditing Standards issued in 2017 • Compliance Auditing Guidelines issued in 2016 adapting the ISSAI Guidelines • Audited entities classified as apex auditable entity, audit unit and implementing units. Audit unit based on devolution of powers, functional autonomy and operational significance. • The number of entities audited is around 56,000 consisting of 17,000 entities of union government and 39,000 entities of state governments

  4. Risk categorisation of audited entities • Audited entities categorised as high, medium and low risk based traditionally on budget and expenditure levels • Large scale digitisation of government activities and development of detailed database of expenditure of government in SAI facilitated review of existing risk analysis framework in 2017-18 • New framework used for risk categorisation of audit universe for preparation of annual audit plan and for identifying sectoral and non sectoral risk areas for focused audit

  5. Assessment of inherent risk • Expenditure is categorised in the accounts of all entities under 70 different primary heads of expenditure like salaries, travel expenses etc. by all audited entities. • 70 primary heads of expenditure in accounts is regrouped under 7 broad classes. Slide 9 • Expenditure of each audited entity is identified and assessed against 7 risk parameters on a 1-5 scale including a parameter on vacancies in the entity.#10. Slide 10 • Based on Inherent Risk score of each class of primary head of expenditure under the entity, Total Inherent Risk Value of the entity worked out by aggregating the Inherent Risk Value of all the classes of primary expenditure of that entity and multiplying the same by actual expenditure.#11. Slide 11

  6. Assessment of control risk • Entities having weak control environment will have higher control risk • Control risk assessed through four parametersSlide 12 • Expenditure and related controls • Technology related controls • Internal and external audit outputs • Other factors

  7. Risk Value and Categorisation of entities • After computation of Inherent and Control Risks, the risk score of the audited entity can be determined as given below: • Risk score of the entity = (Total Inherent Risk score of the entity in monetary value) X (Control Risk score of the entity)Risk categorisation of audited entity • Audited entities categorised as high, medium and low risk based on the risk score • Periodicity of audit and composition of audit team decided on the basis of level of risk categorisation

  8. Challenges in development and maintenance of risk analysis framework • Collection of data from large number of audited entities • Revision of data for entities not audited annually • Need for exercising professional judgment leading to subjectivity in scoring

  9. Risk categorisation of audited entity

  10. Thanks!

More Related