130 likes | 479 Views
PSC meeting - Beijing - October 2008. 2. To develop INTOSAI guidelines for compliance audit that support the audit relating to prevention and detection of fraud, corruption and misuse of public funds, and promote the development of good governance, and accountability and transparency in the public
E N D
1. PSC meeting - Beijing - October 2008 1 The INTOSAI Compliance Audit Guidelines Presentation of Exposure Drafts
ISSAIs 4000, 4100 and 4200 This presentation will cover the following:
Background and objective of CAS
Status of the guidelines
Activities since last PSC meeting in Bahrain
Structure of the guidelines
Process going forward
Some examples of convergenceThis presentation will cover the following:
Background and objective of CAS
Status of the guidelines
Activities since last PSC meeting in Bahrain
Structure of the guidelines
Process going forward
Some examples of convergence
2. PSC meeting - Beijing - October 2008 2 To develop INTOSAI guidelines for compliance audit that support the audit relating to prevention and detection of fraud, corruption and misuse of public funds, and promote the development of good governance, and accountability and transparency in the public sector.
The objective and members of the subcommittee are shown here.
According to the Terms of Reference agreed upon at the ASC meeting in Budapest 10 October 2004, the overall objective of the CA Subcommittee was to develop INTOSAI guidelines for compliance audit that support the audit relating to prevention and detection of fraud, corruption and misuse of public funds, and promote the development of good governance, and accountability and transparency in the public sector.
The objective and members of the subcommittee are shown here.
According to the Terms of Reference agreed upon at the ASC meeting in Budapest 10 October 2004, the overall objective of the CA Subcommittee was to develop INTOSAI guidelines for compliance audit that support the audit relating to prevention and detection of fraud, corruption and misuse of public funds, and promote the development of good governance, and accountability and transparency in the public sector.
3. PSC meeting - Beijing - October 2008 3 The result to date is a complete set of draft INTOSAI Compliance Audit Guidelines – drawing upon internationally recognized best practice guidance - the ISAs and the IFAC assurance framework - while dealing with compliance issues in a public sector context and retaining unique INTOSAI flavor.
The Compliance Audit Guidelines represent the fourth level (Auditing Guidelines) of the International Standards of Supreme Audit Institutions (ISSAI) Framework, where the Founding Principles constitute level 1, the Codes for SAIs the second level and the Fundamental Auditing Principles the third level (including the INTOSAI Auditing Standards).
For compliance audits performed together with the audit of financial statements, the Compliance Audit Guidelines supplement the INTOSAI Financial Audit Guidelines (ISSAI 1000 – 2999).
Depending on the structure of the public sector and the mandate of the SAI, the Compliance Audit Guidelines cover compliance audit at all levels of government: central, regional as well as local. Furthermore, the guidelines may also be applied to audits of private entities when they are involved in the management of public services, for instance through partnership arrangements or as recipients of public grants or subsidies.
ISSAI 4000 provides a high level introduction to the guidelines.
The Compliance Audit Guidelines themselves are written from two main perspectives:
ISSAI 4100 deals with compliance audit performed separately from the audit of financial statements, for example as a separate audit task or related to performance audit
ISSAI 4200 deals with compliance audit related to the audit of financial statements
The result to date is a complete set of draft INTOSAI Compliance Audit Guidelines – drawing upon internationally recognized best practice guidance - the ISAs and the IFAC assurance framework - while dealing with compliance issues in a public sector context and retaining unique INTOSAI flavor.
The Compliance Audit Guidelines represent the fourth level (Auditing Guidelines) of the International Standards of Supreme Audit Institutions (ISSAI) Framework, where the Founding Principles constitute level 1, the Codes for SAIs the second level and the Fundamental Auditing Principles the third level (including the INTOSAI Auditing Standards).
For compliance audits performed together with the audit of financial statements, the Compliance Audit Guidelines supplement the INTOSAI Financial Audit Guidelines (ISSAI 1000 – 2999).
Depending on the structure of the public sector and the mandate of the SAI, the Compliance Audit Guidelines cover compliance audit at all levels of government: central, regional as well as local. Furthermore, the guidelines may also be applied to audits of private entities when they are involved in the management of public services, for instance through partnership arrangements or as recipients of public grants or subsidies.
ISSAI 4000 provides a high level introduction to the guidelines.
The Compliance Audit Guidelines themselves are written from two main perspectives:
ISSAI 4100 deals with compliance audit performed separately from the audit of financial statements, for example as a separate audit task or related to performance audit
ISSAI 4200 deals with compliance audit related to the audit of financial statements
4. PSC meeting - Beijing - October 2008 4 Activities since last PSC meeting - 1 Presentation of draft guidelines at PSC meeting in Bahrain – April 2007
PSC decision to expose guidelines (CA as part of FA – ‘old’ ISSAI 4100 only)
Develop additional introductory document (ISSAI 4000)
Develop additional guidelines for CA separate from FA (ISSAI 4200)
Draft guidelines (CA as part of FA – ‘old’ ISSAI 4100 only) exposed for comment in INTOSAI – Summer 2007
Translated draft guidelines available at INCOSAI 2007 – Nov 2007
Comments received from over 40 SAIs
5. PSC meeting - Beijing - October 2008 5 Comments and suggestions for improvement included ie:
Distinguish more precisely between CA related to financial statements and other aspects of CA
Definition of CA consisting of regularity and/or propriety, while keeping the total scope
Concept of reasonable assurance important
Adapt provisions on audit criteria to the divided definition, while keeping less formal criteria and emphasizing the need for suitable criteria
Further elaboration on materiality in a compliance context
Need for guidance on assessment of compliance deviations
Further guidance on reporting considerations including guidance on long form reports
Special considerations for Court of Account SAIs
Need for further application material:
Risk assessment considerations
Audit procedures
Compliance deviations
Sample reports
Activities since last PSC meeting - 2
6. PSC meeting - Beijing - October 2008 6 Revision of guidelines based on comments received from respondents (dialogue with certain SAIs, FAS, members of CAREG, IFAC) – Fall 2007/ Winter 2008
Presentation of revised and renumbered complete set of guidelines at CAS meeting – Tunisia - 3-4 April 2008
ISSAI 4000 – Introduction
ISSAI 4100 – Compliance Audit Performed Separately from the Audit of Financial Statements
ISSAI 4200 – Compliance Audit Related to the Audit of Financial Statements
Presentation of guidelines at FAS meeting – 9 April 2008
Mail of 13 May 2008 to all CAS members re proposed way forward with request for comments by end of May
3 consistent and stand alone documents
Complete set to be exposed/re-exposed together
Complete set for approval by GB in 2009 and endorsement by INCOSAI in 2010
Consider need for ISSAI 4300 (working group – SAIs of Tunisia, Brazil and ECA)
Activities since last PSC meeting - 3
7. PSC meeting - Beijing - October 2008 7 Review of comments received – May/June 2008
Bilateral contact with CAS members on issues raised in Tunisia and comments received – May/June 2008
Meeting with PSC Secretariat – acceptance for proposed way forward – 26 June 2008
Meeting of the CAS working group (SAIs of Denmark, India, Sweden and ECA) in Oslo – 27 June 2008
Updated draft documents distributed 3 July 2008 to CAS, FAS and CAREG with request for comments by 20 August 2008
Comments received from 5 SAIs and incorporated – August 2008
Revised exposure drafts of ISSAIs 4000, 4100 and 4200 approved at CAS meeting in Bratislava – September 2008
including enhanced guidance drafted by CAS Court of Account SAIs within 4100 and 4200 (Section 10)
Presentation of exposure drafts to PSC – October 2008
Activities since last PSC meeting - 4
8. PSC meeting - Beijing - October 2008 8 Performing the compliance audit and gathering evidence
Evaluating evidence and forming conclusions
Reporting
Additional guidance – Court of Accounts
Appendices with examples
Introduction
Scope of the guidelines
Objectives to be achieved
Definitions
Initial considerations
Planning and designing the compliance audit ISSAI 4100 and 4200 are written as stand alone documents. This means that they are sufficiently complete to be read and applied on their own, without having to read ISSAI 4000 or the other CA ISSAI. At the same time, there are many areas where there is no difference in the guidance, such as most aspects of planning and performing compliance audits. Therefore it was important that the documents should be consistent. However, where there was a need to provide specific guidance in one ISSAI or the other, this guidance should naturally be included in the relevant ISSAI. Remember as well, that when compliance audit is performed as part of an audit of FS, that ISSAI 4200 supplements the INTOSAI Financial Audit Guidelines and should be read together with them.
The main differences between ISSAI 4100 and 4200 are in the wording of the objectives, the scope and initial considerations dealing with the subject matter, and in the reporting section including sample reports and ISSAI 4100’s emphasis on long-form reporting. ISSAI 4100 and 4200 are written as stand alone documents. This means that they are sufficiently complete to be read and applied on their own, without having to read ISSAI 4000 or the other CA ISSAI. At the same time, there are many areas where there is no difference in the guidance, such as most aspects of planning and performing compliance audits. Therefore it was important that the documents should be consistent. However, where there was a need to provide specific guidance in one ISSAI or the other, this guidance should naturally be included in the relevant ISSAI. Remember as well, that when compliance audit is performed as part of an audit of FS, that ISSAI 4200 supplements the INTOSAI Financial Audit Guidelines and should be read together with them.
The main differences between ISSAI 4100 and 4200 are in the wording of the objectives, the scope and initial considerations dealing with the subject matter, and in the reporting section including sample reports and ISSAI 4100’s emphasis on long-form reporting.
9. PSC meeting - Beijing - October 2008 9 Approval of exposure drafts by PSC (Oct 2008)
Exposure drafts to GB for information* (Nov 2008)
Exposure drafts to INTOSAI (Nov 2008 – Jan 2009)
Incorporate comments (Feb/Mar 2009)
Final approval by CAS (Mar/April 2009)
Final approval of documents by PSC (June 2009)
Translations (Fall 2009 / Winter 2010)
Presentation at INCOSAI and endorsement (Fall 2010) Process going forward – focus on complete set of CA guidelines.
Approval of draft CA guidelines at CAS September. PSC meeting 20-22 October. GB in November – thereafter exposure in INTOSAI. Approx 3 month exposure period. Then comments and analysis. Finalize guidelines fall 2009. Then translations and endorsement in 2010.
Would therefore ask for your approval of exposure drafts presented.Process going forward – focus on complete set of CA guidelines.
Approval of draft CA guidelines at CAS September. PSC meeting 20-22 October. GB in November – thereafter exposure in INTOSAI. Approx 3 month exposure period. Then comments and analysis. Finalize guidelines fall 2009. Then translations and endorsement in 2010.
Would therefore ask for your approval of exposure drafts presented.
10. PSC meeting - Beijing - October 2008 10 For your information, here are some other significant examples of convergence in the area of compliance audit:
FEE’s (Federacion des Experts Comptables Europeens) Discussion Paper – Compliance with Laws and Regulations – Audits and Assurance Engagements in the Public sector
Australia’s Standards on Assurance Engagements – Compliance Engagements (based on IFAC’s ISAE 3000) was finalised in June 2008. Australia has come very far in terms of new public sector management as well as harmonization of standards. The AG himself is on the IAASB and representatives of the OAG Australia have contributed to the development of the Australian standard shown here – the standard applies to compliance audit for both the public and private sector. A similar standard is being developed in Australia for performance audit engagements (exposure draft released, standard now being finalised)
For your information, here are some other significant examples of convergence in the area of compliance audit:
FEE’s (Federacion des Experts Comptables Europeens) Discussion Paper – Compliance with Laws and Regulations – Audits and Assurance Engagements in the Public sector
Australia’s Standards on Assurance Engagements – Compliance Engagements (based on IFAC’s ISAE 3000) was finalised in June 2008. Australia has come very far in terms of new public sector management as well as harmonization of standards. The AG himself is on the IAASB and representatives of the OAG Australia have contributed to the development of the Australian standard shown here – the standard applies to compliance audit for both the public and private sector. A similar standard is being developed in Australia for performance audit engagements (exposure draft released, standard now being finalised)