Compliance Audit Subcommittee (CAS) Presentation to the PSC Steering Committee

1. Compliance Audit Subcommittee (CAS) Presentation to the PSC Steering Committee Brasilia June 2009

2. CAS plan 2008-2010according to PSC Progress Report 2008 • Purpose to finalize the development of Compliance Audit Guidelines • A complete set of guidelines exposed to the INTOSAI community after being presented to PSC in October and GB in November 2008, consisting of: • ISSAI 4000 and 4100 for first time exposure • ISSAI 4200 (previously 4100) for re-exposure • Subsequently present a complete set for approval to PSC and GB 2009 • Present the complete set for endorsement at INCOSAI 2010 Brasilia June 2009

3. Short update of CAS project status • Exposure Drafts of ISSAIs 4000-4200 approved by PSC in October and presented to GB in November 2008 • Exposure process within INTOSAI by 1 February 2009 • Comments received from 23 SAIs and the FAS secretariat • Adjusted ISSAIs 4000-4200 approved by CAS in March 2009 • Presented for approval as endorsement versions to PSC in Brasilia in June 2009 • The current status is in accordance with the progress plan presented in the PSC report 2008 Brasilia June 2009

4. ISSAI 4000 General introduction to compliance audit Presents • An overall view of compliance audit, and of ISSAIs 4100 and 4200 written from the different perspectives of compliance audit performed separately from, or related to, the audit of financial statements • Authority of the guidelines • Diversity in organizing and reporting on compliance audit • Relationship to other auditing standards Brasilia June 2009

5. ISSAI 4100 Compliance audit performed separately from the audit of financial statements • The subject matters may vary considerably from audit to audit • ISSAI 4100 introduces reasonable vs. limited assurance, but the scope goes beyond the use of the “assurance” concept: • The guidelines apply to auditing tasks where the purpose is to obtain sufficient appropriate evidence to support the findings. The conclusion may be expressed in a formalized statement of assurance or in a more elaborated form • The reports may be either short-form or long-form reports Brasilia June 2009

6. ISSAI 4200 Compliance audit related to the audit of financial statements • Based on reasonable assurance • in line with the ISA approach on audit of financial statements, leading to reporting in the form of an opinion • May on an exceptional basis be applied, as appropriate, to limited assurance reviews • Sufficiently flexible to allow for combining a reasonable assurance audit of the financial statements with a limited assurance review on compliance • Providing examples of various reporting combinations, clearly stating the auditor’s different responsibilities on reasonable assurance audit vs. limited review • Reports on compliance may be either short-form, as in the form of an opinion, or long-form Brasilia June 2009

7. Court of Accounts issues • ISSAIs 4000-4200 are intended to be relevant for compliance audit in SAIs representing both the Auditor General system and the Court of Accounts system • Do not cover particularities related to the judgement part of compliance auditing in SAIs of the Court type • The CAS meeting in March 2009 decided to initiate a further exploration of Court of Accounts issues, to be continued after 2010 Brasilia June 2009

8. Further CAS work beyond 2010 • According to the CAS meeting in March 2009, CAS should be engaged in: • The implementation of the compliance audit guidelines throughout the INTOSAI community • The maintenance of the guidelines related to issues such as: • limited vs. reasonable assurance • materiality applied to compliance subject matters • monitoring of developments in relevant auditing standards • The meeting emphasized the need of further guidance on limited assurance compared to reasonable assurance, to be considered after 2010 Brasilia June 2009