340 likes | 547 Views
External Audit of Public Internal Financial Control System (TCA Audit) Erol Akbulut TCA Member of 5th Chamber. Workshop on “Audit/Evaluation of Public Internal Financial Control (PIFC) Systems” Ankara , 8 – 9 July 2008. Outline of the Presentation.
E N D
External Audit of Public Internal Financial Control System (TCA Audit) Erol Akbulut TCA Member of 5th Chamber Workshop on “Audit/Evaluation of Public InternalFinancial Control (PIFC) Systems”Ankara , 8 – 9 July 2008
Outline of the Presentation Changes in financial system and internal control system Arrangements concerning internal control in draft TCA Law INTOSAI Auditing Standards and internal control Draft Financial Audit Manual and evaluation of internal controls Internal Audit and TCA Audit
Changes in Financial System • Managerial accountability model • A model ensuring effective, economic and efficient utilization of resources • Strategic planning • Performance-based budgeting • Multi-annual budgeting • Accountability • Financial transparency • Accrual-based accounting • Effective internal control system • Expanded external audit
Changes in Internal Control System • An effective internal control and internal audit structuring is envisaged in public financial system. • Thus, a suitable financial system has been created, which enables TCA to include internal controls to audit process as a factor. • Audit function is not merely the audit of accounts of accounting offices, it is now the audit of activities, transactions, decisions and resources of public institutions. • Expansion in the scope of external audit has made it obligatory to include new elements such as assessing internal controls to existing audit processes.
Draft TCA Law and Internal Control-1 Draft TCA Law was prepared in compliance with the law no:5018 and INTOSAI auditing standards. This law is still pending in the Parliament. Draft TCA Law include various provisions envisaging that the internal control, a function of auditee, should be considered at TCA audits. These are:
Draft TCA Law and Internal Control-2 Purpose of Auditing Article 34-The audit shall be performed with a view to; a) Submitting credible information about the activities of public administration and their results to the Turkish Grand National Assembly and to public as a requirement of the budget right of the Turkish Grand National Assembly, b) Executing public financial management in line with laws and protecting public resources, c) Improving the public management, d) Encouraging the public administrations to evaluate their own performance, e) Establishing and expanding accountability
Draft TCA Law and Internal Control-3 General Principles of Auditing Article 35- The general principles of auditing are as follows: a) Audit shall be the examination of the accounts, transactions and activities and the internal control systems of the public administrations; evaluation of the effective, economic, efficient and legal usage of the public resources. d) The audits shall be carried out by attaching necessary attention to current audit methodologies including system based technique, analytical investigation technique, statistical sampling and information systems.
Draft TCA Law and Internal Control-4 Article 36 The audit of the Turkish Court of Accounts shall cover the regularity audit and performance audit. The Regularity Audit shall be carried out through; a) Determining whether the revenues, expenditures, properties and other accounts and transactions of the public administrations are in accordance with the laws and other legal arrangements or not, b) Evaluating and giving opinion on the accuracy of the financial reports and statements of the public administrations, c) Evaluating whether the financial decisions and the transactions of the public administrations and the programs and activities are in compliance with the laws or not, d) Evaluating the financial management and internal control systems.
Hiring Independent External Auditors Article 46- The municipalities and the public administrations stated in subparagraph (b) of Article 4 shall have their accounts and transactions audited by independent external auditors upon the demand of the Turkish Court of Accounts. The Turkish Court of Accounts shall benefit from the reports of independent external auditors in its audits.
Utilization of Other Audit Reports Article 47-The Turkish Court of Accounts, during the audit activities, shall also benefit from other audit reports about the public administrations. The Turkish Court of Accounts shall carry out the audits of the public administrations whose accounts are audited by independent external auditors in accordance with their establishment laws and other legal arrangements by utilizing of external audit reports.
INTOSAI Auditing Standards In Law No:5018, it is stated that external audit shall be carried out in line with international auditing standards. INTOSAI is an international organization and TCA is a member of it. For this reason, INTOSAI international auditing standards are primary resource for TCA. Fundamental standards with regard to internal control are as follows:
INTOSAI Auditing Standards Related to Internal Controls-1 3.0.3 c) The auditor should review and assess the reliability of internal control of auditee when deciding on the scope and extent of an audit. 3.1.3 e) In planning an audit, the auditor should identify key management systems and controls and carry out a preliminary Evaluation to identify both their strengths and weaknesses. 3.3 Study and Evaluation of Internal Control : “The auditor, in determining the extent and scope of the audit, should study and evaluate the reliability of internal control.”
INTOSAI Auditing Standards Related to Internal Controls-2 3.3.2. The study and evaluation of internal control should be carried out according to the type of audit undertaken. 3.3.3. The extent of the study and evaluation of the internal control depends on the objectives of the audit and on the degree of reliance intended. 3.3.4 Where accounting and other information systems are computerized, the auditor should determine whether internal controls are functioning properly to ensure the integrity, reliability and the completeness of data.
Financial Audit and Internal Control With a view to developing an audit in compliance with new financial system; cooperation with NAO in various fields was established with funds obtained from EU resources. Within this cooperation, draft financial audit manual was prepared. In this manual, issues related to evaluation, testing and identifying weaknesses of internal controls and internal audit, and their phases of planning, performing and reporting are covered.
Assurance Model • Financial audit can fundamentally be defined as the activity of obtaining assurance with regard to the financial statements of an auditee. • To this aim, assurance can be obtained from such resources as: • Internal controls (control assurance) • Examining accounts and transactions (substantive assurance) • The auditor can only save resource and time to the extend he/she can obtain a proper combination of these two resources.
Evaluation of Internal Controls During Audit Process In order to obtain assurance from internal controls, the auditor can define risks of the auditee and plan audit based on these risks through understanding the auditee with its all aspects, understanding and assessing its control environment, accounting and IT systems.
Control Tests • In the actual audit phase, the auditor should obtain evidence regarding effective functioning of control systems in order to rely on internal controls.
Financial Audit and Internal Control-2 • Turkish public financial system is based on COSO model in terms of internal control. For this reason, financial audit manual covers essentially the issues directed towards understanding and assessing internal control system through considering the elements of this model. The elements of this model are;
Financial Audit and Internal Control-3 • Control environment, • Risk Assessment of the auditee, • Control activities, • Information and communication, • Monitoring&follow-up process.
Evaluation of Control Environment Auditor should understand and assess the control environment through applying methods for understanding internal control by examining following factors: Integrity and ethical values Approach of the management Managerial structure Competency commitment HR management Internal audit
Evaluation of Risk Assessment of Auditee Auditor examines whether the following factors do exist in terms of risk assessment of auditee. • Defining risks • Assessing risks • Managing risks
Evaluation of Control Activities Auditor evaluates the following control activities: • Control activities towards preventing occurrence of undesirable activities and results and creating deterrent effect • Activities towards identifying such type of activities • Activities eradicating the effects of undesirable activities
Evaluation of Information and Communication • Auditor evaluates the environment in which information is produced or obtained, and communicated to those concerned accurately, timely and properly.
Monitoring Auditor examines and evaluates high management’s monitoring activity on controls.
Resources for Understanding Internal Control System • Legislation on public financial management, • Organizational structure, • internal legislation (circulars) issued by the management, • Work-flow charts, job-descriptions, • Account plan and accounting regulation of the auditee, • Reports, working papers and audit programs of internal auditors, • Institution’s activity report, • Internal control assurance statement
Methods in Understanding Internal Control System • Interview with administrators and personnel at various level • Examination of records and documents, • Observing activities, • Following work-flow and process maps, • Examining method and system documents, • Communication with internal auditors, • Attestation from third persons and/or experts, • Visits to facilities and regions of the institution, • Comparison of internal control mechanisms and examples of good practices, • Reviewing studies of Internal Control Central Harmonization Unit
Advantageous Aspects of Existing Internal Control System for TCA • That internal control system is established with the leadership of MoF within a centralized structuring shall not make any difference among institutions in terms of TCA’s evaluation of weaknesses and strengths of the system. This situation shall ensure resource and time saving for TCA. • In case of reporting deficiencies of system by TCA corrective measures applicable to the whole system can be taken centrally by competent authorities.
Evaluation of Internal Control System and Limitations Due to the fact that certain mechanisms such as internal control, internal audit introduced by the Law No:5018 have not been fully implemented on the basis of institutions, relevant chapters of financial audit manual cannot be tested practically. That draft TCA law is not enacted has delayed the implementation of all elements of manual including evaluation of internal controls. Since the evaluation of internal control is a new field for TCA, time and effort is needed to enhance existing audit experience.
Relations between External Audit (TCA) and Internal Audit-1 • As required by the Law No:5018, the possibility to present the reports of internal auditors of public administrations to the information of TCA auditors upon their demand during external auditing has been introduced. • Internal Audit Coordination Committee has been established for the coordination of internal audit activities. As per Article 17 of the Regulation arranging Working Principles and Procedures of this Committee; the Committee should establish necessary cooperation with TCA for the harmonized operation of external and internal audit.
Relations between External Audit (TCA) and Internal Audit-2 • The purposes of internal audit and external audit are not the same. • Internal audit, due to its nature, is a part of the institution. Whatever the level of objectivity and functional independency of internal audit is, external audit can not be conducted completely by obtaining assurance from internal audit. • External audit can benefit from internal audit in the issues such as determination of timing, type and scope of procedures. • External audit can guide internal audit.
Evaluation of Internal Audit-1 • External auditor shall evaluate whether the internal audit activities are carried out according to following criteria or not: • Institutional Statute: Special statute of internal audit within the institution and its effect stemming from this statute contribute to the objectivity of internal audit.
Evaluation of Internal Audit-2 • Scope of Duty: The nature and scope of internal audit function undertaken should comply with the assignment. The management of the institution should observe internal audit recommendations. • Competence: Internal audit should be conducted by competent persons. Policies for the employment and training of internal auditors, and their experience and professional abilities are of great importance. • Professional care: Internal audit should be planned, controlled, reviewed and documented properly.
Status of Relations between Internal Audit-TCA • The internal audit units of institutions have newly completed their structuring and legal arrangements. • That TCA draft law has not been adopted delays the inclusion of internal audit as an effective element in external audit process. • Due to above reasons, cooperation framework that must be established as required by laws between TCA and these units through the medium of Internal Audit Coordination Committee has not yet been established.