Compliance Audit related to the Audit of Financial Statements

Seminar on Financial Audit Standards October 2008 Deputy Director General Kelly Ånerud, Technical Advisor, IAASB

The INTOSAI Compliance Audit Guidelines Background • Further guidance in regard to INTOSAI’s Fundamental Auditing Principles (ISSAI 100 400) • Broader scope than ISA 200 and ISA 250 (‘ISA Plus’ integrated audit/single audit) • Supported by World Bank study CAS members: Norway (chair), Brazil, Denmark, ECA, India, Lithuania, Mexico, Namibia, Slovakia, Saudi Arabia, Sweden, Tunisia, Ukraine 2

The INTOSAI Compliance Audit Guidelines INTOSAI’s Extended Mandate

Beyond expressing an opinion on the financial statements, public sector auditors focus on:

• • • • • Compliance and use of public resources for intended purposes (eg procurement, grants) Public interest and needs of users - input to the Parliament / legislature Credible and effective public sector Change agents for continual improvement Due process rights of individuals 3

The INTOSAI Compliance Audit Guidelines Objective of Subcommittee To develop INTOSAI guidelines for compliance audit that support the audit relating to prevention and detection of fraud, corruption and misuse of public funds, and promote the development of good governance, and accountability and transparency in the public sector. 4

The INTOSAI Compliance Audit Guidelines 5

The INTOSAI Compliance Audit Guidelines Structure of the Guidelines • • • • • • Introduction Scope of the guidelines Objectives to be achieved Definitions Initial considerations Planning and designing the compliance audit • • • • • Performing the compliance audit and gathering evidence Evaluating evidence and forming conclusions Reporting Additional guidance – Court Appendices with examples 6

Compliance Audit – broader than the ISAs

CA ISA 200 / 250 7

Comparison of Overall Audit Objectives • • ISA 200 To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and To report on the financial statements, or otherwise and communicate as required by the ISAs, in accordance with the auditor's findings.

• • • ISSAI 4200 Depending on the mandate and constitutional role of the SAI, the overall objectives of public sector auditors in performing compliance audit in connection with the audit of financial statements are to: Obtain reasonable assurance about whether the activities, financial transactions and information reflected in the financial statements are, in all material respects, in compliance with the authorities which govern them, and Report the findings and judgements to the legislature and/or other bodies as appropriate. For SAIs representing the Court of Accounts system, the objective is to also communicate compliance deviations, or other specific aspects that may relate to the judgement function of the Court, such as identification of the responsible authority/agent, determination of any potential damages and circumstances related to the potential criminal offence, to the appropriate bodies for judgements on such matters.

8

ISA 250 – Laws and Regulations Objective • • • • Obtain sufficient, appropriate audit evidence for laws and regulations (L&R) that have a direct effect on material amounts and disclosures in the financial statements (FS) Perform procedures to identify instances of non-compliance with other L&R that may have a material effect on the FS Respond appropriately to non compliance or suspected non compliance Public sector generally has a broader scope (pars A6, A20) 9

ISA 250 – Laws and Regulations Public Sector Considerations • Acknowledges additional audit responsibilities with respect to the consideration of laws and regulations which may relate to the financial statement or other aspects of the entity’s operations (par A6) • Obligations to report on non compliance to governing authorities or in the auditor’s report (par A20) 10

The INTOSAI Compliance Audit Guidelines Definition • • • • • ’Deals with the degree to which the audited entity follows rules, laws and regulation, policies, established codes, or agreed upon terms and conditions, etc.’ May cover a wide range of subject matters Purpose of compliance audit (see objective) Regularity Propriety 11

The INTOSAI Compliance Audit Guidelines Subject Matter and Criteria - Examples • • Subject matter Decisions and financial performance in relation to the use of appropriated funds and execution of the budget. Comprises the assessment of whether the activities, financial transactions and information reflected in the financial statements (the subject matter information) are in accordance with the authorities which govern them (the criteria). Criteria • • • • • • • • Laws and regulations, including budgetary law in particular Basic principles of law Legislative acts Parliamentary decisions and other authoritative decisions, directions and guidelines Ministerial directives Resolutions of the legislature Agreed upon terms and conditions (eg grant and funding agreements, contracts) Mandated activities of the entity 12

The INTOSAI Compliance Audit Guidelines Risk Assessment and Materiality • • • • • • Influences the decisions of users (not only economic decisions, also policy, etc) Quantitative and qualitative Fraud Intentional unlawful acts Nature, visibility and sensitivity Public expectations 13

The INTOSAI Compliance Audit Guidelines Procedures • • • • • • Observation Inspection, including inspection of case files Inquiry Re-performance Confirmation Analytical procedures 14

The INTOSAI Compliance Audit Guidelines Reporting – Factors that Influence the Report Form • • • • • • • Mandate of the SAI Applicable legislation or regulation Objective of the audit Customary reporting practice Complexity of issues Needs of users Short form vs long form 15

The INTOSAI Compliance Audit Guidelines Compliance Audit Opinion • ISA 700 – 2-part opinion • Separate section of auditor’s report •

‘In our opinion, in all material respects, the activities, financial transactions and information reflected in the financial statements are in compliance with the authorities which govern them.’

16

The INTOSAI Compliance Audit Guidelines Development Process Going Forward • • • • • • Approval of exposure drafts (Fall 2008) Exposure drafts to INTOSAI (Dec 2008 – April 2009) Incorporate comments (Summer 2009) Final approval of documents (Fall 2009) Translations (Spring 2010) Presentation at INCOSAI and endorsement (Fall 2010) 17

Examples of Convergence in Compliance Auditing 18

Good Luck!!!

19