Compliance Audit related to the Audit of Financial Statements

Seminar on Financial Audit StandardsOctober 2008

Deputy Director General Kelly Ånerud, Technical Advisor, IAASB

2

Background

• Further guidance in regard to INTOSAI’s Fundamental Auditing Principles (ISSAI 100-400)

• Broader scope than ISA 200 and ISA 250 (‘ISA Plus’ integrated audit/single audit)

• Supported by World Bank study

The INTOSAI Compliance Audit Guidelines

CAS members: Norway (chair), Brazil, Denmark, ECA, India, Lithuania, Mexico, Namibia, Slovakia, Saudi Arabia, Sweden, Tunisia, Ukraine

3

INTOSAI’s Extended Mandate

• Compliance and use of public resources for intended purposes (eg procurement, grants)

• Public interest and needs of users - input to the Parliament / legislature

• Credible and effective public sector • Change agents for continual improvement• Due process rights of individuals

Beyond expressing an opinion on the financial statements, public sector auditors focus on:

The INTOSAI Compliance Audit Guidelines

4

Objective of Subcommittee

To develop INTOSAI guidelines for compliance audit that support the audit relating to prevention and detection of fraud, corruption and misuse of public funds, and promote the development of good governance, and accountability and transparency in the public sector.

The INTOSAI Compliance Audit Guidelines

5

The INTOSAI Compliance Audit Guidelines

6

Structure of the Guidelines

• Performing the compliance audit and gathering evidence

• Evaluating evidence and forming conclusions

• Reporting• Additional guidance – Court• Appendices with examples

The INTOSAI Compliance Audit Guidelines

• Introduction• Scope of the guidelines• Objectives to be

achieved• Definitions• Initial considerations• Planning and designing

the compliance audit

7

Compliance Audit – broader than the ISAs

ISA 200 / 250

CA

8

Comparison of Overall Audit Objectives

• To obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, thereby enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework; and

• To report on the financial statements, or otherwise and communicate as required by the ISAs, in accordance with the auditor's findings.

• Depending on the mandate and constitutional role of the SAI, the overall objectives of public sector auditors in performing compliance audit in connection with the audit of financial statements are to:

• Obtain reasonable assurance about whether the activities, financial transactions and information reflected in the financial statements are, in all material respects, in compliance with the authorities which govern them, and

• Report the findings and judgements to the legislature and/or other bodies as appropriate.

For SAIs representing the Court of Accounts system, the objective is to also communicatecompliance deviations, or other specific aspects that may relate to the judgement function of theCourt, such as identification of the responsible authority/agent, determination of any potential damages and circumstances related to the potential criminal offence, to the appropriate bodies for judgements on such matters.

ISA 200 ISSAI 4200

9

Objective

• Obtain sufficient, appropriate audit evidence for laws and regulations (L&R) that have a direct effect on material amounts and disclosures in the financial statements (FS)

• Perform procedures to identify instances of non-compliance with other L&R that may have a material effect on the FS

• Respond appropriately to non-compliance or suspected non-compliance

• Public sector generally has a broader scope (pars A6, A20)

ISA 250 – Laws and Regulations

10

Public Sector Considerations

• Acknowledges additional audit responsibilities with respect to the consideration of laws and regulations which may relate to the financial statement or other aspects of the entity’s operations (par A6)

• Obligations to report on non-compliance to governing authorities or in the auditor’s report (par A20)

ISA 250 – Laws and Regulations

11

Definition

• ’Deals with the degree to which the audited entity follows rules, laws and regulation, policies, established codes, or agreed upon terms and conditions, etc.’

• May cover a wide range of subject matters

• Purpose of compliance audit (see objective)

• Regularity• Propriety

The INTOSAI Compliance Audit Guidelines

12

Subject Matter and Criteria - Examples

• Decisions and financial performance in relation to the use of appropriated funds and execution of the budget.

• Comprises the assessment of whether the activities, financial transactions and information reflected in the financial statements (the subject matter information) are in accordance with the authorities which govern them (the criteria).

• Laws and regulations, including budgetary law in particular

• Basic principles of law• Legislative acts• Parliamentary decisions and

other authoritative decisions, directions and guidelines

• Ministerial directives• Resolutions of the legislature• Agreed upon terms and

conditions (eg grant and funding agreements, contracts)

• Mandated activities of the entity

Subject matter Criteria

The INTOSAI Compliance Audit Guidelines

13

Risk Assessment and Materiality

• Influences the decisions of users (not only economic decisions, also policy, etc)

• Quantitative and qualitative

• Fraud• Intentional unlawful acts• Nature, visibility and

sensitivity• Public expectations

The INTOSAI Compliance Audit Guidelines

14

Procedures

• Observation• Inspection, including

inspection of case files• Inquiry• Re-performance• Confirmation• Analytical procedures

The INTOSAI Compliance Audit Guidelines

15

Reporting – Factors that Influence the Report Form

• Mandate of the SAI• Applicable legislation or

regulation• Objective of the audit• Customary reporting

practice• Complexity of issues• Needs of users• Short form vs long form

The INTOSAI Compliance Audit Guidelines

16

Compliance Audit Opinion

• ISA 700 – 2-part opinion

• Separate section of auditor’s report

• ‘In our opinion, in all material respects, the activities, financial transactions and information reflected in the financial statements are in compliance with the authorities which govern them.’

The INTOSAI Compliance Audit Guidelines

17

Development Process Going Forward

• Approval of exposure drafts (Fall 2008)

• Exposure drafts to INTOSAI (Dec 2008 – April 2009)

• Incorporate comments (Summer 2009)

• Final approval of documents (Fall 2009)

• Translations (Spring 2010)• Presentation at INCOSAI and

endorsement (Fall 2010)

The INTOSAI Compliance Audit Guidelines

18

Examples of Convergence in Compliance Auditing

19

Good Luck!!!