Coa R2013-014

Commonwealth Avenue, Quezon City, Philippines
COMMISSION ON AUDIT
Republic of the Philippines
RESOLUTION
No. :
2013-014
Date:
SUBJECT
JU N 2 8 2013
Adoption of a Quality Assurance (QA) Policy and a QA Review Handbook; and Creation of a Quality Assurance Office
WHEREAS, the Commission on Aud it (COA) is vested by the Constitution the exclusive authority to "define t he scope of it s audit and examination, establish the techniques and methods required therefore, promulg at e accounting and auditing rules and regulations" (Section 2, Article IX-D, 1987 Constitution); WHEREAS, the COA continually explores and develops different and dynamic techniques and methodologies, processes to ensure high quality audit in an economical, efficient and effect ive way in order to keep pace with the latest developments in the auditing profession and the best practices of its counterparts worldwide; WHEREAS, the COA top management continuously steers the process of reexamining .and refining COA's audit methodologies, processes and procedures and all other institutional factors affecting COA's fulfillment of its mission and goals and adherence to its professional standards and core va lues; WHEREAS, the COA had adopted ISQC 1, International Standards in Auditing 220 and various relevant I SAs that will enable it to ascertain whether its audits and aud it reports are aligned with international best practices and meet the needs of COA's stakeholders; WHEREAS, there is a need to establish a quality assurance process that would evaluate the existing quality control system to ensure that COA and its personnel comply with professional standards and regulatory legal requirements; that COA audit reports issued are appropriate in the circumstances; NOW, THEREFORE, this Commission Proper resolves, as it does hereby reso lve, to establish a Quality Assurance Office (QAO) under the Professional and Institutional Development Sector (PIDS); QAO; RESOLVED further that Directors IV and III positions shall be created for the
Annex B
Republic of the Philippines Commonwealth Avenue, Quezon City
COMMISSION ON AUDIT
QUALITY ASSURANCE REVIEW HANDBOOK
Quality Assurance Review Handbook
QUA ASSURANCE IN FINANCIAL AUDITING
TABLE OF CONTENTS
Page Number Introduction to the Handbook Chapter 1: Basic Concepts and the Quality Assurance Office (QAO) 1. Concepts/Definition of Terms 2. Relationships Among Quality Control System (QCS) Monitoring and Quality Assurance Review (QAR) Figure 1: Relationships Among QCS, Monitoring and QAR 3. Creation of QAO 4. Frequency of the Review 5. Duration of the Review Chapter 2: COA QAR Framework 1. Overview 2. The Commission on Audit (COA)-Quality Management System (QMS) Framework Table 1: Desired Conditions for the Eight Elements of the COA-QMS Figure 2: The COA-QMS Key Elements Framework 3. Elements of COA-QMS 3.1 Independence and Legal Framework 3.2 Human Resources 3.3 Audit Methodology and Standards 3.4 Internal Governance 3.5 Corporate Support 3.6 Continuous Improvement 3.7 External Stakeholders Relations 3.8 Results Chapter 3: Quality Assurance Process 1. Introduction 2. Objectives of the Quality Assurance (QA) Function 3. Audit Process Overview 4. QAR Process Figure 3: QAR Process 4.1 Planning the QAR 4.2 Conducting the QAR 4.3 Reporting Findings and Recommendations 4.4 Follow-up 4.5 Annual Accomplishment Report on QA 3
5 5 6 6 8 9 10 10 11 12 13 13 14 15 16 19 20 21 22 23 23 25 26 26 26 27 29 33 33

Appendices Appendix Appendix Appendix Appendix 1: 2: 3: 4: The COA-External Stakeholders Relationship Contents of a QAR Plan Peer Review Terms of Reference (TOR) for Peer QA of a Supreme Audit Institution (SAI) Quality Control System Checklist (QCSC) Quality Assurance Questionnaire (QAQ) Institutional Level Financial Audit Methodology Checklist QAQ - Engagement Level Template for Findings by Elements QAR Report Outline Recording Form Template of Draft Report (Institutional Level QAR Report) QA Follow-Up Action Plan List of Acronyms 36 37 39 41 44 45 82 90 109 110 111 112 115
Appendix 5: Appendix 6: Appendix 7: Appendix 8: Appendix 9: Appendix 10: Appendix 11: Appendix 12: Appendix 13:
INTRODUCTION
BACKGROUND OF THE HANDBOOK 1. The handbook has been prepared in fulfilment of the requirements for the completion of the International Organization of Supreme Audit Institutions (INTOSAI) Development Institute (IDI) sponsored Workshop on Quality Assurance Review (QAR) in Financial Audit, attended by a four-man representatives of the Commission on Audit (COA) in 2008 at Ulaanbaatar, Mongolia capped by a Review meeting at Jakarta, Indonesia on the same year. In 2007, the Commission, as a member of the Asian Organization of Supreme Audit Institutions (ASOSAI), signed a Cooperation Agreement in Cambodia, together with the other member nations to undertake a project to strengthen the quality control systems (QCS) of Supreme Audit Institutions (SAIs) through the establishment of the QAR process. The representatives were tasked then to customize a handbook on QAR which was developed by a team of trainers from IDI-ASOSAI. The main purpose of this handbook is to provide guidance in conducting QAR. The Commission in its commitment to pursue the initiatives of IDI-ASOSAI, customized the draft IDI-ASOSAI QAR handbook to provide guidance in conducting QAR. The handbook contains concepts related to Quality Assurance (QA), the benefits that one would derive from undertaking QARs at regular intervals and provide practical guidance such as templates, checklists, questionnaires and samples.
2.
3.
4.
OBJECTIVES OF THE HANDBOOK 5. The handbook provides guidance to QAR review teams as they conduct their reviews based on the audit quality frameworks and standards provided for both the institutional level as well as the engagement level, against which their performance will be gauged; and ensures continuous compliance with these quality standards. The handbook seeks to promote adherence to the culture of quality in audit work in all phases of audit among all sectors in the Commission. 3
6.

SCOPE OF THE HANDBOOK 7. The handbook contains the methodology for conducting QARs. It defines audit quality in terms of audit elements and standards and explains how review teams could assess audit quality using these standards both at institutional and engagement levels. The International Federation of Accountants (IFAC) Standards, International Standards on Quality Control (ISQC) in the Institutional/Firm level (ISQC1) and International Standards in Auditing (ISA 220) on Financial/Engagement level as well as the Audit Quality Management System (AQMS) provide guidance in the conduct of QAR in this handbook.
8.
INTENDED USERS 9. The handbook is directed for the use of the Quality Assurance Office to be created by the Commission Proper (CP).
AMENDATORY PROVISIONS 10. The vibrant structure of the Commission and the audit landscape, effecting changes in the organizational audit implementation, updating policies and procedures to achieve quality in audit may necessitate revisions and updating of the handbook. The handbook shall be regularly updated with the progress of international standards as adopted by the Commission through the issuance of the Philippine Public Sector Auditing Standards (PPSAS).
Chapter 1:
1.
BASIC CONCEPTS AND THE QUALITY ASSURANCE OFFICE (QAO)
CONCEPTS/DEFINITION OF TERMS Quality Generally, it is the degree to which a set of inherent characteristics of a product or service satisfy stakeholders requirements. In an audit engagement, it is the degree to which an audit is conducted in accordance with professional standards and regulatory and legal requirements, and reports issued by the firm or engagement partners are appropriate in the circumstances. Quality Control System (QCS) QCS consists of policies and procedures designed to ensure that the firm and its personnel comply with professional standards and legal and regulatory requirements and that the reports issued by the firm are appropriate in the circumstances. Monitoring Monitoring is one of the components of the QCS, the purpose of which is to assess the appropriateness of the design and effectiveness of operation of system of quality controls. Quality Assurance Review (QAR) QAR is the process that provides independent assurance to the head of the SAI that the quality control systems, which include monitoring, and practices are designed and working effectively.
2.
RELATIONSHIPS AMONG QCS, MONITORING AND QAR Though at times QCS and QAR are used interchangeably, yet, there is a difference in their scope and meaning.

Although monitoring and QAR serves the same purpose, the former is a component of the QCS while QAR is an independent assessment of the QCS including monitoring. This is illustrated in the following graphical presentation. Figure 1: Relationships Among QCS, Monitoring and QAR
Quality Control System
Monitoring of quality control System Quality Assurance Review
3.
CREATION OF A QAO An organic office, to be created by the CP, shall be composed of a Head and members who are independent of the operating units. The CP shall determine the size and composition of the QAO. 3.1. Competencies of QAO The members of the QAO should possess the competencies as required by the COA Qualification Standards (QS). 3.2. Functions of QAO The QAO will review the adequacy of, and compliance to, quality controls at the institutional and engagement levels. The QA report should identify weaknesses, offer recommendations for consideration and follow up actions taken. It will assess the outcome of the recommendations that were implemented and identify reasons for non-implementation. 3.3. Roles of QAO members The roles of the different levels of QAO members are briefly explained below:

Assistant Commissioner, Professional and Institutional Development Sector (PIDS) The Assistant Commissioner, PIDS, exercising direct supervision over the QAO, reports to the Chairperson and is responsible for: Overall direction on how to conduct the QA review and learning results evaluation (LRE); Formulation of strategies to be undertaken; Approval of the QA review and LRE plan; Oversight in the conduct of the QA review and LRE; and Transmittal of the Overall QA Review Report and LRE Report to the Chairperson, Commission on Audit.
Director IV The QA Director (Director IV), as the head of QAO, supported by an Assistant Director (Director III), is charged with: Management of the overall operation of all the divisions under the QAO; Determination of the objectives, scope, time, targets and methodology in conducting the QA review and the LRE; Monitoring and assuring that the QAR processes are in accordance with QA standards, policies and procedures. Analysis and review of the QA and LRE findings and formulation of conclusions and recommendations; Formulation of recommendations on the professional development of the staff under the office; Overall evaluation of the QA review and LRE results; Review and discussion of the QA review/LRE report findings with the concerned COA officials and follow-up on outstanding/unresolved issues; Transmittal of the QA Review/LRE Report to the Directors concerned; Reporting the QA review/LRE results to the Assistant Commissioner, PIDS; and Ensuring the accuracy of the Annual Performance Summary Report (APSR) of the divisions and its prompt submission.

State Auditor V The State Auditors V, as the Chief of the Institutional Level or Audit Engagement Review Services, shall be assisted by a State Auditor IV, supported by its corresponding service staff, are responsible for the: Conduct of the QA review based on the plan agreed upon in the planning stage and ensuring that it is in accordance with standards and procedures; Gathering of evidence to support findings through interviews, documentation reviews, observations, and other review procedures; Preparation and documentation of the necessary working papers to support the findings; and Drafting of the QA review report.
Director II The Director II, as Chief of the Learning Results Evaluation Services (LRES), assisted by a Training Specialist V, supported by the rest of the LRES staff, is responsible for the: 4. Management of the overall operations of the division; Development of LRE work plan; Development of evaluation or assessment tool kits and templates; Conduct of the LRE; Analysis of the results of LRE; Preparation of recommendations based on the results of LRE; Submission of LRE Report; and Preparation of the APSR for the division.
FREQUENCY OF THE REVIEW QAR will be conducted as follows: Institutional level once every three years Engagement level continuous

5. DURATION OF THE REVIEW The period within which the review will be conducted will depend on the type (whether at the institutional or engagement level) and the number of audit reports (engagement level) to be reviewed.
Chapter 2: COA QAR FRAMEWORK
1.
OVERVIEW The COA is responsible to perform its mandate to the satisfaction of its stakeholders needs. A useful means to evaluate the achievement of this responsibility is through the establishment of a Quality Management System (QMS) designed to provide reasonable assurance that: (a) (b) the COA and its personnel comply with professional standards and regulatory and legal requirements; and the COA reports issued are appropriate in the circumstances.
2.
THE COA-QMS FRAMEWORK The COA-QMS Framework consists of structures and processes relating to certain key institutional management functions pertaining to the following elements: 1. 2. 3. 4. 5. 6. 7. 8. Independence and Legal Framework Human Resources Audit Methodology and Standards Internal Governance Corporate Support Continuous Improvement External Stakeholder Relations Results
These elements were taken from the SAI-QMS Framework developed by IDIASOSAI. The effectiveness of the COA as an institution and the quality of its services are reasonably ensured if the eight elements are functioning. The COA aims to achieve the desired condition for each element presented in Table 1.
10

Table 1: Desired Conditions for the Eight Elements of the COAQMS Element of Framework Desired Condition Independence and Legal The COA should maintain its independence Framework and perform its mandate as provided for under the 1987 Constitution and Presidential Decree (PD) 1445 consistent with ISSAI 1, INTOSAIs Lima Declaration on Auditing Precepts, and ISQC1 Human Resources The COA should have adequate number of competent and motivated staff to discharge its functions effectively [International Standards of Supreme Audit Institutions (ISSAI) 200 Paragraphs 1.3 and 1.5]. Audit Methodology and The COAs audit processes should be Standards based on international standards promulgated IFAC and INTOSAI as well as other best practices (ISSAI 200 Paragraph 1.13). Internal Governance The COAs top management should ensure that the institutions decision making and control mechanisms function economically, efficiently, and effectively to be a model in promoting good governance (ISSAI 200 Paragraph 1.15). Corporate Support The COA should ensure timely delivery of support services and infrastructure to its operating sectors, clusters, regions, divisions, sections, and auditing units (ISSAI 20, Principle 8). Continuous The COA should be abreast and ready to Improvement address current and emerging issues and take advantage of new opportunities (ISSAI 200 Paragraph 1.25). External Stakeholder The COA should establish and sustain Relations effective working relationship and communication with external stakeholders to ensure greater impact of its audit reports and services.
11

Element of Framework Results Desired Condition The COA should deliver timely quality audit reports and services that will: promote accountability and transparency in the public sector; result in more efficient management and utilization of public resources; and contribute towards good governance. (ISSAI 20, Principles 5 and 6).
The COA-QMS framework with the eight (8) key elements and subelements is shown in Figure 2. The sub-elements are described in detail in the subsequent pages. The COA should consider the subelements level when making changes for improvements of its performance. Figure 2: THE COA-QMS KEY-ELEMENTS FRAMEWORK1
1 2 Independence Human and Legal Resource Framework 3 Audit
Methodology
4 Internal Governance
5 Corporate Support
6 Continuous
Improvement
7 External
Stakeholder
8
Results
and Standards
Relations
Independence Mandate
Recruitment Retention Career Development Training Well Being Performance Management
Standards Manuals & Guidance Tools
Leadership & Direction Strategic & Operational Planning Oversight & Accountability Code of Conduct Internal Controls Quality Assurance
Financial Resources Infrastructure Technology Support Services
Professional Staff Development Research and Development Organizational Development Change Management
Audited Entities Congress President Public Peers Donors International

Organisations
Output (Quality, Quantity)
Impact
Media
Professional
& Academic Institutions
ASOSAI-IDI Framework page 43 of the QAR Handbook
12

3.0 ELEMENTS OF COA-QMS 3.1 Independence and Legal Framework Desired condition: The COA should maintain its independence and perform its mandate as provided for under the 1987 Constitution and PD 1445 consistent with ISSAI 1, INTOSAIs Lima Declaration on Auditing Precepts, and ISQC1. A fundamental principle of auditing is to provide an independent opinion on the performance of the audited entities and its compliance with laws, rules and regulations. Consequently, the INTOSAIs Lima Declaration on Auditing Precepts underscores that SAIs can accomplish their tasks objectively and effectively only if they are independent of the audited entity and are protected against outside influence. The Lima Declaration highlights the following dimensions of independence of SAIs that need to be in place: a. Independence of the COA Parameters: The independence of the COA should be clearly defined in the Constitution. The independence of the auditor should be clearly defined in PD 1445.2 The mandate should clearly spell out the powers and responsibilities of the COA regarding access to information, the nature of entities over which it has audit jurisdiction and nature, scope and timing of its audits.3 The COA should have both functional and organizational independence required to accomplish its tasks.4
2 3
Adopted from the Lima Declaration on Auditing Precepts, paragraph 3 Section 5 Adopted from the ASOSAI-IDI QA Handbook, Section 3.1.2 4 Adopted from the Lima Declaration on Auditing Precepts, paragraph 2 Section 5
13

b. Independence of Officials and Staff of the COA Parameters: The independence of the Chairperson and the Commissioners should be guaranteed by the Constitution. In particular, the procedures for removal of the Chairperson and the Commissioners from office should be embodied in the Constitution in a manner that may not impair their independence.5 The professional careers of audit staff of the COA must not be influenced by the audited organizations and must not be dependent on such organizations.6
c. Financial independence of the COA Parameters: The COA should be provided with the financial resources to enable it to accomplish its tasks.7 The COA should be entitled to request for the necessary financial resources from the government agencies deciding on the national budget.8 The COA should have fiscal autonomy in the utilization and re-allocation of its budget.9
3.2.
Human Resources Desired Condition: The COA should have adequate number of competent and motivated staff to discharge its functions effectively.
5 6
Adopted from the Lima Declaration. on Auditing Precepts, paragraph 2 Section 6 Adopted from the Lima Declaration. on Auditing Precepts, paragraph 3 Section 6 7 Adopted from the Lima Declaration. on Auditing Precepts, paragraph 1 Section 7 8 The Department of Budget and Management (DBM), President of the Philippines and Congress has specific roles in the national budget process. 9 Adopted from the Lima Declaration on Auditing Precepts, paragraph 3 Section 7
14

As a member of the INTOSAI, it is the responsibility of the COA to adhere to applicable standards of INTOSAI and other international body. Section 2.1.2 of the Restructured General Auditing Standards requires that SAI should adopt policies and procedures on recruitment, development, training and advancement of auditors. Parameters: The COA should have established policies and procedures regarding:10 (i) recruitment of personnel with suitable qualifications; and (ii) professional development, training, and motivation of employees. The COA should periodically review results of training and professional development programs to evaluate whether such programs are being conducted effectively and are accomplishing objectives. The COA should establish performance-based promotion and advancement system, and link performance management with personnel welfare and benefits. The COA should assign the responsibility for the professional development function to a person or office with appropriate authority. The COA should have programs that promote the well-being of its employees.
3.3.
Audit Methodology and Standards Desired condition: The COAs audit should be based on international promulgated by IFAC and INTOSAI international best practices. (ISSAI 200 1.13) processes standards and other Paragraph
10
INTOSAI Restructured Auditing Standards, Chapter II (relating to recruitment)
15

The COAs top management should regularly assess and refine its audit methodologies, processes and procedures and all other institutional factors affecting its mission, vision, goals and strategies, and core values. Parameters: The COAs auditing standards should be in consonance with international standards; The COA should ensure that applicable standards are followed on both pre-issuance reviews and post-audits as part of its internal quality assurance mechanism. The COAs audit methodology should be supported by manuals, guidance and other job aids. The COA should regularly update such manuals, guidance and job aids.
3.4.
Internal Governance Desired condition: The COAs top management should ensure that the institutions decision making and control mechanisms function economically, efficiently, and effectively to be a model organization in promoting good governance. (ISSAI 200 Paragraph 1.15) Continuously improving quality through various policy measures remains the most important role for the top management. SAIs should ensure that their human and financial resources are used in the most efficient way to secure the effective exercise of their mandate. To this end, SAI management will need to develop and institute appropriate policies and measures to help guarantee that the SAI is competently organised to deliver high quality and effective audit work and reports.11
11
Prague recommendations on Quality Management Functioning of SAIs in the context of European integration.
16

The sub-element of internal governance follows: Leadership and Direction Strategic and Operational planning Oversight and accountability (prepare discussion) Code of conduct Internal controls Quality assurance
Parameters: Leadership and direction The COA should formulate its: Vision Mission Core values Strategic and operational planning The Commission Proper should lead the regular holding of strategic planning conference; The strategic planning conference should be held every three years and participated in by the Directors III and above; The results of the planning conference should be cascaded to the operational level.
17

Oversight and accountability The Chairperson should assign the responsibility for the monitoring of the quality control system to a particular Office whose Head and staff have: sufficient and appropriate experience and ability to identify and understand quality control issues; and develop appropriate policies and procedures necessary authority to assume responsibility the responsibility to conduct on-going periodic inspection of completed engagements Code of conduct The COA officials and employees should comply with its Code of Ethics for Government Auditors. Internal control The COA management should put in place a sound internal control system. Quality assurance The COA should establish an independent quality assurance mechanism that would ensure that the quality control system is: operating effectively; complied with; and done at regular intervals The COA should conduct institutional level QAR every three years and engagement level QAR continuously.
18

3.5. Corporate Support Desired condition: The COA should ensure timely delivery of support services and infrastructure to its audit sectors/clusters/regions/divisions/sections/ auditing units. (ISSAI 20 Principle 8) Effective performance of audit work is dependent on the timely and adequate provision of corporate/ administrative/office support. Following are some of the key areas of such support. The sub-element of corporate support follows: Financial resources Infrastructure Technology Support Services
Parameters: Financial resources The COA should have adequate funds to sustain its operations. The COA should maximize the use of its available financial resources.
Infrastructure The COA should provide adequate infrastructure to all offices including those in the regions composed of: adequate office space basic office furniture, fixture and equipment
Technology To function efficiently and effectively, the COA should adapt to modern technology such as: telecommunications information technology (IT) systems internet and intranet
19

general office support hardware with operating software general office support application software such as: information and decision-making systems software for planning and conducting audit documentation and reporting Support services The COA should provide support services such as 3.6. secretarial assistance security transportation event management office and IT supplies
Continuous Improvement Desired Condition: The COA should be abreast and ready to address current and emerging issues and take advantage of new opportunities. The sub-elements of continuous improvement follows: Professional Staff Development Research and Development Organizational Development Change Management
Parameters: The Government Auditing Code of the Philippines (PD 1445) should be kept abreast with the international standards. The Government Accountancy Sector (GAS) should be able to address emerging issues in the rapidly changing accounting environment. The COA should update its strategic plan at periodic intervals to make sure that its efforts are aligned to the major auditable issues facing the country. 20

The COA should continuously upgrade its organizational capacity and competence of its personnel to remain abreast of developments in the field of accounting and auditing. Change management actions should be integrated with any action plan for initiating new approaches.
3.7.
External Stakeholder Relations Desired condition: The COA should establish and sustain effective working relationship and communication with external stakeholders to ensure higher impact of its audit reports and services. The COAs stakeholders include the audited entities, congress, political executives, public, peers (other SAIs), donors, international organisations, media, professional and academic institutions, private sector auditing firms and others who have an interest or are affected by its products and services. Parameters: The COA should sustain effective working relationship and communication with external stakeholders to ensure impact of its audit reports and other products and services. The COA should conduct stakeholder analysis to identify its significant stakeholders and their interests and influence on the COAs functioning. The COA should implement measures to establish and maintain such relations with them that will help to leverage its efforts without compromising its independence and objectivity. The COA should develop and disseminate a standard document on external stakeholder protocols to sustain effective working relationships with them.
The inter-relationship between the COA and the external stakeholders is presented in Appendix 1.
21

3.8. Results Desired condition: The COA should deliver timely quality audit reports and services that will promote accountability and transparency in the public sector; result in more efficient management and utilization of public resources and contribute towards good governance. The Commission shall submit to the President not later than the last day of September of each year an annual report on the financial condition and results of operation of all agencies of the government which shall include recommendations of measures necessary to improve the efficiency and effectiveness of these agencies.12 Parameters: The COA should implement mechanisms for measuring the quality of its audit reports and services which includes the following factors: Progress that management has made in reducing the number of unresolved errors and irregularities identified during audits Percentage of audit recommendations accepted by auditees Percentage of audit recommendations implemented by auditees Extent of satisfaction of auditees with the COAs audit reports and services
12
Section 41, PD 1445
22
Chapter 3: QUALITY ASSURANCE PROCESS

1. INTRODUCTION
The COA has the power, authority, and duty to examine, audit, and settle all accounts pertaining to the revenue and receipts of, and expenditures or uses of funds and property, owned or held in trust by, or pertaining to, the Government, or any of its subdivisions, agencies, or instrumentalities, including government-owned or controlled corporations with original For that reason, it is charters, and on a post-audit basis.13 required that the COA has its QA policies and procedures and a system in place.
2. OBJECTIVES OF THE QA FUNCTION
Consistent with ISQC1 and AQMS of ASOSAI, the main purpose of the quality assurance function is to identify weaknesses and/or breakdowns in quality controls at both the institutional and engagement levels and suggest strategies for addressing those weaknesses and /or breakdowns. To achieve this, some of the main issues for consideration are: Institutional level If the COAs legal framework is sufficient to meet the independence and mandate expectations of the Philippine Constitution, PD 1445 and Lima Declaration; If the quality of system and practice contribute to the governance of the COA; If the process and system to recruit, develop and manage the human resources meet the mandate of the COA to ensure that there are sufficient, competent, motivated staff to discharge its function effectively; If the audit methodology and practices are based on international auditing standards and aligned with the international best practices;
13
1987 Philippine Constitution, Article IX-D, Section 2 (1)
23

If there are ways to strengthen internal administration and support services; If the COA is effectively addressing current and emerging issues and taking advantage of new opportunities; If the status of relations with key external stakeholders and need for improvement, if any; and If the quality of audit reports and services and their impact on the accountability and transparency in the public sector result in the overall improvement in the financial management practices of the government. Engagement level If required quality controls are in place and working effectively; If the quality of the audit practices and reports identify potential ways of strengthening or otherwise improving the controls; If proper documentation for the control procedures exist; If the audit is properly planned and whether risks are identified and received the appropriate attention; If sufficient work is performed to support the opinion in the audit reports; If the working papers are in accordance with the COA policies and procedures; If conclusions are properly explained and supported by audit working papers; If audit opinions are fully supported and documented in working papers; and If the financial statements are presented in accordance with government accounting and other relevant
24

regulations and determine if the audit report issued is appropriate.
3. AUDIT PROCESS OVERVIEW
Under the Integrated Results and Risk Based Audit (IRRBA) methodology being adopted by the COA, the steps in the audit process can be broadly grouped into the following phases: Phase 1- Strategic Planning and Risk Assessment This phase covers the first integration point wherein all the COA audit services namely: Financial and Compliance Audit, Agencybased Performance Audit, Government-wide and Sectoral Performance Audit and Fraud Audit, will meet through a common strategic planning and risk identification process. The IRRBA requires the COA to conduct Strategic Planning annually. The elements and processes used under this phase are captured from the Planning, Finance and Management Sector (PFMS) manual to show the linkage of Strategic Planning of the COA as an agency to the IRRBAs Strategic Planning and Risk Identification of the COA as an auditor. The IRRBA Manual does not supersede any activity presented in the PFMS Operations Manual. Phase 2- Agency Audit Planning and Risk Assessment Agency Audit Planning and Risk Assessment, is designed to promote the consistent implementation of the IRRBA methodology and standard disciplined team-based approach to audit planning, emphasizing the early development of risk assessments and the audit strategy. Phase 3- Delivery Delivery phase is divided into two parts: (1) Execution and (2) Conclusion and Reporting. This phase covers procedures in designing and executing audit tests, evaluation of results and communicating the same to the agency management.
25

Phase 4 Monitoring (Quality Control System) The Monitoring phase of the IRRBA approach is a roadmap for the COA to maintain the delivery of quality audit service to the public. The COA should establish a QCS that will promote an internal culture recognizing that quality is essential in performing all audit works.
4. QAR PROCESS
The QAR process generally involves the standard four phases of a project cycle as shown in the diagram below. Figure 3: QAR Process
PLANNING
FOLLOW-UP ACTIONS
QAR Plan
CONDUCTING QA REVIEW
Implementation report Follow-up report
QAR PROCESS
Record of findings Observations Monitoring

observations
REPORTING

4.1. Planning the QAR
QAR Report Action Plan
The planning process involves preparation of an operational plan and selection of the type of review to be conducted according to the conditions present at the SAI.
26

Operational Plan The SAIs QA function should prepare an annual operational plan which should be approved by the COA Chairperson. The contents of an operational plan are shown in Appendix 2. Types of QARs The two types of QAR are internal and external reviews, which are described below: Internal review This is a periodic review performed by persons within the organization, with knowledge of the audit procedures, practices and standards. This could be conducted by an established QAO or through a peer review mechanism involving different divisions / units / sections. External reviews In external review, a peer SAI, private auditing firm or management consulting firm or academic expert could be asked to undertake a QAR. These reviews should be performed by qualified persons who are independent of the organization and who do not have any real or an apparent conflict of interest. A discussion of a Peer QAR is shown in Appendix 3. A sample Terms of Reference (TOR) for a Peer QAR of a SAI is shown in Appendix 4. 4.2. Conducting the QAR In conducting the QAR, the following steps are to be undertaken: 1. Compile the existing COA policies and procedures on quality control.
27

2. Determine if the procedures on requirements of Quality Control Appendix 5). existing COA policies and quality control meet the ISQC1 by accomplishing the System Checklist (QCSC-
3. Update the Quality Assurance Review Questionnaire (QARQ) - Institutional Level (Appendix 6) by considering the requirements under existing policies and procedures on quality control. 4. Determine if the existing COA policies and procedures on quality control are complied with by accomplishing the updated QARQ. 5. Determine if the existing COA audit methodology meet the requirements of international standards by accomplishing the Financial Audit Methodology Checklist (FAMC-Appendix 7). 6. Determine if the existing COA audit methodology is complied with by accomplishing the QARQ Engagement Level (Appendix 8). 7. Validate deficiencies noted under the no columns in the QARQ, both at the firm and financial audit level, and identify root cause/s by employing other data gathering techniques such as: Document review Physical Observation Focus group discussion Interview Getting information from the COAs external stakeholders Content analysis of qualitative data
QA findings and observations must be supported by sufficient, relevant and reliable evidence. Working papers of the QAR team should be documented methodically for easy referencing.
28

4.3. Reporting Findings and Recommendations Based on the observations and findings, the quality assurance review team should prepare the QAR Report. The draft findings and recommendations should be discussed with senior management of the COA before inclusion in the final report. The report should include a summary of observations and recommendations. To facilitate the preparation of the QAR report, the following steps are suggested: 1. Prepare a draft report outline 2. Prepare the draft QAR report 3. Discuss the summary of findings with the Chairperson 4. Finalize the QAR Report Preparing a draft report outline 1. Accomplish the Templates For Findings by Elements -Institutional Level and/or Template for Individual Finding by Audit Phase Engagement Level (Appendix 9) by providing the following information: Negative observations: All material negative observations should be recorded precisely by stating the nature and extent of the findings. Cause: The reason for identified findings and problems which form the basis for making appropriate recommendations. Impact: This attribute identifies the real or potential effect of the findings. The review team should consider how existence of problems or findings may influence the COAs policy, independence and audit processes in the future. Comment made by the Director IV: The reviewer should obtain and record remarks/views from the concerned Service Chiefs on the observations made. Recommendation: The recommendation states what needs to be changed or rectified.
29

Name of reviewer: The name of the reviewer who conducted the review and made the recommendation must be stated and signed and dated.
The Assistant Commissioner, PIDS must ensure that all observations are completed, correctly stated, signed off and dated on the Form(s). 2. Consolidate the individual findings for institutional level assurance review in the Template for QAR Report Outline Institutional Level and the individual findings for engagement level in the Template for QAR Report Outline Engagement Level (Appendix 10) by providing the following information: Template for QAR Report Outline Institutional Level. This form records each material finding, the corresponding risk assessment, likely impact, probable causes, SAs comments and the QA teams recommendations. The reviewer should evaluate the error/risk using the following categories: a. High risk signifying fundamental failures where for example, the audit opinion or key conclusions are incorrect; b. Medium risk identifies where information provided to the reader of the audit report is omitted or information that is not important is included; c. Low risk other matters such as poor referencing or evidence of review. Template for QAR Report Outline Engagement Level. This form summarises all findings (including positive findings). The form should be accomplished by providing the following: a) Quality Assurance Questionnaire (QAQ) reference: QAQ reference has a combined reference consisting of:
30

i) the reference number allocated to the completed QAQ; and ii) the different items checked on the QAQ. For example, if the reference allocated to the completed questionnaire is (V) and the absence of the letter of engagement (item No. A.1 in the QAQ) on file was observed during the review, the reference which should be recorded on the Quality Assurance Review Recording Form (QARRF)is (V) A.1. b) Positive observation: This pertains to the good practices of the audit team. c) Negative observations: Include all material negative observations including the nature and extent of the finding. d) Impact e) Recommendations 3. Discuss the findings with Cluster/Regional Director and obtain feedback documenting the same in the working papers. Preparing the draft QAR report With the aid of the Templates for QAR Report Outline for both Institutional and Engagement Level, the team prepares the draft QAR report (template for draft reportinstitutional level is attached as Appendix 11) with the following contents: Table of contents Executive summary covers only the highlights of the report and contains only the following: Brief background; Significant observations, and Key recommendations The Executive Summary should not be a simple repetition of sections from the main body of the report. 31

Introduction - contains the background, objectives and purpose of the review work. Approach and methodology used - This would include the actual work done and the procedures followed by the quality assurance review team. It would cover items such as: The frameworks used Main data gathering techniques used Limitations, if any, of the approach Findings and Recommendations (main body of report) - this includes the following items under each element of the frameworks used: Desired condition The team may consider the desired condition for each ISQC1 and ISA 220; Current situation This should be a brief description of the existing policies and processes relating to the ISQC1 and ISA 220 elements; Weaknesses These are the gaps between desired condition and current situation; Factors contributing to the weaknesses these are the factors identified that would form the basis for recommendations; and Recommendations - Suggestions for improvements in future Assurance Quality policy of the COA. The recommendations should be clear, meaningful and practical. Overall conclusion The review teams opinion after considering all the information about observation. Management response Managements comments to the overall conclusion and recommendations Annexes These are generally supporting information about the report.
32

Discuss the summary of findings with the COA Chairperson The QAR team leader should discuss with the Chairperson the summary of findings and recommendations. Finalizing the report The Assistant Commissioner of PIDS and the QAO Directors and Service Chiefs/Staff, as members of the team, should meet to discuss the comments obtained during the discussion with the COA Chairperson and consider in the preparation of the final report all the points taken-up during discussions/meetings. The report should be signed by the Service Chief, as prepared by; reviewed by the Director and approved by the Assistant Commissioner, PIDS. 4.4. Follow-up Appropriate follow-up actions of the QAR report should be undertaken either by the QA Office or other internal Committees especially formed for the purpose. Such responsibility can also be passed on to the same external QA review team by incorporating an appropriate clause in the TOR. Based on the QAR report, the concerned offices subjected to QAR should prepare and implement the Action Plans to implement the recommendations of the QAR team. The Action Plans will facilitate undertaking proper follow up of the QAR report. A sample Quality Assurance Follow-up Action Plan (QAFAP) is attached in Appendix 12. 4.5. Annual Accomplishment Report on QA The QA office or the staff member responsible for QA should produce an annual accomplishment report to be submitted to the COA Chairperson. The report should contain the following information:
33

Introduction Objectives, scope and approach of the reviews Periods covered Statistical information on the number of reviews conducted and reports submitted compared to previous years to show trends;
A summary of the findings (observations) common issues effects causes recommendations and action address the shortcomings
plans
to
Conclusion As a good practice, a periodic progress report shall be submitted to the COA Chairperson to bring to his attention important matters such as break down in QC.
34
Appendices
35

Appendix 1 THE COA-EXTERNAL STAKEHOLDERS RELATIONSHIP
The following table briefly lays out the COA-External Stakeholders Relationship by giving the requirements of the external stakeholders and key mechanisms to maintain it: Stakeholder Audited entities Requirement of the stakeholders To provide value added information to enhance the performance of the entity For effective oversight on the executive Provide assurance for the performance of the executive For knowledge sharing & organizational development Internal governance Assurance on the utilization of specific donor funding To fulfil the commitments with regard to organizational development Reliable knowledge source To maintain the certain standards for training and continuous development of the staff Effective planning for allocated audit & to provide guidance for all public sector / government audit Key mechanism Audit Reports Management letters Independent Auditors Report Audit reports and briefing sessions Web sites, media reports and direct correspondence Training assistance Peer review Access to the COA practices Audit reports & certificates International & regional workshops, seminars, board meetings etc. Press notes, releases, interviews Contracts and other agreements
Congress Public
Peers (other SAIs ) Donors
International Organisations Media Professional & Academic Institutions Private sector auditing firms
Training interventions & contracts
36

Appendix 2 CONTENTS OF A QAR PLAN Scope and approach of the review The scope of the review should include the TOR for the review. The TOR for conducting the review will be different depending on the type of the review to be conducted (pre-issuance or post audit, internal or external). Furthermore, the nature of the review whether it is at the institutional or engagement level should be specified. The SAIs can also consider reviewing the audits if significant shortcomings were identified during the previous year to ensure that all the shortcomings identified have been addressed by the audit team. Types of the review to be conducted during the year The reviews will include both the Institutional Level Review (ILR) and the Engagement Level Review (ELR). Timings of the review Generally, the individual audit level reviews can be conducted every year depending upon the availability of the resources. However, institutional level review needs longer time and ideally, after conducting such review for the first time, it can be conducted at least once every three years, preferably as part of the next strategic planning cycle of the SAI. Budget for the review The QA function needs to have sufficient resources to conduct the reviews and so a separate budget for the reviews should be approved by the head of the SAI annually. Team leader for each review and selection of team Ideally, a service chief/team leader should be nominated for each review and the review team (as explained in Chapter 2), should consist of staff with suitable qualifications and experience to conduct these reviews depending on the type of review.
37

Special consideration if any The period to be covered and methodologies and checklists to be used would be different depending on the level (institutional level or engagement level) at which the review would be conducted. It would also depend upon the particular area of the level which will be covered under the QAR.
38

Appendix 3
PEER REVIEW
A peer review is performed by an independent normally external entity to evaluate whether an organizations internal quality control system is suitably designed and is operating effectively. The peer review involves testing the entire quality control system and the peer reviewers will have to allow the entire system to operate before reaching their conclusion. The peer review is designed to provide reasonable assurance that SAIs quality management policies and procedures are suitably designed and operating effectively. Scope of peer review The scope of the peer review should cover the determination of whether: the auditing services performed are in accordance with the SAI's auditing standards, departmental manuals and policy instructions; the standard, manuals, instructions and systems enable the SAI to fully execute the audit mandate and its duties; and the auditing methodologies and practices conform to the best international practices.
Requirements for peer review To be eligible to review, the peer should meet the following requirements: Each member of the review team should have good knowledge of auditing standards, the government environment relative to the work being reviewed and the methods and techniques of performing a peer review; The review team should be independent of the audit organization reviewed, its staff and the audits selected for peer review; and Separate TOR need to be drawn up for each of the areas to be reviewed and the scope of review should be clearly defined.
Conducting peer review The peer review team will develop a plan and programme for conducting the work. The SAI will provide the review team with all necessary documentation, manuals, policy instructions and guidelines
39

etc. The peer review should be based on SAIs audit documentation and interviews of the SAIs staff members. The peer reviewers will not interview staff of the organizations, which the SAI audits or have access to their records. In addition, they will not interview or survey readers of the SAI reports, including legislators. The peer review team will also rely on internal QAR and internal audit reports to reduce the scope of its work. The peer review team will treat the inspection report and its findings as part of the evidence for reaching its opinion. The peer review team leader will provide a briefing for SAI top management before issuing the report. The briefing will allow for discussion and suggestions to improve SAIs quality control system and procedures. Reporting the results of the Peer Review The review team should communicate the results of the peer review in writing. The report should indicate the scope of the review, including the limitations. It should express an opinion on the organizations system of internal quality control. When there are expressions of opinion on inadequacies of internal control, the review team should report a detailed description of the findings, recommendations and suggestions to improve the SAIs quality control system, either in the peer review report or in a separate letter of comment or management letter, to enable the reviewed organization to take appropriate action. The peer review should identify areas for improvement in the quality of audit, including planning, evidence gathering, documentation, reporting, etc. as well as overall performance of the SAI. The peer reviewers will issue their report to the SAIs top management. A senior management functionary of the SAI should be made the point of contact for the peer review and the contact person will be responsible for disseminating the findings of the peer review within the SAI for appropriate action by the concerned groups and monitoring the progress of implementation of its recommendations. A periodic report will be placed before the top management of the SAI to this effect.
40

Appendix 4
TOR FOR PEER QA OF A SAI

1. INTRODUCTION The INTOSAI is increasingly emphasizing the importance of QA activities of SAIs. Standards and more importantly the extent to which the SAIs comply with standards, are continuously reviewed and regarded as an important component of good corporate governance practices. The ASOSAI has incorporated several QA activities in its work plans and is eager to support SAIs in establishing/enhancing QA systems, procedures and working methods. The SAI of ______ requested to make use of QA visits and the arrangements for the visit were thereafter initiated. 2. MAIN OBJECTIVE The main objective of the visit is to assist the COA to determine whether its audits comply with international standards and make recommendations on how the quality of audits could be improved. In addition, the resource team will assess the QA system implemented at the COA and will make recommendations. 3. SPECIFIC OBJECTIVES OF THE QUALITY ASSURANCE VISIT The following aspects will be addressed during the support visit: Quality control reviews on specific audits; Collect findings and report back to the COA Chairperson; Assess the quality assurance system at the COA and make recommendations to the COA Chairperson on functionality and appropriateness; Train quality control reviewers; On-the-job training exposure to reviewers on how to go about a review.
41

4. DATE OF THE REVIEW VISIT The review visit will take place from _______to _______. The review team will be on site at the Office of the head of SAI of _______ during this period and, in collaboration with staff identified for this purpose, will execute the activities agreed to in items 2 and 3 of the TOR. 5. REVIEW TEAM The review team will consist of the following members: Team member 1 - SAI of _______ Team member 2 - SAI of _______ Team member 3 - SAI of _______ Team member 4 - SAI of _______ Team member 1 will act as the project leader and, in consultation with team members, will focus the activities towards achieving the objectives of the review visit. The COA will identify counterparts within its organization to work alongside the resource team with the view to transferring skills. The COA will also be responsible for providing the necessary logistical and administrative support to the resource team in order to fulfil their responsibility for achieving the required objectives of the visit. 6. METHODS OF WORK The resource team will conduct the quality assurance review by using the following tools, techniques or procedures: The COA QMS; Give feedback to Assistant Commissioner or Cluster/Regional/Office Directors and audit teams; Assess the QA of the COA; Conduct interviews with staff and officials of the COA (if needed); Deliver a presentation to the COA Chairperson and senior officials on findings and recommendations; and Draft a report on the review visit and the course of action agreed upon with the Chairperson.
42

7. EXPECTED OUTPUTS Upon completion of the review visit, it is expected that the resource team would have reviewed a considerable number of audit files and given feedback to the responsible director and the audit team. From the review the team will: Collect findings and present them to the COA Chairperson and management team with analysis and possible recommendations. Assess the QA system of the COA with recommendations made to the COA Chairperson and top management. Ensure that quality reviewers identified by the SAI are trained in theory and in practice; and Draft an action plan which is agreed upon with the Auditors General.
8. REPORTING The review team will give a verbal debriefing to the COA Chairperson and the management at the end of the assignment. A written report will be presented to the COA Chairperson not later than two weeks after completion of the assignment. Team Member 1 will be responsible for compiling the report.
__________________________________ Head of SAI
43

Appendix 5
QUALITY CONTROL SYSTEM CHECKLIST (QCSQ)

1. 2. 3. 4. 5. 6. 7. 8. 9. Execution of QA review is carried out in accordance with policies, standards, manuals, guidelines and practices of SAI; QA team have a sound understanding of techniques and procedures for gathering information such as inspection, observation, enquiry, etc. to collect evidence; All phases of QA review have been carried out as planned and approved; Valid explanations are available for non-implementation of any phases of quality controls procedures; Appropriate approval exists for significant deviations that have taken place from approved quality control procedures; Staff resources used for QA are largely in line with those planned in terms of time, grade of staff and expenses entailed; Appropriate techniques and procedures are used to fulfil QA objective in order to provide for effective evidence; Ensuring that all envisaged tests for evaluation and reliability of internal controls are used during audit process; The team leader should evaluate the effect of deficiencies noted as a result of the monitoring process and should determine whether: The review complies with QA standards; or Systemic, repetitive or other significant deficiencies during the review that require prompt corrective action;
10. Ensure that appropriate analytical procedures are used and the reliability, independence and quality of relevant supporting data is assessed during audit process; 11. Sampling methods are used according to QA standards and manuals; 12. All tests of transactions clearly indicate QA objectives, adequately explain the nature and extent of QA work and provide an overall conclusion as to results of QA work; 13. QA steps and procedures have been designed to obtain sufficient, reliable, and relevant evidence; 14. Full investigation is made of all queries during QA; 15. Existence of adequate working papers in respect of: Evaluation of internal controls systems; QA tests of routine procedures; and Tests of controls.
44
Quality Assurance in Financial Auditing
QUA LITY ASSURANCE IN FINANCIAL Q

Appendix 6
QUALITY ASSURANCE QUESTIONNAIRE (QAQ) INSTITUTIONAL LEVEL
OFFICE/CLUSTER DIRECTOR DATE OF REVIEW FINDINGS DISCUSSED ON DIRECTOR/ ASST. COMM. REVIEWER
DATE DATE
If the finding to a particular question is positive, a tick mark should be inserted in the YES column. If the finding is negative, a tick mark should be inserted in the NO column, followed by an appropriate reason/explanation in the remarks column. In such an instance, reference should be made to either the minutes of the discussion of the findings with management. Instances may be found where the answer to a question is NO, but that the situation was still within the scope of INTOSAI Auditing Standards (e.g. non-compliance with the COA methodology, although still within scope of INTOSAI Auditing Standards). This should clearly be spelt out and reported accordingly. If a question is not applicable, a tick mark should be inserted in the not applicable column, together with an adequate explanation. I. INDEPENDENCE AND LEGAL FRAMEWORK (Inclusive of Ethical requirements) The COA should maintain its independence and perform its mandate as provided for under the 1987 Constitution and PD 1445 consistent with ISSAI 1, INTOSAIs Lima Declaration on Auditing Precepts, and ISQC1 YES NO N/A COMMENT W/P Ref.
45

YES REF: LIMA and Mexico DECLARATION Sections 4, 5, 10, 17 19, 23, & 24 ISQC 1 Par 25 Independence 1. Is there a fixed term of office for the
Chairperson and two Commissioners? If Yes, please specify term. ____________________________
NO
N/A
COMMENT
W/P Ref.
2. Do the Chairperson and two

Commissioners have legal immunity in the normal discharge of the duties? If No, please specify. ____________________________
3. Does the COA submit its budget directly

to Congress without going through the Department of Budget which is its auditee? 4. Is the COA entitled to use and reallocate the funds allotted to them under a separate budget heading in ways that they consider to be appropriate? 5. Is the COA's budget reviewed and approved by Congress? If No, please specify ___________________________
6. Is the COA free to determine the nature

of its organizational structure and functional process without outside interference? 7. Is the independence of the COA Chairperson laid out in the constitution or PD 1445? If not, please provide explanations regarding the basis for the independence of the Chairperson.
46

YES 8. Is the Chairperson protected by Law for
his/her audit report? Please provide the relevant clause of the law.
NO
N/A
COMMENT
W/P Ref.
9. Is the procedure for removal of the COA

Chairperson embodied in the constitution or law? 10. Are the Audit staffs of the COA independent from the Audited entities i.e. are they working for the audited entity?
Mandate ( Legal Framework) 11. Is there a constitutional provision

regarding the appointment of the Chairperson? 12. What is the legal basis of the COAs mandate? a. Constitution b. Special law other than the Constitution c. Others (Please specify.) 13. Does the COA submit its Annual report to Congress? If no, please specify ____________________
14. Which body is responsible for assessing

whether the COA is achieving its mandate a. Congress b. President c. Department of Finance d. Others (specify) 15. Does the COA have audit jurisdiction to audit the following bodies? (Tick as many boxes as appropriate.) a. National government agencies (Departments and Bureaus) b. Congress c. Judiciary d. Intelligence agencies
47

YES
Armed forces Police department Local government units (cities, provinces, municipalities) h. Government-owned or controlled corporations / companies i. Bodies / autonomous bodies not owned but substantially funded by the government or from the State Budget j. Foreign agencies and enterprises with whom the State has joint venture agreements k. Agencies to whom performance and delivery of public services is contracted out l. Others (Please specify.) 16. Does the COA have an unrestricted access to the information? 17. Is there a constitutional provision regarding the appointment of the Chairperson? 18. Does the COA have the legislative mandate to carry out the following types of audit? (Please mark at relevant rows.) a. Financial audits b. Audit of compliance with laws and regulations c. Value-for-Money audits d. Concurrent audits (for example, audit during implementation of a project) e. IT Audit f. Environment Audits g. Privatization Audits h. Others (Please Specify) 19. Are the above audits specifically mentioned in the COAs mandate? If No, Please specify. _________________________ e. f. g.
NO
N/A
COMMENT
W/P Ref.
20. Are there any government entity/(ies)

not audited by the COA?
48

YES
If yes, please specify. ________________________
NO
N/A
COMMENT
W/P Ref.
21. Do the COA personnel have unrestricted

access to information? If No, please specify. _________________________
49

COA should have adequate number of competent and motivated staff to discharge its functions effectively (ISSAI 200 Paragraph 1.3 and 1.5). YES REF: Human Resources ISQC1 par 36 41
1. Does the COA establish policies and procedures to provide it with reasonable assurance that it has sufficient personnel with the capabilities, competence and commitment to ethical principles necessary to perform its audits in accordance with professional standards and applicable regulatory and legal requirements, and to enable the issuance of reports that are appropriate in the circumstances? 2. Does the COA have an office, section or person in charge of the human resource management? 3. Does the COA have Human Resource Management policies in the following areas? (Please tick as many as appropriate boxes) a. Recruitment b. Retention c. Performance Appraisal d. Career Development and Training e. Well Being f. Performance management 4. Does the COA have an approved job description for each position of the organizational structure? 5. Is the job description kept up-to-date?
II. HUMAN RESOURCES
NO
N/A
COMMENT
W/P Ref.
Recruitment
6. In recruiting personnel, does the COA specify minimum qualifications as per job description? 7. Are position profiles being tailored to take cognizance of the individual requirements of all positions?
50

YES
8. Has the COA adopted qualification requirements for different level of staff and management? 9. Are there adequate competencies and skills available to meet the requirement for executing the COA's mandate? 10. Is recruitment taking place in a manner that allows management to adequately address the audit needs in that environment? Consider matters such as vacancies, overall skills levels, staff turnover, etc.
NO
N/A
COMMENT
W/P Ref.
Retention
In cases where the COA requires expert staff who cannot be recruited on the basis of conditions of the civil service, special arrangements should be concluded with them, placing them outside the regular wage scales. 11. Is retaining qualified staff a problem? 12. Does the COA have a reward mechanism in place that provides incentives to staff members? 13. Which of the following incentives is provided by the COA? a. Naming and honoring the Auditor(s) of the Year. b. Certificate of Excellence for outstanding performance c. Financial remuneration / benefits d. Staff remunerations and promotions to be based on considered assessments of competencies, performance and experience, e. Other incentives. Please specify
51

YES Career Development
14. Are the following methods used by the COA for the development of capabilities and competence: a. Professional education b. Continuing professional education c. Work experience d. Coaching 15. Does the COA have a mechanism in place that takes care of career planning and career development opportunities for staff members? 16. Which of the following career planning and development opportunities does the COA provide for its staff members? (Tick as many boxes as appropriate.) a. Relevant workshops or seminars b. Professional university courses c. Feedback on job performance d. Merit-based promotions e. Time-based promotions f. Specialization g. Performance feedback and coaching h. Planned job rotation i. Continuing professional education j. Phased retirement k. Career counseling about challenging assignments and possibilities for more exposure and demonstration of skills l. Assessment techniques and programs to help staff members assess their interests, aptitudes and capabilities and linking the information derived to possible careers and jobs m. Self-directed and selfdevelopment materials n. Pre-retirement and postretirement counseling
NO
N/A
COMMENT
W/P Ref.
52

YES
17. Does the COA have a mechanism for identifying technical and management skill gaps? 18. If yes to the above question, does the COA take measure to address the identified gaps? 19. Does the COA have criteria set for promotion and upgrading its employees?
NO
N/A
COMMENT
W/P Ref.
Well Being
20. What type of program is/are in place for staff well being? a. Health care program b. Social activities c. Recreational & sporting facilities d. Fitness programs e. Housing f. Conducive environment g. Counseling services h. Other. Please specify
Performance Management
21. Are performance appraisals being performed on a regular basis? 22. Is remuneration linked to performance? 23. Does the COA have a mechanism for communicating job functions or areas of responsibility to its staff?
53

The COAs audit processes should be based on international standards promulgated by IFAC and INTOSAI as well as other best practices (ISSAI 200 Paragraph 1.13). YES Standards
Has the COA formally adopted international accounting and auditing standards? 1. Who determines audit standards? a. The Chairperson of the COA b. Accounting and Auditing Standards Board c. Professional Body in the Country d. Department of Finance e. Others , please specify Are these standards aligned to international standards such as (IFAC, INTOSAI, Country specific or Regional standards)?
III. AUDIT METHODOLOGY AND STANDARDS
NO
N/A
COMMENT
W/P Ref.
Manuals and Guidelines

2. Does the COA have audit manuals to guide staff in the different audit areas like a. Regularity audit, b. Performance audit and c. IT Audit ? Are the manuals aligned to accepted standards? Please check sample manuals and compare with International Standards. Are the manuals actually used in the audit process? Please tests check a few samples. 3. Do these manuals and guidelines address the following matters? How engagement teams are briefed on the engagement to obtain an understanding of the objectives of the audit; Processes for complying with applicable engagement standards, Processes of engagement supervision, staff training and coaching; Method of reviewing the work
54

YES
performed, the significant judgements made, and the form of report being issued; Appropriate documentation of the work performed and of the timing and extent of the review; and Processes to keep all policies and procedures current. Does all staff have access to the manuals? Please verify among several staffs. Is the manual updated at regular intervals? Please note the last date of amendments. Does the COAs manual contain policies and procedures designed to maintain the confidentiality, safe custody, integrity, accessibility and retrieval of audit documents? Does the COA have policies and procedures on the retention of audit documentation to meet the needs of the COA and requirements of laws or regulations?
NO
N/A
COMMENT
W/P Ref.
Audit Tools
Do staff use audit tools (e.g. Checklists, Computer-Assisted Techniques (CAATS) and Others)? 4. Does the COA use audit automation Software (e.g. Audit Command Language (ACL), Teammate, Case ware & others)? Please specify.
Audit Performance
5. Assignment of Audit Teams Does the COA assign an audit team director/leader (ATL) to each engagement to take responsibility for that audit on its behalf? Does the COA establish policies and procedures requiring that: a. The identity and role of the ATL are communicated to key members of auditee management and those responsible for governance; b. The ATL has both the necessary capabilities, competence, authority and
55

YES
sufficient time to perform the role; and c. The responsibilities of the ATL are clearly defined and communicated to that team leader or director? Does the COA also assign appropriate staff with the necessary capabilities, competence and time to perform audits in accordance with professional standards and applicable regulatory and legal requirements, and to enable the issuance of reports that are appropriate in the circumstances?
NO
N/A
COMMENT
W/P Ref.
Are staff assigned to the team: a. Conversant with all new and revised audit standards? b. Conversant/up to date with the latest audit methodology? c. Conversant with all the COA guidelines? d. Given access to the up to date audit standards documentation, the COA approach and guidelines on documentation and other relevant documentation? e. Complying with the requirements of Continued Training (CT)? f. Knowledgeable of the relevant sectors in which the clients operate? g. Knowledgeable of the COAs control policies and procedures? 6. Consultation Does the COA establish policies and procedures to provide it with reasonable assurance that: a. Appropriate consultation takes
56

YES
place on difficult or contentious items within the COA, with external experts, and with the auditee; b. Sufficient resources are available to enable appropriate consultation to take place; c. The nature and scope of such consultations are documented; and d. Conclusions from consultations are documented and implemented? 7. Differences of Opinion Does the COA establish policies and procedures for dealing with and resolving differences of opinion within the audit team, with those consulted and, where applicable, between the ATL and the audit quality control reviewer? Are all conclusions reached being documented and implemented? Are reports not issued until differences of opinion are resolved? 8. Audit Quality Control Review (AQCR) Does the COA establish policies and procedures requiring, for appropriate audits, an AQCR that provides an objective evaluation of the significant judgments made by the audit team and the conclusions reached in formulating the report? Do these policies and procedures : o Set out criteria against which all audits and reviews of historical financial information, and other assurance and related services audits should be evaluated for the purpose of determining whether an AQCR should be performed in each instance; and o Require the performance of an AQCR for all audits
NO
N/A
COMMENT
W/P Ref.
57

YES
meeting the criteria established with (a) above? Do the COAs policies and procedures require the completion of the AQCR before the report is issued? Does the COA establish policies and procedures setting out: a. The nature, timing and extent of an AQCR?; b. Criteria for the eligibility of audit quality control reviewer?; and c. Documentation requirements for an AQCR? 9. Nature, Timing and Extent of the ACQR Does the AQCR include an objective evaluation of: o The significant judgments made by the audit team relating to materiality and significant risks; o Whether working papers selected for review reflect the work performed in relation to the significant judgments and support the conclusion reached in formulating the report; o The appropriateness of the report to be issued; o Other significant matters that have come to the attention of the audit quality control reviewer; o Significant risks identified during the audit and responses to those risks; o Whether the appropriate consultation has taken place on matters involving differences of opinion or other difficult or contentious matters; o The significance and
NO
N/A
COMMENT
W/P Ref.
58

YES
disposition of corrected and uncorrected misstatements identified during the audit; and o The matters to be communicated to management and those charged with governance and other applicable parties. 10. Criteria for the Eligibility of Audit Quality Control Reviewers Do the COAs policies and procedures on the eligibility of audit quality control reviewers address: a. technical qualifications required to perform the role, including the necessary experience and authority; and b. The degree to which the audit quality control reviewer can be consulted on the audit without compromising his/her objectivity. 11. Documentation of the AQCR Do the policies and procedures on documentation of the AQCR include evidencing: a. The procedures required by the COAs policies on AQCR had been performed; b. The completion of the AQCR before the issuance of the report; and c. That there are no unresolved matters that have come to the attention of the audit quality control reviewer that would cause the audit quality control reviewer to believe that the audit was not performed in accordance with professional standards and applicable regulatory and legal requirements?
NO
N/A
COMMENT
W/P Ref.
59

YES
12. MONITORING a. Does the COA have policies and procedures requiring an ongoing consideration and evaluation of its system of quality control, including a periodic inspection of a selection of completed engagements? b. Where the results of the monitoring procedures indicate that a report may be inappropriate or that procedures were omitted during the performance of the audit, does the COA have policies requiring that actions be taken to comply with relevant professional standards and regulatory and legal requirements? c. At least annually, does the COA communicate the results of the monitoring of its QCS to audit directors/team leaders and other appropriate individuals within the COA including the Chairperson?
NO
N/A
COMMENT
W/P Ref.
IV. INTERNAL GOVERNANCE
The COAs top management should ensure that the institutions decision making and control mechanisms function economically, efficiently, and effectively to be a model organization in promoting good governance. (ISSAI 200 Paragraph 1.15) W/P Ref.
YES Leadership and direction

1. Does the COA top management set the appropriate tone and direction for the organization, with regard to: Accountability, Integrity and Reliability? 2. Does the COA have stated vision and mission?
NO
N/A
COMMENT
60

YES
3. Does the COA have short-term and long-term goals? Please state them here. 4. Does the COA emphasize and promote continuous improvements? Please verify through minutes of meetings. Does the COA have a Standard on Quality and Continuous Improvements? Does the COA establish policies and procedures designed to promote an internal culture based on the recognition that quality is essential in performing engagements? Do these policies and procedures require the Chairperson or, any key official/office, to assume ultimate responsibility for the COAs system of quality control? Does the COA continuously inspire the staff to comply with the approved standards and procedures and make their best efforts to deliver quality services and products?
NO
N/A
COMMENT
W/P Ref.
5. 6.
7.
8.
Strategic and Operational Planning

9. Does the COA have a strategic plan? 10. Does the COA have an operational plan? 11. Are the plans meeting their objectives? Please compare a sample plans objectives with achievement. 12. Is there a mechanism to measure the achievement? 13. Are the staffs at the various levels aware of the plans? Please test check with sample staffs from various levels.
61

YES
14. Do the CP and Assistant Commissioners have a constructive quality assurance dialogue with the heads of audit functions about audit work being done in the units/sections? Please ask for relevant minutes of meetings. 15. Do the CP and Assistant Commissioners decide what audits should be commenced? Please verify with relevant minutes of meetings. 16. Do the responsible officials set important quality requirements for the audit? Example of some important quality control requirements includes timeliness and compliance to audit methodology and standards. A checklist of the requirements should indicate what are the quality expectations from the audit engagement. 17. Do the heads of the units/sections maintain and improve the quality for work through a quality improvement plan? Consider quality factors such as: a. Ongoing training program b. Implementation of new knowledge c. Management of post audit projects for follow-up purposes d. Recruitment of new people e. Use of highly skilled section managers f. Improvement of the quality in audit recommendations g. Individual auditor training plan in place h. Competence plan for the audit function i. System for organizational learning in place?
NO
N/A
COMMENT
W/P Ref.
62

YES
18. Does the COA encourage a culture of quality through such means as: a. Formal or informal dialogue b. Mission statements c. Newsletters d. Briefing memoranda? 19. Do the heads of the units/sections have a constructive quality assurance dialogue with appropriate official about audit work being done? Consider matters such as: Ongoing discussions during the audit work; b. Discussion of audit findings; and/or c. Audit team included in the discussions 20. Are the COAs policies and procedures addressing performance evaluation, compensation, and promotion designed to demonstrate its overriding commitment to quality? a.
NO
N/A
COMMENT
W/P Ref.
Oversight and Accountability

21. Are mechanisms in place to assess if the COA has achieved its mandatory obligations? Such mechanism may include: a. Survey b. Study c. Peer reviews d. Feedback from Congress e. Research
63

YES Acceptance and Continuance of Auditees Relationships and Specific Audits
22. Does the COA establish policies and procedures for acceptance and continuance of non statutory auditee relationships and specific audits, designed to provide it with reasonable assurance that it undertakes or continues only those relationships and audits where it: a. Has considered the integrity of the auditee and does not believe that the auditee lacks integrity; b. Is competent to perform the audit and has the resources to do so; and c. Can comply with ethical requirements including those relating to independence where applicable? 23. Does the COA obtain such information as it considers necessary in the circumstances before accepting a nonmandatory audit, and when deciding whether to continue an existing audit, and when considering acceptance of a new audit with an existing auditee. Where issues have been identified, and the COA decides to accept or continue the auditee relationship or a specific audit, does it document how the issues were resolved?
NO
N/A
COMMENT
W/P Ref.
64

YES
24. Where COA obtains information that would have caused it to decline a nonmandatory audit if that information had been available earlier, do policies and procedures on the continuance of the audit and the auditee relationship include considerations of: a. The professional and legal responsibilities that apply to the circumstances, including whether there is a requirement for the COA to report to the person or persons who made the appointment or, in some cases, to regulatory responsibilities; and b. The possibility of withdrawing from the audit or from both the audit and the auditee relationship. 25. Does the COA report on its performance? 26. Does COA publish its annual report? 27. Does COA make its annual report public? 28. If yes, does it use any of the means below? a. Through its website b. Newspapers Circulation of copies to c. stakeholders 29. Is the performance report of the COA audited? 30. Are the COAs accounts externally audited? 31. Does the COA voluntarily participate in peer/external review?
NO
N/A
COMMENT
W/P Ref.
Code of Conduct
32. Is there a documented Code of Ethics, adapted to the COAs environment, in place covering the issues in INTOSAI Code of Ethics? 33. Is the above code adhered to? 34. Are there procedures to ensure that the
65

YES
Code of Ethics is adhered to? 35. Does the COA ensure that all auditors comply with its requirements which relate to integrity, objectivity, professional competence and due care?
NO
N/A
COMMENT
W/P Ref.
Ethical Requirements
36. Does the COA establish policies and procedures designed to provide it with reasonable assurance that the COA and its personnel comply with relevant ethical requirements such as the following: a. Integrity; b. Objectivity; c. Professional competence and due care; d. Confidentiality; and e. Professional behaviour? 37. Does the COA establish policies and procedures designed to provide it with reasonable assurance that the COA, its personnel and, where applicable, others subject to independence requirements (including experts contracted by the COA and other personnel), maintain independence where required by the Code and national ethical requirements? Do these policies and procedures enable the COA to: a. Communicate its independence requirements to its personnel and, where applicable, others subject to them; and b. Identify and evaluate circumstances and relationships that create threats to independence, and to take appropriate action to eliminate those threats or reduce them to an acceptable level by applying safeguards, or, if considered appropriate, to withdraw from the engagement?
66

YES
38. Do the policies and procedures require: a. Private auditors engaged by the COA to provide relevant information about client engagements, including the scope of services, to enable the COA to evaluate the overall impact, if any, on independence requirements; b. Personnel to promptly notify the COA of circumstances and relationships that create a threat to independence so that appropriate action can be taken; and c. The accumulation and communication of relevant information to appropriate personnel so that: i. The COA and its personnel can readily determine whether they satisfy independence requirements; The COA can maintain and update its records relating to independence; and The COA can take appropriate action regarding identified threats to independence on specific changes?
NO
N/A
COMMENT
W/P Ref.
ii.
iii.
39. Does the COA have policies and procedures to provide it with reasonable assurance that it is notified of breaches of independence requirements and appropriate actions are taken to resolve such situations? 40. Does the COA obtain, at least annually written confirmation of compliances with its policies and procedures on independence from all personnel
67

YES
required to be independent? 41. Does the COA have criteria for determining the need for safeguards to reduce the threat of familiarity with auditee to an acceptable level when using the same senior personnel on an audit engagement over a long period of time?
NO
N/A
COMMENT
W/P Ref.
Complaints and Allegations

42. Does the COA have procedures to handle complaints & allegations concerning failures to comply with professional standards and regulatory requirements or non-compliance with the COAs system of quality control ? 43. Does COA do follow-up and investigate all complaints and allegations?
Quality Assurance
44. Does the COA evaluate the effect of deficiencies noted as a result of the monitoring process and determine whether these are either: a. Instances that do not necessarily indicate that the COA's system of quality control is insufficient to provide it with reasonable assurance that it complies with professional standards and regulatory and legal requirements, and that the reports issued by the COA are appropriate in the circumstances; or b. Systemic, repetitive or other significant deficiencies that require prompt corrective action? 45. Does the COA communicate to relevant ATLs and other appropriate personnel deficiencies noted as a result of the monitoring process and recommendations for appropriate remedial action?
68

YES
46. Does the COAs evaluation of each type of deficiency result in recommendations for one or more of the following: a. Taking appropriate remedial action in relation to an individual audit or auditor; b. The communication of the findings to those responsible for training and professional development; c. Changes to the quality control policies and procedures; and d. Disciplinary action against those who repeatedly fail to comply with the policies and procedures of the SAI? 47. To what extent does the COA implement effective QA processes for its work? 48. Is there a QA system in place? 49. Is there a dedicated unit responsible for QA? 50. Is the QA system addressing all dimensions of the COA? 51. Are QA results used to improve performance of the COA? 52. Does the COA have a QA manual? 53. Does a quality control review plan (QCRP) get submitted on time? 54. Does the QCRP comply with the strategy on the selection of files (with special cognisance of audit risk profiles)? 55. Does the QCRP comply with the strategy on the identification and selection of reviewers? 56. Have all reviewers been adequately trained? 57. Can all reviewers prove that they regularly undergo CT to ensure that they are technically up to date? 58. Does the selection include an adequate mix of files?
NO
N/A
COMMENT
W/P Ref.
69

YES
59. Was adequate care taken to keep the selection of files confidential to prevent window-dressing? 60. Are the reviews carried out in accordance with the QCRP? 61. Are the reviews carried out using the approved questionnaires? (This step may require the selective reperformance of reviews) 62. Are the results of each of the reviews discussed with : a. Audit management b. The audit team 63. And were all differences resolved? 64. Are the outcomes of the reviews adequately addressed in action plans, which in turn feed back into the Units strategic plans? 65. Is there proof of follow-up of the action plans of the previous year? 66. Is an annual report prepared detailing the following: a. A description of the monitoring procedures performed b. Conclusions drawn c. Description of repetitive or other significant deficiencies d. Action taken to resolve or amend those deficiencies. 67. Does an independent body carry out an annual evaluation of the COAs Quality Review program?
NO
N/A
COMMENT
W/P Ref.
70

The COA should ensure timely delivery of support services and infrastructure to its operating sectors, clusters, regions, divisions, sections, and auditing units (ISSAI 11 principle 8). YES Financial resources
1. Does the COA have a short-term financial resource planning? 2. Is the budgeting process integrated into the COAs annual plan? 3. Does the COA have regular review of its budget? 4. Does the COAs financial practice lead to relatively accurate financial projections? 5. Does the COA have sufficient number of qualified staff for financial management? If not completely, then how many qualified staff for financial management does COA need? 6. Does the COA keep adequate financial records and accounts? 7. Is the COAs financial report used for planning and review purposes?
V. Corporate Support
NO
N/A
COMMENT
W/P Ref.
Infrastructure
8. Does the COA own office premises? 9. Does the COA have sufficient office space? 10. Is the lighting condition appropriate in the COAs office? 11. Does the COA have well-equipped meeting rooms? a. Multimedia - PA system, Projector b. Computer c. Telephone d. Chairs and tables e. White board f. Flip Charts 12. Does the COA have well-equipped training rooms? 13. Are the COA Departments/Sectors/ Divisions/Sections located together?
71

YES Technology
14. Is the COA computerized? 15. Which of the following functions are computerized in the COA? a. Payroll b. Finance c. Audit Planning d. Asset Management e. Archiving system f. None of the above 16. Are the Desktop Computers and Laptops used for daily work by all users? 17. What type of Internet access does the COA have? a. Broadband b. Dial-up c. Not at all 18. Who has access to the Internet? a. Senior management only b. Senior and middle management c. All staff and management 19. Does the COA have internal IT support staff? 20. Are the IT personnel professionally qualified? Please check a sample of the IT personnel background qualification. 21. Does the COA offer internal IT training and development programs? 22. Does the COA have Local Area Network? 23. Does the COA have photocopying materials and facilities? 24. Does the COA have Wide Area Network? 25. Does the COAs technology meet the auditors needs? Please conduct a focus group for discussion on this topic before concluding.
NO
N/A
COMMENT
W/P Ref.
72

YES Support Services
26. Which of the following support services does the COA have? a. Security b. Maintenance c. Transportation d. Secretarial e. Others: ______________ 27. Are these Support Services provided in timely manner? 28. Does the COA have an adequate security measures to safeguard its facility?
NO
N/A
COMMENT
W/P Ref.
73

The COA should be abreast and ready to address current and emerging issues and take advantage of new opportunities (ISSAI 200 Paragraph 1.25). YES Professional Staff Development
1. Is there proof of detailed training needs identification taking place on a regular basis? 2. Are the training needs that are identified during the quality control reviews: a. Communicated to the relevant training staff? b. Contained in the training business plan for the next year? 3. Is there proof of success measurement against the training business plans? 4. Is there proof of proper manpower planning? 5. Is there proof of proper career planning? 6. Is there proof of development (including the scheduling of staff for audits) taking place in line with this planning? 7. Does the COA ensure that auditors attending training programmes or courses have applied the knowledge gained? 8. Does the COA ensure that the auditors knowledge gained via different training programmes (education programmes) is being successfully used in the audit? 9. Does the auditor receive guidance during the audit (including guidance from Head of a Unit, mentor, team members, etc.)? 10. Does the COA evaluate current level of knowledge on a regular basis to determine current and future personal and organizational needs? 11. Does the COA communicate the knowledge needs that are considered in the training plan for the next year?
VI. CONTINUOUS IMPROVEMENT
NO
N/A
COMMENT
W/P Ref.
74

YES
12. Does the COA ensure that knowledge needs are considered in the training plan for the next year? 13. Is the effectiveness of the training plans evaluated? 14. Is there an annual training service agreement on individual auditor basis in place? 15. Are there procedures for on-the-job training? 16. Is on-the-job training provided for each auditor? 17. Is the provided on-the-job training documented? 18. Do the audit managers design the composition of teams and needs of the staff?
NO
N/A
COMMENT
W/P Ref.
Research and Development

19. Does the COA have a Research and Development (R&D) division? 20. Has the COA formulated short/long term R&D plan? 21. Have any research studies being done to enhance effectiveness of the COA? 22. Does the COA have sufficient funding for research?
Organizational Development
23. Does the COA review and redefine organizational structure in accordance with strategy and environment? 24. Does the COAs organizational structure clearly define lines of authority and responsibility? 25. Does the COA encourage staff to participate in improving the organization?
Change Management
26. Does the COA have a management unit or section? 27. Does the COA have a management plan? change change
75

YES
28. Does senior management provide sufficient support in implementing change management plan? 29. Does the COA have sufficient resources to carry out change management process? 30. Does the COA effectively involve Human Resource (HR) in change management? 31. Does the COA reinforce change with job descriptions? 32. Does the COA have a plan to address change management resistance?
NO
N/A
COMMENT
W/P Ref.
VII. EXTERNAL STAKEHOLDER RELATIONS
COA should establish and sustain effective working relationship and communication with external stakeholders to ensure higher impact of its audit reports and services. W/P Ref.
YES
1. Does the COA have strategy for establishing and maintaining effective working relations with external stakeholders? 2. Does the COA have a formalized mechanism to follow up on feedback on its performance received informally or formally from external stakeholder?
NO
N/A
COMMENT
Congress/Office of the President (OP)

3. Please circle the entity (Congress/OP) that the COA primarily report to/affiliate with. Is the relation with the entity indicated set down in law or some other regulation? 4. Does the COA work directly with the entity indicated? 5. Does the COA hold meetings or hearings with them? 6. Are those meetings or hearings in public?
76

YES
7. Following those meetings or hearings, is a report with recommendations produced? 8. Does the COA seek regular feedback from the entity indicated on its performance? 9. To what extent do the Executives implement Public Accounts Committee's or its equivalent's recommendations? a. Completely b. To a large extent c. To a little extent d. Not at all
NO
N/A
COMMENT
W/P Ref.
Audited Entities
10. Is the role of COA appreciated by the audited entities? This can be established through customer satisfaction survey by the COA. a. Completely b. To a large extent c. To a little extent d. Not at all 11. Does the COA have a policy for communicating with audited entities? 12. What is the extent of response of audited entities to the COA? a. Completely b. To a large extent c. To a little extent d. Not at all 13. What is the extent of the acceptance of the audit recommendations? a. Completely b. To a large extent c. To a little extent d. Not at all 14. What is the extent of the implementation of the audit recommendations? a. Completely b. To a large extent c. To a little extent d. Not at all
77

YES
15. Is the audited entity given a reasonable opportunity to respond to the draft audit reports? 16. Are the audited entity responses fairly considered before finalizing the audit report? 17. Does the COA make sound recommendations for further improvements in audited entity performance? 18. Does the COA seek feedback from audited bodies on the quality of its work, staff and systems? 19. Are the COA staff trained in communicating effectively with audited entity?
NO
N/A
COMMENT
W/P Ref.
Internal Audit
20. Does the COA have internal audit department or equivalent? 21. Does the internal audit department report directly to the Chairperson? 22. Does the internal audit department have a charter? 23. Does it have qualified personnel?
The media and the public

24. Are audit products made public? 25. Does the COA have the right to go to the media with its audit findings? 26. Does the COA have a clear policy framework for dealing with the media? 27. Does the COA deal professionally with the media by providing high quality press releases and press conferences? 28. Does the COA have a policy to ensure that its publications are widely accessible to audiences? 29. Does it use such correspondence to inform future audit activity? 30. Are professionally qualified members of the COA encouraged to play active roles in their professional associations?
78

YES Professional associations and private sector auditors
31. Does the COA have professional relations with other professional institutions and private sector auditors? 32. Are there formal liaison meetings between a senior member of the COA and the relevant professional associations on a regular basis? 33. Are there arrangements for secondments between staff in the COA and in private sector auditing firms? 34. Does the COA contract out a proportion of its audits to private sector auditors to enable it to benchmark its costs and processes?
NO
N/A
COMMENT
W/P Ref.
Consultation
35. Has the COA designed policies and procedures to ensure that appropriate consultation takes place on difficult and contentious issues? 36. Do the audit team and management have access to experts either within the COA or outside, pertaining to areas such as IT, taxation, technical, etc? 37. Is there proof of consultation with other management members in instances of high risk / uncertainty (peer reviews)? 38. Is there a technical department responsible for research into complex technical or public sector specific matters? 39. Are internal technical publications being prepared on a regular basis? 40. Are all technical publications adequately circulated?
Peers (SAIs and regions)

41. Does the COA have cooperation arrangements with other SAIs?
Aid Donors
42. Does the COA deal with any donor agencies? 43. Does the COA meet regularly with donor
79

YES
agencies to identify what external audits need to be done and when? 44. Are there mechanisms which the COA can undertake such that it can become the auditor of first choice by donor agencies?
NO
N/A
COMMENT
W/P Ref.
VIII. RESULTS
The COA should deliver timely quality audit reports and services that will: promote accountability and transparency in the public sector; result in more efficient management and utilization of public resources; and contribute towards good governance. (ISSAI 11 principle 5 and 6) YES NO N/A COMMENT W/P Ref.
1. Does the COA have a system to objectively measure its results? 2. Is there a system to assure that performance measures are of acceptable quality? 3. Is performance measurement conducted by staff independent of those responsible for delivering the audit reports (and other products, if any)? 4. Does the COA follow up on its performance measurement results?
Outputs
5. Are products delivered by the COA in accordance with its audit mandate? 6. Does the COA have targets with regard to number of products of each type? 7. Does the COA measure performance against the targets? 8. Does the COA have performance measures to assess the quality of the products?
80

YES
9. Does the COA assess product quality against the performance measures? 10. Does the COA set deadlines for submission of it products? 11. Does the COA meet its deadlines for delivering its products? 12. To what extent is COA able to meet its targeted outputs?
NO N/A
COMMENT
W/P Ref.
Impact
13. Does the COA have performance measure to assess the impact of its products? 14. Does the COA regularly assess impact against these measures?
81

Appendix 7
FINANCIAL AUDIT METHODOLOGY CHECKLIST

YES
I. Financial/Regularity Audit Performed:
1. Attestation of financial accountability of accountable entities, involving examination and evaluation of financial records and expression of opinions on financial statements 2. Attestation of financial accountability of the government administration as a whole 3. Audit of financial systems and transactions, including an evaluation of compliance statutes and regulations 4. Audit of internal control and internal audit functions 5. Audit of the probity and propriety of administrative decisions taken within the audited entity 6. Reporting of any other matters arising from or relating to the audit that the SAI considers should be disclosed
NO
COMMENTS
W/P Ref.
II. Standards for Audit

1. International Standards on Auditing (ISA) 2. INTOSAI Auditing Standards 3. SAI Standards, Policies
III. Quality Control Procedures (ISSAI 1220)

1. Responsibility for quality assigned to ATL 2. ATL has considered ethical requirements.
82

YES
3. ATL has ensured independence of the audit team. 4. ATL has assessed capabilities, competencies and time available to perform audits. 5. Risks of acceptance have been considered. 6. ATL has taken responsibility for direction, supervision and performance of the audit team. 7. ATL has reviewed working papers. 8. Appropriate consultation/resolution of contentious or difficult matters. 9. Differences of opinion are appropriately resolved. 10. AQCR has been appropriately engaged. 11. Results of AQCR have been considered.
NO
COMMENTS
W/P Ref.
IV.
Pre-Engagement Phase
1. Code of Ethics a. Integrity (adherence to high standards of behaviour) b. Independence (independent from audited entity and other outside interest groups) c. Conflicts of interest (care should be taken that services do not lead to conflict of interest) d. Confidentiality (information obtained in the auditing process not disclosed to third parties) e. Professional competence and due care 2. Assessment of Capacity(skills and resources) 3. Engagement letter with audited entity
83

YES
V. Planning Phase
1.1 Understanding the entity and its environment consisting of the following aspects: a. Industry, regulatory, and other external factors including the applicable financial reporting framework b. Nature of the entity, including the entitys selection and application of accounting policies c. Objectives and strategies and the related business risks that may result in a material misstatement of the financial statements d. Measurement and review of the entitys financial performance 1.2 Understanding the entitys internal control consisting of the following components: a. Control Environment includes the governance and management functions and attitudes, awareness, and actions of those charged with governance and management concerning the entitys internal controls and its importance in the entity. b. The entitys risk assessment process for identifying business risks relevant to financial reporting objectives and deciding about actions to address those risks, and the results thereof.
NO
COMMENTS
W/P Ref.
84

YES
c. The information system, including the related business processes, relevant to financial reporting, and communication. d. Control activities to assess the risks of material misstatement at the assertion level and to design further audit procedures responsive to assessed risks. e. Monitoring of controls or activities that the entity uses to monitor internal control over financial reporting, including those related to those control activities relevant to the audit, and how the entity initiates corrective actions to its controls. Establishing Audit Objective and Scope a. Expressing an opinion whether the financial statements are prepared, in all material respects, in accordance with an applicable financial reporting framework b. Determining the audit procedures to be performed in conducting an audit in accordance with ISA or other professional, legal or regulatory requirements in addition to ISAs. Determining Materiality a. Establishing an acceptable materiality level considering both the amount (quantity) and nature (quality) of
NO
COMMENTS
W/P Ref.
2.
3.
85

YES
misstatements b. Considering audit risk in assessing the level of materiality Assessing the risk of material misstatement a. Determining overall responses to assessed risks at the financial statement level b. Designing further audit procedures to respond to assessed risks at the assertion level Considering Going Concern Assumption a. Assessing the entitys ability to continue as a going concern Considering Fraud in Financial Audit a. Considering risk of material misstatement arising from fraud of error b. Maintaining an attitude of professional scepticism throughout the audit, recognizing the possibility that a misstatement due to fraud could exist Preparing detailed audit plan a. Establishing an overall audit strategy which sets the scope, objective, timing, appropriate materiality level, high risk areas and evaluation of internal control. Including documentation of the key systems. b. Developing a detailed audit plan which includes the nature, timing and extent of audit procedures to be performed to obtain sufficient appropriate audit evidence to reduce audit
NO
COMMENTS
W/P Ref.
4.
5.
6.
7.
86

YES
risk to an acceptably low level.
NO
COMMENTS
W/P Ref.
VI. Execution Phase

1. Using Sampling and Other Means of Testing a. Using audit sampling in selecting items for testing (Statistical sampling) b. Using other means (Nonstatistical sampling) 2. Performing Tests of Controls a. Performing tests of controls to obtain sufficient appropriate audit evidence that the controls are operating effectively at relevant times during the period under audit. 3. Performing Analytical Procedures a. Evaluating financial information made by a study of plausible relationships among financial and non-financial data. b. Investigating identified fluctuations and relationships that are inconsistent with other relevant information or deviate significantly from predicted amounts. 4. Performing Substantive Procedures a. Performing tests of details of classes of transactions, account balances, and disclosures and substantive analytical procedures to detect material misstatements at the assertion level. 5. Evaluating the sufficiency and appropriateness of audit evidence a. Recording in the working papers information on planning the audit, the nature, timing and extent of audit procedures performed, and the results
87

YES
thereof, and the conclusions drawn from the evidence obtained. b. Evaluating the sufficiency and appropriateness of audit evidence to determine whether the audit was performed in accordance with ISAs and applicable legal and regulatory requirements. c. Identifying the preparer and reviewer of working papers
NO
COMMENTS
W/P Ref.
VII. Reporting Phase

1. Communicating Audit Findings a. Communicating audit matters arising from the audit of financial statements. b. Preparing management letter on a timely basis. c. Follow-up of action taken on findings communicated thru management letter. 2. Evaluating Audit Conclusions a. Reviewing and assessing the conclusions drawn from the audit evidence obtained as the basis for the expression of an audit opinion b. Determining significance of audit finding 3. Preparing the Audit Report a. Preparing the audit report considering the following basic elements: - Title; - Addressee; - Opening or introductory paragraph: Identification of the financial statements audited; A statement of the responsibility of
88

YES
the entitys management and the responsibility of the auditor; - Scope paragraph (describing the nature of the audit) A reference to the ISAs or relevant national standards or practices; A description of the work the auditor performed - Opinion paragraph containing: A reference to the financial reporting framework used to prepare the financial statements (including identifying the country of origin of the financial reporting framework when the framework used is not International Accounting Standards); and An expression of opinion on the financial statements - Date of the report; - Auditors address; and - Auditors signature b. Preparing narrative report
NO
COMMENTS
W/P Ref.
89
Quality Assurance Review Appendix 8
QAQ- ENGAGEMENT LEVEL

AUDIT TEAM LEADER AUDITED ENTITY FINANCIAL YEAR-END OF AUDITEE STAGE OF COMPLETION REVIEW COMMENCED ON REVIEW COMPLETED ON FINDINGS DISCUSSED ON NAME OF REVIEWER We, the undersigned, confirm that the findings of this review have been: Discussed with management (Assistant Commissioner, Cluster/Office/Regional Directors, Supervising Auditor, Audit Team Leader, Audit Team Member); Communicated to the whole audit team; Included as part of an action plan that will be included in the strategic plan, where appropriate; and Included as part of the training plan. REVIEWER TRAINING OFFICER
ASST. COMM. CLUSTER DIRECTOR DATE
90
Quality Assurance Review
INTRODUCTION: The INTOSAI Audit Standards requires that an auditor should conduct an audit in accordance with the necessary standards. This implies that a certain standard of work should be evident in all audit files. In ensuring a consistent level of quality of audit work throughout an audit entity, it is necessary to ensure that: All personnel adhere to the principles of independence, integrity, objectivity, confidentiality and professional behaviour (professional requirements); The audit entity is staffed by personnel that have attained (and maintain) the technical standard and professional competence required to enable them to fulfil their responsibilities; Audit work is assigned to personnel that have the degree of technical training and proficiency required in the circumstances; There is sufficient direction, supervision and review of work at all levels to provide reasonable assurance that the work performed meets appropriate standards of quality; Whenever necessary, consultation within or outside the firm is to occur with those that have appropriate expertise; The continued adequacy and operational effectiveness of quality control policies and procedures is monitored.
This review document focuses on the evaluation of quality at the engagement level. The document takes cognisance of the requirements of IRRBA Manual. Wherever possible references have been made to the source of the requirements tested. The review document is to be used for all types of audit. If the finding to a particular question is positive, a tick should be inserted in the YES column. If the finding is negative, a tick should be inserted in the NO column, followed by an appropriate reason/explanation in the remarks column. In such an instance, reference should be made to either the minutes of the discussion of the findings with management and/or the final QAR-report. Instances may be found where the answer to a question is NO, but that the situation was still within the scope of ISA/INTOSAI (e.g. non-compliance with Office methodology, although still within scope
91
Quality Assurance Review of ISA/INTOSAI). This should be clearly spelt out and reported accordingly. If a question is not applicable, a tick should be inserted in the N/A column, together with an adequate explanation. All questions should, as far as possible, be referenced to the relevant working papers in the audit file.
COA Manual YES and Guidelines
Integrated Results and Risk-based Audit Methodology (IRRBA) I. Strategic Planning and Risk Identification
1. Was there an assessment and identification of government risks using Medium-Term Philippine Development Plan (MTPDP), State of the Nation Address (SONA) of the President, Medium-Term Public Investment Program (MTPIP), Government Risks Model (GRM) Previous Annual Audit Reports (AARs), media releases and media reports, fraud and geographic risks, government-wide and sectoral programs and activities, etc.? Was it conducted annually, supervised by the Assistant Commissioners and attended by directors from the following sectors/offices: National Government Sector Corporate Government Sector Local Government Sector Regional Offices Special Audit Office Information Technology Office Technical Services Office Fraud Audit Office
ISA Ref.
NO N/A REMARKS
WP Ref.
IRRBA Manual
2.
1.
Government Risk Model

Was the GRM developed/updated?
Form 01-01
92
Quality Assurance Review Integrated Results and Risk-based Audit Methodology (IRRBA) Government Risk Identification Template
1. 2. 3. Was the Government Risk Identification Template prepared? Was the COA Strategic Planning conducted? Were the elements of PFMS Operations Manual observed in the COA Strategic Planning?
ISA Ref.
NO N/A REMARKS
WP Ref.
Form 01-02
COA Memo 79-205 dated July 6, 1979 ISSAI 1230 Form 02-01
II.
1. 2.
Agency Audit Planning and Risk Assessment Agency Audit Workstep (AAW)
Was the AAW prepared? Is the AAW approved by the Supervising Auditor and submitted to the Cluster Director/Regional Cluster/Office Director responsible for the audit? Was the approval of the AAW timely? Were all significant changes to the AAW approved?
3. 4.
Form 02-01
93
Quality Assurance Review Integrated Results and Risk-based Audit Methodology (IRRBA)
5.
ISA Ref.
NO N/A REMARKS
WP Ref.
Understanding the Agency Template (UTA)

Was understanding of the agency documented which includes the following: Agency Profile
a. b. c. d. e. f. Mandate Operations Structure Objectives and Strategies Key Stakeholders Key Environmental Factors
6.
7.
OPIF/Program Accountability Model (PAM) MFOs/Key Performance Indicators Accounting Policies Previous Audit Findings Recent Developments Analytical Reviews UTA Summary Did the audit team perform an analysis of the following key elements affecting the auditees success or failure and the dynamic interrelationships between them: - Environment? - Information? - Users? - Suppliers? - Public? - Value? - Management? - Processes? Was there a logical relationship among the observations, analysis and key success factors and changes presented in the template for each of the elements of the UTA?
94
8. Were the significant points of the UTA discussed with senior agency management to confirm understanding of critical success factors, points of strategic focus, significant events and plans and potential risks? Were analytical procedures performed during the planning phase of the audit in order to identify risks? Are there audit working papers that correspond to the income statement/ appropriation account? Are there evidences that accounts with significant changes from: Prior years results Variations from budget
ISA Ref.
NO N/A REMARKS
WP Ref.
9.
10.
11.
1.
Agency Risk Model (ARM)

Was the ARM prepared/updated?
Form02-03 Form02-04
Agency Risk Identification Matrix

1. 2. 3. Did the audit team use the UTA Summary in the agency risk identification? Did the audit team use a common risk language? Were the significance and likelihood of identified risks evaluated and justifications given? Were risks locations identified per Office? Were there initial audit responses for each identified risk?
4. 5.
95
Quality Assurance Review Integrated Results and Risk-based Audit Methodology (IRRBA) AgencyLevel Controls Checklist (ALCC)
1. Did the audit team use Probing Questions to assess Control Environment, Risk Assessment Information and Communication, Monitoring and Control Activities in understanding the agency-level controls? Were observations documented using the ALCC Summary? Did the audit team issue an Audit Observation Memorandum for deficiencies noted on the design of agency-level controls or red flags to call the attention of Management?
ISA Ref.
NO N/A REMARKS
WP Ref.
Form02-05
2. 3.
Process-Risk-Control (PRC) Matrix

4. 5. 6. 7. Was there understanding of the agency processes? Were process-level risks and controls affected by agency-levels risks identified? Were observations documented using the PRC Summary? Did the audit team issue an Audit Observation Memorandum for deficiencies noted on the processlevel risks or red flags identified to call the attention of Management?
Form02-06
1.
Audit Risk Assessment and Planning Tool (ARAPT) A. Financial and Compliance Audit:
Were significant and material financial statement accounts identified? Was there an assessment of inherent risk? Control Assessment?
Form02-07
2.
96
3. Was an acceptable materiality level used to detect quantitative material misstatements as indicated in Materiality Template? Were qualitative factors considered for materiality? Is the planning materiality figure still appropriate for the evaluation of the results of audit procedures and were the reasons for changes properly documented? Was materiality considered during the evaluation of the results of procedures performed and were proper conclusions reached in this regard? Where indications of fraud were discovered during the audit, was it adequately followed up? Was audit strategy determined and indicated in the ARAPT? (Test of controls will be the audit strategy for accounts assessed as Minimal or Low (we are intending to rely on the controls), whereas, substantive procedures will be the audit strategy for accounts assessed as Moderate or High.) Were the prioritized risks discussed with management for confirmation? Was the timing of the audit indicated in the ARAPT?
ISA Ref.
NO N/A REMARKS
WP Ref.
4. 5.
6.
7. 8.
9. 10.
B. Performance Audit
1. 2. Were the agencys significant Programs, Activities and Projects (PAPs) identified? Was the basis for assessment and selection factors of PAPs indicated in the ARAPT?
97
3. Were significant PAPs subject to performance audit listed in the ARAPT?
ISA Ref.
NO N/A REMARKS
WP Ref.
C. Specialized Skills Needed

1. Do specialized skills needed in the audit identified?
D. Other Material Accounts

1. Were other material accounts (LORMA) identified in the ARAPT?
III.
Delivery A. Execution Design Audit Tests: Audit Test Summary

Are the audit programmes sufficiently comprehensive to result in satisfactory assurance in all areas of significant audit risk? Is each step of the audit programme initialled with evidence to indicate that the work was completed? Are there evidences (signature of the reviewer) that procedures were correctly executed?
ISSAI 1230
Form03-01
1.
2. 3.
Design Audit Tests: Performance

1. 2. 3. 4. Were audit objectives articulate with what the audit is to accomplish? Were audit criteria develop for each audit objective? Is there evidence of audit objectives having been met in each procedure? Is there evidence of audit objectives having been met in each procedure?
98
Quality Assurance Review Integrated Results and Risk-based Audit Methodology (IRRBA) Execute Audit Test Part I: Test of Controls (TOC)
1. Was audit evidence obtained through tests of control to support any assessment of control risk which is minimal or low? (TOC is performed only for accounts assessed as Minimal or Low (wherein we rated control risk as Low which means we are intending to rely on controls). Does it appear that the tests of controls over the internal controls are appropriate in the circumstances? Does it appear that the tests of control over results are properly assessed and evaluated? In cases where the assessed level of control risk was revised, were the nature, timing and extent of planned substantive procedures modified? ISSAI 1330
ISA Ref.
NO N/A REMARKS
WP Ref.
2.
3. 4.
Part II: Substantive Tests
1.
2.
Were substantive analytical reviews designed to obtain assurance regarding the reasonableness of account balances or series of transactions and were all criteria met in this regard? Where any analytical reviews were performed to restrict the nature, timing and/or extent of substantive procedures, are the results from such an analysis appropriately measured against materiality? Was corroboration obtained for explanations received?
ISSAI 1330, 1450, 1500, 1540 ISSAI 1520
99
3. Were appropriate substantive procedures designed and performed for each transaction, account balance and disclosure per ARAPT? Are there evidences that results of confirmations received back were compared to the clients records and differences investigated? Regarding the timing of the substantive procedures, Was the most efficient manner of conducting the substantive procedures taken into account? Were the samples selected for testing reasonable and representative of the population? Test Audit Scheme (TAS) and the Simplified Sampling Scheme (SSS)
ISA Ref.
NO N/A REMARKS
WP Ref.
4.
ISSAI 1505 ISSAI 1520
5.
6.
ISSAI 1530
COA Res. 95505, July 4, 1995
Evaluate Audit Results

1. 2. Are there appropriate evidence (signature of reviewer) to ensure that conclusions are correct? Are there evidence that errors found using samples were appropriately considered? Are there evidence that summaries of audit differences were prepared and the aggregated effect of the differences evaluated? Are there evidence that the SA reviewed the summary of audit differences? ISSAI 1230 COA Res. 95505 dtd July 4, 1995
3.
4.
COA Memo 2002048 dated 8/13/02
100
Quality Assurance Review Integrated Results and Risk-based Audit Methodology (IRRBA) IV. Communicate Audit Results
1. Were all audit observations discussed with appropriate level of agency management to confirm the audit team understands of the nature and cause of the audit observations? Where in the opinion of the audit team the evidence provided by the agency do not support the agencys position, was the Supervising Auditor (SA)/Cluster Director (CD) consulted to determine final audit action? Were all audit findings communicated to Management through the issuance of any of the following? Audit Observation Memorandum (AOM) Notice of Suspension (NS) Notice of Disallowance (ND) Notice of Charge (NC)
ISA Ref.
NO N/A REMARKS
WP Ref.
2.
3.
COA Cir No. 2009006
4.
Are AOMs and Audit Queries (AQs) issued for resolution of queries and exception arising from audit tests? Delivery B. Conclusion and Reporting 1. Summary of Audit Results and Recommendations Were all accumulated results of financial, compliance, and performance audits summarized at the end of the audit? Were all significant findings, issues and observations, including misstatements, summarized and discussed with management? ISSAI 400 Form 03B-01
1.
2.
101
3. Were all findings, observations, and issues that have significant impact on the financial statements considered before finalizing the conclusion of the audit? Did the Minutes of discussions with the counterpart audit team (e.g., Fraud Audit Office (FAO) and/or Special Audit Office (SAO) form part of the audit working papers? Did the following evaluation factors considered : Materiality factors? Indications of significant weakness in internal control? Indications of possible fraud or illegal acts? 2. Prepare Audit Report ISSAI 400 COA Memo No. 2002047 dated August 13, 2002 COA Memo No. 2010015
ISA Ref.
NO N/A REMARKS
WP Ref.
4.
5.
102
1. Are the guidelines on the preparation, submission and transmittal of the AAR observed?
ISA Ref.
ISSAI 1700
NO N/A REMARKS
WP Ref.
COA Memo 2002047 COA Memo 2009028 COA Memo 2010015 COA Memo 2010020
2.
3.
4.
Does the AAR contain gist of the observations and recommendations for performance audit undertaken which is still on-going? Does the AAR contain gist of the observations and recommendations for fraud audit which is still ongoing? Does the AAR contain the following: Executive Summary Audit Certificate Financial Statements Observations and Recommendations Status of Implementation of Prior Years audit Recommendations
ISSAI 3100
103
3. Perform Overall Audit Review Quality Inspection Tool (QIT) Did the Supervising Auditor conduct overall review and approval of the engagement to document and confirm that: Engagement has been completed in accordance with IRRBAM? Sufficient appropriate audit evidence has been obtained? Audit documentation provides a basis for audit opinion? Was the QIT used by the team in performing overall review and approval of the audit engagement prior to the release of the audit report? Was the QIT signed and dated by appropriate members of the audit team? Were adequate procedures designed in respect of auditing the budgetary process of the auditees? Are events subsequent to the balance sheet date adequately documented and are significant events considered for disclosure/adjustment to the financial statements? If audit reports are delayed beyond a reasonable period is the subsequent events review extended? Are all commitments and contingent liabilities properly considered? Is the ability of the auditee to continue as a going concern for the foreseeable future properly and adequately considered?
ISA Ref.
ISSAI 1220
NO N/A REMARKS
WP Ref.
Form 3B-02
1.
2.
3. 4. 5.
ISSAI 1250 ISSAI 1560
6. 7. 8.
ISSAI 1560
ISSAI 1570
104
9. Are management representation letters obtained, signed by the appropriate members of management, or other forms of representation obtained? Were attorneys letters requested and obtained where an indication was found that the auditees are involved in any legal matter/ litigation? Were adequate procedures designed and executed to be able to ensure compliance with laws and regulations? Are the financial statements properly presented and intelligible and do they meet the applicable standards? Are the notes to the financial statements in accordance with professional standards and sufficient and appropriate in the circumstances? Are the accounting policies and the nature and effect of any changes therein clearly disclosed in the financial statements? Are the audit reports in accordance with the applicable standards?
ISA Ref.
ISSAI 1580
NO N/A REMARKS
WP Ref.
10.
11.
COA Memo 2002060
12. 13.
14.
15.
COA Res 2007001 dated 3/20/07
16. 17.
Were procedures performed to ensure the completeness of financial statements? Were the work performed by other auditors, properly evaluated and taken into consideration during the current audit? (Computer audit, Performance audit and Forensic audit)
105
4. Wrap-up and archive the engagement Were all the account area lead schedules (for each account/component) correctly completed and cross-referenced to the financial statements of the Auditee? Are well supported conclusions stated for each component audited? Is there evidence of audit objectives having been met in each procedure? Are financial statement amounts readily traceable to a working trial balance and lead schedules? Are adjusting entries adequately supported by the working papers and cross-referenced to appropriate schedules? Is there adequate support in the working papers for all the information contained in the notes to the financial statements? Generally, do the working papers: Include indexing/signatures and dating by preparer and reviewer? Indicate the meanings of audit tick marks? Indicate source of information? Indicate the purpose of photocopied documents? Containing memoranda or other evidence covering significant and unusual accounting and reporting matters? Indicate that all schedules, prepared by the auditees, have been cast and cross cast?
ISA Ref.
NO N/A REMARKS
WP Ref.
ISSAI 1230
2. 3. 4. 5.
6.
7.
106
8. Where appropriate, do the audit working papers have evidence of consultation procedures with those who have appropriate expertise? Do the audit working papers demonstrate adequate CD/ SA involvement in planning/ supervision/review process of the audit? 5. Follow-up Agency Action Plan Action Plan Monitoring Tool Did the Agency Action Plan contain the following information? Reference Audit Observation and Recommendation Agency Action Plan Persons/Department Responsible Target Implementation Date Did the Action Plan Monitoring Tool include the following information? Date of follow-up Implementation status Actual Implementation Date Reason for Delay/Nonimplementation Comments/Action Taken
ISA Ref.
NO N/A REMARKS
WP Ref.
9.
Form 3B-03 Form 3B-04
1.
2.
107
V. 1. MONITORING (Quality Control System) Does the COA has a system of quality control system to provide reasonable assurance that: The organization and its personnel comply with professional standards and applicable legal and regulatory requirements in the delivery of its audit services? The reports issued by the COA are appropriate in the circumstance?
ISA Ref.
ISSAI 40 ISSAI 1220
NO N/A REMARKS
WP Ref.
108
Appendix 9
TEMPLATE FOR FINDINGS BY ELEMENTS

Element name Element No Name of reviewer Date W/P Ref: Name of Asst. Comm/Cluster Director Date Finding No
Negative observations:
{Insert the description of the finding}
Impact:
{What can be the effect of the risk occurring}
Cause:
{Reason of finding or problem}
Director IV feedback:
{Insert the Director IV response}
109
QAR REPORT OUTLINE RECORDING FORM
Element No Finding No
Negative
Observation
Element Name Risk Impact Level
Cause
Ascom/CD RecomFeedback mendation
110
Appendix 11
TEMPLATE OF DRAFT REPORT (INSTITUTIONAL LEVEL QAR REPORT) TABLE OF CONTENTS
TABLE OF CONTENTS EXECUTIVE SUMMARY INTRODUCTION SAI BACKGROUND AND PARTICIPANTS APPROACH AND METHODOLOGY FINDINGS AND RECOMMENDATIONS Element 1: Independence and Legal Framework Element 2: Human Resource Element 3: Audit Methodology and Standards Element 4: Internal Governance Element 5: Corporate Support Element 6: Continuous Improvement Element 7: External Stakeholder Relations Element 8: Results ANNEXES
111
QA Follow-up Action Plan

All deficiencies and recommendations pointed out in the QAR report should be communicated to the respective officials or units for taking appropriate measures and remedial actions. Thereafter, the SAI should organize a brainstorming session involving people from all levels of the management, on the deficiencies and recommendations provided by the Review Team. The session could dwell on, at least, the following areas; a) b) c) d) Area needing improvement/recommendations; Priorities; Proposed Action; Responsible official/unit/division/department to implement the action; and/or e) Deadline.
Since there could be shortcomings and recommendations related to the policy decisions or requiring amendment to the existing policies or introduction of new policies, it would be appropriate for the head of SAI to chair the session. The final Action Plan should, however, be signed by the head of the SAI. Although Action Plans are normally prepared after receiving the QAR Report, it can also be prepared during the Exit Meeting of the QAR and incorporated in the final QAR Report. Depending on the level of the QAR, the recommendations or the areas needing improvements must be prioritized for their effective implementation. Although the QAR team may rate the risk of each of their findings and observations as High, Medium and Low, the SAI management should again go through the same process of prioritizing the same findings and observations. However, besides prioritizing as High, Medium and Low, it must also see whether they are applicable given the circumstances under which the SAI is operating. Further the criterion for prioritizing/rating is also different and is normally decided during the brainstorming session. The following are some of the commonly used criteria: a) The expected impact on the SAI and the individual audit which will include both the positive impact from
112
Quality Assurance Review implementing the recommendation and negative impact from not implementing the recommendation or not taking actions; b) Seriousness of the deficiency; c) The applicability in relation to the SAI mandate, overall government policy and the countrys development stage; e.g. one cannot expect the SAI to use latest auditing software when there is hardly any IT development in the country itself; and d) Availability of resources such as time and money. Based on the above criteria including other criteria identified during the brainstorming session, the recommendations or area needing further improvements can be rated as High, Medium, Low and Not Applicable (N/A). Follow-up actions Based on the Action Plan, the follow-up can be undertaken to see whether the actions have been taken by the concerned person, units, divisions or departments within the given time frame. Wherever possible, the follow-up team should also comment on the impact of the actions on the SAI or an individual audit. The team should also look for reasons for not taking the actions and suggest alternative options wherever possible. It could be possible that although the SAI may have the will and desire to implement the actions but due to certain constraining factors like time, resource, etc. the actions remain unimplemented. The follow-up action report should be submitted to the head of the SAI for taking further actions. The further actions may include, but not restricted to, the following: a) Seeking explanation against those who have not taken any action/done anything to implement the proposed actions; b) Cautioning those who are lagging behind the scheduled deadlines;
High - Very important and Action to be
taken immediately;
Medium- Important but Action can be taken

within a year or two.
Low
- Not so important but good to have it, so can be included in the SAIs future strategies. - Not Applicable, so no need to take any action
N/A
113
Quality Assurance Review c) Looking into the alternative options and making relevant persons/s or units to study the options for their applicability and practicality; d) Re-prioritizing and dropping certain proposed plan of actions which cannot be implemented at all. The follow-up on QARs can also be done by the internal QAO on a continuous basis by monitoring their implementation against the scheduled deadlines. Therefore, it is important to involve people from the internal QAO during any QARs. The results of the follow-up can be utilized as input for the next planning process
114
Appendix 13 List of ACRONYMS

ACRONYM AAR AAW ACL ALCC AOM APSR AQ AQCR AQMS ARAPT ASOSAI ATL CAATS CD COA CP CT ELR FAMC FAO GAS GRM HR IDI IFAC ILR INTOSAI IRRBA IRRBAM ISA ISQC ISSAI IT FULL NAME Annual Audit Report Agency Audit Workstep Audit Command Language Agency Level Control Checklist Audit Observation Memorandum Annual Performance Summary Report Audit Query Audit Quality Control Review Audit Quality Management System Audit Risk Assessment and Planning Tool Asian Organization of Supreme Audit Institutions Audit Team Leader Computer-Assisted Audit Techniques Cluster Director Commission on Audit Commission Proper Continued Training Engagement Level Review Financial Audit Methodology Checklist Fraud Audit Office Government Accountancy Sector Government Risks Model Human Resource INTOSAI Development Institute International Federation of Accountants Institutional Level Review International Organization of Supreme Audit Institutions Integrated Results and Risk Based Audit Integrated Results and Risk Based Audit Manual International Standards in Auditing Standards, International Standards on Quality Control International Standards of Supreme Audit Institutions Information Technology
115
Quality Assurance Review ACRONYM LRE LRES LORMA MFO MTPDP MTPIP NC ND NS OP OPIF PAM PAP PD PFMS PIDS PPSAS PRC QA QAFAP QAO QAQ QAR QARQ QARRF QCRP QCS QCSC QIT QMS QS R&D RD SA SAI SAO SONA SSS TAS TOC FULL NAME Learning Results Evaluation Learning Results Evaluation Services Low Risk Material Accounts Major Final Outputs Medium-Term Philippine Development Program Medium-Term Public Investment Program Notice of Charge Notice of Disallowance Notice of Suspension Office of the President Organizational Performance Indicator Framework Program Accountability Model Programs, Activities and Projects Presidential Decree Planning, Finance and Management Sector Professional and Institutional Development Sector Philippine Public Sector Auditing Standards Process Risk Control Quality Assurance Quality Assurance Follow-up Action Plan Quality Assurance Office Quality Assurance Questionnaire Quality Assurance Review Quality Assurance Review Questionnaire Quality Assurance Review Recording Form Quality Control Review Plan Quality Control System Quality Control System Checklist Quality Inspection Tool Quality Management System Qualification Standards Research and Development Regional Director Supervising Auditor Supreme Audit Institutions Special Audit Office State of the Nation Address Simplified Sampling Scheme Test Audit Scheme Test of Controls
116
Quality Assurance Review ACRONYM TOR UTA FULL NAME Terms of Reference Understanding the Agency Template
117

Coa R2013-014

Uploaded by

Copyright:

Available Formats

Coa R2013-014

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Coa R2013-014

Uploaded by

Copyright:

Available Formats

Commonwealth Avenue, Quezon City, Philippines

Republic of the Philippines

QUALITY ASSURANCE REVIEW HANDBOOK

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

BASIC CONCEPTS AND THE QUALITY ASSURANCE OFFICE (QAO)

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Monitoring of quality control System Quality Assurance Review

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Chapter 2: COA QAR FRAMEWORK

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Recruitment Retention Career Development Training Well Being Performance Management

Standards Manuals & Guidance Tools

Financial Resources Infrastructure Technology Support Services

Audited Entities Congress President Public Peers Donors International

Output (Quality, Quantity)

& Academic Institutions

ASOSAI-IDI Framework page 43 of the QAR Handbook

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

INTOSAI Restructured Auditing Standards, Chapter II (relating to recruitment)

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING

Quality Assurance Review Handbook

QUA ASSURANCE IN FINANCIAL AUDITING