INTOSAI Principles

Fundamental Principles of Public

Sector Auditing
ISSAI-100
 Session Overview
•What is ISSAI?
•Objective of ISSAIs
•ISSAIs framework
–Four Levels of ISSAIs
–INTOSAI GOVs
•ISSAIs Implementation
 ISSAI
•I-International
•• S- Standards
(of)
•S-Supreme
•A-Audit
•I-Institutions
 ISSAI Contd----

•Professional standards
•Best practice guidelines for public sector
auditors
•Authorised and endorsed by the
International Organisation of Supreme Audit
Institutions (INTOSAI)
 INTOSAI’s two set of professional standards

•ISSAIs
– basic prerequisites – proper functioning
– professional conduct of Supreme Audit Institutions
– and the fundamental principles in auditing of public
entities.
INTOSAI GOVs (Guidance for good governance)
providing guidance to public authorities on the
proper administration of public funds.
 This framework –
The INTOSAI Framework of Professional Pronouncements (IF
PP)
 – contains three categories of professional
pronouncements:
The INTOSAI Principles (INTOSAI-P)
 The INTOSAI Principles consist of founding principles and
core principles. The founding principles have historical
significance and specify the role and functions, which SAIs
should aspire to. These principles may be informative to
Governments and Parliaments, as well as SAIs and the
wider public and may be used as reference in establishing
national mandates for SAIs.
 The core principles support the founding principles for an
SAI, clarifying the SAI’s role in society as well as high level
prerequisites for its proper functioning and professional
conduct.
 The International Standards of
Supreme Audit Institutions (ISSAI)
The ISSAIs are the authoritative international standards on
public sector auditing. The purpose of the ISSAIs is to:
 ensure the quality of the audits conducted
 strengthen the credibility of the audit reports for users
 enhance transparency of the audit process
 specify the auditor’s responsibility in relation to the other
parties involved
 define the different types of audit engagements and the
related set of concepts that provides a common language
for public sector auditing.
The full set of ISSAIs is based on a basic set of concepts and
principles that defines public sector auditing and the
different types of engagements supported by the ISSAIs.
 The INTOSAI Guidance (GUID)
The guidance is developed by INTOSAI in order to
support the SAI and individual auditors in:
 How to apply the ISSAIs in practice in the
financial, performance or compliance audit
processes
 How to apply the ISSAIs in practice in other
engagements
 Understanding a specific subject matter and the
application of the relevant ISSAIs
Fundamental Principles of Public Sector Auditing
ISSAI-100
• ISSAI 100 provides the fundamental principles
which are applicable to all public sector audit
engagements irrespective of their form or
context. ISSAIs 200, 300 and 400 builds on and
further develop the principles to be applied in
the context of financial auditing, performance
auditing and compliance auditing.
• SAI exercises its public sector audit function
within a specific constitutional arrangement and
by virtue of its office and mandate.
 Types of public sector auditing
• Financial Auditing focuses on determining
whether an entity’s financial information is
presented in accordance with the applicable
financial reporting and regulatory framework.
• Performance auditing focuses on whether
interventions, programmes and institutions are
performing in accordance with the principles of
economy, efficiency and effectiveness and
whether there is room for improvement.
Types of public sector auditing…contd
• Compliance auditing focuses on whether a
particular subject matter is in compliance with
applicable authorities identified as criteria.
Compliance auditing is performed by assessing
whether activities, financial transactions and
information are, in all material respects, in
compliance with the authorities which govern
the audited entity.
 The three parties
• Public sector audits involve at least three
separate parties: The auditor, a responsible party
and intended users.
 The auditor: In public sector auditing the role of auditor is
fulfilled by the Head of the SAI and by persons delegated the
task of conducting the audits
 The responsible party: It may the party responsible for
managing the subject matter, the responsible party may
sometimes be an individual or an organisation.
 Intended users: The intended users are the individuals,
organisations or classes thereof for whom the auditor prepares
the audit report.
 Subject matter, criteria and subject matter
information
• Subject matter refers to the information,
condition or activity that is measured or
evaluated by applying criteria.
• Criteria are the benchmarks used to evaluate the
subject matter of an audit. In determining the
suitability of the criteria the auditor considers
relevance, completeness, reliability, neutrality,
comparability, acceptability as well as availability,
understandability and objectivity.
• Subject matter information refers to the
outcome of the evaluation or measurement of
the subject matter against the criteria.
Types of Engagement
There are two types of engagements:
 In attestation engagements it is the
responsible party who measures the subject
matter against criteria and presents the subject
matter information, on which the auditor
gathers sufficient and appropriate audit
evidence to provide a reasonable basis for
expressing a conclusion.
 In direct reporting engagements it is the auditor
who measures or evaluates the subject matter
against criteria. The auditor selects the subject
matter and criteria, taking into consideration risk
and materiality.

 Financial audits are always an attestation

engagement and are based on financial
information presented by the responsible party.
Performance audits are normally direct reporting
engagements. Compliance audits may be both
attestation engagements or direct reporting
engagements.
 PRINCIPLES FOR PUBLIC SECTOR
AUDITING
General principles
 Auditors should comply with relevant ethical
requirements and be independent.
 Auditors should maintain an appropriate
professional behaviour by applying professional
scepticism, professional judgment and due care
throughout the audit.
 Auditors should perform the audit in accordance
with professional standards on quality control.
 Auditors should manage the risks (Audit Risk) of
providing an inappropriate report in the
circumstances of the audit
 Auditors should consider materiality throughout
the audit process.
 Auditors should prepare audit documentation in
sufficient detail to provide a clear understanding
of work performed, evidence obtained and
conclusions reached
 Auditors should establish effective
communication throughout the audit process.
Principles related to the audit process
 Activities related to planning the audit
Auditors should ensure that the terms of the audit
have been clearly established
Auditors should obtain an understanding of the
nature of the entity/programme to be audited
Auditors should conduct risk assessment procedures
or problem analysis and revise this in response to
audit findings as necessary
Auditors should identify and assess the risks of fraud
relevant to the audit objectives
Auditors should plan an audit to ensure that the audit
is conducted in an effective and efficient manner.
Activities related to performing the audit
Auditors should perform audit procedures that
provide sufficient and appropriate audit evidence
to support the audit report.
Auditors should prepare a report based on the
conclusions drawn
The audit opinion, which should be in a
standardised format, may be modified (qualified)
or unqualified when either limited or reasonable
assurance is provided by the auditor.
THANK YOU
 ISSAI-140 Quality Control for SAIs
 A major challenge facing all SAls is to
consistently deliver high quality audits and
other work. The quality of work performed by
SAls affects their reputation and credibility,
and ultimately their ability to fulfil their
mandate.
 ISSAI 140 is based on the key principles in the
International Standard on Quality Control,
ISQC 1’, adapted as necessary to apply to SAIs.
 ISQC-1 outlines the elements of a system of
quality control to be:
a) Leadership responsibilities for quality
within the firm;
b) Relevant ethical requirements;
c) Acceptance and continuance of client
relationships and specific engagements;
d) Human resources;
e) Engagement performance; and
f) Monitoring.
 LEADERSHIP RESPONSIBILITIES FOR
QUALITY WITHIN THE SAI
The Key Principle adapted for SAI India as per
INTOSAI Auditing Standards (ISSAI 140) is as
follows:
“SAI should establish policies and procedure
designed to promote an internal culture
recognising that quality is essential in performing
all of its work. Such policies and procedures should
be set by the Head of the SAI, who retains overall
responsibility for the system of quality control.”
 The Head of the SAI should take overall
responsibility for the quality of all work
performed by the SAI.
 The Head of the SAI may delegate authority
for managing the SAI’s system of quality
control to a person or persons with
sufficient and appropriate experience to
assume that role.
 SAIs should strive to achieve a culture that
recognises and rewards high quality work
throughout the SAI.
 RELEVANT ETHICAL REQUIREMENTS
• SAls should emphasise the importance of meeting relevant ethical
requirements in carrying out their work.
• All SAI personnel and any parties contracted to carry out work for
the SAI should demonstrate appropriate ethical behaviour.
• The Head of the SAI and senior personnel within the SAI should
serve as an example of appropriate ethical behaviour.
• The relevant ethical requirements should include any requirements
set out in the legal and regulatory framework governing the
operations of the SAI.
• Ethical requirements for SAIs may include or draw on the INTOSAI
ISSAI 130 - Code of Ethics and the IFAC ethical requirements, as
appropriate to its mandate and circumstances and to the
circumstances of their professional staff.
 The ethical principles that guide the work of Auditors who
conduct audit in accordance with the assigned mandate are:
Public interest
Trust, Confidence and Credibility
Integrity
Objectivity
Independence
Professional behavior and development
Due care and concern
Professional secrecy
Political Neutrality
Conflict of interest
 ACCEPTANCE AND CONTINUANCE
 SAI should establish policies and procedures
designed to provide the SAI with reasonable
assurance that it will only carry out audits and other
work where the SAI
a) is competent to perform the work and has the
capabilities, including time and resources, to do so;
b) can comply with relevant ethical requirements; and
c) has considered the integrity of the organisation
being audited and has considered how to treat the
risk to quality that arises.
 APPLICATION GUIDANCE FOR SAIs

 For all audits and other work carried out, SAIs

should establish systems to consider the risks to
quality which arise from carrying out the work.
These will vary, depending on the type of work
being considered.
 SAIs normally operate with limited resources.
SAIs should consider their work programme and
whether they have the resources to deliver the
range of work to the desired level of quality.
 SAIs should assess if a material risk to their
independence exists
 Where such a risk is identified, the SAI should
determine and document how it plans to
address this risk
 SAls should ensure that their risk
management procedures are adequate to
mitigate the risks of carrying out the work.
 SAls should consider disclosing in their
reports any specific matters that would
ordinarily have led the SAl to not accept the
audit or other work.
 HUMAN RESOURCES
 SAls may draw on a number of different sources
to ensure they have the necessary skills and
expertise to carry out the range of their work
 SAls should ensure that responsibility is clearly
assigned for all work carried out by the SAI.
 SAls should ensure that personnel, and parties
contracted to carry out work for the SAI have the
collective competencies required to carry out the
work.
 SAls should ensure that Human Resources
policies and procedures give appropriate
emphasis to quality and commitment to the SAI’s
ethical principles. Such policies and procedures
related to human resources include:
Recruitment
performance evaluation;
professional development;
capabilities (including sufficient time to
perform assignments to the required quality
standard);
competence (including both ethical and
technical competence); - career development; -
promotion; - compensation; and - the
estimation of personnel needs.
 PERFORMANCE OF AUDITS AND OTHER WORK

 SAIs should ensure appropriate policies, procedures and

tools, such as audit methodologies are in place for
carrying out the range of work that is the responsibility
of the SAI, including work that is contracted out.
 SAIs should establish policies and procedures that
encourage high quality and discourage or prevent low
quality.
 SAls should ensure that applicable standards are
followed in all work carried out, and if any requirement
in a standard is not followed, SAls should ensure the
reasons are appropriately documented and approved.
 SAls should ensure appropriate quality
control policies and procedures are in place
for all work carried out.
 SAls should aim for timely completion of
audits and all other work with proper
documentation
 SAIs should ensure that they retain all
documentation for the periods specified in
laws, regulations, professional standards
and guidelines.
 MONITORING

 An SAI should establish a monitoring process

designed to provide it with reasonable
assurance that the policies and procedures
relating to the system of quality control are
relevant and adequate and are operating
effectively. In this regard SAI should ensure:
their quality control system includes independent
monitoring of the range of controls within the SAI
If work is contracted out, SAIs should seek confirmation
that the contracted firms have effective systems of
quality control in place.
 SAls should ensure the results of the monitoring
of the system of quality control are reported to
the Head of the SAI in a timely manner
 SAls should have procedures for dealing with
complaints or allegations about the quality of
work performed by the SAI.
 SAls should consider whether there are any
legislative or other requirements to make
monitoring reports public or to respond to public
complaints or allegations related to the work
carried out by the SAI.
THANK YOU