Financial Audit

Financial Audit A mapping tool for ISSAI Implementation

Draft Version 1 December 2012

iCAT

iCAT:FinancialAudit

Howtoreadthisdocument

TheISSAIComplianceAssessmentTool(iCAT)isdetaileddrilleddowntool,basedentirelyontheISSAIsat

level2andlevel4oftheISSAIframework.ThistoolismeanttoassistSAIsinmappingtheircurrentaudit

practicestoISSAIrequirements,sothattheycanidentifytheirneedsforISSAIimplementation.

This document is divided into seven chapters. The first chapter explains briefly the ISSAIs, the ISSAI

framework and the format of the iCAT. The ISSAI requirements at level 2 of the ISSAI framework are

detailed in Chapter 2. This chapter needs to be readwithAnnexe1. Chapters 3 to 6 contain detailed

guidanceonhowtoassessthecurrentauditpracticeagainsteachISSAIrequirementforfinancialauditat

level 4 of the ISSAI framework. For the purpose of assessing current audit practice, the ISSAI

requirements at level 4 have been categorised as per the stages of a financial audit process. These

chaptersshouldbereadwithAnnexe2thatcontainsall ISSAIrequirementsat level4.Thelastchapter

providesguidanceonwritingareportbasedontheuseoftheiCAT.Thisreportwouldbenecessaryfor

theSAImanagementtoformulateitsstrategyforISSAIimplementation.

Thisisthefirstdraftversionoftheguidancedocument.Itisstillworkinprogress.Yourcomments,

suggestionsandfeedbackwillhelptheprojectteaminfurtherrefiningthistoolandmakingitmore

relevantandusefulforallstakeholders.

iCAT:FinancialAudit

TableofContent:

Chapter Topic Pageno.

1. ImplementingISSAIsandIntroductiontoISSAIComplianceAssessmentTools(iCATs)

4

2. UnderstandingthePrerequisitesforRobustAuditPractices–ISSAIsatlevel2andAscertainStatusonLevel2ISSAIRequirements

20

3. Pre-engagement

29

4. PlanninganAuditofFinancialStatement

44

5. Fieldwork

58

6. ConclusionandReporting

69

7. WritingtheISSAIComplianceAssessmentReport

80

iCAT:FinancialAudit

Chapter1:ImplementingISSAIsandIntroductiontoiCAT

Page4

Chapter1

ImplementingISSAIsandIntroductiontoISSAIComplianceAssessmentTools(iCATs)

Introduction

The International Organization of Supreme Audit Institutions (INTOSAI), the umbrella organization for

the external auditing community, has, since it was founded in 1953, developed and improved public

sectorauditingworldwide.Standards,guidelinesandbestpracticesaredevelopedundertheauspicesof

three of INTOSAI’s standing committees, the Professional Standards Committee (PSC), the Knowledge

SharingCommittee(KSC)andtheCapacityBuildingCommittee(CBC).Theadoptionofacomprehensive

setofInternationalStandardsforSupremeAuditInstitutions(ISSAIs)atthe2010INTOSAICongressgives

INTOSAImembers anupdated frameworkof international standards, guidelines andbestpractices for

public sector auditing. The standards are of significant value for member SAIs as well as providing a

commonframeofreferenceforpublicsectorauditing.In2010INTOSAIidentifiedtheimplementationof

theInternationalStandardsforSupremeAuditInstitutions(ISSAIs)frameworkasakeystrategicpriority

forthecomingyears.

In line with the Lima and Mexico Declarations and recognizing the independence of each individual

INTOSAI member to determine its own approach consistent with national legislation, through the

JohannesburgAccords theXX INCOSAI calledupon INTOSAImembers touse the ISSAI frameworkasa

common frameof reference. InadditionSAIswereencouraged to implement the ISSAIs inaccordance

with their mandate and national legislation and to measure their own performance and auditing

guidanceagainsttheISSAIs.

The implementation of the ISSAI framework is a demanding task that requires attention at global,regionalandcountrylevels.

The INTOSAI Strategic Plan and the ISSAI Rollout Model approved by INTOSAI Governing Board inOctober2011mandatedtheIDIto‘supportISSAIImplementation’.InkeepingwiththismandatetheIDIhas launched a comprehensive capacity development programme called the ISSAI ImplementationInitiative(3iprogramme).

InthischapterwewillprovidebriefinformationontheISSAIFramework,discussstrategicconsiderationsthat an SAI needs to think of in implementing ISSAIs, the process of ISSAI implementation and alsointroduceyoutotheISSAIComplianceAssessmentTool.Inthischapterwewillgetabriefoverviewof

iCAT:FinancialAudit


Page5

theISSAIComplianceAssessmentTool(iCAT)intermsofitspurpose,formatandsomebroadprinciplesonhowtousethetool.

ISSAIFramework

INTOSAI issues two sets of professional standards: The International Standards of Supreme AuditInstitutions(ISSAIs)andtheINTOSAIGuidanceforGoodGovernance(INTOSAIGOV).

The ISSAIs and INTOSAI GOVs convey the generally recognized principles and shared professionalexperiencesoftheinternationalcommunityofSupremeAuditInstitutions.AllISSAIsandINTOSAIGOVsaredevelopedandmaintainedinaccordancewiththeDueProcessforINTOSAI’sProfessionalStandardsandissuedafteradecisionoffinalendorsementbyallSupremeAuditInstitutionsatINTO-SAI’scongress(INCOSAI).

TheISSAIsaimtosafeguardindependentandeffectiveauditingandsupportthemembersofINTOSAIinthedevelopmentoftheirownprofessionalapproachonthebasisoftheirspecificmandate.

TheISSAIsformahierarchyofofficialpronouncementswithfourlevels:

Level1-FoundingPrinciples(ISSAI1)

Level1oftheISSAIframeworkcontainsthefoundingprinciplesofINTOSAI.ISSAI1TheLimaDeclarationfrom1977callsfortheestablishmentofeffectiveSupremeAuditInstitutionsandprovideguide-linesonauditingprecepts.ThefullsetofISSAIsdrawandelaborateonthishistoricaldocument.

Level2-PrerequisitesfortheFunctioningofSupremeAuditInstitutions(ISSAIs10-99)

ThePrerequisitesfortheFunctioningofSupremeAudit InstitutionscontainINTOSAI’spronouncementson thenecessarypreconditions for theproper functioningandprofessional conductof SupremeAuditInstitutions. These include principles and guidance on independence, transparency and accountability,ethics and quality control. The prerequisites may concern the institution’s mandate and furtherlegislationaswellastheestablishedproceduresanddailypracticesoftheorganizationanditsstaff.Byissuing pronouncements on these generally accepted prerequisites, INTOSAI aims to advance soundprinciplesfortheeffectivefunctioningofpublicsectorauditingonaninternationallevel.2/2

Level3-FundamentalAuditingPrinciples(ISSAIs100-999)

The PSC Harmonisation Project is drafting new ISSAIs 100, 200, 300 and 400 on Level 3 of the ISSAIframework.Youcanreadmoreabouttheprojectatwww.psc-intosai.org

Level4-AuditingGuidelines(ISSAIs1000-5999)

TheAuditingGuidelines translate the fundamental auditing principles intomore specific, detailed andoperationalguidelinesthatcanbeusedonadailybasisintheconductofauditingtasks.ThepurposeoftheguidelinesistoprovideabasisforthestandardsandmanualsonpublicsectorauditingwhichmaybeappliedbytheindividualmembersofINTOSAI.Eachguidelinehasadefinedscopeofapplicationandmaybeadoptedinfulloradaptedasnecessarytoreflecttheindividualcircumstancesofthejurisdiction.Such

iCAT:FinancialAudit


Page6

circumstancesmayincludethelegalmandateandfurtherstrategiesandcapacityoftheSupremeAuditInstitutionaswellas thespecificpurposeandcharacterof theauditassignments.Someof the level4guidelines include specific requirements related to authority. The General auditing guidelines (ISSAIs1000-4999)containtherecommendedrequirementsoffinancial,performanceandcomplianceauditingand provide further guidance to the auditor. They are developed and continuously updated byspecialized subcommitteesanddefine the internationally recognizedbest currentpracticewithin theirgeneral scope of application. The Guidelines on specific subjects (ISSAIs 5000-5999) pro-videsupplementary guidance on specific subjectmatters or other important issueswhichmay require thespecialattentionofSupremeAuditInstitutions.TheseguidelinesexpressthekeylessonsresultingfromthesharingofknowledgeandgoodpracticesamongINTOSAI’sexperts.

WhyshouldanSAIconsiderimplementingISSAIs?

Before any SAI takes on theonerous taskof implementing the ISSAIs, a question thatwould come to

mindis‘whatpossiblebenefitcantheSAIgetfromtakingonsuchaproject’.ItisimportantfortheSAI

topmanagementtoanswerthisquestionandbeconvincedabouttheanswerbeforeplungingintoISSAI

implementation.ThedraftCBCguidanceonImplementingtheISSAIs–StrategicConsiderationsliststhe

followingthreebenefits

Quality -Carryingoutaudits inaccordancewithglobally

accepted standardswill ensure a certain level of quality

andconsistencyinaudits.AllSAIsstrivetoearnthetrust

of citizens and stakeholders alike. Applying

internationally accepted standards in audits is one

important step in the direction of earning this trust. A

high-quality standard will reduce auditor’s risk. The

credibility of all audit organizations is built on the quality achieved in its audits. The use of globally

acceptedstandardswillsimplifybenchmarking,regionalqualityassuranceinitiativesandpeerreviewsas

wellasthesharingofexperiencesinotherways.Usingsimilarauditmethodsindifferentcountriescan

inspireorganizationstocontinuousimprovement.

Credibility - Using globally accepted standards will strengthen the credibility of both the audit

organizationanditsauditors.Externalstakeholderswillgainincreasedconfidenceandtrustinthework

of auditors using globally accepted standards. The results and conclusions of an audit conducted in

accordancewithgloballyacceptedstandardscanstandexternalscrutiny.Thetransparencyprovidedby

using standards well-known to audited organizations and other stakeholders also leads to increased

credibility of the audit results. Increase in credibilitywill help SAIs engagewith their stakeholders for

improvedinstitutionalframeworkandstrongerauditmandates.

iCAT:FinancialAudit


Page7

Professionalism-Standardsformthebasisforprofessionalizationofauditorsandauditorganizationsby

providing a structured process for the audit work. Common standards can improve opportunities for

exchange of professional views and experiences across national and sector borders. Joint training

activitiesandsharingexperienceswillbeeasierifauditorsapplythesamesetofprofessionalstandards.

Globallyacceptedstandardsalsoprovideacommonlanguagebetweenpublicandprivatesectorauditors

in areas of similar responsibilities. Applying globally accepted standards will strengthen the audit

professioningeneral.

StrategicConsiderationsinImplementingISSAIs

If an SAI decides to implement ISSAIs, it is recommended that theymay like to thinkof the following

considerations

1. Implementing ISSAIs involves institutional, organisational and professional staff capacity

development – As you have seen above the ISSAI framework operates at both the SAI and the

individual audit level. As such it encompasses not only all functions in an SAI, but also covers the

institutionalframeworkwithinwhichtheSAIoperates.WhileconsideringISSAI implementationthe

SAImanagementwouldneed toput inplace strategies that coverall threeaspects. E.g. if theSAI

management is considering ISSAI compliance in its performance audit function, it would not be

enoughto justtrainSAIstaff inperformanceaudit ISSAIs.TheSAIwouldneedto lookat introduce

changesinitsperformanceauditpracticeatanorganisationallevel.Itwouldneedtoconsiderissues

like appropriatemandate, competent staff, ethical considerations, auditmethodology and quality

control.

2. ISSAI Implementation, Strategic Planning and SAI Capacity Development may not be different

process–WebelievethatimplementingISSAIs,developingandimplementingastrategytoachievea

vision and developing capacity of the SAI are all different aspects of one and same process. It is

important for the SAI leadership to understand and integrate these processes and not to start

separateprocessesthatmayleadtoduplication.

3. RoleofSAILeadership–SAIleadershipneedstoplayadefiningroleinimplementingISSAIs.Creating

a conducive culture and environment, formulating a strategy for implementation, engaging with

internal and external stakeholders and putting in place a robust monitoring and evaluation

mechanismaresomeofthekeyrolesforSAIleadership.

4. Leading and Managing change – One important aspect of ISSAI Implementation is change

management.Asdiscussedearlier,ISSAIimplementationwouldimplyarelookandpossiblechanges

inallareasoffunctioninginanSAI.Thiscancreateuncertainty,fearandresistanceinSAIstaff.The

iCAT:FinancialAudit


Page8

SAImanagementandleadershipneedstocarefullyconsidertheimplicationsofchangeandthinkof

measure tomanagechange.Raisingawarenessof ISSAIs,adoptingaparticipatoryapproach to the

implementationprocess, creating champions for ISSAI implementation,providingopportunities for

acquiringrequiredknowledgeandskillscouldbesomeofthechangemanagementstrategiesthatan

SAIemploy.

5. SAI environment - Regardless of whether a SAI decides to implement the ISSAIs for financial,

compliance,orperformanceaudit,theorganisationneedstotakeintoconsiderationbothitsinternal

andexternalconditions.TheimportanceofdifferentconditionsmayvarydependingonwhatISSAIs

are being implemented. However, accounting and financial management systems, access to

necessaryinformation,relationstoparliamentandotherstakeholdersaswellasthecountry’saudit

culture are relevant to all audit tasks. These conditions may provide opportunities or limitations

whichwill influence the implementation of ISSAIs. If the SAI is considering introducing new audit

tasksinaccordancewiththeISSAIs,itisimportanttoensurethattheSAIhastherequiredmandate

and all legal prerequisites are in place. Furthermore, it is important to ensure that there is an

appropriateandfunctioningrecipientofauditresults.Introducingnewauditstandardsandpractices

willnotonlyaffecttheSAI,butalsotheauditedorganizationsandtheparliament.Itisthereforevery

important to consider when and how to communicate with external stakeholders to ensure a

smooth implementationprocess. Informingstakeholdersofthemotivesbehindandbenefitsofthe

introduction of new standards is very important in order to create a supportive environment for

auditsinaccordancewithISSAIs.

6. Stakeholder Expectations – In decidingon the implementationpath tobe followedan SAI should

ascertainandconsidertheexpectationsthatitsclientsandexternalstakeholdershave.

7. Impact of implementation - It is important to differentiate ISSAI requirements that will create a

paradigmshiftintheauditpractice,fromthosethatmightonlyinvolvechangesinsomeprocedures.

8. Resources required – If the ISSAIs are to be implemented and its requirements followed, an SAI

would require considerable resources in terms of funds, systems, people etc.While developing a

strategy the SAI should develop an implementationmatrix where it details its plan for putting in

placetherequiredresources.

ProcessofISSAIImplementation

In our view an ISSAI Implementation Process is the same as a strategic planning process.We would

recommendthefollowingstagesintheimplementationprocess

iCAT:FinancialAudit


Page9

Assessing ComplianceNeeds

•ThefirststepforaSAIistoascertainISSAIrequirements,assessthestatusoftheSAIvisavistherequirements,thecausesfornoncomplianceandSAIneedsinordertobecompliant.TheendproductofthisstagewouldbeanISSAIComplianceAssessmentReport.

DevelopISSAIImplementation

Strategy

•BasedontheissuesandcausesidentifiedintheISSAIComplainceAssessmentreport,theSAImanagementshoulddetermineanimplementationstrategythatarticluatesitsvisionandgoalsforISSAIimplementationandthestrategythattheSAIwillemploytoreachthegoals.Abroadbasedparticipatoryapproachisrecommended.

ImplementStrategy

• TheSAIleadershipshouldputinplaceamechanismforimplementingitsstrategy.ItisadvisablethatthismechanismbeintegratedwiththelinefunctionoftheSAIandnotrunparalleltothesefucntions.TheSAIwouldberequiredtodothingsdifferentlyratherthatdifferentthiings.

MonitorandEvaluate&LessonsLearned

•TheSAIneedstohavearegualrmechanismformonitoringimplementationacitivtiesandmanagingimplementationrisks.TheSAIshouldalsoprovideforperiodicevaluationofitsISSAIimplementationefforts.ThelessonslearnedinimplementationwouldhelptheSAIinenhancingitsfutureimplementationefforts.

ReportonPerformance

•TheSAIshouldreportontheextentofitsachievementsinaoverallperformancereporttoitsstakeholders.

iCAT:FinancialAudit


Page10

IntroductiontoISSAIComplianceAssessmentTool(iCAT)

Asmentionedintheprevioussection,thefirststepinimplementingISSAIsisassessingtheSAI’spresent

levelofcompliance.Thisisdonebycomparingitsauditpracticestotherequirementsrecommendedby

the ISSAIs. In order to assist the SAIs in assessing their complianceneeds the IDI has developed ISSAI

ComplianceAssessmentTools.AtoolsetoffouriCATshavebeendeveloped.Theyare

1. iCATforLevel2ISSAIs

2. iCATforLevel4FinancialAuditISSAIs

3. iCATforLevel4PerformanceAuditISSAIs

4. iCATforLevel4ComplianceAuditISSAIs

ThepurposeoftheiCATsistopresenttheISSAIrequirementsinasimpleformanddefineaprocessfor

assessingcompliance

iCATFormat

While the individual iCATsmayhave some variation in their formats, depending on the nature of the

level4ISSAIs,alltheiCATShavethefollowingcommoncomponents

ISSAIReference

ISSAIRequirement

StatusofCompliance

Mechanism/InstrumentofCompliance

Reasonsfornoncompliance

This columnreferences theISSAIrequirementtotheISSAI

This columncontains theISSAIrequirementinabriefform.

Three options areavailable for statusofcomplianceMet–Tobeselectedwhen therequirement isentirelymetPartially Met – Thisoption covers theentire gamut fromwhere the SAI hasjust startedimplementation ofthis requirement, ithas some elementsof compliance inplace, it has a largeextentofcompliancein place but is notentirelycomplaint,Not met – The SAI

Inthiscolumnthepersonconducting theiCAT shouldmention thespecificdocument,provision, systemthrough whichthe SAI complieswith the ISSAIrequirement. Thiscolumn will befilled inwhen thestatus ofcomplianceismetorpartiallymet

When the status ofcompliance is notmetor partially met, thereasons for noncompliance should berecorded here. Thiscolumnisimportantindetermining futureimplementationstrategy, which willinvolveaddressing thereasons for noncompliance

iCAT:FinancialAudit


Page11

does not complywith therequirementatallNot applicable– Therequirement is notapplicable to the SAIdue the laws andregulations thatgovernit.

GuidingPrinciplesforconductinganiCAT

iCATisnotanevaluationtool–TheiCATsformulatedasapartofthe3iprogrammeaimtohelpSAIsin

understandingISSAIrequirementsandassessingtheirneedsforcomplyingwithISSAIs.TheiCATisthus

formulatedasaneedsassessmenttoolratherthananevaluationtool.

ScopeoftheiCAT-Asapartofthe3iprogrammefour iCATshasbeendeveloped.Level2 ISSAIs iCAT,

FinancialAudit Level4 iCAT,PerformanceAudit Level4 iCAT,ComplianceAudit Level4 iCAT.As faras

possible, it is better to conduct all four iCATs so that a consolidated strategy can be developed for

implementationofISSAIs.However,ifthatisnotfeasibleinanSAI,thenitisrecommendedthattheSAI

conductthelevel2iCATalongwiththelevelfouriCATofthechosenauditstream.Thisisbecause,the

compliancegapsidentifiedatauditlevel(level4)wouldinvariablyhavetheirreasonsattheinstitutional

level(level2).

WhocanconductaniCAT–IftheSAIhasadequatecapacityitcandecidetoconductitsowniCATs.An

SAImayalsoaskforexternalsupportinhelpingitconducttheiCAT.ItisenvisagedthatthepoolofISSAI

facilitatorscreatedasapartof the3iprogrammewillhelptheirownSAIs,aswellasotherSAIs in the

regionsconductiCATs.ForthepurposeofobjectivityanSAImayalsoexercisethechoiceofhavingthe

iCATconductedbyanexternalteamfromtheregion.

iCATteam-WhatevertheapproachtheSAIselects,itisrecommendedthattheiCATbeusedbyateam

andnotasingleperson.FormingacompetentandcredibleneedsiCATteamisthefirststeptobetaken.

The iCAT team should consist of at least one trained ISSAI facilitator. Team members must have

managerial backgrounds so that they have a good organisational overview and necessary influence in

subsequentimplementation.BesidesmemberswhohaveagoodunderstandingofSAIlevelissues(level

2ISSAIs),theteamshouldalsohavememberswhoarewellconversantwiththerelevantauditpractice

asdefinedintheISSAIsandasactuallypracticedintheSAI.

iCAT:FinancialAudit


Page12

ParticipatoryApproach-Abroad-basedconsultativeprocessisrecommendedforconductingiCATs.Itis

importantfortheiCATteamtoconsultwithacrosssectionofSAIstaffacrossvariouslevels.Stafffrom

differentlevelsanddifferentareasoftheSAIshouldbeconsultedinthisprocessandtheirviewsshould

begivendueweightiniCAT.Externalstakeholders’viewsandneedsshouldalsobetakenintoaccount.

The involvement ranges from providing information or opinion to having an integral part on making

decisionsonneedsandpriorities.Themorepeoplefeeltheyareinvolved,thegreatertheownershipand

thuseffectivenessoftheresults.IftheSAImanagementisabletofacilitateownershipfortheprocessat

theiCATstageitself,thesubsequentstagesofdevelopingandimplementinganISSAIstrategywillhave

greateracceptanceintheSAI.

Top and senior management support – The success of the iCAT is highly dependent on the level of

commitmentathigh levels intheSAI.TheSAImanagementshould insistonknowingthesituationand

the needs as they are. The SAImanagement should also ensure that the iCAT team has the required

resourcestoconducttheiCAT.

Documentation – The iCAT team should systematically document all the working papers and the

evidencethat itgenerates infillingouttheiCATformat.Besideshelpingtheteaminlatercompilingits

ISSAIComplianceAssessmentReport,documentationwillalsobehelpfulinillustratingthefindingofthe

iCATtotheSAImanagementandhelpfutureiCATteamsinconductingsimilarexercises.

ProcessofconductinganiCAT

Planning the

iCAT–Likeany

other project,

conductinganiCATwouldrequireresourcesintermsoffinancialresources,infrastructure,time,people

etc.ItisrecommendedthattheiCATteamprepareanactionplandetailingthemilestones,theresource

requirementandtherisksattachedtotheachievementofeachmilestone.

Usevarietyofdatagathering tools– Inorder togatherdata to fill in the iCAT format the iCAT team

shoulduseavarietyofdatagatheringtoolslikefocusgroups,interviews,documentreview,surveyand

physical observation. It is important that the tool used is appropriate for gathering valid and relevant

information forassessing compliance. Forexample if the ISSAI facilitatorwants to check theextent to

whichapolicy isactually implemented, interviewingpeoplemaynotbeenough,he/shewouldhaveto

PlanningtheiCAT

Gatheringdatatofillintheformat

WritingISSAIComplianceAssessment

Report

iCAT:FinancialAudit


Page13

review documentation supporting implementation. A table listing the pros and cons of each tool is

attachedasAnnexe1.

WritingtheISSAIComplianceAssessmentReport–TheendproductofaniCATistheISSAICompliance

assessment report. The format of this report and guiding principles while writing this report are

containedinthelastchapter.

iCAT:FinancialAudit


Page14

Annexe1

ThefollowingfivetoolscanbeusedforgatheringdatatofilltheiCATformat.Theseare:

Document review: Process to gather/organise information contained in various documents to

achievepre-definedobjectives.

Interview: Data and information collection procedure in the form of a carefully planned set of

questionsthatisaskedthroughaconversationtoobtainin-depthideasandperceptionsonatopic

ofinterest

Focus group: Group of interacting individuals having some common interest or characteristics,

brought together by a facilitator, who uses the group and its interaction as a way to gain

informationaboutaspecificorfocusedissue.Discussionmethodcentresonkeylimitedquestions

Physical observation: Site visit by observers who record what they see/hear on site, using a

checklist

Survey: systematic process that uses standardised questionnaires to obtain information from a

largenumberofrespondents

Thisdocumentlistsvariousaspectsofthesetoolsinatable.

iCAT:FinancialAudit


Page15

Tools Purpose Skillsrequired Target Whentoconduct

Howtoconduct/Steps

Strengths Limitations

Documen

tReview

• UnderstandfunctioningofSAI• UnderstandenvironmentalforcesinfluencinganSAI• Identifyareasoffocus• Identifyinformationtobegathered• Validategatheredinformation• Findweaknesses/theircauses

• Languageproficiency• Abilitytoassimilatelargeamountsofinformation• Speedreading• Structured/systematicapproach• Analysis,evaluation,synthesis• Subjectmatterknowledge• Writingskills

• Initialreview-attheverybeginningofplanning• Continuousprocessas/whenneed/opportunityarises

1. Input2. Proces

sing3. Outpu

t

• ProvidesoverviewofSAI,itsactivitiesandtheenvironmentinwhichitoperates.• Allowstoreducevolumeofinformationtobeprobed• Canbeacrediblesourceofinformation

• Timeconsuming• Difficulttofindaskilfulperson• Lackofrelevantwrittenmaterialsoravailabilityoftoomanydocuments• Documentsmaynotmatchwithactualsituation

iCAT:FinancialAudit


Page16


Howtoconduct/Steps


Interview

Toobtainviews/opinionsoftheintervieweeondevelopmentneedsoftheSAI,suchas;• Keyresultareas• Challengestobeaddressed• Capacitybuildingstrategies• Supportrequired• etc.

• Languagefluency• Listeningskills• Goodobservationskills• Discussionleadingskills• Timemanagementskills• Abilitytoremainneutral• Goodwritingskills• Abilitytotakenotesquickly• Analyticalandsynthesisingskills• Knowledgeandexperienceonthesubject

Dependsontheinterviewpurpose:• FromwithinSAI• Fromamongexternalstakeholders

• AfterobtaininganunderstandingoftheSAI• Aftersurvey/documentreview

1. Planning

2. Conducting

3. Concluding

4. Documenting

• Providesflexibilitytoexplorenewideas/issues• Facilitatesexpressionofdiverseopinions/ideas• Allowsrespondenttoelaborate• Allowsprobing/clarification• Facilitatescommonunderstanding• Providesopportunitytoobtainsensitive/confidentialinformation• Providesopportunitytoobtaininformationfromnon-verbalcommunication

• Notappropriateforquantitativedata• Riskofgatheringunreliableinformation• Informationprovidedmaynotberepresentative• Susceptibletointerviewerbias• Difficulttoprovefindings• Noteasytoquantify/analyseinformationgathered• Canbetime-consuming

iCAT:FinancialAudit


Page17


Howtoconduct/Steps


FocusG

roup

• Togainaninsightintocertainissuesthrougha‘groupthinking’process

Knowledge:

• Groupinteractionanddynamics• Topicsofdiscussion

Skills:

• Activelistening/effectivesummarising• Askingquestions• Givingfeedback• Observingbehaviours• Focusingattention• Leadingdiscussions• Stimulatingandsustaininginterest

Attitudes:

• Empathy• Acceptance• Flexibility• Notdogmatic,opinionated,rigid,orauthoritarian• Dealingwithanotherpersonathis/herpace• Objectivityandimpartiality• Freedominexpressingideasandopinions• Displayingfaithandtrustinthegroup

• Composedofpeoplewhohavesomethingincommononsomespecifiedcriteriaofinterest• LevelofhomogeneitydependsonpurposeofFG• Notmorethan12ifdiscussionsinplenary• Asmanyas30ifdiscussionswillbeheldinsub-groups

AtanystageoftheNAprocess:• beforeothertoolsareused• Inpreparationforothertools• Afterhavinggathereddata

BeforeFocusGroup:• Definepurpose• Specifyparticipants• Developquestions• Checkthesettings

During

Focus

Group:

• Settheenvironment• Setexpectations• Askquestionsandgetresponses• Encouragefullparticipation• Keepthegroupontrack• Summarizeandclosethesession

After

Focus

Group:

• Makeconclusi

• Groupthinkingprocesscanenrichideasofindividualparticipants/qualityofdiscussions.• Caninteractdirectlywithparticipants(allowclarification,follow-upquestions,probing)• Cangaininformationfromnon-verbalresponsestosupplementverbalresponses.• Veryflexible

• Difficulttobringeveryonetogether• Requiresfinancialandmaterialresources• Limitedabilitytogeneralisetolargerpopulations• Maybiasresultsbyprovidingcuesaboutwhattypesofresponsesaredesirable• Resultsmaybebiasedbydominant/opinionatedmember• Dataanalysisisoftencomplexandtime-consuming

iCAT:FinancialAudit


Page18


Howtoconduct/Steps


PhysicalObservatio

n

• Toverify/appraiseSAI’sinfrastructure,technologyandsupportservices• Tocheckexistenceofdocuments• Tohavemoreconfidence,accuracy,reliabilityandvalidityoftheresultsofpriorNAtoolsused

• Atleasttwoobserverstomaximiseobjectivity• Observersnotworkingatthesitetoensureimpartial/externalviewpoint• Experiencedobserversonthesubjecttoenhanceappraisalsandcredibility

• Physicalinfrastructure(premises,offices,facilities,utilities)• Peopleworkingonsite,theirinteraction,• Interpersonalrelations• Workclimate• Stakeholdersrelations

• Aspreliminarytaskbeforeinterviews/documentreviews• AsvalidatingtooltoconfirmresultsofpriorNAtools.

1. Planning

2. Conducting

3. Concluding

4. Documenting

• Revealsrealconditionsofnaturalsettings• Timesavingtool• Providesquickappraisaloftheconditions/thingsorpeople• Requiresnoexpertisewhenanalysingtheresults

• Notrelevantforgeneralisation• Observerbias• Mayaffectbehavioursandreducereliabilityofresults

iCAT:FinancialAudit


Page19


Howtoconduct/Steps


Survey

• ToobtainfeedbackonSAIenvironment• TogatherinformationonSAIstructures,operationalframeworks,andemployees

• Formulatingquestions• Analyticalskills• Abilitytosynthesize• Dataanalysisskills• Subjectmatterknowledge

Dependsonfocusarea:• ForHR:employeesatalllevels• Forexternalstakeholderrelations:externalstakeholders• Forauditmethodologyandstandards:fieldauditorsandsenior/middlemanagement• etc.

• AtthebeginningofNAtogainoverallunderstandingofSAI’soperations• Atalaterstagetofocusonspecificareas• Whereinformationisrequiredfromawiderangeofgeographicallydispersedemployees• Whenintentionistoarriveataggregatedquantifiedinformation

1. Developingthesurvey

2. Implementingthesurvey

3. Dataentry

4. Dataanalysis

5. Recordingresults

• Informationcanbeobtainedfromalargenumberofrespondents• Widerangeofinformationcanbecollectedatonetime• Consistencyofdata• Easytoadminister• Costeffective

• Dependentonrespondents’motivation,memory,abilitytorespondeffectively• Respondentsnotmotivatedtoaccuratelyanswer,butpresentthemselvesinfavourablelight• Doesn’tfacilitatein-depthexaminationofcauses• Errorsduetononresponsemayexist• Couldhavesubjectiveresponses• Canbetimeconsuming• Doesn’tallowprobingformoredetailedinformation

InthenextchapterwewilldiscussabouttheLevel2ISSAIrequirements.Theserequirementsarethebasicpre-requisitesforrobustauditpracticesintheSAI.

iCAT:FinancialAudit

Chapter2:UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements

Page20

Chapter2

UnderstandingthePrerequisitesforRobustAuditPractices–level2ISSAIsandAscertainStatusonLevel2ISSAIRequirements

Introduction

As mentioned in the previous chapter the ISSAI framework is a very comprehensive framework thatarticulatesboth–thenatureofrobustauditpracticesinanSAIandthekeydriversat institutionalandSAI level that need to be in place for implementation of robust audit practices on a consistent basis.WhilethenatureandrequirementsforrobustauditpracticesareoutlinedinLevel3andLevel4ISSAIs,thekeydriversandprerequisitesforthesearehighlightedatlevel1andlevel2oftheISSAIFramework.

Assuchbeforegoingintothedetailsofimplementinglevel4ISSAIs,weneedtolookatthelevel2ISSAIsandunderstandtheir impactonLevel4 implementation issues.Forthepurposeofclarityandprocess,thischapterisdividedintotwoparts:

Part1–UnderstandingthePrerequisitesforRobustAuditPractices

Part2–AscertainstatusonLevel2Requirements.

Forunderstandingoflevel2ISSAIspart1canbeused.FromChapter3toChapter6level4iCATguidanceisdiscussed.Please consider that, status Level 2 requirementsof an SAIwill beascertainedonly afterchecking the Level 4 requirements (by following the guidance from Chapter 3 to 6). Though Level 2guidanceismentionedinChapter2,pleasecomebacktothischapteraftercompletingChapter3to6onLevel 4. At the endof the twoparts youwould be able to identify your SAIs needs regarding Level 2requirementsandalso link thegaps in Level2 requirements to thegaps in implementing level4 ISSAIrequirementswhichyouwillbeabletofindwhilegoingthroughChapter3to6.

Part1UnderstandingthePrerequisitesforRobustAuditPractices

Whatdoesa SAIneed forputting inplacewell functioningauditpractices that generatevalue for SAIstakeholders?AspertheISSAIsanSAIwould need the following fourprerequisites

These four prerequisites are the fourmain ISSAIs level2 ISSAIs thatwewilllook at.- ISSAI 10, 20, 30 and 40. Inrecent years SAIs have beenincreasingly expected to demonstratetheir own value and benefit to theirstakeholders. This has resulted in anumber of initiatives at the INTOSAI

ISSAILevel4RobustAuditPractices

ISSAI10Independence &LegalFramework

ISSAI30CodeofEthics

ISSAI20Accountability&TransparencyMechanisms

ISSAI40QualityControl

iCAT:FinancialAudit


Page21

levelthathavecentredaroundtheSAIatastrategiclevel.Suchinitiativesinclude:

• Mexicodeclaration (now incorporated in ISSAI10withexamples in ISSAI11) – lookingat therolesandresponsibilitiesofSAIs

• PrinciplesofTransparencyandAccountabilityofSAI (ISSAI20andexamplesprovided in ISSAI21)– lookingat fundamental goodprinciplesofhowanSAI shouldperform its functionsandwhattypeoffunctionsitshouldperform.

• CodeofEthics(ISSAI30)–providingaframeworkforensuringSAIbehaveatthehighestlevelofcredibility

• Quality Assurance (ISSAI 40) looking at the critical ingredients required to make a SAI meetstandardsrequiredtoaddcredibilitytoanyresultsorreportspublishedbytheSAIs.

The above documents form the basis for level 2 of the ISSAI framework and the participant shouldfamiliarizethemselveswiththedocuments.

The level 2 framework is also supported by a number of other publications and initiatives aimed atsupportingSAIs.Someofthesethatareimportantfortheparticipantsinclude:

• IDICapacitybuildinginitiativesandframeworks-thisprovidesamechanismforassistingSAIinidentifyingtheirneedstoachievethedevelopmentsrequiredtoperformtheirtaskswithintheISSAIframework.

• SAIPerformanceManagementFramework–thisprovidesaframeworkforreportingtheresultsoftheSAIandmeasuringitsimprovementovertime.(version2.0ofthisdocumentisavailableonwww.idi.no)

• SAIvalueandbenefits–thiswasthetheme1paperfromINCOSAIXXanditsummarizesalltheaspectsofdemonstratinghowSAIcanshowtheirvaluetotheirstakeholders.ItisintendedthatthedocumentwouldbeincorporatedintotheISSAIframework.

Therearenumerousotherdocumentsavailablearoundthistopic;howevertheoneslistedaboveprovideasufficientoverview.

TheISSAIsatlevel2requirecapacitydevelopmentofanSAIinallthreeareas

1. InstitutionalCapacityDevelopment2. OrganisationalSystemsCapacityDevelopment3. ProfessionalStaffCapacityDevelopment

Institutional capacity of an SAI refers to the SAI having the appropriate Independence and LegalFramework,mandateandenvironmenttocarryoutitscorebusinessfunctionseffectively.OrganisationalCapacityreferstotheinternalsystemsandprocessofaSAIandprofessionalstaffcapacityreferstoSAIpeopleandtheirabilitytocarryouttheirrolesprofessionally.

In order to have robust audit practices as described by level 4 ISSAIs, a SAI would need all threecapacities – Independence and Legal Framework, appropriate internal processes and structures andsufficient number of qualified people. The IDI’s Capacity Building Framework shown explains therelationshipbetweentherequirementsoflevel2ISSAIsandthethreeaspectsofcapacitybuilding.

iCAT:FinancialAudit


Page22

ThecapacitybuildingframeworkattemptstoshowapictureofboththecapacitiesthataSAImusthaveand the performance that the SAI must deliver to generate value for its stakeholders. For a SAI tocontribute to good governance, it needs to have required audit impact. In order to achieve the auditimpact the SAImust havehighquality audit outputs. These audit outputs are a result of robust auditpractices (ISSAI Level 4) or ‘SAI Core Processes’ as they are referred to in the capacity buildingframework. The key drivers of robust audit practices within the SAI are SAI Leadership and internalgovernance mechanism, SAI resources and SAI external stakeholder relations (Parliament, Executive,Media, Civil Society etc). It is the SAI leadership’s role to ensure that the governance mechanism(includingimplementationofcodeofethics),requiredresourcesandstakeholderrelationsareinplace.AcriticalfactoroutsidetheSAIthatcanhamperorhelptheSAI’sperformanceandeffectivenessistheSAI independenceandlegalframeworkandthegeneralpublicfinancialmanagementenvironmentthattheSAIoperatesin.

SAILeadershipdrivestheperformanceandcapacitybuildinginitiativesoftheSAI.TheleadersintheSAI

needtosetthetoneandtenorfordetermininghowthingswillbedoneintheSAI.TheSAIasawhole

also should set an example in good governance to be emulated by the audited entities. As such the

leadership should ensure good SAI governance in terms of its planning, code of ethics and conduct,

accountability&transparency,internalcontrolsandcontinuousimprovement.TheSAIleadershipwillbe

considerablyeffectiveinitsinternalgovernanceeffortsiftheyhaveinplacearobustandvibrantinternal

communicationmechanism.

ThiselementisthekeydrivertoensurethattheSAImakesthemostofwhatiswithinitscontrolthroughamongst others, effective strategic and operational planning. The category of managementarrangementshasbeenusedtoidentifythesekeydrivers.Thiselementthenbecomesthedriverfortheothersubelementsof:

iCAT:FinancialAudit


Page23

• Humanresources• Supportstructuresandinfrastructure

These two elements are taken as sub elements of the leadership and internal governance. As oftendeficiencies or areas for improvement in these areas require senior management intervention, forexample,identifyingandrunningtrainingprograms.

SAICoreProcessesconsistof:

• Auditstandards(aselaboratedintheISSAIFramework)• Auditmanualsandguidance• Auditplansshorttermandlongterm• Audittoolssuchascomputerassistedaudittechniques• Qualityassurance

AlltheseaspectsareaimedatensuringthatprofessionalandconsistentauditproductsaredeliveredbySAIs on a sustainable basis. The critical aspects are to ensure that the processes and intentions arereflected in the practice of the SAI and are not simply documents produced but not followed by theauditors.

ExternalStakeholderscanbeseenfromtwodistinctperspectives,namely:

• Reportingtostakeholders• Communicationwithstakeholders

Reporting is often a combination of what is mandated and what may be good practice. This oftenincludesreportstoparliamentandtotheauditedentities.SAIareoftenalsoexpectedtoproducereportson their own performance. SAI annual report or equivalent provides an opportunity for the SAI todocumentitsachievementsaswellastheresultsfromtheauditsconducted.

IntermsofcommunicationwithstakeholdersSAIshaveaveryimportantroleindealingwithlegislatures,mediaandauditedentity.OftenenhancingtheprofileandimageoftheSAIcanimproveitseffectivenessincarryingoutitsauditsthroughimprovedcooperation.

ForexampleifanSAIwheretoconsiderimplementingLevel4ISSAIinPerformanceaudititwouldneedanappropriatemandatetodoso,strongsupporting institutionalstructures i.e.awell functioningPAC.Leadershipthatdrivestheimplementationprocessandputsinplacenecessarysystemsandstructurestoensure implementation, qualified people and adequate resources and good relations with importantstakeholders.

AssuchimplementingISSAIsandbuildingcapacityofaSAIareinactualfactoneandthesameprocess.!

Seeingthismatch,wehavetriedtocategorisetheISSAIrequirementsat level2intothefollowingfourcategoriesandsubcategories

iCAT:FinancialAudit


Page24

The first category refers to the institutional capacityof the SAI anddescribes the requirementsunderISSAI10.ThesecondcategoryreferstotheorganizationalandprofessionalstaffcapacityoftheSAIthatisdrivenbySAIleadership.AcombinationofLevel2ISSAIrequirementsareplacedunderthiscategory.The third category refers to SAI coreprocesses,whichare theSAI level requirements specific toauditprocesses. The fourth category refers to external stakeholder relations both in terms of reportingrequirementsandcommunicatingwithstakeholdersforauditeffectivenessandimpact.

Thelevel2ISSAIrequirementsplacedunderthesefourcategoriescanbeseenintheexcelsheetcalledISSAILevel2Requirements.

Part2ofthischapterdescribestherequirementsandhowtoassessneedsrelatedtotherequirements.Whilewewould recommend that you read through thePart 2 now, the actual collectionof data andfillinginoftheformatshouldbedoneafteryouhavecompletedtheiCATformatforlevel4.

Independence&Legal

Framework

Leadership&InternalGovernance•Codeofethics•ManagementArrangements•Resources

SAICoreProcesses

ExternalStakeholderRelations•ReportingPractices•Communication

iCAT:FinancialAudit


Page25

Part2–AscertainStatusonLevel2ISSAIRequirements

The ISSAI framework is a very comprehensive framework that articulates the nature of robust auditpractices inanSAIaswell as thekeydriversat institutionalandSAI level thatneed tobe inplace forimplementationofrobustauditpracticesonaconsistentbasis.ThenatureandrequirementsforrobustauditpracticesareoutlinedinLevel3andLevel4ISSAIs,andthekeydriversandprerequisitesforthesearehighlightedatlevel1andlevel2oftheISSAIFramework.

Inpart1wehavementionedthatbeforegoingintothedetailsofimplementinglevel4ISSAIs,weneedtolookatthelevel2ISSAIsandunderstandtheirimpactonLevel4implementationissues.FromChapter3 to Chapter 6 you will conduct the check for the Level 4 ISSAIs. You will ascertain the status ofcompliance at Level 4 in these four modules. You will also identify what are the reasons for non-complianceoftherequirementsatLevel4intheChapter3to6.

You will see that the reasons for non-compliance lies at the issues which actually the drivers orprerequisitesforLevel4ISSAIs.TheseareallhighlightedatLevel2ISSAIs.SoitisclearthatatLevel2onastrategiclevelSAIscantakemeasuresthatwouldsolvetheissuesofnon-complianceattheLevel4.InthischapteryouwilllookintothislinkagebetweenLevel2andLevel4ISSAIs,alsohowthegapsinLevel2requirements linedtothegaps in implementing level4 ISSAIrequirements.BasedonyoufindingsatLevel2andLevel4youwillwritetheISSAIComplianceAssessmentReport.

1. AscertainthestatusofLevel2ISSAIrequirements

Beforeascertainingthestatusoflevel2ISSAIrequirementsyouwouldhavedonethefollowingactivities:

• Understoodlevel2ISSAIrequirementsinChapter2• CompletedtheiCATformatforlevel4inChapter3toChapter6

OnthisbasiswewillnowproceedtodiscusshowtoidentifySAIneedsandascertainthestatusatlevel2.Thisstepintheprocesswillalsohelpyouinconsolidatingyourfindingsonlevel4ISSAIsparticularlythereasonfornon-compliancewhichisrelatedtotheLevel2ISSAIsandcreatethelinkagebetweenthetwolevelsofISSAIs.BasedonthiswewillpreparetheISSAIComplianceAssessmentReport.

4.1HowtocompletetheLevel2ISSAIRequirements

AswehavementionedinChapter2theiCATforLevel2containsalltherequirementsfromtheISSAI10-40.Alltheserequirementshavebeengroupedunderfollowingmajorcategories:

• Independenceandlegalframework• Leadershipandinternalgovernance

o Codeofethicso Managementarrangementso Resources

• SAIcoreprocesses

iCAT:FinancialAudit


Page26

• ExternalStakeholdero Reportingpracticeso Communication

In the following sectionswewill discusshow the columnsof the individual ISSAI requirements canbefilledinstepbystep.

Step1-CompletingColumns5and6ofLevel2ISSAIrequirement

Aftercompletionoflevel4oftheiCAT:

• workshopshouldbeheldwithrelevantseniormanagementtodiscussthefindingsonlevel4• Thepurposeoftheworkshopisforseniormanagementtoassignlevel4findingstotheirspecific

requirementswithinthelevel2ISSAIrequirements.

When completing the level 2 ISSAI requirement the participant should understand the relationshipbetween levels2 and4of the ISSAI Framework. Level 2provides the strategicdirectionand level 4 isaimedatthedetailsofauditpracticeswhenimplementingthestrategicaspects.

Therearethreepossibleresultstobeenteredintocolumn4SAIStatus,namely:

1. Fullcompliance–wherelevel2andlevel4requirementsaremet2. Partial Compliance – where level 2 requirements aremet but the implementation on

level4hasnotbeenachieved.(exampleprovidedbelow)orwhererequirementsaremetat level 4 and not at level 2 (This is highly possible for instance Principle 8, ISSAI 20requires that “The SAI reports are available and understandable to the wide publicthroughvariousmeans(e.g.summaries,graphics,videopresentations,pressreleases)”.While,attheSAIleveltheremaynotbesucharequirement,somefieldofficesmaybringoutsummaryoftheirperformanceauditreportsandissuepressreleasesaftertablingofaPerformanceAuditReport and satisfy ISSAI 3100, Section35onmakingaudit reporteasilyaccessibletogeneralpublic).Anotherreal-lifeexamplethatwasquotedbyseveralparticipantsoniCATrelatingtodisclosureofthesourceofdataintheauditreportisthatwhile there isnosuchrequirement in their standards todisclosesourceofdata, ithasbeenfollowedintheperformanceauditengagementsreviewedbythem.

3. Noncompliance–whererequirementsonlevel2and4arenotmet

ExampleofPartialCompliance:

If the SAI has no individual declaration of interests for each audit, but the SAI has an organizationalpolicy.ThenthiswouldbereflectedintheiCATasfollows:

• Withincolumn4theSAIstatuswouldbepartiallyimplemented• Within column 5 the entry should be that there is a finding with regard to “no individual

declarationintheauditfiles”fortherequirementsunderISSAI30paragraph13.

Column6shouldbeusedtostatewhatactionneedstobetakenandwithinwhattimeframe.

iCAT:FinancialAudit


Page27

Information gathered in Column 6 can then be used to complete the ISSAI Compliance AssessmentReport.

Step2-CompletingColumns3and4ofLevel2ISSAIrequirement

i. Independence and Legal Framework

ThissectionlargelydealswithISSAI10whichaspreviouslystatedlinkstotheMexicoDeclaration. TheISSAIrequirementscan largelybe linked inmost jurisdictionstotheenabling legislationoftheSAI (SAIlaw).Mostoftheaspectsshouldbereadilyidentifiablefromthelaw.FurtherenquiriesfromtheHeadoftheSAItoclarifyuncertaintiesmaybeuseful.

It is important tosimply identify theresponsibilitiesandnotnecessarily toassess the implementation.ForexampleifaSAIcan“selecttheauditissues”butinpracticeisnotdoingsothisshouldbeincludedincolumn4(SAIstatus)aspartiallycomplying.TheremaybereferencestotheSAIsinotherlegislation,forexample,relatingtotheSAIbudget(principle8ISSAI10).Intheseinstancestheparticipantmayneedtobeawareofsuchdocumentsandreferencethemincolumn3oftheiCAT.

ii. Leadership and Internal Governance

CodeofEthics

ThissectionlargelydealswiththeISSAI30CodeofEthics.InmanySAIsthisiscoveredthroughpoliciesattheentitylevelaswellasthroughdeclarationsmadeineachauditengagement.Theparticipantshouldobtainthesedocumentsandassesswhattypeofcomplianceisexpectedbythestaff(forexampleannualdeclarationsofincomeandassets).

If there is anabsenceof compliance tools suchasannualdeclarations thesewill behighlighted in thelevel4assessmentandwillbeincludedincolumns5and6oftheiCAT.

ManagementArrangements

This section takes fundamental aspects of the SAI leadership and internal arrangements at a strategiclevel.Thissectionwillgiverisetotheimportantelementsthatincludestrategicplanningandthereforeprioritization for future decisionmaking.Whatever the SAI is deciding to domust be communicatedthroughthisareaandthereforerepresentsafundamentalareawheremanyimprovementsatlevel4oftheframeworkwillbemanaged.

Thissectionshouldbecompletedthroughreviewsofstrategies,businessplansandotherkeystrategicdocumentationincludingperformancemanagementpolicies,qualityassurancepoliciesandrecruitmentplans.

Resources

This aspect of the internal governance and leadership follows directly from the managementarrangements.This is theassessmentof the requirementsof theSAIandshouldbe identified throughreviews and studies and be included in key policies and strategies. Therefore operational documentssuchasannualworkplansanddelegationsshouldbereviewed.

iCAT:FinancialAudit


Page28

Responses to this section should also relate to themanagement arrangementswhen considering thelevel 4 gaps. For example, issues regarding ISSAI 40 element 4 “ensuring staff have competencies tocarryouttheirwork”canbe linkedtothe itemunder managementarrangementsprinciple6 ISSAI20“the SAI measures the efficiency and effectiveness with which it uses its funds”. When completingcolumns5and6oftheiCATtheserelationshipswillbeanalyzedtoensurethattheactionplansareaspracticalaspossible.

iii. SAICoreProcesses

ThisareaoftheLevel2ISSAIrequirementsismainlyconcernedwiththeISSAI40QualityAssurance.Forthe SAI tomeet the requirements of level of the framework a numberof factors are required fromatechnicalperspective.Theseinclude:

• Auditreporting• Followuponauditfindings• Methodology• AuditingStandards

Alltheaboveneedtobeinplacetoensurethattheauditrisk(therisktheauditorreachesanincorrectconclusion)isminimized.Toassesstherequirements, itwillbeadvisabletoscheduleaninterviewwiththe person responsible for quality assurance and control in the SAI.Many of the practices should bedocumentedin instructionsthroughmanualsand/orcirculars.TheseshouldbeassessediftheyincludetheelementsstatedintheLevel2ISSAIRequirements.Ifthepracticeisstatedindocumentationandnotfollowed:atthisstagesimplystateundercolumn4thatthereispartialcompliance(tobeconsistentwiththe viewespousedat Step2 i. Independence and Legal Framework). When the level 4 assessment isundertakenthiswillidentifytheproblemoftheimplementation.

iv. ExternalStakeholder

ReportingPractices

This section lists all the reporting requirements identified in level 2 of the framework. There are 18requirements.ThisrepresentsalargeexpectationonSAIstoreportontheiractivitiesandresults.Manyof these reports can be included in a single SAI annual report for example. The participant shouldtherefore obtain all external correspondences that the SAI issues and assess them against the 18requirements.

ExternalStakeholderRelations

This section assesses the SAI relationship with its primary stakeholders. This can include: legislature,parliaments and special committees of parliament. The SAI may include this information in acommunicationstrategyandoftenhaveaspokespersonoranofficedirectly linkedto theHeadof theSAI.Itisadvisabletointerviewtherelevantpersonnelandobtainthenecessaryprotocols,strategiesandpolicies.Fromnextchapterguidanceonlevel4ISSAIsforFinancialaudit iselaborated.Guidancefor irststepofthe Financial audit process is Pre engagement and relevant ISSAIs is described in chapter 3.

iCAT:FinancialAudit

Chapter3:Preengagement

Page29

Chapter3

Pre-engagement

Introduction

ThischapterisrequiredtoensurethatthefacilitatoridentifiesthepreconditionsforenablingtheSAItoimplementlevel4ofISSAIframeworkoffinancialauditing.ItisimportantthatthefacilitatorunderstandstherequirementsexpectedwithinaSAIenvironmentbeforeconsideringanyspecificaudit.TheseaspectsincludefactorswhichrequiredecisionsthatareconsistentwithSAIpoliciesasdiscussedonlevel2.Inthischapterspecificreferencestopoliciesandareasforconsiderationarehighlightedfortheappropriatefoundationtobeputinplacebeforeanauditcommences.

Section1providesanoverviewofthefinancialauditprocessasisexplainedinthestandards.Section2highlightsalltheareaswheretherequirementswithintheiCATarecontained.Section3-6providesemphasistothemostimportantelementsofpre-engagement.

1. OverviewofthefinancialauditprocessandtheexpectationoftheISSAIfacilitator

1.1FinancialAuditProcess:

Figure1belowprovidesanunderstandingoftheauditprocess.Itisessentialtounderstandthattheauditprocessisnotsimplyaonewayprocessfromplanningthroughtoreporting.Reconsiderationofthecriticalaspectsoftheauditprocessiscontinuallyinneedofre-evaluation.Thisisreflectedinthefeedbackloopsinthefigurebelow.Forexample,whenevaluatingtheresultsfromtheauditfieldwork,theassumptionsmadeintheplanningregardingmaterialmisstatementmaybeincorrect.Inthissituationtheauditorisrequiredtoreflectthechangesintheplanningdocumentation.

iCAT:FinancialAudit


Page30

Figure1:AuditProcess

RBAAuditProcess

FormOpinionandReport

PreliminaryEngagementActivities

OverallAuditStrategy

RiskAssessmentandresponse

Designfurtherauditprocedures

IdentifyingandAssessingriskofmaterialmisstatement

Understandingtheentity’senvironmentincludinginternalcontrols

Understandingtheentity

ConductingFieldAudit

– Testsofcontrols– Substantiveprocedures

EvaluateResults

Accumulateandevaluatemisstatements

iCAT:FinancialAudit


Page31

1.2ExpectationsfromtheISSAIFacilitators

Table1belowprovidesanoverviewofwhattheISSAIfacilitatorisrequiredtodoateachstageoftheauditprocess.InadditiontotheexpectationsinTable1,theISSAIfacilitatorisrequiredtobefamiliarwiththeissuesdiscussedinlevel2oftheISSAIframeworkcoveredinChapter2.Forfinancialauditsomeoftheseissuesaregivenmoreemphasisasdiscussedintable2ofthismodule.

Atthisstage,theISSAIfacilitatorisexpectedtohaveaccesstoSAIfinancialauditseniormanagementandselectaminimumoftwoauditfilestosupporttheconclusionsdrawnfromthediscussionswithmanagement.

BeforelookingattheiCAT,thefacilitatorshouldunderstandtheauditingstandards.TheInternationalStandardsofSupremeAuditInstitutions(ISSAIs)forfinancialauditingarebasedontheprivatesectorInternationalStandardsonAuditing(ISA)issuedbytheInternationalFederationofAccountants(IFAC).TheISSAIsthereforecomprisesoftheentireISA.TheISAshaveaconsistentstructuresincludingrequirementsofthestandardsandthenreferencedtothisiswhatiscalledtheapplicationoftherequirements.Theapplicationiseffectivelyguidanceonunderstandingtherequirements.

TheISSAIsthenenhancestheISAwithspecificguidancefortheSAIenvironmentthroughtheuseofpracticenotes.Theseoftenprovideexamplesforthepublicsectorcontextorexplainsituationsinwhichthestandardsapply.

iCATcomprisesallrequirementsfrom36ISSAIs.InadditiontorequirementsfromInternationalStandardsonAuditing(ISAs)therequirementsfromthepracticenoteshavebeenadded.Altogether531requirementsareincludediniCAT.

InordertofacilitatetheuseofiCAT:

• Requirementshavebeensplitintoauditingphases:Pre-engagement,Planning,FieldworkandReportinganddescribedintherespectivemodulesofthecourse.Someoftheserequirementsflowthroughouttheauditprocessandthefacilitatorwillberequiredtounderstandthestartingpointoftherequirement.

• Whethertherequirementisimportantoninstitutionallevelorauditlevelhasalsobeenidentified.

• Documentsthatprovetheapplicationoftherequirementhavebeenoutlined,e.g.planningdocuments,workingpapers,auditreportetc.

iCAT:FinancialAudit


Page32

Table1:Overview–ActivitiesofISSAIFacilitator

AuditProcessReference

CoreTextmodule BriefDescription ISSAIreference ExplanationofISSAIFacilitatorknowledge

Preliminaryauditengagement

Chapter3 Thisstageoftheauditiswhereassessmentoftheauditrequirementsaremadeandtheauditteamcommunicateswiththeauditedentity

ISSAI1210 ThefacilitatorshouldunderstandtheSAIsstandardpracticeandassessifithasbeenappliedconsistently

OverallAuditStrategy

Chapter4 Togainahighlevelunderstandingoftheauditedentityandassessthemateriality.

ISSAI1300,1315and1320

ThefacilitatorshouldbeabletoidentifythedocumentationwithintheSAItorelatestotherequirementsoftheoverallauditstrategyandassesswhethertheelementsofthestrategyarecovered.

Riskassessmentandriskresponses

Chapter4 Theprocessinvolves:Understandingtheentityincludingitscontrolenvironment.Identifyingtheriskofmaterialmisstatementanddesigningfurtherauditproceduresforassessingtherisks.

ISSAI1200and1300series

TheISSAIfacilitatorisrequiredtounderstandtheSAImethodologyandhowitcoversthemainaspectsoftheauditplanningrequirements.AnassessmentofthemainelementsoftheSAIsprocessisthenassessedagainstauditfilestoseeiftheycontaintheinformationexpected.Assessmentoftheadequacyofthe

iCAT:FinancialAudit


Page33


CoreTextmodule BriefDescription ISSAIreference ExplanationofISSAIFacilitatorknowledgeplanningconclusionsandthedesignofauditproceduresisbeyondthescopeofthefacilitator.

FieldAudit Chapter5 Atthisstagetheauditorisattemptingtoprovidesufficientappropriateandreliableevidencetosupporttheconclusionsreachedbasedontestofcontrolsandsubstantiveprocedures.

ISSAI1500series Thefacilitatorisrequiredtoreviewauditfilesandassesstheadequacyandsufficiencyofdocumentationincludingtheapplicationofprofessionaljudgmentandprofessionalskepticism.Thefacilitatorisnotexpectedassesswhethertheproceduresfollowedareadequatetoaddresstherisksidentified

Evaluatingresults Chapter6 Thissectionisconcernedwithevaluatingresultsandassessingtheeffectoftheresultsonthenature,extentandtimingofauditworkaswellasconsiderationofreportingconsequences

ISSAI1450 ThefacilitatorshouldunderstandtheauditmethodologyfollowedbytheSAIandassesstheauditfilesselectedagainstthecriteria.

Forminganopinionandreport

Chapter6 Thisiswheretheoutputsfromtheauditprocess,namely:auditreportsandotherreportsare

ISSAI1700seriesand1800series

Thefacilitatorisexpectedtounderstandthedecisionstakentoarriveattheitemsincludedinthe

iCAT:FinancialAudit


Page34


CoreTextmodule BriefDescription ISSAIreference ExplanationofISSAIFacilitatorknowledge

produced reportandassessiftheyarecomplianttotherelevantstandardsandSAIpractice.

2. Institutionallevelconsiderationspriortoassessinganindividualaudit

Asthefacilitatoryouarealreadyfamiliarwiththelevel2considerationsoftheISSAIframework.Level2ISSAIsstateandexplainthebasicprerequisitesfortheproperfunctioningandprofessionalconductofSAIs.Thesearetheinstitutionallevelconsiderationsthatrequiredtobeanalyzedbeforeassessinganindividualauditprocess.

Thefocusshiftsslightlytoassessingtheseconsiderationsinthespecificcontextoffinancialauditing.Themainareaswheretheseconsiderationsarenecessaryarebroadlycoveredby:

2.1 Compliancetothelevel4financialauditISSAIs2.2 Assessmentoftheaccountingandlegalframeworkgoverningthefinancialstatementsin

yourjurisdiction2.3 ConsiderationoftheSAIbeforecommencingwithindividualaudits

2.1Compliancetothelevel4financialauditISSAIs

TheiCAThasidentifiedseveralreferencesforexampleISSAI1200.20wheretheuseofISAhastobecarefullyconsidered.Itstates“TheauditorshallnotrepresentcompliancewithISAsintheauditor’sreportunlesstheauditorhascompliedwiththerequirementsofthisISAandallotherISAsrelevanttotheaudit”.ThismeanstheSAIcannotdecidetofollowafewaspectsofISAanddepartfromothersandstillstatetheyarecomplyingwithISAsandthereforetheISSAIsforfinancialaudit.

Exampleswherethissituationwillneedtobeconsideredcouldincludethefollowingscenarios:

• WheretheSAIhasfundamentalcapacityrestrictionsinmeetingtheISSAIrequirementsfromcurrentresources

• Wherethestakeholderexpectationsortheauditingenvironmentdoesn’tprovideforfullISSAIimplementation

InthecaseofcapacityrestrictionstheSAIcanconsiderassessingthescopeoftheauditsandasstatedunderISSAI40(acceptanceandcontinuation)andshouldbringthistotheattentionoftheHeadofSAIoreventhelegislatureorbudgetauthority.TheSAIinthisregardshouldhaveanoverallplanthatwillbediscussedunderresourceconsiderationsbelow.

InthesituationwherefullISSAIimplementationmaybelimitedbytheenablingenvironment,forexample,wheretheaccountingframeworkisstillunderdevelopedorthescrutinyofthefinancialstatementsandauditreportishighlylimitedthereareseveralfactorsthattheSAIshouldconsider.

iCAT:FinancialAudit


Page35

FirstlytheSAIshouldassesswhataspectsoftheISSAIsarethemostrelevanttoimplementandbeginwiththese.InthisinstanceasstatedinISSAI1805.8theauditorcanconsidertheapplicabilityoftheISSAIs.IngeneraliftheinformationprovidedtousersisinsufficienttocovertheirneedsthentheSAIshouldidentifythedeficienciesandreportthemtotheappropriatestakeholders.

Secondly,SAIshouldassessoveralltheimportanceoftheISSAIsandidentifythekeyvaluetheISSAIswillprovideandfocusontheseareas.However,inthesesituationsitmaynotbepossiblefortheSAItostatethatitisauditingincompliancewiththeISSAIs.AstatementintheSAI’sstrategicdocumentationshouldreflectthisposition.TheSAIshouldrefertoISSAI1000.28forotheralternativesforcompliancetotheISSAIFramework.

InthespecificinstanceofthedeficiencyofthefinancialreportingframeworktheSAIshouldconsiderthesectionbelow.

2.2Assessmentoftheaccountingandlegalframeworkgoverningthefinancialstatementsinyourjurisdiction

TheISAsmakereferencetotheaccountingframeworkunderwhichthefinancialstatementsaremade.Therearetwoverypopularframeworksthatarewellestablishedintheinternationalcommunitynamely:

• InternationalFinancialReportingStandards(IFRS)• InternationalPublicSectorAccountingStandards(IPSAS)

TheseframeworksprovidecoveragefortherequirementsoftheISSAIs.Forexample,disclosuresinrelationtorelatedpartiesarecoveredbytheframeworks.Itisinthisregardthatthefinancialreportingframeworkneedstobecomprehensiveastoprovidetheusersofthestatementswiththerelevantinformationprovidedinasuitablyunderstandableformat.

Manyjurisdictionsareoperatingwithentitiesatdifferentlevelsofaccountingbases.ForexampleMinistriesmaybeoncashormodifiedcashbasiswhereascorporationscanbefullycomplianttoIFRS.TheIPSASexplainsthedifferentbasisofaccountingandprovidesforthemigrationfromfullcashtofullaccruals.ThefacilitatorcanobtainreviewtheIPSASandIFRSframeworksthroughthewebsitewww.ifac.org(publicsectorforIPSAS).

IftheaccountingframeworkislimitedorunderdevelopmentthefacilitatorshouldconsiderwhethertheSAIhasenquiredoftherelevantmanagementwhetherthefinancialstatementsaresufficienttomeettheuserrequirements(ISSAI1200practicenote5refers).

ManySAIsoperateinenvironmentswheretheaccountingframeworkisprescribedwithinthelegislationofthecountry.Inthesecasestheassessmentoftheapplicabilityoftheframeworkforusersshouldstillbeundertakenandrecommendationsmadetotherelevantstandardsetterse.g.MinistryofFinanceorAccountantGeneral.

iCAT:FinancialAudit


Page36

2.3ConsiderationoftheSAIbeforecommencingwithindividualaudits

WhenconsideringtheoverallfinancialauditstrategyfortheSAItherearemanyfactors.Thesefactorsneedtobeconsideredpriortoanyresourceallocationandassessmentofindividualauditstrategy.Manyoftheseaspectsarealsoreferredtoatlevel2oftheISSAIframeworkandarereflectedinSAIpolicyandprocedures;however,thereisaneedforsomeannualconsiderations.Table2belowissummaryofthetypeofconsiderationsaSAIshouldconsider.

Table2:SAIPrecondition

Considerations Decision Guidance ISSAIReferenceISSAIcompliancelevel4financial

Full/Partial TheSAIneedstodecideontheapplicabilityoftheframeworkandtheintentiontocomplywiththerequirements.Iftherearereasonsforelementsoftheframeworktobeomittedtheyshouldbestated.Thestatementofthebasisoftheopinionandanyoverallmodificationstotheauditreportsshouldbeprovided.

AllISSAIslevel4

AdequacyofFinancialReportingFramework

Adequate/Limited/Notapplicable

SAIshouldconsidercommunicatingitsconclusioniftheframeworkisnotadequatetotherelevantstandardsettingbodies.Inextremesituationsmodificationstotheauditreportsorspecialreportsshouldbeconsidered

ISSAI40underacceptanceandcontinuanceandISSAI1000(paragraphs43and44)

Auditresourcesrequiredinternally(ISSAI40acceptanceandcontinuation)

Adequate/inadequate

InthecaseofinadequateauditresourcestheSAIshouldconsidertheeffectonthescopeoftheauditoridentifyalternativeapproachestoobtainassurancee.g.contractingoutfunctionsThisisparticularlyimportantinthecaseofsmallSAIswhohavelimitedcapacityTheSAIisalsorequiredtohaveresponsesinplacetoanauditedentity,whichmaybepreventingtheSAIfromadequatelycarryingoutitsresponsibilities.AswithdrawalisnotusuallyanoptioninSAIenvironmentalternativesmeasuresmayneedtobesought.

iCAT:FinancialAudit


Page37

Considerations Decision Guidance ISSAIReferenceManagementofAuditresourcescontractedout

Appropriate/trainingorguidanceneeded

WhereotherauditorsoutsidetheSAIareemployedtoconductaudits,particularassessmentshouldbemadeoftheirprofessionalcompetenceandtheirunderstandingofthepublicsectorrequirements(aselaboratedinthepracticenotes)

ISSAI1600practicenote

UseofExperts(includinginternalauditors)

Required/Notrequired

Astrategicdecisionisrequiredtoassesstheneedforexpertsorothergovernmentalagencies(e.g.antimoneylaunderingagencies).Theauditstowhichtheyrelatedandthescopeofworkshouldbeunderstood.TheSAIshouldthenassesstheauditriskoverallandprioritizetheexpertsrequired.

ISSAI1610andISSAI1620

Specificcomplexitiesintheauditedentitiesthateffecttheindividualauditstrategies

Yes/No Thesecaninclude:• Serviceorganizations• Specificreporting

requirements• Highriskclients• Otheraudits/investigations

beingperformedbytheSAI• Relatedparties• Particularissuesinthepublic

intereste.g.highrankingofficialexpenses

• Consolidations• Restructuringofgovernment

organizations• Specificinstructionsfrom

legislature/thirdparties• Previousallegations

Alltheaboveshouldbeconsideredandtheeffectontheauditstrategiesandresourceallocationsshouldbestated.

ISSAI1402ISSAI1700ISSAI1300ISSAI1240ISSAI1550IISSAI1315ISSAI1600ISSAI1510ISSAI1210ISSAI1240

ReportsissuedotherthanthoseincompliancetoISSAI1700and1800series.

Yes/No IftheSAIintendstoissueotherauditreportsthatarenotinconformancetothestandards.ThentheSAIshouldstatethebasisandcriteriaforsuchreports.AnydiscussionofkeyauditthemesandthemethodtheSAIusestoincludetheseissuesinthereportshouldbeexplained.

ISSAI1700seriesand1800series

iCAT:FinancialAudit


Page38

Considerations Decision Guidance ISSAIReference

Qualitycontrolplan Yes/no Aqualitycontrolplanfortheyearshouldbeprovided

ISSAI40andISSAI1220

EvidenceofEthicalRequirementsinplacepriortothecommencementoftheaudits

Yes/no TheSAIshouldoperationalizetherequirementsofISSAI30toensureanannualprocessforethicalrequirementsisundertaken.

ISSAI30

3. QualityControl

ISSAI40principle1Leadershipstatesclearlytheimportanceofqualitycontrolasshownbelow:

An SAI should establish policies and procedures designed to promote an internal culturerecongnisingthatquality isessential inperformingallof itswork.SuchpoliciesandproceduresshouldbesetbytheHeadoftheSAI,whoretainsoverallresponsibilityforthesystemofqualitycontrol.

ThefacilitatorhasalreadyunderstoodtheroleoftheISSAI40onlevel2oftheISSAIFramework.AtthisstagetheSAIalsorequiresamechanismfortranslatingtheseinstitutionalrequirementsintotheindividualauditprocess.ISSAI1220providesforsuchalink.Itlooksatthequalitycontrolfunctionemployedattheauditlevel.Thequalitycontrolprocessisrelativelystraightforwardandiscapturedintheflowbelow.

1. Planning2. Conducting3. Monitoring

3.1PlanningQualityControlReview

AtthecommencementoftheauditcycletheSAIshouldbeawareoftheengagementqualitycontrolreviewsthatarerequiredtotakeplace.TheSAIshouldensurethattheengagementqualitycontrolreviewsinclude:

• AnylistedcompaniesauditedbytheSAI(ISSAI220.19)• OtherentitiesthattheSAIdeemsnecessaryduetothenatureoftheengagement.

ThecriteriatheSAIemploysforselectingtheauditstobequalitycontrolreviewedshouldbeexplicitlystatedandapprovedaspertheengagementqualitycontrolpolicy.Thecriteriacouldconsider:

• Auditswheremodifiedopinionswerepreviouslyissued• Auditswhichhaveahighpublicprofile• Auditswhichhaveallegationsrelatedtotheauditentity• Coveragetoincludeallengagementpartners

iCAT:FinancialAudit


Page39

ThequalitycontrolplanshouldbeapprovedandcommunicatedinlinewiththeSAIpoliciesandprocedures.ThecarryingoutoftheQAfunctioncaninvolveoutsideexpertise,adedicatedQAfunctionordelegationstospecificindividualsorcommittees.

3.2Conducting-EngagementPerformance

3.2.1Overview

Duringthefieldworktheengagementleadershalltakeresponsibility,amongotherthings,for:

a. thedirection,supervisionandperformanceoftheauditengagementincompliancewithprofessionalstandardsandapplicablelegalandregulatoryrequirements;andtheauditor’sreportbeingappropriateinthecircumstances;

b. reviewsbeingperformedinaccordancewiththefirm’sreviewpoliciesandprocedures;c. theengagementteamundertookappropriateconsultationondifficultorcontentiousmatters;d. determiningwhetherthereisaneedforanengagementqualityreviewandifsodetermined,

ensuringthatanengagementqualityassurancereviewerhasbeenappointed.

Wheredifferencesofopinionarisewithintheauditteamwiththoseconsultedand,whereapplicable,betweentheengagementleaderandtheengagementqualitycontrolreviewer,theauditteam,shouldfollowtheSAI’spoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.

TheengagementleaderensuresreviewsareperformedinaccordancewiththeSAI’sreviewpoliciesandprocedureswhichshouldmeettherequirementsofISSAI40.(Ref:ISSAI1220paragraphs16andA.16toA.17,A.20andISSAI40-paragraphs32andA.34)

Theengagementleader/supervisorisresponsibleforensuringthatreviewsoftheworkingpapersarecarriedoutinordertobesatisfiedthattheydemonstratethatsufficientappropriateauditevidencehasbeenobtainedtosupportconclusionsreachedfortheauditor’sreporttobeissued.(Ref.ISSAI1220paragraphs17andA.18toA.20)

3.2.2ConsultationandDifferencesofOpinion

ISSAI1220givesresponsibilitytotheHeadoftheSAIforensuringthattheengagementteamundertakesappropriateconsultationondifficultorcontentiousmatters,andthattheconclusionsofconsultationsaredocumentedandimplemented.

Wheredifferencesofopinionarisewithintheengagementteam,withthoseconsultedand,whereapplicable,withintheSAI,theSAIshouldhavepoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.

3.2.3EngagementQualityControlReview(EQCR)

EQCRistheobjectiveevaluationofthesignificantjudgmentsmadebytheauditteamandtheconclusionsreachedinformulatingtheindependentauditor’sreport.

Aspartofthesystemofqualitycontrol,ISSAI40statesthatanEQCRshouldbeperformedforallauditsmeetingtheagreedcriteria.Examples:

iCAT:FinancialAudit


Page40

• whereaqualifiedoradverseopinionisbeingproposedoranticipated;

• whereclientactivitiesareofspecialinteresttothegeneralpublicormedia;and

• whereclientsareconsideredasbeingofhigherauditrisk,forexampledueto:ahistoryofweakinternalsystemsofcontrol;orwherecomplexornovelaccountingissuesexist

ISSAI40requiresthatanEQCRisconductedinatimelymannersothatsignificantmattersareresolvedpriortotheopinionbeingissued.ThereforetheEQCRisperformedbeforetheissuingofthereport.

3.3. Monitoring

TheISSAI1220.32to1220.34explainsthatmonitoringisinrespectsoftwoelements:

• assessment,correctingandimprovinganyissueswithauditengagements• assessmentandimprovingthequalitycontrolprocessitself

AnyissueshighlightedarenotnecessarilydemonstratingfailuretomeetthestandardbutaremerelyaspectsthatrelatetooperationalaspectsoftheSAIsactivities.

4. Keyaspectsofauditevidenceincludinglinkagestoprofessionalskepticism

4.1OverviewTheISSAIfacilitatorhastobeawarethatthroughouttheauditprocesscertainrequirementsinregardtoauditevidencemustbekeptinmind.Thesearesummarizedinthetablebelow.

Table3:AspectsofAuditEvidence

Description ISSAIReference CommentUnderstandabilityofauditevidenceincludingsignificantprofessionaljudgment

ISSAI1230.8 Withintheapplicationtothestandardreferencesaremadetothepracticalitiesrelatedtoevidence.Clearlyauditorscannotrecordalldocumentationandjudgmentstaken.Theneedtorelatewhatisdocumentedtoassisttheusers(includingreviewersandfutureauditors)indischargingtheirfunctionsisthecriteria.

Typeofworkperformed,whoperformeditandwhoreviewedit

ISSAI1230.9 Ownershipandevidenceofreviewisessentialtotheauthorityoftheworkperformedandtoaccountabilityandresponsibilityfortheauditasawhole.

ConsiderationofSmallSAI

NotspecificallytoISSAIframework

Asdiscussedabovetheimplicationsontheauditscopeandcompliancetostandardshastobeconsidered.

Professionalskepticism

ISSAI1240.12 Thisisperhapsoneofthemostdifficultareasfacingtheauditors.Theabilitytodemonstrateskepticismwithintheauditevidencemaynotbestraightforward.Itmayrequireevidencethroughforexample,teammeetings.Considerationofallegationsandothersourcessuchaspress

iCAT:FinancialAudit


Page41

coverageshouldbeassessed.Seesection4.2belowforfurtherillustrationAcceptanceofdocumentationprovidedbytheauditedentityshouldbelinkedtotheinternalcontrolassessment.

SpecialconsiderationsinjudicialaspectsrelatingSAIfunctions

ISSAI1230PN15and16

InSAIswherethereisaresponsibilitybeyondfinancialreportingandexpressinganopiniontheSAImayhaveadditionalevidentialrequirements.Forexample,inpreparingdocumentationforimposingfinestheevidentialrequirementmaybestrongerthansimplyhighlightingthefinding.ThisshouldbereflectedinthepoliciesandproceduresoftheSAI.

4.2Skepticism

RecognizingThatManagementCanAlwaysCommitFraud

Managementisalwaysinapositiontooverrideotherwisegoodinternalcontrol.

Engagementteammembersaretosetasideanybeliefsthatmanagementandthosechargedwithgovernancearehonestandhaveintegrity,notwithstandingtheauditor’spastexperienceoftheirhonestyandintegrity.

AQuestioningMind Makecriticalassessmentsaboutthevalidityofauditevidenceobtained.

BeingAlert Doesauditevidencecontradictorbringintoquestionthereliabilityof:

•Documentsandresponsestoinquiries?

•Otherinformationobtainedfrommanagementandthosechargedwithgovernance?

BeingCareful Avoid:

•Overlookingunusualcircumstances.

•Over-generalizingwhendrawingconclusionsfromauditobservations.

•Usingfaultyassumptionsindeterminingthenature,timing,andextentoftheauditproceduresandevaluatingtheresultsthereof.

•Acceptinglessthanpersuasiveauditevidenceinabeliefthatmanagementandthosechargedwithgovernancearehonestandhaveintegrity.

•Acceptingrepresentationsfrommanagementasasubstituteforobtainingsufficientappropriateauditevidence.

iCAT:FinancialAudit


Page42

5. AuditCommunication

5.1OverviewIntheiCATthereareover70requirementswhereformalcommunicationisidentified.Thisthereforeemphasizestheimportanceplaceduponthiselementoftheaudit.

Thefacilitatorshouldappreciatetheimportanceoftheformalcommunicationwithmanagementandthosechargedwithgovernancerelatingtotheauditedentities.Inmanycasesthosechargedwithgovernancecanbeauditcommittees.Ininstanceswheretheauditorneedstocommunicatetothosechargedwithgovernance,includingonsensitivematters,thestandardhassomebroadinstructionsISSAI1260.29refers.

5.2 TypesandReasonsforFormalCommunication

StandardtemplatesandpoliciesandproceduresarerequiredtoensurethattheSAIcommunicatesinaconsistentandprofessionalmannerwithoutsideparties.

Table4belowprovidesexamplesofthetypesofformalcommunicationusedduringthecourseofanaudit:

Table4:TypesofCommunicationwithexternalstakeholders

TypeofCommunication Example ReferenceInformative Engagementletter ISSAI1210.16Clarification Furtherexplanationisrequiredontheaccounting

frameworkorsignificanttransactionsISSAI1210.18andISSAI1550.14

Representations Managementrepresentationlettersupportingthefinancialstatements.AnentireISSAIisconcernedwithmanagementrepresentations

ISSAI1580

Permission Insomeinstancestheauditormayrequirepermissionfromtheauditedentitytocontactthirdpartiesforconfirmations

ISSAI1501.11

Goingtoahigherauthority

Theauditormaybefacedwithallegationsorproblemswiththeentitywhichneedtobeaddressedatahigherlevel.

ISSAI1250.24

Instruction Forexampleinsituationswheretheauditorrequestsmodificationstothefinancialstatements

ISSAI1720.16

Informingauditentityofauditresults

Informingtheauditedentitiesofpotentialissuesthatcanaffecttheauditopinion

ISSAI1720.15

6. Engagementletter

‘ISSAI1300-PlanninganAuditofFinancialStatements’stipulatesthattheauditorplansanaudittoperformitinaneffectivemanner.Theinitialstageofplanningrequirestheauditortocarryoutspecificpreliminaryactivitiesbeforeagreeingtobeassociatedwithanentityforanauditengagement.TheauditengagementincludesanytypeofauditarrangementwhethergovernedbytheauditmandateoftheSAIoranyspecialauditworktakenupbytheSAI.

iCAT:FinancialAudit


Page43

Inthepublicsector,auditorsusuallyappointedbystatuteandgovernedbytheauditmandateoftheSAI,oftenhavenodiscretioninbeingassociatedwithanentityforaparticularauditengagement.However,carryingoutpreliminaryengagementactivitiescanprovidetheSAIwithassurancethatitanditsstaffcomplywithindependencerequirement,identifytheneedforspecificcompetenciestodealwithcomplextransactions,andidentifyissuesassociatedwiththeintegrityofentitymanagement;andcanremindentitymanagement,throughanengagementletter,oftheirresponsibilitiesforfinancialreporting.

Thepreliminaryengagementactivities,tobecarriedoutpriortoauditengagement,assisttheauditorinidentifyingandevaluatingtheeventsorcircumstancesthatmayadverselyaffecttheauditor’sabilitytoplanandperformtheauditengagementwithintegrityandimpartialityandtoreduceauditrisktoanacceptablelowlevel.Performingtheseactivitiesalsohelpstoidentifyissueswithmanagementthatmayaffecttheaudit.Italsoensuresthatmanagementisfullyawareofitsresponsibilitiesinrelationtofinancialreporting.

IninstanceswherethefinancialreportingframeworkhasdeficienciesthepracticenotewithinISSAI1210.5urgestheSAItoinformthelegislatureandthestandardsetters.Alsothepracticenotehighlightsotherssignificantissuesthatneedtobecommunicatedtomanagementandthosechargedwithgovernanceregardingthespecificfocusareasanauditinthepublicsectorcaninclude.Theseare:

• Non-performanceofoperations• Non-compliancewithauthorities• Waste• Instancesofabuse.

AlthoughtheSAI’smandatemaynotrequiretheissuanceofanengagementletter,thepracticeisrecommendedandprovidesanopportunitytoclearlyidentifypotentialproblemssuchasscopelimitationsplacedupontheauditorsbymanagement.Anexampleofanengagementletterisprovidedattheendofthepracticenote1210.Itprovidesthescopeandkeyconsiderationsfortheaudit.

Conclusion

AttheendofthechapterthefacilitatorshouldappreciatetheinstitutionalandexternalrequirementsthatfacilitatetheenvironmentforISSAIFrameworkimplementation.ThisalsoanticipatesmanagementoftheSAItakingvariouspolicydecisionsthatdirecttheenvironmentwithintheSAI.

Thechapterhasprovidedguidanceonalltheelementsthatarerequiredtobeconsideredbeforeanindividualaudittakesplace.ManyoftheserequirementsarerequiredtobedoneacrossthewholeSAIandarethereforecategorizedasinstitutionallevel.Othersuchasqualitycontrolrequiresapracticethatcanaffectallauditsandthereforerequirescentralplanning.BycompletingtheiCATforthepre-engagementthefacilitatorisprovidingareadinessassessmentoftheSAItoengageintheauditplanningofasingleauditedentity.

InthenextchaptertheguidanceontheISSAIrequirementspertainingtotheplanninganauditoffinancialstatementsisdiscussed.

iCAT:FinancialAudit

Chapter4:Planninganauditoffinancialstatement

Page44

Chapter4

PlanninganAuditofFinancialStatement

Introduction

ThepreviouschapteronPreengagementprovidedthefacilitatortheinformationrequirespriortothecommencementofanindividualaudit.Thischaptertakesthefacilitatorthroughtheplanningstageofanindividualaudit.ThisisregardedasthemosttheimportantstageoftheauditprocessandthereforeincludesasignificantnumberofiCATrequirementsasstatedbelow.

Inthischapterthefacilitatorwillreceiveanoverviewofpreparinganoverallauditstrategyandadetailedauditplan.Theprocessofidentifyingandassessingrisksofmaterialmisstatementsaswellauditor’sresponsestoassessedriskswillbealsodiscussed.

TheguidanceissuedinthecoretextistoensurethatISSAIFacilitatorbecomesfamiliarwithauditplanningprocessbutthecoretextisnotdirectlylinkedtoalliCATrequirements.Thereareapproximately180requirementsforplanningandthereforealloftherequirementscannotbemappeddirectlytotheguidance.

Thefacilitatorwillunderstandtheprimaryrequirementsofplanningthroughthiscoretextandcompletingtherelatedexercisesofthemodule.Otherrequirementswillflowfromthosethatarecoveredinthedetailinthecoretext.However,thefacilitatorshouldalsofamiliarizethemselveswiththecontentoftheiCATforplanningastheyworkthroughthismodule.

1. OverviewofPlanning

Theoverviewofplanningprovidesthekeyoverallrequirementsincludingthepurposeofanaudit.TheremainingsectionsgointothedetailsoftheiCATplanningrequirements.

Auditplanningisimportanttoensurethattheauditisperformedinanefficientandeffectivemannerandthatauditriskhasbeenreducedtoanacceptablylowlevel.Thismeansprovidingthecorrectopiniononthefinancialstatements.Auditplanningisnotadiscretephaseoftheaudit.Itisacontinualanditerativeprocessthatstartsshortlyaftercompletionofthepreviousaudit,andcontinuesuntilthecompletionofthecurrentaudit(1).

Objectivesofafinancialaudit

AccordingtoISSAI1200inconductinganauditoffinancialstatements,theoverallobjectivesoftheauditorare:

iCAT:FinancialAudit


Page45

a. Toobtainreasonableassuranceaboutwhetherthefinancialstatementsasawholearefreefrommaterialmisstatement,whetherduetofraudorerror,therebyenablingtheauditortoexpressanopiniononwhetherthefinancialstatementsareprepared,inallmaterialrespects,inaccordancewithanapplicablefinancialreportingframework;and

b. Toreportonthefinancialstatements,andcommunicateasrequiredbytheISSAIs,inaccordancewiththeauditor’sfindings.

Auditriskofexpressinganinappropriateauditopiniononfinancialstatementsusuallymeansissuinganunqualifiedauditreportonfinancialstatementsthataremateriallymisstated.However,itcanalsomeanissuingaqualifiedauditreportonfinancialstatementsthatarenotmateriallymisstated.Inordertoplanandcarryoutanauditthatreducesauditrisktoalowenoughlevel,anauditorhastohaveagoodunderstandingofwhatmakesupthatrisk.Theauditorisrequiredtoidentifyandassesstheriskofmaterialmisstatement,whetherduetofraudorerror,atthefinancialstatementandassertionlevelsthroughunderstandingtheentityanditsenvironment,includingtheentity’sinternalcontrol.Ariskofmaterialmisstatementthataffectsmanyassertionswillaffectthefinancialstatementsasawhole.Ariskofmaterialmisstatementattheassertionlevelmayaffectonlyaparticularclassoftransactionoranaccountbalance.Thisassessmentprovidesabasisfordesigningandimplementingresponsestotheassessedrisksofmaterialmisstatement.PracticenoteinISSAI1315P3mentionsthattheobjectivesofafinancialauditinthepublicsectorareoftenbroaderthanexpressinganopinionwhetherthefinancialstatementshavebeenprepared,inallmaterialrespects,inaccordancewiththeapplicablefinancialreportingframework.Theauditmandate,orobligationsforpublicsectorentities,arisingfrom:

• legislation,

• regulation,

• ministerialdirectives,

• governmentpolicyrequirements,or

• resolutionsofthelegislature.

Theseadditionalobjectivesmayincludeauditandreportingresponsibilities,forexample,relatingtoreportingwhethertheSAIfoundanyinstancesofnoncompliancewithauthoritiesincludingbudgetsandaccountabilityframeworks,and/orreportingontheeffectivenessofinternalcontrol.TheseadditionalobjectivesmayleadtheSAItoassessadditionalrisksofmaterialmisstatement.Evenwheretherearenosuchadditionalobjectives,theremaybegeneralpublicorotherstakeholderexpectationsinregardtotheSAI’sreportingofnon-compliancewithauthoritiesorreportingoneffectivenessofinternalcontrol.InsomesituationswherethishasbeenapreviouspracticeoftheSAItheremayneedtobeanawarenessarisingtoexplainchangestotheSAIpractice.Therefore,public

iCAT:FinancialAudit


Page46

sectorauditorskeepsuchexpectationsinmind,andareawareoftheareasthatmaygiverisetorisksofnon-compliancewithauthoritiesorrisksrelatingtoeffectivenessofinternalcontrolwhenplanningandperformingtheaudit.ISSAI1200statesthatinordertoachievetheoverallobjectivesoftheaudit,theauditorshallusetheobjectivesstatedinrelevantISAsinplanningandperformingtheaudit,havingregardtotheinterrelationshipsamongtheISAs.Inexceptionalcircumstances,theauditormayjudgeitnecessarytodepartfromarelevantrequirementinanISA.Insuchcircumstances,theauditorshallperformalternativeauditprocedurestoachievetheaimofthatrequirement.

2. DevelopingOverallAuditStrategy

ISSAI1300outlinestheprocessfordevelopinganoverallauditstrategyfortheauditengagement.Thefirststepinauditplanninginvolvesestablishingtheoverallauditstrategythatformsabasisfordevelopingadetailedauditplan.Theoverallauditstrategyisdistinctfromtheauditplaninthatitsetsaframeworkforthescope,timinganddirectionoftheaudit.Thisratherguidesthepreparationofthedetailedauditplan,whichcontainsmorein-depthinformationontheresultsoftheriskassessmentandontheactualauditprocedurestobeconducted.Theoverallstrategymaybeinfluencedbyadditionalinformationobtainedwhileunderstandingtheentityanditsenvironment,performingriskassessmentprocedures,performingfurtherauditprocedures,evidencegatheringandatthetimeofaccumulatingmisstatements.Suchadditionalinformationmaybeusedtoreviewandupdatethestrategy.AsstatedinISSAI1300.10overallstrategydocumentisalivedocumentthatwillbecontinuouslyupdatedateachstageofaudit,dependingontheadditionalinformationgatheredbytheauditor.Theoverallauditstrategyandanysignificantchangesthereinshouldbedocumented.AccordingtoISSAI1300.7theauditorshallestablishanoverallauditstrategythatsetsthescope,timinganddirectionoftheauditandthatguidesthedevelopmentoftheauditplan.ISSAI1300.8requiresthatinestablishingtheoverallauditstrategy,theauditorshall:

a. identifythecharacteristicsoftheengagementthatdefineitsscope,e.g.additionalfundsfromdonorsmayextendthescope;

b. ascertainthereportingobjectivesoftheengagementtoplanthetimingoftheauditandthenatureofthecommunicationsrequired;

c. considerthefactorsthat,intheauditor’sprofessionaljudgment,aresignificantindirectingtheengagementteam’sefforts,inareassuchasauditinginsensitiveenvironments;

d. considertheresultsofpreliminaryengagementactivitiesand,whereapplicable,whetherknowledgegainedonotherengagementsperformedbytheengagementpartnerfortheentityisrelevant;and

e. ascertainthenature,timingandextentofresourcesnecessarytoperformtheengagement.

iCAT:FinancialAudit


Page47

Theserequirementswillbeexplainedinfollowingparagraphs.Theissuesofresourcesisoftendeterminedwithoutassessmentoftheassignment,thisshouldbebroughttotheattentionofmanagement.

a. Thecharacteristicsoftheengagementthatdefineitsscopeare:ISSAI1300.8

1) UndercharacteristicsoftheauditengagementtheauditorwillneedtoconsidertheFinancialReportingFrameworkfortheFinancialStatements.Thisreferstothesourceofaccountingprinciplesusedtopreparethefinancialstatements(e.g.IFRS,IPSAS,legislation,nationalaccountingstandards,governmentdirectivesetc.).Knowledgeofthebasisofthefinancialreportingframeworkisfundamentaltotheauditor’sunderstanding.Thefinancialreportingframeworkestablishesthecriteriaforpreparationofthefinancialstatements.Anexampleofariskthatcanarisemaybethattheentitydoesnothavestaffthatisknowledgeableaboutaccrualaccountingandtherelatedfinancialreportingstandards.Theriskthatthefinancialstatementsdonotmeetthestandardsisthereforeincreasedandwillhaveanimpactatthefinancialstatementslevel.Disclosureandrecognitionrequirementsforthefinancialstatementsmaynotbemet.

2) Theentitymayalsohavereportswhicharerequiredbyregulatorsoftheirspecificindustry.Thenatureofthepublicsectorissuchthatisrarelysubjecttoindustry-specificregulation.However,inthepublicsectortheremaybespecificreportingrequirementsinlegislationthattheauditormustunderstand.Forexample,theremayberegulationorpolicythatrequiresagovernmententitytoreportonactualresultsversusbudgetorappropriation.

3) Thescopeoftheauditoutlinestheaspectsoftheauditsuchasthefinancialreportingframework,thenumberandlocationofcomponentstobeaudited,whetherthefinancialstatementsarestand-aloneorconsolidated.SeealsorequirementsstatedinISSAI1600“SpecialConsiderations–AuditsofGroupFinancialStatements(IncludingtheWorkofComponentAuditors).Italsodetailstheextenttowhichcomponentsareauditedbyotherauditors,andtherequirementtoproduceregulatoryreports.Timingsetsoutthetimeframeforreportingbytheentity,auditbythefinancialstatementauditor,andthecommunicationwiththeentityandwithintheauditoffice.

4) AsstatedinpracticenotetoISSAI1300indefiningthescopeofauditpublicsectorauditorsneedtoconsideradditionalcharacteristics.Examplesofsuchcharacteristicsmayencompass:

• Additionalreportingresponsibilitiesfortheentityestablishedbythelegislaturethatmayinfluencethescopeandtimingoftheaudit,andthenatureofcommunication.Examplesofsuchadditionalrequirementsmayincludearequirementfortheentitytoreportongovernmentfunding,includinggrants;

• Additionalreportingresponsibilitiesforthepublicsectorauditorsasaresultoftheauditmandateorotherrequirementsthatmayinfluencethescopeandtimingoftheaudit,andthenatureofcommunicationExamplesofsuchadditionalresponsibilitiesforthepublic

iCAT:FinancialAudit


Page48

sectorauditorsmayincludereportinginstancesofnon-compliancewithauthoritiesincludingbudgetsandaccountabilityframeworks,and/orreportingoneffectivenessofinternalcontrol.

b. TimetableforReportingandCommunication:ISSAI1300.8

Reportingobjectivesdealwiththeentity’sreportingtimetable,thetimingoftheauditandauditreportandcommunicationbetweenauditorsandmanagement,thosechargedwithgovernanceandthirdparties,aswellasamongtheauditteam.Theoverallstrategywillhavetoconsidertheavailabilityofstafftomeetthedeadlines.Thiswillbeimpactedbytheresultsoftheriskassessmentproceduresandtheextentofworktobeperformed.Themannerandtimingofcommunicationswithmanagementandthosechargedwithgovernanceconcerningthenature,timingandextentoftheauditwork,auditor’sreport,managementlettersandothercommunicationsshouldbedocumentedatthisstage.Forexample,arrangementsforentranceinterviewsandpreliminaryreviewoffinancialinformationcanbemade.Minutesofthosemeetingsshouldbeagreedanddocumented.Referencesforthoseminutescanbeincludedintheworkingpaper.Communicationwillalsobetakingplaceamongtheauditteamandwithauditorsofothercomponents,whererelevant.Timelinesforteammeetingsandagendasforthosemeetingsandreviewscanbelistedwithreferencetothesupportingdocuments.c. Indevelopingtheoverallauditstrategy,theauditorshouldconsiderfollowingsignificant

factors:ISSAI1300.81) Materiality

Theauditorshoulddeterminematerialityforthefinancialstatementsasawhole,forspecificclassesoftransactions,balancesandevents(ifapplicable)andperformancemateriality.Performancematerialityisusedintheplanningstageforassessingtheriskofmaterialmisstatementsandthenature,timingandextentoffurtherauditprocedures.Formaterialityseesection3.

2) MaterialmisstatementsIncertainareasthereisahigherriskofmaterialmisstatementbasedontheknowledgeoftheentityandinformationgathered.Theauditorconsidersthelikelihoodandtheimpactoftheriskofmaterialmisstatementatthefinancialstatementlevelandforthosespecificcomponents,classesoftransactions,balancesandeventsforwhichalowermaterialityhasbeenset.Formaterialmisstatementsseesection4.

3) InternalcontrolEvidenceofmanagement’scommitmenttothedesign,implementationandmaintenanceofsoundinternalcontrolsshouldbeobtained.Theauditorusestheresultsofpreviousauditsaspartoftheevaluationoftheoperatingeffectivenessofinternalcontrols.Forexample,auditorscannotethenature

iCAT:FinancialAudit


Page49

ofidentifieddeficienciesandtheactiontakentoaddressthem.AdditionalconsiderationsinobtainingtheunderstandingofinternalcontrolpublicsectorarestatedinpracticenotetoISSAI

4) OthersignificantfactorsSignificantchangesinthebusinessdevelopmentsuchaschangesininformationtechnologyandbusinessprocessesandkeymanagement:changesintheindustrysuchasindustryrelationsandnewfinancialreporting:changesinthefinancialreportingframework,suchaschangesintheaccountingstandards;changesinthelegalenvironmentaffectingtheentityshouldbedocumented.SuchfactorsmayaffectmorethanoneauditedentityandshouldbeidentifiedattheoverallSAIlevel.

5) ConsideringfraudTheprimaryresponsibilityforthepreventionanddetectionoffraudrestswithboththosechargedwithgovernanceoftheentityandmanagement.AnauditorconductinganauditinaccordancewithISAsisresponsibleforobtainingreasonableassurancethatthefinancialstatementstakenasawholearefreefrommaterialmisstatement,whethercausedbyfraudorerror.Owingtotheinherentlimitationsofanaudit,thereisanunavoidableriskthatsomematerialmisstatementsofthefinancialstatementsmaynotbedetected,eventhoughtheauditisproperlyplannedandperformed.Whenobtainingreasonableassurance,theauditorisresponsibleformaintainingprofessionalskepticismthroughouttheaudit,consideringthepotentialformanagementoverrideofcontrolsandrecognizingthefactthatauditproceduresthatareeffectivefordetectingerrormaynotbeeffectiveindetectingfraud.(e)Issuessuchasthenature,timingandextentofresourcesneedtobeconsidered.ISSAI1300.8Theresourcesrequiredforspecificauditareasshouldbedetermined,allowingforhighriskareastobeassignedtoexperiencedteammembersandconsideringwhetherthereisaneedforexperts.Theamountofresourcestoallocatetospecificauditareas,suchasthenumberofteammembersassignedtoobservetheinventorycountatthemateriallocations,theextentofreviewofotherauditor’sworkortheauditbudgetinhourstoallocatetohighriskareas.Otherfactorstobeconsidered:InadditiontoISSAI1300.8requirementscompletingoverallauditstrategy:

• Whethertheentityhasmorethanonedivisiontobeauditedandtheirlocations;incaseofgovernmentorganizations,thereareoftenmultiplelocationswherecontrolovertransactionsisexertedlocally.

• Whethertheentityutilizessegmentreportingand/orthereisneedforspecializedknowledge.

• SomeentitiesmayuseserviceorganizationsasexplainedinISSAI1402.Forexamplepayrollprocessingmaybedonebyacompanyofferingsuchservices.Inothercases,theentireaccountingprocessmaybeoutsourcedtotheentity’sparentministryordepartment.Whilethelattercasemaynotmeetthetechnicaldefinitionofserviceorganization,itdoesraisethesametypesofissuesfor

iCAT:FinancialAudit


Page50

auditors-i.e.howdoestheauditorgainanunderstandingoftheprocessesandcontrolsrelevanttotheaudit,fortransactionsprocessedoutsidetheauditedentity?Theoverallauditstrategymusttakeintoconsiderationtheimplicationsofsucharrangements,particularlyonauditrisk.

• Manyministriesandgovernmententitiesutilizeinternalauditaspartoftheircontrolmechanism.

Theavailabilityoftheworkofinternalauditorsandthelevelofreliancethatistobeplacedonsuchworkshouldbeconsideredintheoverallauditstrategy.UseofworkofinternalauditorsisdescribedinISSAI1610.Informationtobedocumentedaboutinternalauditatthisstageincludes:

• Thesizeandstructureofinternalauditandtheirworkreviewprocess.• Whointernalauditreportsto(i.e.todeterminethedegreeofindependencefromclients).• Thequalificationandexperienceoftheinternalauditors.• Anoutlineofhowtheirworkisdocumented.

Theabilitytoplacerelianceontheworkofinternalauditcanreduceauditrisk.Theauditormaythenbeabletofocusresourcesonareasnotcoveredbyinternalaudit.Totalcoverageintermsofauditreviewwouldthenbeincreased.Theworkofinternalauditcouldalsohelpinfocusingauditresourcesinareasofhighriskidentifiedininternalauditreports.TheconsiderationsinestablishinganoverallauditstrategyhavebeenlistedinappendixtoISSAI1300.Toconcludeonoverallauditstrategysetsthedirectionoftheauditandrelatestowheretheresourcesoftheauditwillbefocused.Thisisbasedonsignificantfactorssuchasmaterialityandtheimpactofassessedrisksofmaterialmisstatement,theresultsofpreliminaryengagementactivitiesandreviewofknowledgegainedonotherengagements.3. MaterialityinPlanningandPerforminganAuditAspartoftheoverallauditstrategy,theauditorestablishesoverallmaterialityforthefinancialstatementsasawholeasstatedinISSAI1320.10.Thisisoneamountcoveringallfinancialstatements.Theconceptofmaterialityisconsideredinfinancialreportingframeworksincontextofpreparationandpresentationoffinancialstatements.Thisincludesconsiderationof:

• Misstatements,includingomissionsthatareconsideredtobematerialifthey,individuallyorinaggregate,couldreasonablybeexpectedtoinfluencetheeconomic(orinthecaseofpublicsectorentities,otherrelevant)decisionsofuserstakenonthebasisofthefinancialstatements;

• Judgmentsaboutmateriality,thataremadeinlightofsurroundingcircumstances,andareaffectedbythesizeornatureofamisstatement,oracombinationsofboth;and

• Judgmentsaboutmattersthatarematerialtousersofthefinancialstatementsarebasedonaconsiderationofthecommonfinancialinformationneedsofusersasgroup.

Thedeterminationofmaterialityisalwaysamatterofauditor’sprofessionaljudgment,andisaffectedbyhisorherperceptionofthefinancialinformationneedsofusersofthefinancialstatements.SAIsmustalsoconsiderthepublicsectorenvironmentinwhichtheentitiesoperate.Thereforetheimpactoflegislation,otherregulationsorauthorityandmoregeneralexpectationsofstakeholdersarealsoconsideredbySAIswhenestablishingmaterialityforaudit.PracticenoteinISSAI1315elaboratesthat

iCAT:FinancialAudit


Page51

whendeterminingmaterialityforplanningpurposesinthepublicsectorbothquantitativeandqualitativemattersaswellasthenatureofitemsareofimportance.Thecontextinwhichthematterappearsmaybeofimportance.ISSAI1315.P10:Whendeterminingwhetheraparticularclassoftransactions,accountbalance,disclosure,orotherassertionwhichispartofthefinancialreportingframework,ismaterialbyvirtueofitsnature,publicsectorauditorstakeintoaccountqualitativeaspectssuchas:

• Thecontextinwhichthematterappears,forexampleifthematterisalsosubjecttocompliancewithauthorities,legislationorregulations,oriflaworregulationprohibitsoverspendingofpublicfunds,regardlessoftheamountsinvolved;

• Theneedsofthevariousstakeholdersandhowtheyusethefinancialstatements;• Thenatureofthetransactionsthatareconsideredsensitivetousersofthefinancial

statements;• Publicexpectationsandpublicinterest,includingemphasisplacedontheparticularmatterby

relevantcommitteesinthelegislature,suchasapublicaccountscommittee,includingthenecessityofcertaindisclosures;

• Theneedforlegislativeoversightandregulationinaparticulararea;and• Theneedforopennessandtransparency,forexampleifthereareparticulardisclosure

requirementsforfraudsorotherlosses.Theconceptofmaterialityisappliedbytheauditorthroughouttheauditin:

• Planning;• Performingtheaudit;• Evaluatingtheeffectofidentifiedmisstatementsontheauditandofuncorrected

misstatements,ifany,onthefinancialstatements;and• Formingtheopinionintheauditor’sreport.

ISSAI1320.11hasanadditionalconceptthatauditorsmustconsiderwhenplanningandperforminganaudit-thatofperformancemateriality.Performancematerialityistheamount(s)setbytheauditoratlessthanoverallmaterialityforthefinancialstatementsasawholeor,ifapplicable,forthematerialityestablishedforparticularclassesoftransactions,accountbalancesordisclosures.Performancematerialityisusedtoreducetoanappropriatelylowleveltheprobabilitythatuncorrectedandundetectedmisstatementswillexceedmaterialityforthefinancialstatementsasawholeorforthematerialityestablishedforparticularclassesoftransactions,accountbalancesordisclosures.Alowerperformancematerialityincreasestheamountofworkthattheauditorwillhavetoperform.Ontheotherhand,ahigherperformancematerialityincreasestheriskofundetectedmisstatements,increasingdetectionriskandthepossibleresultingconclusionthatinsufficientevidencehasbeengathered.Insuchacasetheauditorwouldhavetorevisetheoverallauditstrategy(i.e.knownandprojectedmisstatementsplusuncertaintyaboutundetectedmisstatementsexceedsoverallmaterialityfortheaudit)andcarryoutfurtherauditprocedures.

iCAT:FinancialAudit


Page52

4. PerformingRiskAssessmentProcedures

Theobjectiveoftheriskassessmentphaseoftheauditistoidentifysourcesofrisk,andthentoassesswhethertheycouldpossiblyresultinamaterialmisstatementinthefinancialstatements.

Riskassessmentconsistsoffollowingsteps:

1. Inherentriskidentification;

2. Inherent(preliminary)riskassessment;

3. Identificationofsignificantrisk;

4. Understandinginternalcontrol;

5. Evaluatinginternalcontrol;

6. Finalriskassessment;

Therearetwomajorclassificationsofinherentrisk:businessriskandfraudrisk.Businessrisksresultfromsignificantconditions,events,circumstances,actionsthatcouldadverselyaffecttheentity’sabilitytoachieveitsobjectivesandexecuteitsstrategies.Fraudriskrelatestoeventsorconditionsthatindicateanincentiveorpressuretocommitfraudorprovideanopportunitytocommitfraud(2).

1. InherentRiskIdentification

Tobeginwiththeriskassessmentprocessistogatherrelevantinformationabouttheentity.Thefirststepiscalledriskidentificationandthisinvolves:

• Identifyingsourcesofinherentriskthroughunderstandingtheentity;

• Determiningthepossibleeffectsoftherisksourcesidentified(potentialmisstatementsinthefinancialstatements),includingthepossibilityoffraud;

• Relatingtheeffectsofriskstothefinancialstatementareaandassertionsaffected,ordeterminingthattherisksarepervasivetothefinancialstatementsasawholeandpotentiallyaffectmanyassertions.

Foridentifyingrisksauditormayconsiderfollowingareas:

1) Externalfactorslikenatureofindustry,regulatoryenvironment,financialreportingframework;

2) Natureofentitylikeoperationsandkeypersonnel,governance,investment,structureandfinancing;

3) Accountingpolicieslikeselectionandapplicationofpolicy,reasonsforchangesandappropriatenesstoentity

4) Entityobjectivesandstrategiesandfinancialimplications;

5) Reviewoffinancialperformance;

iCAT:FinancialAudit


Page53

6) Internalcontrolrelevanttotheaudit–processesandrelevantcontrolstomitigaterisksattheentitylevelandatthetransactionallevel.

AsstatedinPracticenotetoISSAI1315identifyingandassessingtherisksofmaterialmisstatementauditormayhavetoconsideraneedforadditionalassertionthattransactionsandeventshavebeencarriedoutinaccordancewithlegislation.InherentriskidentificationisdescribedinISSAI1200.13;1240.11-15,17-18,22-24,44;1315.11.

2. Inherent(preliminary)RiskAssessment

Thesecondstepistoassesstheidentifiedrisksanddeterminetheirimportancefortheauditofthefinancialstatements.Itispreferabletoassesstheinherentrisksbeforeconsideringanyinternalcontrolthatmightmitigatesuchrisks.

Riskassessmentinvolvesconsiderationoftwoattributesabouttherisk:

• Thelikelihoodofamisstatementoccurringasaresultoftherisk.Theauditorcouldevaluatethisprobabilitysimplyashigh,medium,orlow,orcouldassignanumericalscore.

• Themagnitude(monetaryimpact)iftheriskwouldoccur.

Riskassessmentshouldbeaddressedbytheentity’smanagementaswell.Theauditorshallmakeinquiriesofmanagementastohowitidentifiesandmanagesrisk,andthenastowhatriskshaveactuallybeenidentifiedandmanaged.RequirementsofassessmentofinherentriskshavebeencoveredinISSAI1240.25-27;1315.25-26.

3. IdentificationofSignificantRisks

Thirdstepafterthebusinessandfraud(inherent)riskshavebeenidentifiedandassessedistoconsidertheexistenceofsignificantrisks.Asignificantriskiswheretheassessedriskofmaterialmisstatementissohighthat,intheauditor’sjudgment,itwillrequirespecialauditconsideration.Significantrisksareassessedbeforeconsiderationofanymitigatingcontrols.Significantriskisbasedontheinherentrisk(beforeconsideringtherelatedinternalcontrol)andnotthecombinedrisk(consideringbothinherentandinternalcontrolrisks).

Examplesforsignificantrisksarelargenon-routinetransactions;mattersrequiringjudgmentormanagementinterventionorpotentialfraud.

Whenariskisclassifiedassignificant,theauditorshouldconsidertherespond:

1) Evaluatinginternalcontroldesignandimplementationovereachsignificantrisk.Considertheexistenceofdirectcontrolssuchascontrolactivitiesandindirect(pervasive)controlswhichmaybeincludedinthecontrolenvironment,riskassessment,informationsystems,andmonitoringelements.

2) Designinganauditresponsetotheidentifiedsignificantrisks.Theseprocedureswouldbedesignedtoobtainauditevidencewithhighreliability,andcouldincludetestsofcontrolsandsubstantiveprocedures.

iCAT:FinancialAudit


Page54

3) Substantiveanalyticalproceduresalonearenotsufficient.Theuseofsubstantiveanalyticalproceduresisnotconsideredanappropriateresponsetoaddressasignificantrisk.

ISSAIsrequirementsconcerningsignificantrisksareasfollowing:1240.26;1315.4,25,27-29;1330.21;1550.18-19.

4. UnderstandingInternalControl

Nextstepinriskassessmentphaseistounderstandinternalcontrolrelevanttotheaudit.Internalcontrolreferstotheprocesses,policies,andproceduresdesignedbymanagementtoensurereliablefinancialreportingandthepreparationoffinancialstatementsinaccordancewiththeapplicableaccountingframework.Internalcontroladdressessuchmattersasmanagement’sattitudetowardcontrol,competenceofkeypeople,riskassessment,accounting,andotherfinancialinformationsystemsinuse,aswellasthetraditionalcontrolactivities.Internalcontrolscanbebroadlycategorizedaspervasive(orentity-level)controlsthataddresspervasiverisksandspecific(transactional)controlsthataddressspecificrisks.

Obtainingasufficientunderstandingofinternalcontrolrelevanttotheauditinvolvestheperformanceofriskassessmentprocedurestoidentifythecontrolsthatwilldirectlyorindirectlymitigatematerialmisstatements.Notallcontrolactivitiesarerelevanttotheauditandauditorisonlyconcernedwithevaluatingthosecontrolsthatmitigateariskofamaterialmisstatementinthefinancialstatements.

Theinformationobtainedaboutinternalcontrolswillassisttheauditorinassessingtheresidualrisk(inherentandcontrolrisk)ofmaterialmisstatementatthefinancialstatementandassertionlevelsanddesigningfurtherauditproceduresthatareresponsivetotheassessedrisks.UnderstandingofinternalcontrolsiscoveredinISSAI1315.4,12,14-15,18-22.

5. EvaluatingInternalControl

Nextauditorwillevaluatecontroldesignandimplementationofinternalcontrols(3).Evaluationofcontroldesignandimplementationofinternalcontrolsmeansthatauditorshall:

• Identifytheinherentrisksofmaterialmisstatement(businessandfraudrisks),andwhethertheyarepervasiverisksorspecificrisks.

• Identifythecontrolsmitigatetherisksidentifiedandassesswhetherthecontrolsdoinfactmitigatetherisks.

• Observeorinspecttheoperationofrelevantinternalcontrolstoensurethattheyhaveindeedbeenimplemented.

• Documenttheoperationoftherelevantinternalcontrolsidentified.

EvaluatinginternalcontrolsISSAIhasfollowingrequirementsISSAI1315.13,29,32;1260.10;1265.6-11.

6. RiskAssessment

iCAT:FinancialAudit


Page55

Thefinalstepintheriskassessmentphaseoftheauditistoreviewtheresultsoftheriskassessmentproceduresperformed,andassesstherisksofmaterialmisstatementsatthefinancialstatementlevelandtheassertionlevelforclassesoftransactions,accountbalances,anddisclosures.

Theresultinglistofassessedriskswillformthefoundationforthenextphaseintheaudit,whichistodeterminehowtorespondappropriatelytotheassessedrisksthroughthedesignoffurtherauditprocedures.

Theevidenceobtainedtodate,byperformingriskassessmentprocedures,consistsofidentificationandassessmentofinherentrisks,andthedesignandimplementationofinternalcontrolsthataddressthoserisks.Theriskofmaterialmisstatementistheremainingriskaftertakingintoaccounttheeffectofinternalcontrolsputinplacetomitigatetheinherentrisks.AssessingtheriskofmaterialmisstatementshasbeenexplainedISSAI1315.25,26,32.

Thesummaryofassessedriskscanbedocumented:

• Aseparatedocumentthatsummarizestheinherentandcontrolriskassessments.

• Includewiththeoverallauditstrategyandauditplan.Thefirstpartofeachsectionoftheauditplan(suchasforreceivables,payables,etc.)couldoutlinetheriskassessmentsandtheimpactontheplannedauditprocedures.

• Incorporateriskassessmentsaspartoftheauditor’sdocumentationoffurtherprocedures.Inthiscase,theriskassessments,auditplans,andtheresultsofworkperformedcouldallbedocumentedinonecomprehensiveworkingpaperforeachfinancialstatementarea.

5. RiskResponse

Intheriskresponsephaseoftheaudit,theobjectiveistoobtainsufficientappropriateauditevidenceregardingtheassessedrisks.Thismeansdesigningandimplementingappropriateresponsestotheassessedrisksofmaterialmisstatementatthefinancialstatementandassertionlevels.Theobjectiveindesigninganappropriateauditresponseistoobtainevidencethataddressestheriskassessmentsdevelopedforeachrelevantassertion.Pervasiverisksatthefinancialstatementlevelareaddressedthroughthedesignandimplementationofanoverallresponsebytheauditor.

Developinganauditplaninvolves3generalsteps.Thefirststepistodevelopanappropriateoverallresponsetoassessedrisksatthefinancialstatementlevel.Thenextstepistoidentifyspecificproceduresrequiredformaterialfinancialstatementareas.Iftheassertionscannotbeaddressedbysubstantivetestsalone,testsofcontrolswillberequired.Thelaststepistodeterminethenatureandextentofauditproceduresrequired.Auditorshalluseprofessionaljudgmenttochoosetheappropriatemixofproceduresandextentoftestingrequiredtorespondappropriatelytotheassessedrisksattheassertionlevel.

Acompleteauditplanshouldcoverareas:

• Allmaterialfinancialstatementareasbeenaddressed

iCAT:FinancialAudit


Page56

• Useofevidenceobtainedinpriorperiodsisdecided

• Thefinancialstatementclosingprocessbeenaddressed

• Significantriskshavebeenaddressed

• Evidenceobtainedfrominterimtestinghasbeenupdated

• Potentialrisksoffraudhavebeenaddressed

Documentationofriskresponse:

Theoverallriskresponsesmaybedocumentedasastand-alonedocumentoraspartoftheoverallauditstrategy.Thedetailedauditplancanbedocumentedintheformofanauditprogramthatoutlinesthenatureandextentofproceduresandtheassertion(s)beingaddressed.

ISSAIrequirementsconcerningriskresponsearefollowing:ISSAI1330.5-10,15,18-22,24;ISSAI1260.15;ISSAI1300.9-12;ISSAI6-7,10.

6. FurtherExplanationsofConsiderationintheAuditPlanningAccountingestimates:Whenandhowpublicsectorentities’useaccountingestimatesdependsonthetypesoffinancialitemsreportedandontheapplicablefinancialreportingframework.Someimportantestimatesinthepublicsectormayrelatetoassets,liabilitiesanddisclosureitemsandarelistedinpracticenoteofISSAI1540.Theobjectiveofthepublicsectorauditoristoobtainsufficientappropriateauditevidenceaboutwhetheraccountingestimatesarereasonableandrelateddisclosuresareadequateinthecontextofthefinancialreportingframework.Relatedparties:AsstatedinthepracticenoteISSAI1550publicsectorentitiesmayalsobesubjecttospecificrestrictionsonthenatureandscopeofthetransactionsthattheycanhavewithrelatedparties.Therestrictionsmayprohibittransactionsorpracticesthatmightbepermissibleinrelatedpartyrelationshipsoutsidethepublicsector.Thespecifiesforpublicsectorauditorsinobtaininganunderstandingofthepublicsectorentity’srelatedpartyrelationshipsandtransactionsareexplainedinpracticenotetoISSAI1550.Goingconcern:AsexplainedinpracticenoteofISSAI1570publicsectorentitiesmayspendmoreinoneyearthantheyhaveresourcestocover,suchthattheirincomemaybelessthantheirexpenditureorthereisanexcessofliabilitiesoverassets.However,itisuncommonfortheoperationalexistenceofapublicsectorentitytoceaseoritsscaleofoperationstobesubjecttoaforcedreductionasaresultofaninabilitytofinanceitsoperationsorofnetliabilities.Informingaviewoftheentity’sabilitytocontinueitsoperations,publicsectorauditors’considerationofgoingconcernembracestwoseparate,butsometimesoverlapping,factors:

iCAT:FinancialAudit


Page57

• Thegreaterriskassociatedwithchangesinpolicydirection(forexample,wherethereisachangeingovernment);and

• Thelesscommonoperational,orbusiness,risk(forexample,whereanentityhasinsufficientworkingcapitaltocontinueitsoperationsatitsexistinglevel).FurtherguidanceongoingconcernissuesinpublicsectorisoutlinedinpracticenoteofISSAI1570.

Summary

Thischapteroutlinedtheprocessfordevelopinganoverallauditstrategyfortheaudit.Itindicatedthatthefirststepinauditplanninginvolvesestablishingtheoverallauditstrategyfortheengagementasabasisfordevelopingadetailedauditplan.Theoverallauditstrategyisdistinctfromtheauditplaninthatitsetsaframeworkforthescope,timinganddirectionoftheaudit.Thisratherguidesthedevelopmentofthedetailedauditplan,whichcontainsmorein-depthinformationontheresultsoftheriskassessmentandontheactualauditprocedurestobeconducted.

Theobjectiveoftheriskassessmentphaseoftheauditistoidentifysourcesofrisk,andthentoassesswhethertheycouldpossiblyresultinamaterialmisstatementinthefinancialstatements.Riskassessmentconsistsofidentificationofinherent(businessandfraud)risk,preliminaryassessmentofthoserisks,thenidentificationofsignificantrisks,followedbyunderstandingandevaluatingofinternalcontrolsrelevanttoaudit.Thefinalstepintheriskassessmentphaseoftheauditistoreviewtheresultsoftheriskassessmentproceduresperformed,andthenassess(or,ifalreadyassessed,summarize)therisksofmaterialmisstatementsatfinancialstatementlevelorassertionlevel.Thenextphaseoftheauditisdetermininghowtorespondappropriatelytotheassessedrisksthroughthedesignoffurtherauditprocedures.

NextchapteronFieldworkprovideguidanceontheissuesofconductingauditproceduresandobtainingsufficientauditevidence.

iCAT:FinancialAudit

Chapter5:Fieldwork

Page58

Chapter5

Fieldwork

Introduction

In the previous chapter the facilitator has becomeaware of the various phases of the planning cycle.After assessing the risk the auditor’s response is to design audit procedures to address those risksidentified.Inthischapterthefacilitatorwillbetakenthroughtherequirementsofthefieldworkstageoftheaudit.

ISSAI 1330 notes that the auditor needs to design and implement overall responses to address theassessedrisksofmaterialmisstatementatthefinancialstatementlevelaswehavediscussedinthelastmodule.Suchoverallresponsestoaddresstheassessedrisksofmaterialmisstatementinclude:

• Emphasizingtotheauditteamtheneedtomaintainprofessionalscepticism.ItisdiscussedinPre-engagementchaptercoretextinsection4.

• Assigningmoreexperiencedstafforthosewithspecialskillsorusingexperts.

• Providingmoresupervision.

• Designingfurtherauditprocedurestoaddresstheelementsofunpredictability.

• Makinggeneral changes to thenature, timing,orextentofauditprocedures; forexample,performing substantive procedures at the period end instead of at an interim date; ormodifyingthenatureofauditprocedurestoobtainmorepersuasiveauditevidence. (ISSAI1330Para3)

TheISSAIshas123requirementsforthefieldworkstageoftheauditandtheserequirementsarecrossreferencedintheiCAT.ThiscoretextisnotasubstituteforthereadingoftheISSAIsbutitcanbeusedtodevelopabetterunderstandingofthestandardsrelatingtofieldwork.

In thecore textwewillbe focusingon theauditdocumentation,auditprocedures, thequalitycontrolrelatingtotheauditfieldworkandexplanationofsomekeyconceptsrelevanttoconductinganaudit.

1. AuditDocumentation

1.1 PurposeofAuditDocumentation

The audit documentation shall include theoverall responses to address the assessed risks ofmaterialmisstatement at the financial statement level, and thenature, timing, andextentof the further auditprocedures performed. Documentation should establish the linkage of those procedures with theassessedrisksat theassertion level;andtheresultsof theauditprocedures, includingtheconclusionswherethesearenototherwiseclear.

iCAT:FinancialAudit

Chapter5:Fieldwork

Page59

Theformandextentofauditdocumentationisamatterofprofessionaljudgment,andisinfluencedbythenature,sizeandcomplexityoftheentityanditsinternalcontrol,availabilityofinformationfromtheentityandtheauditmethodologyandtechnologyusedintheaudit.

If the auditor plans to use audit evidence about the operating effectiveness of controls obtained inprevious audits, the auditor shall include in the audit documentation the conclusions reached aboutrelying on such controls that were tested in a previous audit. The auditor’s documentation shalldemonstratethatthefinancialstatementsagreeorreconcilewiththeunderlyingaccountingrecords.

1.2 Workingpapers

Theworkingpapersofauditshoulddocumenttheauditproceduresundertaken, theconclusiondrawnand implicationsontheauditopinion.Theyshouldalsorecordthereasoningonall significantmatterswhere the auditors have used their judgment. This documentation will help auditors of financialstatementsensurethattheycompletedall theworkrequired.Thedocumentsprovidetheevidencetosupporttheauditopinionreachedandallowreviewoftheauditwork.

Theworkingpapersshouldrecord:

• All the audit procedures in the plan performed and the justification given for any deviation therefrom;

•Resultsoftheauditprocedures,drawingoutclearlyanyerrorsorcontrolweaknessesidentified;

•Allerrorsorcontrolweaknessesinvestigatedanddiscussedwiththemanagement,asnecessary;

•Anymattersthatareunresolvedorthatshouldbeinformedtotheentity;and

• The conclusions made by the auditors from the audit execution phase, the judgments made inreachingsuchconclusionsandreasonsunderlyingthem.

All correspondence with the entity should be retained together with any minutes of the meeting inaccordancewiththeSAI’spolicy.

Auditdocumentationshouldbeofgoodqualitysothatanexperiencedandcompetentauditorwithnopreviousassociationwiththeentityshouldbeabletoascertaintheevidencegatheredandunderstandandsupporttheconclusionsreachedwithoutanydifficulty.Thiswillalsobemorerelevantintheeventthatthereisanunexpectedchangeintheauditteam.

2. AuditSampling

2.1Overview

After designing tests of controls and substantive tests, the auditor should identify the items ortransactionsonwhichtoperformtheauditprocedures,appropriatetothepurpose.Thisshouldbedoneinordertogathersufficientappropriateauditevidencetomeettheobjectivesoftheauditproceduresincludingwhentheobjectiveistoevaluatethecompliancewithlawsandregulations.Theobjectiveisto

iCAT:FinancialAudit

Chapter5:Fieldwork

Page60

provide a reasonable basis for the auditor to draw conclusions about the population fromwhich thesampleisselected.(ISSAI1530.4-9)

InthePublicSectorauditsamplingmaybeaffectedbytheSAI’smandate,whichinadditiontoexpressingan opinion on the financial statement may be to report on compliance with legislature, regulatory,ministerial directive and government policies. Also, reviewing non-financial information contained infinancialstatements,publicsectorauditorsconsiderwhethersamplingwillbeusefulintestingsuchnon-financialinformationcontainedinfinancialstatements.

The use of audit sampling for testing compliance with authorities is similar to other uses of auditsamplinginthatpublicsectorauditors:

• Determinesampledesignandauditparameters,includingmateriality,desiredconfidencelevel,andsampleselectionmethod;

• Performrelevantauditproceduresoneachitemselected;

• Investigatethenatureandcausesofnon-compliance;and

• Evaluate the results, including projecting the results across the population if the sample wasselectedusingstatisticalprocedures

2.2SampleDesign,SizeandSelectionofItemsforTesting

WhendesigninganauditsampleasrequiredbyISSAI1530publicsectorauditorsmaysetdifferentlevelsofparameters,includingmaterialityandahigherlevelofconfidence,andthismayaffectthesamplesize.Publicsectorauditorsmightdesignseparatesamplestotestcontrolsandcomplianceormaydesignonesample to test both. For example, a sample of disbursements might be used to test controls overdisbursementsaswellaswhetherthedisbursementswereinaccordancewithauthorities.

The auditor should select items for the sample with the expectation that all sampling units in thepopulation have a chance of selection. The sample size can be determined by the application of astatistically-based formulaor through theexerciseofprofessional judgmentobjectively applied to thecircumstances.

2.3Performrelevantauditprocedures

Theauditorshouldperformauditproceduresappropriatetotheparticularauditobjectiveoneachitemselected. If a selected item is not appropriate for the application of the audit procedure, the auditprocedureshouldbeperformedonareplacementitem.

Sometimes however, the auditor is unable to apply the designed audit procedures to a selected itembecause, for instance, documentation relating to that item has been lost. If suitable alternative auditprocedurescannotbeperformedonthatitem,theauditorordinarilyconsidersthatitemtobeeitheradeviationfromtheprescribedcontrol,inthecaseoftestsofcontrols,oramisstatement,inthecaseofsubstantivetests.(ISSAI1530.11)

2.4EvaluationofResults

iCAT:FinancialAudit

Chapter5:Fieldwork

Page61

The auditor should evaluate the sample results, the nature and cause of any deviations ormisstatements identified,andtheirpossibleeffecton theparticularauditobjectiveandotherareasofthe audit. At the end the auditors should evaluatewhether the use of audit sampling has provided areasonablebasisforconclusionsaboutthepopulationthathasbeentested.(ISSAI1530.12;15)

Auditors should also consider instances where for example management cannot provide adequateexplanations for deviations and misstatements. In some environments such as a Court of Accountsenvironment auditors may be obliged to investigate further the underlying reasons for the lack ofinformationanddeterminewhoisresponsible.(ISSAI1530P11;P12)

Inthecaseoftestsofcontrols,anunexpectedlyhighsampleerrorratemay leadtoan increase intheassessed risk of material misstatement, unless further audit evidence substantiating the initialassessmentisobtained.Auditorsshouldre-assessthecontrolreliancetoalowerlevel(mediumornone)intheRelianceonkeycontrolsforcomponents.

Inthecaseofsubstantivetesting,unexpectedlyhighrateofmisstatements inasamplemaycausetheauditor to believe that an account balancemay bemateriallymisstated. This is the case for examplewhen the total accumulated errors andmisstatements on the account balance projected to the totalaccountbalanceexceedthetolerablemisstatement.

3. AuditProcedures

3.1Overview

After gaining an understanding of the audit entity, its environment and internal controls and havingconducted a risk assessment, audit procedures are identified to address those risks. These can besummarizedasfollows:

• Testofcontrol

• Substantiveprocedures

o Substantiveanalyticalprocedures

o Testofdetails

3.2TestsofcontrolsTest of controls areperformed to address the effectiveness of the entity’s controls. In designing andperformingtestsofcontrols,theauditorshouldconsiderhowthecontrolswereapplied,theconsistencyof application and bywhomor bywhatmeans theywere applied. The auditor should also establishwhetherthecontrolstobetestedareaffectedbyotherindirectcontrolsandifitisnecessarytoconsiderthesecontrolswhenobtainingsupportiveauditevidence.Testsofcontrolsshouldbeconductedfortheparticulartimeorperiodforwhichtheauditorintendstorelyonthesecontrols(ISSAI1330,Para10to11).Thecontrolsthatarerequiredtobeassessedare:

• Relevantcontrols• Controlsrelatingtosignificantrisks

iCAT:FinancialAudit

Chapter5:Fieldwork

Page62

3.3 SubstantiveProceduresISSAI1330stipulatesthat,irrespectiveoftheassessedrisksofmaterialmisstatement,theauditorshoulddesign and perform substantive procedures (i.e. substantive analytical procedures and/or substantivetestofdetails)foreachmaterialclassoftransactions,accountbalance,anddisclosure.Thisrequirementreflectsthefactthat(a)theauditor’sassessmentofriskisjudgmentalandsomaynotidentifyallrisksofmaterialmisstatement;and(b)thereareinherentlimitationstointernalcontrol,includingmanagementoverride.3.3.1NatureandExtentofSubstantiveProceduresDependingonthecircumstances,theauditormaydeterminethat:• Performing only substantive analytical procedures will be sufficient to reduce audit risk to an

acceptably low level. For example, where the auditor’s assessment of risk is supported by auditevidencefromtestsofcontrols.

• Onlytestsofdetailsareappropriate.• A combinationof substantive analytical procedures and testsof details aremost responsive to the

assessedrisks.Ifsubstantiveproceduresareperformedataninterimdate,theauditorshallcovertheremainingperiodbyperforming:

a. substantiveprocedures,combinedwithtestsofcontrolsfortheinterveningperiod;orb. if the auditor determines that further substantive procedures alone is sufficient to provide a

reasonablebasisforextendingtheauditconclusionsfromtheinterimdatetotheperiodend.

TheextentoftestingshouldbelinkedtotheSAIssamplingmethodologyandassessmentofmateriality.3.3.2SubstantiveAnalyticalProcedures

Analyticalprocedurescanbeusedineachphaseoftheaudit.

•Atthebeginningoftheaudit,analyticalproceduresareusedasariskassessmentprocedure.

•During the audit, analytical procedures are performed to analyze variances in data and tosubstantiatecertaintransactionstreamsandaccountbalances.

•Near the end of the audit, analytical procedures are performed to determine whether thefinancialstatementsareconsistentwiththeauditor’sunderstandingoftheentity,ortoindicateapreviouslyunrecognizedriskofmaterialmisstatementduetofraud.

3.3.3TestofDetailsTheauditopinionrequiresassuranceontheassertionsthatwhenaggregatedprovidesanopiniononthefinancialstatements.Thetestofcontrolsandsubstantiveanalyticalprocedurescanprovideasubstantial

iCAT:FinancialAudit

Chapter5:Fieldwork

Page63

amount of assurance; however, there are instances where they may not be comprehensive. Twoexamplesofwherefurthertestofdetailsmayberequiredinclude:

• Testingcomplianceoflawsandregulations• Testingofitemslinkedtosignificantrisks

4. AuditEvidence4.1OverviewDuring the audit execution phase, the auditor should obtain the audit evidence from a number ofsourcesinanumberofwaysinsupportofbothtestingofcontrolsandsubstantiveprocedures.Followingarethemethodsofobtainingauditevidence:• Inspection• Observation• Inquiryandconfirmation• Computation• Analyticalprocedure• Surveys• Interviews

4.2EvaluatingtheSufficiencyandAppropriatenessofAuditEvidenceIftheauditorhasnotobtainedsufficientappropriateauditevidenceastoamaterialfinancialstatementassertion, theauditorshallattempt toobtain furtherauditevidence. If theauditor isunable toobtainsufficientappropriateauditevidence,theauditorshallexpressaqualifiedopinionordisclaimanopiniononthefinancialstatements.The reliability of audit evidence is increased (with some exceptions) when it is obtained fromindependentsourcesoutsidetheentity.Toavoidunwarrantedrelianceonasourceofdataused,theauditorwouldperformsubstantivetestsoftheunderlyingdatatodeterminewhetheritissufficientlyreliable,ortestwhetherinternalcontrolsoverthedata’scompleteness,existence,andaccuracyareoperatingeffectively.Insomecases,non-financialdata (for example, quantities and types of items produced) will be used in performing analyticalprocedures. Accordingly, the auditor needs an appropriate basis for determining whether the non-financialdataissufficientlyreliableforthepurposesofperformingtheanalyticalprocedures.Auditevidence intheformofexternalconfirmationsreceiveddirectlybytheauditor fromappropriateconfirmingpartiesmayassisttheauditorinobtainingauditevidencewiththehighlevelofreliabilitythattheauditor requires to respond to significant risksofmaterialmisstatement,whetherdue to fraudorerror.4.3DifferencesfromExpectations/ContradictoryEvidenceWhendifferencesareidentifiedbetweenrecordedamountsandtheauditor’sexpectations,theauditorwould consider the level of assurance that the procedures are intended to provide and the auditor’s

iCAT:FinancialAudit

Chapter5:Fieldwork

Page64

performancemateriality.Theamountof theacceptabledifferencewithout investigationwould, inanyevent,needtobelessthanperformancemateriality.Proceduresusedfortheinvestigationcouldinclude:• Reconsideringthemethodsandfactorsusedinformingtheexpectation;• Making inquiries of management regarding the causes of differences from the auditor’s

expectations and assessing management’s responses, taking into account the auditor’sunderstandingofthebusinessobtainedduringthecourseoftheaudit;and

• Performing other audit procedures to corroboratemanagement’s explanationsAs a result of thisinvestigation,theauditormayconcludethat:

• Differences between the auditor’s expectations and recorded amounts do not representmisstatements;or

• Differencesmay representmisstatements,and furtherauditproceduresneed tobeperformed toobtain sufficient appropriate audit evidenceas towhether amaterialmisstatementdoesordoesnotexist.

5. CommunicationwiththeAuditTeam5.1InternalCommunicationCommunicationwith the audit team should be throughout the audit and this should be documented.Discussioncouldfocusonthe:• Auditresults• Progress,andissuesidentified• Changesinauditplan• Newinformation• Unusualevents/transactions,suchasfraudandrelatedpartiestransactions• Suggestionsfornextperiod’saudit

Auditteammembersshouldbeencouragedtocommunicateandsharetheinformationthattheyobtainthroughouttheauditonanymattersofrelevance,particularlywhenitaffectstheassessmentofriskandplannedauditprocedure.ISSAI1240Paragraph15requiresadiscussionamongtheengagementteammembersanddetermination by the engagement partner of whichmatters are to be communicated to those teammembersnotinvolvedinthediscussion.Inthepublicsector,thediscussionmayalsocovertheadditionalobjectives and related risks of material misstatement. Public sector auditors may include auditorsengagedinperformanceauditsandotherauditactivitiesoftheentityinsuchadiscussion.Discussing thesusceptibilityof theentity’s financial statements tomaterialmisstatementdue to fraudwiththeengagementteam:• Providesanopportunityformoreexperiencedengagementteammemberstosharetheirinsights

abouthowandwherethefinancialstatementsmaybesusceptibletomaterialmisstatementduetofraud.

• Enables the auditor to consider an appropriate response to such susceptibility and to determinewhichmembersoftheengagementteamwillconductcertainauditprocedures.

iCAT:FinancialAudit

Chapter5:Fieldwork

Page65

• Permits the auditor to determine how the results of audit procedureswill be shared among theengagement teamandhow todealwith any allegations of fraud thatmay come to the auditor’sattention.ISSAI1240(A10)

5.2ExternalCommunication:WrittenRepresentationsWrittenrepresentationsareanimportantsourceofauditevidence,forreasonssuchasthefollowing:• Ifmanagementmodifiesordoesnotprovidetherequestedwrittenrepresentations,itmayalertthe

auditortothepossibilitythatoneormoresignificantissuesmayexist;and• Arequestforwritten(ratherthanoral)representationsmaypromptmanagementtoconsidersuch

mattersmorerigorously,therebyenhancingthequalityoftherepresentations.Writtenrepresentationsarerequestedfromthoseresponsible for thepreparationandpresentationofthefinancialstatementsandknowledgeofthemattersconcerned.Theauditorisrequiredtorequestmanagementtoprovideawrittenrepresentationthat:• Ithas fulfilled its responsibility for thepreparationof the financial statements inaccordancewith

theapplicablefinancialreportingframework;• Ithasprovidedtheauditorwithall relevant informationandaccessasagreed in thetermsof the

auditengagement;and• Alltransactionshavebeenrecordedandarereflectedinthefinancialstatements.

If management does not provide these required representations, or if the auditor concludes there issufficient doubt about the integrity ofmanagement such that these representations are not reliable,then the auditor must disclaim an opinion on the financial statements. Written representations alsosupportotherevidencerelevanttothefinancialstatements.6. QualityControl6.1BeforetheAuditBefore the commencement of the audit, the engagement leader should ensure that the engagementteamis:

• Independent,andthatnoconflictsofinterestexist:and• Competenttoperformtheworkwiththerequiredresourcesandtimeavailability;

Theengagement shouldensure that if the SAIpolicy includes completionof adeclaration toattest toindependence,thenthisformiscompletedandplacedonfileaspartofthedocumentation.Also,duringtheaudittheengagementshouldbealertofanymatterorcircumstancesthatmightthreatentheteam’sindependence.6.2DuringtheAuditEngagementPerformanceDuringthefieldworktheengagementleadershalltakeresponsibility,amongotherthings,for:

iCAT:FinancialAudit

Chapter5:Fieldwork

Page66

a. the direction, supervision and performance of the audit engagement in compliance with

professionalstandardsandapplicablelegalandregulatoryrequirements;andtheauditor’sreportbeingappropriateinthecircumstances;

b. reviewsbeingperformedinaccordancewiththefirm’sreviewpoliciesandprocedures;c. theengagementteamundertookappropriateconsultationondifficultorcontentiousmatters;d. determining whether there is a need for an engagement quality review and if so determined

ensuringthatanengagementqualityassurancereviewerhasbeenappointed.Wheredifferencesofopinionarisewithin theaudit reamwith thoseconsultedand,whereapplicable,betweentheengagement leaderandtheengagementqualitycontrolreviewer, theaudit team,shouldfollowtheSAI’spoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.Theengagement leadershouldensurethatreviewsareperformedinaccordancewiththeSAI’sreviewpoliciesandprocedureswhichshouldmeettherequirementsofISSAI40.(Ref:ISSAI1220paragraphs16andA.16toA.17,A.20andISSAI40-paragraphs32andA.34)The engagement leader/supervisor is responsible for ensuring that reviews of theworking papers arecarriedoutinordertobesatisfiedthattheydemonstratethatsufficientappropriateauditevidencehasbeen obtained to support conclusions reached for the auditor’s report to be issued (Ref. ISSAI 1220paragraphs17andA.18toA.20).Evidenceofworkingpaperreviewshouldindicatewhatauditworkwasreviewed,whoreviewedsuchwork,andwhenitwasreviewed.6.3ConsultationandDifferencesofOpinionWheredifferencesofopinionariseduringtheauditwithintheengagementteam,withthoseconsultedand,whereapplicable,withintheSAI,theSAIshouldhavepoliciesandproceduresfordealingwithandresolvingdifferencesofopinion.TheengagementleaderincarryingoutreviewsshouldensurethattheSAI’spolicyandprocedureswerefollowedandresultsdocumented.6.4EngagementQualityControlReview(EQCR)EQCR is the objective evaluation of the significant judgments made by the audit team and theconclusions reached in formulating the independent auditor’s report. As part of the systemof qualitycontrol, ISSAI 40 states that an EQCR should be performed for all auditsmeeting the agreed criteria.Examples:

• whereaqualifiedoradverseopinionisbeingproposedoranticipated;• whereclientactivitiesareofspecialinteresttothegeneralpublicormedia;and• whereclientsareconsideredasbeingofhigherauditrisk, forexampledueto:ahistoryofweak

internalsystemsofcontrol;orwherecomplexornovelaccountingissuesexistDuringthefieldwork,theengagementleadershouldensurethatEQCRisconductedinatimelymannerin accordance with the SAI’s policy and significant matters were resolved prior to the opinion beingissued. Also, the engagement leader should ensure that the person who conducted the ECQR wasobjective and not involved with the audit. Additionally, conclusions reached on the EQCR must bedocumented.

7. Otherkeyareasnamely:AccountingEstimatesandGoingConcern

iCAT:FinancialAudit

Chapter5:Fieldwork

Page67

7.1AccountingEstimates

ReviewingestimatesrelatingtospecifictransactionsandbalancestoidentifypossiblebiasesonthepartofmanagementaccordingtoISSAI1540.Furtherprocedurescouldincludethefollowing:• Reconsideringtheestimatestakenasawhole;• Performing a retrospective review of management’s judgments and assumptions related to

significantaccountingestimatesmadeinthepriorperiod;and• Determining whether the cumulative effect of bias in management’s estimates amounts to a

materialmisstatementinthefinancialstatements.

7.2GoingConcernPublicSectorAssumptiononGoingConcernCessationof apublic sector entity ismost likely to result froma governmentpolicydecision.Apolicydecisionmaybetakentowindupanddissolveanentityinitsentirety,toscalebackitsoperationsandtransfersomeofitsfunctionstoanotherpublicentity,mergewithanotherpublicentityorprivatizetheentity.Ineachofthesecasestheoperationalexistenceofallorpartoftheentityceases.Only in thecaseofdissolutionwithoutanycontinuationof theentitywould thegoingconcernbasisceasetobeappropriateinthepublicsector.Informingaviewoftheentity’sabilitytocontinueitsoperations,publicsectorauditors’considerationofgoingconcernembracestwoseparate,butsometimesoverlapping,factors:

• Thegreaterriskassociatedwithchangesinpolicydirection(forexample,wherethereisachangeingovernment);and

• The less common operational, or business, risk (for example, where an entity has insufficientworkingcapitaltocontinueitsoperationsatitsexistinglevel;cessationofdonorfunding).

AnomalyandmisstatementsidentifiedToprogresstheaudit, thefacilitatorwillevaluateallmisstatementsandotheraudit findings(includinganomalies)andconsiderthemforthereportingphasewhichiscoveredinthenextmoduleConclusionInthischapterwehavecoveredtheauditor’sresponsetotheassessedriskofmaterialmisstatementatthefinancialstatementandassertionlevel.Inrespondingtosuchrisktheauditorshoulddeterminethenature,timingandextentoftestingthatwillbeperformed.Thesufficiencyandappropriatenessofauditevidence will then be assessed. The results of the audit will also be assessed, documenting workperformedandcommunicationbothinternallyandexternally.Havingcompletedthischapter it isexpectedthatfacilitators/personscarryingoutthe iCATassessmentwillbefamiliarwiththerequirementsoftheISSAIsthatrelatestofieldworkandshouldensurethatthe

iCAT:FinancialAudit

Chapter5:Fieldwork

Page68

SAIhasdocumentary evidencemaybe in the formof an audit program that link the audit plan to theassessed risk, the work performed, audit results that will form the basis of the audit opinion, staffsupervisionandworkingpaperreview.InfillingthecolumnsoftheiCATwheresuchevidenceexiststhefacilitator should ensure that itmeets the requirement of the ISSAIs and indicate this in the relevantcolumn. If the SAI is non-compliant the reason for non-compliance should also be indicated in therelatediCATcolumn.Attheendofthischapterthefacilitatorwillbeabletoevaluatethecriticalaspectsofthefieldworkstageoftheaudit.Themainissuessurroundensuringthattheauditevidencesupportsanyconclusionsdrawnfromthefieldwork.Furthermore,thattheconclusionsdrawnareinlinewiththeauditapproachoftheSAI as to minimize audit risk and make an appropriate assessment as to whether there is materialmisstatementsinthefinancialstatements.Nextchapter is the lastpartofguidance for level4 ISSAIsonreporting.Aftercompletingnextchapterpleaseconsiderascertainingthestatusoflevel2ISSAIsasmentionedinchapter2..

iCAT:FinancialAudit

Chapter6:Conclusionandreporting

Page69

Chapter6

ConclusionandReporting

Introduction

In the previous chapter the focus was on the concepts of designing and implementing further auditprocedures,which includedwhether tests of control or substantive procedures (substantive analyticalproceduresandtestofdetails)havebeendeterminedandconducted.Inthischapterwewillcoverhowthe misstatements accumulated during the audit will be evaluated and the preparation of auditor’sreportwithanopiniononthefinancialstatement.

ISSAI1450 (EvaluatingMisstatements Identifiedduring theAudit) stipulates that, after completing theaudit, theauditorshallaccumulate themisstatementsandevaluate themisstatementsonbasisof theoverallmateriality.Afterevaluatingtheauditevidenceobtained,theauditors’needstoformanopinionon the financial statements based on conclusions drawn and express that opinion through a writtenreport.1. AccumulatingMisstatements

To evaluate the aggregate effects ofmisstatements on the financial statements, the auditor needs toaccumulateall knownand likelymisstatements.This should includeallmisstatementsdetectedby theauditor, including any that the entity corrected during the audit. It is important to consider allmisstatements tohavearecordof the impactof theaudit,bringallmisstatements totheattentionofthe appropriate level of management, and assist the auditor in evaluating the risk of furthermisstatementasapartoftheconsiderationofunadjustedmisstatements.ISSAI1450.5-9.Misstatements may result from incorrect data, omission of an amount or disclosure, incorrectaccounting, judgmentsofmanagement that theauditorconsidersunreasonable.Publicsectorauditorsmayhaveanadditionalresponsibilitytoincludeinstancesofnon-complianceandweaknessesininternalcontrolsinaccumulatingmisstatements.ISSAI1450PNP9,PNP10Theauditor’sresponsibilityinaccumulatingmisstatementsistodetermine:• whethertheauditstrategyandplanneedtoberevisedinordertodomoredetailedtesting,ifthere

isevidencethatthemisstatementmaynotbeanisolatedincidence;• ifanaggregateofmisstatementsislikelytoexceedthematerialitylevel;• furtherauditprocedures, ifmanagementhasexaminedthecauseofmisstatements,and identified

theamountmisstated.

iCAT:FinancialAudit


Page70

2. EvaluatingMisstatementsThroughout the course of audit, the auditor proposes adjusting entries for allmaterialmisstatementsthatarediscoveredinthefinancialrecords.Toissueanunmodifiedopiniononthefinancialstatementsanymaterialmisstatementdiscoveredbytheauditorneedtobecorrected.Todoso,theauditormustconclude that there is a low level of risk of material misstatement of the financial statements. Inevaluating this risk, the auditor develops an estimate of the total likelymisstatement in the financialstatement.Theauditordesignsanaudittoobtainreasonableassurancethatallmisstatements,eitherindividuallyorin combination with others, greater than materiality is detected. In evaluating misstatements, theauditor considers the impact of uncertainty in the audit. The amount of materiality represents thisuncertainty–theauditorhasonlydesignedanaudittodetectmisstatementsgreaterthanthisamount.

2.1ImpactofuncorrectedmisstatementinthefinancialstatementHavingaccumulatedallnon-trivialmisstatementsthroughouttheaudit,theauditorshouldevaluatetheimpactofthosemisstatementstodetermine, if individuallyor intotal,themisstatementsarematerial.ISSAI1450.10-11.Misstatements donot just consist ofmonetary errors on thebalance sheet or income statement. Forexample, theauditormustalsoconsiderthe impactofanymisstatementsthataffectpresentationanddisclosuresuchasfailuretopresentordiscloseitemsrequiredbytheapplicableframework.3. ForminganOpinion

The auditor delivers an opinion on whether the financial statements are prepared, in all materialrespects,inaccordancewiththeapplicablefinancialreportingframework.Fortheauditofpublicsectorentities the auditor often needs to report onmatters such as regularity and/or legal compliance. It isreportedunderthesubtitleOtherMattersintheauditorsreport.It istheauditor’sresponsibilitytoconsiderwhetherthefinancialreportingframeworkisappropriateinjurisdictionandtheactualcircumstances.Auditorsofpublicsectorentities(SupremeAuditInstitutions)mustoftenconsiderwhetherthereareadditional legislativeorregulatoryrequirementsthataffecttheauditorsreport.TheseadditionalrequirementsoftenobligetheSAIauditortoprovideanopinionontheentity’scompliancewithlegislativeorregulatoryrequirementsoronthestrengthofinternalcontrols.If the auditor concludes that the financial statements are free frommaterialmisstatement,he or sheissuesanunmodifiedauditorsreport.However,iftheauditorconcludesthatmaterialmisstatementsarepresent,theauditorsreportmustbemodified.Thefollowingparagraphswilloutline:• The steps the auditor takes to determine if financial statements are free from material

misstatement;• Theauditor’sstandardreport;and• Modifications to the opinion in the auditor’s report if there arematerial misstatements or if the

auditorcannotobtainsufficientappropriateevidencetoconcludethatthefinancialstatementsarefreefrommaterialmisstatement;

iCAT:FinancialAudit


Page71

• TheotherreportingmattersincludingEmphasisofMatterandOtherMatterparagraphsthathaveanimpactonthereportingoftheSAIs.

3.1MisstatementlessthanthresholdofmaterialityThe basic steps in reaching a conclusion on whether the financial statements are free frommaterialmisstatement,andthereforecallforauditorsunmodifiedopinionare:1) Considerationofwhethersufficientappropriateauditevidencehasbeenobtained.2) Consideration of whether the financial statements have been prepared in accordance with the

applicablereportingframework.Ifthefinancialstatementsarepreparedbasedoncomplianceframework,thenthisisastraightforwardconsideration of whether the financial statements have been prepared in all material respects inaccordance with the framework. However, if the financial statements are prepared based on a fairpresentation framework, the auditor must also consider whether the fair presentation has beenachieved. Inotherwords, if theauditorsreportuseswordssuchas“fairlypresented”or“trueandfairview”,theauditormustconcludewhetherthatobjectivehasbeenachieved.Insuchcasesitispossiblefortheauditortoconcludethatthefinancialstatementsarenotfairlypresentedeveniftheyhavebeenpreparedinaccordancewiththeapplicablereportingframework.3.2MisstatementoverthethresholdofmaterialityWhentheauditordiscoversamisstatementofthefinancialstatementoverthethresholdofmaterialityhe or she has to issue amodified opinion. Misstatements arematerial either individually or in totalwhichdependsonthenatureoftheauditevidence.Thedifferenttypesofmodificationsoftheopinion,andcircumstancesdescribingwhyandhowsuchanopinionintheauditorsreportismodifiedareexplainedbelow-ISSAI1700.7-15:QualifiedOpinionAqualifiedopinionisgivenwhen:i. Theauditorhasobtainedsufficientappropriateauditevidenceandhasconcludedthatthereare

misstatementsthatarematerial;butnotpervasive;orii. The auditor is unable to obtain sufficient appropriate audit evidence on which to base the

opinion and concludes that the possible effects on the financial statements of undetectedmisstatements,ifany,couldbematerialbutnotpervasive.

AdverseOpinionAn adverse opinion is givenwhen, having obtained sufficient appropriate audit evidence, the auditorconcludesthatmisstatementsarebothmaterialandpervasivetothefinancialstatements.DisclaimerofOpinionWhentheauditorisunabletoobtainsufficientappropriateauditevidenceonwhichtobasetheopinion,andconcludesthatthepossibleeffectsonthefinancialstatementsofundetectedmisstatements,ifany,couldbebothmaterialandpervasive,theauditordisclaimsanopinion.

iCAT:FinancialAudit


Page72

Theauditoralsodisclaimsanopinion in some rare circumstances involvingmultipleuncertainties.Theauditorconcludesthat,althoughheorshehasobtainedsufficientappropriateauditevidenceregardingeachoftheindividualuncertainties,itisnotpossibletoformanopiniononthefinancialstatementsdueto the potential interaction of the uncertainties and their possible cumulative effect on the financialstatements.Thedifferenttypesofopinionsunderwhichtheyarisearelistedbelow:Nature of Matter Giving risetotheModification

Auditors judgment about the pervasiveness of the Effects orPossibleEffectsontheFinancialStatements

MaterialbutnotPervasive MaterialandPervasive

Financial statements aremateriallymisstated

Qualifiedopinion Adverseopinion

Inability to obtain sufficientappropriateauditevidence

Qualifiedopinion Disclaimerofopinion

4. ReportingThis sectionexemplifies the formsand contentof a standard audit report.Once the auditor formsanopinionon financial statements, it is his or her responsibility to express clearly theopinion through awrittenreportwhichprovidesabasis for thatopinion.Thecontentsofanauditor’sstandardreport inrelation to theopinionon the financial statementarecovered in this section.Other reportingmattersthatfrequentlyimpactthereportingofSAIs,includingEmphasisofMatterandOtherMatterparagraphsarealsocoveredinthissection.4.1TheAuditor’sStandardReportAn auditor presents a standard report which contains the opinion formed by the auditor. The keyelementsrequiredforauditorsreporttomeetInternationalAuditingStandardsare:

• Thereportisinwriting;• Thereporthasatitlethatclearlyindicatesthatitisthereportofanindependentauditor;ISSAI

1700.21• The report is addressed as required by the circumstances of the engagement. This is usually

specifiedinlaworregulation;Theauditorissuesastandardreportwhenheorshehasformedanunmodifiedopinion.Contentsofareport-Theauditor’sstandardreportshallincludethefollowingninesections(A-I):ISSAI1700.20-42A. IntroductoryParagraphB.Management’sResponsibilityfortheFinancialStatementsC.Auditor’sResponsibilityD.Auditor’sOpinion

iCAT:FinancialAudit


Page73

E.OtherReportingResponsibilitiesF.SignatureoftheAuditorG.DateoftheAuditor’sReportH.Auditor’sAddressI.OtherIssues4.2FormandContentoftheAuditor’sReportwhenmodified

Whentheauditormodifiestheauditopinion,theauditorusestheheading“QualifiedOpinion,”“AdverseOpinion,”or“DisclaimerofOpinion,”asappropriate,fortheopinionparagraph.

To modify an auditors report, the auditor needs to include an extra paragraph before the auditor’sopinion that describes the basis for the modified opinion. This paragraph has a heading that isappropriate,forexample,“BasisfortheQualifiedOpinion”.

Theparagraph“Basisformodification”includesadescriptionandquantificationofthefinancialeffectsofthemisstatement.Ifitisnotpracticabletoquantifythefinancialeffects,thisisstatedinthebasisformodificationparagraph. If there is amaterialmisstatementof the financial statements that relates tonarrativedisclosures,thebasisformodificationparagraphhasanexplanationofhowthedisclosuresaremisstated.

When an auditor reports his or her opinion: “Disclaimer of opinion”, it also includes special textconcerningtheauditorsresponsibility.

Different audit opinions: For financial statement with the material misstatement depending on thepervasivenessandthequalityoftheauditevidence.If there is a material misstatement of the financial statements that relates to the nondisclosure ofinformationrequiredtobedisclosed,theauditor:

a. Discussesthenon-disclosurewiththosechargedwithgovernance;b. Inthebasisformodificationparagraph,describesthenatureoftheomittedinformation;andc. Unlessprohibitedbylaworregulation,includestheomitteddisclosures,provideditispracticableto

do so and the auditor has obtained sufficient appropriate audit evidence about the omittedinformation.

Ifthemodificationresultsfromaninabilitytoobtainsufficientappropriateauditevidence,thebasisformodificationparagraphdescribesthereasonsforthatinability.

Opinionparagraphwhenmodified

This subsection illustrates how the auditor’s different opinion is formulated and presented using fourexamples, depending on the opinion the auditor has formed on basis of the audit evidence. Thecircumstancesofallfourexamplesarebasedonfollowingtwocommonassumptions:i. Auditofacompletesetofgeneralpurposefinancialstatementspreparedbymanagementofthe

entityinaccordancewithInternationalFinancialReportingStandards.ii. The termsof the audit engagement reflect the descriptionofmanagement’s responsibility for

thefinancialstatementsasdepictedinISSAI1210:AgreeingtheTermsofAuditEngagements.

Qualifiedopinion

iCAT:FinancialAudit


Page74

When expressing a qualified opinion due to amaterialmisstatement in the financial statements, theauditor states in the opinion paragraph that, in the auditors opinion, except for the effects of thematter(s)describedintheBasisforQualifiedOpinionparagraph:

a. The financial statements present fairly, in all material respects (or give a true and fair view) inaccordancewiththeapplicablefinancialreportingframeworkwhenreporting inaccordancewithafairpresentationframework;or

b. The financial statements have been prepared, in all material respects, in accordance with theapplicable financial reporting framework when reporting in accordance with a complianceframework.

4.3OtherReportingConsiderations

Up to this point, this chapter has focused on the auditor’s standard report, with and withoutmodifications,inrelationtothepresentationofthegeneralpurposefinancialstatementsinaccordancewith a financial reporting framework.However, there are a number of other reporting considerationsthatmay be relevant to SAIs. Auditors should consult the respective ISSAIs for further information ifcircumstanceswarrant.

ReportonOtherLegalandRegulatoryRequirements

Insomejurisdictions,theauditormayhaveadditionalresponsibilitiestoreportonothermattersthataresupplementarytotheauditor’sresponsibilityundertheISSAIstoreportonthefinancialstatements.Forexample, the auditormaybeasked to report certainmatters if those come to the auditor’s attentionduring the audit of the financial statements. Alternatively, the auditormay be asked to perform andreport on additional specified procedures, or to express an opinion on specific matters, such as theadequacy of accounting books and records. Such responsibilities are often given to SAI. Auditingstandards in the specific jurisdiction or ISSAIs provide guidance on the auditor’s responsibilities withrespecttospecificadditionalreportingresponsibilitiesinthatjurisdiction.

Insomecases,therelevantlaworregulationmayrequireorpermittheauditortoreportontheseotherresponsibilitieswithintheauditorsreportonthefinancialstatements.Inothercases,theauditormayberequiredorpermittedtoreportonthoseinaseparatereport.

These Other Reporting Responsibilities are addressed in a separate section of the auditors report inorder to clearly distinguish them from the auditor’s responsibility under the ISSAIs to report on thefinancial statements. Where relevant, this section may contain sub-heading(s) that describe(s) thecontentoftheotherreportingresponsibilityparagraph(s).

If the auditor has been given additional reporting responsibilities by law or regulation, considerationmust be given to whether sufficient appropriate evidence has been gathered to meet theseresponsibilities.Auditoralsoconsiderswhetherthereisaneedtomodifyhisorheropinioninrelationtotheseotherresponsibilities.

iCAT:FinancialAudit


Page75

These considerations affect the section of the auditors report under “Report on Other Legal andRegulatoryRequirements”butnotthe“Opinion”paragraph.The“Opinion”paragraphisusedtoexpressthe auditor’s opinionon the presentationof the financial statements in accordancewith the financialreportingframework.

Becausethesereportingresponsibilitiesvaryamongjurisdictions,auditorsmayrefertotheirrespectiveSAImandateandlegalprovisionsforfurtherguidance.

EmphasisofMatterParagraphsandOtherMatterParagraphsintheAuditor’sReportEmphasisofMatter:

Theauditormayencountercircumstanceswhereheorsheconsidersitnecessaryto:

a. Draw users‟ attention to a matter presented or disclosed in the financial statements that is soimportantthatitisfundamentaltousers‟understandingofthefinancialstatements;or

b. Drawusers‟attention toanymatter that isnotpresentedordisclosed in the financial statementsthat is relevant to users‟ understandingof the audit, the auditor’s responsibilities or the auditorsreport.

To address the circumstances described above an “Emphasis ofMatter” paragraph is included in theauditors report. Such a paragraph is only included if auditor has obtained sufficient appropriate auditevidence that the matter is not materially misstated in the financial statements. In other words, an“EmphasisofMatter”paragraph isnotasubstituteoradditiontomatters thatrequiremodificationofthe auditor’s opinion. Such a paragraph shall refer only to information presented or disclosed in thefinancial statements. If included in the auditors report, an “Emphasis ofMatter” paragraph is placedaftertheopinionparagraph.

An exampleof howan “Emphasis ofMatter” paragraphmight beused tohighlight a lawsuit that hasbeenproperlydisclosedinthefinancialstatements:Illustration:EmphasisofMatterWedrawattentiontoNoteXtothefinancialstatementswhichdescribetheuncertaintyrelatedtotheoutcomeofthelawsuitfiledagainstthecompanybyXYZCompany.Ouropinionisnotqualifiedinrespectofthismatter.In some cases the auditor considers it necessary to communicate amatter other than those that arepresentedordisclosedinthefinancialstatementsthatisrelevanttousers‟understandingoftheaudit,auditor’sresponsibilitiesortheauditorsreport.Theauditorcommunicatesthesemattersinaparagraphin the auditors report, with the heading “Other Matter,” or other appropriate heading. The auditorincludes this paragraph immediately after the “Opinion” paragraph and any “Emphasis of matter”paragraph,orelsewhereintheauditorsreportifthecontentofthe“Othermatter”paragraphisrelevanttothe“OtherReportingResponsibilities”section.

Anexampleofan“OtherMatter”paragraphisprovidedbelow.Illustration:OtherMatterTheauditfoundfundamentaldeficienciesintheassetmanagementprocessoftheentityincluding:

• Anincompleteassetregister• Noyear-endreconciliationbetweenrecordedandphysicalassets

iCAT:FinancialAudit


Page76

• Poorcontrolsoverthesafeguardingofassets

Comparativeinformation–Theamountsanddisclosuresincludedinthefinancialstatementsinrespectofoneormorepriorperiodsinaccordancewiththeapplicablefinancialreportingframework.

Corresponding figures – Comparative information where amounts and other disclosures for the priorperiodareincludedasanintegralpartofthecurrentperiodfinancialstatements.Theseareintendedtobe read only in relation to the amounts and other disclosures relating to the current period whichreferredtoas“currentperiod figures.The levelofdetailpresented in thecorrespondingamountsanddisclosuresisdictatedprimarilybyitsrelevancetothecurrentperiodfigures.

Comparativefinancialstatements–Comparative informationwhereamountsandotherdisclosuresforthepriorperiodareincludedforcomparisonwiththefinancialstatementsofthecurrentperiodbut, ifaudited,arereferredtointheauditor’sopinion.Thelevelofinformationincludedinthosecomparativefinancialstatementsiscomparablewiththatofthefinancialstatementsofthecurrentperiod.

Financial statements prepared following International Financial Reporting Standards (IFRS) havecorresponding figures. However, the nature of the comparative information that is presented in anentity’s financial statements can vary depending on the requirements of the applicable financialreportingframework.

There are two different approaches to the auditors reporting responsibilities in respect of suchcomparativeinformation:correspondingfiguresandcomparativefinancialstatements.Theapproachtobeadoptedisoftenspecifiedbylaworregulationbutmayalsobespecifiedinthetermsofengagement.

Theauditreportingdifferencesbetweenthetwoapproachesare:

a. For corresponding figures, the auditor’s opinion on the financial statements refers to the currentperiodonly;whereas

b. Forcomparativefinancialstatements,theauditor’sopinionreferstoeachperiodforwhichfinancialstatementsarepresented.

Auditors shouldbe awareof the approach requiredby the financial reporting frameworkusedby theentity being audited. ISSAI 1710 (Comparative Information – Corresponding Figure and ComparativeFinancial Statements) provides guidance on the auditors responsibility relating to comparativeinformationwhenauditingfinancialstatements.The Auditor’s Responsibilities Relating to Other Information in Documents Containing AuditedFinancialStatements

Other information–Eitherby law,regulationorcustom,financialandnon-financial information(otherthan the financial statements and the auditors report thereon) which is included in a documentcontainingaudited financialstatementsandtheauditorsreport.Usually thedocumentscontainingtheaudited financial statements are annual reports that are issued to stakeholders. SAIs may adapt thisguidancenecessaryinthecircumstances,tootherdocumentscontainingauditedfinancialstatements.

iCAT:FinancialAudit


Page77

Itmaybementionedthattheauditor’sresponsibilitiesextendbeyondissuingtheauditorsreportonthefinancialstatements.

Theauditor is required toanalyze theother informationdescribed in theprecedingparagraph.This isdone as soon as possible, preferably before the other information is released. Under the ISSAIs, theauditor’s opinion does not cover other information and the auditor has no specific responsibility fordetermining whether or not other information is properly stated. However, the auditor analyzes theother information because the credibility of the audited financial statementsmay be undermined bymaterialinconsistenciesbetweentheauditedfinancialstatementsandotherinformation.

If the auditor identifies a material inconsistency between unaudited information and the auditedfinancial statements, the auditor determines whether the audited financial statements or the otherinformation needs to be revised. ISSAI 1710 (Comparative Information – Corresponding Figures andComparative Financial Statements) provides guidance on the auditors responsibility relating to otherinformationcontainingauditedfinancialstatements.

SpecialConsiderations–AuditsofFinancialStatementsPrepared inAccordancewithSpecialPurposeFrameworks

ISSAIs1000–1700seriesapplytoanauditoffinancialstatements.However,specialconsiderationsaregiventoapplyingthoseISSAIstoanauditoffinancialstatementspreparedinaccordancewithaspecialpurposeframework.SAIsmayencounterfinancialstatementspreparedonthebasisofspecialpurposeframeworks.Theconsiderationsdiscussedbelowdonotoverrideotherauditingstandards–theyprovideadditionalguidancethatmaynotcoverallconsiderationsrelatedtoaspecialpurposeframework.

Keyconsiderationswhenauditingfinancialstatementspreparedusingspecialpurposeframeworksare:

a. Theauditordeterminestheacceptabilityofthefinancialreportingframeworkinthecircumstances.Todoso,theauditorobtainsanunderstandingofthepurposeforwhichthefinancialstatementsareprepared,theintendedusers,andthestepstakenbymanagementtodeterminethattheapplicablefinancialreportingframeworkisacceptableinthecircumstances.

b. Inplanningandperforminganauditofspecialpurposefinancialstatements,theauditordetermineswhether application of the ISSAIs requires special consideration in the circumstances of theengagement.

c. When planning the audit, the auditormust obtain an understanding of the entity’s selection andapplicationofaccountingpolicies. If the financial statementsarepreparedbasedona contractorother governing document, the auditor must obtain an understanding of any significantinterpretationsmadebymanagementwhenpreparingthefinancialstatements.

d. The auditor evaluates whether the financial statements adequately refer to or describe theapplicablefinancialreportingframework.Inthecaseoffinancialstatementspreparedinaccordancewith the provisions of a contract, the auditor shall evaluate whether the financial statements

iCAT:FinancialAudit


Page78

adequatelydescribeanysignificantinterpretationsofthecontractonwhichthefinancialstatementsarebased.

e. Inthecaseofanauditorsreportonspecialpurposefinancialstatements:i. Theauditorsreportalsodescribesthepurposeforwhichthefinancialstatementsareprepared

and, if necessary, the intended users, or refers to a note in the special purpose financialstatementsthatcontainsthatinformation;and

ii. If management has a choice of financial reporting frameworks in the preparation of suchfinancial statements, the explanation of management’s responsibility for the financialstatements shall also make reference to its responsibility for determining that the applicablefinancialreportingframeworkisacceptableinthecircumstances.

f. Theauditors reportonspecialpurpose financial statements shall includean“Emphasisofmatter”paragraph alerting users of the auditors report that the financial statements are prepared inaccordance with a special purpose framework. As a result, the financial statements may not besuitable for another purpose. The auditor includes this paragraph under an appropriate heading.ISSAI 1800 (Special Considerations – Audits of Financial Statements Prepared in Accordance withSpecialPurposeFrameworks)providesguidanceonauditing financial statementspreparedusingaspecialpurposeframework.

SpecialConsiderations–AuditsofSingleFinancialStatementsandSpecificElements,AccountsorItemsofaFinancialStatement

Onoccasions,SAIsarerequiredtogiveauditorsreportsonasingle financialstatementorofaspecificelement,accountoritemofafinancialstatement.Thesinglefinancialstatementorthespecificelement,account or item of a financial statement may be prepared in accordance with a general or specialpurpose framework. If prepared in accordance with a special purpose framework ISSAI 1800 (SpecialConsiderations – Audits of Financial Statements Prepared in Accordance with Special PurposeFrameworks)alsoappliestotheaudit.

ISSAI 1805 (Special Considerations – Audits of Single Financial Statements and Specific Elements,Accountsor ItemsofaFinancial Statement)dealswith special considerations in theapplicationof theISSAIs(100to1700series)toanauditofasinglefinancialstatementorofaspecificelement,accountoritemofafinancialstatement.ThisISSAIdoesnotoverridetherequirementsoftheotherISSAIs;nordoesit necessarily deal with all special considerations that may be relevant in the circumstances of theengagement. ISSAI 1805 provides guidance to an auditorwhen applying ISSAIs in an audit of a singlefinancial statement or of a specific element, account or item of a financial statement, in addressingappropriatelythespecialconsiderationsthatarerelevantto:

a. Theacceptanceoftheengagement;b. Theplanningandperformanceofthatengagement;andc. Forming an opinion and reporting on the single financial statement or on the specific element,

accountoritemofafinancialstatement.

EngagementstoReportonSummaryFinancialStatements

iCAT:FinancialAudit


Page79

Occasionally SAIs may be required to provide an auditors report on summary financial statementsderivedfromfinancialstatementsthathavealreadybeenaudited.ISSAI1810(EngagementtoReportonSummaryFinancialStatements)providesguidancewhenrequiredtoprovidesuchareport.

Conclusion

In this chapter we have covered the evaluation of misstatements accumulated during the audit andimpact of uncorrectedmisstatement in the financial statement. On the basis of an evaluation of theaccumulatedmisstatementandtheperformancematerialitywiththeoverallmateriality,auditorformsan opinion which is embedded in the auditors report. These evaluations will lead to preparation ofauditorsreportwithanopiniononthefinancialstatement.

Withthiswehavecompletedthelevel4ISSAIguidanceonfinancialaudit.Atthisstageyouarerequiredtocompletethestatusoflevel2ISSAIsinyourSAI.Aftercompletingthelevel2requirements,andbasedontheresultsoftheiCATatlevel4youwillwritetheISSAIcomplianceassessmentreportwhichisdiscussedinthenextchapter.

iCAT:FinancialAudit

Chapter7:WritingISSAIcomplianceassessmentreport

Page80

Chapter7

WritingtheISSAIcomplianceAssessmentReport

TheendproductofaniCATisanISSAIComplianceAssessmentReportthattheiCATteampreparesandpresentstotheSAItopManagement.ThereportisbasedontheiCATformatfilledbytheiCATteamandalltheinformationthattheteamhascollectedfromvarioussourceswhileconductingtheiCAT.

ThisreportaimstopresentacomprehensivepictureofthestateofmattersintheSAIinrelationtotherequirementsoflevel2andLevel4ISSAIs.ThereportwillalsobringouttheSAIlevelandindividualauditlevel issues in implementing the framework.The report isenvisaged toprovideSAImanagementwiththenecessaryinformationtodecideontheISSAIImplementationStrategy.

BeforewritingtheISSAIComplianceAssessmentReport,theiCATteamneedstocompletethefollowingtwoprocedures:

1. FindingsfromtheiCATatLevel4needtobecategorizedintermsofthestagesoftheaudit2. Foreachstageoftheaudittheissuesshouldbegroupedonthecommoncausesasidentified

fromLevel2.

InearlierpartofthechapterwehaveascertainedthestatusofLevel2requirementsandlinkedthatwithLevel4compliancefindings.TheISSAIComplianceAssessmentreportwillhighlightthisissueaswell.BydoingthistheiCATteamwillbeabletoidentifymaincomplianceissuesthattheSAIneedstofocusatthestrategiclevel.

FormatoftheISSAIComplianceAssessmentReport

ThefollowingformatisrecommendedforwritingtheISSAIComplianceAssessmentReport:

STRUCTUREOFTHEISSAICOMPLIANCEASSESSMENTREPORT

1.ExecutiveSummaryhighlightingthekeymessagesfromtheiCAT.

2.Introduction–Purpose,scopeandtimingoftheiCAT

WhytheSAItookuptheiCAT,doestheiCATcoverLevel2andallLevel4requirements(Financial,PerformanceandComplianceaudit)orhastheSAIchosentoconducttheiCATforLevel2andonlyoneauditstream.ThetimeperiodofconductingtheiCAT.

3.AbouttheSAI3.1DescriptionoftheenvironmentthattheSAIoperatesin3.2DescriptionoftheSAI’slegalandinstitutionalframeworkandorganizationalstructure3.DescriptionoftheiCATprocess

• iCATteam• Datagatheringprocess• Qualitycontrolmechanismused

4.SAIComplianceStatusonLevel2ISSAIRequirements

iCAT:FinancialAudit


Page81

(Categorywisedescriptionofthestatus,mechanismsofcomplianceandreasonsfornoncompliance)

AlsodescribesignificantongoinginitiativesforISSAIImplementation

5.SAIComplianceStatusonLevel4ISSAIRequirements(Financial,Performance,ComplianceAudit)

(Categorywisedescriptionofthestatus,mechanismsofcomplianceandreasonsfornoncompliance)

AlsodescribesignificantongoinginitiativesforISSAIImplementation

ThecausesofLevel4deficienciesshouldrelatetoitemslistedinLevel2.E.g.Ifplanningisnotproperlydone(Level4),itcouldbelinkedtonon-compliancewithLevel2requirements.6.DescriptionofStrategicISSAIImplementationIssuesOverallSAILevelandIndividualAuditLevelcompliancegapsandreasons7.ResponseofSAITopManagementSignaturesoftheiCATteamAnnex1:ISSAIRequirementsLevel2Annex2:iCATFormatLevel4Annexe3:Datagatheringtoolsusedforcollectinginformation

GuidingprinciplesinwritingISSAIComplianceAssessmentReport

Highlightkeymessages–

As the report is meant for the top management of a SAI, key messages from the iCAT should behighlightedintheexecutivesummary,sothattheSAImanagementcangetagoodoverviewofthestatusofcomplianceandtheissuesthatneedtobesortedoutinareaswheretheSAIdoesnotcomply.

Involvetheentireteamindevelopingthereport–

At the end of the iCAT process the team would have gathered a lot of information about differentrequirements.Ascomplianceissuesareinterrelated,theiCATteamneedstoworktogethertodeterminethecategorisationoftheissuesandtheircauses.

Distinguishbetweenhighimpactinstitutionalissuesandoperationalissues–

WhentheiCATteamreportsoncompliancestatusoftheSAI,itshoulddistinguishbetweencompliancegapsthatarecentraltotheauditpracticeandcompliancegapsthataremoreattheprocedurelevelthanatan institutional level. Inorder tobecome ISSAI compliant it is the institutional issuesat level2 thatneedtobeaddressed.TheiCATteamwouldalsofindthatthecompliancegapsobservedattheleveloftheauditpracticeatlevel4havetheirrootsininstitutionallevelissuesatlevel2oftheISSAIframework.

iCAT:FinancialAudit


Page82

Afterascertainingthestatusonlevel2requirementsthesewouldbehighlightedinthereportfortheSAItopmanagement.

Ensurethatthecausesarecorrectlyidentified–

Thestrategyforimplementationwillbebasedontheidentifiedcausesofthecompliancegaps.AssuchitisimportantfortheiCATteamtohighlighttherightcauses.E.g.insomecasesnonimplementationofanISSAIcompliantpracticemaynotbeduetoknowledgeandskillsgapbutbeamanagementissue.

4. Conclusion

Inthischapterwehaveidentifiedstatusoflevel2requirementsandthelinkagebetweentheLevel2ISSAIsandtheLevel4ISSAIs.InpreparingtheISSAIComplianceAssessmentReportwhichistheendproductoftheiCATwealsoconsideredhowthetwoLevelsofISSAIareinterrelated.Thereporthighlightsthestrategicissuesatlevel2thatwouldbeconsideredtoaddresstheissuesofnon-complianceatlevel4.

Financial Audit

Documents

Transcript of Financial Audit