Project Guideline for Auditing Internal Control Systems Claudia

Project Guideline for Auditing Internal Control Systems Claudia Kroneder-Partisch Austrian Court of Audit

ICS Guideline Project Ø Objectives of the guideline Ø Development process Ø Structure and key elements of the guideline Ø Lessons learned in the pilot phase ICS Guideline Project Kroneder-Partisch 2

ICS Guideline Project Starting point Ø Audit focus at the ACA in 2014: “Internal Control Systems” Audit focus - Objectives: • • Auditing efficiency and effectiveness of ICS General statements and recommendations on ICS Guideline Project Kroneder-Partisch 3

ICS Guideline Project Purpose of the guideline Ø Guideline for performance audits Ø Support tool for the audit team Ø Practical relevance Ø Focus on the key elements of ICS audits – no comprehensive checklist ICS Guideline Project Kroneder-Partisch 4

ICS Guideline Project team Sponsor: President Josef Moser Project Managers: Head of Department responsible for ICS Head of Department responsible for knowledge management Team members: 8 team members with long-standing experience • ICS • Audit of enterprises • Audit of municipalities • Procurement audit • Audit of subsidies • Audit of financial management • Prevention of corruption ICS Guideline Project Kroneder-Partisch 5

ICS Guideline Project Process and timeline Ø Ø Ø Kick-off at meeting of directors of the ACA: August 2013 4 meetings of the working group - planning structure and content, finding joint approach - assignment of tasks - harmonization, finalization Bilateral exchange Presentation of draft at ACA training conference: December 2013 First application of the guideline in a pilot/feedback phase: January 2014 ICS Guideline Project Kroneder-Partisch 6

ICS Guideline Project Structure of the Guideline Modular structure General part Ø Ø ICS: Definition and objectives ICS-Standards: COSO / INTOSAI Main audit questions / evaluation criteria Reference to key statements concerning ICS in former audit reports ICS Guideline Project Kroneder-Partisch 7

ICS Guideline Project Structure of the Guideline Specific parts i. e. guidelines for auditing ICS for 5 typical ICS-relevant audit topics Ø Ø Small organisations / companies Procurement Subsidies Financial management Municipalities Main audit questions and risks to be identified Reference to key statements in former audit reports ICS Guideline Project Kroneder-Partisch 8

ICS Guideline Project Pilot/Feedback phase Ø Application by audit teams – since January 2014 Ø Feedback • Positive reception – with regard to the general concept as a support tool ICS Guideline Project Kroneder-Partisch 9

ICS Guideline Project Pilot/Feedback phase Ø Approval of • Definition of key audit issues and risks – formulating concrete audit questions • Reference to key positions in former audit reports • Bibliographical references • Modular structure ICS Guideline Project Kroneder-Partisch 10

ICS Guideline Project Trial/Feedback phase Ø Need for further discussion and guidance • Segregation of duties What duties should be separated (without creating red tape) • Size of organization and ICS - Very small organizations - Auditing ICS in large organizations – specifying the audited fields ICS Guideline Project Kroneder-Partisch 11

ICS Guideline Project Trial/Feedback phase Ø Need for further discussion and guidance • ICS and awareness about ICS-Standards Does developed bureaucracy ensure certain level of ICS? • Risk of management override • Audit sampling Sampling for examining effectiveness and functioning of a system ICS Guideline Project Kroneder-Partisch 12

ICS Guideline Project Thank your for your attention! ICS Guideline Project Kroneder-Partisch 13

Backup ICS Guideline Project Kroneder-Partisch 14

ICS Guideline Project ICS - audit focus Ø Ø Areas with relevant risks • Potential loss / extent of financial damage • Risk of mismanagement, risk of misallocation • Risk of corruption • Risk of deterioration in reliability of state systems / deficiencies in performing state tasks Evaluation / audit statement Effectiveness / reliability of ICS Guideline Project Kroneder-Partisch 15

ICS Guideline Project ICS - audit focus Ø Ø Cost-benefit approach controls must be adequate to the risk to be avoided (extent of damage and probability of occurrence) ICS as on-going process regular and systematic review of the ICS Guideline Project Kroneder-Partisch 16

ICS Guideline Project Audit questions and Risks to be identified (1) Ø Has the audited entity identified and assessed its main risks? Ø Ø Is there a clear definition of procedures and responsibilities? Ø Ø No risk awareness of the management/organisation No standards, no reliability, no transparency Are these standards appropriate to limit risk and to ensure the achievement of goals? Ø No risk-adequate (control) processes, no effectiveness ICS Guideline Project Kroneder-Partisch 17

ICS Guideline Project Audit questions and Risks to be identified (2) Ø Are the provisions relevant for ICS met? Ø Ø Are errors and undesirable developments identified? Ø Ø No effectiveness No accuracy Based on the detected deficiencies: are adequate conclusions drawn; is the ICS adapted in a adequate manner? Ø No adaptability of the system ICS Guideline Project Kroneder-Partisch 18