Public sector compliance audit and its internal controls

Public sector compliance audit and its internal controls Meeting of the INTOSAI Subcommittee on Internal Control Standards, 27 th of May 2014, Vilnius, Lithuania

What is audit, and more specifically compliance audit Audit • Public-sector auditing can be described as a systematic process of objectively obtaining and evaluating evidence to determine whether information or actual conditions conform to established criteria Compliance audit • It is the independent assessment of whether a given subject matter is in compliance with applicable authorities identified as criteria. 2

The importance of Compliance Audit Helps to monitor that the basic principles governing public entities are being followed and put into operation. Providing reliable reports as to whether public funds have been utilized in line with the applicable authorities. Promotes good governance by identifying weaknesses and deviations from laws and regulations and also by assessing the propriety of officials.

The Elements of Compliance Audit Authorities and criteria Assurance Compliance audit Three parties Subject matter

WIDE VARIATSIONS OF SCOPE AND SUBJECT MATTER

The activities of the CAS commitee 2013 -2014 Maintenance group 1 Technical issues Maintenance group 2 Concept elaboration Maintenance group 3 Development of specific concepts • To ensure a sufficient technical quality, the ISSAI 4000 made into standards • Representatives: Tunisia, South Africa, India, Portugal, Norway. • Elaborate on the concepts of assurance and giving an opinion in the public sector. • Representatives: Romania, Namibia, ECA, China and Brazil. • The main areas to express the genuine nature of compliance auditing in the public sector, the concepts of authorities and propriety. • Representatives: India, ECA, Lithuania, Slovakia, Hungary, China and Saudi-Arabia. 6

The activities of the CAS commitee 2013 -2014 Implementation activity 1 • Quality control of a Handbook in compliance audit developed by IDI. • Acting as experts and mentors in a world wide ecourse in compliance audit (April – June 2014). Implementation activity 2 • Discussions on the implementation of the Handbook at the annual CAS meeting. • Discussion papers on implementation at the annual CAS meeting. Implementation activity 3 • The audit office of Lithuania is hosting a seminar where the aimed is to sharing experiences in implementing the ISSAI ‘s on compliance auditing within EUROSAI members. 7

Internal controls within Compliance Auditors should understand the control environment and the relevant internal controls and consider whether they are likely to ensure compliance. The control environment is the culture of honesty and ethical behaviour that provides the foundation for the system of internal controls to ensure compliance with the authorities. In compliance auditing, a control environment that focuses on achieving compliance is of particular importance. ISSAI 400 para. 59

Internal controls within Compliance Auditors should understand the control environment and the relevant internal controls and consider whether they are likely to ensure compliance. System of internal controls In order to understand the audited entity or the subject matter, the auditor also needs to understand the system of internal controls. The particular type of controls which the auditor focuses on will depend on the subject matter and the specific nature and scope of the audit. As the subject matter may be qualitative or quantitative, the auditor will focus on quantitative or qualitative internal controls, or a combination thereof, according to the audit scope. ISSAI 400 para. 59

Internal controls within Compliance Auditors should understand the control environment and the relevant internal controls and consider whether they are likely to ensure compliance. Evaluation of internal controls In evaluating internal controls, the auditor assesses the risk that they may not prevent or detect material instances of non-compliance. The auditor should consider whether the internal controls are in harmony with the control environment so as to ensure compliance with the authorities in all material respects. ISSAI 400 para. 59

Complianace Audit approach to internal control • Compliance Audit assesses internal controls with an equal value given to the control environment as the system of internal controls. • Internal control as a process designed to ensure compliance.