Risk Analysis framework for Compliance Audit in SAI

  • Slides: 14
Download presentation
Risk Analysis framework for Compliance Audit in SAI India XV Meeting of Compliance Audit

Risk Analysis framework for Compliance Audit in SAI India XV Meeting of Compliance Audit Sub-Committee Luxembourg 9 -10 October 2018 Office of Comptroller & Auditor General of India

Presentation Schedule q q q Audit Mandate of SAI India Features of risk analysis

Presentation Schedule q q q Audit Mandate of SAI India Features of risk analysis framework Parameters for inherent risk Parameters for control risk Computation of overall risk index Challenges in development and maintenance of risk analysis framework

Audit mandate of SAI India q q q India - a Union of 29

Audit mandate of SAI India q q q India - a Union of 29 states with 1. 2 billion people Comptroller & Auditor General of India has audit mandate for both union government and the state governments Audit conducted in accordance with C&AG’s Auditing Standards issued in 2017 Compliance Auditing Guidelines issued in 2016 adapting the ISSAI Guidelines Audited entities classified as apex auditable entity, audit unit and implementing units. Audit unit based on devolution of powers, functional autonomy and operational significance. The number of entities audited is around 56, 000 consisting of 17, 000 entities of union government and 39, 000 entities of state governments

Risk categorisation of audited entities q Audited entities categorised as high, medium and low

Risk categorisation of audited entities q Audited entities categorised as high, medium and low risk based traditionally on budget and expenditure levels q Large scale digitisation of government activities and development of detailed database of expenditure of government in SAI facilitated review of existing risk analysis framework in 2017 -18 q New framework used for risk categorisation of audit universe for preparation of annual audit plan and for identifying sectoral and non sectoral risk areas for focused audit

Assessment of inherent risk § § Expenditure is categorised in the accounts of all

Assessment of inherent risk § § Expenditure is categorised in the accounts of all entities under 70 different primary heads of expenditure like salaries, travel expenses etc. by all audited entities. 70 primary heads of expenditure in accounts is regrouped under 7 broad classes. Slide 9 Expenditure of each audited entity is identified and assessed against 7 risk parameters on a 1 -5 scale including a parameter on vacancies in the entity. #10. Slide 10 Based on Inherent Risk score of each class of primary head of expenditure under the entity, Total Inherent Risk Value of the entity worked out by aggregating the Inherent Risk Value of all the classes of primary expenditure of that entity and multiplying the same by actual expenditure. #11. Slide 11

Assessment of control risk § § Entities having weak control environment will have higher

Assessment of control risk § § Entities having weak control environment will have higher control risk Control risk assessed through four parameters. Slide 12 • • Expenditure and related controls Technology related controls Internal and external audit outputs Other factors

Risk Value and Categorisation of entities § After computation of Inherent and Control Risks,

Risk Value and Categorisation of entities § After computation of Inherent and Control Risks, the risk score of the audited entity can be determined as given below: • Risk score of the entity = (Total Inherent Risk score of the entity in monetary value) X (Control Risk score of the entity)Risk categorisation of audited entity § Audited entities categorised as high, medium and low risk based on the risk score § Periodicity of audit and composition of audit team decided on the basis of level of risk categorisation

Challenges in development and maintenance of risk analysis framework § § § Collection of

Challenges in development and maintenance of risk analysis framework § § § Collection of data from large number of audited entities Revision of data for entities not audited annually Need for exercising professional judgment leading to subjectivity in scoring

Category Name of category Primary heads of account included Class 1 Personnel Services and

Category Name of category Primary heads of account included Class 1 Personnel Services and benefits Salary , Wages, DA, Grant in aid(salary), Pension, Medical expenses Class 2 Administrative expenses Travelling expenses, Office expenses, Electricity , Water charges, Rent, publication Class 3 Contractual services and supplies Goods and supplies, Professional & special services, Maintenance of vehicles and Petrol & Oil, Advertisement, Minor construction works, maintenance, Drugs and consumables Class 4 Grants Grant in aid(non-salary), Scholarships , subsidy, Grant in aidifor creation of capital infrastructure Class 5 Other expenditure Interest/Dividend, Suspense, other expenditure Class 6 Acquisition of Capital Assets and other Capital Expenditure Major construction works, Machineries and fixtures/tools and plants, Investments/debts, procurement of computer hardware and software, Purchase of motor vehicles Class 7 Accounting adjustments Direction, Bad debts/losses, Transfer entries

Sl. No. 1 2 3 4 Inherent Risk Factor Remarks Risk Score (1 –

Sl. No. 1 2 3 4 Inherent Risk Factor Remarks Risk Score (1 – 5) Transactions and decisions involving estimation have higher inherent risk Transactions involving discretionary powers have inherent risk of Discretion misuse of such powers. Complexity in the Transactions like capital acquisitions, project execution, etc. involve complexity and, therefore, have higher level of inherent transaction risk. Transfer of funds Some entities only transfer funds to implementing agencies and do not implement projects/programmes and hence have low risk. Estimation 5 Involvement of private agencies Private agencies involved in programme delivery may have interests which lead to higher inherent risk. 6 Human Resources Adequate due-diligence may suffer in entities having acute shortage of manpower leading to higher inherent risk. 7 Direct public dealing Entities having direct public dealings have relatively higher inherent risk on account of external influence, etc. Inherent risk for primary expenditure Total Risk Score/ 35

Class of primary expenditure Name of the Class of primary head of expenditure Inherent

Class of primary expenditure Name of the Class of primary head of expenditure Inherent Risk score Actual Expenditure Risk-weighted expenditure I Personnel services and benefits R 1 E 1 R 1*E 1 II Administrative expenses R 2 E 2 R 2*E 2 III Contractual services and supplies R 3 E 3 R 3*E 3 IV Grants R 4 E 4 R 4*E 4 V Other expenditure R 5 E 5 R 5*E 5 VI Acquisition of capital assets R 6 E 6 R 6*E 6 VII Accounting adjustments R 7 E 7 R 7*E 7 Inherent Risk value = Grand Total

Control Risk Factor Risk Score (1 – 5) Expenditure and related controls Internal/external Audit

Control Risk Factor Risk Score (1 – 5) Expenditure and related controls Internal/external Audit Budget procedure and control Internal Audit / inspection Increase in expenditure Reported cases of Fraud etc. Quality of Record maintenance Audit observations Idling of funds / Pending Utilisation Certificates Assessment from Performance Audit Reports and evaluations Technology related controls Direct transfer of benefits to beneficiaries Other factors Assessment based on data analytics Linking of beneficiaries to unique ID Use of e-tendering in procurement Quality Control Mechanism Manpower shortage Online monitoring of programme Media Reports Online delivery of services/Automation of functions Control Risk = Total control risk score / 100 Public Financial Management System Use of remote sensing/GIS IT Controls-assessment based on IT audit

Risk categorisation of audited entity Sl. N o Categorisation Ceiling Risk Value in RS

Risk categorisation of audited entity Sl. N o Categorisation Ceiling Risk Value in RS Ceiling risk in US$ 1. High risk 250 million 3. 5 million 2. Medium risk 5 million to 250 million 70, 000 to 3. 5 million 3. Low risk Below 5 million Below 70, 000

Thanks!

Thanks!

Audit Compliance or Audit vs Compliance DAA andAudit Compliance or Audit vs Compliance DAA and
AUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDITAUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDIT
AUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDITAUDIT PLAN AUDIT PROGRAM PROSEDUR AUDIT PERENCANAAN AUDIT
Customs Compliance Investigations OUTLINE Compliance Framework Principles ComplianceCustoms Compliance Investigations OUTLINE Compliance Framework Principles Compliance
Audit report presentation SAI Slovakia Jana Juriov AuditAudit report presentation SAI Slovakia Jana Juriov Audit
Silo Compliance Risk vs Enterprise Compliance Risk PresentedSilo Compliance Risk vs Enterprise Compliance Risk Presented
SECURITY COMPLIANCE RISK Risk Management and Compliance AddressingSECURITY COMPLIANCE RISK Risk Management and Compliance Addressing
RISK BASED AUDIT Audit Berbasis Risiko PENDAHULUAN RiskRISK BASED AUDIT Audit Berbasis Risiko PENDAHULUAN Risk
WEST INDIES SAI LEADERSHIP RETREAT SAI LEADERSHIP FORWEST INDIES SAI LEADERSHIP RETREAT SAI LEADERSHIP FOR
SAI GOKULA SEVA SAMSTHE About Us Sai GokulaSAI GOKULA SEVA SAMSTHE About Us Sai Gokula
CHNG 7 HIN TNG PHNG SAI CA SAICHNG 7 HIN TNG PHNG SAI CA SAI
OM SRI SAI RAM SRI SATHYA SAI healthcareOM SRI SAI RAM SRI SATHYA SAI healthcare
OM SRI SAI RAM SRI SATHYA SAI healthcareOM SRI SAI RAM SRI SATHYA SAI healthcare