Title Post Audit Review mechanism Introduction to Audit

Title : Post Audit Review mechanism Introduction to Audit q The Comptroller and Auditor General of India (C&AG) conducts Audit in 3 types viz. , Compliance Audit, Financial Audit and Performance Audit or combination of such audits. q CAG conducts audit as per Duties, Powers and Conditions of Service (DPC) Act 1971 and according to Regulations of Audit and Accounts 2007. 10/28/2021 O/o PAG (Audit) AP Hyderabad 1

q Compliance Audit will be conducted under Section 13 and 14 of DPC Act q Receipt Audit will be conducted under section 16 of DPC Act q Stores and Stock will be audited under section 17 of DPC Act q Financial Audit will be conducted under Section 19 and 20 of DPC Act 10/28/2021 O/o PAG (Audit) AP Hyderabad 2

q Every AG/PAG Office will prepare detailed Annual Audit Plan (AAP) every year in August. q According to Annual Audit Plan (AAP), the units will be selected for conduct of Compliance Audit and after receipt of annual accounts from the Autonomous Bodies (ABs) financial audit will be taken up and Performance Audit / Thematic Audit will be conducted after the approval of topics by CAG. 10/28/2021 O/o PAG (Audit) AP Hyderabad 3

q. Accordingly audit party conducts audit of an auditable entity with the prescribed schedule and the head of the party will prepare draft Inspection Report (IR) and discuss the issues/observations in the exit conference held between the entity and the audit party on the last working day. q. After receipt of draft IR in the Audit Office, the concerned section will vet it and after obtaining approval from Group Officer, an IR will be issued to the audited entity. 10/28/2021 O/o PAG (Audit) AP Hyderabad 4

Title : Post Audit Review mechanism and interaction with audited agency q The auditable entity may initiate action for the settlement of audit observations with reference to the audit memos and draft inspection report received during audit without waiting for the formal receipt of the inspection report from the audit office. q The officer in charge of the auditable entity shall send the reply to an audit note or inspection report within four weeks of its receipt. Even if it is not feasible to furnish the final replies to some of the observations in the audit note or inspection report within the aforesaid time limit, the first reply shall not be delayed on that account and an interim reply may be given indicating the likely date by which the final reply shall be furnished 10/28/2021 O/o PAG (Audit) AP Hyderabad 5

Post audit review mechanism contd…. q Important audit observations to be sent to head of the department for follow up. The audit office may send copies of important audit observations included in an audit note or an inspection report to the head of the department. It shall be the duty of the head of the department to follow up all such cases for appropriate remedial and corrective action and report compliance to the audit office. 10/28/2021 O/o PAG (Audit) AP Hyderabad 6

Post audit review mechanism contd…. q Intimation of major irregularities to the Government and the head of department and furnishing of reports therefrom q (1) The Accountant General (Audit) shall intimate every instance of major irregularity detected in Audit through a special management letter to the Secretary to Government of the concerned department with a copy to the Head of the Department within six weeks of the instance coming to notice in audit. The Accountant General (Audit) shall also intimate every such instance to the Comptroller and Auditor General. q (2) On intimation of the major irregularity by Accountant General (Audit), the Government shall undertake prima facie verification of facts and send to Accountant General (Audit) a preliminary report confirming or denying the facts within six weeks of receipt of intimation from him. 10/28/2021 O/o PAG (Audit) AP Hyderabad 7

Post audit review mechanism contd…. q (3) Where the fact of major irregularity is not denied by the Government in the preliminary report, the Government shall further send a detailed report to the Accountant General (Audit) within three months of preliminary report inter alia indicating the remedial action taken to prevent recurrence and action taken against those responsible for the lapse. q (4) While reporting of major irregularities to Government need not wait for inclusion of the matter in the inspection report or audit note or the audit report of the Comptroller and Auditor General, the same should be done only after due verification with reference to supporting evidence and as far as possible after considering the views of the auditable entity. Care needs to be taken to ensure that only major irregularities are reported in this manner. 10/28/2021 O/o PAG (Audit) AP Hyderabad 8

Post audit review mechanism contd…. q Significant audit observations to be communicated to Secretary. The Accountant General (Audit) may write a management letter to the Secretary to Government of the concerned department by the end of April every year communicating significant observations and conclusions emerging out of audit during the preceding year. The management letter shall inter alia mention the systemic and other deficiencies noticed during the period, the extent of control compliance, cases of persistent irregularities and the level of adequacy of response to audit observations, besides the more important individual cases that merit attention and action, with appropriate recommendations where necessary. The Secretary shall inform the Accountant General (Audit) of the action taken within a period of three months. 10/28/2021 O/o PAG (Audit) AP Hyderabad 9

Post audit review mechanism contd q Communication of draft paragraph to Government and discussion thereon q (1) The Accountant General (Audit) shall send a copy of the proposed audit observations in the form of a draft paragraph (DP) to the concerned Secretary to Government by name for communicating the comments, observations and explanation of the Government within a period of six weeks from the date of the letter or within such other period of time as may be specified. The Accountant General (Audit) shall also offer to discuss the draft paragraph with the Secretary at mutual convenience within the aforesaid period. A discussion may not be necessary in the case of a draft performance audit report that has been separately discussed with the Secretary at an exit conference in terms of these Regulations. q (2) The Accountant General (Audit) shall simultaneously send one copy of the draft paragraph to the Secretary to the Government, Ministry of Finance or Finance Department, by name. 10/28/2021 O/o PAG (Audit) AP Hyderabad 10

Post audit review mechanism contd • (3) The draft paragraph shall be annotated with reference to the supporting audit evidence. The Accountant General (Audit) shall provide copies of any relevant documents and evidence in his possession that may be required by the Government department. 10/28/2021 O/o PAG (Audit) AP Hyderabad 11

Post audit review mechanism contd q. Reply to draft paragraph by Government q(1) The Secretary to Government of the concerned department shall (a) confirm or cause to be confirmed, the receipt of the draft paragraph to the Accountant General (Audit) as soon as it is received, and (b) communicate the comments, observations and explanation of the Government on the draft paragraph in writing to the Accountant General (Audit) by name within the specified period. The reply shall be signed by the Secretary or carry an indication of approval by the Secretary. 10/28/2021 O/o PAG (Audit) AP Hyderabad 12

Post audit review mechanism contd q (2) The reply of the Secretary to Government shall state: q (a) whether the department accepts the facts and figures mentioned in the draft paragraph; if not, the reasons supported by the relevant documents and evidence duly authenticated; q (b) comments, observations and explanation of the Government on matters included in the draft paragraph; q (c) Government’s response to suggestions and recommendations made in the draft paragraph; q (d) remedial action taken or proposed to be taken; and q (e) any other observations or remarks of the department. 10/28/2021 O/o PAG (Audit) AP Hyderabad 13

Post audit review mechanism contd q (3) Consistent with the schedule of preparation, finalisation and presentation of the audit report in the legislature, the Accountant General (Audit) may consider a request made by the concerned Secretary to Government for extension of time for sending the reply to the draft paragraph. q Every such request shall (i) specify the reasons for seeking extension beyond the time stipulated, and (ii) state the date by which the final reply to the draft paragraph shall be sent to the Accountant General (Audit). 10/28/2021 O/o PAG (Audit) AP Hyderabad 14

Post audit review mechanism contd q (4) The Accountant General (Audit) will proceed on the assumption that the Government has no comments, observation and explanation in the matter in case a final reply is not received within the specified period or the extended period agreed to. The Government shall bear responsibility for the accuracy of the facts, figures and the related audit evidence mentioned in the draft paragraph in such cases. 10/28/2021 O/o PAG (Audit) AP Hyderabad 15

Post audit review mechanism contd (5) The Accountant General (Audit) shall give full consideration to the reply of the Government. The draft paragraph may be modified or settled or may not be included in the audit report in the light of the reply. 10/28/2021 O/o PAG (Audit) AP Hyderabad 16

Post audit review mechanism contd q Communication of finalised paragraphs for inclusion in audit report In case of a State Government or a Union Territory Government, after the draft paragraph has been finalised for inclusion in the audit report, the Accountant General (Audit) shall send copies of the finalised paragraph by name to the Secretary to Government of the concerned department and the Secretary, Finance Department. q In case of the Union Government, a copy of the finalised paragraph will be sent to the Secretary to the Ministry concerned. 10/28/2021 O/o PAG (Audit) AP Hyderabad 17

Post audit review mechanism contd Forwarding copies of audit report for laying before legislature q (1) An officer authorised by the Comptroller and Auditor General (CAG) shall send copies of the audit report duly signed by the CAG to the Secretary to the Government, Ministry of Finance or Finance Department as the case may be, who shall take prompt action for the submission of the audit report to the President or the Governor or the Administrator further action and for the presentation of the report in Parliament or the State or Union Territory legislature. 10/28/2021 O/o PAG (Audit) AP Hyderabad 18

Post audit review mechanism contd q Copies of the audit reports under Section 19 A of the Act shall be sent to the Secretary of the Ministry or department concerned or the Administrator of a Union Territory having legislative assembly, who shall take prompt action for laying the same in the Parliament or the legislature of the State or Union Territory. q(2) An unsigned copy of the audit report shall simultaneously be sent to the Secretary to the President or the Governor or the Administrator. 10/28/2021 O/o PAG (Audit) AP Hyderabad 19

Post audit review mechanism contd q Preparation of action taken note for submission to PAC or COPU q The Secretary to Government of the concerned department shall cause preparation of self-explanatory action taken note(ATNs) on the audit paragraph(s) relating to his department, that are included in the audit report, for submission to the Public Accounts Committee/Committee on Public Undertakings. In each case, the self-explanatory action taken note shall carry the approval of the Secretary and state: q (1) whether a written reply on the draft audit paragraph was sent to the Accountant General (Audit) and if not, the reasons for not doing so; q (2) whether the facts and figures stated in the audit paragraph are acceptable and if not, the reasons for not pointing this out when the draft paragraph was received by the Secretary; 10/28/2021 O/o PAG (Audit) AP Hyderabad 20

Post audit review mechanism contd q (3) the circumstances in which the loss, failure, infructuous expenditure, etc. as pointed out in the audit paragraph occurred; whether due to (a) deficiency in the existing system including the system of internal control, (b) failure to follow the systems and procedures, or (c) failure of individuals including individuals at supervisory levels; q (4) the action taken to fix responsibility on the individual(s) responsible for the loss, failure, infructuous expenditure, etc; and the likely time frame within which such action is expected to be completed; q (5) the current status of recovery of any amount due to Government as pointed out in the audit paragraph; 10/28/2021 O/o PAG (Audit) AP Hyderabad 21

Post audit review mechanism contd q(6) the action taken or proposed to be taken on the suggestions and recommendations made in the audit paragraph; q (7) the result of review of similar other cases, and the action taken; q(8) the remedial action taken or proposed to be taken to avoid occurrence of similar cases in future, to streamline the systems and to remove system deficiencies, if any; and q (9) such other information as may have been prescribed by the Public Accounts Committee/Committee on Public Undertakings. 10/28/2021 O/o PAG (Audit) AP Hyderabad 22

Thank You 10/28/2021 O/o PAG (Audit) AP Hyderabad 23

Internal Audit and definition • Definition • Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization (1978) • “Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes (1999) 10/28/2021 O/o PAG (Audit) AP Hyderabad 24

Internal Audit • Internal auditing is a systematic, objective appraisal by internal auditors of the diverse operations and controls within an organization to determine whether • (1) financial and operating information is accurate and reliable; • (2) risks to the enterprise are identified and minimized; • (3) external regulations and acceptable internal policies and procedures are followed; • (4) satisfactory operating criteria are met; • (5) resources are used efficiently and economically; and • (6) the organization's objectives are effectively achieved all for the purpose of consulting with management and for assisting members of the organization in the effective discharge of their governance responsibilities 10/28/2021 O/o PAG (Audit) AP Hyderabad 25

Internal Audit • Frequent or ongoing audit conducted by a firm's own (as opposed to independent) accountants to • (1) monitor operating results, • (2) verify financial records, • (3) evaluate internal controls, • (4) assist with increasing efficiency and effectiveness of operations and • (5) to detect fraud 10/28/2021 O/o PAG (Audit) AP Hyderabad 26

Internal Audit • Internal audit can identify control problems, and aims at correcting lapses before they are discovered during an external audit. Although the internal auditors are the firm's employees, they normally do not audit themselves or their own departments, but entrust it usually to independent auditors. 10/28/2021 O/o PAG (Audit) AP Hyderabad 27

Internal Audit Evolution of Internal Auditing • From accounting to management orientation • From junior sibling of public accountant to distinctive discipline • From adversary to problem solving partner • External vs. Internal Auditor (Missions) • EA: Report on company’s financial statements • IA: Furnish management with needed information • • EA: Narrowly focused on financial matters • IA: Comprehensive in scope • EA: Material fraud • IA: Any fraud 10/28/2021 O/o PAG (Audit) AP Hyderabad 28

Internal Audit • Code of Ethics • Internal auditing professionals are bound by the Code of Ethics, and violation of its terms is grounds forfeiture of CIA membership. Code deals with requirements for honesty, loyalty, avoidance of conflicts of interest, the proper use of confidential information, the requirement for continued professional development, and the need to f 10/28/2021 O/o PAG (Audit) AP Hyderabad 29

Internal controls and definition • INTOSAI definition of Internal Controls – Promoting orderly, economical, efficient, and effective operations and quality products and services consistent with the organization's mission – Safeguarding resources against loss due to waste, abuse, mismanagement, errors, and fraud and other irregularities – Adhering to laws, regulations, and management directives and – Developing and maintaining reliable financial and management data and fairly disclosing that data I timely reports 10/28/2021 O/o PAG (Audit) AP Hyderabad 30

Internal controls • Internal controls are safeguards that are put in place by the management of an organization to provide that its operations are proceeding as planned. • Internal controls, is an integral process that is effected by an entity’s management and personnel and is designed to provide reasonable assurance. • The general objectives are being achieved are : Fulfilling accountability obligations; Complying with applicable laws and regulations; Executing orderly, ethical, economical, efficient and effective operations; and Safeguarding resources against loss. GBS SARMA AO O/o PAG (Audit) AP Hyderabad 31

Internal controls • Internal controls, in simple terms, are activities and safeguards that are put in place by the management of an organization to ensure its activities are proceeding as planned. • Every organization has some form of internal controls. Effective internal controls are a prerequisite for any successful organization. • Internal controls are essential for good governance. • Internal control should be built in rather built on. 10/28/2021 O/o PAG (Audit) AP Hyderabad 32

Internal controls • There is a direct relationship between the objectives, which represent what an entity strives to achieve, and the internal control components, which represent what is needed to achieve them • A statement that management is responsible for establishing and maintaining an adequate internal control structure and procedures for financial reporting 10/28/2021 O/o PAG (Audit) AP Hyderabad 33

Internal controls • The internal control system is most effective when it is built into the organization’s infrastructure and operations and is an integral part of the essence of the organisation. • By building in internal control, it becomes part of an integrated within the basic management process of planning, executing and monitoring. • Built in Internal controls also helps in cost control 10/28/2021 O/o PAG (Audit) AP Hyderabad 34

Internal controls • Internal control is accomplished by individuals with an organisation. Consequently, internal control is effected by people. • They should know their roles and responsibilities, and limits of authority. An organization’s people include the management and other personnel. Although the management primarily provides oversight, they also set the entity’s objectives and have overall responsibility for the internal control system 10/28/2021 O/o PAG (Audit) AP Hyderabad 35

Internal controls • As internal control provides the mechanism needed to help understand risk in the context of the organization’s objectives, the management will put internal control/activities in place and monitor and evaluate them. • Therefore, internal control is a tool used by the management and is directly related to the entity’s objectives. • As such, management is an important element of internal control. 10/28/2021 O/o PAG (Audit) AP Hyderabad 36

Internal controls q Internal control is geared to the archive of a separate but interrelated series of general entity level objectives. These general objectives are: (a) Fulfilling accountability obligations Accountability is the process whereby public service bodies and the individuals within them are held to account for their decisions and actions, including their stewardship of public funds, fairness, and all aspects of performance. 10/28/2021 O/o PAG (Audit) AP Hyderabad 37

Internal controls • (b) complying with laws and regulations • Government organisation are required to follow many laws and regulations. • (c) Executing orderly, ethical economical, efficient and effective operations: • Orderly Means in a well organized, methodical way • Economical Means not wasteful or extravagant, It means getting the amount of resources of the right quality delivered at the right time and place at the lowest cost. • Effective Refers to the accomplishment of objectives or to the extent to which the outcomes of an activity match the objective or the intended effects of that activity 10/28/2021 O/o PAG (Audit) AP Hyderabad 38

Internal controls • Efficient • Refers to the relationship between the resources used to achieve the objectives. Ethical • Relates to moral principles. • The importance of ethical behavior and prevention and detection of fraud and corruption in the public sector has become more emphasized. 10/28/2021 O/o PAG (Audit) AP Hyderabad 39

Internal controls • (d) Safeguarding or resources • Controls should embedded in each of the activities related to the management of resources of the entity, from the entry until the disposition. • Sensitive information stored on computer media can be destroyed or copied, distributed and abused if care is not taken to protect it. 10/28/2021 O/o PAG (Audit) AP Hyderabad 40

Internal controls • Components of internal control • Internal control consists of five interrelated components , they are: • • • Control environment Risk assessment Control activities Information and communication Monitoring 10/28/2021 O/o PAG (Audit) AP Hyderabad 41

Internal controls • Control environment • It means the overall attitude, awareness and actions of management regarding the internal control system and its importance in the entity. • It is the foundation for the entire internal control system. • It provides the discipline and structure as well as the climate which influences on how objectives and strategy are established, and control activities are structured for the entire internal control system. • Control Environment sets the tone for the organization, influencing the control consciousness of its staff. 10/28/2021 O/o PAG (Audit) AP Hyderabad 42

Internal controls • It involves elements of the personal and professional integrity and ethical values of the management of staff Competence; • The “tone at the top” • Human resource policies and practices. 10/28/2021 O/o PAG (Audit) AP Hyderabad 43

Internal controls • • • Risk profile Generally, such categorization will be as high, medium, or low. 10/28/2021 O/o PAG (Audit) AP Hyderabad 44

Internal controls • Information and communication: • They are essential for realization of all the internal control objectives • For example, one of the objectives of internal control in a government organization is fulfilling public accountability obligations. • This can be achieved by developing and maintaining reliable and relevant financial and non financial information and communicating this information by means of a fair disclosure in timely reports 10/28/2021 O/o PAG (Audit) AP Hyderabad 45

Internal controls • Information Technology Control Activities: • IT controls imply specific types of control activities. Therefore, IT controls consists of two broad groupings: • General controls and Application controls • General controls are the structure, policies and procedures that apply to all or a large segment of an entity’s information systems and help ensures their properation. • They create the environment in which application systems and controls operate: 10/28/2021 O/o PAG (Audit) AP Hyderabad 46

Internal controls • The major categories of general controls are: • entity-wide security programme, planning and management; • Access controls, • controls on the development, maintenance and change of the application software; • system software controls; • segregation of duties, and • service continuity 10/28/2021 O/o PAG (Audit) AP Hyderabad 47

Internal controls • Application controls • It applies to individual application systems. • These controls are generally designed to Prevent, Detect, and Correct errors and irregularities as information flows through information systems for a particular application • General and application controls are interrelated and both are needed to ensure complete and accurate information processing. 10/28/2021 O/o PAG (Audit) AP Hyderabad 48

Internal controls • The role of Internal Audit : • Internal auditing is an independent appraisal function established within an organization to examine and evaluate its activities as a service to the organization. • The objective of internal auditing is to assist members of the organization in the effective discharge of their responsibilities. • Internal auditors examine the effectiveness of internal control and recommend improvements, but they do not have primary responsibility for establishing or maintaining it • One of the principal functions of internal audit is the examination of internal control systems 10/28/2021 O/o PAG (Audit) AP Hyderabad 49

Internal controls Objectives • a) assess and review the internal control system, quality assurance procedures and risk management procedures in the office • b) evaluate risk exposures relating to the organization's governance, operations and information systems • c) assist an organization in maintaining effective controls by evaluating their effectiveness and efficiency and by promoting continuous improvement 10/28/2021 O/o PAG (Audit) AP Hyderabad 50

Internal controls Audit Methodology • Two most common tools used in internal control evaluation i) Flowcharting ii) Internal control questionnaire Flowcharting : This is a diagrammatic method of recording and describing a system which can show the flow of documents, information or processes and the related controls within that system. • It can show the internal control system at a glance and can be helpful to an auditor who analyses a system to find out how effectively it works and to detect any weaknesses in the system • • • 10/28/2021 O/o PAG (Audit) AP Hyderabad 51

Internal controls • Internal control questionnaire • The questions are pre-designed and it can be ensured that all aspects of an internal control system are covered 10/28/2021 O/o PAG (Audit) AP Hyderabad 52

Internal controls • Preventive, Detective, and Controls • Preventive controls: • More cost effective • Competent, trustworthy people • Segregation of duties • Computerized edit 10/28/2021 O/o PAG (Audit) AP Hyderabad Corrective 53

Internal controls • • Detective controls: • More expensive Measure effectiveness of preventive controls • Detect incidents when they occur • Reviews and comparisons Reconciliations • Physical counts 10/28/2021 O/o PAG (Audit) AP Hyderabad 54

Internal controls • Corrective controls • • Establishment of controls when incidents occur • • Prevent reoccurrence 10/28/2021 O/o PAG (Audit) AP Hyderabad 55