-
INTOSAI Standards are issued by the International
Organisation of Supreme Audit Institutions, INTOSAI, as part
of
the INTOSAI Framework of Professional Pronouncements.
For more information visit www.issai.org
ISSAI
INTOSAI
100
Fundamental Principles of Public-Sector Auditing
-
INTOSAI
INTOSAI, 20191)
EndorsedasBasicPrinciplesinGovernmentAuditingin20012)
RevisedandrenamedFundamentalPrinciplesofPublic-SectorAuditingin
20133) With the establishment of the Intosai Framework of
Professional
Pronouncements(IFPP),editorialchangesweremadein2019
ISSAI100isavailableinallINTOSAIofficiallanguages:Arabic,English,French,German
and Spanish
-
TABLE OF CONTENTS
1. INTRODUCTION 4
2. PURPOSE AND AUTHORITY OF THE ISSAIS 6
3. FRAMEWORK FOR PUBLIC-SECTOR AUDITING 9
Mandate 9
Public-sector auditing and its objectives 10
Types of public-sector audit 11
4. ELEMENTS OF PUBLIC-SECTOR AUDITING 13
The three parties 13
Subject matter, criteria and subject matter information 14
Types of engagement 15
Confidence and assurance in public-sector auditing 16
5. PRINCIPLES OF PUBLIC-SECTOR AUDITING 18
Organisational requirements 19
General principles 20
Principles related to the audit process 24
-
4
INTRODUCTION
1)
Professionalstandardsandguidelinesareessentialforthecredibility,qualityandprofessionalismofpublic-sectorauditing.The
International Standardsof Supreme Audit Institutions (ISSAIs)
developed by the InternationalOrganisation of Supreme Audit
Institutions (INTOSAI) aim to
promoteindependentandeffectiveauditingbysupremeauditinstitutions(SAIs).
2) The ISSAIs support the members of INTOSAI in the development
of their own
professionalapproachinaccordancewiththeirmandatesandwithnationallawsandregulations.
3) The ISSAIs form part of the INTOSAI Framwork of Professional
Pronouncements (IFPP). Within this framework, the INTOSAI
Principles(INTOSAI-P)containtheframework’sfoundingprinciplesandcoreprinciplesthatsetoutprerequisitiesfortheproperfunctioningofSAIs.TheInternationalStandardsofSupremeAuditInstitutions(ISSAIs)addresstheconductofauditsand
includegenerally-recognisedprofessionalprinciples
thatunderpintheeffectiveandindependentauditingofpublic-sectorentities.
4)
INTOSAIGuidance(GUIDs)alsoformpartoftheIFPP.Theyprovideguidanceto
support SAIs and individual auditors in enchancing
organizationalperformanceandimplementingandapplyingtheISSAIsinpractice.
5) The ISSAI 100 - Fundamental Principles of Public-Sector
Auditing draw and elaborate on INTOSAI-P 1 The Lima
Declarationandprovideanauthoritativeinternationalframeofreferencedefiningpublic-sectorauditing.ThefullsetofISSAIsisbasedontheseprinciples.
1
-
5
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
6) ISSAI 100 Fundamental Principles of Public-Sector Auditing
provides detailed informationon:
• thepurposeandauthorityoftheISSAIs;
• theframeworkforpublic-sectorauditing;
• theelementsofpublic-sectorauditing;
• theprinciplestobeappliedinpublic-sectorauditing.
-
6
PURPOSE AND AUTHORITY OF THE ISSAIS
7) ISSAI 100 Fundamental Principles of Public-Sector Auditing
establishes fundamental principles which are applicable to all
public-sector audit
engagements,irrespectiveoftheirformorcontext.ISSAI 200 Financial
Audit Principles, ISSAI 300 Performance Audit Principles and ISSAI
400 Compliance Audit Principles build on and further develop the
principles to be applied in
thecontextoffinancial,performanceandcomplianceauditingrespectively.TheyshouldbeappliedinconjunctionwiththeprinciplessetoutinISSAI100.Theprinciplesinnowayoverridenationallaws,regulationsormandatesorpreventSAIsfromcarryingoutinvestigations,reviewsorotherengagementswhicharenotspecificallycoveredbytheexistingISSAIs.
8) The Fundamental Principles of Public-Sector Auditing (ISSAI
100) and the
Financial,PerformanceandComplianceAuditingPrinciples1thatflowfromthiscanbeusedtoestablishauthoritativestandardsinthreeways:
• asabasisonwhichSAIscandevelopstandards;
• asabasisfortheadoptionofconsistentnationalstandards;
• asabasisforadoptionoftheISSAIs.
SAIsmaychoosetocompileasinglestandard-settingdocument,aseriesofsuchdocumentsoracombinationofstandard-settingandotherauthoritativedocuments.
1 ISSAIs 200, 300 and 400
2
-
7
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
SAIsshoulddeclarewhichstandardstheyapplywhenconductingaudits,andthisdeclarationshouldbeaccessibletousersoftheSAI’sreports.Wherethestandardsarebasedonseveralsourcestakentogether,thisshouldalsobestated.
SAIs are encouraged tomake such declarations part of their
auditreports;however,amoregeneralformofcommunicationmaybeused.
9)
AnSAImaydeclarethatthestandardsithasdevelopedoradoptedarebasedonorareconsistentwiththeprinciplesoftheISSAIsonlyifthestandardsfullycomplywithallrelevantprinciplesinISSAIs100,200,300and400.
Audit reportsmay include a reference to the fact that the
standards usedwere based on or consistent with the ISSAI or ISSAIs
relevant to the audit work
carriedout.Suchreferencemaybemadebystating:
… We conducted our audit[s] in accordance with [standards],
which are based on [or consistent with] ISSAI 100 Fundamental
Principles of Public-Sector Auditing [and the principles of ISSAI
200 Financial Audit Principles / ISSAI 300 Performance Audit
Principles / ISSAI 400 Compliance Audit Principles] of the
International Standards of Supreme Audit Institutions.
In order to properly adopt or develop auditing standards based
on theseauditing principles, an understanding of the entire text of
theprinciples
isnecessary.Toachievethis,itmaybehelpfultoconsulttherelevantfinancialaudit
standards (ISSAIs 2000-2899), performance audit standards (ISSAIs
3000-3899)andcomplianceauditstandards(ISSAIs4000-4899).
10)
SAIsmaychoosetoadopttheISSAIsastheirauthoritativestandards.InsuchcasestheauditormustcomplywithallISSAIsrelevanttotheaudit.ReferencetotheISSAIsappliedmaybemadebystating:
…We conducted our audit[s] in accordance with the International
Standards of Supreme Audit Institutions (ISSAIs).
Inordertoenhancetransparency,thestatementmayfurtherspecifywhichauditing
standardswithin the ISSAIs2000-4899 theauditorhas
consideredrelevantandapplied.Thismaybedonebyaddingthefollowingphrase:
The audit[s] was [were] based on ISSAI[s] xxx [number and name
of the ISSAI or range of ISSAIs].
-
8
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
11) The International Standards on Auditing (ISAs) issued by the
InternationalFederationofAccountants(IFAC)areincorporatedintotheINTOSAIfinancialaudit
standards (ISSAIs 2000-2899). In financial audits, reference
maythereforebemadeeithertotheISSAIsortotheISAs.TheISSAIsmayprovideadditionalpublic-sectorapplicationmaterial,buttherequirementsupontheauditorinfinancialauditsarethesame.TheISAsconstituteanindivisiblesetofstandardsandtheISSAIsinwhichtheyareincorporatedmaynotbereferredtoindividually.IftheISSAIsortheISAshavebeenadoptedastheSAI’sstandardsforfinancialaudits,theauditor’sreportshouldincludeareferencetothosestandards.Thisappliesequallytofinancialauditsconductedincombinationwithothertypesofaudit.
12)
AuditsmaybeconductedinaccordancewithboththeISSAIsandstandardsfrom
other sources provided that no contradictions arise. In such
casesreference should be made both to the ISSAIs and to the other
standards concerned.
-
9
FRAMEWORK FORPUBLIC-SECTOR AUDITING
Mandate
13) An SAI will exercise its public-sector audit function within
a specificconstitutionalarrangementandbyvirtueof
itsofficeandmandate,whichensure sufficient independence andpower of
discretion in performing
itsduties.ThemandateofanSAImaydefineitsgeneralresponsibilitiesinthefieldofpublic-sectorauditingandprovidefurtherprescriptionsconcerningtheauditsandotherengagementstobeperformed.
14)
SAIsmaybemandatedtoperformmanytypesofengagementsonanysubjectofrelevancetotheresponsibilitiesofmanagementandthosechargedwithgovernanceandtheappropriateuseofpublicfundsandassets.TheextentorformoftheseengagementsandthereportingthereonwillvaryaccordingtothelegislatedmandateoftheSAIconcerned.
15)
Incertaincountries,theSAIisacourt,composedofjudges,withauthorityoverStateaccountantsandotherpublicofficialswhomustrenderaccounttoit.Thereexistsanimportantrelationshipbetweenthisjurisdictionalauthorityandthecharacteristicsofpublic-sectorauditing.ThejurisdictionalfunctionrequirestheSAItoensurethatwhoeverischargedwithdealingwithpublicfundsisheldaccountableand,inthisregard,issubjecttoitsjurisdiction.
16)
AnSAImaymakestrategicdecisionsinordertorespondtotherequirementsin
its mandate and other legislative requirements. Such decisions
mayincludewhichauditingstandardsareapplicable,whichengagementswillbe
3
-
10
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
conductedandhowtheywillbeprioritised.
Public-sector auditing and its objectives
17)
Thepublic-sectorauditenvironmentisthatinwhichgovernmentsandotherpublic-sectorentitiesexerciseresponsibilityfortheuseofresourcesderivedfrom
taxation andother sources in the delivery of services to citizens
andother recipients.Theseentitiesareaccountable for
theirmanagementandperformance, and for the use of resources, both
to those that provide the resources and to those, including
citizens, who depend on the
servicesdeliveredusingthoseresources.Public-sectorauditinghelpstocreatesuitableconditionsandreinforcetheexpectationthatpublic-sectorentitiesandpublicservantswill
perform their functions effectively, efficiently, ethically and
inaccordancewiththeapplicablelawsandregulations.
18) In general public-sector auditing can be described as a
systematic processof objectively obtaining and evaluating evidence
to determine whetherinformation or actual conditions conform to
established criteria.
Public-sectorauditingisessentialinthatitprovideslegislativeandoversightbodies,thosechargedwithgovernanceandthegeneralpublicwithinformationandindependent
and objective assessments concerning the stewardship
andperformanceofgovernmentpolicies,programmesoroperations.
19)
SAIsservethisaimasimportantpillarsoftheirnationaldemocraticsystemsandgovernancemechanismsandplayanimportantroleinenhancingpublic-sectoradministrationbyemphasisingtheprinciplesoftransparency,accountability,governanceandperformance.
INTOSAIP-20PrinciplesofTransparencyandAccountabilitycontainINTOSAIcoreprinciplesinthisregard.
20) All public-sector audits start from objectives, which may
differ dependingon the type of audit being conducted. However, all
public-sector auditingcontributestogoodgovernanceby:
• providing the intendeduserswith independent,objectiveand
reliableinformation,conclusionsoropinionsbasedonsufficientandappropriateevidencerelatingtopublicentities;
-
11
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
• enhancing accountability and transparency, encouraging
continuousimprovementandsustainedconfidenceintheappropriateuseofpublicfundsandassetsandtheperformanceofpublicadministration;
• reinforcing the effectiveness of those bodieswithin the
constitutionalarrangementthatexercisegeneralmonitoringandcorrectivefunctionsovergovernment,andthoseresponsibleforthemanagementofpublicly-fundedactivities;
•
creatingincentivesforchangebyprovidingknowledge,comprehensiveanalysisandwell-foundedrecommendationsforimprovement.
21) In general, public-sector audits can be categorised into one
or more
ofthreemaintypes:auditsoffinancialstatements,auditsofcompliancewithauthorities
and performance audits. The objectives of any given
auditwilldeterminewhichstandardsapply.
Types of public-sector audit
22)
Thethreemaintypesofpublic-sectorauditaredefinedasfollows:
Financial audit focuses on determiningwhether an entity’s
financial informationispresented in accordancewith
theapplicablefinancial reportingand regulatoryframework. This is
accomplished by obtaining sufficient and appropriate auditevidence
toenable theauditor toexpressanopinionas towhether
thefinancialinformationisfreefrommaterialmisstatementduetofraudorerror.
Performance
auditfocusesonwhetherinterventions,programmesandinstitutionsare
performing in accordance with the principles of economy, efficiency
andeffectivenessandwhetherthereisroomforimprovement.Performanceisexaminedagainstsuitablecriteria,andthecausesofdeviationsfromthosecriteriaorotherproblemsare
analysed. Theaim is to answer key audit questions and
toproviderecommendationsforimprovement.
Compliance
auditfocusesonwhetheraparticularsubjectmatterisincompliancewithauthoritiesidentifiedascriteria.Complianceauditingisperformedbyassessingwhether
activities, financial transactions and information are, in all
material
-
12
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
respects,incompliancewiththeauthoritieswhichgoverntheauditedentity.Theseauthoritiesmay
includerules,
lawsandregulations,budgetaryresolutions,policy,establishedcodes,agreedtermsorthegeneralprinciplesgoverningsoundpublic-sectorfinancialmanagementandtheconductofpublicofficials.
23)
SAIsmaycarryoutauditsorotherengagementsonanysubjectofrelevanceto
the responsibilitiesofmanagementand those
chargedwithgovernanceandtheappropriateuseofpublicresources.Theseengagementsmayincludereportingon
thequantitativeoutputsandoutcomesof theentity’s servicedelivery
activities, sustainability reports, future resource
requirements,adherencetointernalcontrolstandards,real-timeauditsofprojectsorothermatters.
SAIs may also conduct combined audits incorporating
financial,performanceand/orcomplianceaspects.
-
13
ELEMENTS OFPUBLIC-SECTOR AUDITING
24)
Public-sectorauditingisindispensableforthepublicadministration,asthemanagementofpublicresourcesisamatteroftrust.Responsibilityforthemanagementofpublicresourcesinlinewithintendedpurposesisentrustedtoanentityorpersonwhoactsonbehalfofthepublic.Public-sectorauditingenhances
the confidence of the intended users by providing informationand
independent and objective assessments concerning deviations
fromacceptedstandardsorprinciplesofgoodgovernance.
All public-sector audits have the same basic elements: the
auditor,
theresponsibleparty,intendedusers(thethreepartiestotheaudit),criteriaforassessingthesubjectmatterandtheresultingsubjectmatterinformation.They
can be categorised as two different types of audit
engagement:attestationengagementsanddirectreportingengagements.
The three parties
25) Public-sector audits involve at least three separate
parties: the auditor,a responsible party and intended users. The
relationship between theparties should be viewedwithin the context
of the specific constitutionalarrangementsforeachtypeofaudit.
•
Theauditor:Inpublic-sectorauditingtheroleofauditorisfulfilledbytheHeadoftheSAIandbypersonstowhomthetaskofconductingtheauditsisdelegated.Theoverallresponsibilityforpublic-sectorauditingremainsasdefinedbytheSAI’smandate.
4
-
14
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
• The responsible party: In public-sector auditing the
relevantresponsibilities are determined by constitutional or
legislativearrangement. The responsible parties may be responsible
for thesubject matter information, for managing the subject matter
or
foraddressingrecommendations,andmaybeindividualsororganisations.
• Intended users: The individuals, organisations or classes
thereof forwhom theauditorprepares theaudit report. The
intendedusersmaybelegislativeoroversightbodies,thosechargedwithgovernanceorthegeneralpublic.
Subject matter, criteria and subject matter information
26)
Subjectmatterreferstotheinformation,conditionoractivitythatismeasuredorevaluatedagainstcertaincriteria.Itcantakemanyformsandhavedifferentcharacteristics
depending on the audit objective. An appropriate subjectmatteris
identifiableandcapableofconsistentevaluationormeasurementagainstthecriteria,suchthatitcanbesubjectedtoproceduresforgatheringsufficient
and appropriate audit evidence to support the audit opinion
orconclusion.
27) The criteria are thebenchmarksused toevaluate the
subjectmatter. Eachaudit should have criteria suitable to the
circumstances of that audit. Indetermining the suitability of
criteria the auditor considers their
relevanceandunderstandabilityfortheintendedusers,aswellastheircompleteness,reliability
and objectivity (neutrality, general acceptance and
comparabilitywiththecriteriausedinsimilaraudits).Thecriteriausedmaydependonarangeoffactors,includingtheobjectivesandthetypeofaudit.Criteriacanbespecificormoregeneral,andmaybedrawnfromvarioussources,includinglaws,regulations,standards,soundprinciplesandbestpractices.Theyshouldbe
made available to the intended users to enable them to understand
how thesubjectmatterhasbeenevaluatedormeasured.
28)
Subjectmatterinformationreferstotheoutcomeofevaluatingormeasuringthe
subject matter against the criteria. It can take many forms and
havedifferentcharacteristicsdependingontheauditobjectiveandauditscope.
-
15
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
Types of engagement
29) Therearetwotypesofengagement:
•
Inattestationengagementstheresponsiblepartymeasuresthesubjectmatteragainstthecriteriaandpresentsthesubjectmatterinformation,on
which the auditor then gathers sufficient and appropriate
auditevidencetoprovideareasonablebasisforexpressingaconclusion.
• In direct reporting engagements it is the auditor who measures
orevaluatesthesubjectmatteragainstthecriteria.Theauditorselectsthesubjectmatterandcriteria,takingintoconsiderationriskandmateriality.The
outcome of measuring the subject matter against the criteria
ispresented in the audit report in the form of findings,
conclusions,recommendationsoranopinion. Theauditof the
subjectmattermayalsoprovidenewinformation,analysesorinsights.
30) Financial audits are always attestation engagements, as they
are
basedonfinancialinformationpresentedbytheresponsibleparty.Performanceauditsare
normally direct reporting engagements. Compliance audits may
beattestationordirectreportingengagements,orbothatonce.ThefollowingconstitutethesubjectmatterorthesubjectmatterinformationinthethreetypesofauditcoveredbytheISSAIs:
a) Financial
audit:Thesubjectmatterofafinancialauditisthefinancialposition,
performance, cash flow or other elements which arerecognised,
measured and presented in financial statements.
Thesubjectmatterinformationisthefinancialstatements.
b) Performance
audit:Thesubjectmatterofaperformanceauditisdefinedbytheauditobjectivesandauditquestions.Thesubjectmattermaybespecificprogrammes,entitiesorfundsorcertainactivities(withtheiroutputs,outcomesandimpacts),existingsituations(includingcausesand
consequences) as well as non-financial or financial
informationaboutanyoftheseelements.Theauditormeasuresorevaluatesthe
-
16
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
subjectmatter toassess theextent towhich theestablished
criteriahaveorhavenotbeenmet.
c) Compliance
audit:Thesubjectmatterofacomplianceauditisdefinedby the scopeof
theaudit. Itmaybeactivities,financial
transactionsorinformation.Forattestationengagementsoncomplianceitismorerelevant
to focus on the subject matter information, whichmay bea statement
of compliance in accordance with an established and
standardisedreportingframework.
Confidence and assurance in public-sector auditing
The need for confidence and assurance
31) The intended users will wish to be confident about the
reliability
andrelevanceoftheinformationwhichtheyuseasthebasisfortakingdecisions.Audits
therefore provide information based on sufficient and
appropriateevidence,andauditorsshouldperformprocedurestoreduceormanagetherisk
of reaching inappropriate conclusions. The level of assurance that
canbe provided to the intended user should be communicated in a
transparent
way.Duetoinherentlimitations,however,auditscanneverprovideabsoluteassurance.
Forms of providing assurance
32)
Dependingontheauditandtheusers’needs,assurancecanbecommunicatedintwoways:
• Throughopinions and conclusionswhich explicitly convey the
level
ofassurance.Thisappliestoallattestationengagementsandcertaindirectreportingengagements.
• Inotherforms.Insomedirectreportingengagementstheauditordoesnot
give an explicit statement of assurance on the subjectmatter.
Insuchcasestheauditorprovidestheuserswiththenecessarydegreeofconfidencebyexplicitlyexplaininghowfindings,criteriaandconclusions
-
17
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
were developed in a balanced and reasoned manner, and why
thecombinationsoffindingsandcriteriaresultinacertainoverallconclusionorrecommendation.
Levels of assurance
33) Assurancecanbeeitherreasonableorlimited.
Reasonable assurance is high but not absolute. The audit
conclusion isexpressed positively, conveying that, in the auditor’s
opinion, the
subjectmatterisorisnotcompliantinallmaterialrespects,or,whererelevant,thatthesubjectmatterinformationprovidesatrueandfairview,inaccordancewiththeapplicablecriteria.
Whenprovidinglimitedassurance,theauditconclusionstatesthat,basedontheproceduresperformed,nothinghas
come to the auditor’s attention
tocausetheauditortobelievethatthesubjectmatterisnotincompliancewiththeapplicablecriteria.Theproceduresperformedinalimitedassuranceauditarelimitedcomparedwithwhatisnecessarytoobtainreasonableassurance,butthelevelofassuranceisexpected,intheauditor’sprofessionaljudgement,tobemeaningfultotheintendedusers.Alimitedassurancereportconveysthelimitednatureoftheassuranceprovided.
-
18
PRINCIPLES OFPUBLIC-SECTOR AUDITING
34)
Theprinciplesdetailedbelowarefundamentaltotheconductofanaudit.
Auditingisacumulativeanditerativeprocess.However,forthepurposesof
presentationthe fundamentalprinciplesaregroupedbyprinciples
related
totheSAI’sorganisationalrequirements,generalprinciplesthattheauditor
shouldconsiderpriortocommencementandatmorethanonepointduring
theauditandprinciplesrelatedtospecificstepsintheauditprocess.
5
-
19
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
Areascoveredbytheprinciplesforpublic-sectorauditing
Ethics &Independence
Professional judment, due
care and scepticism
Audit team management
& skills
Quality control
Audit risk Materiality CommunicationDocumentation
Planning the audit Conducting the audit Reporting and
follow-up
Establish the terms of the audit
Obtain understanding
Conduct risk assessment of problem analysis
Identify risks of fraud
Develop an audit plan
Prepare a report based on the conclusions reached
Follow up on reported matters as relevant
Perform the planned audit procedures to obtain audit
evidence
Evaluate audit evidence and draw conclusions
GENERAL PRINCIPLES
PRINCIPLES RELATED TO THE AUDIT PROCESS
Organisational requirements
35) SAIs should establish and maintain appropriate procedures
for ethics and quality control
Each SAI should establish and maintain procedures for ethics and
qualitycontrolonanorganisationallevelthatwillprovideitwithreasonableassurance
-
20
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
thattheSAIanditspersonnelarecomplyingwithprofessionalstandardsandtheapplicableethical,legalandregulatoryrequirements.ISSAI
130 - Code of Ethics and ISSAI 140 - Quality Control for provides
principles,
requirementsandapplicationmaterialinthisregard.TheexistenceoftheseproceduresatSAIlevelisaprerequisiteforapplyingordevelopingnationalstandardsbasedontheFundamentalAuditingPrinciples.
General principles
Ethics and independence
36) Auditors should comply with the relevant ethical
requirements and be independent. Ethical principles should be
embodied in an auditor’s professional behaviour. The SAIs should
have policies addressing ethicalrequirements and emphasising the
need for compliance by each
auditor.Auditorsshouldremainindependentsothattheirreportswillbeimpartialandbeseenassuchbytheintendedusers.
Auditors canfind INTOSAICorePrincipleson independence in the
INTOSAI P-10 Mexico Declaration on SAI
Independence.Thekeyethicalprinciplesofintegrity,independenceandobjectivity,competence,professionalbehaviorandconfidentialityandtransparencyaredefinedin
ISSAI 130 Code of Ethics,
togetherwithrelatedrequirementsandapplicationmaterial.
Professionaljudgement,duecareandscepticism
37) Auditors should maintain appropriate professional behaviour
by applying professional scepticism, professional judgment and due
care throughout the audit. The auditor’s attitude should be
characterised by
professionalscepticismandprofessionaljudgement,whicharetobeappliedwhenformingdecisions
about the appropriate courseof action.Auditors should
exerciseduecaretoensurethattheirprofessionalbehaviourisappropriate.
Professionalscepticismmeansmaintainingprofessionaldistanceandanalertandquestioningattitudewhenassessingthesufficiencyandappropriatenessofevidenceobtained
throughout theaudit. It alsoentails remainingopen-
-
21
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
mindedandreceptivetoallviewsandarguments.
Professionaljudgementimpliestheapplicationofcollectiveknowledge,skillsandexperiencetotheauditprocess.Duecaremeansthattheauditorshouldplan
and conduct audits in a diligent manner. Auditors should avoid
anyconductthatmightdiscredittheirwork.
Qualitycontrol
38) Auditors should perform the audit in accordance with
professional standards onqualitycontrol
ASAI’squalitycontrolpoliciesandproceduresshouldcomplywithprofessionalstandards,theaimbeingtoensurethatauditsareconductedataconsistentlyhigh
level. Quality control procedures should cover matters such as
thedirection, review and supervision of the audit process and the
need forconsultation
inordertoreachdecisionsondifficultorcontentiousmatters.AuditorscanfindfurtherinformationinISSAI
140 Quality Control for SAIs.
Auditteammanagementandskills
39) Auditors should possess or have access to the necessary
skills
Theindividualsintheauditteamshouldcollectivelypossesstheknowledge,skills
and expertise necessary to successfully complete the audit.
Thisincludes an understanding and practical experience of the type
of
auditbeingconducted,familiaritywiththeapplicablestandardsandlegislation,anunderstandingoftheentity’soperationsandtheabilityandexperienceto
exercise professional judgement. Common to all audits is the need
torecruitpersonnelwithsuitablequalifications,offerstaffdevelopmentandtraining,
prepare manuals and other written guidance and
instructionsconcerning the conduct of audits, and assign sufficient
audit resources.Auditors shouldmaintain theirprofessional
competence throughongoingprofessionaldevelopment.
Where relevant or necessary, and in line with the SAI’s mandate
and
theapplicablelegislation,theauditormayusetheworkofinternalauditors,otherauditorsorexperts.Theauditor’sproceduresshouldprovideasufficientbasis
-
22
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
forusingtheworkofothers,andinallcasestheauditorshouldobtainevidenceofotherauditors’orexperts’competenceandindependenceandthequalityoftheworkperformed.However,theSAIhassoleresponsibilityforanyauditopinionorreportitmightproduceonthesubjectmatter;thatresponsibilityisnotreducedbyitsuseofworkdonebyotherparties.
Theobjectivesofinternalauditaredifferentfromthoseofexternalaudit.However,
both internal and external audit promote good governancethrough
contributions to transparency and accountability for the use
ofpublicresources,aswellaseconomy,efficiencyandeffectivenessinpublicadministration.Thisoffersopportunitiesforcoordinationandcooperationandthepossibilityofeliminatingduplicationofeffort.
SomeSAIsusetheworkofotherauditorsatstate,provincial,regional,districtorlocallevel,orofpublicaccountingfirmsthathavecompletedauditworkrelatedtotheauditobjective.Arrangementsshouldbemadetoensurethatany
such work was carried out in accordance with public-sector
auditingstandards.
Auditsmayrequirespecialisedtechniques,methodsorskillsfromdisciplinesnotavailablewithin
theSAI. In suchcasesexpertsmaybeused
toprovideknowledgeorcarryoutspecifictasksorforotherpurposes.
Audit risk
40) Auditors should manage the risks of providing a report that
is inappropriate in the circumstances of the audit
Theauditriskistheriskthattheauditreportmaybeinappropriate.Theauditorperformsprocedurestoreduceormanagetheriskofreachinginappropriateconclusions,recognisingthatthelimitationsinherenttoallauditsmeanthatanauditcanneverprovideabsolutecertaintyoftheconditionofthesubjectmatter.
Whentheobjective is toprovidereasonableassurance,
theauditorshouldreduceauditrisktoanacceptably
lowlevelgiventhecircumstancesoftheaudit. The auditmay also aim to
provide limited assurance, inwhich case
-
23
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
theacceptable risk that criteria arenot compliedwith is greater
than in areasonable assurance audit. A limited assurance audit
provides a level ofassurancethat, intheauditor’sprofessional
judgment,willbemeaningfultotheintendedusers.
Materiality
41) Auditors should consider materiality throughout the audit
process
Materiality is relevant in all audits. A matter can be judged
material
ifknowledgeofitwouldbelikelytoinfluencethedecisionsoftheintendedusers.Determiningmaterialityisamatterofprofessionaljudgementanddependson
the auditor’s interpretation of the users’ needs. This judgement
mayrelatetoanindividualitemortoagroupofitemstakentogether.Materialityis
often considered in termsof value, but it alsohas other
quantitative
aswellasqualitativeaspects.Theinherentcharacteristicsofanitemorgroupofitemsmayrenderamattermaterialbyitsverynature.Amattermayalsobematerialbecauseofthecontextinwhichitoccurs.
Materialityconsiderationsaffectdecisionsconcerningthenature,timingandextentofauditproceduresandtheevaluationofauditresults.Considerationsmay
include stakeholder concerns,public interest, regulatory
requirementsandconsequencesforsociety.
Documentation
42) Auditors should prepare audit documentation that is
sufficiently detailed to provide a clear understanding of the work
performed, evidence obtained and conclusions reached
Audit documentation should include an audit strategy and audit
plan. Itshould record the procedures performed and evidence
obtained and support
thecommunicatedresultsoftheaudit.Documentationshouldbesufficientlydetailed
toenableanexperiencedauditor,withnopriorknowledgeof
theaudit,tounderstandthenature,timing,scopeandresultsoftheproceduresperformed,
the evidence obtained in support of the audit conclusions and
recommendations,thereasoningbehindallsignificantmattersthatrequiredtheexerciseofprofessionaljudgement,andtherelatedconclusions.
-
24
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
Communication
43) Auditors should establish effective communication throughout
the audit process
Itisessentialthattheauditedentitybekeptinformedofallmattersrelatingto
the audit. This is key to developing a constructiveworking
relationship.Communication should includeobtaining information
relevant to the
auditandprovidingmanagementandthosechargedwithgovernancewithtimelyobservations
and findings throughout the engagement. The auditor mayalso have a
responsibility to communicate audit-related matters to
otherstakeholders,suchaslegislativeandoversightbodies.
Principles related to the audit process
Planninganaudit
44) Auditors should ensure that the terms of the audit have been
clearly established
Auditsmay be required by statute, requested by a legislative or
oversightbody,initiatedbytheSAIorcarriedoutbysimpleagreementwiththeauditedentity.
In all cases the auditor, the audited entity’s management,
thosechargedwithgovernanceandothersasapplicableshouldreachacommonformalunderstandingofthetermsoftheauditandtheirrespectiverolesandresponsibilities.
Important informationmay include the subject, scope andobjectivesof
theaudit, access todata, the report thatwill result from
theaudit,theauditprocess,contactpersons,andtherolesandresponsibilitiesofthedifferentpartiestotheengagement.
45) Auditors should obtain an understanding of the nature of the
entity/programme to be audited
This includes understanding the relevant objectives, operations,
regulatoryenvironment, internal controls, financial and other
systems and
businessprocesses,andresearchingthepotentialsourcesofauditevidence.Knowledge
-
25
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
canbeobtainedfromregular interactionwithmanagement,
thosechargedwithgovernanceandotherrelevantstakeholders.Thismaymeanconsultingexpertsandexaminingdocuments(includingearlierstudiesandothersources)inordertogainabroadunderstandingofthesubjectmattertobeauditedanditscontext.
46) Auditors should conduct a risk assessment or problem
analysis and revise this as necessary in response to the audit
findings
Thenatureoftherisksidentifiedwillvaryaccordingtotheauditobjective.Theauditorshouldconsiderandassesstheriskofdifferenttypesofdeficiencies,deviationsormisstatementsthatmayoccurinrelationtothesubjectmatter.Bothgeneraland
specific risks shouldbeconsidered.This
canbeachievedthroughprocedures that serve toobtainanunderstandingof
theentityorprogramme and its environment, including the relevant
internal controls.The auditor should assess the management’s
response to identified risks,including its implementation and
design of internal controls to addressthem. In a problemanalysis
the auditor should consider actual
indicationsofproblemsordeviationsfromwhatshouldbeorisexpected.Thisprocessinvolves
examining various problem indicators in order to define the
auditobjectives.Theidentificationofrisksandtheirimpactontheauditshouldbeconsideredthroughouttheauditprocess.
47) Auditors should identify and assess the risks of fraud
relevant to the audit objectives.
Auditors should make enquiries and perform procedures to
identify andrespond to the risksof fraud relevant to theaudit
objectives. They
shouldmaintainanattitudeofprofessionalscepticismandbealerttothepossibilityoffraudthroughouttheauditprocess.
48) Auditors should plan their work to ensure that the audit is
conducted in an effective and efficient manner
Planningforaspecificauditincludesstrategicandoperationalaspects.
Strategically,planningshoulddefinetheauditscope,objectivesandapproach.
-
26
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
Theobjectivesrefertowhattheauditisintendedtoaccomplish.Thescoperelatestothesubjectmatterandthecriteriawhichtheauditorswillusetoassessandreportonthesubjectmatter,andisdirectlyrelatedtotheobjectives.Theapproachwill
describe thenature andextentof theprocedures tobeused for gathering
audit evidence. The audit should be planned to
reduceauditrisktoanacceptablylowlevel.
Operationally,planningentailssettingatimetablefortheauditanddefiningthe
nature, timing and extent of the audit procedures. During
planning,auditorsshouldassignthemembersoftheirteamasappropriateandidentifyotherresourcesthatmayberequired,suchassubjectexperts.
Auditplanningshouldberesponsivetosignificantchangesincircumstancesandconditions.Itisaniterativeprocessthattakesplacethroughouttheaudit.
Conductinganaudit
49) Auditors should perform audit procedures that provide
sufficient appropriate audit evidence to support the audit
report
Theauditor’sdecisionsonthenature,timingandextentofauditprocedureswill
impact on theevidence tobeobtained. The choiceof
procedureswilldependontheriskassessmentorproblemanalysis.
Auditevidenceisanyinformationusedbytheauditortodeterminewhetherthe
subjectmatter complieswith the applicable criteria. Evidencemay
takemanyforms,suchaselectronicandpaperrecordsoftransactions,writtenandelectroniccommunicationwithoutsiders,observationsbytheauditor,andoralorwrittentestimonybytheauditedentity.Methodsofobtainingauditevidencecan
include inspection, observation, inquiry, confirmation,
recalculation,reperformance, analytical procedures and/or other
research techniques.Evidence should be both sufficient (quantity)
to persuade a knowledgeableperson that the findings are reasonable,
and appropriate (quality) –
i.e.relevant,validandreliable.Theauditor’sassessmentoftheevidenceshouldbeobjective,fairandbalanced.Preliminaryfindingsshouldbecommunicatedtoanddiscussedwiththeauditedentitytoconfirmtheirvalidity.
Theauditormustrespectallrequirementsregardingconfidentiality.
-
27
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
50) Auditors should evaluate the audit evidence and draw
conclusions
After completing the audit procedures, the auditor will review
the
auditdocumentationinordertodeterminewhetherthesubjectmatterhasbeensufficiently
and appropriately audited. Before drawing conclusions,
theauditorreconsiderstheinitialassessmentofriskandmaterialityinthelightoftheevidencecollectedanddetermineswhetheradditionalauditproceduresneedtobeperformed.
Theauditorshouldevaluatetheauditevidencewithaviewtoobtainingauditfindings.When
evaluating the audit evidence and assessingmateriality
offindingstheauditorshouldtakebothquantitativeandqualitativefactorsintoconsideration.
Basedonthefindings,theauditorshouldexerciseprofessionaljudgementtoreachaconclusiononthesubjectmatterorsubjectmatterinformation.
Reportingandfollow-up
51) Auditors should prepare a report based on the conclusions
reached
Theauditprocessinvolvespreparingareporttocommunicatetheresultsoftheaudittostakeholders,othersresponsibleforgovernanceandthegeneralpublic.Thepurposeisalsotofacilitatefollow-upandcorrectiveaction.InsomeSAIs,
such as courts of auditwith jurisdictional authority, thismay
includeissuinglegallybindingreportsorjudicialdecisions.
Reportsshouldbeeasytounderstand,freefromvaguenessorambiguityandcomplete.Theyshouldbeobjectiveandfair,onlyincludinginformationwhichissupportedbysufficientandappropriateauditevidenceandensuringthatfindingsareputintoperspectiveandcontext.
The form and content of a report will depend on the nature of
the audit, the intendedusers, the applicable standards and legal
requirements. The SAI’smandate and other relevant laws or
regulationsmay specify the layout
orwordingofreports,whichcanappearinshortformorlongform.
-
28
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
Long-form reports generally describe in detail the audit scope,
auditfindingsandconclusions,includingpotentialconsequencesandconstructiverecommendationstoenableremedialaction.
Short-formreportsaremorecondensedandgenerallyinamorestandardisedformat.
» Attestationengagements
In attestation engagements the audit reportmay express an
opinion as
towhetherthesubjectmatterinformationis,inallmaterialrespects,freefrommisstatement
and/or whether the subjectmatter complies, in allmaterialrespects,
with the established criteria. In an attestation engagement
thereportisgenerallyreferredtoastheAuditor’sReport.
» Directengagements
Indirectengagements theaudit reportneeds to state
theauditobjectivesanddescribehowtheywereaddressedintheaudit.Itincludesfindingsandconclusionsonthesubjectmatterandmayalso
includerecommendations.Additionalinformationaboutcriteria,methodologyandsourcesofdatamayalsobegiven,andanylimitationstotheauditscopeshouldbedescribed.
The audit report should explain how the evidence obtainedwas
used
andwhytheresultingconclusionsweredrawn.Thiswillenableittoprovidetheintendeduserswiththenecessarydegreeofconfidence.
» Opinion
Whenanauditopinionisusedtoconveythelevelofassurance,theopinionshould
be in a standardised format. The opinion may be unmodified
ormodified.Anunmodifiedopinionisusedwheneitherlimitedorreasonableassurancehasbeenobtained.Amodifiedopinionmaybe:
• Qualified (except for)
–wheretheauditordisagreeswith,orisunabletoobtainsufficientandappropriateauditevidenceabout,certainitemsinthesubjectmatterwhichare,orcouldbe,materialbutnotpervasive;
• Adverse –
wheretheauditor,havingobtainedsufficientandappropriate
-
29
ISSAI 100 - FUNDAMENTAL PRINCIPLES OF PUBLIC-SECTOR AUDITING
audit evidence, concludes that deviations or misstatements,
whetherindividuallyorintheaggregate,arebothmaterialandpervasive;
• Disclaimed – where the auditor is unable to obtain sufficient
andappropriate audit evidence due to an uncertainty or scope
limitationwhichisbothmaterialandpervasive.
Wheretheopinionismodifiedthereasonsshouldbeputinperspectivebyclearlyexplaining,with
reference to theapplicable criteria,
thenatureandextentofthemodification.Dependingonthetypeofaudit,recommendationsfor
correctiveactionandanycontributing internal
controldeficienciesmayalsobeincludedinthereport.
» Follow-up
SAIshavearoleinmonitoringactiontakenbytheresponsiblepartyinresponsetothemattersraised
inanauditreport.Follow-upfocusesonwhethertheaudited entity has
adequately addressed thematters raised, including
anywiderimplications.InsufficientorunsatisfactoryactionbytheauditedentitymaycallforafurtherreportbytheSAI.
INTRODUCTIONPURPOSE AND AUTHORITY OF THE ISSAIS
FRAMEWORK FORPUBLIC-SECTOR AUDITING
Public-sector auditing and its objectivesTypes of public-sector
auditELEMENTS OFPUBLIC-SECTOR AUDITING
Subject matter, criteria and subject matter informationTypes of
engagementConfidence and assurance in public-sector
auditingPRINCIPLES OFPUBLIC-SECTOR AUDITING
Organisational requirementsGeneral principlesPrinciples related
to the audit process