Convergence of public sector audit standards


Published on

Convergence of Public Sector Audit Standards
Jan Van Schalkwyk, Acting Corporate Executive - Auditor-General of South Africa
Kelly Anerud , Senior Technical Manager, The International Federation of Accountants (IFAC)
Gail Flister Vallieres, Assistant Director, Financial Management and Assurance GAO
Jeanette Franzell, Managing Director, Financial Management and Assurance
GAO, Moderator

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • INTOSAI has adopted the “dual approach” ie leverage on high-quality existing standards where possible. Where these are not available/relevant, INTOSAI will develop standards or guidelines to fill such needs (eg Practice Notes or Compliance Audit Guidelines). Within Financial Audit, this involves cooperation with IAASB – one of 4 standard setting boards operating under the auspices of IFAC. From IAASB’s perspective: We believe that the potential for a common core of auditing standards used by both Supreme Auditors and the private sector is a step towards common understanding and mutual acceptance of audit reports by the two sectors in a global context. IFAC calls on G20 for broad and swift action to greatly improve government transparency and accountability as a means toward global fiscal sustainability. “Governments require that private sector companies report high-quality financial information to their investors and stakeholders. It’s time for the public sector to practice what it preaches.”
  • For financial audit: IFAC’s ISA + INTOSAI’s PN = INTOSAI’s ISSAI ISSAIs for financial audit are also referred to as the Financial Audit Guidelines
  • INTOSAI’s structure on the left. IFAC’s process on the right. INTOSAI is involved in key steps, especially where an INTOSAI expert has been nominated to participate as a member in an IAASB task force.
  • Member nominated by INTOSAI, but represents himself. Currently is Gert Jonsson from Swedish SAI. One of three public members on IAASB. Comment letters from INTOSAI/FAS as well as individual SAIs. Representation on CAG is more representative of the organization, rather than the individual person
  • Terminology – Have attempted to neutralize terminology. In addition, mention should consider the ‘public sector equivalent’. (eg firm, partner, listed entity). Another example: ‘business risk’. The business risk general concept applies in the context of identifying and assessing risk in public sector audit work. In the public sector, business risk relates to the risk that government activities, including relevant programs, program strategies, and objectives, will not be completed or achieved. In addition, risks related to issues such as the political climate, public interest, and program sensitivity or potential non-compliance with legislation or proper authority are relevant in the public sector context. Broader Mandate –may be broader than in the private sector and may include aspects of compliance, public accountability, and sound public sector financial management . May include elements of Compliance Audit (funds have been used for intended purposes and with proper authority) or Performance Audit (economical, efficient and effective use of funds) In addition to the audit of financial statements, many public sector engagements include additional audit responsibilities with respect to the consideration of laws and regulations which have no material effect on the financial statements. Beyond expressing an opinion on the financial statements, public sector auditors focus on: Credible and effective public sector Change agents for continual improvement Public interest - input to the Parliament / legislature Compliance and use of public resources for intended purposes (eg procurement, grants) Due process rights of individuals Inability to withdraw – AG may have fixed terms of appointment and cannot withdraw, even if this would be natural solution in the private sector (eg unwillingness to provide saae). Increased findings often result in increased work effort (as opposed to withdrawal in private sector) Terms of Engagement vs. Legal Mandate – in PS, the SAI has a legal mandate to perform its work and engagement letters are not common. Nevertheless, the need for a cooperative relationship with the audited entity is common to both sectors. Engagement acceptance routines may provide useful information for risk assessment and reporting responsibilities. Use of engagement letters is encouraged. Quality Assurance – private sector the engagement has individual responsibility and can bind the firm. In PS all may report to AG. Therefore Supreme Audit Institutions may establish policies and procedures to promote compliance with the spirit of this requirement (e.g., by rotating key personnel with operational responsibility for the audit engagement, requiring engagement quality control reviews, or carrying out regular peer reviews). Documentation – many common principles, but some unique public sector aspects such as ‘sunshine laws” – FOIA in USA, documentation may be part of public journal. May also be additional requirements as to retention (historical value). Also security clearance may be an issue for some sectors (defense or other matters of national security), eg conflict between confidentiality vs. third party access
  • Fraud – responsibilities may be broader than in private sector. Public sector auditors may have formally mandated responsibility to detect fraud, and in addition, the use of public monies tends to impose a higher profile on fraud issues. As a result auditors may need to be responsive to public expectations regarding detection of fraud. Communication – may be a challenge to identify ‘those charged with governance” – another public sector body (department/ministry), legislators, the public? Requirements may also be broader, ie communicating to legislators, regulators or funding agencies. Risk Assessment - To gain an understanding of the entity, public sector auditors consider their broader mandate as well as any relevant legislation, regulations, directives, or other requirements that affect the entity’s operations. Management objectives, including public accountability concerns, are also considered. Risk assessment information may also be obtained from performance auditors or other relevant sources, Review of internal controls may be broader and reporting requirements more comprehensive. Materiality - The broader mandate in the public sector may require audits of certain aspects related to compliance and internal control. While misstatements of small monetary amounts may be deemed trivial, even small deviations related to compliance or internal control are, by their nature, generally not seen as trivial. Even if a transaction – regardless of size – is correctly recorded in the financial statements, the transaction represents an instance of non-compliance or a control deviation if it is illegal or fraudulent or if the control was not followed. Many public sector auditors have a responsibility to report all (not only non-trivial) identified misstatements or compliance and control deviations to management or those charged with governance. Such misstatements or deviations may also have implications in a broader context. Based on their mandates, some Supreme Audit Institutions may also order that any instances of noncompliance be corrected. Reporting - The same structure is normally relevant to public sector audit reports even though they tend to be longer and include a wider range of matters. In the public sector laws, the audit mandate or common practice may lead the public sector auditor to report findings, conclusions, recommendations and management responses. Such reporting is supplementary to the auditor’s report on the financial statements in accordance with ISSAI 1700.
  • GAO has been required since the 1970s….
  • Convergence of public sector audit standards

    1. 1. Convergence of Public Sector Audit Standards December 6, 2010 Jeanette Franzel, Managing Director, GAO Kelly Anerud, Senior Technical Manager, IFAC Jan Van Schalkwyk, Corporate Executive, Auditor-General of South Africa Gail Flister Vallieres, Assistant Director, GAO
    2. 2. Background <ul><li>INTOSAI has created a robust set of Financial Audit Guidelines for public sector entities by leveraging international standards and providing relevant guidance for the government environment. </li></ul><ul><li>A group of experts from the INTOSAI community has developed “Practice Notes” to be used in conjunction with the International Standards of Auditing (ISAs) issued by IFAC’s International Auditing and Assurance Board (IAASB). </li></ul>
    3. 3. Objectives <ul><li>In this session, we will discuss the guidelines, how they relate to national standards, and how they are being implemented by INTOSAI members. </li></ul><ul><li>In addition, this session will discuss GAO’s Yellow Book in relation to INTOSAI and international standards. </li></ul>
    4. 4. Development of INTOSAI Financial Audit Guidelines and Collaboration With IAASB
    5. 5. Financial Audit Guidelines Strategy for Development <ul><li>Strategic Objective </li></ul><ul><li>To develop high quality guidelines that are globally accepted for the audit of financial statements in the public sector. </li></ul><ul><li>Strategy </li></ul><ul><li>To leverage the expertise and resources of the IAASB, an internationally respected auditing standards setting organization, in a strategic and cooperative partnership. </li></ul>
    6. 6. Financial Audit Guidelines I nternational S tandard on A uditing P ractice N ote + I nternational S tandards of S upreme A udit I nstitutions =
    7. 7. Financial Audit Guidelines Structure for Development *Led by Swedish National Audit Office. Members include SAIs of Cameroon, Canada, Korea, European Court of Auditors, Mexico, Namibia, Norway, South Africa, United States, United Kingdom INTOSAI Professional Standards Committee INCOSAI INTOSAI Governing Board SAI Independence Accounting Standards & Reporting Internal control Standards Performance Audit Compliance Audit Financial Audit Guidelines* Focus Group Project Director & Project Secretariat Reference Panel Issues Paper First Read Exposure Draft Review of Comments Final ISA PSC IAASB INTOSAI ”Practice Note”
    8. 8. Provide Public Sector Perspectives <ul><li>Member and Technical Advisor on IAASB </li></ul><ul><li>Participation in IAASB Task Forces for ISAs </li></ul><ul><ul><li>Public sector input to the ISA </li></ul></ul><ul><ul><li>Parallel development of INTOSAI Practice Note </li></ul></ul><ul><li>Practice Notes Task Forces for other ISAs </li></ul><ul><li>INTOSAI input compiled for IAASB meetings </li></ul><ul><li>INTOSAI representative on IAASB’s Compliance Advisory Group </li></ul>
    9. 9. Specific Public Sector Considerations <ul><li>Terminology </li></ul><ul><li>Broader Mandate </li></ul><ul><li>Inability to Withdraw </li></ul><ul><li>Terms of Engagement vs. Legal Mandate </li></ul><ul><li>Quality Assurance </li></ul><ul><li>Documentation </li></ul>
    10. 10. Specific Public Sector Considerations <ul><li>Fraud and error </li></ul><ul><li>Communication </li></ul><ul><li>Risk Assessment </li></ul><ul><li>Materiality </li></ul><ul><li>Reporting </li></ul>
    11. 11. Implementation of Auditing Standards Practical Lessons Learnt
    12. 12. Why do we audit? <ul><li>The Auditor-General South Africa has a constitutional mandate and, as the SAI of South Africa, it exists to strengthen our country’s democracy by enabling oversight , accountability and governance in the public sector through auditing, thereby building public confidence . </li></ul><ul><li>This is our reputation promise!! </li></ul>
    13. 13. Standards Defined <ul><li>Set of credible, widely acceptable pronouncements that guide the execution of audits. </li></ul><ul><li>Public sector options: </li></ul><ul><ul><li>International Standards on Auditing (ISAs), supplemented by the International Standards for Supreme Audit Institutions (ISSAIS) </li></ul></ul><ul><ul><li>INTOSAI framework – level 3 standards supported by level 4 guidance </li></ul></ul><ul><ul><li>National Standards </li></ul></ul>
    14. 14. SA SAI Situation <ul><li>Adopted ISAs during 2005 </li></ul><ul><li>Believe in early adoption of any work done by standard-setters, as long as these developments do not contradict current baseline </li></ul><ul><li>Full implementation of clarified ISAs, with first round of independence quality review currently underway </li></ul><ul><li>Same principle applies to the pro-active adoption of ISSAIs </li></ul><ul><li>Involvement in standard-setting </li></ul><ul><ul><li>IRBA CFAS </li></ul></ul><ul><ul><li>INTOSAI FAS </li></ul></ul>
    15. 15. The Challenge of Implementation <ul><li>Status of developments (standards, methodology, working papers, technical guidance) </li></ul><ul><li>Conceptual thinking behind manuals and working papers </li></ul><ul><li>Governance arrangements </li></ul><ul><li>Manuals (development, maintenance) </li></ul><ul><li>Working papers (development, maintenance) </li></ul><ul><li>Training </li></ul><ul><li>Other considerations </li></ul>
    16. 16. Status of Adoption, Methodology and Working Papers <ul><li>Adoption of standards </li></ul><ul><ul><li>Requires legal standing, possibly after extensive appropriate consultation </li></ul></ul><ul><ul><li>SA SAI- annual promulgation of Audit Directive in terms of Public Audit Act (adoption of standards AND key decision-making moments) </li></ul></ul>
    17. 17. Status of Adoption, Methodology and Working Papers (continued) <ul><li>Development of methodology, manuals and working papers </li></ul><ul><ul><li>Requires appropriate governance process, confirming: </li></ul></ul><ul><ul><ul><li>Adherence to auditing standards </li></ul></ul></ul><ul><ul><ul><li>Practical and relevant </li></ul></ul></ul><ul><ul><ul><li>Responsive to needs of users (without compromise to independence) </li></ul></ul></ul><ul><ul><ul><li>Extensive appropriate consultation </li></ul></ul></ul>
    18. 18. Status of Adoption, Methodology and Working Papers (continued) <ul><li>SA SAI – set governance processes with accounting and auditing profession, national treasury, auditors (through product champions), support staff and stakeholders (Parliament, Legislatures, APAC, media) </li></ul>
    19. 19. Conceptual Thinking Behind the Manual and Working Papers <ul><li>Speed of implementation </li></ul><ul><ul><li>Internal readiness </li></ul></ul><ul><ul><li>External readiness </li></ul></ul><ul><ul><li>Is the “high” requirements associated with ISA implementation a limitation OR an opportunity to give more momentum to transformation? </li></ul></ul>
    20. 20. Conceptual Thinking Behind the Manual and Working Papers (Continued) <ul><li>Level of guidance – detailed, but then auditors go for compliance rather than thinking about what they want to achieve </li></ul><ul><li>Cost of implementation (phasing, more guidance to allow for less skilled users/ lower costs) </li></ul><ul><li>Back-up processes </li></ul><ul><ul><li>Governance processes </li></ul></ul><ul><ul><li>Training processes </li></ul></ul><ul><ul><li>Ongoing guidance </li></ul></ul><ul><ul><li>Consultation processes (during audits) </li></ul></ul>
    21. 21. Governance Arrangements <ul><li>Oversight – Technical Committee </li></ul><ul><li>Extensive stakeholder interaction program that feeds into TC and related meetings </li></ul><ul><li>Key stakeholders </li></ul><ul><ul><li>Tri-lateral strategic meeting (AG, ASB and NT – future strategic issues) </li></ul></ul><ul><ul><li>“ Wednesday” meetings (AGSA, ASB and NT – ongoing operational issues) </li></ul></ul>
    22. 22. Governance Arrangements (Continued) <ul><li>Forums </li></ul><ul><ul><li>Profession level </li></ul></ul><ul><ul><ul><li>Accounting – SAICA </li></ul></ul></ul><ul><ul><ul><li>Auditing – IRBA / INTOSAI FAS </li></ul></ul></ul><ul><li>Auditors through product champions (user interface) </li></ul><ul><li>Support services (as and when required) </li></ul>
    23. 23. Audit Manuals <ul><li>Key interpretation of standards </li></ul><ul><li>Serve as key policy statement, covering all “normal” aspects of work </li></ul><ul><li>Talks directly to credibility of work (“stand in court” principle) </li></ul><ul><li>Address any unique applications in area, due to mandate, legislation, nature of entities at hand, etc </li></ul><ul><li>Can’t stand alone, need back-up through working papers, training, guidance, etc. </li></ul>
    24. 24. Working Papers <ul><li>Make the standards and manual practical </li></ul><ul><li>Enough guidance to ensure adherence to standards, but to also allow for auditors to still think </li></ul><ul><li>Give structure to the thinking of the auditor </li></ul><ul><li>Must include prompts to the REQUIREMENTS of the standards </li></ul><ul><li>Must ensure documentation of audit work in line with standards </li></ul><ul><li>Electronic working papers is a must!!! </li></ul>
    25. 25. Training <ul><li>Focus on the essence of audit (what do we want to achieve rather than compliance focus) </li></ul><ul><li>Practical, simulation driven </li></ul><ul><li>Just-in time / support during cycle </li></ul><ul><li>Pro-active </li></ul><ul><li>Structured </li></ul>
    26. 26. Other Considerations <ul><li>Executive / top management buy-in </li></ul><ul><li>Specific planning sessions with key role players (National Treasury, ASB, auditees) before each audit cycle </li></ul><ul><li>Specific debrief sessions with key role players after each session, leading to agreement on work to be done before next cycle (action plans at auditee level, work by standard-setters, training programs) </li></ul>
    27. 27. Other Considerations (Continued) <ul><li>Detailed guidance to back up existing working papers / to deal with unique circumstances </li></ul><ul><li>Confirmed process to source technical opinions (with consideration of specific QC and governance requirements) </li></ul><ul><li>Good relationship with professional bodies </li></ul><ul><li>Back up technical training with good managerial (soft skill) training </li></ul><ul><li>Time… !!! </li></ul>
    28. 28. GAO’s Yellow Book in Relation to INTOSAI and International Standards
    29. 29. <ul><li>GAO is required to use U.S. Government Auditing Standards , commonly known as the Yellow Book. </li></ul><ul><li>We believe the Yellow Book is fully consistent with the ISSAIs. </li></ul>
    30. 30. <ul><li>The Yellow Book incorporates U.S. national auditing standards, which are issued by the American Institute of Certified Public Accountants (AICPA). </li></ul><ul><li>AICPA financial auditing standards are converged with the ISAs. </li></ul>
    31. 31. <ul><li>Yellow Book standards add public sector considerations and requirements to the AICPA’s private sector auditing standards, just as the INTOSAI practice notes add to the ISAs. </li></ul>
    32. 32. Yellow Book and the ISSAIs
    33. 33. <ul><li>GAO is on record in supporting convergence of auditing standards globally. </li></ul>
    34. 34. <ul><li>GAO staff provided critical support in converging AICPA financial auditing standards with the ISAs, including the drafting of Considerations Specific to Governmental Entities. </li></ul>
    35. 35. <ul><li>GAO staff served on Special Expert Teams that drafted numerous INTOSAI financial auditing practice notes, and we reviewed and submitted comments on all the practice notes. </li></ul><ul><li>GAO staff also used the ISSAIs as a reference in writing the recently proposed changes to the Yellow Book, issued in August 2010. </li></ul>
    36. 36. Questions ?