Convergence of Public Sector Audit Standards
Jan Van Schalkwyk, Acting Corporate Executive - Auditor-General of South Africa
Kelly Anerud , Senior Technical Manager, The International Federation of Accountants (IFAC)
Gail Flister Vallieres, Assistant Director, Financial Management and Assurance GAO
Jeanette Franzell, Managing Director, Financial Management and Assurance
GAO, Moderator
1. Convergence of Public Sector Audit Standards December 6, 2010 Jeanette Franzel, Managing Director, GAO Kelly Anerud, Senior Technical Manager, IFAC Jan Van Schalkwyk, Corporate Executive, Auditor-General of South Africa Gail Flister Vallieres, Assistant Director, GAO
6. Financial Audit Guidelines I nternational S tandard on A uditing P ractice N ote + I nternational S tandards of S upreme A udit I nstitutions =
7. Financial Audit Guidelines Structure for Development *Led by Swedish National Audit Office. Members include SAIs of Cameroon, Canada, Korea, European Court of Auditors, Mexico, Namibia, Norway, South Africa, United States, United Kingdom INTOSAI Professional Standards Committee INCOSAI INTOSAI Governing Board SAI Independence Accounting Standards & Reporting Internal control Standards Performance Audit Compliance Audit Financial Audit Guidelines* Focus Group Project Director & Project Secretariat Reference Panel Issues Paper First Read Exposure Draft Review of Comments Final ISA PSC IAASB INTOSAI ”Practice Note”
INTOSAI has adopted the “dual approach” ie leverage on high-quality existing standards where possible. Where these are not available/relevant, INTOSAI will develop standards or guidelines to fill such needs (eg Practice Notes or Compliance Audit Guidelines). Within Financial Audit, this involves cooperation with IAASB – one of 4 standard setting boards operating under the auspices of IFAC. From IAASB’s perspective: We believe that the potential for a common core of auditing standards used by both Supreme Auditors and the private sector is a step towards common understanding and mutual acceptance of audit reports by the two sectors in a global context. IFAC calls on G20 for broad and swift action to greatly improve government transparency and accountability as a means toward global fiscal sustainability. “Governments require that private sector companies report high-quality financial information to their investors and stakeholders. It’s time for the public sector to practice what it preaches.”
For financial audit: IFAC’s ISA + INTOSAI’s PN = INTOSAI’s ISSAI ISSAIs for financial audit are also referred to as the Financial Audit Guidelines
INTOSAI’s structure on the left. IFAC’s process on the right. INTOSAI is involved in key steps, especially where an INTOSAI expert has been nominated to participate as a member in an IAASB task force.
Member nominated by INTOSAI, but represents himself. Currently is Gert Jonsson from Swedish SAI. One of three public members on IAASB. Comment letters from INTOSAI/FAS as well as individual SAIs. Representation on CAG is more representative of the organization, rather than the individual person
Terminology – Have attempted to neutralize terminology. In addition, mention should consider the ‘public sector equivalent’. (eg firm, partner, listed entity). Another example: ‘business risk’. The business risk general concept applies in the context of identifying and assessing risk in public sector audit work. In the public sector, business risk relates to the risk that government activities, including relevant programs, program strategies, and objectives, will not be completed or achieved. In addition, risks related to issues such as the political climate, public interest, and program sensitivity or potential non-compliance with legislation or proper authority are relevant in the public sector context. Broader Mandate –may be broader than in the private sector and may include aspects of compliance, public accountability, and sound public sector financial management . May include elements of Compliance Audit (funds have been used for intended purposes and with proper authority) or Performance Audit (economical, efficient and effective use of funds) In addition to the audit of financial statements, many public sector engagements include additional audit responsibilities with respect to the consideration of laws and regulations which have no material effect on the financial statements. Beyond expressing an opinion on the financial statements, public sector auditors focus on: Credible and effective public sector Change agents for continual improvement Public interest - input to the Parliament / legislature Compliance and use of public resources for intended purposes (eg procurement, grants) Due process rights of individuals Inability to withdraw – AG may have fixed terms of appointment and cannot withdraw, even if this would be natural solution in the private sector (eg unwillingness to provide saae). Increased findings often result in increased work effort (as opposed to withdrawal in private sector) Terms of Engagement vs. Legal Mandate – in PS, the SAI has a legal mandate to perform its work and engagement letters are not common. Nevertheless, the need for a cooperative relationship with the audited entity is common to both sectors. Engagement acceptance routines may provide useful information for risk assessment and reporting responsibilities. Use of engagement letters is encouraged. Quality Assurance – private sector the engagement has individual responsibility and can bind the firm. In PS all may report to AG. Therefore Supreme Audit Institutions may establish policies and procedures to promote compliance with the spirit of this requirement (e.g., by rotating key personnel with operational responsibility for the audit engagement, requiring engagement quality control reviews, or carrying out regular peer reviews). Documentation – many common principles, but some unique public sector aspects such as ‘sunshine laws” – FOIA in USA, documentation may be part of public journal. May also be additional requirements as to retention (historical value). Also security clearance may be an issue for some sectors (defense or other matters of national security), eg conflict between confidentiality vs. third party access
Fraud – responsibilities may be broader than in private sector. Public sector auditors may have formally mandated responsibility to detect fraud, and in addition, the use of public monies tends to impose a higher profile on fraud issues. As a result auditors may need to be responsive to public expectations regarding detection of fraud. Communication – may be a challenge to identify ‘those charged with governance” – another public sector body (department/ministry), legislators, the public? Requirements may also be broader, ie communicating to legislators, regulators or funding agencies. Risk Assessment - To gain an understanding of the entity, public sector auditors consider their broader mandate as well as any relevant legislation, regulations, directives, or other requirements that affect the entity’s operations. Management objectives, including public accountability concerns, are also considered. Risk assessment information may also be obtained from performance auditors or other relevant sources, Review of internal controls may be broader and reporting requirements more comprehensive. Materiality - The broader mandate in the public sector may require audits of certain aspects related to compliance and internal control. While misstatements of small monetary amounts may be deemed trivial, even small deviations related to compliance or internal control are, by their nature, generally not seen as trivial. Even if a transaction – regardless of size – is correctly recorded in the financial statements, the transaction represents an instance of non-compliance or a control deviation if it is illegal or fraudulent or if the control was not followed. Many public sector auditors have a responsibility to report all (not only non-trivial) identified misstatements or compliance and control deviations to management or those charged with governance. Such misstatements or deviations may also have implications in a broader context. Based on their mandates, some Supreme Audit Institutions may also order that any instances of noncompliance be corrected. Reporting - The same structure is normally relevant to public sector audit reports even though they tend to be longer and include a wider range of matters. In the public sector laws, the audit mandate or common practice may lead the public sector auditor to report findings, conclusions, recommendations and management responses. Such reporting is supplementary to the auditor’s report on the financial statements in accordance with ISSAI 1700.