auditing in public and private sector
Post on 22-Oct-2014
97 Views
Preview:
TRANSCRIPT
Overview of Public Finance Management
1
Module 1
Public Finance Management (PFM) basically deals with all aspects of resource mobilization and expenditure management in government.
It is an essential part of the governance process. Public Finance Management includes the
following Resource Mobilization Prioritization of programmes The budgetary process Efficient management of resources and
exercising controls
2
Financial Management CyclePlanning &
Programming
Budgeting
Budget, Accounting & Control
Audit & Review
3
Generally, the public finance management in developing countries is poor as a result of lack of transparency and accountability which result in high level of corruption and wastages of public resources.
4
Module 2
GLOBAL BEST PRACTICES IN PUBLIC FINANCIAL
MANAGEMENT
5
OutlineI. Framework
a. Expenditure Management Cycleb. Three Objectivesc. Five Principles
II. Good Practicesa. Basic Institutionsb. Core processes
III. Budget Execution – Objectivesa. Core treasury functionsb. Contingent liabilitiesc. Expenditure Control Approaches
1. Central versus Delegated Control2. General Tensions
d. Managing Welle. FMISf. Essential of Good Financial Management
6
7
Expenditure Management Cycle
Planningsystem
Medium termplans, e.g. threeyear rolling plans
Annual budgetsDevelopment,recurrent and
revenue
Fund releaseprocedure, e.g...
warranting
Accounting forrevenue andexpenditure
Public expenditurereview Institutions
Reports andfinancial statements
Audit system
Project monitoring
Projectappraisal
Resourceallocation
Liquidity
managem
ent
Expen
ditur
e
cont
rol
Monitoring
& controlling
Post eventreview
Accountability
Expenditurereview
Financial management system boundaries
Source: Adapted from Integrated Financial Management. Michael Parry, International Management Consultants Limited. Training Workshop on Government Budgeting in Developing Countries. THE UNITED NATIONS. December 1997.
Three Objectives of Public Expenditure Management SystemsMacrofiscal discipline and stability
Avoid public finance crisesSupport economic growth and stability
Strategic allocation of resourcesMatch government policy with programs,
objectivesTechnical efficiency
Getting the most from spending
8
Basic principles of PEMComprehensiveness
include all revenue and expenditure, all agencies
Accuracyrecord actual transactions and flows
Annualitycover a defined period of time (e.g. one year budget,
multi-year forecasts)
Authoritativenessonly spend as authorized by law
Transparency information on spending is public, timely,
understandable
9
What are Good Practices?Attaining and Maintaining Good Basic
Institutions Basic public finance institutions must work
well for good policy and program outcomes Too often countries reach for advanced
OECD reforms, neglecting basic institutionsDedication to continuous system
examination, learning and improvementinstitutional development is long term
10
What are the basic institutions?
11
LawsPractices
Organizations
Accounting and Record Keeping
Info. System
Control Environment
Reporting
Treasury Budget
Cash
Mgmnt
Debt
Mgmnt
Internal Audit
Multi-year
Plan
ComprEhensIve
External Audit
12
Core ProcessesMinistry of Finance
Treasury
SpendingMinistry
Spending Unit
- Budget Allocations- Supplemental Budgets- Virements- In-year monitoring and correction
- Warrants (cash allocations)- Cash Flow Management (forecasting, planning, sequestration)- debt management- financial asset management- accounting (policy, system management, chart of accounts)- make payments- collect revenues- account management and reconciliation- Central Bank relations
- internal control- program management- spending (commitments)- recording & reporting- payment orders- verification of receipt of goods/services- program/cash plans
Financial Management is Everyone’s Responsibility And Service Delivery is also MoF’s Responsibility
- asset management- procurement, contracting- payroll/personnel mngmnt
Objectives of Budget ExecutionManage Spending and Revenues to
budgetsupport choices of elected officialsallow budget to be planning and steering
toolpromote macrofiscal disciplineReduce opportunities for corruption
Enable program implementation (service delivery)Assure resources flow to programsallow budget to be aid to operational
efficiency through spending unit advance planning, efficient administration
enable program managers to achieve objective
13
Core Treasury FunctionsCash management (flow and stock)Financial asset managementDebt management, servicing;
Guarantee and contingent liability management
Accounting (policy, chart of accounts, general ledger) and reporting
Revenue collection, forecastingAccount management (payment,
collection, reconciliation)Central Bank relations
14
Contingent liabilitiesGovernment acts as a guarantor of debt
repayment in the event that the borrower cannot make repayment, or of payment under certain conditionsLoan, pension benefit, bank deposit,
agricultural priceContingent debt must be managed with
the same detail as direct debt.As with direct debt these contingent
debts must be inventoried and monitored in a central location
Active identification, monitoring, management of risk important 15
Expenditure Control Approaches
Ex Ante (to commitment)
Ex Poste
External (to spending unit)
Centralized commitment control (transaction approval)
Allocations (commitment limits) Warrants (cash limits) Procurement rules Personnel/pay rules
Central internal audit, external audit
Regular reporting Quarterly close-outs
Internal Ministry or spending unit transaction approval
Procedures to minimize risk (internal controls)
Ministry internal audit Performance
Management
16
Central control versus Managerial Flexibility
Tensions between needs of center toControl cash flowControl policy
And agency need to manage programsLarger, less detailed allocationsLonger time horizonGreater transfer authority/flexible application
of resources
17
General Tensions
18
Central control
Delegation
Efficiency, economy + -
Agent “accountability” for results + -
Agent Incentive for off-budget activity
+
-
Fin
anci
al
Man
agem
ent
auth
orit
y
To manage well requires:Monitoring/managing
Cash balancesCash flow
Inflow outflow
CommitmentsArrearsContingent liabilitiesNew legislation/mandatesOff-budget activityUnderstanding future impact of current
decisions
19
What is an FMIS?Financial management system:
Information system that tracks financial events and summarizes information
supports adequate management reporting, policy decisions, fiduciary responsibilities, and preparation of auditable financial statements
Should be designed with good relationships between software, hardware, personnel, procedures, controls and data
Generally, FMIS refers to automating financial operations
20
Definitions
What are core and non-core FMIS systems?Core systems
General ledger, accounts payable and receivable. May include financial reporting, fund management and cost management.
Non-core systemsHR/payroll, budget formulation, revenue
(tax & customs), procurement, inventory, property management, performance, management information
21
Definitions
What is “integrated” FMIS?Can refer to core and non-core integrationBut, generally, four characteristics*
Standard data classification for recording events
Common processes for similar transactionsInternal controls over data entry,
transaction processing, and reporting applied consistently
Design that eliminates unnecessary duplication of transaction entry
22
Definitions
*from Core Financial System Requirement. JFMIP-SR-02-01. Joint Financial Management Improvement Program. Washington, D.C., November 2001.
What constitutes a good FMIS system?Ability to*
Collect accurate, timely, complete, reliable, consistent information
Provide adequate management reportingSupport government-wide and agency policy
decisionsSupport budget preparation and executionFacilitate financial statement preparationProvide information for central agency
budgeting, analysis and government-wide reporting
Provide complete audit trail to facilitate audits
23
*from Core Financial System Requirement. JFMIP-SR-02-01. Joint Financial Management Improvement Program. Washington, D.C., November 2001.
Essentials of Good Financial ExecutionTimely, accurate in-year reporting
Internal controls, auditExternal audit
Sufficient detail to identify sources of overspending
Sufficiently regular reporting to allow timely management intervention
Comprehensive systemAccountability framework, control
environment 24
Criteria for Assessing Budget Execution System
25
Element Budget Execution Features Aggregate Fiscal Discipline
Commitment control system limits commitments to available resources, supporting avoidance of arrears during retrenchment.
Treasury cash management further supports matching of expenditures to revenues. Treasury payment system and internal controls support proper payments. Accounting system and Financial Management Information System (FMIS) support
comprehensive, timely and accurate information on spending and revenues for government and line ministry management.
Fiscal and banking accounts regularly reconciled. Annual accounts closed in timely manner. Debt management assures sustainable debt policy, timely issuance of debt for cash flow
management and reaching the spending target. Internal audit detects and corrects fraud, waste, and abuse; assures integrity of financial
information. External audit assures fairness and accuracy of financial reporting, effectiveness of internal
audit and control systems. Allocative Efficiency
Commitment and Treasury controls execute the budget as approved. Formal, transparent procedures used to amend budget if necessary. Frequency of FMIS reporting allows management action to correct deviations from approved
budget. Technical efficiency
Budget execution (commitment and cash controls) limits critical expenditures, but supports flexible resource use at program level (e.g. across non-personnel economic classifications, with respect to seasonal spending patterns) for efficiency (controls are not excessively detailed to prevent management of program).
FMIS supports program managers. Civil service system supports quality public staff, flexibility in reallocating staff resources,
restructuring workforce. Procurement system supports competitive, efficient, timely contracting. Internal audit may identify options for improved economy and efficiency.
Source: Draft Federal Republic of Yugoslavia PEIR, May 2002
Financial Rules And Regulations In Nigeria (2009 Edition)
Module 3
26
27
Introduction
The financial Regulation is a body of Rules that provide guiding principles, methods and uniformity in the conduct, recording and controlling financial transactions, events and position in government.
They are designed to achieve probity and accountability in government. They are made to guide and regulate actions of executives in order to enable them to make decisions that are rational and non personal.
Financial Rules and Regulations In Nigeria.
28
Other sources of financial Rules, Regulations and Authorities include;
-The Nigerian Constitution, 1999. Highlights key financial requirements like
payment of
revenues into the Federation Account and Consolidated Revenue Fund (CRF) the
authorization
of expenditure from the two accounts, the Audit of Public Accounts, the Revenue
Allocation etc. The Nigerian Constitution. Audit Ordinance Act, as amended.
– Financial (Control and Management) Act 1958, as amended.
– The annual Appropriation law, the Supplementary Appropriation law and the Allocation of Revenue Act 1981,amended.
– The Minister of Finance / Accountant-General of the Federation’s periodic circulars in accordance with either laws and policies
– Other Financial Circulars from the presidency, SGF and HOS.
Financial Rules and Regulations In Nigeria, Cont’d.
29
The Needs for FR.
Financial Regulations are used to:
(i) Guide the day-to-day financial operations of Government ministries, extra-ministerial depts., agencies, parastatals and other arms of government (the Legislature and Judiciary).
(ii) Ensure appropriate system of information flow from management to finance and account staff.
(iii) Provide common standard procedures and guides by which Auditors and Treasury inspectors can ascertain that ministries are able to control and maintain up-to-date records of financial transactions.
(iv) Promote fiscal accountability, management accountability and programme results accountability in government financial management and control.
Financial Rules and Regulations In Nigeria, Cont’d.
.
30
Financial Rules and Regulations In Nigeria, Cont’d.
Major Highlights Accountability and Probity
- Both the AGF and the Accounting Officers (PS & CEOs) are enjoined by FR No. 101 to establish sound financial and accounting systems in government to ensure optimal utilization of scarce resources, strict compliance with FR to achieve government objectives.
Revenue Accounting- All revenues must be paid into government coffers. They must be properly documented.
Rendition of monthly Accounts.- The nature of the Transcript Accounts. The contents and supporting documents required.(sample demonstration) .
“Selected Provisions of the 2009 Revised Financial Regulations”Introduction: The following essential provisions will
be highlighted for in-depth discussion. Financial Authorities and Responsibilities of Public
Officers.Revenue –Collection and Accounting.Authorities for Expenditure.Classification and Control of Expenditure.Payment ProcedureCash Management. ImprestSalary AdministrationInternal Audit
“Selected Provisions of the 2009 Revised Financial Regulations” cont’d
Board of SurveyGovernment VehiclesStore Accounting and CustodyLoss of Government Fund Stock VerificationPublic Procurement ContractsOffences and Sanction.Pension Scheme in the Public service.Financial guidelines for the operations of
parastatals.
“Selected Provisions of the 2009 Revised Financial Regulations” cont’d
Discuss in class the relevant provisions directly from the 2009 Revised Edition of Finance Regulation.
FCT A(Treasury Department) @ 2010 JK Consulting
Co. Ltd.
Module 4Financial Authorities and
Responsibilities of Government Officials
34
35
Financial Authorities and Responsibilities of Public Officers.
The following government officers have important financial responsibilities to perform as enshrined in the finance regulations.
(i) The Minister of Finance
(ii) The Accountant-General of the Federation(iii) The Auditor-General for the Federation
(vi) The Accounting Officers (i.e. the Permanent Secretary and Head of Extra-Ministerial Departments and Agencies
(v) The Treasury Accountants (i.e. the DFAs etc.)
(vi) The Treasury Inspectorate Staff
(vii) The Sub-Accounting Officers
(viii) The Revenue Collectors
(ix) The Imprest Holder
36
Financial Authorities and Responsibilities of Public Officers, Cont’d
(1) The Minister of Finance: The functions include:
formulate fiscal policies of government. Harmonizes fiscal and monetary policies
of government. Handles the formulation, preparation,
execution and monitoring of budget of government.
Issues financial warrant without which the Accountant-General cannot release funds to the ministries and extra-ministerial departments.
Receives statutory financial statements of accounts from the Accountant-General of the Federation.
Debt management of the country.
37
Financial Authorities and Responsibilities of Public Officers, Cont’d
(2) The Accountant-General of the Federation: The functions include: Head of the accounting services and treasury. Serves as the Chief Accounting Officer of receipts and payments
of the government of the federation. Supervise the accounts of the federal ministries and extra-
ministerial departments. Collates, presents and publishes statutory financial statements of
accounts required by the Federal Minister of Finance. Maintains and operates for government the following accounts:
−the Consolidated Revenue Fund (CRF);−Development Fund;−Contingency Fund; and −other Public Funds.
(the AGF provides cash-backing for the operations of government.)
Manages federal government investments through the Ministry of Finance Incorporated (MOFI)
Maintains and operates the federation account. Establishes and supervise the Federal Pay Offices in each state of
the federation.
38
Financial Authorities and Responsibilities of Public Officers, Cont’d
(3) The Accounting Officers: (Permanent Secretary of the respective ministries and Heads of Extra-ministerial departments) are entrusted with the financial stewardship of safeguarding the public funds. Functions include ensuring that; proper budgetary and accounting systems are
established in the ministry or agency. there is proper internal control, accountability and
transparency. management tools are put in place to avoid financial
waste and fraud. all government revenues are collected and paid to
CRF. Monthly and periodical accounting returns and
transcripts are rendered to OAGF. prudence, safety and proper maintenance of all
government monies and assets under his custody. accurate and prompt collection of, and accounting
for, all public monies received and expended. responsibility for answering all audit queries (from
Auditor and PAC) pertaining to his/her ministry or office.
39
Financial Authorities and Responsibilities of Public Officers, Cont’d
(4) Treasury Accountants (DFAs, etc): The functions include: Posted from the OAGF (Treasury) to all ministries. They are to enforce compliance with all the provisions of
the FR. They are to assist the accounting officer to improve the
quality of financial management and control in the public sector.
(5)Treasury Inspectorate Staff: They are from the Headquters of the Office the Accountant
General of the Federation.They carry out: Inspection of the books and records of accounts of
ministries etc. to ensure compliance with FR. Investigation of reported cases of breach of financial
regulation and fraud. Recommendation of appropriate disciplinary action against
erring officers. (6) Internal Auditors:
The functions include: Carry out pre-payment audit of vouchers to ensure they
comply with provisions of financial regulations. Enforce financial regulations
40
Financial Authorities and Responsibilities of Public Officers, Cont’d
7)The Auditor-General for the Federation: The functions include: Responsible for the audit and report on the public
accounts of the federation. Serves as the external auditor for the Federal
Government. Examines and ascertains that all accounts relating to
public funds and property as to whether in his opinion are:− The accounts have been properly kept;− All public monies accounted for essential records
are maintained− Monies have been expended for the purpose for
which they were appropriated and payment fully authorized.
Ensures that essential records are maintained and rules and procedures applied are sufficient to safeguard and control government funds and property.
Has free access to the books, accounts documents, files and records relating to the accounts of all ministries, agencies and extra-ministerial departments.
Submits reports to the National Assembly within 90 days of receipts of AGF financial statements.
41
Financial Authorities and Responsibilities of Public Officers, Cont’d
(8) Sub-Accounting Officers: The officers include:i. The Sub-Treasurer of the Federationii. The Federal Pay Officersiii.The Police Pay Officeriv. The Army Pay Officerv. The Custom Area Pay Officervi.The Pension Pay Officer The functions include: Ensures the disbursement of public money Reports to the Accountant-General of the Federation.
(9) Revenue Collectors and Imprest Holder: The Revenue Collector: Is an officer, other than a Sub-Accounting Officer entrusted
with an official receipt, license or ticket booklet for the regular collection of some particular form of revenue.
The Imprest Holder: Is an officer, other than a Sub-Accounting Officer, entrusted
with the disbursement of public money for which vouchers cannot be presented immediately to a Sub-Accounting Officer for payment.
Keeps a petty cashbook.
THE ROLE OF AUDITING IN PUBLIC AND PRIVATE SECTOR GOVERNANCE
Module 5
42
1
MODERN INTERNAL AUDITING
Module 6
Modern Internal Audit Practice
Introduction
Originally, internal auditing is an attestation to the accuracy of financial matters only;
In modern time, it incorporates services like examination and appraisal of controls, performance, risk and governance to the original role;
Modern Internal Auditor is no more a client’s enemy, but pursues cooperative, friendly and productive working relationship with clients
Definition, Scope and Purpose of Modern Internal Auditing
Internal auditing is a systematic objective appraisal by internal auditors of the diverse operations and controls within an organization to determine whether;
- Financial and operating information is accurate and reliable;
- Risk to the enterprise (or org.) are identified and minimized;
- External regulations and acceptable internal policies and procedures
are followed;
- Satisfactory operating criteria are met;
- Resources are used efficiently and economically; and
- The organization’s objectives are achieved.
All for the purpose of consulting with mgt. and for assisting members of the org. in the effective discharge of their governance responsibilities.
Sources: IIA’s Internal Auditing Standard Board (1999)
Internal Audit.
Based on audit techniques or objectives
Types of Modern Internal Auditing Practice
System based audit
Performance audit or operational audit (otherwise called “valued-for-money audit)
Financial or accounting audit
Compliance audit
Internal audit can be divided based on the audit techniques or objective. They are as follows:
- System based audit performance
- Performance audit or operational audit otherwise called value-for-money
- Financial or accounting audit
- Compliance audit
Internal Audit in Government
As part of content, internal units are mandatory established in government services.
Paragraph 2001 of the FR (financial Regulations) provides the accounting officer of a ministry or extra ministerial department shall ensure that an internal audit is established to provide a complete and continuous audit of the accounts and records of revenue and expenditure, plants, allocated stores and then unallocated stores where applicable.
Internal audit units exist in:
- All self accounting ministries, agencies, offices and Parastatals of government (MDAs).
- All federal pay offices in the state of the federation.- Police Pay Offices.- The Army Pay Offices.- The legislative arm (the parliament)- The judiciary
Internal Auditor Vs External Auditor Similarities and overlaps
(a) Is an organization, employee or can independent entity.
Is an independent contractor.
(b) Serves the need of the organizations, though functions must be managed by the organization.
Serves third parties who need reliable information.
(c) Focuses on future events by evaluating controls designed to assure the accomplishment of entity goals and objectives.
Focuses on the accuracy and understanding of historical events as expressed in the financial statement.
(d) Is directly concerned with prevention of fraud.
Is incidentally concerned with prevention and detection of fraud but directly concerned with when the financial statements may be materially attached.
(e) Is independent of the activities audited, but ready to respond to all elements of management.
Is independent of management and board of directors.
(f) Revenue activities continually. Revenue records supporting financial statements periodically.
Internal Audit and Management
Internal Audit and Management
Internal auditors must have open communication ties with top management to enable them assist and support the management.
Internal auditors must keep the management aware of their concern, duties and discuss any misunderstanding/faulty expectations that management may have as to auditors and duties and responsibility.
The relationship with management is interactive and they are the specialist controls.
Roles of Internal Audit in an Organization.
It supports effective and efficient discharge of the guiding and monitoring duties of the organization’s management by producing assurance services for its internal customers relating to governance, control and risk management processes.
Internal audit brings added value and promotes achievement of the set goals by giving improvement recommendation.
It is management control tools who through its operations assist the entire organization by examining and evaluating the adequacy and efficiency of internal control and quality or operations.
Roles of Internal Audit in an Organization, cont’d
The internal audit verifies that the internal control system functions efficiently economically and effectively in the following areas:- Setting and achievement of objectives and results.- Risk analysis and management.- Quality and continuous improvement of operations.- Organizational functions.- Economical use of resources.- Safeguarding of assets.- Compliance with laws, regulations by the supervisory authorities.
Human Aspect of Internal Auditing
Principles of Management Management deals with establishing objectives and seeing that
they are met through the work of others. An art and a science includes creativity and an intuition as well as an understanding of formal theories, laws, principles and methodologies.
While financial auditing requires an understanding of management principles, internal auditing requires more in depth understanding of these management principles.
- Dealing with people Auditors usually deal with figures, sometimes with
management processes. Management oriented internal auditors deal extensively with people.
- Employee and Management Fraud Wrong doings by deceit goes by many names. It has
been called fraud, white cellar crime, and embezzlement, among other things.
Fraud can therefore be described as a false representation or concealment of a material fact to induce someone to part with something or value. There are two types of fraud:- (i) Employee fraud – fraud against company/office (ii) Management fraud.
INTERNAL CONTROL, AUDIT AND FRAUD PREVENTION
Module 7
The importance of internal control
• In the UK guidance on internal control is knownas Turnbull report:
A company’s system of internal control is important for managing risks to the achievement of the company’s business objectivesInternal control can achieve 3 things:
•
•––
Efficiency & effectiveness of operation
Ensure the reliability of the company’s financialreporting to shareholders
ensure compliance with laws and other requlations–
The importance of internal control (Cont’d)
• Effective financial controls are important
– Ensure proper accounting records are maintained
A company’s strategic objectives and conditions inits business environment are continually changing
(strong system of internal control depends on abilityof the company to identify the changing risks in itsbusiness environment)
Internal Audit
• A systematic examination of the activities andstatus of an entity, based primarily oninvestigation and analysis of its systems,controls and records (CIMA)
Types of
•
audit
Performance audit•
•• Best value audit (VFM audit)Compliance audit
• Post-completion audit• Transactions audit
• Environmental audit• Systems-based audit
• Management audit• Risk-based audit
Financial audit
Internal audit
• An independent appraisal function establishedwithin an organisation to examine itsactivities… The objective… is to assistmembers of the organisation in the effectivedischarge of their responsibilities (CIMA)
Scope of internal audit
• •Effectivenesssystems
of control Integrity of processes andsystems
• •Compliance with policies Ensuring improvementsimplemented
areand regulation
• •Asset acquisitionsecurity
and Corporate governance
• Information integrity
Head of internal audit
propose and implement audit plan• Should
• ShouldOfficer
be independent of the Chief Financial
• Should report to Audit Committee
Systems-based audit
system objectivesproceduresrisk to achievement of objectives
••
•
•
•
•
•
•
Identify
Identify Identify Identify ways to manage the risk
adequateare effective
Decide whether controls are
Test to see whether controlsReport findingsMonitor implementation of recommendations
Risk-based internalaudit
•– Risk management processes are operating as intended
– Risk management processes are of sound design
– Responses to risks are adequate
– Control framework is appropriate
Provides assurance that:
Risk maturity of the organisation
• Risk naive
• Risk aware
• Risk defined (Specific)
• Risk managed
• Risk enabled (allow)
Audit
Terms of reference System definition RisksScope of work
plan
••••••••
Milestones and resources
Reporting and reviewAudit programme and techniquesStaff allocated
Analytic review
• Ratio analysis • Surveys/questionnaires
• •Benchmarking Narratives
• Flowcharting• Inspection
• Testing• Corroboration
• Reconciliation
The whole system of internal controls,•financial and otherwise, establishedto provide reasonable assurance of:
in order
––
–
Effective and efficient operation
Internal financial controlCompliance with laws and regulations
(CIMA)
Internal control
COSO model of internal control(Committee of Sponsoring Organisations, 1992)
• Control environment
• Risk assessment
• Control activities
• Monitoring
• Information and communication
COSO
• Control environmentThe control environment can be thought of asmanagement’s attitude, actions and awareness
the need for internal controls.If senior management do not care about internal controls and feel that it is not worthwhile
of
introducing internal controls then the control systemwill be weak.
Management can try to summarise their commitmentto controls in a number of ways:
Risk assessment (COSO)Controllable risks – for these risks internal procedures can be established
• control
• Uncontrollable risks – for these risks the companymay be able to minimise the risk in other waysoutside the internal control environment.
( i.e. caused by the external environment , Such asinflation)
Control activities (COSO )
••
•
•
•
•
•
•
S
P A M S O AP
Segregation of duties
Physical controlsAuthorisation and
ManagementSupervision
approval
Organisation structure
Arithmetic and accountingPersonnel
controls
Classification
Financial controls
of controls
•
• Non-financial quantitative controls
• Non-financial qualitative controls
Cash controls
• Payments• Banking
• Bank accounts
• Transfers
• Authorisation
• Cash forecasting• Signatories
Debtor controls
• Invoice recording • Collection activity
• Receipt recording • Credit notes
• Bad and doubtful debts • Disputed amounts
• Credit checking • Verification of balances
Inventory
Physical count
controls
• • Storage and security
• •Valuation Surplusstock
and obsolete
• Receipts andprocedures
issues• Stock in transit
Investments and intangibles controls
• Acquisitiondisposal
and• Evidence of ownership
• Periodic review
• Accounting for income
• Valuation
• Amortisation
Fixed asset controls
• Security• Recording
• • DepreciationChecking
• Acquisition and disposal • Obsolescence
Creditors
• Authorisation • Invoice recording
• Payment authorisation• Receipt of goods
• Reconciliations• Invoice checking
• Investigation of disputed amounts• Documentation
Loans
• •Recording Interest
• •Authorisation Loan provisions
Income and expenses
• •Sales documentation Matching
• •Cost recording Authorisation
Payroll controls
• •Recruitment Termination ofemployment
• New employeeauthorisation • No ‘ghosts’
• •Rates of pay Payroll reconciliation
• •Time recording Deductions
• •Leave, sicknessabsenteeism
and Benefits
Dishonestly obtaining an advantage, avoiding• anobligation or causing a lossincluding crimes against:
to another party,
••••••
Customers/clients
EmployersEmployeesFinancial institutionsGovernmentMajor organisations
What is fraud?
Fraud prevention
• Dishonesty: • Opportunity:––
–
–
Pre-employment
Supervision Discipline Leadership
checks– Separation of
duties
Input controls Processing controls Output controlsPhysical security
––
–
–• Motive:
––
–
Employment
Dismissals
conditions
Complaints procedure
Warning signs
••••••••••••
••••••••••••
Culture
Poor internal controlsPoor accounting managementHistory of legal violationsStrained relationship with auditorsLack of supervisionInadequate recruitment processRedundancies Dissatisfied employees Unusual staff behaviour Personal financial pressuresDiscrepancy between earnings and lifestyle
Low salaries
Unsocial hoursNot taking leaveLack of job segregation Lack of asset identification Poor management reporting Alteration of documents Photocopies of documents Missing authorisationsPoor physical security
Poor IT access controls…….etc.!
Fraud risk management strategy
• Fraud prevention
• Fraud identification
• Fraud response
Prevention
Anti-fraud culture•
• Risk awareness
• Whistle blowing
• Sound internal controls
Identification
regular checks• Perform
• Look for warning signals
• Whistleblowers
Response
Disciplinary action
(i)
•
• Civil litigation
• Criminal prosecution
Response (ii)
• Allocate responsibility to:––––––––––
ManagersFinance directorPersonnelAudit committeeInternal auditorsExternal auditorsLegal advisorsPublic relations departmentPoliceInsurers
Computer fraud
• Control and testing of program changes
• Physical IT security
• Password controls
• Output controls
Management
Distortion of results
fraud
•
• Capitalisation of expenses
• Under-provision
• Over-valuation of inventory
CODE OF ETHICS FOR AUDITORS
Module 8
Code of Ethics for Auditors
These are underlying principles and rules of conduct that are desirable of auditors. They are to guide the ethical conduct of auditors.
Principles Auditors are expected to apply & uphold certain
fundamental principles.- Integrity: which establishes trust and
provides basis for reliance on the their judgment.
- Objectivity.- Confidentially.- Competency: must apply knowledge, skills
& experience needed.
Code of Ethics for Auditors,Cont’d
Rules of Conduct1. Integrity
Auditors:(i) Shall perform their work with honesty and responsibility;(ii) Shall observe the laws, rules and regulations expected of them.(iii) Shall not knowingly be party to any illegal activity.
2. ObjectivityAuditors:(i) Shall not participate in any activity or relationship that may impair their unbiased assessment.(ii) Shall not accept anything that may impair or be presumed to impair their professional judgment. (iii) shall disclose all materials, facts known to them that if not disclosed, may distort their reporting of operations under review.
Code of Ethics for Auditors,Cont’d Rules of Conduct, Cont’d
3.Confidentiality Auditors:(i) Shall be prudent in the use of information acquired in the course of their duties.(ii) Shall not use information for any personal gain or detrimental to the interest or welfare of the org.
4.CompetencyAuditors:(i) Shall engage only in those services for which they have the necessary knowledge, have skills and experience.(ii) Shall continually improve proficiency and effectiveness and quality of their service.(iii) shall perform services in accordance with the standards of PPA (professional practice of auditing).
COMPUTER ASSISTED AUDITING
Module 9
97
PERFORMING AN IS AUDIT
What is auditing?Auditing can be defined as a systematic
process by which a competent, independent person objectively obtains and evaluates evidence regarding assertions about an economic entity or event for the purpose of forming an opinion about and reporting on the degree to which the assertion conforms to an identified set of standards.
98
Classification of auditsFinancial audits
Objective of this type of audit is to establish the integrity and reliability of entity’s financial statements
Will generally involve detailed substantive testing of transactions and balances
Operational auditsDesigned to evaluate the internal control
structureExamples include:
Audit of applications control or logical security systems
99
Classification of auditsIntegrated audits
Combination of both financial and operations audit with the objectives of Safeguarding the assets of the company Efficiency and compliance of internal/applications
controls
Administrative auditsThis relates to operational efficiency and
productivity within the organization
100
Classification of auditsInformation systems audits - establishes
within the information Systems Suits:Measures to safeguard the assets of the entityMaintaining data and system integrityEfficient utilization of information resources
Specialized Audits – commissioned and geared towards evaluating internal controls within and around certain specialized circumstances eg.:Outsourcing orOther third-party situations
101
Classification of auditsForensic Audit usually establish evidence of
irregularities or fraud for application by law enforcement agencies and the judiciary.
It covers areas inCorporate fraud investigationCyber crimes – investigation may cover:
Computer hard disksSwitchesRoutersHubs and other electronic devices
Audit programs for the above listed systems audits, are based on the objective and scope of the particular assignment.
102
General audit procedures are the basic steps in the performance of an audit and usually include:Obtaining and recording an understanding of
the audit area/subjectRisk assessment and general audit plan and
scheduleDetailed audit planningPreliminary review of audit area/subjectEvaluating audit area/subjectCompliance testing (often referred to as tests
of controls)Substantive testingReporting (communicating results)Follow – up
Classification of audits
103
Procedures for testing and evaluating systems controls
The Auditor must understand the procedures for testing and evaluating IS control and may include the following:The use of generalized audit software to survey
the contents of data files (including systems logs)
The use of specialized software to assess the contents of operating systems parameter files, (or detect deficiencies in system parameters setting)
Flow-charting techniques for documenting automated applications and business process
The use of audit reports available in operating systems
Documentation reviewobservation
104
Controls ClassificationsCorrective Controls minimize the impact of
a threat.Remedy problems discovered by detective
controlsIdentify the cause of a problemCorrect errors arising from a problemModify the processing system (s) to
minimize future occurrences of the problem Contingency planning
Backup proceduresRerun procedures
105
Audit PhasesAudit phase Identify the area to be audited.
Audit Objective Identify the purpose of the audit. For example , an objective might be to determine that program source code changes occur in a well-defined and controlled environment.
Audit Scope Identify the specific systems, function or unit of the organization to be included in the review. For example, in the previous program changes example, the scope statement night limit the review to a single application system or to a limited period of time.
Pre-audit Planning Identify technical skills and resources needed.Identify the sources of information for test or review such as functional flowcharts, policies, standards, procedures and prior audit work papers.Identify locations or facilities to be audited.
Audit procedures and steps for data gathering
Identify and select the audit approach to verify and test the controls.Identify a list of individuals to interview.Identify and obtain departmental policies, standards and guidelines for review.Develop audit tools and methodology to test and verify control.
106
Audit Phases contd.Procedures for evaluating the test or review results
Organization specific
Procedures for communicating with management
Organization specific
Audit report preparation Identify follow-up review procedures.Identify procedures to evaluate/test operational efficiency and effectiveness.Identify procedures to test controls.Review and evaluate the soundness of documents, policies and procedures.
107
AUDIT METHODOLOGYA product of the audit process is an audit
program that becomes a guide for documenting the various audit steps performed and the extent and types of evidential matter review.
It provides a trail of the process used to perform the audit as well as accountability of performance.
108
AUDIT METHODOLOGYAlthough an audit program does not
necessarily follow a specific set of steps, the IS auditor typically would follow sequential program steps to gain an understanding of the entity under
audit, evaluate the control structure andtest the controls.
109
Audit objectivesAn audit objective refers to the specific
goals of an audit. An audit may have several audit objectives.
They often center on substantiating that internal controls exist to minimize business risks.
They include assuring compliance with legal and regulatory requirements as well as the confidentiality, integrity, reliability and availability of information resources.
110
In planning an IS audit, a key element is to translate basic audit objectives into specific IS audit objectives.
One of the basic purposes of any IS audit is to identify control objectives and the related controls that address the objective.
An Auditor may alternatively assist in assessing the integrity of financial reporting data which is referred to as substantive testing, through computer – assisted audit techniques (CAATs).
Audit objectives
111
Compliance VS. Substantive Testing
Compliance testing is a procedure, by which the IS auditor gathers evidence for the purpose of testing an organization's compliance with control procedures.
Substantive testing is gathering evidence for evaluating the integrity of individual transactions, data or other information.
Compliance test determines if controls are being applied in a manner that complies with management policies and procedures.
It can be used to test the existence and effectiveness of a defined process, which may include a trail of documentary and/or automated evidence.
112
A substantive test substantiates the integrity of actual processing.
It provides evidence of the validity and integrity of the balances in the financial statements and the transactions that support these balances.
Substantive tests can be used to test for monetary errors directly affecting financial statement balances.
Compliance VS. Substantive Testing
113
Understand the Control Environment and Flow of TransactionsReview the system to identify controls.
Test compliance to determine whether controls are functioning
Evaluate the controls to determine the basis for reliance and the nature, scope and timing of substantive tests.
Use two types of substantive tests to evaluate the validity of the data.
Test balances and transactions
Analytical review procedures
114
EvidenceEvidence is any information used by the
IS auditor to determine whether the entity or data being audited follows the established audit criteria or objectives.
It is a requirement that the auditor’s conclusion must be based on sufficient, relevant and competent evidence.
It may include the IS auditor’s observations, notes taken from interviews, material extracted from correspondence and internal documentation, or the results of audit test procedures.
115
Determinants for evaluating the reliability of audit evidence include: Independence of the provider of the evidence.Qualifications of the individual providing the
information/evidenceObjectivity of the evidence – objective evidence is more
reliable than evidence that requires judgment or interpretation. E.g. a cash count.
Timing of the evidence – e.g. evidence through EDI, DIP (document image processing), may not be retrievable after a specified period of time if changes to the files are not controlled or the files are not backed up.
Both the quality and quantity of the evidence must be assessed by the IS auditor.
Evidence
116
Techniques for gathering evidenceReviewing information systems
organization structuresReviewing IS policies, procedures and
standards ––— Systems development initiating documents
(e.g., feasibility study)Functional requirements and design
specificationsTest plans and reportsProgram and operations documentsProgram change logs and histories
117
User manualsOperations manualsSecurity – related documents (e.g., security
plans, risk assessments)Quality assurance reports
Interviewing appropriate personnelObserving processes and employee
performance
Techniques for gathering evidence
118
Computer – assisted audit techniques (CAATs)CAATs are tools used in gathering information from
the processing environments.They enable IS auditor in performing audits to gather
information independentlyThey provide a means to gain access and analyze data
for a predetermined audit objective and to report the audit findings with emphasis on the reliability of the records produced and maintained in the system.
The reliability of the source of the information used provides reassurance on findings generated.
They include:Generalized audit softwareUtility softwareTest data, etc.
119
CAATs (contd)Generalized audit software (GAS) refers to standard
software that has the capacity to directly read and access data from various database platforms, flat-file systems and ASCII formats.
It supports the following functions: File access – reading of different record formats and file
structures File reorganization – indexing, sorting, merging and linking
with another file Data selection – global filtration conditions and selection
criteria Statistical functions - sampling, stratification and frequency
analysis Arithmetical functions – arithmetic operators and functions
120
CAATs (contd)Utility software – the subset of software, such as
database management system’s report generators, that provides evidence to the auditors about system control effectiveness
Test data – involve the auditors using a sample set of data to assess whether logic errors exist in a program and whether the program meets its objectives.
Audit-expert system will give direction and valuable information to all levels of auditors while carrying out the audit because the query-based system is built on the knowledge base of the senior auditors or managers.
121
Tools and techniques for audit proceduresThe foregoing can be used in performing
various audit procedures:Test of details of transactions and balancesAnalytical review proceduresCompliance tests of IS general controlsCompliance tests of IS application controlsPenetration and OS vulnerability assessment
testing.The auditor should have a thorough
understanding of CAATs and know where and when to apply them.
122
CAATs SummaryCAATs offer the following advantages:
Improved audit efficiencyReduced level of audit riskGreater independence from the auditeeBroader and more consistent audit coverageFaster availability of information Greater flexibility of run timesImproved exception identificationGreater opportunity to quantify internal control
weaknessesEnhanced samplingCost savings over time.
123
Issues to consider before developing CAATs are:Ease of use, both for existing audit staff and
future staffTraining requirementsComplexity of coding and maintenanceFlexibility of usesInstallation requirementsProcessing efficiencies (esp. With a PC CAAT)Effort required to bring the source data into
the CAATs for analysis.
CAATs summary
124
Online reports detailing high-risk issues for review
Commented program listingFlowchartsSample reports Record and file layoutsField definitionsOperating instructionsDescription of applicable source
documents
Examples of documentation to be retained when developing CAATs
125
EVALUATION OF AUDIT STRTENGTHS AND WEAKNESSESAfter developing an audit program and
gathering audit evidence, the next step is an evaluation of the information gathered in order to develop an audit opinion.
The IS auditor has to consider a series of strengths and weaknesses and then develop audit opinions and recommendations.
The IS auditor is required to make judgments that are often gained from experience, rather than from reference materials.
126
EVALUATION OF AUDIT STRTENGTHS AND WEAKNESSESISACA’s standard for IS auditing 030.020,
Professional Care, is particularly important to the IS auditor in evaluating audit strengths and weaknesses.
The IS auditor should assess the results of the evidence gathered for compliance with the control requirements or objectives established during the planning stage of the audit.
Considerable judgment is required as controls are often unclear. In essence, controls should be in place to remove or minimize every perceived risk or threat to the entity being audited.
127
EVALUATION OF AUDIT STRTENGTHS AND WEAKNESSESAs part of IS review, the IS auditor may
discover a variety of strong and weak controls.
In some instances, one strong control may compensate for a weak control in another area. E.g. if the IS auditor finds weaknesses in a systems transaction error report, the IS auditor may find that a detailed manual balancing process over all transactions compensates for the weaknesses in the error report.
128
EVALUATION OF AUDIT STRTENGTHS AND WEAKNESSESThe IS auditor should be aware of compensating
controls in areas where controls have been identified as weak.
Compensating control situation occurs when one stronger control supports a weaker one.
Overlapping controls are two strong controls. E.g. a data center employs a card key system to control physical access and a guard inside the door requires employees to show their card key or badge. Either control might be adequate to restrict access and the two complement each other.
129
EVALUATION OF AUDIT STRTENGTHS AND WEAKNESSESA control objective will not be achieved by
considering one control adequate. The IS auditor should perform a variety of testing procedures and evaluate how these relate to one another.
An IS auditor should always review for compensating controls prior to reporting a control weakness.
top related