issai 4000: issues coming out of the maintenance groups mona paulsrud cas meeting, oslo 17th of...
TRANSCRIPT
ISSAI 4000:Issues coming out of the maintenance
groups
Mona PaulsrudCAS meeting, Oslo
17th of September 2014
1
Work ahead
2
December 2014:ISSAI 4000 draft for comments in PSC steering committee
May 2015:ISSAI 4000 exposure draft to the PSC steering committee
August- October 2015:ISSAI 4000 exposure period
May 2016:ISSAI 4000 endorsement version to the PSC steering committee
October 2016:ISSAI 4000 endorsement at INCOSAI, Abu Dhabi
Further process on ISSAI 4000 draft
15th of October: Deadline for comments and proposals on language and style
31st of October: Deadaline for comments and proposals on substance and contents
3
Prerequisites from ISSAI 100/400
Process oriented approachRisk based auditing
Professional judgement & skepticismCovering the variety of compliance audit
practices across INTOSAIBoth direct reporting and attestation
engagements
4
Compliance Audit Subject Matters
…the authorities which govern them
“Relevant acts or resolutions of the legislature or other statutory instruments, directions and guidance issued by public sector bodies with powers provided for in statute, with which the audited entity is expected to comply.”
6
Authorities - the sources of audit criteria
Authorities
Criteria
Narrowing down the audit scope..
Authorities in two forms
9
Authorities
Regularity Propriety
GREY ZONE OF INTERPRETATION
How to draw the line..
REGULARITYThe concept that the subject matter
is in accordance with authorizing legislation, regulations issued under
governing legislation and other relevant legal documents which lay
down the rules and procedures to be adhered to by the audited entity which provide a legal framework
within which the subject matter is being exercised, and these are
properly sanctioned.
PROPRIETY
General principles of sound public sector financial
management and conduct of public sector officials.
10
Issues raised
• Does the spirit or intention of laws and regulations belong to regularity or propriety?
• A code of conduct or ethics – would it belong to regularity or propriety?
• Are fraud risks generally linked to breach of propriety?
11
Assurance
Assurance
Intended users wish to be confident about the reliability and relevance of the information which they use as the basis for taking decisions. Audits therefore provide information based on sufficient and appropriate evidence, and auditors should perform procedures to reduce or manage the risk of reaching inappropriate conclusions. The level of assurance that can be provided to the intended user should be communicated in a transparent way. However, due to inherent limitations, audits can never provide absolute assurance.
ISSAI 100 paragraph 31
The core of assurance
Is the audit evidence obtained sufficient and appropriate so as to reduce the audit risk to an
acceptably low level?
Is the audit evidence obtained sufficient and appropriate so as to reduce the audit risk to an
acceptably low level?
Materiality
Risk assessmen
t
Reconsidering:
Communicating assurance
Depending on the audit and the users’ needs, assurance can be communicated - through opinions and conclusions which explicitly convey the level of assurance.
ISSAI 100 para. 32
15
Opinion and conclusion – what is the difference?
The conclusion is a statement of the auditor covering the audit scope on the basis of the findings assessed against the criteria and conveying explicitly the level of assurance of the audit.
NEW ISSAI 4000 para. 158 - 160
An opinion is a statment of the auditor expressed in a standardized form of a clear written expression of modification or unmodification.
NEW ISSAI 4000 para. 161-166
16
Issues raised
• Is an opinion only relevant in attestation engagements? – NO
• Is an opinion only given in relation to the financial statements? – NO
• Can an opinion only be given on quantitative subject matters? - NO
17
Opinion and conclusion – what is the difference?
“The conclusion may be expressed as an elaborate answer to specific audit questions or take the form of a clear written statement of opinion on compliance, often in addition to the opinion on the financial statements. While an opinion is common in attestation engagements, the answering of specific audit questions is more often used in direct reporting engagements.”
NEW ISSAI 4000 para. 160
18
Opinion and conclusion – what is the difference?
“Where an opinion is provided the auditor states whether it is unmodified or has been modified on the basis of the evaluation of materiality and pervasiveness. Delivering an opinion would normally require a more elaborate audit strategy and approach that encompasses a tangible population covered both by quantitative and qualitative sampling during the audit.”
NEW ISSAI 4000 para. 163
19
Opinion and conclusion – what is the difference?
20
Conclusion
Sampling
Opinion
ISSAI 4000 para. 158 - 160
ISSAI 4000 para.161- 166
ISSAI 4000 para.137-141
Audit sampling
21
QuantitativeQualitative
ISSAI 4000 – in need of further elaboration?
• Materiality• Reasonable and limited assurance• Audit scope• Subject matter and criteria in relation to direct
reporting and attestation engagements• Understanding the entity
22
ISSAI 4000 – in need of further elaboration? (continuing)
• Control environment/ intrenal controls• Risk of non compliance• Documentation
• Combinations of compliance with financial and/or performance auditing
23
ISSAI 4000 – the need for further elaborations?
Prioritizations and further work of the committee.
24