The 9th ASOSAI Assembly and 2nd Symposium on "Quality Management in Public Audit" was hosted by the Commission on Audit, Philippines from Oct.21-26, 2003 at Manila. One hundred and eighteen participants from 33 Supreme Audit Institutions, seven observers from the INTOSAI General Secretariat, IJGA, ADB, IDI and twenty-three observers from non-member SAIs attended the assembly. The 32nd & 33rd Governing Board Meetings were held on October 20 and 24 respectively.
The inauguration of the Assembly took place on Oct. 21, 2003 at the Philippines International Convention Center, Manila. Mr. Teofisto J. Guingona Jr., Vice President of the Philippines, the guest of honour and keynote speaker, declared the Assembly open. Mr. Carague, Chairman of the Commission on Audit, Philippines and host of the Assembly, welcomed the delegates and urged them to make use of the gathering to renew old ties and perpetuate the bond of friendship and camaraderie to ensure continued smooth functioning of ASOSAI. In his address, Dr. Panya Tantiyavarong, Chairman –ASOSAI, mentioned that "ASOSAI is one of the successful institutions that is increasingly performing a vital role in supporting good governance, transparency and accountability". Dr. Gertrude Schlicker, representing the INTOSAI Secretariat, read the message of Dr. Franz Fiedler, Secretary General of ASOSAI. Dr. Panya Tantiyavarong, Chairman, ASOSAI and Mr. Vijayendra N. Kaul, Secretary of General of ASOSAI, did the honours of unveiling the marker that would perpetuate the memory of this historic event.
SAI-Japan, Administrator of the ASOSAI Training Programmes, presented a report on training activities in ASOSAI.
The Assembly approved ASOSAI Guidelines on Fraud and Corruption and the final output of the 6th ASOSAI Research Project on IT Audit.
The INTOSAI Development Initiative (IDI), which was also invited to the workshop, reported on its cooperation with ASOSAI in the last three years.
The Assembly also approved the Budget for the next triennial and elected the new Governing Board of ASOSAI. The Governing Board now consists of Philippines as the Chairman, India as the Secretary General and Bhutan, Bangladesh, China, Japan, Malaysia, Pakistan and Saudi Arabia as members. The Audit Committee now comprises of Indonesia and Turkey.
The ASOSAI Journal Award was presented to the article "Preventing Audit Risk in an IT Audit Environment" from SAI-China, published in the 2003 issue of the Journal.
It was decided that the next (i.e. 10th ) ASOSAI Assembly would be held in China in 2006 and the 34th meeting of the ASOSAI Governing Board will be held in New Delhi from December 1-3, 2004.
Apart from professional success, SAI-Philippines, the host of the Assembly, did not leave any stone unturned to take care of the delegates and to show them the beautiful and progressive city of Manila. The welcome reception by the host was a splendid show with signature dance numbers performed by the world acclaimed Bayanihan, the National Folk Dance Company. Excursions included a tour to Tagaytay Highlands located 2500 feet above sea level, a venue considered very conducive to spiritual meditation.
The second ASOSAI Symposium, on the theme ‘Quality Management in Public Audit’, was held on October 22, 2003 at Manila, where delegates from various members SAIs of ASOSAI had gathered on the occasion of the 9th ASOSAI Assembly.
The Symposium began with an introduction of the topic by Mr. Vijayendra N. Kaul, Secretary General of ASOSAI. Mr. Kaul mentioned that the subject of the symposium had been chosen on the basis of a survey conducted among the ASOSAI membership. He brought out the importance of the topic and its direct nexus with the reliability and credibility of the audit process, as also with the cost and productivity of audit. He mentioned that not many products had been developed which could be applied on a standard basis to systems across nations because systems varied from country to country and quality had a different meaning in each jurisdiction.
Dr. Roberto F. de Ocampo, President of the Asian Institute of Management, Manila delivered the keynote address. He defined ‘quality audit’ as meaning a balance between discretion and common sense, as opposed to strict application of rules; and an ability to prioritise, as against an overzealous passion for details. He mentioned the history of the Philippines’s approach to public audit, noting that prior to 1986, the norm was a pre-audit system. In 1989, the Commission on Audit lifted the pre-audit requisite, retaining it only for selected transactions. He talked of the role of the audit committees and how they had become conspicuous in terms of responsibility and accountability. He emphasized that measures to improve governance in public audit should strike an appropriate balance between responsibility and authority without stifling initiative. Government audit had to go beyond checking compliance with rules and minimum standards. Quality audit had to be logical, well prioritized and with a view to achieving long term benefits. It should be of a quality that lends itself to bringing the economy to a higher plane of development.
Mr. Muhammad Yunis Khan, Comptroller & Auditor General of Pakistan, presented a special report. He explained the separation of audit and accounts in Pakistan and spoke of his experience with the "Project for Improvement of Financial Reporting and Audit (PIFRA)" funded by the World Bank, through which accounting reforms were being implemented. He mentioned the challenges faced by SAI-Pakistan in managing quality of audit spread over multiple locations, mentioning that the challenge was to go beyond certification of accounts and look at performance. He emphasized the importance of guidance standards and methodologies to ensure that the assurance provided by a SAI was adequate and credible.
The Panel discussion was moderated by Mr. Roberto B. Catli, Assistant Commissioner, Commission on Audit, Philippines. The panelists included:
Mr. Asif Ali, Comptroller & Auditor General of Bangladesh, Dr. Gertrude Schlicker, Deputy Director, INTOSAI General Secretariat, Mr. Kevin Brady, Controller and Auditor General of New Zealand and Mr. Sunil K. Bahri, Principal Director, Office of the Comptroller & Auditor General of India
Dr. Schlicker spoke of quality management as a process for providing an SAI with a reasonable assurance that its audits were carried out economically, efficiently and effectively and that this process was continually improved over time. She made a mention of the INTOSAI Auditing Standards, as well as the elaborated European Implementing Guidelines for these standards. She mentioned that quality assurance and audit was a two-stage process. In the first stage, the SAI had to define appropriate standards/level of quality for its outputs. At the second stage, it had to define policies to review the effectiveness of these standards and procedures. She spoke of the major components of quality management, as well as obtaining post-audit quality assurance reviews. She drew attention to the importance of focusing on elements of institutional management that would contribute to the high quality and effectiveness of the SAI.
Mr. Asif Ali, Comptroller & Auditor General of Bangladesh defined audit quality as enhanced output by the SAI. He elaborated, in detail, the measures taken by the SAI of Bangladesh in this regard, including drawing up of short-term, mid-term and long-term audit plans; monitoring, feedback and inspections; quality assurance guidelines; restructuring of the SAI; infrastructural development and remodeling of auditing standards.
Mr. Sunil K. Bahri from SAI-India spoke of the initiatives taken by SAI-India towards improving quality. He mentioned the need to measure quality of audit in terms of its effectiveness and explained a matrix by which every report is valued, known as the desirability-acceptability matrix. He also spoke of the use of information technology by SAI India in standardizing auditing, mentioning workflow automation, IDEA, Teammate, CoBIT framework for IT Audit applications and creating an audit management system. He mentioned other initiatives such as external certification, which could bring in an external review of the processes followed by an SAI and Peer reviews for ensuring that proper quality standards were being followed. Other initiatives mentioned included establishment of an accountability regime and revamping technical inspections, as well as internal audit within the organization to ensure compliance with auditing standards.
The last panelist was Mr. Kevin Brady, Controller and Auditor General of New Zealand. He mentioned four elements of this broad topic. These were: an understanding of the work environment, ensuring availability of quality human resources, promotion of good governance and practicing what we preached. He mentioned that, in regard to the analysis of the environment, an SAI had to identify key issues where it could make a difference. This could be followed up either by adding these as part of the annual audit process, or by conducting specific reviews and giving advice to the key players.
A number of contributions were made by other speakers, including Mr. Patrick Barrett, Auditor-General of Australia, who mentioned that quick harmonization of national and international standards was an important issue, as also the peer review process.
Mr. Catli, who thanked all the panel members for their contribution, concluded the discussion.
(The official record of proceedings can be downloaded from ASOSAI website.)
The 32nd Governing Board meeting of ASOSAI was held on Oct. 20, 2003, prior to the IX ASOSAI Assembly in Manila, Philippines. During the meeting, the Secretary General of ASOSAI presented the budget for the period 2003-2005. It was decided that, training being the major focus of ASOSAI activities, the entire amount of voluntary contributions should be allocated towards training activities. The Governing Board also made an appeal to members to make voluntary contributions so that scale of training activities could be enhanced.
The Board approved the final draft of the 6th ASOSAI research Project on "IT Audit" based on the inputs received from the members. It was decided that SAI-India would get the 6th ASOSAI Research Project printed and dispatched at its own cost. Twenty copies of the project would be supplied free of cost to all members of the ASOSAI. It would also be available on the ASOSAI web-site.
The editor of the Asian Journal of Government Audit requested support from the member SAIs in the form of commitments for good quality articles reporting on any issues of relevance to member SAIs, particularly articles reporting on new technical developments in the fields of audit and accounts in member SAIs. Member from Bangladesh proposed that considering the usefulness of the Journal, its frequency could be increased.
33rd Governing Board Meeting of ASOSAI : The members of the Governing Board met immediately after the IX ASOSAI Assembly on October 25, 2003 at Manila. Among other issues, it was decided that the 7th ASOSAI Research Project would be on "Audit Quality Management system". It was agreed that the output of the project would provide specific guidance to member SAIs in establishing an Audit Quality Management System.
The new Governing Board of ASOSAI has the following members:
|
Chairman |
SAI-Philippines |
|
Secretary General |
SAI-India |
|
Next Host of Assembly |
SAI-China |
|
Special Staff |
SAI-Japan |
|
Members |
SAIs of Bangladesh, |
The two Audit Committee members are the SAIs of Indonesia and Turkey.
The next (i.e. 34th) Governing Board meeting of ASOSAI Governing Board would be held in New Delhi between December 1-3, 2004.
The 6th ASOSAI Research Project on Audit of Information Technology (IT) was approved by the 31st ASOSAI Governing Board Meeting held in October 2002 in Manila. Four SAIs were appointed as members of the research team, namely Australia, China, India and Malaysia. Malaysia served as the team leader. The output of the Research Project is Guidelines on the Audit which were adopted by the 9th ASOSAI Research.
The guidelines comprise four parts, Part I on IT Framework, Part II on IT Control Audit, Part III on Information System Development Audit, and Part IV on Computer Assisted Audit Techniques and Tools (CAATTs). The guidelines introduce auditors to the IT Audit Framework where aspects on IT environment and controls; established IT Audit Standards; related audit risks; and types of IT audit that could be performed as an integral part of the traditional audit are explained. These guidelines also highlight some salient features of control assessment frameworks, samples on survey questionnaires on preliminary assessment of IT environment and primary features of IT controls, sample on work programme for audit of system development and illustrations on the use of CAATTs. Based on research from the established sources on IT Audit, the scope of the guidelines has covered the basic requirements for conducting an IT Audit and strongly recommended that ASOSAI members utilise them as the ‘Best Practices Guide on IT Audit’.
The guidelines are simple but concise, considering the varying degree of IT Audit work undertaken by the ASOSAI members. This is to avoid ambiguity and confusion to newcomers to IT Audit. In view of this, the research team felt that the formulation of the ASOSAI Training Programme on IT Audit be in tandem with the content of these guidelines so that the theoretical understanding on IT Audit could be reinforced through the hands-on training. Adopting such approach will make the practicality of these guidelines very much appreciated by the ASOSAI members. Continuous efforts should be made to update the contents to keep in pace with the technological and environmental change to maintain its relevancy and acceptability among ASOSAI members as an authoritative document on IT audit.
The team members to whom thanks are due are H.E Datuk Dr. Hadenan bin Abdul Jalil (Auditor-General of Malaysia), Mr. Abdul Rashid Yaakub and Mr. Khalid Khan from Malaysia, Mr. P.K. Brahma and Mr. Rajesh Goel from India, Mr. Wayne Jones from Australia and Ms. Yang Li from China.
(The Research Project output can be downloaded from ASOSAI website.)
The 9th ASOSAI Assembly held in Manila, Philippines approved the ASOSAI guidelines for dealing with Fraud and Corruption. These guidelines were an outcome of the 31st GB meeting of ASOSAI held in Manila on 24 October, 2002 which established an ad-hoc working group and a Core Member Task Force to develop regional guidelines on dealing with Fraud and Corruption.
While the working group comprised nominees of the SAIs of Bangladesh, India, Japan, Korea, Malaysia, Nepal, Pakistan, Philippines, Thailand and Turkey, the SAIs of India, Japan, Pakistan and Philippines were represented on the Core Member Task Force.
The work of developing the Guidelines was initiated by SAI-Japan by conducting a questionnaire-based survey on existing approaches and practices followed by member SAIs. The survey was conducted from December 2002 to January 2003.
SAI-Japan also developed a Base Document for the Guidelines, taking into consideration the responses to the survey questionnaire and related professional material. The Working Group developed a Working Draft of the Guidelines during a two week Workshop held in Tokyo in May 2003. It was refined into the First Exposure Draft of the ASOSAI Audit Guidelines on Fraud and Corruption by the Core Member Task Force. The First Exposure Draft was sent to all the Governing Board members for their comments in July 2003.
Taking into consideration the comments of the Governing Board members on the First Exposure Draft, the Core Member Task Force prepared a Second Exposure Draft, which was sent to all the ASOSAI members as advance information for the 9th ASOSAI Assembly in October 2003. After that, the Core Member Task Force made efforts to refine the Draft into the Final Draft of the ASOSAI Guidelines for dealing with Fraud and Corruption.
The Final Draft was discussed and supported by the Training Committee on 19 October 2003, and approved at the 32nd Governing Board meeting on 20 October 2003 and the 9th Assembly on 22 October 2003.
The working draft is divided into three chapters and has three appendices. These are:
Chapter I : Introduction
The first chapter gives a background on the role of audit in addressing concerns related to fraud and corruption and the relevant INTOSAI observations in this regard. It then attempts a broad definition of fraud and corruption (F&C) delineating the division of responsibilities for prevention of F & C between the management and audit. Next, it gives recognition to the concern that SAIs should have an adequate audit mandate to deal with cases of F & C in planning and conducting an audit.
Chapter II : Understanding Fraud and Corruption
This chapter deals with:
Specific definitions of F&C,
Elements of F&C,
Motivational factors influencing F&C,
Organizational/Environmental factors influencing F&C,
Types of F&C,
Identification of high risk areas,
Contract F&C and
Computer fraud.
Chapter III : Treatment of F&C
This chapter is divided into four parts, namely
Basic principles
General Standards
Field Standards
Reporting Standards
Against each of these principles standards, the relevant INTOSAI Guidance and the proposed ASOSAI Guidelines are provided. A total of 30 ASOSAI Guidelines have been so proposed.
Three appendices follow these three chapters. They are:
Appendix 1: dealing with Types of F&C in Contracts
Appendix 2: dealing with warning signs of possible F&C in contracts
Appendix 3: dealing with audit evidence
The Guidelines are expected to be used as a model for each SAI to develop its own guidelines, through suitable modifications, wherever necessary. It is expected that they will be useful to SAIs in dealing with cases of fraud and corruption.
(Guidelines can be downloaded from ASOSAI website.)
The 33rd Governing Board meeting of ASOSAI, held at Philippines, Manila, in October, 2003 decided that the 7th ASOSAI Research Project would be on the subject "Audit Quality Management System". There was also a consensus in the deliberations that the output of the project should provide specific guidance to member SAIs in establishing an audit quality management system. The Governing Board authorized the Secretary General, ASOSAI to take further action in this regard.
Based on this, the ASOSAI Secretariat drew up a proposed implementation model for the project. Under this model, the research project was to be split up into four phases:
|
Phase I: |
Compiling prevalent Audit Quality Management practices both in private and public sector auditing; |
|
Phase II: |
Preparing a model Audit Quality Management System based on the findings from Phase-I; |
|
Phase III: |
Implementation of the Audit Quality Management System prepared under Phase II in a few selected SAIs including those which are Members of the Research Project; |
|
Phase IV: |
Reviewing the lessons from Phase III and preparing a final document which would include success stories of Phase III. |
Nine tentative milestones were also drawn up for the project. After obtaining concurrence of the members of the Governing Board, the model was then circulated to all ASOSAI members, who were also surveyed on their interest in joining the research team.
The SAIs of Bangladesh, China, Malaysia, Philippines, Pakistan, Yemen and India expressed their interest in joining the Research team and were admitted to the same.
In addition SAIs of Papua New Guinea, Kazakhstan and Cyprus have expressed their willingness to join phase-III.
The project commenced with the hosting of a workshop on Audit Quality Management Practices (both in the private and public sectors), at the International Centre for Information Systems and Audit (ICISA) at New Delhi between 31 March to 2nd April, 2004. Subject Matter Experts from the SAIs of USA, Canada and UK also attended the workshop, along with representatives from the private sector.
The entire cost for the workshop excluding air travel was borne by the host viz SAI India.
The project is expected to culminate with the presentation of the final project output to the 36th Governing Board and 10th ASOSAI Assembly, for their approval, in end 2006.