“Auditing Principle” here refers to Basic Principles as given in the INTOSAI Standards.

3.1 The SAI should consider compliance with the INTOSAI auditing standards in all matters that are deemed material. (paragraph 1.0.6 (a))

“INTOSAI Guidance” refers to the explanation of the Basic Principles, General Standards, Field Standards, and Reporting Standards given in the INTOSAI Standards.

In general terms, a matter may be judged material if knowledge of it would be likely to influence the user of the financial statements or the performance audit report. (paragraph 1.0.9)

Materiality is often considered in terms of value but the inherent nature or characteristics of an item or group of items may also render a matter material-for example, where the law or regulation requires it to be disclosed separately regardless of the amount involved. (paragraph 1.0.10)

In addition to materiality by value and by nature, a matter may be material because of the context in which it occurs. For example, considering an item in relation to:

(a) the overall view given to the financial information;

(b) the total of which it forms a part;

(c) associated terms;

(d) the corresponding amount in previous years. (paragraph 1.0.11)

“ASOSAI Guideline” is the specific audit guideline on fraud and corruption as recommended by ASOSAI.

While determining materiality levels for different audit areas the SAI may take into account adjustments to the materiality level that may make audit more responsive to risk arising from fraud and corruption.

3.2 The SAI should apply its own judgment to the diverse situations that arise in the course of government auditing. (paragraph 1.0.6 (b))

Audit evidence plays an important part in the auditor's decision concerning the selection of issues and areas for audit and the nature, timing and extent of audit tests and procedures. (paragraph 1.0.16)

SAIs should apply its own judgement to determine the extent of audit investigation to be undertaken in cases of suspected fraud and corruption.

3.3 With increased public consciousness, the demand for public accountability of persons or entities managing public resources has become increasingly evident so that there is a need for the accountability process to be in place and operating effectively. (paragraph 1.0.6 (c))

With an increasing concern on fraud and corruption SAIs are expected to demonstrate that the audit addresses these concerns. The SAIs should actively consider adopting a formal policy or strategy for deterring fraud and corruption.

3.4 Development of adequate information, control, evaluation and reporting systems within the government will facilitate the accountability process. Management is responsible for correctness and sufficiency of the form and content of the financial reports and other information. (paragraph 1.0.6 (d))

Appropriate authorities should ensure the promulgation of acceptable accounting standards for financial reporting and disclosure relevant to the needs of the government, and audited entities should develop specific and measurable objectives and performance targets. (paragraph 1.0.6 (e))

Consistent application of acceptable accounting standards should result in the fair presentation of the financial position and the results of operations. (paragraph 1.0.6 (f))

The correctness and sufficiency of the financial reports and statements are the entity's expression of the financial position and the results of operations. It is also the entity's obligation to design a practical system which will provide relevant and reliable information. (paragraph 1.0.24)

The SAIs should work with the accounting standards setting organisations to help ensure that proper accounting standards are issued for the government. (paragraph 1.0.26)

SAI should review whether applicable accounting standards ensure adequate recognition of assets and liabilities and disclosure of true financial position inclusive of any losses resulting from fraud and corruption. In case it observes any deficiency in this regard it should work with the audited entity and the accounting standard setting body to remove the deficiency.

The responsibility for adequate and timely disclosure of any cases of fraud and corruption rest with the management and the responsibility of ensuring reliability and results of operation must include concerns arising from risk of fraud and corruption. Through its audit the SAI must evaluate and report on the adequacy and competence with which the management has discharged this responsibility.

3.5 The existence of an adequate system of internal control minimises the risk of errors and irregularities (paragraph 1.0.6 (g)).

It is the responsibility of the audited entity to develop adequate internal control systems to protect its resources. It is not the auditor's responsibility. It is also the obligation of the audited entity to ensure that controls are in place and functioning to help ensure that applicable statutes and regulations are complied with, and that probity and propriety are observed in decision making. However, this does not relieve the auditor from submitting proposals and recommendations to the audited entity where controls are found to be inadequate or missing. (paragraph 1.0.31)

SAIs should be alert to shortcomings in systems and controls that are likely to provide an environment conducive for fraud and corruption and should proactively report to the management to improve the control environment and minimize the risk of fraud and corruption.

3.6 Legislative enactments would facilitate the co-operation of audited entities in maintaining and providing access to all relevant data necessary for a comprehensive assessment of the activities under audit (paragraph 1.0.6 (h)).

The SAI must have access to the sources of information and data as well as access to officials and employees of the audited entity in order to carry out properly its audit responsibilities. Enactment of legislative requirements for access by the auditor to such information and personnel will help minimise future problems in this area. (paragraph 1.0.33)

Legislative enactment can ensure that all suspected and detected cases of fraud and corruption are reported to audit by the management. If considered necessary SAI can reinforce their mandate to investigate cases of fraud and corruption by seeking legislative enactments on these lines.

3.7 All audit activities should be within the SAI's audit mandate. (paragraph 1.0.6 (i))

The full scope of government auditing includes regularity and performance audit. (paragraph 1.0.38)

Regularity audit embraces:

(a) attestation of financial accountability of accountable entities, involving examination and evaluation of financial records and expression of opinions on financial statements;

(b) attestation of financial accountability of the government administration as a whole;

(c) audit of financial systems and transactions including an evaluation of compliance with applicable statutes and regulations;

(d) audit of internal control and internal audit functions;

(e) audit of the probity and propriety of administrative decisions taken within the audited entity; and

(f) reporting of any other matters arising from or relating to the audit that the SAI considers should be disclosed. (paragraph 1.0.39)

Performance audit is concerned with the audit of economy, efficiency and effectiveness and embraces:

(a) audit of the economy of administrative activities in accordance with sound administrative principles and practices, and management policies;

(b) audit of the efficiency of utilisation of human, financial and other resources, including examination of information systems, performance measures and monitoring arrangements, and procedures followed by audited entities for remedying identified deficiencies; and

(c) audit of the effectiveness of performance in relation to the achievement of the objectives of the audited entity, and audit of the actual impact of activities compared with the intended impact. (paragraph 1.0.40)

Normally sensitization of different types of audits undertaken by SAIs to fraud and corruption can be brought about under their existing mandates. However, where SAIs feel constrained, they can seek additional mandate.

3.8 SAIs should work towards improving techniques for auditing the validity of performance measures. (paragraph 1.0.6 (j))

The expanding audit role of the auditors will require them to improve and develop new techniques and methodologies to assess whether reasonable and valid performance measures are used by the audited entity. The auditors should avail themselves of techniques and methodologies of other disciplines. (Paragraph 1.0.46)

The auditor should make the management aware that the absence or lack of application of reliable and valid performance measures and indicators could increase the possibility of occurrence of fraud and corruption.

“General Standard” here refers to General Standards as given in the INTOSAI Standards.

3.9 The SAI should adopt policies and procedures to recruit personnel with suitable qualifications. (paragraph 2.1.2 (a))

The SAI should adopt policies and procedures to support the skills and experience available within the SAI and identify the skills which are absent; provide a good distribution of skills to auditing tasks and assign a sufficient number of persons for the audit; and have proper planning and supervision to achieve its goals at the required level of due care and concern. (paragraph 2.1.2 (d))

It should be open to the SAI to acquire specialised skills from external sources if the successful carrying out of an audit so requires in order that the audit findings, conclusions and recommendations are perceptive and soundly based and reflect an adequate understanding of the subject area of the audit. It is for the SAI to judge, in its particular circumstances, to what extent its requirements are best met by in-house expertise as against employment of outside experts. (paragraph 2.1.18)

The SAI should have an adequate inventory of skills to deal with cases of fraud and corruption. In the detailed examination of cases of fraud and corruption where an SAI feels the need to involve outside professional expertise, such professional opinion should only serve to augment the audit conclusion, the ultimate responsibility for the conclusion remaining with the SAI.

3.10 The SAI should adopt policies and procedures to develop and train SAI employees to enable them to perform their tasks effectively, and to define the basis for the advancement of auditors and other staff. (paragraph 2.1.2 (b))

The SAI should take adequate steps to provide for continuing professional development of its personnel, including, as appropriate, provision of in-house training and encouragement of attendance at external courses. (paragraph 2.1.6)

The SAI should establish and regularly review criteria, including educational requirements, for the advancement of auditors and other staff of the SAI. (paragraph 2.1.8)

In considering the portfolio of skills that the SAI should have to meet the requirements of its audit mandate, the SAI should pay particular attention to training its auditors to deal with concerns about fraud and corruption, including experience gained from past fraud and corruption cases. Training could include developing forensic auditing skills provided that forensic investigation is covered by the mandate of the SAI.

SAIs could consider sharing of information and knowledge of techniques, procedures and skill development in order to develop expertise in this area.

3.11 The SAI should adopt policies and procedures to prepare manuals and other written guidance and instructions concerning the conduct of audits. (paragraph 2.1.2 (c))

Communication to staff of the SAI by means of circulars containing guidance, and the maintenance of an up-to-date audit manual setting out the SAI's policies, standards and practices, is important in maintaining the quality of audits. (paragraph 2.1.14)

SAI should consider reviewing the manuals, policies and prospectus from the perspective of conducting audits that are sensitive to fraud and corruption and dealing with suspected cases of the nature.

3.12 The auditor and the SAI must be independent. (paragraph 2.2.1 (a))

SAIs should avoid conflict of interest between the auditor and the entity under audit. (paragraph 2.2.1 (b))

While the SAI must observe the laws enacted by the legislature, adequate independence requires that it not otherwise be subject to direction by the legislature in the programming, planning and conduct of audits. The SAI needs freedom to set priorities and program its work in accordance with its mandate and adopt methodologies appropriate to the audits to be undertaken. (paragraph 2.2.9)

The legal mandate should provide for full and free access by the SAI to all premises and records relevant to audited entities and their operations and should provide adequate powers for the SAI to obtain relevant information from persons or entities possessing it. (paragraph 2.2.19)

The SAIs need to demonstrate that they are independent not only in a legal sense but in a practical sense as well so that they can perform an effective role against fraud and corruption. Demonstration of independence in practical audit work includes avoidance of any possible conflict of interest situation.

The SAI should be in a position to carry out an independent risk assessment and prioritize its audit planning accordingly.

Where necessary the SAI should work for legislation that would allow it access to all records and information required in the examination of cases of fraud and corruption.

Without compromising on their independence to plan and conduct audit the SAIs should consider establishment of means to receive and process information from the public on suspected cases of fraud and corruption.

3.13 The auditor and the SAI must exercise due care and concern in complying with the INTOSAI auditing standards. This embraces due care in specifying, gathering and evaluating evidence, and in reporting findings, conclusions and recommendations. (paragraph 2.2.1(d))

The SAI must be, and be seen to be, objective in its audit of entities and public enterprises. It should be fair in its evaluations and in its reporting of the outcome of audits. (paragraph 2.2.40)

Since complete evidence about cases of fraud and corruption may not be available to the SAI, due care should be exercised in arriving at an audit conclusion. In many circumstances additional tests may have to be performed and additional evidence acquired than would normally be considered appropriate and necessary for arriving at an audit opinion.

In investigating and reporting cases of fraud and corruption the SAIs should be aware of the risk that perpetrators of fraud and corruption seek protection for their acts by accusing the auditors of libel and slander. The SAIs could consider working towards changes in their legislation which protects their auditors against such allegations and likely legal proceedings.

Planning

Field Standard

“Field Standard” here refers to Field Standards as given in the INTOSAI Standards.

3.14 The auditor should plan the audit in a manner which ensures that an audit of high quality is carried out in an economic, efficient and effective way and in a timely manner. (paragraph 3.0.3 (a))

In planning an audit, the auditor should:

(a) identify important aspects of the environment in which the audited entity operates;

(b) develop an understanding of the accountability relationships;

(c) consider the form, content and users of audit opinions, conclusions or reports;

(d) specify the audit objectives and the tests necessary to meet them;

(e) identify key management systems and controls and carry out a preliminary assessment to identify both their strengths and weaknesses;

(f) determine the materiality of matters to be considered;

(g) review the internal audit of the audited entity and its work program;

(h) assess the extent of reliance that might be placed on other auditors, for example, internal audit;

(i) determine the most efficient and effective audit approach;

(j) provide for a review to determine whether appropriate action has been taken on previously reported audit findings and recommendations; and

(k) provide for appropriate documentation of the audit plan and for the proposed fieldwork. (paragraph 3.1.3)

The following planning steps are normally included in an audit:

(a) collect information about the audited entity and its organization in order to assess risk and to determine materiality;

(b) define the objective and scope of the audit;

(c) undertake preliminary analysis to determine the approach to be adopted and the nature and extent of enquiries to be made later;

(d) highlight special problems foreseen when planning the audit;

(e) prepare a budget and a schedule for the audit;

(f) identify staff requirements and a team for the audit; and

(g) familiarise the audited entity about the scope, objectives and the assessment criteria of the audit and discuss with them as necessary. (paragraph 3.1.4)

The SAI may revise the plan during the audit when necessary.

While planning his audit the auditor should assess the risk that fraud may cause the financial statements to contain material misstatement or record material irregular transactions.

• The auditor may keep in view that the risk of fraud and corruption could be higher in certain organization like those involved in procurement of goods and services.

• The auditor may keep in view that when a fraud is conducted there is a deliberate effort to conceal the facts and distract the auditor.

• For planning the audit the auditor should have a complete understanding of the auditee including the environment in which the entity operates the level of internal control and the past performance of the auditee especially previous instances of fraud and corruption.

Based on the risk assessment the auditor should develop the audit objective and design audit procedures so as to have reasonable expectation of detecting and evaluating material misstatement and irregularities arising from fraud and corruption. In case of high risk audit the audit team should be selected keeping in view the requirement of such audit.

The SAI should keep in view the need for flexibility in terms of budget, time and expertise of the audit team particularly when fraud and corruption are suspected or discovered in the course of audit.

Supervision and Review

3.15 The work of the audit staff at each level and audit phase should be properly supervised during the audit; and documented work should be reviewed by a senior member of the audit staff. (paragraph 3.0.3 (b))

All audit work should be reviewed by a senior member of the audit staff before the audit opinions or reports are finalised. It should be carried out as each part of the audit progresses. Review brings more than one level of experience and judgment to the audit task and should ensure that:

(a) all evaluations and conclusions are soundly based and are supported by competent, relevant and reasonable audit evidence as the foundation for the final audit opinion or report;

(b) all errors, deficiencies and unusual matters have been properly identified, documented and either satisfactorily resolved or brought to the attention of a more senior SAI officer(s); and

(c) changes and improvements necessary to the conduct of future audits are identified, recorded and taken into account in later audit plans and in staff development activities.(paragraph 3.2.4)

For ensuring that all audits dealing with actual cases of fraud and corruption are adequately supervised, the SAI should develop policies, including a comprehensive supervision checklist, regarding supervision levels and procedures for managing the investigation of fraud and corruption.

When fraud and corruption are suspected in the course of audit the auditor should report the matter to the official of the SAI in accordance with the SAI’s policy on supervision levels.

Study and Evaluation of Internal control

3.16 The auditor, in determining the extent and scope of the audit, should study and evaluate the reliability of internal control. (paragraph 3.0.3 (c))

The study and evaluation of internal control should be carried out according to the type of audit undertaken.(paragraph 3.3.2)

Where accounting or other information systems are computerized, the auditor should determine whether internal controls are functioning properly to ensure the integrity, reliability and completeness of the data. (paragraph 3.3.4)

The changes and improvements in the internal control system made by management when there have been previous instances of fraud and corruption or in response to changes in the auditee environment should be particularly studied and evaluated during audit.

Increasing use of IT systems by auditees requires that the auditor should have access to reliable and verifiable system-based audit trails to evaluate the internal control. For meeting this objective legislation or executive guidance should ensure that audit is viewed as a stakeholder in the system development.

Compliance With Applicable Laws and Regulations

3.16 In conducting regularity (financial) audits, a test should be made of compliance with applicable laws and regulations. The auditor should design audit steps and procedures to provide reasonable assurance of detecting errors, irregularities, and illegal acts that could have a direct and material effect on the financial statement amounts or the results of regularity audits. The auditor also should be aware of the possibility of illegal acts that could have an indirect and material effect on the financial statements or results of regularity audits.

In conducting performance audits, an assessment should be made of compliance with applicable laws and regulations when necessary to satisfy the audit objectives. The auditor should design the audit to provide reasonable assurance of detecting illegal acts that could significantly affect audit objectives. The auditor also should be alert to situations or transactions that could be indicative of illegal acts that may have an indirect effect on the audit results.

Any indication that an irregularity, illegal act, fraud or error may have occurred which could have a material effect on the audit should cause the auditor to extend procedures to confirm or dispel such suspicions. (paragraph 3.0.3 (d))

The auditor also should be alert to situations or transactions that could be indicative of illegal acts that may indirectly impact the results of the audit. When audit steps and procedures indicate that illegal acts have or may have occurred, the auditor needs to determine the extent to which these acts affect the audit results. (paragraph 3.4.4)

Without affecting the SAI's independence, the auditors should exercise due professional care and caution in extending audit steps and procedures relative to illegal acts so as not to interfere with potential future investigations or legal proceedings. Due care would include consulting appropriate legal counsel and the applicable law enforcement organisations to determine the audit steps and procedures to be followed. (paragraph 3.4.7)

Whenever a material instance of failure to comply with the applicable laws and regulations is observed the auditor should without automatically assuming the management and staff are dishonest investigate the control failure with an appropriate degree of professional skepticism. He may also examine if the supporting evidence has been tampered in any manner or any individual(s) could have benefited from the material violation.

Audit Evidence

3.18 Competent, relevant and reasonable evidence should be obtained to support the auditor's judgement and conclusions regarding the organisation, program, activity or function under audit. (paragraph 3.0.3 (e))

Auditors should have a sound understanding of techniques and procedures such as inspection, observation, enquiry and confirmation, to collect audit evidence. The SAI should ensure that the techniques employed are sufficient to reasonably detect all quantitatively material errors and irregularities. (paragraph 3.5.3)

When auditors suspect the possibility of fraud and corruption, they should establish whether it has taken place and there has been resultant effect on the financial reporting, especially whether the certificate requires the qualification.

When auditors intend to report on fraud and corruption, they should ensure the reliability of audit evidence by verifying it with source documents including third party evidence. Auditors should carefully determine how much evidence they should gather in support of audit conclusions. Auditors should also keep in view that the evidence gathered by them and the conclusion drawn by them could become the basis of legal or disciplinary proceedings. (Some of the sources of evidence and factors that may be considered in searching for evidence are listed in Appendix.)

Since many records are produced by computers in the usual and ordinary course of work, auditors should understand how to collect and handle those records as audit evidence. Collecting computer evidence requires careful planning and execution. Auditors should examine whether appropriate controls are in place in order to ensure the authenticity of computer evidence.

Analysis of Financial Statements

3.19 In regularity (financial) audit, and in other types of audit when applicable, auditors should analyse the financial statements to establish whether acceptable accounting standards for financial reporting and disclosure are complied with. Analysis of financial statements should be performed to such a degree that a rational basis is obtained to express an opinion on financial statements. (paragraph 3.0.3 (f))

Financial statement analysis aims at ascertaining the existence of the expected relationship within and between the various elements of the financial statements, identifying any unexpected relationships and any unusual trends. (paragraph 3.6.2)

Auditors need to be alert to deviations from acceptable accounting standards including disclosure requirements particularly when there is suspicion of fraud and corruption.

“Reporting Standard” here refers to Reporting Standards given in the INTOSAI Standards.

3.20 At the end of each audit the auditor should prepare a written opinion or report, as appropriate, setting out the findings in an appropriate form; its content should be easy to understand and free from vagueness or ambiguity, include only information which is supported by competent and relevant audit evidence, and be independent, objective, fair and constructive. (paragraph 4.0.7 (a))

It is for the SAI to which they belong to decide finally on the action to be taken in relation to fraudulent practices or serious irregularities discovered by the auditors. (paragraph 4.0.7 (b))

In formulating and following up recommendations, the auditor should maintain objectivity and independence and thus focus on whether identified weaknesses are corrected rather than on whether specific recommendations are adopted. (paragraph 4.0.26)

When in the opinion of the auditor the financial statements include material fraudulent transactions, or such transactions have not been adequately disclosed, or the audit conducted by the auditor leads him to the conclusion that instance(s) of fraud and/or corruption have taken place and when the auditor has adequate evidence to support his conclusion, he should qualify the audit certificate and/or ensure that his findings are adequately included in his audit report. However, the term fraud or corruption may not be used in a conclusive sense unless such action is established in a court of law.

The report may contain auditor’s recommendations for the changes in the system and procedures that could prevent recurrence of such instances.

In following up on reported cases of fraud and corruption the auditor should determine whether the necessary action is being taken with due regard to urgency that the situation demands and become aware of the changes in the systems and procedures which could be validated through subsequent audits.