Forigen Service (Pakistan)

FOREIGN SERVICE

Foreign Service: - Means service in which a Govt. servant receives his substantive pay with the sanction of Government from source other than the revenues of the Government or the railway Fund. If a Govt. servant is deputed to serve under a Local ~d, quasi public body, semi autonomous body, a statutory body, IIS treated on "Foreign service".

Foreign Service may be within Pakistan or outside Pakistan.

Joining Time Day, Transit Pay, and T.A: -
During the period of Foreign Service, the person concerned will entitled to pay, joining time pay, allowances and traveling facilities (including passage for himself and his family to the place employment under the borrowing Government and back on termination of the Foreign Service) in accordance with the regulation of or the terms and conditions offered by the borrowing government/ Organization.

Pension Contributions: - The foreign employer (and where foreign employer is not: agreeable to pay the pension contribution) the Government servant concerned as the case may be, shall during the period of foreign service, pay to the Provincial Government pension contribution in foreign currency in accordance with the relevant rules and at the rates prescribed from time to time by the Government. The remittance shall be made by the foreign employer or the Government It servant concerned through normal banking channel to the parent office of the Government servant concerned in Pakistan with covering letter showing the relevant head of account. The parent office will send copies of challans and schedules to the Accounts officer concerned for information and necessary action. On employed payment of these contributions, the provisions of SR. 307 all apply. Till such time as the rates of pension contributions are ascertained and intimated by the Audit Office concerned, the >reign employer or the Government servant concerned shall provisionally pay pension contribution in foreign currency at a uniform rate of 331 % of the mean of minimum and maximum of the pay scale held by him at the time of his proceed rig on foreign service, plus other emoluments (reckonable for pension) which would have been admissible to him had he not been deputed on foreign service.

The Lend-rig Department should invariably work out the rate of pension contribution and incorporate the same in the term and conditions of the person concerned deputed on Foreign Service within Pakistan or outside Pakistan. To illustrate, the rate of the pension contributions will be as under in respect of an officer of BPS.17, the minimum and maximum of the pay scale of which is Rs.2870/- and Rs.5450/ - respectively: -

1. Mean = (Rs.2870/- + Rs.5450/-)/2 = Rs.4l60/-
2. Rate of pension contribution 33 % will be:
   4160 x 100 = 1386.66 or Rs.1387/ - per month.
   100 x 3

G.P. Fund, Benevolent Fund and Group Insurance: -
During the period of Foreign Service the Government servant concerned will continue to subscribe to the G.P. Fund, the remittance of which should irreparably be supported with a G.P .Fund Account Number and the name of the Accounts Officer maintaining the account. The remittance should be made to the parent office of the Government servant concerned. The parent office will send copies of challans and schedules to the Accounts officer concerned for information and necessary action. As regards the Benevolent Fund and Group Insurance premium contribution, this should be remitted directly by the Government servant concerned through the normal banking channel to the Provincial Board of Management, Benevolent Fund and the Provincial Welfare Board, NWFP (Services & General Administration Department, Peshawar).

Leave: -
The leave terms of the person concerned during the period of his foreign service will be regulated according to the rules of or the terms and conditions offered by, the borrowing Government / Organization. Leave salary due in respect of such leave will be payable by the borrowing Government or Organization to the person concerned. No part of leave earned by him during the period of foreign service will be credited to his leave account with the Government, nor will any liability in respect of leave salary on ./ account of such leave devolve on the Government. The Government will not recover any leave salary contribution from the borrowing Government or Organization;

The person concerned will not be entitled to receive any leave salary form Government in respect of disability leave on account of any disability arising in or through foreign service, even though this disability might manifest itself even after the termination of foreign service.

Medical Facility: -
During the period of Foreign Service, the person concerned will not be entitled to any medical facility in respect of himself and family members at the expense of the Govt.

Approval for Extension: -
The person concerned shall be on deputation with the borrowing Government or Organization for the period originally agreed upon. Any extension beyond the original period of deputation- ion shall not be made without the approval of the Provincial Government, and will be treated as an irregularity on the part of the person concerned and may call for disciplinary action.

Approval for Additional Benefit: -
If the person concerned during the period of his deputation becomes entitled to any additional benefit, or is appointed to any post involving alteration in his emoluments, he will intimate particulars of such appointment to the Government of NWFP for information. Any modifications of the terms involving additional liabilities on the Government will require their prior approval.

 

Civil Servent Dismissal, suspension & removal in Pakistan

DISMISSAL, REMOVAL AND SUSPENSION

Dismissal from Service: -
Means disqualification from present as well as future service.

Removal from Service: -
Means disqualification only from present service and not future service;

Suspension: -
To "Suspend" means to debare, usually for a time, from the exercise of a function or a privilege
pecially to deprive temporarily of one's office or again to interdict.

Payment and Amenities Admissible To a Suspended Govt. Servant
i) Subsistence grant equal to half month pay and full allowances.
ii) Line rent of official telephone will be paid by Govt. and payment on account of local and Trunk calls shall be made by the officer himself.
iii)Residence orderly will be withdrawn.
iv) No official transport will be provided.
v)Cost of stationery and postage stamps required by him in connection with his reference has to be paid by the accused Govt. servant himself.

Govt. Servants To Be Placed Under Suspension When Really Necessary:
No Govt. servant should be placed under "Suspension" except when this is really necessary and that the following factors should guide an officer in deciding whether or not to issue orders of suspension: -

1. There must be a strong prima-facie cases against the delinquent;
2. If the offence is of such a serious nature that dismissal will be the probable punishment, or such that it is inadvisable that the offender should be allowed to continue to perform the duties on the case, suspension is justifiable;
3. Unless there is some very strong reason why the offender should not be allowed to continue to work until the case has been decided, suspension should not be resorted to;
4. No one should be suspended for petty breaches of discipline and for minor departmental offence;
5. No one should be suspended unless: -
   i)he willfully and obstinately refuses to carry our an order;
   ii)During the course of an inquiry his appointment would . hamper or frustrate such inquiry.
   iii)he is in police custody.
   iv)he is charged with an offence of a nature which; if proved against him result in his dismissal.
6. A government servant committed to prison either for debt or on a criminal charge should be considered as under suspension from the date of his arrest and until the termination of the proceedings against him, i.e. his suspension is automatic from the date of arrest till termination of proceedings against him.
7. A government servant against whom a criminal charge or I proceeding for arrest or debt is pending should also be placed under suspension when he is not actually detained in custody or imprisoned (e.g. whilst released on bail) if the charge made or proceedings taken against him is connected with his position as a Govt. servant or is likely to embarrass him on discharge of his dunes as such or involves moral turpitude.

Pay & Allowances on Reinstate after Being Dismissed, Removed From Service or Suspended: -

1. If Honorably Acquitted: He may be given full pay to which he would have been entitled but for his dismissal, removal or suspension. The period of absence will be treated as duty.
2. If Not Honorably Acquitted: He maybe granted such portion of pay as may be prescribed. The period of absence is not treated duty unless the revision or appellate authority directs that it should be treated as duty. The competent authority may also direct that the period spent under suspension may be regarded as leave and the Government servant paid leave salary. An appellate can convert such period into one of leave including extra ordinary Leave.

General Orders: -

• No leave may be granted to a Government servant under suspension.
• If a suspended Government servant attains the age of superannuation before the completion of the inquiry, the disciplinary proceedings will abate and he will retire with full pension benefits and the absence period will be treated as duty.
• On reinstate, the amount of arrears payable to a Government servant will be reduced by the amount earned by way of salary or as a profit on account of his having accepted some employment or been engaged in some profitable business during the period he remained dismiss- ed, removed or suspended and for determination of this, a committee will be constituted.
• The posts vacated by dismissed government servant may be filled substantively, but such arrangements have to be reversed if the dismissed government servant is reinstated on appeal.
• If the government servant is reinstated honorably, there should be raised no question as to whether there was a post or not against which he could be adjusted for the period of his absence or that he had no longer any lien and another government servant was appointed substantively in his place FR. 54 should be treated as absolute and unconditional.
• A government servant ceases to draw the pay & allowances of his post from the date of his dismissal or removal from service.
• If the period of suspension is converted into E.O.L., no recovery will be made for the subsistence grant and allowances already paid to the suspended government servant.
• The period of suspension followed by reinstatement or superannuation counts towards qualifying service for pension.
• Removal from Service Rules.

ESTABLISHMENT & ADMN: DEPARTMENT                                                              No.SORII (E&AD: DEPTT.)5(29)2001/V-IV                                              Dated Peshawar the 12th June, 2001

 

Subject: -

THE NWFP REMOVAL FROM SERVICE (SPECIAL POWERS (AMENDMENT) ORDINANCE 2001.

 

I am directed to refer to the subject noted above and to forward herewith a copy of the NWFP Removal from Service (Special Powers) (Amendment) Ordinance -2001 duly published in extra-ordinary Gazette of the Government of NWFP for your information and further necessary action.

 

• N.W.F.P. Civil Servants (Amendment) Ord, 2001.

NOTIFICATION

23rd May, 2001 No.Legis: 1(4)/2000/273. THE NORTH-WEST FRONTIER PROVINCE REMOVAL FROM SERVICE (SPECIAL POWERS) (AMENDMENT) ORDINANCE, 2001

N.W.F.P. ORDINANCE NO.V OF 2001 AN ORDINANCE

To amend the North-West Frontier Province Removal from Service (Special Powers) Ordinance, 2000.

WHEREAS it is expected to amend the North-West Frontier Province Removal from Service (Special Powers) Ordinance, 2000 (N.W.F.P. Ord. No.V of 2000), for the purchases hereinafter appearing;

AND WHEREAS the Provincial Assembly of the North-West Frontier Province is in abeyance and the Governor is satisfied that the circumstances exist which render it necessary to take immediate action;

NOW, THEREFORE, in pursuance of the proclamation of the fourteenth day of October, 1999, and the Provisional Constitution (Amendment) Order No.9 of 1999, and in exercise of all powers enabling him in that behalf, Governor of the North-West Frontier Province is pleased to make and promulgate the following Ordinance.

Short title and commencement,

1.      This Ordinance may be called the North-West Frontier Province Removal from Service (Special Powers (Amendment) Ordinance, 2001.

2.      It shall come into force at once; provided that sub-clause (iv) of clause (c) of sub-section (1) of section 3 and sub-section (5) of section 5 of the North-West Frontier Province Removal from Service (Special Powers) Ordinance, 200 (N.W.F.P Ord. No. V of 2000), as amended, substituted or inserted by or under this Ordinance, shall be deemed to have taken effect on and from the 15th day of August, 2000.

Amendment of section 3 of N.W.F.P. Ord. No. V of 2000. ---In the North West Frontier Removal from Service (Special Powers) Ordinance, 2000 (N.W.F.P Ord. No.V of 2000), hereinafter referred to as the said Ordinance, for section 3, the following shall be substituted, namely

3.      Dismissal, removal and compulsory retirement, etc. of certain persons in Government or corporation service, etc.---(1) Where, in the opinion of the competent authority, a person in Government or corporation service is,

a.       Inefficient, or has ceased to be efficient for any reason, or is guilty of habitually absenting himself from duty without prior approval of leave; or

b.      Guilty of misconduct; or

c.       Corrupt, or may reasonably be considered as corrupt because,

                                                                                 i.            He, or any of his dependants or any other person, through him or on his behalf, is in possession of pecuniary sources or of property, for which he cannot reasonably account for, and which are disproportionate to his known sources of income; or

                                                                               ii.            He has assumed a style of living beyond his known sources of income; or

                                                                              iii.            He has a persistent reputation of being corrupt; or

                                                                             iv.            He has entered into plea bargaining under any law for the time being in force and has returned the assets or gains acquired through corruption or corrupt practices voluntarily; or

d.      Engaged, or is reasonably believed to be engaged, in subversive activities and his retention in service is prejudicial to national security or he is guilty of disclosure of official secrets to any unauthorized persons; or
N.W.F.P GOVT: GAZTTE, EXTRAORDINARY, 23RD MAY, 2001.866.

e.       Found to have been appointed or promoted on extraneous considerations in violation of law and the relevant rules, the competent authority may, notwithstanding anything contained in any law, or the terms and conditions of service of such person, but subject to the provisions herein contained and the provisions contained in section 5, by order in writing, dismiss or remove such a person from service, compulsory retire him from service or reduce him to lower post or pay scale, or impose upon him one or more minor penalties as prescribed in the North-West Frontier Province Government Servants (Efficiency and Discipline) Rules, 1973.

4.      Before passing an order under sub-section (1), the competent authority shall,

a.       By order in writing, inform the accused of the action proposed to be taken with regard to him and the grounds of the action; and

b.      Give him a reasonable opportunity of showing cause against that action within seven days or within such extended period as the competent authority may determine:
Provided that no such opportunity shall be given where,

                                                                                 i.            The competent authority is satisfied that in the interest of security of Pakistan or any part thereof it is not expedient to give such opportunity; or

                                                                               ii.            The accused is dismissed or removed from service or reduces in rank on the ground of conduct has a sentence of fine or of imprisonment or where the competent authority is satisfied for reasons to be recorded in writing that it is not reasonably practicable to give the accused an opportunity of showing cause.

5.      The dismissal or removal or premature retirement from service or reduction to lower to lower post or pay scale of a person under sub-section (1) shall not absolve such person from liability to any punishment to which he may be liable for an offence committed by him under any law, while in service.
AMENDMENTS OF SECTION 5 OF N.-W.F.P. ORD.NO. V OF 2000. In the said Ordinance, for section 5 the following shall be substituted, namely: -

867 N.W.F.P. GOVT: GAZETTE, EXTRAORDINARY, 23RD MAY, 2001.
Power to appoint an Inquiry Officer or Inquiry Committee,

6.      Subject to the provisions of sub-section (2), the competent authority shall, before passing an order under section 3, appoint an Inquiry Officer or Inquiry Committee to scrutinize the conduct of a person in Government service or a person in corporation service who is alleged to have committed any of the acts or omissions specified in section 3. The Inquiry Officer or, as the case may be, the Inquiry Committee, shall---

a.       Communicate to the accused the charges and statement of allegations specified in the order of inquiry passed by the competent authority;

b.      Require the accused within seven days from the day the charge is communicated to him to put in a written defense;

c.       Enquire into the charge and may examine such oral or documentary evidence in support of the charge or in defense of the accused as may be considered necessary and the accused shall be entitled to cross-examine the witnesses against him; and

d.      Hear the case from day to day and no adjournment shall be given except for special reasons to be recorded in writing and intimated to the competent authority.

7.      Where the Inquiry Officer or, as the case may be, the Inquiry Committee, is satisfied that the accused is hampering, or attempting to hamper, the progress of the Inquiry, he or it shall record a finding to that effect and proceed to complete the inquiry in such manner s he or it deems proper in the interest of justice.

8.      The Inquiry officer or, as the case may be, the inquiry Committees, shall submit his or its findings and recommendations to the competent authority within twenty-five days of the initiation of inquiry.

9.      The competent authority may dispense with the inquiry under sub-section (1) if it is in possession of sufficient documentary evidence against the accused, or for reasons to be recorded in writing; it is satisfied that there is no need of holding an inquiry.

10.  Where a person who has entered into plea-bargaining under any law for the time being in force, and has returned the assets or gains acquired through corruption or corrupt practices voluntarily, the inquiry shall not be ordered:
Provided that show cause notice shall be issued on the basis of such plea bargaining to such person informing of the action proposed to be taken against him and the grounds of such action requiring him to submit reply within fifteen days of the receipt of the notice. On receipt of the reply, the competent authority may pass such orders as it may deem fit."

N.W.F.P. GOVT: GAZETTE, EXTRAORDINARY, 23RD MAY, 2001.868

In the said Ordinance, ---

a.       For the words "inquiry committee", wherever occurring, except in the marginal heading of sections 6 and 7, the words and commas "Inquiry Officer or, as the case may be, the Inquiry Committee" shall be substituted; and

b.      In the marginal heading of section 6 and 7, for the words "inquiry committee" the words "Inquiry Officer or Inquiry Committee" shall be substituted.

 

REMOVAL FROM SERVICE

NOTIFICATION

Dated Peshawar the 28^th September, 2000

No.SOR-II(S&GAD) 5(29)/2000.Vol.III :- In pursuance of the provisions contained in clause (a) of section 2 of the North-West Frontier Province Removal From Service (Special Powers) Ordinance ,2000 (NWFP  Ordinance No.V of 2000), the Government of the North-West Frontier Province is pleased to authoriezed the officers shown in column 3 of the Table below to exercise the powers the Competent under the said Ordinance in respect of class persons shown against each such officer in column 2 of the table:-

 

                                                                        TABLE NO.1

FOR PERSONS EMPLOYED IN THE PROVINCIAL GOVERNMENT ADMINISTRATION DEPARTMENTS ATTACHED DEPARTMENTS AND SUBORDINATES FORMATION /OFFICERS OF THE ADMINISTRATIVE DEPARTMENTS.

S.No	Class of Persons	Officer authorized to exercise the powers of competent authority
1	2	3
1	Holders of posts in BPS-17 other than Those born on- a. The former Provincial Civil Service (Executive Branch) and b. The Provincial Civil Secretariat Service.	Chief Secretary
2.	Holders of posts in BPS-16 i.                  In the case of Secretary of Govt: of the North West Frontier Province  ii.                   In the Attached Departments. iii.                  In any other case.	Chief Secretary Head of the Attached Deptt: concerned Secretary of the Administrative Deptt: Concerned.
3.	Holders of posts in BPS-1 to 15.	Appointing Authority concerned.

                                                             

TABLE NO.2

    FOR PERSONS IN CORPORATION SERVICE

S.No	Class of Persons	Officer authorized to exercise the competent authority.
1	Holders of posts in BPS-18-19 and equivalent	Chief Secretary
2	Holders of posts in BPS-17 and equivalent	Administrative Secretary concerned
3	Holders of posts in BPS-16 and equivalent	Managing Director /Chief Executive Officer of the Organization by whatever name called.
4	Holders of posts in BPS-1 to 15 and equivalent	Appointing Authority concerned

 

2.                     It is hereby clarified that for those holders of posts for which not Competent Authority has been specified in this notification, the Governor himself would be the Competent Authority , as already provided inSection2 (a) of the NWFP Removal from Service (Special Powers) Ordinance . 2000(NWFP Ord.No V of 2000.

 

Financial Audit Mannual (FAM)

Audit Manual – Table of Contents

i

Table of Contents

1. ORGANISATION AND PURPOSE OF THE MANUAL

1.1 Purpose of the Audit manual 1-1

1.2 Types of audits dealt with 1-1

1.3 Audit entities dealt with 1-2

1.4 Accounting Responsibility Structure of the Government of Pakistan 1-2

1.5 Stages of audit work dealt with 1-3

1.6 Organisation of the manual 1-3

1.7 Links to other guidance material 1-3

1.8 Standard audit working paper kit 1-4

1.9 Need for professional judgment 1-4

1.0 Updating the Audit Manual 1-4

2. ROLE OF THE AUDITOR GENERAL

2.1 Parliamentary Control and Public Accountability 2-1

2.2 Introduction to Auditing 2-1

2.3 Legislative Basis 2-1

2.4 Vision, Mission and Values 2-3

3. THE JOB OF THE AUDITOR

3.1 Introduction 3-1

3.2 Expectations 3-1

3.3 Conditions of Employment 3-1

3.4 Code of Ethics 3-1

3.5 Glossary 3-5

3.1 Protection of the Auditor 3-5

4. DAGP AUDIT STANDARDS

4.1 Basic Principles in Government Auditing 4-1

4.2 General Standards in Government Auditing 4-7

4.3 Standards with Ethical Significance 4-11

4.4 Field Standards in Government Auditing 4-16

4.5 Reporting Standards in Government Auditing 4-24

5. DAGP’S ANNUAL PLANNING PROCESS

5.1 DAGP Strategic Audit Objectives 5-1

5.2 DAGP Audit Scope 5-1

5.3 DAGP Strategic Audit Plans 5-2

5.4 The annual planning process 5-2

5.5 Integration of audit work 5-4

5.6 Approval process for the budget of centrally-led audits 5-5

6. THE AUDIT CYCLE

6.1 Introduction 6-1

6.2 General Audit Planning 6-4

6.3 Activity and Resource Planning 6-9

6.4 Roles and Responsibilities 6-11

7. PLANNING THE AUDIT

7.1 Step1 – Establish Audit Objectives and Scope 7-1

7.2 Step 2 –Understand the Entity’s Business 7-4

ii

Audit Manual – Table of Contents

7.3 Step 3 – Assess Materiality, Planned Precision, and Audit Risk 7-7

7.4 Step 4 – Understand the Entity’s Internal Control Structure 7-19

7.5 Step 5 – Determine Components 7-27

7.6 Step 6 – Determine Financial Audit and Compliance with Authority Objectives, and

Error/Irregularity Conditions 7-35

7.7 Step 7 - Assess Inherent Risk and Control Risk 7-41

7.8 Step 8 – Determine Mix of Tests of Internal Controls, Analytical Procedures and

Substantive Tests of Details 7-41

7.9 Reliance on Other Auditors 7-49

7.10 Documenting Strategic Planning Decisions 7-51

7.11 Application to Government-Wide Audits 7-51

8. ACTIVITY AND RESOURCE PLANNING FOR INDIVIDUAL AUDITS

8.1 Introduction 8-1

8.2 Formulate/Update Audit Programmes 8-1

8.3 Updating Staffing Requirements and Allocating Resources 8-3

8.4 Updating Budget Requirements 8-4

8.5 Updating Timing Considerations 8-7

8.6 Factors to consider when determining the optimum timing 8-8

8.7 Updating Information Required From the Entity 8-8

8.8 Re-Assessing the General and Detailed Planning Decisions for Individual Audit 8-9

8.9 Documenting the Detailed Planning Decision 8-9

8.9 Updated Planning File 8-10

8.10 Approval of the General and Detailed Planning Decisions 8-11

9. CONDUCTING THE AUDIT

9.1 Introduction 9-1

9.2 Compliance Testing 9-1

9.3 Substantive Testing 9-2

9.4 Evidence 9-6

9.5 Matters to Deal with During Fieldwork 9-13

9.6 Cause and Effect Analysis 9-16

9.7 Developing Conclusions and Recommendations 9-17

9.8 Keeping Entity Official Informed 9-19

9.9 Documenting the Work Performed 9-20

9.10 Custody and Maintenance of Working Paper Files 9-23

9.11 Quality Assurance during Field Work 9-23

10. EVALUATING AUDIT RESULTS

10.1 Evaluating Financial Audit Results 10-1

10.2 Known Errors, Most Likely Errors, Further Possible Errors and Maximum Possible

Errors 10-2

10.3 Determining the Cause of Errors, Violations and Deviations 10-5

10.4 Concluding on the On the Results of Each Test 10-6

10.5 Concluding on the Results of Each Component 10-9

10.6 Concluding on the Financial Statements as a Whole 10-12

10.7 Dealing with Unacceptable Results 10-15

10.8 Dealing with Acceptable Results 10-19

10.9 Documenting the Evaluation Process 10-20

10.10 Evaluating Regularity Audit Results 10-21

10.11 Quality Assurance during the Evaluation Phase 10-22

Audit Manual – Table of Contents

iii

11. THE REPORTING PROCESS

11.1 Introduction 11-1

11.2 Focus on the Reporting Process 11-2

11.3 Clearing Observations, Conclusions and Recommendations 11-3

11.4 Obtaining Management Responses 11-4

11.5 Management Representation Letter 11-4

11.6 Audit Completion Checklist 11-6

11.7 Producing the Audit Report 11-8

11.8 Review of Reports by Others 11-9

12. THE AUDIT REPORT

12.1 Introduction 12-1

12.2 The Certification Report and Types of Opinion 12-2

12.3 Audit Reports other than Opinions on Financial Statements 12-8

12.4 Reporting Style And Format 12-10

12.5 Compliance and Performance Reports 12-13

13. DOCUMENTATION AND WORKING PAPERS

13.1 The Need for Documentation and Working Paper Files 13-1

13.2 The Purpose of Working Paper Files 13-1

13.3 The Quality of Working Paper Files 13-2

13.4 Custody and Maintenance of the Working Paper Files 13-5

14. AUDIT FOLLOW UP

14.1 Introduction 14-1

14.2 Timing of the Follow Up 14-2

14.3 Determining the Desired Level of Assurance 14-3

14.4 Performing the Follow Up 14-5

14.5 Reporting the Results of the Follow Up 14-6

14.6 Performing Additional Follow Ups 14-7

15. QUALITY ASSURANCE

15.1 Introduction 15-1

15.2 General Quality Assurance Techniques Described In This Manual

15-1

15.3 Quality Assurance during the Planning Phases for Individual Audits 15-2

15.4 Quality Assurance during the Fieldwork Phase for Individual Audits 15-3

15.5 Quality Assurance during the Evaluation Phase 15-3

15.6 Quality Assurance during the Reporting Phase 15-3

15.7 Quality Assurance during the Follow Up Phase 15-4

15.8 Other Quality Assurance Procedures 15-4

List of Appendices

Appendix A: Glossary of Terms A-1

Appendix B: Statistical and Non-Statistical Sampling and the Use of CAATs B-1

Appendix C: Computer Assisted Auditing Techniques (CAATs) C-1

Appendix D: Assurance and Materiality D-1

Appendix E: Analytical Methods E-1

Appendix F: Interviewing F-1

Cowater File No. 00.622

Project for Improvement of Financial Reporting and Auditing

(PIFRA)

Audit Component – Credit #2921 PAK

AUDIT COMPONENT No. 100

Audit Manual

Prepared for:

The Department of the Auditor-General of Pakistan

Prepared by:

Cowater International Inc., Ottawa, Canada

July 2004

Audit Manual – Chapter 1

1-1

1. ORGANISATION AND PURPOSE OF THE

MANUAL

1.1 Purpose of the Audit Manual

1.1.1 The purpose of this Audit Manual is to provide DAGP auditors with a set of

modern auditing standards, concepts, techniques, and quality assurance

arrangements that are consistent with international standards, for auditing

entities in the Government of Pakistan. The Manual covers the entire audit

cycle from planning to follow up.

1.1.2 This Audit Manual lays out what is expected of the auditors of the

Department of the Auditor-General of Pakistan (DAGP). It provides the

standards by which the audits are to be conducted. It provides guidance

with regard to the methods and approaches to audit that can be applied by

the auditors in carrying out their duties.

1.2 Types of audits dealt with

1.2.1 This Manual focuses on regulatory audit, as defined by INTOSAI Auditing

Standards, which have been adopted by the Department of the Office of the

Auditor-General of Pakistan.

1.2.2 Regulatory audit embraces:

a) Attestation of financial accountability of accountable entities, involving

examination of financial records and expression of opinions on financial

statements;

b) Attestation of financial accountability of the government administration as

a whole;

c) Audit of financial systems and transactions, including an evaluation of

compliance with applicable statutes and regulations;

d) Audit of internal controls and internal audit functions;

e) Audit of the probity and propriety of administrative decisions taken within

the audited entity; and,

f) Reporting of any other matters arising from or relating to the audit that

DAGP considers should be disclosed.

1.3 Audit entities dealt with

1.3.1 DAGP’s mandate includes the audit of federal, provincial and district

government accounts which encompass government ministries, departments

and agencies, self-accounting entities and exempt entities. The types of

entities being audited include financial institutions, commercial entities,

public utilities, and tax-collecting entities.

Modern auditing standards, concepts , techniques, and quality assurance arrangements are consistent with international standards, DAGP’s mandate includes federal, provincial and district government accounts.

1-2

Audit Manual – Chapter 1

1.4 Accounting Responsibility Structure of the

Government of Pakistan

1.4.1 The following is a brief summary of the accounting structure of the

Pakistan government.

a)

Federal government. The Controller General of Accounts (CGA) has

primary responsibility for the completeness and accuracy of the

Federation’s financial statements. Reporting to the CGA, the Accountant

General Pakistan Revenues (AGPR) is responsible for the centralised

accounting and reporting of federal transactions. Additionally the AGPR is

responsible for the consolidation of summarised financial information

prepared by federal self-accounting entities.

b) The AGPR receives accounts and reports from the sub-offices of the AGPR,

district accounts officers, principal accounting officers of self accounting

entities, federal treasuries and the State Bank of Pakistan/National Bank of

Pakistan. The AGPR, in turn, provides annual accounts to the CGA.

c) There are AGPR sub-offices in each of the provinces that act as the district

accounts officers in respect of federal government transactions.

d)

Provincial governments. The CGA also has primary responsibility for the

completeness and accuracy of the financial statements of the provincial

governments.

e) Reporting to the CGA, the accountant general of each province is

responsible for the centralised accounting and reporting functions within

his/her respective province.

f)

District governments. Each province is divided into districts. The district

coordination officer of each district is the principal accounting officer of

that district. The district coordination officer is supported by executive

district officers who, in turn, supervise offices headed by drawing and

disbursing officers.

g) Principal Accounting Officers (PAOs).

Each ministry and department has a

PAO. For the self accounting entities, the PAOs have been delegated

authority to maintain their own accounts. They provide monthly accounting

data to the AGPR and to the accountant generals.

h)

District Accounts Officers (DAOs). The DAOs are responsible for the

accounting functions of the districts. They have authority to pre-audit bills,

issue payments, and record government transactions at the district level.

They receive reports from the drawing and disbursing officers and bank

scrolls from the State Bank of Pakistan/National Bank of Pakistan. They

report district and provincial transactions to the Accountant General

responsible for the province in which their districts are located. They also

report federal transactions to the AGPR.

i)

Departmental treasuries. Departmental treasuries are established to record

specific accounting transactions such as income and sales taxes and

customs duties.

Audit Manual – Chapter 1

1-3

j)

Drawing and Disbursing Officers (DDOs). The DDOs are responsible for

the accounting, cash and personnel functions of specific entities. They

submit bills for pre-audit to the district accounts officers, and report to the

district coordination officer of each district. They also report to the

principal accounting officer of his/her entity.

1.4.2 DAGP’s mandate includes the audit of the entire process described above.

1.5 Stages of audit work dealt with

1.5.1 The manual covers the entire audit cycle for both the financial attestation

and compliance with controls aspects of regulatory audits, including

planning, fieldwork, evaluation of findings, reporting and follow up. While

many of the same procedures apply to both attestation and compliance audit

activities, sometimes different approaches are required to meet specific

audit objectives. Where this is the case, the different approaches are

described. This Manual also deals with such quality assurance techniques

as supervision and review.

1.6 Organisation of the manual

1.6.1 The Manual begins with several Chapters that provide background material

on audits in general, DAGP’s mandate, and the auditing standards adopted

by DAGP.

1.6.2 This is followed by a discussion of DAGP’s management structure and the

annual planning process by which DAGP establishes its departmental goals

and resource needs.

1.6.3 The auditors’ responsibilities through the complete audit cycle - the

planning, fieldwork, evaluation, reporting and follow-up of individual

audits – are presented using a framework adopted, in one form or another,

by many SAIs and private sector audit firms around the world. This

framework integrates the auditing concepts for all phases of the audit.

1.6.4 Throughout the manual, various quality assurance procedures are

introduced. The Manual concludes with a summary of these procedures.

1.6.5 The Manual also contains a number of annexes that provide additional

details and guidance material on specific matters, as well as a glossary of

the terms used.

1.7 Links to other guidance material

1.7.1 This manual is supported by a standard audit working paper kit and a set of

tailored audit programme guides. This Manual also makes reference to

other DAGP documentation in existence at the time that this manual was

produced.

The manual covers the entire Audit Cycle.

1-4

Audit Manual – Chapter 1

1.8 Standard audit working paper kit

1.8.1 The kit includes standard audit programme guides, checklists and forms,

and a table of contents that follows a suggested standard working paper

indexing scheme.

1.8.2 The kit also includes samples of the various supervision instruments used in

DAGP.

1.8.3 Audit guidelines for specialised areas

1.8.4 This Manual and the standard audit working paper kit are applicable to the

regulatory audits of all audit areas. These documents are complemented by

tailored audit programme guides that show how the concepts in the manual,

and the programmes, checklists, forms and supervision instruments in the

working paper kit, are applied to perform financial audits in certain specific

audit areas.

1.9 Need for professional judgment

1.9.1 Despite the detailed guidance presented in this manual, professional

judgment is always required. It is not possible to present guidance material

in sufficient detail to eliminate the need for professional judgment and

general knowledge of auditing theory. Nor is it possible to select one audit

approach and mandate its use in all circumstances.

1.9.2 There are many possible approaches to obtaining the required level of audit

assurance, each appropriate in certain circumstances. The auditor must be

prepared to consider the circumstances of each audit and determine the best

approach.

1.10 Updating the Audit Manual

1.10.1 DAGP’s work, like the work of any SAI, continues to evolve.

Consequently, this Manual should be periodically up-dated to ensure that it

reflects the current policies and procedures of the office and to provide the

most appropriate assistance to the auditors. Each auditor is therefore

encouraged to identify areas in which the Manual requires updating or

enhancement.

1.10.2 With appropriate up-dating, this Manual will continue to provide a clear

statement of the authorities, responsibilities and policies of DAGP and a

practical guide to auditors as they carry out their responsibilities in a

professional and conscientious manner.

Despite the guidance presented in this manual, professional judgement is always required. This manual should be periodically updated to ensure that it reflects the current policies and procedures.

 

Audit Manual – Chapter 2

2-1

2. ROLE OF THE AUDITOR-GENERAL

2.1 Parliamentary Control and Public Accountability

2.1.1 Accountability of elected officials and the public servants that implement

their policies is a cornerstone of democratic government. In Pakistan, the

government is formed of elected representatives of the people, and is

required by the Constitution to seek a fresh mandate every five years.

2.1.2 To ensure the administrative machinery of the government performs its

functions in accordance with the aspirations of the people, the National

Assembly (lower house of the Parliament) and the four Provincial

Assemblies constitute Standing Committees on Public Accounts (PACs).

The PACs are mandated to oversee the implementation of government

policies and programmes.

2.1.3 The Government departments and agencies are held accountable for any

major departure from the approved budget and for significant violations of

rules and regulations. The Auditor-General of Pakistan reviews the

financial statements submitted by each Government department and agency

and reports findings to the President and Provincial Governors who submit

them to the National and Provincial Assemblies respectively. The

legislatures assign these reports to the PACs for detailed scrutiny. Each

PAC holds hearings at which secretaries of the ministry, divisions and

departments submit their responses to the Auditor-General’s observations.

Based on this testimony, each PAC then makes its recommendations to the

National Assembly. This process ensures that departments and agencies are

accountable to government for implementation of policies in accordance

with regulations.

2.2 Introduction to Auditing

2.2.1 Auditing is the process by which the Auditor-General of Pakistan (or such

officer of the department as may be authorised in this regard by general or

special order) evaluates the financial statements that have been submitted

for audit by the ministries, departments and agencies, against the

government’s accounting and financial administration policies to enable

him to prepare a report or state an opinion on the financial statements.

2.2.2 Section 3.4 of DAGP’s Auditing Standards requires that a financial audit

will include a test of compliance with applicable laws and regulations.

2.2.3 To ensure that an audit has value, it should be conducted in accordance with

generally accepted auditing standards (GAAS). These standards have

developed over many generations of auditors around the world to provide

the basis for ensuring complete, accurate, honest and transparent reporting

of financial operations.

Accountability of elected officials and the public servant is a cornerstone of democratic government. The Auditor-General of Pakistan evaluates the financial statements submitted by ministries, department, and agencies to state an opinion.

2-2

Audit Manual – Chapter 2

2.3 Legislative Basis

2.3.1 The authority under which the Auditor-General of Pakistan conducts audits

is given by Article 169 of the Constitution of the Islamic Republic of

Pakistan. In addition, Articles 168 to 171 also relate to the work of the

Auditor-General.

2.3.2 Until 1 July 2001, most of DAGP’s audit work was performed under

Articles 168 to 171 of the Constitution, and the Pakistan (Audit and

Accounts) Order, 1973.

2.3.3 Effective 1 July 2001, the Pakistan (Audit and Accounts) Order, 1973 was

replaced by the following two ordinances:

a) Auditor-General’s (Functions, Powers and Terms and Conditions of

Service) Ordinance, 2001 (Auditor-General Ordinance); and

b) Controller General of Accounts (Appointment, Functions and Powers)

Ordinance, 2001 (Controller General Ordinance).

2.3.4 Among other things, these ordinances elaborate on the functions, powers

and responsibilities of the Auditor-General of Pakistan in line with the

provisions of Article 169 of the Constitution.

2.3.5 Section 7 of the Auditor-General’s (Functions, Powers and Terms and

Conditions of Service) Ordinance, 2001 (Auditor-General Ordinance) states

that

“The Auditor-General shall, on the basis of such audit as he may

consider appropriate and necessary, certify the accounts” … “of the

Federation, of each Province and of each district”

. A financial attestation

audit leads to the certifications called for in Section 7 of the Auditor-

General Ordinance.

2.3.6 In addition, Section 8 of the Auditor-General Ordinance mandates an audit

of expenditures of the Federation and of each province and Section 12 of

the Auditor-General Ordinance mandates an audit of the receipts of the

Federal Government and of each Province and each district.

The Constitution of

the Islamic Republic

of Pakistan, Articles

168 to 171 relate to

the work of the

Auditor-General.

Audit Manual – Chapter 2

2-3

2.4 Vision, Mission and Values

2.4.1 DAGP has developed a set of guiding principles for the exercise of its

mandate. These principles – the Vision, Mission and Values - are as

follows:

2.4.2 The Vision of DAGP is to add value to public resources.

2.4.3 The Mission of DAGP is to develop our auditing and accounting

capabilities to establish ourselves as a credible professional institution that

promotes good governance and public accountability.

2.4.4 The Values held by DAGP are:

a)

Accountability. DAGP holds itself accountable for the achievement of its

vision, mission, and these stated values.

b)

Professionalism. DAGP conducts all of its activities in an open, transparent,

disciplined and highly ethical manner that is worthy of professional respect

and trust.

c)

Integrity. DAGP takes an objective, fair, honest and balanced approach to

all of its activities.

d)

Excellence. DAGP strives for excellence in all of its activities.

e)

Reliability. DAGP produces high quality products that are timely, accurate,

useful, clear and candid.

f)

Cooperative and constructive spirit. DAGP works with parliamentarians

and with its audit entities, staff, suppliers, consultants and other parties with

whom it deals in a professional, cooperative and constructive manner.

g)

Innovative spirit. DAGP constantly looks for ways to improve its audit

practices, operations and other activities.

h)

Making a difference. DAGP constantly looks for ways to improve the

operations of the entities that it audits.

i)

Risk managers. DAGP managers and staff are encouraged to accept

challenges, and to take and manage the risks required for DAGP to achieve

its vision, mission and stated values.

j)

Open communications. DAGP maintains open and timely communications

with parliamentarians and with its audit entities, staff, suppliers, consultants

and other parties with whom it deals.

k)

A respectful workplace. DAGP provides a workplace in which a diverse

workforce can strive for excellence and professional competence, and

where individuals can realise their full career potential.

Audit Manual – Chapter 3

3-1

3. THE JOB OF THE AUDITOR

3.1 Introduction

3.1.1 The auditor is a professional with a special role to play in ensuring the

integrity of the operations of the Government of Pakistan and safeguarding

its assets. As such the auditor must fulfill certain expectations with respect

to performance of duties and ethical conduct. The auditor is employed

pursuant to a set of formal conditions and should expect appropriate

protection in the fulfillment of his or her responsibilities. These issues are

outlined below.

3.2 Expectations

3.2.1 Auditors work in teams. Audit teams perform their work in accordance

with DAGP’s Auditing Standards, which are described in detail in Chapter

4. The audit teams should fulfil a number of general expectations in

performing their duties:

a) At least one auditor within the audit team should be fully conversant with

the rules and regulations concerning the accounts to be audited.

b) The audit team should subject the audit entity to a complete and thorough

check according to the audit programme within the constraints of the time

available. Any failure to complete the prescribed audit programme must be

reported clearly and fully to the Audit Manager.

c) Each auditor is expected to use professional judgment in carrying out all

aspects of an audit programme.

d) Although it is not the responsibility of the auditor to detect fraud, every

auditor is expected to take appropriate action wherever a situation of fraud

is suspected.

3.3 Conditions of Employment

3.3.1 The conditions of employment of auditors within DAGP have been

formally and extensively documented in the Auditor-General’s Manual of

Standing Orders. Please refer to the Manual of Standing Orders for details.

3.4 Code of Ethics

3.4.1 Concept, Background and Purpose of the Code of Ethics

3.4.2 The Auditor General of Pakistan (AGP) has deemed it essential to establish

a Code of Ethics for auditors in the public sector.

a) This Code of Ethics is a comprehensive statement of the values and

principles which should guide the daily work of auditors. The

The auditor must

fulfil certain

expectations with

respect to

performance of

duties and ethical

conduct.

3-2

Audit Manual – Chapter 3

independence, powers and responsibilities of the public sector auditor place

high ethical demands on the Department of the Auditor General of Pakistan

and the staff deployed on audit work. This code of ethics for auditors in the

public sector outlines the ethical precepts of civil servants in general and

the particular requirement of auditors, including the latter’s professional

obligations.

b) With the Lima Declaration of Guidelines on Auditing Precepts as its

foundation, this Code of Ethics should be seen as a necessary complement,

reinforcing the Auditing Standards issued by the Auditor General of

Pakistan in June 2002 in line with INTOSAI Code of Ethics and Auditing

Standards.

c) The Code Ethics is directed at the individual auditor, the Auditor-General

of Pakistan, executive officers and all individuals working for or on behalf

of the AGP who are involved in audit work.

d) It is the responsibility of the AGP to ensure that all its auditors acquaint

themselves with the values and principles contained in this Code of Ethics

and act accordingly.

e) The conduct of auditors should be beyond reproach at all times and in all

circumstances. Any deficiency in their professional conduct or any

improper conduct in their personal life places the integrity of auditors, The

Department of AGP that they represent, and the quality and validity of their

audit work, in an unfavourable light, and may raise doubts about the

reliability and competence of the Department of the AGP itself. This code

of ethics for auditors should promote trust and confidence in the auditors

and their work.

f) It is of fundamental importance that the Department of the AGP is looked

upon with trust, confidence and credibility. The auditor promotes this by

adopting and applying the ethical requirements of the concepts embodied in

the key words Integrity, Independence and Objectivity, Confidentiality and

Competence.

3.4.3 Trust, Confidence and Credibility

3.4.4 The legislative and/or executive authority, the general public and the

audited entities are entitled to expect the conduct and approach of the

officers and the staff of the Department of the AGP to be above suspicion

and reproach and worthy of respect and trust.

a) Auditors should conduct themselves in a manner which promotes cooperation

and good relations among themselves and within the profession.

The support of the profession by its members and their co-operation with

one another are essential elements of professional character. The public

confidence and respect that an auditor enjoys is largely the result of the

cumulative accomplishments of all auditors, past and present. It is therefore

The general public

and the audited

entities expect the

conduct and

approach of the

officers of the

Department of the

AGP to be above

suspicion and

reproach

Audit Manual – Chapter 3

3-3

in the interest of auditors, and the public, for auditors to conduct themselves

in a fair and balanced way.

b) The legislative and/or executive authority, the general public and the

audited entities should be fully assured of the fairness and impartiality of all

the work the Department of the AGP.

c) In all parts of society there is a need for credibility. It is therefore essential

that the reports and opinions of the Department of the AGP are considered

to be thoroughly accurate and reliable by knowledgeable third parties.

d) All work performed by the Department of the AGP must stand the test of

legislative and executive scrutiny, public judgments on propriety, and

examination against this Code of Ethics.

3.4.5 Integrity

a) Integrity is the core value of this Code of Ethics. Auditors have a duty to

adhere to high standards of behaviour (e.g. honesty and candidness) in the

course of their work and in their relationships with the staff of audited

entities. In order to sustain public confidence, the conduct of auditors

should be above suspicion and reproach.

b) Integrity, including financial, moral, and intellectual integrity, can be

measured in terms of what is right and just. Integrity requires auditors to

observe both the form and the spirit of auditing and ethical standards.

Integrity also requires auditors to observe the principles of independence

and objectivity, maintain irreproachable standards professional conduct,

make decisions with the public interest in mind, and apply absolute honesty

in carrying out their work and in handling the resources of the Department

of the AGP.

3.4.6 Independence, Objectivity and Impartiality

a) Independence from the audited entity and other outside interest groups is

indispensable for auditors. This implies that auditors should behave in a

way that increases, or in no way diminishes, their independence.

b) Auditors should strive not only to be independent of audited entities and

other interested groups, but also to be objective in dealing with the issues

and topics under review.

c) It is essential that auditors are independent and impartial, not only in fact

but also in appearance.

d) In all matters relating to the audit work, the independence of auditors

should not be impaired by personal or external influence. Independence

may be impaired, for example, by external pressure or influence on auditors;

prejudices held by auditors about individuals, audited entities, projects or

programmes; recent previous employment with the audited entity; or

Auditors have a

duty to adhere to

high standards of

behaviour and to be

above suspicion and

reproach

Auditors should be

independent and

objective.

3-4

Audit Manual – Chapter 3

personal or financial dealings which might cause conflicts of loyalties or of

interests. Auditors have an obligation to refrain from becoming involved in

all matters in which they have a vested interest.

e) There is need for objectivity and impartiality in all work conducted by

auditors, particularly in their reports, which should be accurate and

objective. Conclusions in opinions and reports should, therefore, be based

exclusively on evidence obtained and assembled in accordance with the

auditing standards of the Department of the AGP.

f) Auditors should make use of information brought forward by the audited

entity and other parties. This information is to be taken into account in the

opinions expressed by the auditors in an impartial way. The auditor should

also gather information about the views of the audited entity and other

parties. However, the auditor’s own conclusions should not be affected by

such views.

3.4.7 Political neutrality

a) It is important to maintain both the actual and perceived political neutrality

of the Department of the AGP. Therefore, it is important that auditors

maintain their independence from political influence in order to discharge

their audit responsibilities in an impartial way. This is relevant for auditors

since Department of the AGP works closely with the legislative authorities,

which is empowered by law to consider the reports of the AGP.

3.4.8 Conflicts of Interest

a) When auditors are permitted to provide advice or services other than audit

to an audited entity, care should be taken that these services do not lead to a

conflict of interest. In particular, auditors should ensure that such advice or

services do not include management responsibilities or powers, which must

remain firmly with the management of the audited entity.

b) Auditors should protect their independence and avoid any possible conflict

of interest by refusing gifts or gratuities that could influence or be perceived

as influencing their independence and integrity. Government servants,

Conduct Rules, 1964 shall also apply in this regard.

c) Auditors should avoid all relationships with managers and staff in the

audited entity and other parties that may influence, compromise or threaten

the ability of auditors to act and be seen to be acting independently.

d) Auditors should not use their official position for private purposes and

should avoid relationships that involve the risk of corruption or may raise

doubts about their objectivity and independence.

e) Auditors should not use information received in the performance of their

duties as a means of securing personal benefit for themselves or for others.

It is important to

maintain political

neutrality f the

Department of the

AGP.

Auditors should

not be involved in

management

decisions or

activities.

Audit Manual – Chapter 3

3-5

Neither should they divulge information that would provide unfair or

unreasonable advantage to other individuals or organisations, nor should

they use such information as means for harming others.

3.4.9 Professional Secrecy

a) Auditors should not disclose information obtained in the auditing process to

third parties, either orally or in writing, except for the purposes of meeting

the statutory or other identified responsibilities of the Department of the

AGP as part of its normal procedures or in accordance with relevant laws.

3.4.10 Competence

a) Auditors have a duty to conduct themselves in a professional manner at all

times and to apply high professional standards in carrying out their work to

enable them to perform their duties competently and with impartiality.

b) Auditors must not undertake work they are not competent to perform.

c) Auditors should know and follow applicable auditing, accounting, and

financial management standards, policies, procedures and practices.

Likewise, they must possess a good understanding of the constitutional,

legal and institutional principles and standards governing the operations of

the audited entity.

3.4.11 Professional Development

3.4.12 Auditors should exercise due professional care in conducting and

supervising the audit and in preparing related reports.

a) Auditors should use methods and practices of the highest possible quality in

their audits. In the conduct of the audit and the issue of reports, auditors

have a duty to adhere to basic principles and generally accepted auditing

standards.

b) The Department of the AGP has a continuous obligation to update and

improve the skills of officers and staff in the discharge of their professional

responsibilities.

3.5 Glossary

3.5.1 The terms used in this Code of Ethics have the same interpretation or

definition as those used in the Auditing Standards.

3.6 Protection of the Auditor

3.6.1 Auditors must have the freedom to carry out audits in a conscientious and

thorough manner. There is an onus on the auditor to carry out the audits in

Auditors should not

disclose information

obtained in the

auditing process.

Auditors should

know auditing,

accounting, and

financial

management

standards, policies,

procedures and

practices.

3-6

Audit Manual – Chapter 3

a fair, objective and courteous manner (and comply with the Code of Ethics

presented in the Section above). In turn, the auditor expects to receive

cooperation and courtesy from those being audited.

3.6.2 Any serious attempts to hinder or impede the conduct of the audit should be

brought to the attention of the Audit Manager. Any concern of possible

intimidation or threat to the auditor must be taken seriously both by the

auditor and the management of DAGP. A formal process should be

followed wherever the auditor, or the conduct of the audit, is threatened, or

a risk of impedance is perceived. This process involves the following steps:

a) Whenever the auditor senses any problems in the conduct of the audit,

he/she should ensure that all meetings are held with at least two auditors

present and that notes of these meetings are clearly documented;

b) The auditor should inform his/her supervisor or Audit Manager in writing

of any serious incidents or concerns with specific details of what transpired;

c) A course of action is proposed by the Audit Manager, if necessary, in

consultation with senior management within DAGP;

d) Depending on the seriousness of the situation, and the nature of the problem,

one or more of the following courses of action should be implemented:

- The Audit Manager raises the issue with the Principal Accounting

Officer, or equivalent;

- A letter, signed by the Auditor-General or Deputy Auditor-General, is

submitted to the Principal Accounting Officer, or equivalent, and/or sent

to the Controller General;

- The composition of the audit team is changed;

- If necessary, after consultation with the Auditor-General, seek a legal

opinion or other course of action; and

- Whenever an individual auditor is not satisfied with the action taken, they

have the right to report their concern to the Assistant Auditor-General,

Personnel, a Deputy Auditor-General or the Auditor-General.

Attempts to hinder

or impede the

conduct of the audit

should be brought to

the attention of the

Audit Manager

Audit Manual – Chapter 4

4-1

4. DAGP AUDIT STANDARDS

4.1 Basic Principles in Government Auditing

4.1.1 The general framework of the auditing standards of the Auditor General of

Pakistan is based on the principles of the latest INTOSAI Auditing

Standards.

4.1.2 The INTOSAI auditing standards consist of four parts.

a) Basic principles

b) General standards

c) Field standards

d) Reporting standards

4.1.2 These standards have been developed to provide a framework for the

establishment of procedures and practices to be followed in the conduct of

an audit, including audits of computer-based systems. They should be

viewed in the context of the particular constitutional and legal provisions

applicable to the Department of the Auditor General of Pakistan.

4.1.3 The basic principles for auditing standards are basic assumptions,

consistent premises, logical principles and requirements which help in

developing auditing standards and serve the auditors in forming their

opinions and reports, particularly in cases where no specific standards

apply.

4.1.4 Auditing standards should be consistent with the principles of auditing:

They also provide guidance for the auditor that helps determine the extent

of auditing steps and procedures that should be applied in the audit.

Auditing Standards constitute the criteria or yardsticks against which the

quality of the audit results are evaluated.

4.1.5 Interpretations, explanation and amendments of these standards are the

prerogative and responsibility of the AGP.

4.1.6 The basic principles are:

a) The Department of the AGP will ensure compliance with the auditing

standards in all matters that are deemed material. These standards will be

applied to ensure that the work is of consistently high quality.

b) The Department of the AGP shall apply its own judgment to the diverse

situations that arise in the course of government auditing (see paragraph

4.1.14)

c) With increased public consciousness, the demand for public accountability

of persons or entities managing public resources has become increasingly

evident so that there is a need for the accountability process to be in place

and operating effectively (see paragraph 4.1.19)

Audit standards

provide a framework

to be followed in the

conduct of an audit.

Ensure compliance

with auditing

standards.

Apply judgement.

4-2

Audit Manual – Chapter 4

d) Development of adequate information, control, evaluation and reporting

systems within the government will facilitate the accountability process.

Management is responsible for correctness and sufficiency of the form and

content of the financial reports and other information (see paragraph 4.1.21)

e) Appropriate authorities should ensure the promulgation of acceptable

accounting standards for financial reporting and disclosure relevant to the

need of the government, and audited entities should develop specific and

measurable objectives and performance targets (see paragraph 4.1.23)

f) Consistent application of acceptable accounting standards should result in

the fair presentation of the financial position and the results of operations

(see paragraph 4.1.26)

g) The existence of an adequate system of internal control minimises the risk

of errors and irregularities (see paragraph 4.1.28)

h) Legislative enactments would facilitate the co-operation of audited entities

in maintaining and providing access to all relevant data necessary for a

comprehensive assessment of the activities under audit (see paragraph

4.1.30)

i) All audit activities should be within the audit mandate of the Auditor

General of Pakistan (see paragraph 4.1.32)

j) The Department of the AGP shall work towards improving techniques for

auditing the validity of performance measures (see paragraph 4.1.41)

4.1.7 The following paragraphs discuss the importance of the basic principles for

auditing.

4.1.8 The basic auditing principles stipulate that:

The Department of the AGP shall ensure compliance of the auditing

standards in all matters that are defined as material. These standards will be

applied to ensure that the work is of consistently high quality.

4.1.9 In general terms, a matter may be judged material if knowledge of it would

be likely to influence the user of the financial statements or the performance

audit report.

4.1.10 Materiality is often considered in terms of value but the inherent nature or

characteristics of an item or group of items may also render a matter

material—for example, where the law or regulation requires it to be

disclosed separately regardless of the amount involved.

4.1.11 In addition to materiality by value and by nature, a matter may be material

because of the context in which it occurs. For example, considering an item

in relation to:

a) The overall view given to the financial information;

Audit Manual – Chapter 4

4-3

b) The total of which it forms a part;

c) Associated terms and issues;

d) The corresponding amount in previous years.

4.1.12 Sometimes the Department of the AGP carries out activities that by strict

definition do not qualify as audits, but which contribute to better

government, e.g., (a) gathering data without conducting substantial analysis,

(b) legal work, (c) an assistance mission for members of the elected

Assemblies as regards investigations and consultations of files of the

Department of the AGP. These non-audit activities provide valuable

information to decision-makers and should be of consistently high quality.

4.1.13 To ensure that high quality work is done, appropriate standards must be

followed. The objectives of the particular type of work or the particular

assignment should dictate the specific standards that are followed. The

Department of the AGP shall establish a policy for implementing these

standards to ensure that the work and products are of high quality.

4.1.14 The basic auditing principles stipulate that:

The Department of the AGP shall apply its own judgment to the diverse

situations that arise in the course of government auditing (see paragraph

4.1.6b)

4.1.15 Audit evidence plays an important part in the auditor’s decision concerning

the selection of issues and areas for the audit and the nature, timing and

extent of audit tests and procedures.

4.1.16 The terms of the audit mandate with which the Department of the AGP is

endowed override any accounting or auditing conventions with which they

conflict, and hence have a crucial bearing on the auditing standards that the

Department applies.

4.1.17 The Department of the AGP must judge the extent to which external

auditing standards are compatible with the fulfilment of its mandate.

4.1.18 For some elements of the mandate of the AGP, particularly in regard to the

audit of financial statements, the audit objectives may be akin to the

objectives of audits in the private sector. Correspondingly, private sector

standards for the financial statements auditing which are promulgated by

official regulatory bodies might be applicable to the government auditor.

4.1.19 The basic auditing principles stipulate that:

With increased public consciousness, the demand for the public

accountability of persons or entities managing resources has become

increasingly evident so that there is a greater need for the accountability

process to be in place and operating effectively (see paragraph 4.1.6c)

4-4

Audit Manual – Chapter 4

4.1.20 Public enterprises are also required to fulfil public accountability

obligations. Public enterprises may include commercial undertakings, e.g.

entities established by statute or executive order or in which the

Government has a controlling interest. Irrespective of the manner in which

they are constituted, their functions, degree of autonomy or funding

arrangements, such entities are ultimately accountable to the respective

legislature.

4.1.21 The basic auditing principles stipulate that:

Development of adequate information, control, evaluation and reporting

systems within the government will facilitate the accountability process.

Management is responsible for correctness and sufficiency of the form and

content of the financial reports and other information (see paragraph 4.1.6d)

4.1.22 The correctness and sufficiency of the financial reports and statements are

the entity’s expression of the financial position and the results of operations.

It is also the entity’s obligation to design a practical system which will

provide relevant and reliable information.

4.1.23 The basic auditing principles stipulate that:

Appropriate authorities should ensure the promulgation of acceptable

accounting standards for financial reporting and disclosure relevant to the

needs of the government, and audited entities should develop specific and

measurable objectives and performance targets (see paragraph 4.1.6e)

4.1.24 The Department of the AGP shall work with the accounting standards

setting organisations to help ensure that proper accounting standards are

issued for the government.

4.1.25 The Department of the AGP shall also recommend to the audited entities

that measurable and clearly stated objectives be established and that

performance targets be set for these objectives.

4.1.26 The basic auditing principles stipulate that:

Consistent application of acceptable accounting standards should result in

the fair presentation of the financial position and the results of operations

(see paragraph 4.1.6f)

4.1.27 The assumption that consistency in application of accounting standards is a

prerequisite of fairness means that an audited entity must comply with

accounting standards appropriate in the circumstances, as well as the

requirements of applying such accounting standards in a consistent manner.

An auditor should not consider compliance with accounting standards in a

consistent manner as a definitive proof of presenting fairly the various

financial reports. Fairness is an expression of an auditor’s opinion that goes

beyond the limits of consistent application of accounting standards. Such an

assumption emphasises that the auditing standards are no more than the

minimum requirements for an auditor’s obligation. Going beyond that

minimum is for the auditor’s judgment.

Audit Manual – Chapter 4

4-5

4.1.28 The basic auditing principles stipulate that:

The existence of an adequate system of internal control minimises the risk

of errors or irregularities (see paragraph 4.1.6g)

4.1.29 It is the responsibility of the audited entity to develop adequate internal

control systems to protect its resources. It is not the auditor’s responsibility.

It is also the obligation of the audited entity to ensure that controls are in

place and functioning to help ensure that applicable statutes and regulations

are complied with, and that probity and propriety are observed in decision

making. However, this does not relieve the auditor from submitting

proposals and recommendations to the audited entity where controls are

found to be inadequate or missing.

4.1.30 The Basic auditing principles stipulate that:

Legislative enactments would facilitate the co-operation of audited entities

in maintaining and providing access to all relevant data necessary for a

comprehensive assessment of the activities under audit (see paragraph

4.1.6h)

4.1.31 The Department of the AGP must have access to the sources of information

and data as well as access to officials and employees of the audited entity in

order to carry out properly its audit responsibilities. Enactment of

legislative requirements for access by the auditor to such information and

personnel will help minimise future problems in this area.

4.1.32 The basic auditing principles stipulate that:

All audit activities should be within the audit mandate of the AGP (see

paragraph 4.1.6i)

4.1.33 The essential function of the department of the AGP is to uphold and

promote public accountability. This jurisdictional function requires the

Department to make sure that whoever is charged with dealing with public

funds is accountable to it and is in this regard subject to its jurisdiction.

4.1.34 There exists an important complementarity between this jurisdictional

authority and the other characteristics of audit. This characteristic should be

viewed as a part of the logic of the general objective pursued by external

audit and more particularly those which relate to accounting management.

4.1.35 The full scope of government auditing includes regularity and performance

audit.

4.1.36 Regularity audit embraces:

a) Attestation of financial accountability of accountable entities, involving

examination and evaluation of financial records and expression of opinions

of financial statements;

b) Attestation of financial accountability of the government administration as

a whole;

4-6

Audit Manual – Chapter 4

c) Audit of financial systems and transactions including an evaluation of

compliance with applicable statutes and regulations;

d) Audit of internal control and audit functions;

e) Audit of the probity of administrative decisions taken within the audited

entity; and

f) Reporting of any other matters arising from or relating to the audit that the

Department of the AGP considers should be disclosed.

4.1.37 Performance audit is concerned with the audit of economy, efficiency and

effectiveness and embraces:

a) Audit of the economy of administrative activities in accordance with sound

administrative principle and practices, and management policies;

b) Audit of the efficiency of utilisation of human, financial and other resources,

including examination of information systems, performance measures and

monitoring arrangements, and procedures followed by audited entities for

remedying identified deficiencies; and

c) Audit of the effectiveness of performance in relation to the achievement of

the objectives of the audited entity, and audit of the actual impact of

activities compared with the intended impact.

4.1.38 In practice there can be an overlap between regularity and performance

auditing, and in such cases classification of a particular audit will depend

on the primary purpose of that audit.

4.1.39 The mandate of the Department of the AGP shall clearly delineate its

powers and responsibilities in relation to performance auditing in all areas

of government activity, among other things to facilitate the application of

appropriate auditing standards.

4.1.40 Public accountability will be more effectively promoted where the mandate

enables the SAI to conduct, or direct the conduct of, regularity and

performance auditing of all public enterprises.

4.1.41 The general auditing principles stipulate that:

The Department of the AGP shall work towards improving techniques for

auditing the validity of performance measures (see paragraph 4.1.6j)

4.1.42 The expanding audit role of the auditors will require them to improve and

develop new techniques and methodologies to assess whether reasonable

and valid performance measures are used by the audited entity. The auditors

should avail themselves of techniques and methodologies of other

disciplines.

4.1.43 The scope of the audit mandate will determine the scope of the standards to

be applied by the Department of the AGP.

Audit Manual – Chapter 4

4-7

4.2 General standards in Government Auditing

4.2.1 This section deals with general standards in government auditing. The

general auditing standards describe the qualifications of the auditor

and/or the auditing institution so that they may carry out the tasks related

to field and reporting standards in a competent and effective manner.

4.2.2 The general auditing standards are that the Department of the AGP shall

adopt policies and procedures to:

a) Recruit personnel with suitable qualifications (see paragraph 4.2.3)

b) Develop and train employees of the Department of the AGP to enable

them to perform their tasks effectively, and to define the basis for the

advancement of auditors and other staff (see paragraph 4.2.5)

c) Prepare manual and other written guidance and instructions concerning

the conduct of audit (see paragraph 4.2.13).

d) Support the skills and experience available within the Department of the

AGP and identify the skills which are absent; provide a good distribution

of skills to auditing tasks and assign a sufficient number of persons for

the audit; and have proper planning and supervision to achieve its goals at

the required level of due care and concern (see paragraph 4.2.15)

e) Review the efficiency and effectiveness of the Department internal

standards and procedures (see paragraph 4.2.25)

4.2.3 The general standards for Department of the AGP include:

The Department shall frame policies and develop procedures to recruit

personnel with suitable qualifications (see paragraph 4.2.2a)

The following paragraph explains recruitment as an auditing standard.

4.2.4 Personnel of the Department of the AGP shall possess suitable academic

qualifications and be equipped with appropriate training and experience.

The Department shall establish, and regularly review, minimum educational

requirements for the appointment of auditors.

4.2.5 The general standards include:

The Department shall frame policies and procedures to develop and train its

employees to enable them to perform their tasks effectively and to define

the basis for the advancement of auditors and other staff (see paragraph

4.2.2b)

The following paragraphs explain training and development as an auditing

standard.

4.2.6 The Department shall take adequate steps to provide for continuing

professional development of its personnel, including, as appropriate,

4-8

Audit Manual – Chapter 4

provision of in-house training and encouragement of attendance at external

courses.

4.2.7 The Department shall maintain an inventory of skills of personnel to assist

in the planning of audits as well as to identify professional development

needs.

4.2.8 The Department shall establish and regularly review criteria, including

educational requirements, for the advancement of auditors and other staff of

the SAI.

4.2.9 The Department shall also establish and maintain policies and procedures

for the professional development of audit staff regarding the audit

techniques and methodologies applicable to the range of audits it

undertakes.

4.2.10 Personnel of the Department of the AGP shall have a good understanding

of the government environment, including such aspects as the role of the

legislature, the legal and institutional arrangements governing the

operations of the executive and the charters of the public enterprises.

Likewise, trained audit staff must possess an adequate knowledge of the

Department’s auditing standards, policies, procedures and practices.

4.2.11 Audit of financial systems, accounting records and financial statements

requires training in accounting and related disciplines as well as a

knowledge of applicable legislation and executive orders affecting the

accountability of the audited entity. Further, the conduct of performance

audits may require, in addition to the above, training in such areas as

administration, management, economics and the social sciences.

4.2.12 The Department shall encourage its personnel to become members of a

professional body relevant to their work and to participate in that body’s

activities.

4.2.13 The general standards include:

The Department shall adopt policies and develop procedures to prepare

manuals and other written guidance and instructions concerning the conduct

of audits (see paragraph 4.2.2c)

The following paragraph explains written guidance as an auditing standard

.

4.2.14 Communication to staff of the Department of the AGP by means of

circulars containing guidance, and the maintenance of an up-to-date audit

manual setting out its policies, standards and practices, is important in

maintaining the quality of audits.

4.2.15 The general standards include:

The Department shall frame policies and develop procedures to support the

skills and experience available within the Department and identify those

skills which are absent; provide a good distribution of skills to auditing

Audit Manual – Chapter 4

4-9

tasks and a sufficient number of persons for the audit and have proper

planning and supervision to achieve its goals at the required level of due

care and concern (see paragraph 4.2.2d)

The following paragraphs explain the use of skills as an auditing standard.

4.2.16 Resources required to undertake each audit need to be assessed so that

suitably skilled staff may be assigned to the work and a control placed on

staff resources to be applied to the audit.

4.2.17 The extent to which academic attainment should be related specifically to

the audit task varies with the type of auditing undertaken. It is not necessary

that each auditor possess competence in all aspects of the audit mandate.

However, policies and procedures governing the assignment of personnel to

audit tasks should aim at deploying personnel who have the auditing skills

required by the nature of the audit task so that the team involved on a

particular audit collectively possesses the necessary skills and expertise.

4.2.18 It shall be open to the Department of the AGP to acquire specialised skills

from external sources if the successful carrying out of an audit so requires

in order that the audit findings, conclusions and recommendations are

perceptive and soundly based and reflect an adequate understanding of the

subject area of the audit. It is for the Department of the AGP to judge, in its

particular circumstances, to what extent its requirements are best met by inhouse

expertise as against employment of outside experts.

4.2.19 Policies and procedures governing supervision of audits are important

factors in the performance of the SAI’s role at an appropriate level of

competence. The Department of the AGP shall ensure that audits are

planned and supervised by auditors who are competent, knowledgeable in

the standards and methodologies, and equipped with an understanding of

the specialities and peculiarities of the environment.

4.2.20 For the audit of financial statements which cover the executive branch of

government as a whole, the audit teams deployed shall be equipped to

undertake a co-ordinated evaluation of departmental accounting systems, as

well as of central agency co-ordination arrangement and control

mechanisms. Teams will require a knowledge of the relevant government

accounting and control systems, and an adequate expertise in the auditing

techniques applied by the Department to this type of audit.

4.2.21 Unless the Department is equipped to undertake, within a reasonable timescale,

all relevant audits, including performance audits covering the whole

of every audited entity’s operations, criteria shall be needed for determining

the range of audit activities which, within the audit period or cycle, will

give the maximum practicable assurance regarding performance of public

accountability obligations by each audited entity.

4.2.22 In determining the allocation of its resources among different audit

activities, the Department shall give priority to any audit tasks which must,

by law, be completed within a specified time frame. Careful attention shall

4-10

Audit Manual – Chapter 4

be given to strategic planning so as to identify an appropriate order of

priority for discretionary audits to be undertaken.

4.2.23 Assignment of priorities compatible with maintaining the quality of

performance across the mandate involve the exercise of judgment by the

Department of the AGP in the light of available information. Maintenance

of a portfolio of data pertaining to the structure, functions and operations of

audited entities will assist the department in identifying areas of materiality

and vulnerability and areas holding potential for improvements in

administration.

4.2.24 Before each audit is undertaken proper authorisation for its commencement

shall be given by designated personnel within the Department of the AGP.

This authorisation shall include a clear statement of the objectives of the

audit, its scope and focus, resources to be applied to the audit in terms of

skills and quantum, arrangements for reviews of progress at appropriate

points, and the dates by which fieldwork is to be completed and a report on

the audit is to be provided.

4.2.25 The general standards include:

The Department of the AGP shall frame polices and develop procedures to

review the efficiency and effectiveness of its internal standards and

procedures (see paragraph 4.2.2e)

The following paragraphs explain quality assurance reviews as an auditing

standard.

4.2.26 Because of the importance of ensuring a high standard of work by the

Department of the AGP it shall pay particular attention to quality assurance

programmes in order to improve audit performance and results. The

benefits to be derived from such programmes make it essential for

appropriate resources to be available for this purpose. It is important that

the use of these resources be matched against the benefits to be obtained.

4.2.27 The Department of the AGP shall establish systems and procedures to:

a) Confirm that integral quality assurance processes have operated

satisfactorily.

b) Ensure the quality of the audit report; and

c) Secure improvements and avoid repetition of weaknesses.

4.2.28 As a further means of ensuring quality of performance, additional to the

review of audit activity by personnel having line responsibility for the

audits concerned, the Department shall establish its own quality assurance

arrangements. That is, planning, conduct and reporting in relation to a

sample of audits may be reviewed in depth by suitably qualified personnel

of the Department not involved in those audits, in consultation with the

relevant audit line management regarding the outcome of the internal

quality assurance arrangements and periodic reporting to the top

management of the Department.

Audit Manual – Chapter 4

4-11

4.2.29 It is appropriate for the Department of the AGP to institute their own

internal audit function with a wide charter to assist it to achieve effective

management of its own operations and sustain the quality of its

performance.

4.2.30 The quality of the work of the Department shall be enhanced by

strengthening internal review and by independent appraisal of its work.

4.2.31 The Department shall ensure that applicable standards are followed on all

audits and that deviations from the standards which are determined to be

appropriate are documented.

4.3 Standards with Ethical Significance

4.3.1 The general auditing standards include:

a) The auditor and the Department of the AGP must be independent (see

paragraph 4.3.2)

b) The Department of the AGP shall avoid conflict of interest between the

auditor and the entity under audit (see paragraph 4.3.28)

c) The auditor and the Department of the AGP must possess the required

competence (see paragraph 4.3.30)

d) The auditor and the department of the AGP must exercise due care and

concern in complying with these auditing standards. This embraces due

care in planning, specifying, gathering and evaluating evidence, and in

reporting findings, conclusions and recommendations (see paragraph 4.3.36)

Independence

4.3.2 The general standards for the auditor and the Department of the AGP

include:

The auditor and the Department must be independent (see paragraph 4.3.1a)

The following paragraphs explain independence as an auditing standard.

In particular, paragraphs 4.3.4 – 4.3.11 explain independence from the

legislature, paragraphs 4.3.12 – 4.3.21 from the executive, and paragraphs

4.3.22 – 4.3.26 from the audited entity.

4.3.3 Whatever the form of government, the need for independence and

objectivity in audits is vital. An adequate degree of independence from both

the legislature and the executive branch of government is essential to the

conduct of audit and to the credibility of its results.

4.3.4 The legislature is one of the main users of the services of the Department of

the Auditor General of Pakistan. It is from the Constitution and the

legislation that the SAI derives its mandate, and a frequent feature of the

Department’s function is its reporting to the legislature. The SAI can be

expected to work closely with the legislature, including with any

committees empowered by the legislature to consider its reports. Such

liaison can contribute to effective follow-up of the Department’s work.

4-12

Audit Manual – Chapter 4

4.3.5 The important results of audits of the carrying-out of the budget and of

administration and disputes and disagreements with audited administrations

shall be brought to the attention of the legislative body by way of report or

special communication.

4.3.6 Special committees created within the legislative body may be charged with

examining, in the presence of delegates from the audited services and other

representatives, the comments in the reports and special communications of

the Department of the AGP.

4.3.7 The Department of the AGP may give members of the legislature factual

briefings on audit reports, but it is important that it maintains its

independence from political influence, in order to preserve an impartial

approach to its audit responsibilities. This implies that the Department of

the AGP shall not be responsive, nor give the appearance of being

responsive, to the wishes of particular political interests.

4.3.8 While the Department of the AGP observes the laws enacted by the

legislature, adequate independence requires that it not otherwise be subject

to direction by the legislature in the programming, planning and conduct of

its work in accordance with its mandate and adopt methodologies

appropriate to audits. The Department of the AGP needs freedom to set

priorities and programme the audits to be undertaken.

4.3.9 In cases where the legislature requests the AGP to undertake any audit, the

Department of the AGP shall be free to determine the manner in which it

conducts its work, including those tasks requested by the legislature.

4.3.10 It is appropriate for the legislation to specify minimum reporting

requirements, including the matters to be subject to an audit opinion and a

reasonable time within which reports should be made. Apart from that,

flexible arrangements for the Department’s reporting to the legislature,

without restriction on content or timing of reports, would support the

maintenance of independence.

4.3.11 It is necessary that the Department of the AGP is provided with sufficient

resources, for the effective exercise of its mandate.

4.3.12 The executive branch of the government and the SAI do have common

interests in the promotion of public accountability. But the essential

relationship with the executive is that of external auditor. As such the

reports of the AGP are expected to assist the executive by drawing attention

to deficiencies in administration and recommending improvements. Care

should be taken to avoid participation in the executive’s functions of the

kind that would militate against the independence and objectivity of the

Department of the AGP in the discharge of its mandate.

4.3.13 It is important for the independence of the Department of the AGP that

there be no power of direction by the executive in relation to the

Department’s performance of its mandate. The Department shall not be

obliged to carry out, modify or refrain from carrying out, an audit or

suppress or modify audit findings, conclusions and recommendations.

Audit Manual – Chapter 4

4-13

4.3.14 A degree of co-operation between the Department of the AGP and the

executive is desirable in some areas. The SAI shall be ready to advise the

executive in such matters as accounting standards and policies and the form

of financial statements. The Department must ensure that in giving such

advice it avoids any explicit or implied commitment that would impair the

independent exercise of its audit mandate.

4.3.15 Maintenance of the independence of the Department of the AGP does not

preclude requests by the executive proposing matters for audits. But to

enjoy adequate independence, the Department shall have the discretion to

decline any such request. It is fundamental to the concept of SAI

independence that decisions as to the audit tasks comprising the programme

shall rest finally with the Department of the AGP.

4.3.16 A sensitive area in relationships between the Department of the AGP and

the executive concerns provision of resources to the Department. In varying

degrees, reflecting constitutional and institutional differences, arrangements

for the SAI’s resource provision may be related to the executive branch of

government’s financial situation and general expenditure policies. As

against that, effective promotion of public accountability requires that the

Department of the AGP be provided with sufficient resources to enable it to

discharge its responsibilities in a reasonable manner.

4.3.17 Any imposition of resource or other restriction by the executive which

would constrain the exercise of its mandate by the Department of the AGP

would be an appropriate matter for report by the Department to the

legislature.

4.3.18 The legal mandate should provide for full and free access by the

Department of the AGP to all premises and records relevant to audited

entities and their operations and should provide adequate powers for the

Department to obtain relevant information from persons or entities

possessing it.

4.3.19 Unless specifically prevented by law, the executive shall permit access by

the Department of the AGP to sensitive information which is necessary and

relevant to the discharge of the responsibilities of the Department.

4.3.20 The Department of the AGP shall ensure that its mandate and its

independent status is well understood in the community. The Department

shall, as appropriate opportunities arise, undertake an educational role in

that regard.

4.3.21 Functional independence of the Department of the AGP need not preclude

arrangements with executive entities in regard to its administration in

matters such as personnel management, property management or common

purchasing of equipment and stores, though executive entities shall not be

in a position to take decisions that would jeopardise the independence of

the Department in discharging its mandate.

4.3.22 The Department of the AGP must remain independent from audited entities.

It shall, however, seek to create among audited entities an understanding of

its role and function, with a view to maintaining amicable relationships

4-14

Audit Manual – Chapter 4

with them. Good relationships can help the department to obtain

information freely and frankly and to conduct discussions in an atmosphere

of mutual respect and understanding. In this spirit, the Department while

retaining its independence, can agree to be associated with reforms which

are planned by the Administration in areas such as public accounts or

financial legislation or agree to be consulted about the preparation of draft

laws or rules affecting its competence or its authority. In these cases it is

not, however, a matter of the Department interfering in administrative

management but a matter of co-operating with certain administrative

services by giving them technical assistance or by putting financial

management experience of the Department at their disposition.

4.3.23 In contrast to private sector audit, where the auditor’s agreed task is

specified in an engagement letter, the audited entity is not in a client

relationship with the Department of the AGP. The Department has to

discharge its mandate freely and impartially, taking management views into

consideration in forming audit opinions, conclusions and recommendations,

but owing no responsibility to the management of the audited entity for the

scope or nature of the audits undertaken.

4.3.24 The Department of the AGP shall not participate in the management or

operations of an audited entity. Audit personnel should not become

members of management committees and, if audit advice is to be given, it

shall be conveyed as audit advice or recommendation and acknowledged

clearly as such.

4.3.25 Any personnel of the Department of the AGP having close affiliations with

the management of an audited entity, such as social, kinship or other

relationship conducive to a lessening of objectivity, shall not be assigned to

audit that entity.

4.3.26 Personnel of the Department of the AGP should not become involved in

instructing personnel of an audited entity as to their duties. In those

instances where the Department decides to establish a resident office at the

audited entity with the purpose of facilitating the ongoing review of its

operations, programmes and activities, personnel of the Department of the

AGP shall not engage in any decision making or approval process which is

considered the auditee’s management responsibilities.

4.3.27 The Department of the AGP may co-operate with academic institutions and

enter formal relationships with professional bodies, provided the

relationships do not inhibit its independence and objectivity, in order to

avail itself of the advice of experienced members of the profession at large.

Conflict of interest

4.3.28 The Department of the AGP shall avoid conflict of interest between the

auditor and the entity under audit (see paragraph 4.3.1b)

4.3.29 The Department of the AGP performs its role by carrying out audits of the

accountable entities and reporting the results. To fulfil this role, the

Department needs to maintain its independence and objectivity. The

Audit Manual – Chapter 4

4-15

application of appropriate general auditing standards assists the Department

to satisfy these requirements.

Competence

4.3.30 The general standards for the auditor and the Department of the AGP

include:

The auditor and the Department must possess the required competence (see

paragraph 4.3.1c)

The following paragraphs explain competence as an auditing standard.

4.3.31 The mandate of the Department of the AGP generally imposes a duty of

forming and reporting audit opinions, conclusions and recommendations.

This duty shall remain that of the heads of the Audit offices.

4.3.32 Discussions within the SAI promote the objectivity and authority of

opinions and decisions. Decision and opinions as such relating to

conclusions, findings and recommendations in the Audit reports are taken

in the name of the AGP.

4.3.33 Since the duties and responsibilities thus borne by the Department of the

AGP are crucial to the concept of public accountability, the Department

must apply to its audits, methodologies and practices of the highest quality.

It is incumbent upon it to formulate procedures to secure effective exercise

of its responsibilities for audit reports, unimpaired by less than full

adherence by personnel or external experts to its standards, planning

procedures methodologies and supervision.

4.3.34 The Department of the AGP needs to command the range of skills and

experience necessary for effective discharge of the audit mandate.

Whatever the nature of the audits to be undertaken under that mandate, the

audit work shall be carried out by persons whose education and experience

is commensurate with the nature, scope and complexities of the audit task.

The department shall equip itself with the full range of up-to-date audit

methodologies, including systems-based techniques, analytical review

methods, statistical sampling and audit of automated information systems.

4.3.35 In view of the wide and discretionary nature of mandate of the Department

of the AGP, the task of the ensuring quality of performance across the

whole mandate becomes more complex. The Department shall, therefore,

ensure, within itself, a high standard of management.

Due Care

4.3.36 The general standards for the auditor and the Department of the AGP

include

The auditor and the Department must exercise due care and concern in

complying with the auditing standards. This embraces due care in

specifying, gathering and evaluating evidence, and in reporting findings,

conclusions and recommendations (see paragraph 4.3.1d)

4-16

Audit Manual – Chapter 4

The following paragraphs explain due care as an auditing standard.

4.3.37 The Department of the AGP must be, and be seen to be, objective in its

audit of entities and public enterprises. It should be fair in its evaluations

and in its reporting of the outcome of audits.

4.3.38 Performance and exercise of technical skill should be of a quality

appropriate to the complexities of a particular audit. Auditors need to be

alert for situations, control weaknesses, inadequacies in record keeping,

errors and unusual transactions or results which could be indicative of fraud,

improper or unlawful expenditure, unauthorised operations, waste,

inefficiency or lack of probity.

4.3.39 Where an authorised or recognised entity sets standards or guidelines for

accounting and reporting by public enterprises, the Department of the AGP

may use such guidelines in the course of its examination.

4.3.40 If the department of the AGP employs external experts as consultants it

must exercise due care to assure itself of the consultants’ competence and

aptitude for the particular tasks involved. This standard applies also where

outside auditors are engaged on contract with the Department. In addition

care must be taken to ensure that audit contracts include adequate provision

for the SAI to determine the planning, the audit scope, the performing, and

the reporting on the audit.

4.3.41 Should the Department of the AGP, in the performance of its functions,

need to seek advice from specialists external to the Department, the

standards for exercise of due care in such arrangements have a bearing also

on the maintenance of quality of performance. Obtaining advice from an

external expert does not relieve the Department of responsibility for the

opinions formed or conclusions reached on the audit task.

4.3.42 When the Department of the AGP uses the work of another auditor(s), it

must apply adequate procedures to provide assurance that the other

auditor(s) has exercised due care and complied with relevant auditing

standards, and may review the work of the other auditor(s) to satisfy itself

as to the quality of that work.

4.3.43 Information about an audited entity acquired in course of the auditor’s work

must not be used for purposes outside the scope of an audit and the

formation of an opinion or in reporting in accordance with the auditor’s

responsibilities. It is essential that the Department of the AGP maintain

confidentiality regarding audit matters and information arising from its

audit task. However, the Department must be entitled to report offences

against the law to proper prosecuting authorities.

4.4 Field Standards in Government Auditing

4.4.1 The purpose of field standards is to establish the criteria or overall

framework for the purposeful, systematic and balanced steps or actions that

the auditor has to follow. These steps and actions represent the rules of

research that the auditor, as a seeker of audit evidence, implements to

achieve a specific result.

Audit Manual – Chapter 4

4-17

4.4.2 The field standards establish the framework for conducting and managing

audit work. They are related to the general auditing standards, which set out

the basic requirements for undertaking the tasks covered by the field

standards. They are also related to the reporting standards, which cover the

communication aspect of auditing, as the result of carrying out the field

standards constitute the main source for the contents of the opinion or

report.

4.4.3 The field standards applicable to all types of audit are:

a) The auditor shall plan the audit in a manner which ensures that an audit of

high quality is carried out in an economic, efficient and effective way and

in a timely manner (see paragraph 4.4.2.1)

b) The work of the audit staff at each level and audit phase shall be properly

supervised during the audit; and documented work shall be reviewed by a

senior member of the audit staff (see paragraph 4.4.3.1)

c) The auditor, in determining the extent and scope of the audit, shall study

and evaluate the reliability of internal control (see paragraph 4.4.4.1)

d) In conducting regularity (financial) audits, a test should be made of

compliance with applicable laws and regulations. The auditor should

design audit steps and procedures to provide reasonable assurance of

detecting errors, irregularities, and illegal acts that could have a direct and

material effect on the financial statement amounts or the results of

regularity audits. The auditor also should be aware of the possibility of

illegal acts that could have an indirect and material effect on the financial

statements or results of regularity audits.

4.4.4 In conducting performance audits, an assessment should be made of

compliance with applicable laws and regulations when necessary to satisfy

the audit objectives. The auditor should design the audit to provide

reasonable assurance of detecting illegal acts that could significantly affect

audit objectives. The auditor also should be alert to situations or

transactions that could be indicative of illegal acts that may have an indirect

effect on the audit results.

4.4.5 Any indications that an irregularity, illegal act, fraud or error may have

occurred which could have a material effect on the audit should cause the

auditor to extend procedures to confirm or dispel such suspicions.

4.4.6 The regularity audit is an essential aspect of government auditing. One

important objective which this type of audit assigns to the Department of

the AGP is to make sure, by all the means put at its disposal, that the

Government budget and accounts are complete and valid. This will provide

legislature and other users of the audit report with assurance about the size

and development of the financial obligations of the Government. To

achieve this objective the Department will examine the accounts and

financial statements of the administration with a view to assuring that all

operations have been correctly undertaken, completed, passed, paid and

registered. The audit procedure normally results, in the absence of

irregularity, in the granting of an unqualified certificate (see paragraph

4.4.5.1)

4-18

Audit Manual – Chapter 4

e) Competent, reliable, relevant and reasonable evidence should be obtained

to

support the auditor’s judgment and conclusion regarding the organisation,

programme, activity or function under audit (see paragraph 4.4.6.1)

f) In regularity (financial) audit, and in other types of audit when applicable,

auditors should analyse the financial statements to establish whether

acceptable accounting standards for financial reporting and disclosure are

complied with. Analysis of financial statements should be performed to

such a degree that a rational basis is obtained to express an opinion on

financial statements (see paragraph 4.4.7.1)

Planning

4.4.7 The field standards include:

The auditor should plan the audit in a manner which ensures that an audit of

high quality is carried out in an economic, efficient and effective way and

in a timely manner (see paragraph 4.4.1.3a)

The following paragraphs explain planning as an auditing standard.

4.4.8 The Department of the AGP shall give priority to any audit tasks which

must be undertaken by law and assess priorities for discretionary areas

within mandate of the AGP.

4.4.9 In planning an audit, the auditor should:

a) Identify important aspects of the environment in which the audited

entity operates;

b) Develop an understanding of the accountability relationships;

c) Consider the form, content and users of audit opinions, conclusions or

reports;

d) Specify the audit objectives and the tests necessary to meet them;

e) Identify key management systems and controls and carry out a

preliminary assessment to identify both their strengths and weakness;

f) Determine the materiality of matters to be considered;

g) Review the internal audit of the audited entity and its work programme;

h) Assess the extent of the reliance that might be placed on other auditors,

for example, internal audit;

i) Determine the most efficient and effective audit approach;

Audit Manual – Chapter 4

4-19

j) Provide for a review to determine whether appropriate action has been

taken on previously reported audit findings and recommendations; and

k) Provide for appropriate documentation of the audit plan and for the

proposed fieldwork.

4.4.10 The following planning steps are normally included in an audit;

a) Collect information about the audited entity and its organisation in

order to assess risk and to determine materiality;

b) Define the objective and scope of the audit;

c) Undertake preliminary analysis to determine the approach to be

adopted and the nature and extent of enquiries to be made later;

d) Highlight special problems foreseen when planning the audit;

e) Prepare a budget and a schedule for the audit;

f) Identify staff requirements and a team for the audit; and

g) Familiarise the audited entity about the scope, objectives and the

assessment criteria of the audit and discuss with them as necessary.

The SAI may revise the plan during the audit when necessary.

Supervision and Review

4.4.11 The field standards include:

The work of the audit staff at each level and audit phase should be properly

supervised during the audit, and documented work should be reviewed by a

senior member of the audit staff (see paragraph 4.4.1.3b)

The following paragraphs explain supervision and review as an auditing

standard.

4.4.12 Supervision is essential to ensure the fulfilment of audit objectives and the

maintenance of the quality of the audit work. Proper supervision and

control is therefore necessary in all cases, regardless of the competence of

the individual auditors.

4.4.13 Supervision should be directed both to the substance and to the method of

auditing. It involves ensuring that:

a) The members of the audit team have a clear and consistent understanding of

the audit plan;

b) The audit is carried out in accordance with the auditing standards and

practices of the Department of the AGP.

4-20

Audit Manual – Chapter 4

c) The audit plan and action steps specified in that plan are followed unless a

variation is authorised;

d) Working papers contain evidence adequately supporting all conclusions,

recommendations and opinions;

e) The auditor achieves the stated audit objectives; and

f) The audit report includes the audit conclusions, recommendations and

opinions, as appropriate.

4.4.14 All audit work should be reviewed by a senior member of the audit staff

before the audit opinions or reports are finalised. It should be carried out as

each part of the audit progresses. Review brings more than one level of

experience and judgment to the audit task and should ensure that:

a) All evaluations and conclusions are soundly based and are supported by

competent, reliable, relevant and reasonable audit evidence as the

foundation for the final audit opinion or report;

b) all errors, deficiencies and unusual matters have been properly identified,

documented and either satisfactorily resolved or brought to the attention of

the more senior officer(s) of the department; and

c) changes and improvements necessary to the conduct of future audits are

identified, recorded and taken into account in later audit plans and in staff

development activities

4.4.1 Study and Evaluation of Internal Control

4.4.15 The field standards include

The auditor, in determining the extent and scope of the audit, should study

and evaluate the reliability of the internal control (see paragraph 4.4.1.3c)

The following paragraphs explain internal control as an auditing standard.

4.4.16 The study and evaluation of internal control should be carried out according

to the type of audit undertaken. In the case of a regularity (financial) audit,

study and evaluation are made mainly on controls that assist in

safeguarding assets and resources, and assure the accuracy and

completeness of accounting records. In the case of regularity (compliance)

audit, study and evaluation are made mainly on controls that assist

management in complying with laws and regulations. In the case of

performance audit, they are made on controls that assist in conducting the

business of the audited entity in an economic, efficient and effective

manner, ensuring adherence to management policies, and producing timely

and reliable financial and management information.

4.4.17 The extent of the study and evaluation of internal control depends on the

objectives of the audit and on the degree of reliance intended.

4.4.18 Where accounting or other information systems are computerised, the

auditor should determine whether internal controls are functioning properly

Audit Manual – Chapter 4

4-21

to ensure the integrity, reliability and completeness of the data, and the

information system.

Compliance with Applicable Laws and Regulations

4.4.19 The field standards include:

In conducting regularity (financial) audits, a test should be made of compliance

with applicable laws and regulations. The auditor should design audit steps and

procedures to provide reasonable assurance of detecting errors, irregularities, and

illegal acts that could have a direct and material effect on the financial statement

amounts or the results of regularity audits. The auditor also should be aware of the

possibility of illegal acts that could have an indirect and material effect on the

financial statements or results of regularity audits.

In conducting performance audits, an assessment should be made of compliance

with applicable laws and regulations when necessary to satisfy the audit objectives.

The auditor should design the audit to provide reasonable assurance of detecting

illegal acts that could significantly affect audit objectives. The auditor should also

be alert to situations or transactions that could be indicative of illegal acts that may

have an indirect effect on audit results.

The regularity audit is an essential aspect of government auditing. One important

objective which this type of audit assigns to the Department of the AGP is to make

sure, by all the means put at its disposal, that the Government budget and accounts

are complete and valid. This will provide legislatures and other users of the audit

report with assurance about the size and development of the financial obligations of

the Government. To achieve this objective the Department will examine the

accounts and financial statements of the administration with a view to assuring that

all operations have been correctly undertaken, completed, passed, paid and

registered. The audit procedure normally results, in the absence of irregularity, in

the granting of an unqualified certificate (see paragraph 4.4.1.3d)

The following paragraphs explain compliance as an auditing standard.

4.4.20 Reviewing compliance with laws and regulations is especially important

when auditing government programmes because decision makers need to

know if the laws and regulations are being followed, whether they are

having the desired results, and, if not, what revisions are necessary.

Additionally government organisation, programmes, services, activities,

and functions are created by laws and are subject to more specific rules and

regulations.

4.4.21 Those planning the audit need to be knowledgeable of the compliance

requirements that apply to the entity being audited. Because the laws and

regulations that may apply to a specific audit are often numerous, the

auditors need to exercise professional judgment in determining those laws

and regulations that might have a significant impact on the audit objectives.

4.4.22 The auditor should also be alert to situations or transactions that could be

indicative of illegal acts that may indirectly impact the results of the audit.

4-22

Audit Manual – Chapter 4

When audit steps and procedures indicate that illegal acts have or may have

occurred, the auditor shall determine the extent to which these acts affect

the audit results.

4.4.23 In conducting audits in accordance with this standard, the auditors should

choose and perform audit steps and procedures that, in their professional

judgment, are appropriate in the circumstances. These audit steps and

procedures should be designed to obtain sufficient, competent, reliable, and

relevant evidence that will provide a reasonable basis for their judgments

and conclusions.

4.4.24 Generally, management is responsible for establishing an effective system

of internal controls to ensure compliance with laws and regulations. In

designing steps and procedures to test or assess compliance, auditors should

evaluate the entity’s internal controls and assess the risk that the control

structure might not prevent or detect non-compliance.

4.4.25 Without affecting the independence of the Department of the AGP, the

auditors should exercise due professional care and caution in extending

audit steps and procedures relative to illegal acts so as not to interfere with

potential future investigations or legal proceedings. Due care would include

consulting appropriate legal counsel and the applicable law enforcement

organisation/agencies to determine the audit steps and procedures to be

followed.

Audit Evidence

4.4.26 The field standards include

Competent, reliable, relevant and reasonable evidence should be obtained to

support the auditor’s judgment and conclusions regarding the organisation,

programme, activity or function under audit (see paragraph 4.4.1.3e)

The following paragraphs explain the audit evidence as an auditing standard.

4.4.27 The audit findings, conclusions and recommendations must be based on

evidence. Since auditors seldom have the opportunity of considering all

information about the audited entity, it is crucial that the data collection and

sampling techniques are carefully chosen. When computer-based system

data are an important part of the audit and the data reliability is crucial to

accomplishing the audit objective, auditors need to satisfy themselves that

the data are reliable and relevant.

4.4.28 Auditors should have a sound understanding of techniques and procedures

such as inspection, observation, enquiry and confirmation, to collect audit

evidence. The Department of the AGP shall ensure that the techniques

employed are sufficient to reasonably detect all quantitatively material

errors and irregularities.

4.4.29 In choosing approaches and procedures, consideration should be given to

the quality of evidence, i.e., the evidence should be competent, reliable,

relevant and reasonable.

Audit Manual – Chapter 4

4-23

4.4.30 Auditors should adequately document the audit evidence in working papers,

including the basis and extent of the planning, work performed and the

findings of the audit.

4.4.31 Adequate documentation is important for several reasons. It will:

a) Confirm and support the auditor’s opinions and reports;

b) Increase the efficiency and effectiveness of the audit;

c) Serve as a source of information for preparing reports or answering any

enquiries from the audited entity, legislature and its committees or

from any other party;

d) Serve as evidence of the auditor’s compliance with Auditing Standards;

e) Facilitate planning and supervision;

f) Help the auditor’s professional development;

g) Help to ensure that delegated work has been satisfactorily performed;

and

h) Provide evidence of work done for future reference.

4.4.32 The auditor should bear in mind that the content and arrangement of the

working papers reflect the degree of the auditor’s proficiency, experience

and knowledge. Working papers should be sufficiently complete and

detailed to enable an experienced auditor having no previous connection

with the audit subsequently to ascertain from them what work was

performed to support the conclusions.

Analysis of Financial Statements

4.4.33 The field standards include:

In regularity (financial) audit, and in other types of audit when applicable,

auditors should analyse the financial statements to establish whether

acceptable accounting standards for financial reporting and disclosure are

complied with. Analysis of financial statements shall be performed to such

a degree that a rational basis is obtained to express an opinion on financial

statements (see paragraph 4.4.1.3f)

The following paragraphs explain analysis of financial statements as an

auditing standard.

4.4.34 Financial statement analysis aims at ascertaining the existence of the

expected relationship within and between the various elements of the

financial statements, identifying any unexpected relationships and any

unusual trends. The auditor should therefore thoroughly analyse the

financial statements and ascertain whether:

4-24

Audit Manual – Chapter 4

a) Financial statements are prepared in accordance with acceptable

accounting standards;

b) Financial statements are presented with due consideration to the

circumstances of the audited entity;

c) Sufficient disclosures are presented about various elements of financial

statements; and

d) The various elements of financial statements are properly evaluated,

measured and presented.

4.4.35 The methods and techniques of financial analysis depend to a large degree

on the nature, scope and objective of the audit, and on the knowledge and

judgment of the auditor.

4.4.36 If required to report on the execution of budgetary laws, audit by the

Department of the AGP shall include:

a) For revenue accounts, ascertaining whether forecasts are those of the

initial budget, and whether the audits of taxes and duties recorded, and

imputed receipts, can be carried out by comparison with the annual

financial statements of the audited activity;

b) For expenditure accounts, verifying credits to assist budgets, adjustment

laws and, for carryovers, the previous year’s financial statements.

4.5 Reporting Standards in Government Auditing

4.5.1 It is not practical to lay down a rule for reporting on every special situation.

This standard is to assist and not to supersede the prudent judgment of the

auditor in making an opinion or report.

4.5.2 The expression “reporting” embraces both the auditor’s opinion and other

remarks on a set of financial statements as a result of a regularity (financial)

audit and the auditor’s report on completion of a performance audit.

4.5.3 The auditor’s opinion on a set of financial statements shall generally be in

concise, standardised format to reflect the results of a wide range of tests

and other audit work. There is a requirement to report as to the compliance

of transactions with laws and regulations and to report on matters such as

inadequate systems of control, illegal acts and fraud. The constitutional or

statutory obligations require the AGP to report specifically on the execution

of budgetary laws, reconciling budgetary estimates and authorisation to the

results set out in the financial statements.

4.5.4 In a performance audit, the auditor reports on the economy and efficiency

with which resources are required and used, and the effectiveness with

which objectives are met. Such reports may vary considerably in scope and

nature, for example, covering whether resources have been applied in a

sound manner, commenting on the impact of policies and programmes and

recommending changes designed to result in improvements.

Audit Manual – Chapter 4

4-25

4.5.5 In order to recognise reasonable user needs, the auditor’s report in both

regularity and performance auditing may need to have regard to expanded

reporting periods or cycles and relevant and appropriate disclosure

requirements.

4.5.6 For ease of reference in this chapter, the word “opinion” is used to mean the

auditor’s conclusions as a result of a regularity (financial) audit, and may

embrace the matters described in paragraph 4.4.3; the word “report” is used

to mean the auditor’s conclusions following a performance audit, as

described in paragraph 4.4.4

4.5.7 The reporting standards are:

a) At the end of each audit the auditor shall prepare a written opinion or report,

as appropriate, setting out the findings in an appropriate form; its content

should be easy to understand and free from vagueness or ambiguity, include

only information which is supported by competent, reliable, and relevant

audit evidence, and be independent, objective, fair and constructive.

b) It is for the Department of the AGP to decide finally on the action to be

taken in relation to fraudulent practices or serious irregularities discovered

by the auditors.

With regards to regularity audits, the auditor shall prepare a written report,

which may either be a part of the report on the financial statements or a

separate report, on the test of compliance with applicable laws and

regulations. The report shall contain a statement of positive assurance on

those tested for compliance and negative assurance on those items not

tested.

With regard to performance audits, the report shall include all significant

instances of non-compliance that are pertinent to the audit objectives.

The following paragraphs explain reporting as an auditing standard.

Paragraph 4.4.8 relates both to opinions and reports, paragraphs 4.4.9 –

4.4.19 relate to opinions and paragraphs 4.4.20 – 4.4.25 to reports.

4.5.8 The form and content of all audit opinions and reports are founded on the

following general principles.

a)

Title. The opinion or report shall be preceded by a suitable title or

heading, helping the reader to distinguish it from statements and

information issued by others.

b)

Signature and date. The opinion or reports shall be properly signed.

The inclusion of a date informs the reader that consideration has been

given to the effect of events or transactions about which the auditor

became aware up to that date (which, in the case of regularity (financial)

audits, may be beyond the period of the financial statements).

4-26

Audit Manual – Chapter 4

c)

Objectives and scope. The opinion or report shall include reference to

the objectives and scope of the audit. This information establishes the

purpose and boundaries of the audit.

d)

Completeness. Opinions shall be appended to and published with the

financial statements to which they relate, but performance reports may

be free standing. The auditor’s opinions and reports shall be presented

as prepared by the auditor. In exercising its independence the

Department shall be able to include whatever it sees fit, but it may

acquire information from time to time which in the national interest

cannot be freely disclosed. This can affect the completeness of the audit

report. In this situation the auditor retains a responsibility for

considering the need to make a report, possibly including confidential

or sensitive material in a separate, unpublished report.

e)

Addressee. The opinion or report shall be addressed as per

requirements of applicable laws and procedures.

f)

Identification of subject matter. The opinion or report shall identify

the financial statements (in the case of regularity (financial) audits) or

area (in the case of performance audits) to which it relates. This

includes information such as the name of the audited entity, the date

and period covered by the financial statements and the subject matter

that has been audited.

g)

Legal basis. Audited opinions and reports shall identify the legislation

or other authority providing for the audit.

h)

Compliance with standards: Audit opinions and reports shall indicate

the auditing standards or practices followed in conducting the audits,

thus providing the reader with an assurance the audit has been carried

out in accordance with generally accepted procedures.

i)

Timelines: The audit opinion or report shall be available promptly to be

of greatest use to readers and users, particularly those who have to take

necessary action.

4.5.9 An audit opinion is normally in a standard format, relating to the financial

statements as a whole, thus avoiding the need to state at length what lies

behind it but conveying by its nature a general understanding among

readers as to its meaning. The nature of these words will be influenced by

the legal framework for the audit, but the content of the opinion shall

indicate unambiguously whether it is unqualified or qualified and, if the

latter, whether it is qualified in certain respects or is adverse (paragraph

4.4.14) or a disclaimer (paragraph 4.4.15) of opinion.

4.5.10 An unqualified opinion is given when the auditor is satisfied in all material

respects that:

a) The financial statements have been prepared using acceptable accounting

bases and policies which have been consistently applied;

Audit Manual – Chapter 4

4-27

b) The statements comply with statutory requirements and relevant regulations;

c) The view presented by the financial statements is consistent with the

auditor’s knowledge of the audited entity; and

d) There is adequate disclosure of all material matters relevant to the financial

statements

4.5.11

Emphasis of Matter. In certain circumstances the auditor may consider

that the reader will not obtain a proper understanding of the financial

statements unless attention is drawn to unusual or important matters. As a

general principle the auditor issuing an unqualified opinion does not make

reference to specific aspects of financial statements in the opinion in case

this should be misconstrued as being a qualification. In order to avoid

giving that impression, references which are meant as “emphasis of matter”

are contained in a separate paragraph from the opinion. However, the

auditor shall not make use of an emphasis of matter to rectify a lack of

appropriate disclosure in the financial statements, nor as an alternative to,

or a substitute for, qualifying the opinion.

4.5.12 An auditor may not be able to express an unqualified opinion when any of

the following circumstances exist and, in the auditor’s judgment, their

effect is or may be material to the financial statements:

a) There has been limitation on the scope of the audit:

b) The auditor considers that the statements are incomplete or misleading or

there is an unjustified departure from acceptable accounting standards; or

c) There is uncertainty affecting the financial statements.

4.5.13

Qualified Opinion. Where the auditor disagrees with or is uncertain about

one or more particular items in the financial statements which are material

but not fundamental to an understanding of the statements, a qualified

opinion should be given. The wording of the opinion normally indicates a

satisfactory outcome to the audit subject to a clear and concise statement of

the matters of disagreement or uncertainty giving rise to the qualified

opinion. It helps the users of the statements if the financial effect of the

uncertainty or disagreement is quantified by the auditor although this is not

always practicable or relevant.

4.5.14

Adverse Opinion. Where the auditor is unable to form an opinion on the

financial statements taken as a whole due to disagreement which is so

fundamental that it undermines the position presented to the extent that an

opinion which is qualified in certain respects would not be adequate, an

adverse opinion is given. The wording of such an opinion makes clear that

the financial statements are not fairly stated, specifying clearly and

concisely all the matters of disagreement. Again, it is helpful if the financial

effect on the financial statements is quantified where relevant and

practicable.

4-28

Audit Manual – Chapter 4

4.5.15

Disclaimer of Opinion. Where the auditor is unable to arrive at an opinion

regarding the financial statements taken as a whole due to an uncertainty or

scope restriction which is so fundamental that an opinion which is qualified

in certain respects would not be adequate, a disclaimer is given. The

wording of such a disclaimer makes clear that an opinion cannot be given,

specifying clearly and concisely all matters of uncertainty.

4.5.16 The auditor shall provide a detailed report amplifying the opinion in

circumstances in which it has been unable to give an unqualified opinion.

4.5.17 In addition, regularity audits often require that reports are made where

weaknesses exist in systems of financial control or accounting (as distinct

from performance audit aspects). This may occur not only where

weaknesses affect the audited entity’s own procedures but also where they

relate to its control over the activities of others. The auditor shall also report

on significant irregularities, whether perceived or potential, on

inconsistency of application of regulations or on fraud and corrupt practices.

4.5.18 In reporting on irregularities or instances of non-compliance with laws or

regulations, the auditors should be careful to place their findings in the

proper perspective. The extent of non-compliance can be related to the

number of cases examined or quantified monetarily.

4.5.19 Reports on irregularities shall be prepared irrespective of a qualification of

the auditor’s opinion. By their nature they tend to contain significant

criticisms, but in order to be constructive they shall also address future

remedial action by incorporating statements by the audited entity or by the

auditor, including conclusions or recommendations.

4.5.20 In contrast to regularity audit, which is subject to fairly specific

requirements and expectations, performance audit is wide-ranging in nature

and is more open to judgment and interpretation; coverage is also more

selective and may be carried out over a cycle of several years, rather than in

one financial period; and it does not normally relate to particular financial

or other statements. As a consequence performance audit reports are varied

and contain more decisions and reasoned argument.

4.5.21 The performance audit report should state clearly the objectives and scope

of the audit. Reports may include criticism (for example where, in the

public interest or on grounds of public accountability, matters of serious

waste, extravagance or inefficiency are drawn to attention) or may make no

significant criticism but give independent information, advice or assurance

as to whether and to what extent economy, efficiency and effectiveness are

being or have been achieved.

4.5.22 The auditor is not normally expected to provide an overall opinion on the

achievement of economy, efficiency and effectiveness by an audited entity

in the same way as the opinion on financial statements. Where the nature of

the audit allows this to be done in relation to specific areas of entity’s

activities, the auditor shall provide a report which describes the

circumstances and arrives at a specific conclusion rather than a standardised

statement. Where the audit is confined to consideration of whether

Audit Manual – Chapter 4

4-29

sufficient controls exist to secure economy, efficiency or effectiveness, the

auditor shall provide a more general opinion.

4.5.23 Auditors should recognise that their judgments are being applied to actions

resulting from past management decisions. Care should therefore be

exercised in making such judgment s, and the report should indicate the

nature and extent of information reasonably available (or which ought to

have been available) to the audited entity at the time the decisions were

taken. By stating clearly the scope, objectives and findings of the audit, the

report demonstrates to the reader that the auditor is being fair. Fairness also

implies the presentation of weaknesses or critical findings in such a way as

to encourage correction, and to improve systems and guidance within the

audited entity. Accordingly the facts are generally agreed with the audited

entity in order to ensure that they are complete, accurate and fairly

presented in the audit report. There may also be a need to include the

audited entity’s responses to the matters raised, either verbatim or in

summary, especially where the Department of the AGP presents its own

views or recommendations.

4.5.24 Performance reports should not concentrate solely on criticism of the past

but should be constructive. The auditor’s conclusion and recommendations

are an important aspect of the audit and, where appropriate, are written as a

guide for action. Generally these recommendations suggest what

improvements are needed rather than how to achieve them, though

circumstances sometimes arise which warrant a specific recommendation,

for example to correct a defect in the law in order to bring about an

administrative improvement.

4.5.25 In formulating and following up recommendations, the auditor shall

maintain objectivity and independence and thus focus on whether identified

weaknesses are corrected rather than on whether specific recommendations

are adopted.

4.5.26 In formulating the audit opinion or report, the auditor shall have regard to

the materiality of the matter in the context of the financial statements

(regularity (financial) audit) or the nature of the audited entity or activity

(performance audit).

4.5.27 For regularity (financial) audits, if the auditor concludes that, judged

against the criteria most appropriate in the circumstances, the matter does

not materially affect the view given by the financial statements, the opinion

should not be qualified. Where the auditor decides that a matter is material

the opinion should be qualified, having determined the type of qualification

(paragraphs 4.4.12 – 4.4.15)

4.5.28 In the case of performance audits that judgment will be more subjective as

the report does not relate so directly to financial or other statements.

Consequently the auditor may find materiality by nature or by context is a

more important consideration than materiality by amount.

Audit Manual – Chapter 5

5-1

5. DAGP’S ANNUAL PLANNING PROCESS

5.1 DAGP Strategic Audit Objectives

5.1.1 The Auditor-General’s mandate is established by legislation – Auditor-

General’s (Functions, Powers and Terms and Conditions of Service)

Ordinance, 2001 (Auditor General’s Ordinance). Two key sections are:

5.1.2 Section 7 of Auditor-General’s (Functions, Powers and Terms and

Conditions of Service) Ordinance, 2001 (Auditor General’s Ordinance)

states that “The Auditor-General shall, on the basis of such audit as he may

consider appropriate and necessary, certify the accounts” … “of the

Federation, of each Province and of each District”.

5.1.3 Section 8 of the Auditor-General Ordinance mandates an audit of

expenditures of the Federation and of each Province, and Section 12 of the

Auditor-General Ordinance mandates an audit of the receipts of the Federal

Government and of each Province and District.

5.1.4 These sections establish the two primary objectives of DAGP audits:

financial attest/certification audits and compliance with authority audits to

ensure entities within all three levels of government properly comply with

all rules and regulations pertaining to expenses and revenues.

5.1.5 Note that all attest/certification audits will include a compliance component

in accordance with international auditing standards and that DAGP may

also perform independent compliance with authority audits in any areas

which the Auditor-General considers it important to review. Accordingly

compliance audit activities will be a major aspect of DAGP plans for any

given time period.

5.2 DAGP Audit Scope

5.2.1 In determining the scope of audit work the Auditor-General has wide

discretion.

5.2.2 For attest/certification audits required under Section 7 of the Auditor-

General Ordinance, the entity to be audited will be defined by the

applicable accounting policies of the government. For example, to certify

the financial statements of the Federation, the entity to be audited is the

aggregate of all of the ministries, departments, agencies, etc. that the

accounting policies require to be included in the financial statements of the

Federation. Whether to perform audit activities in every single entity

within the federation is a matter for the Auditor-General to decide. At a

minimum, audit activities should cover all entities whose operations are

material in the context of the financial statements of the Federation. In

addition, the Auditor-General may plan to extend the audit activities to any

other entities he considers significant.

5.2.3 In the case of compliance with authority audits, the Auditor-General has

complete discretion as to which entities (whether organisational entities,

Whether to perform

audit activities in

every single entity

within the

federation is a

matter for the

Auditor-General to

decide

Audit acitivities

should cover all

entities whose

operations are

material.

5-2

Audit Manual – Chapter 5

such as agencies, DAOs, DDOs etc., functional entities, such as the payroll

function or the purchasing function; or accounting entities, such as objects

of expenditure, grants or appropriations) will be subject to audit and how

often audits will be conducted.

5.3 DAGP Strategic Audit Plans

5.3.1 The Auditor-General is responsible for deciding what audit work is

necessary to fulfil his mandate. Under his direction, DAGP produces a

multi-year strategic plan for DAGP audit activities. The audits included in

the strategic plan will include:

5.3.2

Mandatory and centrally led. These are audits required by DAGP’s

mandate to be performed each year, where the work performed by an

individual directorate is part of a larger audit. An example of such an audit

is the annual audit of the financial statements of the Federation.

5.3.3

Not mandatory and centrally led. These are audits where DAGP’s mandate

does not require that they be performed each year, and the work performed

by the directorate is part of a larger audit exercise. An example of this type

of audit could be a government-wide audit of contracting.

5.3.4

Mandatory and not centrally led. Those audits that are required by DAGP’s

mandate to be performed each year, where the work is not part of a larger

audit. An example of such an audit is the annual audit of the financial

statements of a specific commercial entity or a foreign-aided project for

which the directorate is required to issue an audit opinion.

5.3.5 In these cases, the Auditor-General schedules the activities and delegates

audit work to the audit directorates.

5.3.6 Consolidating the plans for all these audits produces the DAGP strategic

audit programme.

5.4 The annual planning process

5.4.1 Each audit directorate is responsible for the audit of a pre-determined group

of entities. The scheduling of this work is at the discretion of the audit

directorates:

5.4.2

Not mandatory and not centrally led. These are audits that are not required

by DAGP’s mandate to be performed each year, and which are not part of a

larger audit. An example of such an audit is the compliance with authority

work being performed by the directorate on the entities for which it is

responsible.

.

5.4.3 Each directorate prepares an annual audit plan for its audit activities which

includes the audit activities required by the Auditor-General, plus the

discretionary audits planned by the directorate, and submits it to the

Auditor-General for approval. Once approved, the annual plans from all

directorates are consolidated into DAGP’s annual Corporate Audit Plan.

Audit Manual – Chapter 5

5-3

5.4.4 The annual audit plans contain:

a) A summary of the directorate’s mandate.

b) A status report on the current year indicating the extent to which the

planned coverage for the current year is being achieved.

c) A summary of the audits that the directorate intends to perform in the

following year, categorised by:

•

Financial audits (including related compliance with authority audit);

•

Compliance with authority audits (where additional compliance with

authority work is planned);

•

Audits of internal controls;

•

Audits of foreign-aided projects;

•

Performance audits;

•

Other functional, systems, programme and fraud audits; and

•

Special assignments.

d) Details with respect to each of the planned audits for the following year.

These details include, for each audit:

•

The revenue and expenditure to be audited;

•

The person days required;

•

The staff members to be assigned to the audit (and any shortfall in the

staffing);

•

The travel and daily allowances that are required;

•

A time schedule showing the dates by which each audit will be planned,

executed, reported, etc.

e) A summary of the unallocated resources available within the directorate or

the audit work for which staff is not available.

5.4.5 Audit management software is useful for developing this plan.

5.4.6 With respect to centrally led audits, each directorate will estimate the

number of hours required to perform the work, the staff to be assigned to

the work, and the timing of the work, and provide this information to the

responsible central team. The central team, in turn, will be responsible for

the overall budget of the audit.

5.4.7 This process is discussed further in Section 5.6 below.

5.4.8 As noted, some audits are not required each year. This provides the audit

teams with some flexibility in scheduling work, so work loads can be

balanced to reflect the number of resources available after taking into

account resource assignments to mandatory audit work.

5-4

Audit Manual – Chapter 5

5.4.9 For example, the nature, extent and timing of the work that DAGP performs

on its compliance with authority audits is somewhat discretionary. DAGP

auditors can decide to perform extensive tests of compliance with

authorities or more limited tests. As such, the budget for a given

compliance with authority audit can be increased or decreased as required

to match the available resources.

5.4.10 When deciding on the nature, extent and timing of the work that each

directorate performs on compliance with authority audits, audits of internal

controls and performance audits, the directorate should take into

consideration the annually required work that it is performing, and integrate

the audits to the extent possible. This is discussed in more detail in below.

5.4.11 Each directorate should ensure that it has sufficient staff with necessary

skills to accomplish the work required by the Auditor-General Ordinance to

be performed each year. Only plans for the work that is not required to be

performed each year may reflect staff shortfalls.

5.4.12 Where staffing shortages are evident, senior management within DAGP

will attempt to match one directorate’s staff shortfall with unallocated staff

in another directorate. Overall, though, the planned workload cannot exceed

the available resources. Should the sum of the required resources exceed the

available resources, the discretionary audit work must be decreased.

5.5 Integration of Audit Work

5.5.1 Under DAGP’s annual planning approach, each directorate has discretion

over work that is not required by the Auditor-General Ordinance to be

performed annually. The directorate can decide, for example, which entities

it wishes to audit, and the types of audits it wishes to perform (compliance

with authority, internal controls, performance, etc.). However, to improve

the efficiency and effectiveness of the work, DAGP recommends that each

directorate integrate its compliance with authority, internal control and

performance audit work that is not required to be performed each year with

the work being performed on the mandated annual audits, such as the

annual audits of financial statements. This integration could include:

a) Performing the work at the same time; and

b) Re-using the sample items selected for the financial audit work when

performing the compliance with authority, internal controls and

performance audit work. (Additional items could be selected if

considered necessary.)

5.5.2 Synchronising the timing of compliance with authority work and other

discretionary work to better match the timing of financial audit work,

would create the following benefits:

a) Samples for financial audit and compliance with authority purposes

could be integrated, reducing the total amount of audit work being

performed.

b) When doing the financial audit work, the auditors could rely on the

normally larger amount of work done for compliance with authority

Audit Manual – Chapter 5

5-5

purposes. When the compliance with authority audit work is done

several years later, this reliance is not possible.

c) With auditors performing compliance with authority audit work on

Year 1 transactions in Year 4, there is a risk that the auditors could

discover, in Year 4, significant errors with respect to the accounts for

Year 1. DAGP could then be in the embarrassing position of having to

amend and reissue its certificate on the Year 1 financial statements.

Doing all of the work in Year 1 would eliminate this problem.

5.5.3 In addition to these benefits, doing the compliance with authority work

more frequently, and covering fewer years during each audit, could benefit

the compliance with authority work itself, as follows:

a) There would be more timely identification of deficiencies, which could

lead to a quicker improvement of the related controls. This, in turn,

should significantly reduce compliance with authority violations in

subsequent years;

b) Having auditors on the premises provides a deterrence factor – entity

officials are less likely to commit frauds or perform sloppy work when

auditors are present. More frequent visits will multiply this effect.

c) Entity officials would no longer be required to find vouchers and other

documents that are several years old. This could make it easier for them

to find the required documents.

5.5.4 There are some disadvantages to amending the rotational audit approach for

compliance with authorities. The most significant one is that auditors will

spend less time at each location during each visit. This could increase the

coordination effort, travel time, start-up time, etc.

5.5.5 Because of these disadvantages, and because directorates may have other

very valid reasons for not following the recommended approach, that

DAGP has chosen not to mandate any one approach. However, directorates

not following the recommended approach may be asked to justify the

reasons for not doing so.

5.6 Approval Process for the Budget Of Centrally-Led

Audits

5.6.1 As noted above, the first two categories of audits are centrally led. Each

directorate will need to discuss the number of hours required to perform the

work, the staff to be assigned to the work, and the timing of the work, with

the responsible central team. The central team, in turn, will be responsible

for the overall budget of the audit.

5.6.2 One of the responsibilities of the central team is to set the budget (both

person days and costs) and the deadline dates for this audit. To do so, the

central team will adhere to the following process:

a) first estimate the number of hours and costs required to perform the

audit, and the approximate timing of the work;

5-6

Audit Manual – Chapter 5

b) then allocate the estimated hours of work to the central team, and each

audit directorate;

c) meet with each directorate to ensure that the directorate can perform the

work within the proposed budgets and by the required deadline dates.

Obtain the list of staff members from the audit directorate who will

perform the work, and the proposed scheduling for each of those staff

members;

d) following the discussions with each directorate, update the budget for

each directorate, and the overall budget for the audit;

e) obtain the approval of the Auditor General for this budget; and

f) once the central team has received the required approval, each

directorate will set aside the agreed-upon person days, dates, and staff

members for the performance of the audit.

Audit Manual – Chapter 6

6-1

6. THE AUDIT CYCLE

6.1 Introduction

6.1.1 Every audit assignment must be properly planned. The auditor has a

professional duty to undertake each audit in a manner that ensures reliable

and meaningful conclusions, which in turn lead to practical and useful audit

recommendations. The auditor must therefore collect appropriate and

sufficient evidence to arrive at such conclusions and recommendations. The

efficient and effective collection of evidence depends on a clear audit plan.

This audit plan should include a well-developed audit programme.

6.1.2 The audit plan should include:

a) A clear statement of the audit objective(s);

b) Statement of the magnitude of operations (expenditures, revenues,

assets, personnel) and for an attest audit, the significant line items and

accounts in the financial statements and significant financial statement

assertions;

c) Summary of significant issues and results of an initial risk assessment;

d) Proposed audit scope, including:

-

Type(s) of audit activity (attest, compliance, effectiveness of internal

controls, safeguarding of assets, fraud investigation, value-for-money,

IT systems, or some combination thereof);

-

locations to be visited;

-

functions, activities, systems and procedures to be examined;

-

aspects of performance to be covered;

-

audit methods and tests; and

-

samples selected or methods of selecting samples.

e) Budget and schedule;

f) Audit steps; and

g) Assigned audit responsibilities.

6.1.3 DAGP audit teams should plan to perform audits that encompass both

financial attest and compliance components. These two audit components

have much in common. Each requires the auditor to:

a) Understand the audit entity;

b) Conduct a risk assessment;

c) Define audit objectives and scope;

d) Develop an audit programme

e) Test the controls;

f) Determine sample size (for statistical or non-statistical);

g) Conduct substantive tests;

h) Report; and

i) Follow up.

Efficient and

effective collection

of evidence depends

on a clear audit plan

DAGP audit teams

should plan audits that

encompass both financial

attest and compliance

components.

6-2

Audit Manual – Chapter 6

6.1.4 The audit cycle for an individual audit involves planning the audit,

conducting the work, evaluating the results of the work, reporting the

results of the work, and following up to see what the entity has done as a

result of the work. (Sometimes the follow up is conducted as the first phase

of the next audit of the entity, where the auditor determines what changes

have occurred since the previous audit).

6.1.5 This Chapter describes the audit cycle for an individual audit performed in

accordance with DAGP’s auditing standards. This Chapter also summarises

the work that is performed at each phase of the cycle. This material is

expanded upon in subsequent Chapters of this Manual.

6.1.6 The audit cycle is shown in Figure 6.1. It contains six basic phases:

a) General audit planning;

b) Detailed activity and resource planning;

c) Fieldwork;

d) Evaluation;

e) Reporting; and

f) Follow-up.

6.1.7 These phases are discussed in more detail below.

6.1.8 Because many financial statement audits are performed every year, much of

the general and detailed planning for these audit activities will be limited to

updating the planning decisions made in the previous year to reflect

changes to the entity or desired changes to the audit approach. There will

rarely be a need to start from scratch.

6.1.9 Changes to the audit approach will normally have been identified at the end

of the previous year’s audit. The auditors will have identified significant

issues that need to be revisited in the next audit, as well as areas requiring

less audit effort, such as where the internal controls were found to be

strong, allowing more reliance to be placed upon them. At that time, the

auditors would have assessed the overall efficiency and effectiveness of

their audit, and identified possible ways in which the efficiency and

effectiveness could be improved. This process could include analysing the

feedback obtained from entity officials, the PAC, and the media.

6.1.10 Audit management (providing advice, supervising, reviewing, approving,

etc.) is not listed as a separate step in the audit cycle. This is because these

activities need to occur throughout each phase of the process.

6.1.11 Creating good relations with entity officials is key to achieving an effective

and efficient audit. The progress and outcomes of an audit will be enhanced

if the audit team can obtain the cooperation of management and foster

confidence by maintaining a fully professional approach during the course

of the audit.

Audit Manual – Chapter 6

6-3

6.1.12 It is important for the auditor to avoid creating an adversarial relationship

with entity officials. To facilitate good relations the auditor should:

a) Be fully aware of all other audit activities being undertaken;

b) Plan to minimise impact on the audit entity; and

c) Ensure that all discussions with entity officials take place at an appropriate

and reasonable level, and at an appropriate and reasonable time.

Figure 6.1: Audit Cycle for Individual Audits

Understand the entity's business

Establish audit objectives and scopes

Assess materiality, planned precision,

and audit risk

Understand the entity's internal control structure

Determine components

Determine financial audit and compliance with authority objectives and

error/irregularity conditions

Assess inherent and control risk

Develop audit programmes

Execute audit programmes

Conclude on results of work

Issue reports

A

UDIT

PLA

NNING

Determine mix of tests of internal control, analytical procedures and

substantive tests of details

ACTIVITY AND

RESOURCE

PLANNING

FIELDWORK

EVALUATION

REPORTING

FOLLOW UP

Follow up matters in reports

Establish resource requirements and timing

6-4

Audit Manual – Chapter 6

6.2 General audit planning

6.2.1 The general audit planning phase is where most key planning decisions are

made. It involves:

Step 1 Establish audit objectives and scope;

Step 2 Understand the entity’s business;

Step 3 Assess materiality, planned precision and audit risk;

Step 4 Understand the entity’s internal control structure;

Step 5 Determine components;

Step 6 Determine financial audit and compliance with authority objectives, and

error/irregularity conditions;

Step 7 Assessment inherent risk and control risk; and

Step 8 Determine mix of tests of internal control, analytical procedures and

substantive tests of details.

6.2.2 These steps are introduced below, and are discussed in more detail in the

next Chapter.

Step 1 – Establish overall audit objectives and scope

6.2.3 The audit objective should be a clear statement of what the auditor intends

to examine and what is to be achieved by the audit. There should be clear

audit objectives for every assertion, for each financial statement component

and for each audit area to be examined.

6.2.4 One or more audit objectives should be defined for each component of a

financial audit and for each line of inquiry. The audit objective is a

statement of what is to be achieved by the audit.

6.2.5 The audit scope is a statement of what areas will be looked at, what work

must be done and what will not be done and the methodology to be used to

achieve the audit objectives(s).

6.2.6 The auditor should update the audit plan to reflect the mix of financial

certification and control and compliance objectives established for the

current year.

6.2.7 The scope of the audit will reflect the audit entity. For audits that are

required under Section 7 of the Auditor-General Ordinance, the entity to be

audited will be defined by the applicable accounting policies of the

government. For example, for an audit of the financial statements of the

Federation, the entity to be audited would be all of the ministries,

departments, agencies, etc. that the accounting policies require to be

included in the financial statements of the Federation.

The audit objective

should be a clear

statement of what the

auditor intends to

examine and what is to

be achieved by the audit.

Objectives should be

defined for each

component.

Audit scope is a

statement of what areas

will be looked at, what

work must be done and

the methodology.

Audit Manual – Chapter 6

6-5

Step 2 – Understand entity’s business

6.2.8 The auditor should assemble and review material that will enable the team

to gain a sufficient knowledge of the business to assess materiality,

determine components, identify error conditions, etc.

Step 3 – Assess materiality, planned precision, and audit risk

6.2.9 Materiality, planned precision and audit risk are key concepts when

conducting an audit that will result in the Auditor-General expressing an

opinion on the financial statements of an audit entity. The opinion

paragraph of a standard unqualified auditor’s report commences, “In my

opinion, these financial statements properly present, in all material respects,

the financial position of [the entity] …”

6.2.10

Materiality. When the Auditor-General states that the financial statements

“properly present, in all material respects”, he/she is stating that the

financial statements are not materially misstated. An error (or the sum of

the errors) is material if the error (or the sum of the errors) is big enough to

influence the users of the financial statements. Therefore the auditor must

determine what amount is considered material.

6.2.11

Planned precision. Planned precision is the auditor’s planned allowance for

further possible errors. To determine it, the auditor first estimates the most

likely error that will exist in the financial statements as a whole. This

estimate is referred to as the “expected aggregate error.” The auditor then

subtracts the expected aggregate error from the materiality amount to arrive

at planned precision.

6.2.12

Audit risk. The opinion paragraph of the standard unqualified auditor’s

report begins “In my opinion …” This means that the auditor is not stating

that he/she is absolutely certain that the financial statements “properly

present in all material respects” (i.e., are not materially misstated). Rather,

the auditor is stating that he/she has some degree of assurance that is less

than 100% that the financial statements are not materially misstated. GAAS

refers to this degree of assurance as “reasonable assurance”.

6.2.13 The auditor should determine what level of confidence is required. If the

auditor wants to be 95% confident that the financial statements are not

materially misstated, this means that the auditor is prepared to take a 5%

risk that he/she will fail to detect errors summing to more than the

materiality amount. Audit risk in this case is therefore 5%.

6.2.14 Using a 5% audit risk and a Rs. 3,000,000 materiality amount, when the

auditor states, “In my opinion, these financial statements present fairly, in

all material respects …”, the auditor is stating, “I have 95% assurance that

the financial statements are not misstated by more than Rs. 3,000,000”.

Materiality, planned

precision and audit

risk are key concepts

when conducting an

audit

The auditor must

determine what

amount is considered

material.

6-6

Audit Manual – Chapter 6

Step 4 – Understand entity’s internal control structure

6.2.15 GAAS require the auditor to have an up-to-date understanding of the

entity’s internal control structure.

6.2.16 The required level of understanding depends on the extent to which the

auditor intends to rely on the internal controls to reduce his/her substantive

tests. Even when no reliance is intended, some knowledge is still required.

Step 5 – Determine components

6.2.17 Auditors normally do not plan audits for the financial statements as a

whole. Rather, they divide the financial statements into parts and plan each

part separately.

6.2.18 For an audit of financial statements, the most logical way of dividing up the

financial statements is to consider each line item in the financial statements

to be a separate component.

6.2.19 Sometimes the financial statements include several different groupings of

the same total amount. For example, expenditures may be grouped by:

a) The ministries, departments, agencies, etc. making up the reporting entity;

b) Appropriation account;

c) Economic function (general public services, defence affairs and services,

etc.); and/or

d) Object element (payroll expenditures, operating expenditures, civil works,

etc.).

6.2.20 The auditor normally selects the grouping that makes it the easiest to plan,

perform and evaluate the audit work.

6.2.21 If the financial statements group the expenditures by object element, the

auditor might then plan the audit of each object element to obtain the

desired assurance that errors in each object element do not sum to more

than the materiality amount.

Step 6 – Determine financial audit and compliance with authority objectives,

and error/irregularity conditions

6.2.22 Having divided the audit into components, the auditor needs to define attest

and compliance objectives, as applicable, and define what is considered to

be an error or irregularity.

6.2.23

Specific financial audit objectives. For a financial statement audit, a

component is considered to be in error if:

The auditor must

have an

understanding of the

entity’s internal

control structure.

Audit Manual – Chapter 6

6-7

a) It is not valid (the asset or liability does not exist or the revenue or

expenditure has not occurred) – the

existence objective; or

b) The statement of the asset, liability, revenue or expenditure is not complete

– the

completeness objective; or

c) The asset is not owned by the entity, or the liability is not owed by the

entity – the

regularity objective; or

d) The asset or liability is not properly valued or is misclassified, or the

revenue or expenditure is not properly measured or is misclassified - the

valuation or

measurement objective; or

e) The financial statement presentation is not proper – the

presentation

objective.

6.2.24

Related compliance with authority objectives. Section 3.4 of DAGP’s

auditing standards states,

“In conducting regularity (financial) audits, a test

should be made of compliance with applicable laws and regulations.”

6.2.25 To comply with this standard, the auditor should test for compliance with

those laws and regulations that are related to the audit of the financial

statements.

6.2.26 The following compliance with authority objectives are considered to be

applicable:

6.2.27

Spend:

a) The services were performed or the goods received;

b) The expenditure was consistent with the nature of the appropriation to

which it was charged;

c) The expenditure is in accordance with applicable legislation and the rules

and regulations issued by such legislation; and

d) The expenditure does not result in the total approved expenditure being

exceeded.

6.2.28

Borrow:

The amount and debt terms (period, interest rates, repayment schedule, etc.) are

in accordance with applicable legislation, and related rules and regulations.

6.2.29

Raise revenue:

a) The cash received was for an approved tax or other approved source;

b) The cash received is in accordance with applicable legislation and

associated rules and regulations.

6.2.30

Error conditions. The last part to this step is to consider error conditions.

The idea here is to consider possible ways in which an asset, liability,

revenue or expenditure might not be valid, complete, compliant with

applicable authorities etc. Put another way, the idea is to think of possible

ways in which a monetary error can occur in the financial statements and

the ways in which monetary amounts may not be in accordance with

applicable authorities.

6-8

Audit Manual – Chapter 6

6.2.31 For example, to apply the validity and measurement objectives to the

component “payroll expenditures”, the auditor should consider how payroll

expenditures might not be complete.

6.2.32 There are many possible reasons why payroll expenditures might not be

valid or properly measured. However the chance of some of them occurring

might be negligible. Similarly, the maximum possible error that could result

from some of them might be insignificant. The idea is to identify the errors

that have a real chance of occurring, and that could be relatively large in

relation to the materiality amount.

6.2.33 For the validity and measurement objectives, the auditor may identify four

error conditions, as follows:

a) Services paid for are not performed;

b) Employees are being paid more or less than they should be paid;

c) Payroll expenditures are being charged to an incorrect account or

appropriation; and

d) The amounts in the payroll register are not included in the financial

statements at the correct amount.

6.2.34 In addition, the auditor might also identify the following compliance with

authority matters:

a) the work being performed was not properly approved; and

b) the payments were not properly approved.

6.2.35 The auditor should then develop audit procedures to determine whether any

of the possible errors or deviations have occurred.

Step 7 – Assess inherent risk and control risk

6.2.36

Inherent risk. Inherent risk is the chance of material error occurring in the

first place assuming that there are no internal controls in place. “Material

error” may be a single error or the sum of multiple smaller errors.

6.2.37 Inherent risk is assessed at this stage as it determines how much testing of

internal controls and substantive testing (analytical procedures and

substantive tests of details) the auditor needs to perform in total to achieve

his/her desired level of reasonable assurance (95% in our illustration).

6.2.38

Control risk. Control risk is the chance that the entity’s internal controls

will not prevent or detect material error. Again, “material error” may be one

error or the sum of multiple smaller errors.

6.2.39 Control risk is assessed at this stage as it determines the amount of

assurance that the auditor can obtain from his/her tests of internal control.

Audit Manual – Chapter 6

6-9

Step 8 – Determine mix of tests of internal control, analytical procedures and

substantive tests of details

6.2.40 The auditor needs to select a combination of tests of internal control,

analytical procedures and substantive tests of details that, in total, will

provide the desired level of assurance that payroll expenditures are not

incomplete by an amount greater than the materiality amount.

6.2.41 The auditor can obtain this assurance in a number of ways, for example by:

a) reviewing the internal controls that the entity has in place to ensure the

completeness of, using our payroll example, payroll expenditures, and then

performing tests of internal control to ensure that the controls are

functioning properly;

b) performing such analytical procedures as comparing the payroll

expenditures by month to each other and to the equivalent amounts in the

previous year; and/or

c) selecting a sample of payroll transactions and performing various

substantive tests of details on those transactions.

6.2.42 These methods can be used in different combinations. For example:

a) Place a lot of reliance on the internal controls. Under this option, the auditor

would perform a lot of tests of internal control, supplemented by only

limited analytical procedures, and select a very small sample of payroll

transactions for substantive tests of details; or,

b) Place very little reliance on the internal controls. Under this option, the

auditor would do fewer tests of internal control than in the first option, but

would perform more rigorous analytical procedures and/or select a larger

sample of payroll transactions for substantive tests of details.

6.2.43 When deciding which combination to use, the auditor should consider

several factors, including the cost of each combination in terms of audit

resources.

6.3 Activity and Resource Planning

6.3.1 This phase primarily involves taking the decisions made during the general

planning phase and using them to build the audit programmes that will be

used during the fieldwork phase. It also involves establishing budgets,

staffing requirements, the timing of the audit work, and the information to

be obtained from the entity.

6.3.2 These steps are introduced below, and are discussed in more detail later.

Develop audit programmes

6.3.3 The audit programmes provide the auditor with a list of all the procedures

to perform.

6-10

Audit Manual – Chapter 6

6.3.4 The auditor can use the error conditions identified during the general

planning phase, or a previous audit programme for the entity, as a starting

point for the development of the audit programmes.

6.3.5 The auditor should also determine what information the entity management

are required to make available for the audit work.

Establish resource requirements and timing considerations

6.3.6 For each audit determine:

a) the number of auditors with required level of seniority and skill sets;

b) related out-of-pocket expense budgets; and,

c) timing of the work.

6.3.7 The resource requirements are based on the audit programmes. Resource

allocations from previous audits of the entity may provide a helpful starting

point.

Fieldwork

6.3.8 During the fieldwork phase, the auditors complete the procedures that are

contained in the audit programmes. The required evidence is gathered, and

the work performed is documented in the appropriate working paper files.

6.3.9 Chapter 8 contains detailed guidance on this phase of the audit cycle.

Evaluation

6.3.10 During the evaluation phase, the results of the audit are summarised and

conclusions are reached.

6.3.11 The auditor first concludes on the results of each test. The auditor then

reaches a conclusion on each component. Finally, the auditor reaches a

conclusion on the financial statements as a whole, and/or identifies specific

irregularities and general systemic weaknesses based on compliance with

authority tests.

6.3.12 Chapter 9 contains detailed guidance on this phase of the audit cycle.

Reporting

6.3.13 The reporting phase involves performing some final clearance procedures

and issuing an audit certificate (opinion) on the financial statements. In this

certificate, the auditor expresses an opinion as to whether:

a) the financial statements properly present in all material respects, the

government’s financial position, the results of its operations, its cash flows

and its expenditure and receipts by appropriation; and,

Audit Manual – Chapter 6

6-11

b) the sums expended have been applied, in all material respects, for the

purposes authorised by Parliament, and have, in all material respects, been

booked to the relevant grants and appropriations.

6.3.14 Often, the reporting phase also involves issuing other reports dealing with

internal controls, compliance with authorities, and performance matters that

were identified as part of a financial audit, or in separate audits. These

matters can be reported in a management report or in one of the Auditor-

General’s reports to Parliament and the Public Accounts Committee.

6.3.15 Chapter 10 contains detailed guidance on this phase of the audit cycle.

Follow up

6.3.16 The follow-up phase involves returning to the entity at a later date to

determine if entity management has:

a) Corrected errors identified during the audit; and

b) Implemented recommendations made by the auditors or by the Public

Accounts Committee.

6.3.17 Chapter 11 contains detailed guidance on this phase of the audit cycle.

6.4 Roles and Responsibilities

General Roles and Responsibilities

6.4.1 The general planning phase is where most of the key planning decisions are

made. Many of these decisions have a significant impact on the nature,

extent and timing of the work that is performed during the fieldwork phase.

Because of this, general planning decisions should be made by the more

senior and experienced members of the audit directorate.

6.4.2 Similarly, conclusions reached during the evaluation phase may have a

significant impact on the type of audit report that is issued. The more senior

and experienced members of the audit directorate also need to be directly

involved in the evaluation process, and in the finalisation of the report.

6.4.3 It is not possible to lay down specific roles and responsibilities for all

audits. Each audit is different – some are quite complex and difficult to plan

and perform; others are relatively small and straightforward. In addition,

there may be differences in the knowledge of the entity and audit skills

possessed by different staff members within each directorate.

6.4.4 To encourage consistency, Figure 6.2 contains a chart that shows the

suggested roles and responsibilities of individuals at each level, for the

general tasks to be performed during the audit.

Centrally Led Audits

Key planning

decisions impact the

nature, extent and

timing of the work.

6-12

Audit Manual – Chapter 6

6.4.5 These are audits where a central team is responsible for the overall

planning, performance, evaluation, reporting and follow up. An example of

such an audit is the annual audit of the financial statements of the

Federation.

6.4.6 With a centrally led audit, there will be a division of responsibilities

between the central team and each directorate. For example, for the annual

audit of the financial statements of the Federation, the central team is

responsible for:

a) Setting the basic planning parameters (materiality, planned precision, audit

risk, components, etc.);

b) Setting inherent risk, control risk, other substantive procedures risk and

substantive test of details risk for each component and each specific

financial audit objective and compliance with authority objective and error

condition;

c) Determining the optimum mix of tests of internal control, analytical

procedures and substantive tests of details for each component and for each

specific financial audit objective and related compliance with authority

objective and error condition;

d) Drafting the audit programmes, forms and checklists to be used by the audit

teams performing the work;

e) Performing the overall error evaluation; and

f) Reporting the results of the audit.

6.4.7 The auditors from each of the directorates are, in turn, responsible for:

a) Providing advice to assist the central team to plan the audit;

b) Reviewing the material received from the central team to ensure audit

programmes, forms and checklists reflect the optimum mix of tests for that

particular directorate, and contain all the work required to obtain the

required amount of overall assurance;

c) Performing the audit work; and

d) Reporting the results of the work, including individual errors and other

matters of note, to the central team.

6.4.8 Regarding the above, the central team will likely not have the same detailed

level of knowledge of a particular entity as the auditors from the applicable

audit directorate. For example the central team may not be aware that the

internal controls are weak and that the planned level of reliance on them is

not possible. The auditors from the audit directorate must bring these

matters to the attention of the central team and ensure necessary

adjustments are made to the audit plan.

Audit Manual – Chapter 6

6-13

6.4.9 With a centrally led audit, some of the roles and responsibilities that,

according to Figure 6.2, are to be performed by the Director General will be

performed by the Director General responsible for the central team, while

other roles and responsibilities will be performed by the Director General in

charge of each directorate. The same applies to the other levels of staff

shown in Figure 6.2.

6.4.10 To ensure that everyone is aware of their roles and responsibilities, the

central team will provide a schedule similar to Figure 6.2 that clearly lays

out the roles and responsibilities of individuals within the central team, and

within each audit directorate.

Figure 6.2: Roles and Responsibilities

Step

Auditor-

General

DAG

(Senior)

or DAG

Director

General Director

Deputy

Director or

Asst. Director

Audit

Officer

General Planning

Update overall audit

objectives and audit

scope

A

(1) R(1) P

Update understanding

of entity’s business

A

(1) R(1) P

Update assessment of

materiality, planned

precision, and audit risk

A

(1) R(1) P

Update understanding

of the entity’s internal

control structure

A

(1) R(1) P

Update determination

of components

A

(1) R(1) P

A = Approve R = Review S = Supervise

P = Responsible for performance of.

(1)

The review and approval would be done through a review and approval of the permanent file,

planning file, audit planning memorandum, audit programmes, etc. produced at the end of the

planning process.

6-14

Audit Manual – Chapter 6

Detailed Planning

Update audit

programmes

A

(1) R(1) S P

Update budgets,

staffing requirements,

timing considerations,

etc.

A

(1) R(1) S P

Fieldwork

Complete audit

programmes R S P

A = Approve R = Review S = Supervise

P = Responsible for performance of.

(1)

The review and approval would be done through a review and approval of the permanent file,

planning file, audit planning memorandum, audit programmes, etc. produced at the end of the planning

process.

Step

Auditor-

General

DAG

(Senior)

or DAG

Director

General Director

Deputy

Director

or Asst.

Director

Audit

Officer

Update determination

of specific financial

audit objectives,

compliance with

authority objectives

and error conditions

A

(1) R(1) P

Update assessment of

inherent risk and

control risk

A

(1) R(1) P

Update optimum

combination of

procedures

A

(1) R(1) P

Audit Manual – Chapter 6

6-15

Step

Auditor-

General

DAG

(Senior)

or DAG

Director

General Director

Deputy

Director

or Asst.

Director

Audit

Officer

Evaluation

Conclude on results

of work

R S P

Reporting

Audit Opinions A

(2) A(2) R P

Audit Reports

A(2) A(2) R P

Management

reports

A P

Follow up

Follow up matters in

reports

(3) (3) (3) (3) (3) (3)

A = Approve R = Review S = Supervise

P = Responsible for performance of.

(2) It is expected that the audit opinions and audit reports on the major entities would be approved by the

Auditor-General; the other audit opinions and audit reports would be approved by the Deputy Auditor

General (Senior) or a Deputy Auditor General.

(3) The roles and responsibilities would match those for the equivalent work performed during the audit

itself.

Audit Manual – Chapter 7

7-1

7. PLANNING THE AUDIT

7.1 Introduction

7.1.1 Individual audits must be properly planned to ensure:

a) Appropriate and sufficient evidence is obtained to support the auditor’s

opinion;

b) DAGP’s auditing standards are complied with; and

c) Only necessary work is performed.

7.1.2 This chapter contains guidelines that the auditor can use to plan the audit.

These guidelines do not replace the use of professional judgment.

7.2 Step 1 – Establish Audit Objectives and Scope

7.2.1 It is a general principle of DAGP’s audit activities that no audit entity

should be subject to more than one audit in a given year. Accordingly, any

individual audit may have to fulfil multiple audit objectives, so it is

important that the audit is well-planned in terms of audit objectives and

audit scope.

7.2.2 The step also involves communicating with the entity to ensure

management is fully aware of the audit objectives and audit scope.

Overall Audit Objectives

7.2.3 Each audit will be designed to address one or more of the following

objectives:

a) Expressing an opinion on financial statements;

b) Expressing an opinion regarding compliance with authorities;

c) Testing compliance with authority or controls on selected transactions with

no opinion being expressed; and

d) Evaluating operational performance.

7.2.4 To express an opinion on financial statements the auditor needs to design

audit procedures to obtain a reasonable level of assurance that the financial

statements are not materially misstated. This means reaching a conclusion

as to whether the account balances are valid, are complete, are properly

valued, etc.

7.2.5 For compliance with authority work where an opinion is being expressed,

the auditor will design audit procedures to obtain a reasonable level of

assurance that the selected transactions in a given period are in compliance

with applicable statutes and regulations. The types of irregularities that the

auditor needs to look for will reflect the objectives of the compliance audit.

Individual audits

must be properly

planned.

The auditor needs to

design audit

procedures to obtain

a reasonable level of

assurance that the

financial statements

are not materially

misstated

7-2

Audit Manual – Chapter 7

7.2.6 For compliance with authority audit work where there is no expression of

an opinion the auditor need not plan the audit to obtain a specified

minimum level of overall audit assurance.

7.2.7 Where the audit is to evaluate operational performance the auditor is

concerned with economy, efficiency and effectiveness the auditor will

develop specific audit objectives and conclude on the management

framework and/or level of performance.

7.2.8 In summary, the nature and extent of the work that the auditor needs to

perform will vary according to the objectives of the audit. Therefore, a first

step in the planning process is to determine the objectives for the year.

Audit Scope

7.2.9 The auditor also needs to determine the overall audit scope – the total

population on which to express an opinion, from which to select

transactions, etc. For financial audit purpose, this total population is

referred to as the “audit entity”. The audit entity determines the scope of

the audit, and is generally defined by the audit mandate. For financial

statement audits that are required under Section 7 of the Auditor-General

Ordinance (see Chapter 2), the entity to be audited will be defined by the

applicable accounting policies of the government.

7.2.10 For example, the accounting policies for the Federation state, “The financial

statements have been prepared by consolidating the accounts of all

Centralised and Self Accounting Entities …. Commercial entities owned or

controlled by the Government prepare their own financial statements, which

are not included in these financial statements.” Based on this accounting

policy, the audit entity would include all centralised and self-accounting

entities, but would exclude the commercial entities.

7.2.11 For other financial audits, the entity to be audited may need to be carefully

determined. For example, a ministry may make use of a special operating

agency to perform some of its functions. In this situation, the auditor will

need to determine whether or not the agency falls under the scope of the

audit.

7.2.12 In some cases, the scope of the audit can be at the auditor’s discretion, or

can be negotiated with entity management. For example, DAGP may have

planned to audit a particular civil works project. If the internal audit unit in

that entity is planning to do a detailed audit of the project one year later, it

may suggest that DAGP defer its audit by a year so the two audits could be

coordinated. DAGP might decide to do so.

7.2.13 The first consideration in defining the scope of audit is to ensure that the

work required to complete the financial attest audit is covered. In

determining what else should be audited, it is important that scarce audit

resources be focused on the most important aspects of the operations of the

government. The first step in deciding what to examine is to identify

matters of significance, both within the government as a whole and within

the audit entity under examination.

The auditor needs to

determine the overall

audit scope – the

“audit entity”.

Audit Manual – Chapter 7

7-3

7.2.14 Matters of significance can include one or more of the following:

a) Large expenditures or large revenues;

b) Areas of high risk (significant control weaknesses, potential for large

losses/negative impacts);

c) Matters of propriety, or probity (even if not of high materiality or risk);

d) Important aspects of the programme’s performance;

e) Politically sensitive areas, where the reputation of the government could be

adversely affected;

f) Substantial errors or misrepresentations in financial and other management

reports;

g) Serious problems of compliance, especially regarding laws and regulations;

and

h) Areas where the audit is likely to identify opportunities for significant

improvement.

7.2.15 The auditor may decide to address one or more of these or to limit audit

coverage to financial attest requirements together with the more critical

aspects of compliance with key laws and regulations. Ultimately the

decision as to what sub-entities are significant and should be included in a

particular audit is a matter for DAGP management. As noted in Chapter 5,

there are various entities that DAGP may decide to include in any specific

audit. Entities may be organisational units, such as agencies, DAOs, DDOs

etc., functional areas, such as the payroll function or the purchasing

function, or accounting entities, such as objects of expenditure, grants or

appropriations. DAGP may determine that all entities should be reviewed

in a particular audit, for example ensuring complete coverage of all DDOs

or grants and appropriations, and the planning phase for individual audits

will be guided by this direction from management.

7.2.16 In determining what areas are significant, an understanding of the audit

entity and its business is important. In selecting matters of significance for

performance audits, the auditor should not focus only on the potential of

negative findings. It is also important that key aspects of the programme are

examined even if they are well managed. Providing the Legislature, the

public, and also management, with assurances that programmes are well

administered can be of value. When providing an assurance, the auditor

must obtain sufficient evidence to conclude that there is a low risk that any

significant problem has gone undetected. This usually requires much more

audit effort than is required for finding weaknesses.

Entity Communication Letters

7.2.17 DAGP has a legal mandate to perform its audit work. This mandate permits

it to determine the nature, extent and timing of its work. As such, DAGP

does not need to negotiate the scope of its work with the entity, or to make

use of formal engagement letters.

7-4

Audit Manual – Chapter 7

7.2.18 Nevertheless, there are benefits to discussing the nature, extent and timing

of the work with entity officials. These benefits include:

a) The introduction of annual financial audit work has changed the nature of

the audit work that the auditors are performing. Entity communication

letters can be used to help the audit entities to better understand the nature

of the work that is being performed, and the types of reports that may be

issued at the completion of the work.

b) While much of the financial audit work will be performed annually, other

work that DAGP performs will continue to be performed on a rotational

basis. Entity communication letters can be used to advise the entity of the

nature, extent and timing of the rotational audit work that will be performed

in the coming year.

c) Input from entity management may help improve the planned scope of the

audit and the rotational audit plan. For example, the auditors may discover

that the entity’s internal audit unit is planning a detailed review of the

entity’s internal control structure. DAGP and internal auditors could then

coordinate their work, and the DAGP auditors may be able to rely on the

work performed by the internal auditors.

d) Input from entity management may also improve the efficiency of the audit

work. For example, the auditors could advise entity officials of the planned

start and completion dates of each audit, and the information that the

auditors will require to perform their audit. Entity officials would then be

able to locate the required information, arrange for suitable office space,

etc. prior to the start of the audit.

7.2.19 An entity communication letter is a useful way to document the nature,

extent and timing of the audit work that will be performed in the following

year. A sample letter is included in the Standard Audit Working Paper Kit.

7.3 Step 2 – Understand the Entity’s Business

Information Requirements

7.3.1 Audit objectives are developed on the basis of an understanding of the

entity’s business. However, the auditor does not need to have a complete

understanding of all of the entity’s activities. The auditor only needs to

have a detailed knowledge of those aspects of the entity’s business that

relate to the audit.

7.3.2 For example, when performing a financial statement audit, the auditor may

not need to have a detailed understanding of all of the entity’s human

resource policies. However, should the auditor be performing a compliance

with authority or a performance audit on the staffing and promotion

processes, a more detailed understanding of the human resource policies

may be required.

7.3.3 The auditor should assemble the following information for most audits:

a) government’s plans and priorities;

b) entity’s strategic plans;

Audit Manual – Chapter 7

7-5

c) users of the entity’s services;

d) legislative authorities affecting the entity’s operations;

e) industry in which the entity operates, including any specialised accounting

practices followed by that industry;

f) activities in which the entity engages (constructing buildings, providing

grants and contributions, collecting taxes, etc.);

g) size of the entity (its total assets, liabilities, revenue and expenditure);

h) types of transactions and documents that the entity processes;

i) entity’s internal control structure; and

j) economic trends that can affect the valuation of significant assets and

liabilities (those held in foreign currencies, for example).

7.3.4 The Standard Audit Working Paper Kit includes forms to help the auditor

update his/her understanding of each of these knowledge areas.

7.3.5 Sufficient knowledge of these matters is required by the auditor to:

a) assess materiality, planned precision and audit risk;

b) understand the internal control structure;

c) determine components and understand how the various components and

activities fit together;

d) identify error conditions;

e) assess inherent risk and control risk;

f) understand the substance of transactions, as opposed to their form;

g) identify the nature and sources of audit evidence that are available;

h) update audit programmes;

i) assess whether sufficient appropriate audit evidence has been obtained;

j) assess the appropriateness of the accounting policies being used; and

k) evaluate the presentation of financial statements and the reasonableness of

the overall results.

7.3.6 There is a link between these knowledge areas and the tasks to be

performed, as follows:

a) an understanding of the users of the entity’s services and the size of the

entity is needed to assess materiality;

b) an understanding of the legislative authorities affecting the entity’s

operations, the activities in which the entity engages, and the types of

transactions and documents that the entity processes is needed to determine

what components to audit;

c) an understanding of the industry in which the entity operates, the activities

in which the entity engages, the size of the entity, the types of transactions

and documents that the entity processes, and economic trends are needed to

assess inherent risk.

7-6

Audit Manual – Chapter 7

Level of Effort

7.3.7 Building an understanding of the entity’s business can be a significant

undertaking especially where the audit scope is large, like the audit of the

Federal Government. The level of effort in collecting and documenting the

understanding will be high, especially when this is being done for the first

time. Practically, DAGP will probably have to approach this effort

incrementally over the course of the first few audit cycles. However, this

should be done according to a plan that will ensure adequate depth of

understanding of priority issues to provide a foundation upon which

subsequent audit cycles can build.

7.3.8 There are a number of factors that can legitimately reduce the effort

required:

a) Much of the required knowledge will have already been gathered during

prior compliance with authority work. This can be used when planning the

audit.

b) With a financial audit, the depth of knowledge required of each ministry,

department etc. is relative to the materiality of that organisational unit to the

overall audit scope. Therefore, the knowledge required will be small for

less material agencies and will be of lower priority, so it can be deferred

until more priority units have been covered.

c) The depth of knowledge required also reflects the extent of intended

reliance on internal controls as a source of audit assurance. If the auditor

intends to place little reliance upon internal controls, then a lower level of

knowledge is required than when significant reliance is to be placed on

controls.

7.3.9 These factors can reduce the level of knowledge needed, and can render the

data gathering exercise more manageable.

7.3.10 Once the required level of knowledge has been reached, over the course of

several audit cycles, subsequent audits need only be concerned with

confirming the knowledge is current and updating specific issues where

necessary.

7.3.11 Clearly, knowledge of the business is important to all phases of the audit.

The auditor should therefore be sure to update his/her knowledge of the

entity’s business throughout the audit. Analytical procedures are often used

at the general planning phase to identify large fluctuations in the accounts

from the previous year. These fluctuations, in turn, may indicate changes in

the entity’s operations.

7.3.12 Analytical procedures are discussed in more detail below.

Audit Manual – Chapter 7

7-7

7.4 Step 3 – Assess materiality, planned precision, and

audit risk

Materiality

7.4.1

Definition of materiality: When the auditor states that the financial

statements “properly present, in all material respects”, he/she is stating that

the financial statements are not materially misstated. This introduces the

concept of materiality.

7.4.2 Materiality can be defined as follows: “An error (or the sum of the errors) is

material if the error (or the sum of the errors) is big enough to influence the

users of the financial statements”.

7.4.3 Materiality is important in the context of the auditor’s report on the

financial statements. The opinion paragraph of a standard unqualified

auditor’s report commences, “In my opinion, these financial statements

properly present, in all material respects, the financial position of [the

entity] …”

7.4.4

Guidelines: To determine materiality the auditor should perform the

following steps:

1. Identify the probable users of the financial statements.

2. Identify the information in the financial statements that is expected to

be the most important to each of these users (e.g., total expenditures,

total assets or the annual surplus or deficit). One or more of these

amounts may serve as the base amount(s) for computing materiality.

3. Estimate the highest percentage(s) by which the base amount(s) could

be misstated without significantly affecting the decisions of the users

of the financial statements.

4. Multiply the percentage(s) times the base amount(s).

5. Select the lowest amount – this is the materiality amount. Errors

exceeding this value are material.

7.4.5 The auditor normally selects the lowest amount that results from each of

these guidelines, and uses that amount for the audit of the financial

statements as a whole. This is because errors often affect more than one

component. For example, an error in cash may also represent an error in

expenditures. As a result, the auditor cannot use a higher materiality

amount to audit cash than he/she uses to audit expenditures.

7.4.6 Note that the materiality amount determined at this step in the general

planning phase is used for the audit of

all components. There is no need to

allocate the amount to the various financial statement components. If

materiality is set at Rs. 3,000,000 for the financial statements as a whole,

the same Rs. 3,000,000 can be used for each financial statement

component, and for each specific financial audit objective, related

compliance with authority objective, and error condition.

An error is material

if the error is big

enough to influence

the users of the

financial

statements.

7-8

Audit Manual – Chapter 7

7.4.7 There are some guidelines that can be used to determine the base amount(s)

and the appropriate percentage(s). While guidelines should not replace the

use of professional judgment, the following may be useful, depending on

the nature of the entity being audited:

7.4.8 Percentage of total expenditures.

This method is the most widely used method for

not-for-profit public sector

entities. The percentages used generally range from 2% for "small" entities

to 0.5% for "large" entities.

7.4.9 Percentage of normalised pre-tax income.

This method is the most used method for

profit-oriented public sector

entities (e.g., state-owned enterprises with a mandate to earn a return on

their investments). The percentages used generally range from 5% for

entities with "large" pre-tax incomes to 10% for entities with "small" pretax

incomes.

7.4.10 Percentage of total revenue.

The same 2% to 0.5% range that is generally used for expenditures (see

above) is often recommended.

7.4.11 Percentage of equity.

Usually 1% is suggested. This method would be appropriate only for

entities following full accrual accounting and hence recording such assets

as receivables, stocks and fixed assets. Without these assets, the entity

would most likely be in an accumulated deficit position, and the equity

amount might not be meaningful to the users.

7.4.12 Percentage of assets.

Usually 0.5% is suggested, which achieves the same materiality amount as

the amount in Percentage of Equity if the debt-to-equity ratio is 1 to 1.

7.4.13 Percentage of the annual surplus or deficit.

For public sector entities, the most often quoted amount in the media is the

annual surplus or deficit. It would therefore seem logical to base materiality

on a percentage of the entity’s annual surplus or deficit.

7.4.14 However, there are weaknesses in the latter approach. The main weakness

with basing materiality on a percentage of the annual surplus or deficit is

the fact that the amount may not represent the "true" size of the entity. An

entity with an extremely small annual deficit relative to its total

expenditures and revenues would have an extremely small materiality

amount, and an entity with a very large annual deficit would have a very

large materiality amount. In fact, basing materiality on the annual surplus or

deficit could result in the materiality amount decreasing year after year

even though the size of the entity being audited is increasing.

Audit Manual – Chapter 7

7-9

7.4.15 Because of these problems, a percentage of the annual surplus or deficit is

normally only used as a reasonableness check on the materiality amount

determined by a percentage of total expenditures or revenues.

7.4.16 It is

not necessary to use a percentage of total expenditures or revenue to

audit the statement of expenditures and revenues, a percentage of total

assets when auditing the balance sheet, etc. Instead, the auditor selects the

lowest amount that results from each of these guidelines and uses that

amount for the audit of the financial statements as a whole. That is because

errors often affect more than one component.

7.4.17 Also note that available audit resources should

not be a factor in setting

materiality. Materiality is determined with the users in mind, and it is up to

the auditor to ensure that it has the resources that are required to perform

the work.

7.4.18 The Standard Audit Working Paper Kit contains a form that can be used to

assess the materiality amount.

7.4.19 Ultimately, the establishment of an appropriate materiality amount is a

matter for the auditor’s professional judgment. For this reason, it is

normally

not appropriate to use the same materiality amount for the audit of

different entities (i.e. the materiality calculated for the Federal Government

as one entity, will be different from the materiality for a self-accounting

commercial enterprise), and materiality should be calculated separately for

each audit. In addition if, based on the knowledge of the entity and an

understanding of the circumstances, the auditor believes that the monetary

amount determined by the above process appears unreasonable, additional

relevant factors should be considered and the materiality amount revised

accordingly.

7.4.20

Qualitative aspects. In addition to the quantitative aspects of materiality

discussed above, there is also a

qualitative aspect. The inherent nature or a

characteristic of an error may render the error material, even if its value is

not. For example, a small error that is designed to conceal the overexpenditure

of a government appropriation could be considered to be

material by the users.

7.4.21 Auditors are not expected to plan financial audits to detect all of these

qualitative errors. The cost of such an audit would be too high.

Consequently, auditors normally ignore the qualitative aspects of errors

when planning their audits. However, when reporting on the results of the

audit work, they take into account the qualitative aspects of the errors that

they have found when assessing whether the financial statements taken as a

whole are presented fairly.

Planned Precision

7.4.22 Planned precision is the auditor’s planned allowance for further possible

errors.

7.4.23 By testing a sample, the auditor can determine the Most Likely Error

(MLE) in the population. However, because the auditor has only selected a

7-10

Audit Manual – Chapter 7

sample, there is a chance that the actual error in the population is larger

than that. The auditor needs to ensure there is sufficient assurance that the

maximum possible error in the population is less than the materiality

amount.

7.4.24 To do this, when planning and performing many analytical procedures and

substantive tests of details, the auditor reduces the materiality amount by

his/her estimate of the most likely error that will exist in the financial

statements as a whole. This estimate is referred to as the “expected

aggregate error.” Planned precision is equal to materiality less the expected

aggregate error.

7.4.25 To determine the expected aggregate error, the auditor should consider:

a) The errors found in previous years;

b) Changes the entity has made to the internal control structure to prevent

these errors from recurring; and

c) Other changes to the entity’s business or its internal control structure that

could affect the size of the errors.

7.4.26 If the auditor’s estimate of the expected aggregate error had been set at the

planning stage at Rs. 816,500, the auditor would have calculated planned

precision as follows:

Materiality Rs.

3,000,000

Expected aggregate error in financial statements 816,500

Planned precision Rs. 2,183,500

7.4.27 As noted in the discussion on materiality, the materiality amount

determined at this step of the general planning phase is used for the audit of

all components within the same audit. There is no need to allocate the

amount to the various financial statement components. Consistent with this

approach, the expected aggregate error being used for a particular test is the

expected aggregate error in the financial statements as a whole, and

not just

the expected error in the population being audited. When auditing the

completeness of income tax receipts, for example, the auditor would need

to allow for errors not only in that test, but for errors found in other income

tax receipts tests and for errors found in other financial statement

components.

Audit Risk

7.4.28

Definition: The opinion paragraph of the standard unqualified auditor’s

report begins “In my opinion …” This means that the auditor is not stating

that he/she is absolutely certain that the financial statements properly

present the results of operations (i.e. they are not materially misstated).

Rather, the auditor is stating that he/she has some degree of assurance that

is less than 100% that the financial statements are not materially misstated.

The auditor is not

absolutely certain that

the financial

statements are not

materially misstated.

The auditor has some

degree of assurance

that it is less than

100%.

Audit Manual – Chapter 7

7-11

Generally accepted auditing standards (GAAS) refer to this degree of

assurance as “reasonable assurance”.

7.4.29 Stated another way, the auditor is taking some risk of issuing an unqualified

opinion on financial statements that are materially misstated. This risk is

referred to as “audit risk”.

7.4.30 For example, if the auditor wants to be 95% confident that the financial

statements are not materially misstated, this means that the auditor is

prepared to take a 5% risk that he/she will fail to detect errors summing to

more than the materiality amount. Audit risk is therefore 5%.

7.4.31 Using the audit risk and the materiality amount, when the auditor states, “In

my opinion, these financial statements present fairly, in all material respects

…”, the auditor is stating, “I have x% assurance that the financial

statements are not misstated by more than the materiality amount”.

Risk Assessment

7.4.32 The audit should focus on the areas of greatest materiality, significance and

risk. An understanding of the risk associated with each audit entity is

therefore critical to the development of an audit plan. The auditor should

develop this understanding by conducting a risk assessment as part of

planning an audit assignment.

7.4.33 In the case of a

financial attest audit, the auditor is concerned with the risk

that material misstatements exist in the financial statements that will not be

detected, either by management or by audit procedures.

7.4.34 In the case of

compliance audits, the auditor is concerned with the risk that

certain material, or significant, transactions have occurred in a manner that

contravene the laws, regulations and management procedures applying to

the area of audit.

7.4.35 In considering audit risk, there are three categories of risk that are normally

considered: Inherent Risk, Control Risk, and Detection Risk. These are

discussed below.

1. Inherent risk

7.4.36 This is the susceptibility to material/significant error or loss unrelated to

any internal control system. Assessing inherent risk requires the evaluation

of numerous judgmental factors, relating to the nature of the entity and its

business environment taken as a whole.

An understanding of

risk is critical to the

development of an

audit plan.

7-12

Audit Manual – Chapter 7

7.4.37 This is done by asking what could go wrong and what would be the likely

consequences. If the likelihood of occurrence is low and the significance of

the consequence is low, the auditor need not be concerned. Where the

likelihood is high and the significance is high, then inherent risk is high. In

this situation, the auditor must be assured that either the internal controls

are strong enough to detect and prevent such occurrences or the substantive

audit coverage is sufficient to detect such occurrences with a high level of

assurance.

2. Control risk

7.4.38 This is the risk that material/significant error or loss is not prevented or

detected on a timely basis by the internal control structure. Control risk is a

function of the effectiveness of the design and operation of the internal

controls. In order to assess control risk, the auditor should obtain evidence

to support the effectiveness of internal control policies and procedures in

preventing or detecting material error or loss. The auditor should recognise

that there are risks of error or loss that cannot be detected or prevented in a

timely manner whatever the controls in place. Further, the auditor should

recognise that the costs of certain controls cannot be justified when

compared to the potential losses they are guarding against.

7.4.39 The auditor should identify and evaluate both the control environment and

the effectiveness of the individual internal controls that are in place.

Indicators of a positive control environment include:

a) policies and procedures relating to internal controls and to the need for

maintaining a proper control environment exist and are documented;

b) an appropriate organisational structure with clearly identified roles and

responsibilities relating to the administration of internal controls exists;

staff are selected and trained to ensure their competence and dedication in

key control positions;

c) senior management is involved in identifying control risks and monitoring

performance;

d) actions are taken to correct any identified control deficiencies with an

appropriate level of priority; and

e) management displays positive attitudes towards the maintenance of sound

internal controls, such as: recognising dedicated effort; positively

responding to audits and reviews of controls; and taking disciplinary action

in response to poor performance.

7.4.40 The auditor is referred to the Control Environment Worksheet in the

Standard Audit Working Paper Kit.

7.4.41 To review the effectiveness of controls the auditor should make use of the

Internal Control Questionnaires which are presented in the audit

programme guides as part of the Standard Audit Working Paper Kit. The

auditor should expect stronger controls where risks are highest. For

example, there should be strong controls in place to ensure contracts

involving large expenditures are well managed: for the selection of the

contractor, for drawing up the contract; and for the control of performance

Audit Manual – Chapter 7

7-13

under the contract. On the other hand, there should be minimal effort

applied to controlling small items of inventory where the risk of loss,

damage or theft is low.

7.4.42 The auditor should determine how the controls are applied, assess their

adequacy, and identify significant control gaps.

7.4.43 The trend in modern government is to “let the managers manage” and take

reasonable risks in order to achieve results with reduced resources.

Consequently, the auditor should be conscious of the need for reasonable,

but not excessive, internal controls. The cost of controls should not exceed

the potential losses that could occur without those controls.

3. Detection risk

7.4.44 This is the risk of material/significant error or loss going undetected by the

auditor’s substantive audit procedures. It is a function of the effectiveness

of the substantive audit procedures and audit effort.

7.4.45 Also, less experienced or less knowledgeable auditors are more likely to

miss detecting errors than the experienced auditor. Therefore, without

careful supervision, the employment of less experienced auditors increases

detection risk.

7.4.46

Audit risk is a composite of these three risks. When planning an audit

there is a trade off between the overall risk that the auditor will accept and

the cost of the audit – the lower the overall risk that the auditor is prepared

to take, the more extensive the required work and the more costly the audit

becomes. Thus the risk assessment process is particularly important in

determining the extent to which the audit will examine the systems,

procedures, practices and transactions that govern matters at the lower end

of the objective and control hierarchy.

4. Identification of Risk

7.4.47 The auditor needs to develop the ability to identify risks. This requires an

understanding of what constitutes risk and how to recognise it. There is a

set of steps that the auditor can take, but experience, imagination and

judgment are also critical.

7.4.48 The steps to follow are:

1 List the programme objectives, assets to be safeguarded and other results that

management need to achieve;

2 Identify threats which could prevent achievement of these objectives;

3 Rate the risks, with the probability of occurrence, assuming no management

controls (the inherent risks);

5. List controls and assurances which exist within the systems and practices in

place (environment controls and internal controls);

6. Identify missing controls and assurances;

7-14

Audit Manual – Chapter 7

7. Identify risks that could occur even with the existing controls in place (control

risk); and

8. Recommend improved controls and assurances (based on an assessment of the

trade-off of the cost of the controls against the potential savings of lost and

waste without the new controls in place).

7.4.49 This activity should be documented on the audit file.

Indicators of Risk

7.4.50 There are certain indicators that can alert the auditor to potential risk

situations. Analysis of data may produce information that does not look

right. Managers are often aware of high-risk situations and will assist the

auditor to identify areas needing examination. This is more likely if the

manager sees the auditor as an ally rather than a critic and feels comfortable

confiding with the auditor.

7.4.51 Some examples of risk that can be encountered are:

a) Processing risk;

b) Programme risk;

c) Regulatory risk; or

d) Risk of fraud.

7.4.52

Processing risk. Errors can occur inadvertently, especially in situations

such as the following:

a) A new government programme where there is little experience in

administering it, or the entity has taken over responsibilities for a new

function and the previous administrators are no longer involved.

b) New systems or procedures are introduced, especially a new computerised

system.

c) There have been recent changes in management or there is a high turnover

of staff (in other words, there is a poor corporate memory), particularly if

administrative procedures are poorly documented.

d) There are unclear responsibilities.

7.4.53 If the process involves large transactions, the risk of inadvertent loss or

waste can be serious.

7.4.54

Programme risk. Certain government programmes are particularly

susceptible to significant losses, either intended (fraud) or unintended (the

result of poor administration).

7.4.55 Examples of programmes that should be given a careful assessment of risk

are:

a) Loans or guarantees, which, by their very nature, usually place the

government at risk.

Audit Manual – Chapter 7

7-15

b) Programmes delivered by means of contracts, especially where there are

unclear terms and conditions, insufficient specifications / performance

requirements.

c) Research and development projects, where often the results are difficult to

predict (especially non-standard software development).

d) Programmes with vague outputs or outcomes, where in return for the

government’s expenditures, the benefits are difficult to identify.

7.4.56 Large expenditures in programmes of such nature should be a high priority

for the auditor to examine.

7.4.57 Another aspect of risk relating to programme performance is the risk that

adverse publicity can arise. The danger of criticism of a programme can be

out of proportion with the potential or actual loss occurring due to some

weakness in the administration of the programme. There is often a trade-off

between the economic and efficient management of a programme and the

cautious avoidance or mistakes that can lead to embarrassment. The auditor

should be sensitive to this and be able to judge what are appropriate levels

of control.

7.4.58

Regulatory risk. One means of implementing government policy is through

regulatory activities. The usual purpose of regulations is to protect the

public – whether this is health protection, ensuring fair trade practices,

transportation safety, or other law enforcement.

7.4.59 Failures in a government’s regulatory programme can occur at various

points within the regulatory system. For example, regulatory risk can derive

from:

a) inadequate laws;

b) inadequate inspection/detection (insufficient resources available;

untrained inspectors; poor supervision of the inspectors);

c) inadequate penalties or other deterrents;

d) poor records and inadequate statistics; and/or

e) environmental factors outside of the regulatory process that impact on the

effectiveness of the regulatory programme.

7.4.60 The impact of regulatory weaknesses on government operations can be

significant, although not as obvious as misappropriations of funds, waste or

loss of monies. For example, the non-collection of taxes can represent a

huge loss to the government. Therefore the auditor must focus on

regulatory activities just as much as on expenditures.

7.4.61

Risk of fraud. There are many classical indicators of weaknesses that can

contribute to fraud. Some of these are:

a) Insufficient separation of duties;

b) Only one person with access to financial information, particularly if this

person exhibits defensive or guarded behaviour;

c) Weak controls;

7-16

Audit Manual – Chapter 7

d) Inadequate management supervision, inspection, challenge or review;

e) Inadequate or untimely reports; and,

f) Late or non-existent reconciliations.

7.4.62 It is often beneficial to provide all auditors with some training in fraud

awareness and investigation, and to provide extensive Forensic Audit

training to one or a few auditors. Then one of those who have had extensive

training and experience can be consulted wherever any serious case of fraud

has been identified or is suspected.

Factors Affecting Audit Risk

7.4.63 To determine how much risk the auditor should accept that an unqualified

opinion may be issued on financial statements that are materially misstated,

the auditor would consider such matters as professional exposure, reporting

considerations and ease of audit.

Professional Exposure

7.4.64 This is the risk of loss or injury to the auditor's reputation from litigation,

adverse publicity or other events arising in connection with the financial

statements reported upon.

7.4.65 Professional exposure risk is often considered to be highest when there is a

good chance that the financial statements and the audit report thereon will

undergo a lot of scrutiny. This could occur in special situations such as

when an entity is:

a) Receiving a lot of bad publicity for an authority violation or other matter;

b) Being privatised, transferred to another level of government, or turned into

a special operating agency;

c) Issuing new debt; and/or

d) Getting into financial difficulty.

7.4.66 For audit entities such as these, the auditor may elect to reduce their audit

risk to reduce their professional exposure risk.

Reporting Considerations

7.4.67 These considerations usually include the number of users and the extent to

which they rely on the entity's financial statements and audit report.

Ease of Auditing

7.4.68 Factors to be considered here could include the practical availability of

audit evidence and the existence of an audit trail.

Determining Audit Risk

7.4.69 Even though the determination of audit risk is the auditor's responsibility

and not the financial statement users, it may be prudent to discuss the

Audit Manual – Chapter 7

7-17

factors affecting audit risk and the assessed level directly with the users.

There are several reasons for this:

a) One of the factors affecting the required level of audit risk is the extent to

which the users rely on the entity's financial statements and audit report. If

the users are placing extensive reliance on the financial statements, the

auditor may wish to use a lower level of audit risk (i.e., obtain a higher

level of overall assurance) than if the users are placing very little reliance

on the financial statements. Discussing the level of audit risk with the users

will provide the auditor with direct evidence with respect to this factor.

b) Some of the users, such as government planners and managers as well as

legislators, may be aware of special circumstances that could increase the

auditor’s professional exposure risk. These may include circumstances of

which the auditor is not aware.

7.4.70

Guidelines: As for materiality, the assessment of audit risk is a subjective

process requiring the use of professional judgment. While guidelines should

not replace the use of professional judgment, the following may be useful:

Situation Audit Risk Overall

Assurance

Entities perceived to be high risk (and therefore

the auditor wants to achieve a high level of

overall assurance and set a low level of audit

risk)

3 97

All other entities 5 95

7.4.71 The Standard Audit Working Paper Kit contains a form that can be used to

assess audit risk.

7.4.72 As is evident from the above guidelines, the lower the audit risk being

taken, the more the assurance that is required. This is because audit risk and

overall assurance are converses of each other. Reducing audit risk from 5%

to 3% increases the desired level of overall assurance from 95% to 97%.

7.4.73 Increasing the overall assurance will increase the required amount of audit

work. Going from 95% assurance to 97% assurance could, for example, add

20% to the total required amount of audit work.

Auditor’s Responsibility to Detect Error and Fraud

7.4.74 Because the auditor designs audit procedures to detect errors in the

financial statements that in total exceed the selected level of materiality, an

audit most likely will not detect all immaterial errors. In fact, because the

auditor is providing

reasonable and not absolute assurance, there is a

chance that an audit performed in accordance with GAAS will fail to detect

some

material errors. Some of these errors may be due to fraud.

7.4.75 Fraud is the intentional act by one or more individuals to deceive others.

For example, an employee may steal cash and cover up the theft by

recording fictitious expenditures. Or the employee may not record an

The auditor is

providing reasonable

and not absolute

assurance.

7-18

Audit Manual – Chapter 7

expenditure that would cause the ministry to exceed its allowable

expenditures.

7.4.76 The most difficult type of fraud to detect is fraud committed by

management. This is because management may be able to override internal

controls.

7.4.77 Not all frauds will result in errors in the financial statements. For example,

under the accounting principles contained in the New Accounting Model

(NAM), consumable stocks are not recorded in the financial statements.

Therefore, the theft of inventory would not affect financial statements

prepared using NAM.

7.4.78 When planning an audit, auditors normally start by assuming good faith on

the part of management, meaning that management officials are honest and

have done their best to ensure that the financial statements do not contain

any errors.

7.4.79 However, the assumption of management’s good faith cannot be blind faith.

As noted in paragraph 3.0.3 of DAGP’s auditing standards,

“The auditor

should design audit steps and procedures to provide reasonable assurance

of detecting errors, irregularities, and illegal acts that could have a direct

and material effect on the financial statement amounts or the results of

regularity audits. The auditor also should be aware of the possibility of

illegal acts that could have an indirect and material effect on the financial

statements or results of regularity audits.”

7.4.80 While the auditor is not required to actively seek out evidence of lack of

good faith by management, the auditor complies with the above standard by

planning and performing the audit with an attitude of professional

scepticism. This means that the auditor uses a questioning mind and keeps

alert for evidence that brings into question the reliability of documents or

management’s representations. Should evidence come to light that indicates

fraud may have occurred or the assumption of management’s good faith is

not appropriate, the auditor should design specific audit procedures to deal

with the matter.

7.4.81 Analytical procedures are a good technique to identify areas where further

investigations are required. These procedures are discussed in Section 7.8

below.

7.4.82 Procedures to investigate possible fraud normally include a detailed review

of specific projects, disbursements, etc. in which the fraud could have

occurred. Sampling would normally

not be used to detect or investigate

fraud, because it involves selecting a representative sample, as opposed to

zeroing in on the specific areas where further investigation is required.

The assumption of

management’s good

faith cannot be

blind faith.

Audit Manual – Chapter 7

7-19

7.5 Step 4 – Understand the Entity’s Internal Control

Structure

Definition and Concepts of Internal Control

7.5.1 INTOSAI defines the internal control structure as the plans and actions of

an organisation, including management's attitude, methods, procedures, and

other measures that provide reasonable assurance that the following general

objectives are achieved:

a) Assets are safeguarded against loss due to waste, abuse, mismanagement,

errors, and fraud and other irregularities;

b) Laws, regulations, and management directives are complied with; and

c) Reliable financial and management data are developed, maintained and

fairly disclosed in timely reports.

7.5.2 The internal control structure of an audit entity is therefore very important

to the auditor.

7.5.3 Furthermore, an understanding of internal controls, and the weaknesses in

internal controls, is often critical for the auditor to make recommendations

for improvements. If the audit focuses only on individual transactions, the

auditor can only conclude, when errors are observed, that these errors

should be corrected. By examining the controls over these transactions, the

auditor can identify the reasons that the errors occurred. Then the auditor

can recommend that the weaknesses in the controls be corrected.

7.5.4 Hence, it is critical that the auditor examines

controls not just transactions.

General Standards for an Internal Control Structure

7.5.5 INTOSAI describes five general standards that entity management and

employees should follow:

a) Reasonable assurance. Internal control structures are to provide reasonable

assurance that the general objectives of the entity will be accomplished.

b) Supportive attitude. Managers and employees are to maintain and

demonstrate a positive and supportive attitude toward internal controls at all

times.

c) Integrity and competence. Managers and employees are to have personal

and professional integrity and are to maintain a level of competence that

allows them to understand the importance of developing, implementing and

maintaining good internal controls, and to accomplish the general

objectives noted in paragraph 7.4.1.

d) Control objectives. Specific control objectives are to be identified or

developed for each activity of the organisation and are to be appropriate,

comprehensive, reasonable, and integrated into the overall organisational

objectives.

An understating of

internal controls,

and the weakness in

internal controls, is

critical for the

auditor to make

recommendations for

improvements.

7-20

Audit Manual – Chapter 7

e) Monitoring controls. Managers are to continually monitor their operations

and take prompt, responsive action on all findings of irregular,

uneconomical, inefficient, and ineffective operations.

Detailed Standards for an Internal Control Structure

7.5.6 In addition, INTOSAI describes six detailed standards that entity

management and employees should follow:

a) Documentation. The internal control structure and all transactions and

significant events are to be clearly documented, and the documentation is to

be readily available for examination.

b) Prompt and proper recording of transactions and events. Transactions and

significant events are to be promptly recorded and properly classified.

c) Authorisation and execution of transactions and events. Transactions and

significant events are authorised and executed only by persons acting within

the scope of their authority.

d) Separation of duties. Key duties and responsibilities in authorising,

processing, recording, and reviewing transactions and events should be

separated among individuals.

e) Supervision. Competent supervision is to be provided to ensure that internal

control objectives are achieved.

f) Access to and accountability for resources and records. Access to resources

and records is to be limited to authorised individuals who are accountable

for their custody or use. To ensure accountability, the resources are to be

periodically compared with the recorded amounts to determine whether the

two agree. The asset's vulnerability should determine the frequency of the

comparison.

7.5.7 The extent to which these standards can be met depends to some degree on

the nature of the entity. Small organisations are not always in a position to

maintain comprehensive separation of duties. The auditor should take such

matters into account when assessing the sufficiency of the internal control

structure.

Responsibility for Maintaining Internal Controls

7.5.8 Entity management is responsible for ensuring that a proper internal control

structure is instituted, reviewed, and updated to keep it effective.

7.5.9 It is then the responsibility of everyone in the entity to ensure that the

internal control structure functions as it should.

Entity management

is responsible for a

proper internal

control structure.

Audit Manual – Chapter 7

7-21

7.5.10 In addition, the Controller General of Accounts has some responsibility for

maintaining an environment which promotes adequate internal control.

Section 5(d) of the Controller General Ordinance states that one of the

functions of the Controller General shall be “to lay down the principles

governing the internal financial control for Government departments in

consultation with the Ministry of Finance and the Provincial Finance

departments as the case may be”.

The Elements of Control

7.5.11 There are five basic elements that make up a control structure:

a) Control environment;

b) Risk assessment;

c) Control activities;

d) Information and communication; and

e) Monitoring.

7.5.12

Control environment. The control environment sets the tone for an

organisation, influencing the control consciousness of the staff. It relates to:

a) Management’s philosophy and operating style, including the specific way

in which staff are supervised and controlled;

b) The organisation structure;

c) Methods of assigning authority and responsibility;

d) Human resource policies and practices;

e) Management’s and staff’s integrity and ethical values;

f) Management’s and staff’s commitment to competence;

g) Management’s reaction to change and outside influences; and

h) Existence of an internal audit unit.

7.5.13

Risk assessment. Risk assessment is the identification and analysis of

relevant risks to the achievement of objectives. Management needs to

identify these risks in order to know the areas in which the internal control

structure needs to be particularly strong. Conversely, risk assessment may

indicate areas where risks are low, and therefore where the entity does not

need to design elaborate internal control structures.

7.5.14

Control activities. Control activities are the policies and procedures that

help ensure management directives are carried out. They help ensure that

necessary actions are taken to address the identified risks.

7.5.15 Control activities occur throughout the organisation, at all levels and in all

functions. They include a range of activities such as:

a) Proper authorisation of transactions and activities;

b) Physical control over assets and records;

c) Independent checks on performance; and

d) Adequate segregation of duties.

Risk assessment is

the identification

and analysis of risks

to the achievement

of objectives. In

order to know the

areas in which the

internal control

structure needs to be

particularly strong.

7-22

Audit Manual – Chapter 7

7.5.16

Information and communication. Pertinent information must be identified,

captured and communicated in a form that enables people to carry out their

responsibilities.

7.5.17 To have pertinent information for accounting purposes, the entity needs to

have adequate documents and records. It also needs to have prompt and

proper recording of transactions and activities. This, in turn, requires a good

accounting system, and a good system of communication within the

organisation and with customers, suppliers, and other government entities.

7.5.18

Monitoring. Monitoring by management involves the ongoing and periodic

assessment of internal control performance to determine if controls are

operating as intended, and are modified when needed. Summary

information should be monitored and spot checks made on the quality and

timeliness of the information on selected transactions.

The Role of Internal Audit

7.5.19 Internal audit is in itself an internal control. It acts as an independent check

on performance. It can be very effective in helping management fulfil its

monitoring role.

7.5.20 To be most effective, internal audit must not become part of the operational

controls. The internal audit unit should not be performing checks on an

ongoing basis. It should audit and review after the fact, or as a separate,

independent and additional check, to ensure that the management and staff

have been carrying out their duties properly.

Categories of Controls

7.5.21 Controls can take different forms and serve different purposes. Different

ways of categorising controls are:

a) Input vs. output;

b) Independent vs. interrelated;

c) Manual vs. electronic;

d) General vs. application;

e) Documented vs. undocumented;

f) Preventive vs. detective; and

g) Compensating.

Input vs. Output

7.5.22 Input controls are controls over the initial input of data. They include

password controls to prevent unauthorised personnel from inputting

transactions. Output controls are controls over the output from systems.

They include comparing cheques (output of payment system) to supplier

invoices and other supporting documentation, and reviewing printouts of

cash disbursements to ensure that all pre-numbered cheques have been

recorded.

Internal audit is an

internal control.

Audit Manual – Chapter 7

7-23

Independent vs. Interrelated

7.5.23 A control may work on its own or may need to be part of a series of

controls. For example, a reconciliation may be a powerful control in its own

right, but an input control will really only be effective if the entity also has

adequate controls over data processing and output.

Manual vs. Electronic

7.5.24 Manual controls, given the fact that they are operated by staff, can be

affected by human errors of judgment, misinterpretation, carelessness,

fatigue, and distractions.

7.5.25 In contrast, electronic controls are built into computer programmes and,

assuming that the systems are properly designed, installed and tested, are

inherently more reliable. Any problems with the software, however, might

be difficult to detect and often expensive to correct.

General vs. Application

7.5.26 General controls are applicable to the accounting system as a whole, such

as passwords restricting access to a computer network. Application controls

relate specifically to a particular processing function to ensure transactions

are authorised, complete and accurate.

Documented vs. Undocumented

7.5.27 Documented controls result in evidence that the control has been performed

(e.g., signatures and initials). Undocumented controls are controls where

there is no evidence that the control has been performed. These would

include, for example, many electronic controls where there is no evidence

that the appropriate person approved the transaction. The existence of these

controls can often be established through observation, inquiry and

testing/replication.

7.5.28 Another example is when management and staff of an entity follow sound

control principles based on experience. Sound controls may be in place but

not documented. This presents a control exposure since the control

procedures may be lost when staff turnover occurs.

Preventive vs. Detective

7.5.29 Preventive controls prevent errors from occurring. Most data entry controls

are preventive controls. In contrast, detective controls detect errors that

have occurred. Most output controls and reconciliation controls are

detective controls.

7-24

Audit Manual – Chapter 7

7.5.30 Preventive controls are usually less costly to use than detective controls. It

is generally less costly to prevent an error than it is to detect and correct it

after the fact. It is possible, however, to find systems that are so strict in

preventing errors that a lot of valid data can be rejected because of minor

errors or missing data elements. This can cause serious delays and expense

in processing data.

Compensating Controls

7.5.31 These are controls that detect errors that occur at earlier control points.

7.5.32 As a general rule, a control over output can act as a compensating control

for a weak input control. For example, a control to review the list of cash

disbursements to ensure that there are no missing cheque numbers can

compensate for a weak control over the input of the disbursements.

Similarly, if a cheque is recorded for an incorrect amount, the error will

show up when the organisation performs the bank reconciliation. (This

assumes that the cheque has been cleared).

Limitations of Internal Control Structures

7.5.33 Internal control can help an entity to:

a) achieve its objectives;

b) comply with laws and regulations;

c) ensure reliable financial reporting; and

d) prevent loss of resources.

7.5.34 No matter how well conceived and operated, an internal control structure

can only provide reasonable – not absolute – assurance to management

regarding the achievement of its objectives, etc. There are limitations

inherent in all internal control structures. These include the realities that

judgments in decision-making can be faulty, and that breakdowns can occur

because of simple errors or mistakes.

7.5.35 Additionally, controls can be circumvented by the collusion of two or more

people, and management has the ability to override the system. In addition,

the design of an internal control structure must reflect the fact that there are

resource constraints, and the benefits of controls must be considered

relative to their costs.

Multiple Sub-Entities and Locations

7.5.36 In the case of government-wide audits there will be multiple ministries,

departments, etc. making up the reporting entity. Each of these may have

multiple locations.

7.5.37 There is no requirement for the auditor to take the same approach with

respect to each ministry and so on. The auditor may decide to place no

reliance on the internal control structure at some Drawing and Disbursing

An internal control

structure can only

provide reasonable

assurance.

Audit Manual – Chapter 7

7-25

Offices, but place a lot of reliance on some specific controls at the District

Accounts Offices. In this case:

a) For the DDOs, the auditor would only need an overview level

understanding of controls and a general understanding of the systems to

collect, record and process data and report on the results.

b) For the District Accounts Offices, the auditor would need a more detailed

understanding of the control environment and systems, to justify placing

reliance on them.

7.5.38 In terms of level of effort, the auditor should already have a good

understanding of the internal control structure through prior compliance

with authority work. Where a given sub-entity is small compared to the

materiality amount, a deep level of understanding is not required.

Understanding and Examining Internal Controls

7.5.39 The auditor is expected to review the internal controls as part of the audit.

7.5.40 First, the auditor should review and document the systems and procedures

in place to carry out the transactions and other activities of the operations.

Normally, a description of the major systems and procedures should be

maintained on the permanent audit file. In which case, the auditor should

review the description of the system and identify whether there have been

any changes to the system.

7.5.41 Next, the auditor should identify points in the accounting system, and in

other systems being audited, where he/she would expect to find controls.

7.5.42 Then the auditor should identify and document the controls at these points

and determine that the controls have been operating.

7.5.43 Finally, the auditor should assess the adequacy of the controls and conclude

whether any controls are missing or ineffective. The auditor should make

recommendations to management where, in the opinion of the auditor, the

controls should be strengthened. These recommendations should be based

on an appreciation of the risk of reduced performance, loss, damage or

waste compared to the additional costs, if any, of implementing improved

controls.

7.5.44 A Control Environment Worksheet is provided in the Standard Audit

Working Paper Kit.

The auditor is

expected to review

the internal control

as part of the audit.

Assess the adequacy

of the controls and

conclude whether

any controls are

missing or

ineffective.

7-26

Audit Manual – Chapter 7

Documenting Our Understanding of Controls

7.5.45 The auditor should document the internal controls as part of the audit. A

clearly documented description of the controls enhances the auditor’s

ability to assess the controls. Also, the documentation aids supervision of

the audit and improves communications between members of the team. The

documentation should form part of the working papers and should be

included on the permanent file.

7.5.46 Methods of understanding the system and application of controls include:

a) Narrative;

b) Flowchart;

c) Internal Control Questionnaire (ICQ); and

d) Walk-through.

7.5.47

Narrative. This is a written description of an entity’s internal controls.

Narrative of an accounting system and related controls includes four

characteristics:

a) Information on the origin of every document and record in the system;

b) Description of all processing that takes place;

c) The disposition of every document and record in the system; and

d) An indication of the controls relevant to the assessment of control risk -

these typically include separation of duties, authorisation and approvals

and internal verification.

7.5.48

Flowchart. This is a time-consuming exercise and is generally applied only

when the effort can be justified, such as when there is some uncertainty

about the processes or the complexity and importance of the procedures

indicate a need for clear representation.

7.5.49 The flowchart is a diagrammatic representation of the entity’s documents

and their sequential flow in the organisation and can be a valuable

component of the working paper file. It includes the same four

characteristics identified above for narratives.

7.5.50 The advantages of a flowchart are that it:

a) provides a concise overview of the entity’s system;

b) helps identify inadequacies by showing how the system operates;

c) shows clearly the separation of duties allowing the auditor to judge

whether they are adequate; and

d) is easier to follow a diagram than to read a description.

7.5.51

Internal Control Questionnaire. The ICQ is a common tool of the auditor.

It contains a series of questions about the controls in each audit area. There

is usually a pre-developed ICQ that may, or may not be tailored for the

particular area under examination by the auditor. It is designed to require a

The auditor should

document the

internal controls as

part of the audit.

The ICQ contains a

series of questions

about the controls in

each audit area.

Audit Manual – Chapter 7

7-27

“yes” or a “no” response, with a “no” response indicating potential internal

control deficiencies.

7.5.52 The advantage of using the ICQ is it allows the auditor to thoroughly cover

each audit area reasonably quickly at the beginning of the audit.

7.5.53 The disadvantages are:

a) The individual parts of the entity’s systems are examined without

providing an overall view;

b) A standard questionnaire may not apply to all audit entities; and

c) There is a danger of taking a mechanical approach rather than thinking

through the control needs of the particular operations under

examination.

7.5.54

Walk-Through (Cradle to Grave Test). The walk-through is conducted to

confirm that the system and controls are operating in accordance with the

auditor’s understanding. It is used to verify that identified controls have

been put into operation.

7.5.55 To conduct a walk through test the auditor selects a few transactions

(generally between 3 and 6), pertaining to each significant transaction

cycle, and traces them through the cycle beginning with initiation of the

transaction, through processing until it is ultimately summarised and

included in a general ledger or management report.

7.5.56 The auditor should document the transactions selected for walk-through, the

controls that were observed and describe any enquiries made of client

personnel.

7.6 Step 5 – Determine Components

Definition

7.6.1 Auditors normally do not plan audits for the financial statements as a

whole. Rather, they divide the financial statements into parts and plan each

part separately.

7.6.2 A component is a discrete item in the financial statements.

7.6.3 How to determine the components to be used

7.6.4 For a financial statement audit, the most logical way of dividing up the

financial statements is to consider each line item in the financial statements

to be a separate component.

7.6.5 “Line items” are each of the amounts reported in the financial statements,

including amounts disclosed in the notes thereto.

7-28

Audit Manual – Chapter 7

7.6.6 Sometimes the financial statements include several different groupings of

the same total amount. For example, expenditures may be grouped by:

a) the ministries, departments, agencies, etc. making up the reporting entity;

b) appropriation account;

c) economic function (general public services, defence affairs and services,

etc.); or

d) object element (payroll expenditures, operating expenditures, civil works,

etc.).

7.6.7 The auditor selects the grouping that makes it the easiest to plan, perform

and evaluate the audit work. The auditor would then need to perform

additional procedures to ensure that the amounts reported in the other

groupings are also presented fairly.

7.6.8 To illustrate, assume that the financial statements group expenditures by

both

ministry and by object element. In this case, the auditor could either

plan the audit of expenditures using each ministry as a component, or using

each object element as a component. If the auditor chooses “object

element”, the auditor would then plan the audit to obtain reasonable

assurance that payroll expenditures are not materially misstated, that

operating expenditures are not materially misstated, etc. The auditor would

then develop additional audit procedures to ensure that the total

expenditures reported for each ministry are also not materially misstated.

7.6.9 For financial certification audits, it is unlikely that the financial statements

will contain details with respect to expenditures, etc. by district accounts

officer or by drawing and disbursing officer. However, DAGP may wish to

extend the audit to include these organisational units as components to be

reviewed, based on DAGP’s assessment of their risk or significance.

7.6.10 For compliance audits, it might be decided that individual DAOs or DDOs

should be subject to review. This is at DAGP’s discretion and will be

reflected in the individual audit plans.

Individually Significant Transactions and Events

7.6.11 Individual significant transactions and events include:

a) Very large transactions and events; and

b) High risk transactions and events.

7.6.12 The auditor should audit 100% of these transactions and events.

7.6.13 Very large transactions and events are usually audited 100% because they

are large enough that, should they be in error, the error could be significant.

The auditor therefore does not want to risk failing to find an error in these

transactions and events.

7.6.14 High risk transactions and events are transactions and events that, because

of their nature, contain a high risk of being in error. They are often audited

100% because, while the error in each one of these transactions and events

Audit Manual – Chapter 7

7-29

may not be significant, the high likely error rate in these transactions and

events could result in a significant error in total.

7.6.15 Very large transactions are normally easy to find – the auditor should look

for transactions and events exceeding a pre-determined amount.

7.6.16 High risk transactions can be more difficult to detect. The auditor should

use his/her knowledge of the entity’s business to identify these transactions

and events.

7.6.17 These transactions and events are normally not treated as separate

components. Rather, they are audited as part of the work performed on

other components. However, there may be some cases where it is

advantageous to consider them to be a separate component. This could

occur when the inherent risk or control risk associated with these

transactions are significantly different from the risks associated with the

other transactions contained in the component.

Using Sub-Components

7.6.18 There may be cases where the inherent risk and control risk for part of a

component are significantly different than for the rest of a component. In

these cases, the auditor may decide to split the component into subcomponents

– the one(s) with the higher risks and the rest of the

component. Higher-risk sub-components will receive a higher level of

audit examination than lower risk ones.

7.6.19 Should the inherent risks or control risks for a particular DAO be

significantly higher than for other DAOs, and if the amounts involved are

substantial, the auditor should consider breaking out the single high risk

office and planning its audit separately.

Related Components and Transaction Cycles

7.6.20 Some components are related to other components. For example, an

understatement of expenditures may also result in an understatement of

liabilities and/or an overstatement of cash. Therefore, the audit of each of

these components will provide the auditor with some assurance as to the

fairness of the related components. To avoid doing more work than

necessary, the auditor should take the assurance achieved from auditing the

related components into account.

7.6.21 One way to do this is to consider transaction cycles – the flow of the

transactions. For example, the purchase of a medical supply will result in a

stock item that will either be in expenses for the year or in the year-end

stock balance. The purchase will also result in a cash disbursement or a

payable at year end.

7-30

Audit Manual – Chapter 7

7.6.22 The internal control questionnaire and audit programmes contained in the

Standard Audit Working Paper Kit and Audit Guides contain the “standard”

components for the entities being covered, and use a transaction cycle

approach for the tests of internal control. It must be stressed that the auditor

needs to assess inherent risk and control risk for each component and

specific financial audit or compliance with authority objective, as opposed

to each transaction cycle and specific financial/compliance audit objective.

7.7 Step 6 – Determine financial audit and compliance

with authority objectives, and error/irregularity

conditions

Specific Financial Audit Objectives

7.7.1 Having divided the audit into components, the next step is to define what

we mean by “properly presents” in the audit certificate. To do so, the

auditor needs to consider what he/she would consider to be an error.

7.7.2 For a financial statement audit, a component is considered to be in error if:

a) it is not valid (the asset or liability does not exist or the revenue or

expenditure has not occurred

b) the asset, liability, revenue or expenditure is not complete;

c) the transactions have not been carried out in proper compliance with

relevant laws, regulations and administrative rules;

d) the asset or liability is not properly valued or is misclassified, or the

revenue or expenditure is not properly measured or is misclassified; or

e) the financial statement presentation is not proper.

7.7.3 The Standard Audit Working Paper Kit and Audit Guides make use of these

specific financial audit objectives.

7.7.4 To illustrate, payroll expenditures may be materially misstated if:

a) the costs are not valid. This could be due to, among other things, ghost

workers on the payroll.

b) the costs are not complete. For example, employees have not been paid, or

the payments have not been recorded.

c) the costs are not properly measured. This could be due to paying employees

more or less than they should be paid, or the amounts being recorded being

more or less than the actual payments.

d) the financial statement presentation is not proper. This could be due to the

failure to disclose all of the information called for in the New Accounting

Model.

Related Compliance with Authority Objectives

7.7.5 Reviewing compliance with laws and regulations is very important.

Decision makers need to know if the laws and regulations are being

Audit Manual – Chapter 7

7-31

followed, whether they are having the desired results and, if not, what

revisions are necessary.

7.7.6 Section 3.4 of DAGP’s auditing standards states, “In conducting [financial]

audits, a test should be made of compliance with applicable laws and

regulations.”

7.7.7 To comply with this standard, the auditor need not test for compliance with

all

laws, regulations, rules, policies, etc. As noted in paragraph 3.4.3 of

DAGP’s auditing standards,

“Because the laws and regulations that may

apply to a specific audit are often numerous, the auditors need to exercise

professional judgement in determining those laws and regulations that

might have a significant impact on the audit objectives.”

7.7.8 For financial audits, Section 3.4 of DAGP’s auditing standards requires the

auditor to “design audit steps and procedures to detect errors, irregularities,

and illegal acts that could have a direct and material effect on the financial

statement amounts or the results of regularity audits. The auditor also

should be aware of the possibility of illegal acts that could have an indirect

and material effect on the financial statements or results of regularity

audits.”

7.7.9 In deciding which laws and regulations should be examined as part of a

financial audit, the auditor should deal with those laws and regulations that

might have a significant impact on the financial audit objectives.

7.7.10 In addition to compliance audit work performed as part of a financial audit,

DAGP also conducts extensive compliance tests to identify deviations and

validate controls at organisational units across the Government of Pakistan.

7.7.11 Departments, ministries, etc. are not permitted to spend, borrow or raise

revenue without the approval of Parliament. Therefore, audits of

compliance with authority should focus on compliance with authority to

spend, borrow and raise revenue, as follows:

Spend

7.7.12 Determine that:

a) the services were actually performed or the goods were actually

received;

b) the expenditure is consistent with the nature of the appropriation to

which it was charged;

c) the expenditure does not result in the total approved expenditure being

exceeded; and

d) the expenditure is in accordance with the applicable legislation and the

rules and regulations issued by such legislation have been complied

with.

7-32

Audit Manual – Chapter 7

Borrow

7.7.13 Determine that the amount and debt terms (period, interest rates, repayment

schedule, etc.) are in accordance with the appropriate law.

Raise revenue

7.7.14 Determine that the cash received is:

a) for an approved tax or other approved revenue source; and

b) is received in accordance with the applicable legislation and the rules

and regulations issued by such legislation have been complied with.

7.7.15 The compliance with the authorities tests noted above apply to

organisational, functional or accounting units for different types of

government body as follows:

7.7.16

Federal and provincial governments. All the authorities described in the

preceding section would usually be considered part of the audit of federal

and provincial governments.

7.7.17

District governments. District governments are not permitted to borrow.

Therefore only authorities to spend and to raise revenues would normally

be considered part of the audit of a district.

7.7.18

State-owned enterprises. These enterprises are usually created by separate

acts. These acts and the supporting regulations usually specify the

operations that the enterprise is permitted to carry out. Compliance with the

spending, borrowing and revenue-raising authorities in these acts and

regulations is therefore usually the principal focus of the compliance with

authority work for these audits.

Potential Error Conditions

7.7.19 The last part to this step is to consider error conditions. The idea here is to

consider ways in which an asset, liability, revenue or expenditure item

might not be valid, might not be complete, etc. Put another way, the

auditor’s objective is to identify ways in which a monetary error can occur

in the financial statements, or an applicable authority may not be complied

with.

7.7.20 There are probably numerous reasons why a component might not be valid,

might not be complete, etc. However the chance of some of them occurring

might be negligible. Similarly, the maximum possible error that could result

from some of them might be insignificant. The auditor’s objective is to

identify the errors that have a real chance of occurring, and that could be

relatively large in relation to the materiality amount. For this reason, error

conditions are sometimes referred to as “potentially big errors”.

7.7.21 Note that conditions that constitute an error will be affected by the

accounting policies being used. For example, if the accounting policies do

not call for the recording of accounts payable, then the failure to record a

Error conditions are

ways in which an

asset, liability

revenue or

expenditure item

may not be valid

complete, etc.

Audit Manual – Chapter 7

7-33

payable would not constitute an error. However, there should be a system

to track unsettled payables in the form of commitments against

appropriations.

7.7.22 The process of determining which error conditions or compliance

deviations should be audited will help to ensure that the audit plan is

complete. The process will also help to ensure that the audit plan does not

include unnecessary work. The process therefore helps to ensure that

auditors spend their time dealing with matters of real importance, and do

not waste their time on insignificant matters.

7.7.23 For example, consider the component “payroll expenditures”.

7.7.24 For the

completeness of payroll expenditures, the auditor considers how

payroll expenditure figures might not be complete and may identify the

following three error conditions:

a)Services performed have not been paid for;

b) Payments made have not been recorded in the payroll register; and

c)The amounts in the payroll register have not been included in the

financial statement amounts.

7.7.25 In addition, the auditor needs to consider whether there are any related

compliance with authority objectives. In this case, because compliance

objectives relate to controlling what has been spent, as opposed to ensuring

that the spending is complete, there are no related compliance objectives.

7.7.26 Consider the

validity and measurement objectives for payroll expenditure.

The auditor may identify four additional error conditions, as follows:

a) Services paid for were not performed (because, for example, there are ghost

workers on the payroll);

b) Employees have been paid more or less than they should be paid;

c) Payroll expenditures are recorded in the Payroll Register at the wrong

amount;

d) The payroll expenditures have been charged to an incorrect account or

appropriation; and

e) The amounts in the payroll register have not been included in the financial

statements at the correct amount.

7.7.27 In this case, the auditor may also identify the following

compliance with

authority

matters:

a) The work being performed was not properly approved;

b) Pay rates/employee levels were not properly approved in accordance with

regulations; and

c) The payments were not properly approved.

d) The same approach can be applied to receipts. For example, for the

completeness of income tax receipts, the auditor may identify three error

conditions, as follows:

7-34

Audit Manual – Chapter 7

e) Income tax receipts are not deposited in the bank;

f) Income tax receipts are not recorded in the cash receipts register; and

g) The amounts in the cash receipts register are not included in the financial

statement amounts.

7.7.28 In addition, the auditor needs to consider whether there are any related

compliance with authority objectives

. In this case, there probably is one –

that the receipts were deposited within the time period required by

government policy.

7.7.29 For the

validity and measurement objectives for income tax receipts, the

auditor may identify three other error conditions, as follows:

a) The amount of the receipt does not match the amount required to be

remitted as per the income tax return;

b) The income tax receipts are being charged to an incorrect account; and

c) The amounts in the cash receipts register are not included in the financial

statements at the correct amount.

7.7.30 In addition, the auditor may also identify one

compliance with authority

matter – the government did not remit any overpayments by the taxpayer

back to the taxpayer on a timely basis.

How Error Conditions and Compliance Irregularities are Used to Develop

Audit Programmes

7.7.31 The error conditions/compliance deviations provide the auditor with

guidance as to which audit procedures should be included in the audit

programme. Using the errors/irregularities identified above, for regularity

and measurement of payroll expenditures for example, the auditor can

develop audit procedures to determine if:

a) Services paid for were actually performed;

b) Employees were paid correct amounts;

c) Payments are being recorded in the payroll register at the correct amount

d) Payments are recorded in the correct account and appropriation at the

correct amount;

e) Amounts in the payroll register are included in the financial statements at

the correct amount;

f) The work performed was properly approved; and

g) Payments made were properly approved.

7.7.32 Similarly for the regularity and measurement of income tax receipts the

auditor could develop procedures to determine if:

a) The amount received matches the amount due;

b) Receipts are posted to the correct account;

Audit Manual – Chapter 7

7-35

c) Amounts in cash receipts register are included in the financial statements at

the correct amount; and

d) Government is remitting overpayments back to taxpayers on a timely basis.

7.8 Step 7 – Assess inherent risk and control risk

7.8.1 Inherent risk and control risk may differ by component and

audit/compliance objective. As a result, the auditor may have a large

number of different inherent and control risk valuations to deal with.

7.8.2 It is tempting to combine different risks by using a weighted approach.

However, this approach is not generally recommended as it fails to meet the

standards for generally accepted auditing standards.

Inherent Risk

7.8.3 Inherent risk is the chance of material error occurring in the first place

assuming that there are no internal controls in place. “Material error” may

be one error or the sum of multiple smaller errors.

7.8.4 Inherent risk is evaluated at this stage to determine how much testing of

internal controls and substantive testing (analytical procedures and

substantive tests of details) the auditor needs to perform to achieve the

desired level of assurance. In general, the greater the inherent risk, the

greater the audit effort required.

7.8.5 Inherent risk is assessed assuming that there are no internal controls in

place. As such, it needs to be assessed in a hypothetical environment.

7.8.6 Factors affecting inherent risk include:

7.8.7

The nature of the component. Components such as cash are more

susceptible to manipulation or loss than, say, fixed assets.

7.8.8

The extent to which the items making up the component are similar in size

and composition.

If the population is composed of relatively homogeneous

items, it would be easier for management (and the auditor) to detect

anomalous transactions and amounts.

7.8.9

The volume of activity. If there are a lot of transactions being processed, the

chances of an error occurring may be higher than if only a few transactions

are being processed.

7.8.10

Competence of the staff processing the transactions. If staff are experienced

and take their jobs seriously, there is probably a lower inherent risk than if

they are inexperienced or careless.

Inherent risk is the

chance of material

error occurring

assuming there are

not internal

controls.

7-36

Audit Manual – Chapter 7

7.8.11

The number of locations. Entities operating out of a single location with a

centralised accounting system may have a lower inherent risk than those

operating out of many locations, each with its own accounting system.

7.8.12

The accounting policies being used. Many components have a lower risk of

error when the cash basis of accounting is being used than when the accrual

basis of accounting is being used.

7.8.13

Factors that could affect the risk of fraud. An error could be an intentional

one. The auditor should use a questioning mind and be alert for evidence

that contradicts or brings into question the reliability of documents or

management’s representations.

7.8.14 It can be seen from the above that evaluation of inherent risk is based

primarily on the auditor’s knowledge of the entity and its environment. This

knowledge would have been acquired primarily in Step 2 of the process –

updating the understanding of the entity’s business.

7.8.15 The assessment of inherent risk will be subjective, and will require the use

of professional judgment. It would therefore be appropriate to have the

most experienced and knowledgeable individuals on the audit team make

the assessment of inherent risk. These should be the individuals with the

greatest knowledge of the entity being audited.

7.8.16 Inherent risk may differ by component and by specific financial audit

objective. For example, the risk of cash being improperly valued is low, but

the risk of cash not being complete may be quite high.

7.8.17 Inherent risk needs to be assessed throughout the audit. For example, if

inherent risk is assessed as “low” at the general planning phase but

numerous errors are found during the fieldwork phase, then the assessment

of inherent risk may need to be revised.

7.8.18 While guidelines should not replace the use of professional judgment, the

following may be useful when assessing inherent risk:

Level of Inherent Risk Risk

Resulting

Assurance

High inherent risk 60% 40%

Moderate inherent risk 50% 50%

Low inherent risk 40% 60%

7.8.19 Risk assessment is a matter for DAGP and will reflect ground realities

within the entity being audited. It is recommended that a conservative

approach be considered until DAGP gains experience with this

methodology, to recognise the danger of using an incorrectly low risk

factor. Assume the auditor sets inherent risk at a low 20%. At this level,

the auditor could eliminate all or most substantive sampling, and little work

would be required on the component. Given this low level of planned

effort, if there are significant monetary errors or compliance irregularities

Audit Manual – Chapter 7

7-37

they are likely not to be detected, and in the worst case, the auditor might

issue an unqualified report when there were actually material errors present.

7.8.20 Accordingly, an inherent risk factor of not less than 40% is recommended

unless there is convincing evidence such as prior compliance with authority

audit work that detected a high level of compliance or few monetary errors.

7.8.21 The Standard Audit Working Paper Kit includes an Inherent Risk

Assessment Form that can be used to assess inherent risk.

Control Risk

7.8.22 Control risk is the chance that the entity’s internal controls will not prevent

or detect material error and is directly related to the effectiveness of the

internal control structure.

7.8.23 Control risk is evaluated at this stage as it limits the amount of assurance

that the auditor can obtain from tests of internal control.

7.8.24 Much of the work required to assess control risk would have been

performed as part of updating the understanding of the entity’s internal

control structure.

7.8.25 Control risk is also affected by the factors that could affect the risk of fraud

– particularly management fraud. This is because management can often

override the internal controls that have been put in place. As discussed

above, the auditor needs to use a questioning mind and keep alert for

evidence that contradicts or brings into question the reliability of

documents or management’s representations.

7.8.26 Control risk may differ by component and by specific audit objective and

related compliance with authority objective. For example, entity

management may have devised very good controls over the payment

process to ensure the validity and measurement of expenditures, but may

have paid less attention to the completeness of those expenditures.

7.8.27 In general, the control environment and the controls that collect, record,

process and report often have a pervasive effect on many components and

specific financial audit objectives and related compliance with authority

objectives. The controls that enhance reliability are the ones that are most

likely to differ by component and by specific audit objective.

7.8.28 Analytical procedures can be used as means of assessing the combination of

inherent risk and control risk.

7.8.29 Control risk needs to be assessed throughout the audit. For example, if

control risk is assessed as “low” at the general planning phase but

numerous internal control deviations (improperly approved supplier

invoices, for example) are found during the fieldwork phase, then the

assessment of control risk may need to be revised.

Control risk is the

chance that the

internal controls

will or prevent or

detect material error.

7-38

Audit Manual – Chapter 7

7.8.30 While guidelines should not replace the use of professional judgment, the

following may be useful when assessing control risk:

Level of Control Risk Risk

Resulting

Assurance

High (poor internal controls) 80% Up to 20%

Moderate (moderate internal controls) 50% Up to 50%

Low (strong internal controls) 20% Up to 80%

7.8.31 The reason for presenting “Resulting Assurance” as an amount “up to” a

percentage limit is that, unlike inherent assurance, control assurance must

be earned. The auditor should not rely on the internal controls unless tests

demonstrate that the controls are working.

7.8.32 To illustrate, the auditor may have concluded that the internal controls over

the validity and measurement of payroll expenditures were moderate. The

auditor may therefore have assessed control risk as “moderate” (50%). This

means that, for this component and these specific financial audit objectives,

the auditor can place moderate reliance (50%) on the internal control

structure.

7.8.33 To place moderate reliance on the internal controls the auditor must do a

fair amount of testing of internal controls. The auditor may decide that it is

more efficient to place only limited reliance on the internal control structure

and instead do detailed analytical procedures and use a large sample for

substantive tests. In this case, even though the auditor may have been able

to obtain a control assurance of 50%, the auditor may decide to do only

enough tests of internal control to support a 20% level of assurance. The

auditor would then set control risk at 80%.

7.8.34 It has been noted that control risk is assessed at this stage as it limits the

amount of assurance the auditor can obtain from his/her tests of internal

control. Assume that, in the above illustration, the auditor wants to place a

lot of reliance on the internal control structure. Because control risk was

assessed at 50%, it is not possible for the auditor to obtain more than a

moderate level of assurance from the internal controls.

7.8.35 Put more simply, it is not possible to place a lot of reliance on a poor

internal control structure.

7.8.36 To provide some practical guidance, consider the following questions:

Question 1:

7.8.37 Should the control environment in all DDOs be documented, or should only

the controlling offices be taken into account?

Answer

:

Audit Manual – Chapter 7

7-39

7.8.38 This answer refers back to a basic auditing concept – the auditor should

document and test any controls on which reliance is to be placed.

Therefore, any controls, in any DDOs, on which the auditor intends to rely

should be documented.

Question 2:

7.8.39 If the controls in one department are not reliable, should it affect the

auditors view of the overall control environment?

Answer:

7.8.40 If the controls in one department are not reliable, but in other departments

they are, the auditor can assess control risk as “high” where they are not

reliable, and “low” in the other departments. The auditor should not

attempt to come up with an aggregate risk assessment.

Question 3:

7.8.41 What would be the relative weightings of authorisation and accounting

controls? That is to say, how would the auditor’s assessment be affected if

the authorisation controls are working and the accounting controls fail more

often than not?

Answer

:

7.8.42 As for the response to Question 2, the auditor should not attempt to derive

an aggregate risk assessment. In this case, the auditor may decide to rely on

the authorisation controls, but cannot rely on the accounting controls.

7.8.43 Since the auditor would need to take a substantive approach with respect to

transactions flowing through the system because of the poor accounting

controls, relying on the authorisation controls would not likely reduce the

amount of the required substantive testing. Therefore, the most cost

effective approach would likely be to assess control risk for the particular

transaction cycle as high and audit accordingly.

Question 4:

7.8.44 What aggregation and consolidation mechanism should be used to develop

an overall assessment of the control environment prevailing in the Federal

Government.

Answer

:

7.8.45 Because the Federal Government is made up of many sub-entities, each of

which has its own risk profile, it is not appropriate to try to derive an

aggregate risk assessment. Separate control risk assessments are made for

each financial audit and compliance with authority audit objective for each

component, within each sub-entity.

Question 5:

7-40

Audit Manual – Chapter 7

7.8.46 Suppose in all but two of the sub-offices of a ministry, controls can be

relied on, but they cannot be relied upon for the remaining two sub-offices.

Suppose also that the control environment in the DDOs is poor. How

should the auditor proceed?

Answer:

7.8.47 The auditor could assess control risk as “low” in all but the two sub-offices

and plan to rely on the related controls, while not relying on controls in the

“high” risk sub-offices. Since the control environment in the DDOs is

poor, the auditor may be forced to a substantive approach with respect to

the transactions flowing through the system. Relying on the controls in the

sub-offices may therefore not reduce the amount of required substantive

testing. If that is the case, the most cost effective approach would probably

be to assess control risk for the particular transaction cycle as high.

Question 6:

7.8.48 If the auditor does not aggregate the risk assessments of individual subentities,

components and objectives, won’t the auditor end up with

hundreds of different assessments of control risk? And won’t it take an

auditor considerable time to come up with all those different assessments?

Answer:

7.8.49 Theoretically, it is possible that the auditor will end up with hundreds of

different assessments of control risk. However, in practice this is not

generally the case and the auditor often winds up taking approximately the

same approach for many different components, specific financial audit

objectives and related compliance with authority objectives. There are

several reasons for this:

7.8.50 The control environment is generally a strong determinant of the

effectiveness of internal controls, and often applies quite widely across

components in each sub-entity. As a result, if it is possible to place a lot of

reliance on the internal controls for one component, it is normally possible

to place a lot of reliance on internal controls for many of the other

components in the same sub-entity.

7.8.51 Also, as noted previously, components may be inter-related. For example,

an understatement of cost of sales may also result in an overstatement of the

year-end stock balance and/or an understatement of the year-end accounts

payable balance and/or an overstatement of cash. One particular audit

procedure, such as testing the validity and measurement of cost of sales,

may also provide assurance as to the validity and valuation of the year-end

stock and accounts payable balances. It therefore often makes sense to use

approximately the same sources of assurance for these related components.

7.8.52 Regarding the amount of time required to perform multiple assessments, it

is true that the level of effort will be greatest when first assessing each

control risk. Once the various controls have been assessed, the auditor

Audit Manual – Chapter 7

7-41

would only need to consider the impact of changes in the nature of the

entity, the results of the previous year’s audit, and so on, as opposed to

repeating the entire exercise from scratch.

7.8.53 Recognising the challenge of establishing initial risk assessments across

large audit entities, it is suggested that DAGP consider a phased approach

to risk assessments, and accepts that audits for the initial years will not

cover all aspects of risk assessment because of resource and time

constraints. This is not intended to provide a justification for weak

execution of audit procedures, but recognises that it may take a number of

audit cycles for rigorous audit procedures to be applied across all aspects of

each audit. It is suggested that DAGP strategic audit plans for the first few

years of implementing these new audit procedures should accommodate

this phased approach.

7.8.54 The Standard Audit Working Paper Kit contains a Control Risk Assessment

Form that can be used to assess control risk.

7.9 Step 8 – Determine mix of tests of internal controls,

analytical procedures and substantive tests of

details

Introduction

7.9.1 Financial audit procedures are usually broken down between tests of

internal control and substantive tests supplemented with compliance with

authority tests. DAGP also conducts audit activities which focus

exclusively on compliance with authority testing.

7.9.2 Tests of internal control are used to gain assurance that specific controls

within the entity’s internal control structure are operating effectively, and

are therefore helping to reduce the chance of material error existing in the

accounting information.

7.9.3 Substantive tests are procedures used to gain direct assurance as to the

completeness and accuracy of the data produced by the accounting systems.

They are often broken down between analytical procedures and substantive

tests of details.

7.9.4 Audit procedures that provide both assurance with respect to internal

controls and substantive assurance are often referred to as “dual purpose”

tests.

7.9.5 Compliance with authority procedures are used to determine whether entity

staff have fulfilled the administrative requirements of all applicable rules,

regulations and legislation.

Financial audit

procedures usually

include tests of

internal control and

substantive tests

supplemented with

compliance with

authority tests.

7-42

Audit Manual – Chapter 7

Tests of Internal Control

7.9.6 Tests of internal control include:

a) Inquiries of appropriate entity personnel;

b) Observation of policies and procedures in use;

c) Walk-through procedures; and

d) Selecting a sample of transactions and verifying that the appropriate control

procedures were followed.

7.9.7 The first three procedures are the same as were used to update the

understanding of the internal control structure. The work done at that stage

will have already provided some assurance with respect to the internal

control structure.

7.9.8 With respect to sampling, if the auditor wishes to place high reliance on a

specific internal control, it is normally necessary to test the control

throughout the entire year. If, on the other hand, the auditor only wishes to

place moderate reliance on the control, it may be sufficient to select a

sample of transactions to an interim date (say, the first 8 months of the

year), and then to use inquiries, observations and walk-through procedures

to ensure that there have been no changes made to the internal control

structure between the interim date and the year-end date.

7.9.9 If the auditor only wishes to obtain limited reliance on a particular internal

control, then sampling is often not required at all –inquiries, observations

and walk-through procedures may provide all of the required assurance.

7.9.10 GAAS do not permit the auditor to obtain all of his/her assurance through

tests of internal control – some substantive testing must always be

performed. This is because the ability of the internal control structure to

prevent or detect material error is subject to practical limitations, such as:

a) Members of management may be in a position to override specific internal

controls.

b) Collusion can circumvent internal controls that depend on good segregation

of duties to be effective.

c) Inexperienced entity officials may not perform their control procedures

properly. There is always a possibility of human error.

d) Internal controls are often designed to address transactions arising from the

normal course of the entity’s activities. They may not cover transactions of

an unusual nature, or arising from new activities.

e) Management may not be prepared to devote the resources that would be

required to prevent or detect all errors. Rather, management normally

requires that the internal controls be cost-effective. This means that the

benefits of having the controls must exceed their costs.

Audit Manual – Chapter 7

7-43

Analytical Procedures

7.9.11 Analytical procedures are techniques used by the auditor to:

a) Form expectations as to what the recorded amounts should be by studying

the relationships among elements of financial and non-financial

information;

b) Compare those expectations with the recorded amounts; and,

c) Draw conclusions about entity operations, inherent risk and control risk,

and the completeness and accuracy of the recorded amount.

7.9.12 Analytical procedures are an efficient and effective way to obtain audit

assurance. As a result, they should be performed on every audit.

7.9.13 Analytical procedures may be used in all phases of the audit to achieve

various objectives, for example:

7.9.14 Planning phase:

a) to obtain knowledge of the entity’s business operations;

b) to identify unusual items and explore areas of potential high inherent risk;

and

c) to obtain some degree of audit assurance.

7.9.15

Fieldwork phase: to obtain some degree of audit assurance.

7.9.16 Evaluation phase:

a) to assess the internal consistency and overall reasonableness of the financial

statements using the auditor's knowledge of the entity; and

b) to obtain some degree of audit assurance.

7.9.17 The auditor can derive various levels of assurance from analytical

procedures depending on how rigorously the analytical procedures are

designed and performed.

7.9.18 There are several different types of analytical procedures, as follows:

General reviews for reasonableness.

7.9.19 These analytical procedures involve a high level comparison of current

information with previous periods, budgets or statistics from the entity. No

pre-determined threshold amount is specified for identifying significant

fluctuations. The process is sometimes referred to as “eyeballing” the

financial statements – looking for accounts that appear to be unusual in

amount, in volume of activity, etc. The objective of this type of analysis is

generally to decide where to focus audit attention.

Comparative analysis.

“Eyeballing” the

financial statements.

7-44

Audit Manual – Chapter 7

7.9.20 This involves comparing the current year's reported amounts (or ratios)

with those of the prior years. Comparative analysis assumes that the prior

year's amount is a sufficiently accurate estimate of the current year's

amount and, therefore, can be used to identify any significant fluctuations

from the current year's recorded amount. A pre-determined threshold

amount is specified for identifying significant fluctuations.

Predictive analysis.

7.9.21 Predictive analysis compares the current year's reported amounts (or ratios)

with a prediction of what the current year's amount (or ratio) should be,

based upon the trend of the prior years’ amounts (or ratios). The prior

years’ data used in making the prediction is adjusted for all known changes

in the factors affecting the data. This usually results in a more precise

estimate than comparative analysis. A pre-determined threshold amount is

specified for identifying significant fluctuations.

Statistical analysis.

7.9.22 This category of analytical procedures involves analysing the known

behaviour of variables and developing an equation (model) that explains the

relationship between these variables. Although this category is similar to

"predictive analysis", the distinguishing characteristics of statistical analysis

is that it uses more rigorous methods, such as regression analysis, to

provide more accurate predictions and objectively measures the confidence

level and the achieved level of precision.

Overall verification procedures.

7.9.23 This category of analytical procedures involves building up an estimate of

an account balance from known and verified data. For example, the auditor

could verify the number of rental units by type of unit, the average rent by

type of unit, and the vacancy rate. The auditor could then compare the

product to the revenue received from the rents. Overall verification

procedures usually result in an accurate estimate of the account. A predetermined

threshold amount is specified for identifying significant

fluctuations for the auditor to investigate.

7.9.24 Care is required with this type of analysis. The auditor must not assume

that the data are more accurate than the financial information. For example,

the actual vacancy rate may be lower than the recorded vacancy rate, with

the difference being due to fraud. Thus the analytical data might

substantiate the financial data, while income being received is less than

income due. The auditor should therefore test whether sources of

information are independent or might be subject to the same potential

errors.

7.9.25 Appendix B discusses each of these types of analytical procedures in detail.

The discussion includes a description of how the auditor normally

determines the pre-determined threshold amount.

Comparing current

year’s amounts with

prior years.

Comparing current

year’s amounts with

a prediction of the

current’ year’s

amount.

Uses more rigorous

methods to provide

more accurate

predictions.

Building up an

estimate of an

account balance

from known data.

Audit Manual – Chapter 7

7-45

7.9.26 The following table provides guidance as to the amount of assurance that

each category of analytical procedure can provide. While guidelines should

not replace the use of professional judgment, the following is typical:

Type of Analytical Procedure

Risk Assurance

Overall reviews for reasonableness 100% 0%

Comparative analysis 70% or more Up to 30%

Predictive analysis 50% or more Up to 50%

Statistical analysis 30% or more Up to 70%

Overall verification procedures 10% or more Up to 90%

7.9.27 The Standard Audit Working Paper Kit contains an Analytical Procedures

Assessment Form that can be used to assess the amount of assurance that

the auditor can derive from the different categories of analytical procedures.

7.9.28 Appendix B also discusses the fact that computer-assisted auditing

techniques (CAATs) are a very useful tool for performing analytical

procedures. With the use of a CAAT, the auditor can perform numerous

analyses instantaneously. If performed manually, the equivalent work could

consume extensive audit effort.

7.9.29 CAATs are discussed in more detail in Appendix C.

Substantive Tests of Details

7.9.30 Substantive tests of details include such procedures as physically inspecting

an asset, checking transactions recorded in the books and records to

supporting documentation, and confirming amounts with third parties.

7.9.31 The auditor usually tests a sample of transactions as opposed to verifying

100% of them.

7.9.32 Appendix B contains a detailed description of sampling.

7.9.33 Substantive tests of details can involve more than sampling. There are often

specific transactions and events that the auditor wants to examine. These

could be:

a) Very large transactions and events; or

b) High risk transactions and events.

Substantive Tests of

details include such

procedures as

physically inspecting

an asset, checking

transactions to

supporting

documentation, and

confirming amounts

with third parties.

7-46

Audit Manual – Chapter 7

7.9.34 These transactions and events are often referred to as “individually

significant transactions and events”. They are often audited 100% because

they are large enough that, should they be in error, the error could be

significant. The auditor therefore does not want to risk failing to find an

error in these transactions or events.

7.9.35 Auditors often audit 100% of the individually significant transactions and

events, and audit a sample of the remaining transactions.

Compliance with Authority Tests

7.9.36 The first step for the auditor is to work with entity management to identify

the rules and regulations that apply to the entity. Of these, the auditor will

determine which authorities are most significant and will design tests to

check compliance. The auditor will also determine what sampling

approach is appropriate. Sampling is discussed at length in Appendix B.

7.9.37 The auditor will then plan to extract the samples as determined, and apply

the compliance tests.

The Audit Risk Model

7.9.38 The audit risk model is a useful way to tie together all of the various

sources of audit assurance.

7.9.39 The basic theory behind the audit risk model is that, for errors adding up to

more than materiality to remain in the accounts at the end of the audit (audit

risk - AR), all of the following must have happened:

a) The errors must have occurred in first place (inherent risk - IR);

b) The internal controls must have failed to prevent or detect the errors

(control risk - CR); and

c) The auditor’s substantive procedures (analytical procedures and

substantive tests of details) must have failed to detect the errors

(detection risk - DR).

7.9.40 Basic probability theory states that, if two events are mutually exclusive

(the occurrence of one is not affected by the occurrence or non-occurrence

of the other), then the probability of both events occurring is the probability

of the first event occurring times the probability of the second event

occurring.

7.9.41 All of the events in paragraph, as defined, are mutually exclusive, and all

must occur before errors adding up to more than materiality remain in the

accounts at the end of the audit. We therefore have the following formula:

AR = IR x CR x DR; where:

AR = Audit risk;

IR = Inherent risk;

CR = Control risk (achieved); and

DR = Detection risk.

Identify the rules

and regulations

that apply to the

entity.

The audit risk model

is a way to tie

together all the

sources of audit

assurance.

Audit Manual – Chapter 7

7-47

7.9.42 The reason for qualifying the control risk as being “achieved” is because

the auditor needs to validate his/her control assurance. What goes in the risk

model is the converse of the achieved assurance.

7.9.43 The audit risk model is often expanded upon to split detection risk (DR)

into two parts. This is done for two reasons:

1. Analytical procedures are often effective and efficient at obtaining

audit assurance. As a result, they should normally be performed on

every audit. The assurance to be achieved from these procedures

needs to be reflected in the risk model;

2. The auditor often performs more than one substantive test of detail to

obtain the required assurance with respect to each specific financial

audit objective and related compliance with authority objective. To

link the risk model to the confidence level to be used for one key

substantive test of details, these other substantive tests of details need

to be considered separately.

7.9.43.1 It is done as follows:

AR =IR x CR x DR

= IR x CR x OSPR x STDR; where:

AR = Audit risk;

IR = Inherent risk;

CR = Control risk (achieved);

OSPR=Other substantive procedures risk, being the risk

that the auditor’s analytical procedures, and all

substantive tests of details expect one key

substantive test of details, will fail to detect

material error; and

STDR =Substantive test of details risk, being the risk that

one key substantive test of details will fail to

detect material error.

7.9.44 The reason for splitting out one key substantive test of details in this

manner is that the formula can be rearranged as follows:

STDR = AR .

IR x CR x OSPR

7.9.45 The resulting STDR is the converse of the confidence level that the auditor

will use for his/her substantive sample. For example, if STDR is determined

to be 15%, the auditor will use an 85% confidence level for his/her

sampling procedures.

Considering the Assurance Achievable from Each Audit Step

7.9.46 Auditors are not required to develop the detailed audit programmes during

the Planning Phase. However, the auditor should give some consideration

7-48

Audit Manual – Chapter 7

to the types of procedures, and the assurance that can be derived from each

procedure, in order to make a reasonable determination of the optimum

combination of sources of audit assurance.

7.9.47 The amount of assurance that can be derived from each procedure depends

on the nature of the test and the evidence that will be collected. The auditor

should have a sound understanding of:

a) The nature of evidence;

b) What constitutes appropriate quality and quantity of evidence; and

c) The most appropriate methods of collecting evidence.

Considering Staffing, Budgeting and Timing of the Audit

7.9.48 The staffing, budgeting and timing of the audit are all matters to be dealt

with in detail at the detailed planning stage. They are discussed in detail in

Chapter 8.

7.9.49 However, the auditor should give these matters some consideration during

the general planning phase. There is no point coming up with an optimum

combination of tests of internal control, analytical procedures and

substantive tests of details unless adequate time or resources are available.

7.9.50

Staffing. Unless an audit is appropriately staffed, the benefits of good audit

planning can be lost. Persons involved in the general planning phase need

to make sure that there are staff members available who have the audit

skills required to perform the work efficiently and effectively.

7.9.51 For example, the auditor may determine that the most efficient audit

approach would be to place high reliance on internal controls and to use

regression analysis. However, unless the audit can be staffed with people

capable of doing a detailed evaluation of an internal control structure and

using a regression analysis software package, this approach is not

practicable.

7.9.52

Budgeting the work. DAGP has finite resources, so it is important to

estimate the time required to perform the audit under each combination of

tests.

7.9.53 Each financial audit will require a minimum amount of resources. DAGP

needs to ensure that the required resources are allocated. Since the

resources required for compliance with authority work can be more flexible

than those required for financial certification, The Director may have some

scope for reallocating resources in response to certification audit demands.

7.9.54

Timing of the work. Most government entities have the same year-end date

(30 June). To keep audit staff busy throughout the year, and complete the

audit of the financial statements on a timely basis after the year-end date, it

is often appropriate to perform some of the work in advance of the year-end

date. This should be taken into account when scheduling audit activities.

Audit Manual – Chapter 7

7-49

7.9.55

Supporting software. Audit management software can be used to assist in

the staffing, budgeting and timing of the audit work.

Re-assessing the general planning decisions for individual audits

7.9.56 Before completing the general planning phase, the auditor should consider

whether decisions made in later steps in the phase indicate that changes are

needed to decisions made earlier in the phase. For example, the assessment

of inherent risk and control risk may result in the auditor re-estimating the

amount required for the expected aggregate error. Similarly, staffing and

timing issues may affect the auditor’s ability to use the optimum mix of

tests of internal control, analytical procedures and substantive tests of

details.

7.9.57 In addition, audits cannot be planned in isolation. Each audit directorate

needs to consider how best to utilise all of its staff members on all of its

audits in the most efficient and effective manner. Planning decisions should

also be re-assessed in later stages of the audit.

7.10 Reliance on Other Auditors

7.10.1 A key factor to consider in the general planning phase is the extent to which

the auditor can rely on the work of internal auditors.

7.10.2 Reliance on internal auditors can affect the work required to update the

understanding of the internal control structure. It will also likely affect the

assessment of control risk.

7.10.3 In addition, the ability to rely on internal auditors will likely affect the

optimum mix of tests of internal control, analytical procedures and

substantive tests of details.

Internal Auditors

7.10.4 Internal auditors have an independent appraisal function within their

organisations. As such, they are part of the entity’s internal control

structure.

7.10.5 In general, the relationship between DAGP and the internal audit

community should be one of cooperation and professional reliance.

Coordination of work can ensure adequate audit coverage, while at the

same time minimising duplicate efforts.

7.10.6 The coordination and cooperation between DAGP and each internal audit

organisation can be enhanced by:

a) DAGP and the internal audit unit coordinating their audit effort,

which in turn requires each:

i) To have knowledge of the planned audit coverage of the

other; and

The relationship

between DAGP and

internal audit

should be one of

cooperation.

7-50

Audit Manual – Chapter 7

ii) To the extent possible, to amend its plans to better

coordinate the effort.

b) Having access to each other’s audit programmes and internal control

questionnaires;

d) DAGP having access to the working papers of the internal audit

organisation;

e) Having an exchange of audit reports and management letters;

f) Having a common understanding of audit techniques, methods, and

terminology; and

g) DAGP relying, to the extent possible, on the audit work of the

internal auditors, and thus reducing the amount of additional testing

required by the DAGP auditors.

7.10.7 Coordination of effort requires that DAGP and the internal audit staff meet

well before the commencement of specific audits to jointly plan their work

for the following year. During these meetings, DAGP could, for example:

a) Discuss areas where it would like to rely on the work of internal

audit;

b) Provide the internal auditors with its basic planning parameters –

materiality, audit risk, sources of audit assurance, etc.;

c) Provide the internal auditors with an audit programme, summary of

unadjusted differences and other forms and checklists for the

internal auditors to complete; and

d) Discuss the timing of the work and any required deadline dates.

7.10.8 One of the roles of internal audit is to provide management with an

assessment of the adequacy and effectiveness of the internal control

structure and the extent to which it can be relied upon. Auditors from

DAGP should consult with the head of the internal audit organisation to

determine how much audit work internal audit has performed on the

internal controls. Wherever possible, the DAGP auditors should rely on the

work of internal audit.

7.10.9 Just like any other control, the unit’s work needs to be tested before it can

be relied upon. DAGP auditors should consider examining the systems and

procedures that the internal audit unit has in place to ensure that its work is

performed to the required standards. These systems and procedures would

include the unit’s quality assurance procedures, hiring policies and training

programme. The DAGP auditors may also wish to re-perform some of the

work performed by internal audit.

7.10.10Sometimes the external auditors use internal auditors to perform some of

the external audit work. In cases such as this, the internal auditors are

effectively acting as members of the external audit team. Their work should

be supervised and their files reviewed just like the work of any other

member of the team.

Consult with

internal audit to

determine how much

audit work internal

audit has performed

on the internals

controls.

Audit Manual – Chapter 7

7-51

7.11 Documenting strategic planning decisions

The Need to Document Planning Decisions

7.11.1 The auditor’s documentation, in the form of audit files, is collectively

referred to as the “working papers”.

7.11.2 Paragraph 3.5.5 of DAGP’s auditing standards states, “Auditors should

adequately document the audit evidence in working papers, including the

basis and extent of the planning, work performed and the findings of the

audit.”

7.11.3 Documentation of the planning decisions is discussed in detail in Chapter 8.

At the end of the detailed planning stage, all steps in the planning process

should be complete and adequately documented.

7.11.4 It should be noted that the documentation of the audit planning phase

should not wait until the detailed planning steps are complete. The work

done in each step of the audit planning phase should be fully documented as

soon as the work has been completed.

7.11.5 At the end of the audit planning phase there should be documentation in the

planning file and in the permanent file of all of the decisions made during

the general planning phase. In addition, the relevant sections in the audit

planning memorandum should be completed. The individuals completing

the detailed planning phase can then make use of all of this material.

7.12 Application to Government-wide Audits

Sample Selection

7.12.1 As noted earlier, the auditor uses one overall materiality amount for the

audit, and does not need to allocate it to each grant, component, location,

etc. In addition, this one overall materiality amount is used when

determining minimum sample sizes for the audit of each component, and

each specific financial audit objective and related compliance with

authority objective. (Note: this is not to limit the discretion of DAGP to

perform more rigorous sampling as it sees fit, especially for compliance

with authority audit work).

7.12.2 For government-wide audits, the materiality amount will be established by

a central DAGP team that is responsible for the overall planning,

performance, evaluation, reporting and follow up of the audit. For the audit

of the financial statements of an individual government agency, the

materiality amount will usually be set by the audit director or a more senior

staff person.

Auditors should

document evidence

in working papers,

including the basis

and extent of the

planning, work

performed and

findings.

The auditor uses one

overall materiality a

amount for the

audit, and does not

allocate it to each

grant, component,

locations, etc.

7-52

Audit Manual – Chapter 7

7.12.3 Each ministry, department etc. performs accounting functions at different

locations – the Account General Pakistan Revenues, principal accounting

officers in the ministry or department, DAOs, DDOs, etc.

7.12.4 Using one overall materiality amount ensures that every grant that is greater

than the materiality amount, and every location with assets, liabilities,

revenues or expenditures greater than the materiality amount will be

virtually certain to have at least one transaction selected for audit.

Similarly, each grant and each location with assets, liabilities, revenues or

expenditures greater than one half of the materiality amount will also be

likely to have at least one transaction selected for audit. It is possible that

sampling techniques will not select items from all DDOs, DAOs etc.

(DAGP has full discretion to extend sample selection to include items from

every DDO and DAO if it is considered necessary).

7.12.5 In addition, for the audit of the Federal Government, a province or a

district, the auditor is again using a single materiality amount for each audit

entity, and that amount is based on the assets, liabilities, revenues or

expenditures of that entity as a whole, not each of the sub-entities, such as

ministry or department, within the audit entity. Therefore it is possible that

sampling techniques will not select audit items from some of the smaller

sub-entities. This is logical, since sub-entities that are small relative to

materiality are not significant from a financial audit perspective.

7.12.6 However, with direction from DAGP, auditors have the freedom to extend

the scope of their audit to extend audit coverage to as many sub-entities as

deemed appropriate, and the coverage within each sub-entity, even 100%

sampling, is also discretionary. Auditors often accomplish this by

developing a list of minimum procedures to be applied at specified subentities

that is applied over and above the samples determined by sampling

techniques. Procedures that can help identify additional areas where

coverage would be useful include:

a) Updating knowledge of the business by looking for new legislation,

reviewing minutes etc.,

b) Reviewing the basic control environment;

c) Performing analytical procedures on each line item in the financial

statements (including statement of appropriations); and,

d) Exploring for significant events and transactions after the year-end cut-off

date.

7.12.7 The auditor could also select additional transactions at random and perform

various tests on those items. Bear in mind that the most useful test, given

the small size of some sub-entities relative to materiality, is to look for

unrecorded transactions rather than errors in recorded transactions. In

particular, the auditor would look for unrecorded expenditures that could be

hiding over-expended appropriations.

Audit Manual – Chapter 7

7-53

7.12.8 The choice of which grants, locations, ministries or other sub-entities on

which to perform these discretionary procedures is based primarily on the

auditor’s professional judgement and knowledge of the entity. The auditor

should consider the following:

a) The grants, locations, ministries, etc. suspected of significant inherent and

control risk;

b) Sub-entity headquarters where records are kept and where management

likely exerts the most influence over transactions; and

c) All individually significant events, transactions or sub-entities.

7.12.9 In addition to extending the coverage of planned financial audit procedures,

the auditor may also decide to conduct additional audit work to review

compliance with authority, internal controls, performance and so on.

Coordination

7.12.10It is not feasible for each audit directorate to plan its portion of the audit of

the Federal Government, province or district in isolation. The materiality

amount and planned precision value need to be set and the audit work on

each component (e.g. line item in the financial statements) should be

coordinated across ministries, departments, agencies, etc.

7.12.11A single grant may be spread across a number of departments, and one

DAO may manage more than one grant. It is essential that each grant is

subject to an appropriate level of investigation. DAGP has created a central

team responsible for audit planning, performance, evaluation, reporting and

follow up of each government wide audit. For the annual audit of the

financial statements of the Federation, the central team is responsible for:

a) Setting basic planning parameters (materiality, audit risk, planned

precision, components to audit, etc.);

b) Setting inherent risk, control risk, other substantive procedures risk and

substantive test of details risk for each component and audit objective,

compliance objective, error and irregularity;

c) Determining optimum mix of tests of internal control, analytical

procedures, and substantive tests of detail for each component and audit

objective, compliance objective, error and irregularity;

d) Drafting audit programmes, forms and checklists to be used by audit teams;

e) Performing overall error evaluation; and

f) Reporting the results of the audit.

Audit work on each

component should be

coordinated

Audit Manual – Chapter 8

8-1

8.

ACTIVITY AND RESOURCE PLANNING

FOR INDIVIDUAL AUDITS

8.1 Introduction

8.1.1 This phase primarily involves using the decisions made during the audit

planning phase to update the audit programmes that will be used in the

fieldwork phase. It is also concerned with updating budgets, staffing

requirements, the timing of the audit work, and the information to be

obtained from the entity.

8.2 Formulate/update Audit Programmes

8.2.1 The audit programmes provide the auditor with a list of all the procedures

that he/she is to perform.

8.2.2 As discussed in Section 3.5 of DAGP’s auditing standards, the audit

findings, conclusions and recommendations must be based on evidence.

The audit programme must contain all of the procedures necessary for the

auditor to obtain sufficient, relevant, timely, reliable and objective evidence

to support his/her audit findings.

8.2.3 The Standard Audit Working Paper Kit and the Audit Programme Guides

for specialised audit areas provide a good starting point for the audit

programmes to be used on any entity. The kit and guides contain the

following components:

a) Internal control questionnaires (ICQs) and tests of internal control;

b) Analytical procedures; and

c) Substantive tests of details.

8.2.4 The kit and guides also contain various planning documents, checklists,

forms and supervision instruments.

8.2.5 This material cannot be used blindly, even on those audits where the auditor

has extensive material. All entities are different, and each entity can change

over time. Therefore, there is always a need to use professional judgment.

For example:

a) If limited reliance is being placed on the internal control structure, then

some of the procedures in the Internal Control Questionnaires can often be

deleted, or the work required for specific procedures can be reduced.

b) If a lot of reliance is being placed on the internal control structure, then

some of the substantive tests of details may not be necessary, or the extent

of the work required in some of the procedures could be reduced.

The audit

programme must

contain procedures

necessary to obtain

sufficient, relevant,

timely, reliable and

objective evidence to

support audit

findings.

8-2

Audit Manual – Chapter 8

8.2.6 When developing an audit programme, or tailoring one that is already in

existence, it is important to ensure that the programme will provide

sufficient, relevant, timely, reliable and objective evidence for each specific

audit objective, related compliance with authority objective, and error

condition.

8.2.7 As a starting point to assist in this process, the audit programme guides

contained in the Standard Audit Working paper Kit and the Audit

Guidelines contain a column that indicates for which objective the

procedure is designed to provide assurance. Once the auditor has

completed tailoring the programme for the specific entity, the auditor

should then ensure that each specific objective contains an adequate, but not

excessive number of procedures to test it.

8.2.8

Nature. Some procedures, by their nature, will provide more assurance than

other procedures. They may be more relevant, more reliable, more

objective, etc. To assess the amount of assurance that the auditor can derive

from a particular audit procedure, the auditor needs to have a sound

understanding of:

a) The nature of evidence;

b) What constitutes an appropriate quantity and quality of evidence; and

c) The most appropriate methods of collecting evidence.

8.2.9

Extent. The extent of testing relates to how much work the auditor performs

– the size of the sample, the number of observations he/she makes, the

threshold amount selected for following up significant fluctuations from an

analytical procedure, etc. The audit risk model and the guidance provided in

Annexes B and D may be useful for this purpose.

8.2.10

Timing. Timing relates to the period covered by the test. Generally, the

longer the period of time being covered by the test, the more assurance the

auditor can derive from it. For example, a test of internal control that covers

transactions for the entire year is better than a test of internal control that

covers only a few months. This is why, if high reliance is placed on internal

controls, the auditor normally samples transactions from the entire year.

Similarly, a cut-off test that covers the transactions for a month after the

year end would be a better test than one that only covers the transactions for

a few days after the year end.

8.2.11 The requirement to consider the nature, extent and timing of each procedure

applies to entity audit teams who are completing audit programmes

developed by a central team. For the audit of the financial statements of the

Federation, for example, entity teams will be provided with audit

programmes prepared by a central team. However, these audit programmes

cannot be used blindly. It is the responsibility of each entity team to review

the programmes to ensure that:

a) They contain all of the necessary audit procedures and that the required

assurance will be achieved; and

b) They do not include unnecessary audit procedures or involve more work

than is required.

Audit Manual – Chapter 8

8-3

8.2.12 However, audit programmes for each specific financial audit objective and

compliance with authority objective are not developed in isolation, for

several reasons:

a) Many internal controls, such as those that are part of the control

environment, will be common to many components, specific financial audit

objectives, related compliance with authority objectives and error

conditions. The tests of internal control performed on these controls can be

used to provide assurance for all of these components, specific financial

audit objectives, etc.

b) Some components are related to other components. For example, an

understatement of expenditures may also result in an understatement of

liabilities and/or an overstatement of cash. Therefore, the audit of each of

these components will provide the auditor with some assurance as to the

completeness and accuracy of the related components. To avoid doing more

work than necessary, the auditor needs to take the assurance achieved from

auditing the related components into account. Professional judgment is

required.

8.3 Updating staffing requirements and allocating

resources

8.3.1 The audit must be appropriately staffed to achieve its objectives.

8.3.2 Audit planners should ensure that the staff members assigned to the audit

have the audit skills required to perform the work efficiently and

effectively.

8.3.3 Changes to the nature, extent and timing of the audit work may affect the

levels of staff required to perform the work, and the assignment of specific

staff members to the audit. Staffing requirements need to be updated at this

time.

8.3.4 For example, if the auditor wishes to reduce the size of substantive samples

and increase reliance on internal controls and analytical procedures, and

also intends to introduce CAATs, then the staff members assigned to the

audit should have the required training to carry out the tests of internal

control, the analytical procedures, and the CAATs.

8.3.5 For the audit of the financial statements of the Federation and other audits

where a central team makes the initial planning decisions, the central team

will often be making its planning decisions on the assumption that each

entity team will be able to provide the staff members with the required

technical and supervisory skills to perform the audit as planned. It is the

responsibility of each entity team to review the proposed audit plan and to

discuss any potential staffing problems with the central team before

commencing the work.

Ensure that staff

members assigned to

the audit have audit

skills.

8-4

Audit Manual – Chapter 8

Factors to Consider

8.3.6 When assigning specific staff to audits consider the following:

a) The required skill mix for each specific audit. Ensure that each audit team is

composed of staff members with the technical and supervisory skills that

are required to complete the audit.

b) The needs of all the audits in the directorate. Better auditors should be

assigned to the more difficult and risky assignments.

c) The audit deadline. Should the deadline date for an audit be moved forward,

the auditors may have less time after the year end to complete their audit.

This may necessitate adding extra staff to the audit to complete it in a

shorter period of time.

d) Audit continuity. Having at least some of the audit staff members return to

perform work on the entity the next year will help to ensure that the audit

team has the required knowledge of the entity.

e) Rotation. Changing audit staff every few years can add new ideas to the

planning and performance of the audit. It can also help to ensure that the

auditors remain independent of the entity being audited.

f) Learning and advancement. While it is beneficial for some staff to return to

an entity, it’s also advantageous to give them more challenging work each

year. At the same time, they could provide advice and assistance to the

more junior auditors who are performing the work that they performed in

the previous year.

8.3.7 Audit management software will assist in making these staffing decisions.

Allocating resources

8.3.8 The specific audits planned for the period may have to be changed if certain

audit skills or experience within the Audit Directorate (or supplied from

elsewhere within DAGP) are overextended. The Audit Director should

ensure that not only can the proposed set of audits be conducted within

available resources but also that there are specific resources with required

skills available to conduct the audits. For example, if there is only one

person capable of conducting audits of IT systems under development, the

Director should ensure the total audit workload of this type across several

audits does not exceed the time available.

8.3.9 This can be managed by drawing up a matrix assigning audit resources

against audit tasks to enable the manager to balance workload with

available resources.

8.4 Updating budget requirements

8.4.1 Any changes made to the nature, extent and timing of the audit procedures

will most likely affect the budgets for the work. The auditor should update

the budgets at this time.

Audit Manual – Chapter 8

8-5

8.4.2 The audit budget should include a projection of:

a) costs of travel, accommodation and subsistence while visiting audit sites;

b) cost of any purchases;

c) level of effort of audit team members.

8.4.3 The biggest aspect of budgeting is the budgeting of time – estimating the

amount of time required to:

a) Plan the audit;

b) Perform the audit of each specific component, and in total;

c) Evaluate the audit results;

d) Report the results of the audit;

e) Follow up the results of previous audits (if being done at this time); and

f) Manage the audit, including the supervision of lower level staff and a

review of their work.

8.4.4 Good budgeting is very important for audits where an opinion is being

expressed. In these cases, the auditor needs to complete all the activities

that have been deemed necessary to form an opinion, and so needs to ensure

adequate resources (people, time, and money) are available. Where no

opinion is being expressed, the auditor has discretion over the scope of

work performed and can adjust the audit plan to best use the resources that

are available.

8.4.5 For the audit of the financial statements of the Federation and other audits

where a central team makes the initial planning decisions, the central team

will also be providing the entity teams with a budget to perform the work. It

is the responsibility of each entity team to review the budget that it has been

given and to discuss any problems with the central team before

commencing the work.

Factors to Consider

8.4.6 The following factors should be considered when setting the budgets:

a) size of the entity;

b) complexity of the entity and its transactions;

c) audit risk;

d) inherent risk;

e) quality of the internal control structure; and

f) experience of the staff performing the audit.

8.4.7 Each of these is discussed below.

8.4.8

Size of the entity. The size of the entity may only have a limited effect on

the required budget. This is because, as the entity being audited gets bigger,

8-6

Audit Manual – Chapter 8

the materiality amount may increase proportionately. The sample size

required to audit the expenditures in a small entity may be just as large as

the sample size required to audit the expenditures in a large entity.

8.4.9

The complexity of the entity and its transactions. This will likely have a

considerable impact on the budget. Some entities are inherently complex,

and the substance of their transactions may be difficult to determine.

Entities such as these could require a much larger budget than entities that

are straightforward.

8.4.10

Audit risk. The lower the audit risk being taken, the more assurance is

required. Reducing audit risk from 5% to 3%, for example, could add 20%

to the total required audit work.

8.4.11

Inherent risk. The higher the assessed inherent risk, the more assurance the

auditor needs in total from his/her tests of internal control, analytical

procedures and substantive tests of details. Also, the auditor may need to

use a higher expected aggregate error when determining planned precision,

further increasing the required amount of work.

8.4.12

The quality of the internal control structure. It is often more efficient to

place a lot of reliance on the internal control structure and reduce the

substantive tests of details. Should this not be possible because the internal

controls are poor (control risk is high), the auditor may need to increase the

budget. Also, the auditor may need to use a higher expected aggregate error

when determining planned precision, further increasing the required amount

of work.

8.4.13

The experience of the staff assigned to the audit. More experienced staff

should be able to complete the work in a fewer number of hours.

Reviewing and Approving the Budget

8.4.14 The budget for each audit should be reviewed by the Director General

responsible for the audit, and approved by the Deputy Auditor General

responsible for the audit.

8.4.15 Each audit directorate should review the budgets set for each individual

audit within the directorate to ensure that they look reasonable in relation to

each other. Senior DAGP officials could carry out the same review across

all directorates.

8.4.16 Team members should record the time that they spend auditing each

component. Explanations for any deviations from the budget should be

obtained, and the auditor should conclude whether or not the factor causing

the increase or decrease in time is expected to recur in the next year. This

information can be used as a starting point for the following year’s budget.

Team members

record the time that

they spend auditing

each component.

Audit Manual – Chapter 8

8-7

8.5 Updating timing considerations

8.5.1 All government entities have a 30 June year end. If DAGP were to wait

until after the financial statements of all of these entities were completed

before commencing work, the audit reports would not be timely and DAGP

may not be able to meet required deadline dates.

8.5.2 To improve the timeliness of the audit reports, and to achieve other

benefits, DAGP should commence work on the audits

before the year end

(i.e., at an interim date).

8.5.3 This approach will be essential for the audit of the financial statements of

the Federation and the provinces since the New Accounting Model calls for

the Auditor-General to issue a report on the financial statements on or

before 30 October.

8.5.4 For the audit of the financial statements of the Federation and other

centrally-planned audits, the central team will request each entity team to

report to it by a certain deadline date. It is the responsibility of each entity

team to discuss, with the central team, any potential problems that it may

have meeting the deadline date before commencing the work.

The Use of Interim Audits

8.5.5 An “interim date” is a date in advance of the year-end date. An “interim

audit” is an audit performed at an interim date.

8.5.6 To illustrate, the auditors could decide to perform an audit of the

transactions for the first six months of the year (1 July to 31 December) in

the following February and March. They could then return to the entity in

May to do the next three months (1 January to 31 March). They could then

return again after 30 June to complete their audit.

8.5.7 The work performed at an interim date could include:

a) Auditing a sample of revenue and expenditure transactions up to the interim

date. A sample of the transactions for the rest of the year could then be

audited at a later interim date, or after the year-end.

b) Reviewing and testing the entity’s internal control structure. Enquiries,

observations and walk-through procedures could then be performed at the

year-end date to ensure that the internal controls had not deteriorated.

c) Note: When high reliance is being placed on the internal controls, the

auditor normally needs to also sample the transaction between the interim

date and the year-end date.

d) Discussing accounting policies, the form and content of the financial

statements, contentious authority matters, etc. with entity officials. This

could avoid having to deal with these matters at the end of the audit.

8-8

Audit Manual – Chapter 8

8.6 Factors to consider when determining the optimum

timing

8.6.1 The key benefit of using interim dates is to improve the timeliness of the

audit reports.

8.6.2 Another benefit of using an interim audit is that it can provide the auditor

with an earlier indication that the planning decisions may need changing.

For example, the auditor may have intended to place a lot of reliance on the

internal controls, but may find at an interim date that the controls are not

reliable. The auditor would then be able to amend the audit plan well before

the year-end date.

8.6.3 A further benefit of performing an interim audit is that it may solve staffing

problems. The required staff may not be available to do all of the audit

work after the year-end date. Also, there may be a need to do some of the

work before the year-end to keep all of the staff fully occupied.

8.6.4 The major drawback of doing some work at an interim date is that it may

add to the cost of the audit. If, for example, the bank reconciliations were

verified before the year end, the auditor would normally need to review the

transactions that took place between the date of the in term work and the

year end.

8.7 Updating information required from the entity

8.7.1 It is entity management’s job to ensure that the financial statements, and the

supporting books and records, are complete and accurate. To do so,

management should be preparing its own analyses of the account balances,

reconciling accounts, preparing lists of specific assets and liabilities making

up various account balances, checking the year-end cut-off, doing searches

for unrecorded transactions, etc.

8.7.2 The auditor could make use of the above work to reduce the audit effort. To

do so, the auditor should prepare a list of all of entity management’s

analyses, reconciliations, schedules, lists, etc. that would be useful for the

audit, and submit the list, with a request for copies, to entity management

well in advance of the commencement of the audit.

8.7.3 This process will not only help to improve the efficiency of the audit, but

will also be a good test of the extent to which entity management has

fulfilled its own responsibilities.

8.7.4 The Standard Audit Working Paper Kit includes a form that outlines the

typical forms, schedules, reconciliations, analyses, documents, etc. that are

often requested from entity officials.

It is entity

management’s job to

ensure that the

financial

statements, and the

supporting books

and records, are

complete and

accurate.

Audit Manual – Chapter 8

8-9

8.8 Re-assessing the general and detailed planning

decisions for individual audits

The Need for Re-assessments

8.8.1 Decisions made in the detailed planning phase could result in changes being

needed to decisions made during the general planning phase. For example,

staffing and timing issues may affect the auditor’s ability to use the

optimum mix of tests of internal control, analytical procedures and

substantive tests of details.

8.8.2 In addition, audits cannot be planned in isolation. Each audit directorate

needs to consider how best to utilise its entire staff on all of its audits in the

most efficient and effective manner. This could result in some individual

audits not being done in the most efficient and effective manner.

8.8.3 As we will see in later chapters, the general and detailed planning decisions

should also be re-assessed in later stages of the audit.

8.9 Documenting the detailed planning decisions

The Need for Documentation

8.9.1 Paragraph 3.5.5 of DAGP’s auditing standards requires: “Auditors should

adequately document the audit evidence in working papers, including the

basis and extent of the planning, work performed and the findings of the

audit.”

8.9.2 The general and detailed planning decisions are documented primarily

through:

a) An updated permanent file;

b) An updated planning file;

c) An updated audit planning memorandum; and

d) Updated audit programmes.

8.9.3 Updated permanent file

8.9.4 The permanent file contains information that can be useful to the auditor for

several assignments. A sample index for a permanent file is contained in the

Standard Audit Working Paper Kit.

8.9.5 As is illustrated in the working paper kit, the information that is often found

in the permanent file includes:

a) The role of the entity, its vision and mission statements, and its most recent

corporate plan;

b) Copies of relevant government legislation, regulations, guidelines and other

rules affecting operations;

Document audit

evidence in working

paper including the

planning.

8-10

Audit Manual – Chapter 8

c) Organisation charts;

d) Chart of accounts;

e) Summary of accounting principles used by the organisation;

f) Copies of long-term contracts/leases;

g) Copies of loan agreements, schedules of amortisation for debts and special

assets;

h) Extracts of minutes;

i) Special remuneration conditions for senior officers; and

j) Reports to management and management’s response.

8.9.6 Policies and procedures manuals may be in the permanent file if they are

brief or, alternatively, a copy should be kept on the auditor’s premises.

8.10 Updated planning file

8.10.1 The planning file contains support for all of the planning decisions that

have been made. The usual content of these files is illustrated in the

Standard Audit Working Paper Kit.

8.10.2 As is illustrated in these guidance materials, the information that is often

found in the planning file includes:

a) Support for the work performed and the decisions made at each step of the

general and detailed planning processes. This would include the work

performed to update the planning decisions made in previous years

b) An updated audit planning memorandum. See below.

c) Updated audit programmes. See below.

d) Updated budgets, staffing requirements, timing considerations, information

required from the entity, etc. resulting from the detailed planning process.

Updated audit planning memorandum

8.10.3 This document is usually included in the planning file. It summarises the

key planning decisions that have been made, with emphasis on the changes

that have been made to the previous year’s plan.

8.10.4 The usual content of an audit planning memorandum is illustrated in the

Standard Audit Working Paper Kit.

Updated audit programmes

8.10.5 Audit programmes contain the specific audit procedures that the auditor

needs to complete during the fieldwork phase.

8.10.6 Standard audit programmes are included in the Standard Audit Working

Paper Kit. Audit programmes for the 13 specialised areas are included in

the Audit Guides for those areas.

The planning file

contains support

planning decisions.

Audit Manual – Chapter 8

8-11

8.11 Approval of the general and detailed planning

decisions

8.11.1 All planning decisions should be approved before the fieldwork

commences. This is to ensure that:

a) Appropriate and sufficient evidence is obtained to support the opinion;

b) All of DAGP’s auditing standards are complied with; and

c) Only necessary work is performed.

8.11.2 Since the work performed will form the basis for the conclusions reached

and the form and content of the reports being issued, it is important that the

general and detailed planning decisions be reviewed and approved by senior

DAGP officials. It is suggested that the planning decisions be reviewed by

the responsible Director General and approved by the responsible Deputy

Auditor General.