Electronic Presentations in Microsoft® PowerPoint® Prepared by Brad MacDonald SIAST © 2003 McGraw-Hill Ryerson Limited Page references in these notes are taken from the second draft of the text revision

Comprehensive Auditing: Public Sector and Internal Audits This chapter introduces governmental and internal auditing in the context of comprehensive auditing. These fields differ in important respects from financial statements auditing practised by independent PAs. However, you will find that all the fields of auditing share many similarities. The explanations and examples in this chapter will help you understand the working environment, objectives and procedures that characterize governmental and internal auditing.

Learning Objective 1 Describe the public sector and internal audit institutions (II) and tell how public sector and internal audit work interacts with independent audits.

“External,” Public Sector, and Internal Audits Internal Auditing Institute of Internal Auditors (IIA) The international organization that governs the standards, continuing education, and general rules of conduct for internal auditors as a profession. Public Sector Auditing Auditors employed by federal, provincial, and municipal levels of government. Pages 695 - 697

Interaction with External Auditors External auditors consider the internal audit function in two contexts: Internal audit is part of the company’s control environment. Can be studied, tested, and relied on in determining nature, timing, and extent of substantive procedures. Internal auditors help gather evidence about internal controls and account balances. Pages 697 - 699

Interaction with External Auditors Compliance auditing applicable to governmental entities: Engagements governed by the Office of the Auditor General (OAG) audit standards are to be conducted in accordance with public sector auditing standards. Page 698

Learning Objective 2 Define public sector auditing and internal auditing.

Definitions and Objectives Internal auditing: is an independent, objective assurance and consulting activity designed to add value and improve and organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and governance processes. -IIA Pages 699

Definitions and Objectives Operational auditing: Auditors’ study of business operations for the purpose of making recommendations about economic and efficient use of resources, effective achievement of business objectives, and compliance with company policy. The goal of operational auditing is to help managers discharge their responsibilities. Page 699 - 700

Learning Objective 3 Compare aspects of public sector, internal, and external auditors’ independence problems.

Independence Internal auditors hold independence as a goal. Seek to ensure both operational and reporting independence. Enables internal auditors to be objective in reporting findings without having to fear for their jobs. Independence is enhanced when internal auditors report to a high executive level. Page 700

Independence Public sector auditors hold independence as a goal. Government auditors are considered independent when they are: free from sources of personal impairment free from sources of external impairment organizationally independent independent under rules of conduct elected or appointed and reporting to a legislative body auditing in a branch of government other than the one to which they are normally assigned Page 700

Learning Objective 4 Specify the elements of expanded scope auditing in both public sector and internal audit practice.

Scope of Service – Internal Audit The services provided by internal auditors include: audits of financial reports and accounting control systems reviews of control systems that ensure compliance with policies, procedures, laws and regulations appraisals of the economy and efficiency of operations and reviews of the effectiveness in achieving program results Internal auditors often make recommendations that result in additional profits or economies. Page 701

Scope of Service – Public Sector The OAG of Canada defines and describes expanded scope governmental auditing in terms of the types of audits that can be performed. Financial statement audits, to determine: whether statements of an entity present the financial position and results of an entity in accordance with GAAP, and whether the entity has complied with laws and regulations Page 701

Scope of Service – Public Sector Compliance audits, in which the mandate is to do one or more of: express an opinion on whether an entity complied with specified authorities express an opinion on whether transactions that have come to their notice were carried out in compliance with specified authorities, or report instances of noncompliance with authorities Page 701

Scope of Service – Public Sector Value-for-money (VFM) audits: Economy and efficiency audits include determining: whether the entity is acquiring, protecting, and using resources economically and efficiently the causes of inefficiencies or uneconomical practices, and whether the entity has complied with laws and regulations concerning matters of economy and efficiency Pages 701 - 702

Scope of Service – Public Sector VFM audits: Effectiveness or program audits include determining: the extent to which the desired results or benefits established by the authorizing body are being achieved the effectiveness of organizations, programs, activities or functions, and whether the agency has complied with laws and regulations applicable to the program Pages 701 - 702

Learning Objective 5 Describe the coverage of public sector and internal audit standards.

Internal Auditing Standards Standards for the Professional Practice of Internal Auditing are issued by the IIA. The 1999 standards are classified into three major categories: Attribute standards: These relate to the characteristics of individuals or internal auditing departments. Performance standards These describe internal audit activities and criteria for their quality. Implementation standards These apply to specific types of engagements, such as performance or compliance audits. Page 702

Internal Auditing Standards Internal audit standards that are significantly different from GAAS: Implementation standards call for: review of compliance with policies review of economy and efficiency in the use of resources, and review of the results of programs for effectiveness These requirements go beyond the requirements of GAAS. Page 703

Internal Auditing Standards Internal audit standards that are significantly different from GAAS: Performance standards include a requirement for monitoring progress to determine that action is taken on reported audit findings. GAAS has no follow-up requirements. Page 703

Internal Auditing Standards Internal audit standards that are significantly different from GAAS: There are six IIA standards that deal with the quality assurance and improvement program of the internal audit department. External auditors have the same requirements, but this guidance is not in GAAS. Page 703

Internal Auditing Standards Internal audit standards that are significantly different from GAAS: GAAS includes four comprehensive reporting standards. The related IIA standard merely says, “Internal auditors should communicate the engagement results promptly.” Page 703

Public Sector Standards Public Sector Assurance Sections (PSs) incorporate GAAS and include terminology and concepts unique to the public sector. PAs accepting engagements to audit government grants and programs must follow the public sector sections. Page 704

Public Sector Assurance Sections PS 5000 Assurance in the Public Sector: This section provides background information useful in interpreting the subsequent sections. PS 5200 Audit of Financial Statements in the Public Sector: This section deals with the application of GAAS to audits of statements of governments and other public sector entities. Page 705 - 706

Public Sector Assurance Sections PS 5300 Auditing for Compliance with Legislative and Related Authorities: This section provides guidance for compliance audit mandates. PS 5400 Value-for-Money Auditing Standards: This section provides guidance for value-for- money audit mandates. Page 705 - 706

Public Sector Assurance Sections PS 6410: Planning VFM Audits: This section discusses planning considerations of the audit mandate, audit objectives and scope, criteria, audit evidence and the audit plan. PS 6420: Knowledge of the Entity in VFM Audits: This section includes factors considered by the auditor when establishing or assessing the objectives and scope of a VFM audit. Pages 710 - 712

Public Sector Assurance Sections PS 6430: Engaging and Using Specialists in VFM Audits This section covers considerations required in the use of specialists in VFM auditing. Page 713

Differences Between Traditional Auditing and VFM Auditing In traditional audits, the objective is to render an opinion on the financial statements. In VFM audits, the mandate may provide the auditor with discretion to establish the audit objectives and scope. In VFM audits, the objectives and scope vary from one audit to another. In VFM audits, much of the audit focuses on matters that are not necessarily financial. There is no body of standards like GAAP to refer to in VFM auditing. Page 715

Differences Between Traditional Auditing and VFM Auditing The nature and sources of evidence may differ between VFM auditing and traditional auditing. VFM auditing will tend to make greater use of a multidisciplinary team. VFM audits may not relate to a standard time period, such as year end. There are no standard audit reports for VFM auditing. Page 715

Differences Between Traditional Auditing and VFM Auditing VFM audits use the concept of “significance” rather than materiality. Significance is based on consideration of financial magnitude importance economic, social and environmental impact and previous VFM recommendations The concepts of audit risk, inherent risk, and control risk take on unique meanings in a VFM audit. Page 715

Economy, Efficiency and Effectiveness Audits Economy and efficiency measures are fairly straightforward. Economy is related to price variances and efficiency is related to the efficiency variances of standard variance analysis. Effectiveness is more difficult to define and evaluate. The Canadian Comprehensive Auditing Foundation (CCAF) enumerated 12 attributes of effectiveness to be examined. Page 716

Attributes of Effectiveness Management direction: How well integrated are the organization’s objectives with management’s decision making? Relevance: Does the program serve the intended purpose? Appropriateness: Is the program’s structure appropriate? Achievement of results: Has the program realized its goals and objectives? Page 716

Attributes of Effectiveness Acceptance: How well have customers received the services of the program? Secondary impacts: Has the organization caused any other results? Costs and productivity: How efficient has the organization been? Responsiveness: Has the organization adapted well to changes? Page 716

Attributes of Effectiveness Financial results: Has the organization accounted properly for revenues, expenses, assets and liabilities? Working environment: Is the work environment appropriate? Protection of asses: Does the organization safeguard valuable assets? Monitoring and reporting: Does the organization know where it stands? Page 716

Audit Assignments Government auditors are assigned as a result of: specific statutory or policy requirements for audits legislative, audit committee, or executive department requests auditors’ own initiative resulting from recognition of the importance of a program, activity, or organization because of the size of its revenues, expenditures or investment in assets auditors’ own initiative resulting from recognition of the potential importance of a new program or activity auditors’ response to a request for proposal to audit a specific organization, program, activity, or function Page 717

Learning Objective 6 Describe a sequence of work in governmental and internal audits in terms of preliminary survey, evaluation of administrative control, evidence-gathering field work, and report preparation.

Preliminary Survey Most government and many internal audits begin with a preliminary survey. Auditor becomes familiar with the organization, program, or activity being audited. Auditor must determine the specific standards relevant for the circumstances. The preliminary survey should be an organized activity. Page 718 - 719

Emphasis on Administrative Controls Controls are classified into two broad categories. Administrative controls: Plans of organization and procedures that are concerned with operational efficiency and adherence to policies. Internal and governmental auditors are interested in administrative controls because they affect economy, efficiency, and effectiveness. Internal accounting controls: Plan of organization and procedures designed to prevent, detect , and correct accounting errors. External auditors are interested in accounting controls. Page 719

Evidence Gathering Evidence-gathering field work can be described as an application of a practical audit method for problem solving. Problem recognition: Ascertain the pertinent facts and circumstances, specify objectives in detail. Evidence collection: Select and perform procedures to produce information. Evidence evaluation: Evaluate activities in terms of economy, efficiency, and goal achievement. Page 718

Learning Objective 7 Explain the function of standards and measurements in economy, efficiency, and program results audits.

Audit Procedures The general evidence-gathering procedures in governmental and internal audits are about the same as those used by external auditors. Objectivity is important in developing conclusions about economy, efficiency, and effectiveness. This is achieved by finding standards for evaluation using measurements of actual results determining that standards and measurements may take some imagination Page 720

Learning Objective 8 List and explain several requirements for public sector and internal audit reports.

Reporting Public sector and internal audit reports are not standardized. Each report is different because of the variety of assignments and audit objectives. The key criterion for a report is its ability to communicate clearly and concisely. Examples of a public sector audit report, an internal audit report, and a consulting engagement report are included in the text. Page 723