Module 3.D
TIAPS Module 3.D. on CFO, Internal Audit, and External Audit TIAPS Module 3.D. on CFO, Internal Audit, and External Audit
In order for a SAI to effectively hold government accountable for its stewardship of public resources, it must operate on the fundamental principles of independence, transparency and accountability, ethics and quality control. An independent and professional SAI should hold itself to the principles that it expects of the public sector entities that it audits so as to lead by example. 45 SAIs typically undertake three kinds of audits: • Financial audits. • Compliance audits. • Performance audits. In some countries, the SAI has jurisdictional authority with additional legal powers to investigate and prosecute. In Albania, the SAI is known as the Supreme State Control (SSC) and reports to the Assembly. The SSC describes itself as “the highest institution of economic and financial control in the Republic of Albania.” Its self-declared purpose is to control the effective and beneficial use of public funds, financial good administration and control of the implementation of legality in the economic and financial field…[including] communication and providing information to public authorities and the public in general, through the publication of unbiased reports. 46 The IIA and INTOSAI produced a joint report confirming the compatibility of the respective sets of standards. Internal auditors and external auditors have very broadly the same objectives – in terms of accountability, transparency, and assurance – and have similar methodologies. While maintaining their individual independence, there is plenty of scope for collaboration in training and professional development, the planning of audits, and sharing of findings. An internal audit engagement may deploy a member of the SAI as a guest auditor. The degree of reliance placed on the work of another assurance provider is dependent on the level of independence and competency and the standards applied to the work, and its relevance, scope, and currency. According to INTOSAI professional standards: the Supreme Audit Institution has the task of examining the effectiveness of internal audit. If internal audit is judged to be effective, efforts shall be made, without prejudice to the right of the Supreme Audit Institution to carry out an overall audit, to achieve the most appropriate division or assignment of tasks and cooperation between the Supreme Audit Institution and internal audit. 47 45 OECD Public Governance Reviews: Supreme Audit Institutions and Good Governance, OECD, 2016. 46 State High Control, Shtetiweb, 2021. 47 ISSAI 1, The Lima Declaration, INTOSAI, 2019. 76
According to Standard 2050 – Coordination and Reliance: The chief audit executive should share information, coordinate activities, and consider relying upon the work of other internal and external assurance and consulting service providers to ensure proper coverage and minimize duplication of efforts. Interpretation: In coordinating activities, the chief audit executive may rely on the work of other assurance and consulting service providers. A consistent process for the basis of reliance should be established, and the chief audit executive should consider the competency, objectivity, and due professional care of the assurance and consulting service providers. The chief audit executive should also have a clear understanding of the scope, objectives, and results of the work performed by other providers of assurance and consulting services. Where reliance is placed on the work of others, the chief audit executive is still accountable and responsible for ensuring adequate support for conclusions and opinions reached by the internal audit activity. 48 Assurance mapping and combined assurance are considered in more detail in section 3D.3. Some external audits of public entities may also be conducted by providers other than the SAI in accordance with legal requirements. This occurs where a publicly funded entity is responsible for tendering for an external provider for some of its statutory audits as well as any additional external assurance deemed valuable at the discretion of the organizational leadership to complement the work of the SAI, internal auditors, financial inspectors, and others. 3D.2: Reflection Which body or bodies conduct external audits of your organization? What use does external audit make of internal audit findings? What use does internal audit make of external audit findings? Do internal and external audit collaborate in any other way, such as training, information sharing, and planning? Could a member of the SAI be deployed on an internal audit mission as a guest auditor? 48 International Professional Practices Framework, The IIA, 2016. 77
- Page 1 and 2: 3D. CFO, Internal Audit, and Extern
- Page 3 and 4: In the public sector of some countr
- Page 5 and 6: • Ensure that those making decisi
- Page 7: • Identifying and equipping finan
- Page 11 and 12: 79
- Page 13 and 14: References and Additional Reading 1
- Page 15: The Practice of Internal Controls,
In order for a SAI to effectively hold government accountable for its stewardship of public<br />
resources, it must operate on the fundamental principles of independence, transparency and<br />
accountability, ethics and quality control. An independent and professional SAI should hold<br />
itself to the principles that it expects of the public sector entities that it audits so as to lead by<br />
example. 45<br />
SAIs typically undertake three kinds of audits:<br />
• Financial audits.<br />
• Compliance audits.<br />
• Performance audits.<br />
In some countries, the SAI has jurisdictional authority with additional legal powers to investigate<br />
and prosecute.<br />
In Albania, the SAI is known as the Supreme State Control (SSC) and reports to the Assembly.<br />
The SSC describes itself as “the highest institution of economic and financial control in the<br />
Republic of Albania.” Its self-declared purpose is<br />
to control the effective and beneficial use of public funds, financial good administration and<br />
control of the implementation of legality in the economic and financial field…[including]<br />
communication and providing information to public authorities and the public in general,<br />
through the publication of unbiased reports. 46<br />
The IIA and INTOSAI produced a joint report confirming the compatibility of the respective sets<br />
of standards. Internal auditors and external auditors have very broadly the same objectives – in<br />
terms of accountability, transparency, and assurance – and have similar methodologies. While<br />
maintaining their individual independence, there is plenty of scope for collaboration in training<br />
and professional development, the planning of audits, and sharing of findings. An internal audit<br />
engagement may deploy a member of the SAI as a guest auditor. The degree of reliance placed<br />
on the work of another assurance provider is dependent on the level of independence and<br />
competency and the standards applied to the work, and its relevance, scope, and currency.<br />
According to INTOSAI professional standards:<br />
the Supreme Audit Institution has the task of examining the effectiveness of internal audit. If<br />
internal audit is judged to be effective, efforts shall be made, without prejudice to the right of<br />
the Supreme Audit Institution to carry out an overall audit, to achieve the most appropriate<br />
division or assignment of tasks and cooperation between the Supreme Audit Institution and<br />
internal audit. 47<br />
45<br />
OECD Public Governance Reviews: Supreme Audit Institutions and Good Governance, OECD, 2016.<br />
46<br />
State High Control, Shtetiweb, 2021.<br />
47<br />
ISSAI 1, The Lima Declaration, INTOSAI, 2019.<br />
76
Change language