Module 4 - Introduction to Performance Audit_4B

More documents

Recommendations

Info

strategies, key business objectives, associated risks, and risk management processes. The chief audit executive must review and adjust the plan, as necessary, in response to changes in the organization’s business, risks, operations, programs, systems, and controls. 2010.A1 The internal audit activity’s plan of engagements must be based on a documented risk assessment, undertaken at least annually. The input of senior management and the board must be considered in this process. 2010.A2 The chief audit executive must identify and consider the expectations of senior management, the board, and other stakeholders for internal audit opinions and other conclusions. 42 No process is going to yield a definitive answer on the topics needed for performance audits and the final decision requires the exercise of professional judgment. Because of the differences in breadth of scope, the likely topics of performance audits conducted by internal auditors differ from those of external auditors. Topics of performance audits conducted by internal audit functions typically focus on a single entity and its activities. Topics may include: Policy implementation at the entity level. Impact assessment of social projects implemented by the entity. IT initiatives such as upgrades, the introduction of new systems, and digital transformation. Organizational change management initiatives such as restructuring. Topics of performance audits conducted by SAIs, on the other hand, focus on government as a whole and may span subject matter that is the responsibility of multiple entities. Topics may include: Preparedness for implementation of SDGs. Effective procurement. Coordination across government. Economic outcomes. Regulation. Social outcomes. Environmental and sustainability outcomes. Gender equality. Infrastructure. Education. Health, education, and gender equality. 43 The Performance Audit ISSAI Implementation Handbook describes a process for selecting a topic as follows: 42 The International Professional Practices Framework, The IIA, 2016. 43 Taken from Performance Audit ISSAI Implementation Handbook, IDI, 2021. 27
Understand interests and priorities from the ministry, legislature, government, or other stakeholders such as civil society organisations or the public. Use selection criteria to ensure audit topics are significant, auditable, and consistent with the SAI’s mandate. Scan the audit environment by conducting risk, financial, and policy analysis. Prioritise audit topics and determine the SAI’s highest priorities. Select a topic for the audit team. 44 Key Parties When developing the plan of audits, it is important to recognize who the key parties are, as required by the standards: 25) The auditor shall explicitly identify the intended users and the responsible parties of the audit and throughout the audit consider the implication of these roles in order to conduct the audit accordingly. 45 There is a tendency to focus on the end user but there are other parties to consider as well. The three parties to an internal audit assurance engagement are described in the IPPF as follows: (1) the person or group directly involved with the entity, operation, function, process, system, or other subject matter – the process owner, (2) the person or group making the assessment – the internal auditor, and (3) the person or group using the assessment – the user. 46 For internal audit, the primary users are the process owners or unit manager, senior management, and the governing body. The three parties to a public sector external audit are described slightly differently in ISSAI 100: 25) Public-sector audits involve at least three separate parties: the auditor, a responsible party and intended users. The relationship between the parties should be viewed within the context of the specific constitutional arrangements for each type of audit. The auditor: In public-sector auditing the role of auditor is fulfilled by the Head of the SAI and by persons to whom the task of conducting the audits is delegated. The overall responsibility for public-sector auditing remains as defined by the SAI’s mandate. The responsible party: In public-sector auditing the relevant responsibilities are determined by constitutional or legislative arrangement. The responsible parties may be responsible for the subject matter information, for managing the subject matter or for addressing recommendations, and may be individuals or organisations. 44 Performance Audit ISSAI Implementation Handbook, IDI, 2021. 45 ISSAI 300 Performance Audit Principles, INTOSAI, 2019. 46 The International Professional Practices Framework, The IIA, 2016. 28
Page 1 and 2: 4B. Planning a Performance Audit En
Page 3: General overviews Consideration of
Page 7 and 8: Internal auditors must develop and
Page 9 and 10: How does the planning process for a
Page 11 and 12: 4B.4 Audit Scope It is necessary to
Page 13 and 14: What is the subject matter that wil
Page 15 and 16: eliability may include corroboratio
Page 17 and 18: e) Objective audit criteria are fre
Page 19: Establish current performance: •

Module 4 - Introduction to Performance Audit_4B

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?