© OECD

A j

oin

t i

nit

iati

ve o

f th

e O

EC

D a

nd

th

e E

uro

pe

an

Un

ion

,

pri

nc

ipall

y f

ina

nced

by t

he

EU

Tirana, 10-12 September 2014

Workshop System Based Auditing

12. Reporting findings and Recommendations

2

3

12.1 Reporting

4

• Think of the end before you begin

What is the result an audit has to obtain?

12. 2 Reporting: a reminder: Objective of a compliance audit

• ISSAI 4100 paragraph 134: Public sector auditors evaluate whether, based on the evidence obtained, there is reasonable assurance that the subject matter information is in compliance, in all material respects, with the identified criteria. Due to the inherent limitations of an audit, public sector auditors cannot be expected to detect all occurrences of noncompliance.

5

12. 3 Reporting: ISSAI 4100 section 7.4 Considerations related to the

Reporting of Suspected Unlawful Acts

117. While detecting potential unlawful acts, including fraud, is normally not the main objective of performing a compliance audit, public sector auditors do include fraud risk factors in their risk assessments, and remain alert for indications of unlawful acts, including fraud, in carrying out their work.

6

12.4 Reporting: a reminder Materiality

Materiality consists of both quantitative and qualitative factors. In performing compliance audits, materiality is determined for:

a) Planning purposes

b) Purposes of evaluating the evidence obtained and the effects of identified instances of non-compliance, and

c) Purposes of reporting the results of the audit work.

7

12.5 Reporting a reminder: Audit documentation

• ISSAI 4100 paragraph 112: The Fundamental Auditing Principles state that audit evidence gathered must be adequately documented (ISSAI 300, 3.5.5 and 3.5.6). Documentation in regard to compliance audits includes documenting sufficiently matters that are significant in providing evidence to support the conclusions drawn and the report issued.

• The audit documentation should be sufficiently complete and detailed to enable an experienced auditor, having no previous connection with the audit, to understand what work was performed in support of the conclusions (ISSAI 300, 3.5.7).

8

12.6 Audit documentation: relevant ISSAIs (cont’d)

• ISSAI 4100 paragraph 113: Documentation takes place throughout the entire audit process. Public sector auditors prepare compliance audit documentation on a timely basis, and maintain such documentation which records the criteria used, the work done, evidence obtained, judgements made and review performed. Public sector auditors prepare relevant audit documentation before the auditor's report is issued. Audit documentation is retained for an appropriate period of time.

9

Audit documentation: quality of audit documentation in perspective

10

ISA 1220 (1)

ISA 1700 (2) ISQC 1 (1)

ISA 1230 (3)

Quality control at the engagement level

Quality control at the HSC level

Audit documentation

The auditor’s report

(1) ISSAI 4100 paragraph 31, (2) ISSAI 4100 paragraph 131, (3) ISSAI 4100 paragraph 114

12.7 Audit documentation Quality of audit documentation

• P Purpose

• S Source

• C Conclusion

• E Extent

• N Nature

• T Timing

11

12.8 Audit documentation: 3 guiding principles (1)

1. Maximize the use of the tailored audit program preliminary defined, which becomes the record of work done:

Avoid the “Done” answers: provide substance in your comments / conclusions

A meaningful conclusion eases the comprehension of the reviewer and the reperformance.

12

12.9 Audit documentation: 3 guiding principles (2)

2. Write it once (in detail)

Avoid the duplication of documents received for the evidence of your work (Working papers, electronic files sent, etc)

Be concise but precise in your documentation

13

12.10 Audit documentation: 3 guiding principles (3)

3. Make effective use of additional detailed documentation for areas of higher risk and / or matters of significant judgment

Examples

4 out of 10 payments made were based on unsigned declarations, the sample was extended to 50 payments. The ratio remained similar (38%), however all payments were actually paid to bank accounts of the persons indicated in the claim.

⇒ Ensure that this point is adequately documented (as critical matter) and is reported to Governance (Management Letter).

14

QUESTIONS?

15